[ARM] pxa: remove boot time RTC initialisation
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/vmalloc.h>
40 #include <linux/cdev.h>
41 #include <asm/uaccess.h>
42 #include <asm/atomic.h>
43 #include <linux/compat.h>
44
45 #include "csr1212.h"
46 #include "highlevel.h"
47 #include "hosts.h"
48 #include "ieee1394.h"
49 #include "ieee1394_core.h"
50 #include "ieee1394_hotplug.h"
51 #include "ieee1394_transactions.h"
52 #include "ieee1394_types.h"
53 #include "iso.h"
54 #include "nodemgr.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...) do {} while (0)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 #include <asm/current.h>
102 static void print_old_iso_deprecation(void)
103 {
104         static pid_t p;
105
106         if (p == current->pid)
107                 return;
108         p = current->pid;
109         printk(KERN_WARNING "raw1394: WARNING - Program \"%s\" uses unsupported"
110                " isochronous request types which will be removed in a next"
111                " kernel release\n", current->comm);
112         printk(KERN_WARNING "raw1394: Update your software to use libraw1394's"
113                " newer interface\n");
114 }
115
116 static struct pending_request *__alloc_pending_request(gfp_t flags)
117 {
118         struct pending_request *req;
119
120         req = kzalloc(sizeof(*req), flags);
121         if (req)
122                 INIT_LIST_HEAD(&req->list);
123
124         return req;
125 }
126
127 static inline struct pending_request *alloc_pending_request(void)
128 {
129         return __alloc_pending_request(GFP_KERNEL);
130 }
131
132 static void free_pending_request(struct pending_request *req)
133 {
134         if (req->ibs) {
135                 if (atomic_dec_and_test(&req->ibs->refcount)) {
136                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
137                         kfree(req->ibs);
138                 }
139         } else if (req->free_data) {
140                 kfree(req->data);
141         }
142         hpsb_free_packet(req->packet);
143         kfree(req);
144 }
145
146 /* fi->reqlists_lock must be taken */
147 static void __queue_complete_req(struct pending_request *req)
148 {
149         struct file_info *fi = req->file_info;
150
151         list_move_tail(&req->list, &fi->req_complete);
152         wake_up(&fi->wait_complete);
153 }
154
155 static void queue_complete_req(struct pending_request *req)
156 {
157         unsigned long flags;
158         struct file_info *fi = req->file_info;
159
160         spin_lock_irqsave(&fi->reqlists_lock, flags);
161         __queue_complete_req(req);
162         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
163 }
164
165 static void queue_complete_cb(struct pending_request *req)
166 {
167         struct hpsb_packet *packet = req->packet;
168         int rcode = (packet->header[1] >> 12) & 0xf;
169
170         switch (packet->ack_code) {
171         case ACKX_NONE:
172         case ACKX_SEND_ERROR:
173                 req->req.error = RAW1394_ERROR_SEND_ERROR;
174                 break;
175         case ACKX_ABORTED:
176                 req->req.error = RAW1394_ERROR_ABORTED;
177                 break;
178         case ACKX_TIMEOUT:
179                 req->req.error = RAW1394_ERROR_TIMEOUT;
180                 break;
181         default:
182                 req->req.error = (packet->ack_code << 16) | rcode;
183                 break;
184         }
185
186         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
187                 req->req.length = 0;
188         }
189
190         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
191             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
192             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
193             (req->req.type == RAW1394_REQ_LOCK) ||
194             (req->req.type == RAW1394_REQ_LOCK64))
195                 hpsb_free_tlabel(packet);
196
197         queue_complete_req(req);
198 }
199
200 static void add_host(struct hpsb_host *host)
201 {
202         struct host_info *hi;
203         unsigned long flags;
204
205         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
206
207         if (hi) {
208                 INIT_LIST_HEAD(&hi->list);
209                 hi->host = host;
210                 INIT_LIST_HEAD(&hi->file_info_list);
211
212                 spin_lock_irqsave(&host_info_lock, flags);
213                 list_add_tail(&hi->list, &host_info_list);
214                 host_count++;
215                 spin_unlock_irqrestore(&host_info_lock, flags);
216         }
217
218         atomic_inc(&internal_generation);
219 }
220
221 static struct host_info *find_host_info(struct hpsb_host *host)
222 {
223         struct host_info *hi;
224
225         list_for_each_entry(hi, &host_info_list, list)
226             if (hi->host == host)
227                 return hi;
228
229         return NULL;
230 }
231
232 static void remove_host(struct hpsb_host *host)
233 {
234         struct host_info *hi;
235         unsigned long flags;
236
237         spin_lock_irqsave(&host_info_lock, flags);
238         hi = find_host_info(host);
239
240         if (hi != NULL) {
241                 list_del(&hi->list);
242                 host_count--;
243                 /*
244                    FIXME: address ranges should be removed
245                    and fileinfo states should be initialized
246                    (including setting generation to
247                    internal-generation ...)
248                  */
249         }
250         spin_unlock_irqrestore(&host_info_lock, flags);
251
252         if (hi == NULL) {
253                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
254                        "0x%p\n", host);
255                 return;
256         }
257
258         kfree(hi);
259
260         atomic_inc(&internal_generation);
261 }
262
263 static void host_reset(struct hpsb_host *host)
264 {
265         unsigned long flags;
266         struct host_info *hi;
267         struct file_info *fi;
268         struct pending_request *req;
269
270         spin_lock_irqsave(&host_info_lock, flags);
271         hi = find_host_info(host);
272
273         if (hi != NULL) {
274                 list_for_each_entry(fi, &hi->file_info_list, list) {
275                         if (fi->notification == RAW1394_NOTIFY_ON) {
276                                 req = __alloc_pending_request(GFP_ATOMIC);
277
278                                 if (req != NULL) {
279                                         req->file_info = fi;
280                                         req->req.type = RAW1394_REQ_BUS_RESET;
281                                         req->req.generation =
282                                             get_hpsb_generation(host);
283                                         req->req.misc = (host->node_id << 16)
284                                             | host->node_count;
285                                         if (fi->protocol_version > 3) {
286                                                 req->req.misc |=
287                                                     (NODEID_TO_NODE
288                                                      (host->irm_id)
289                                                      << 8);
290                                         }
291
292                                         queue_complete_req(req);
293                                 }
294                         }
295                 }
296         }
297         spin_unlock_irqrestore(&host_info_lock, flags);
298 }
299
300 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
301                         size_t length)
302 {
303         unsigned long flags;
304         struct host_info *hi;
305         struct file_info *fi;
306         struct pending_request *req, *req_next;
307         struct iso_block_store *ibs = NULL;
308         LIST_HEAD(reqs);
309
310         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
311                 HPSB_INFO("dropped iso packet");
312                 return;
313         }
314
315         spin_lock_irqsave(&host_info_lock, flags);
316         hi = find_host_info(host);
317
318         if (hi != NULL) {
319                 list_for_each_entry(fi, &hi->file_info_list, list) {
320                         if (!(fi->listen_channels & (1ULL << channel)))
321                                 continue;
322
323                         req = __alloc_pending_request(GFP_ATOMIC);
324                         if (!req)
325                                 break;
326
327                         if (!ibs) {
328                                 ibs = kmalloc(sizeof(*ibs) + length,
329                                               GFP_ATOMIC);
330                                 if (!ibs) {
331                                         kfree(req);
332                                         break;
333                                 }
334
335                                 atomic_add(length, &iso_buffer_size);
336                                 atomic_set(&ibs->refcount, 0);
337                                 ibs->data_size = length;
338                                 memcpy(ibs->data, data, length);
339                         }
340
341                         atomic_inc(&ibs->refcount);
342
343                         req->file_info = fi;
344                         req->ibs = ibs;
345                         req->data = ibs->data;
346                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
347                         req->req.generation = get_hpsb_generation(host);
348                         req->req.misc = 0;
349                         req->req.recvb = ptr2int(fi->iso_buffer);
350                         req->req.length = min(length, fi->iso_buffer_length);
351
352                         list_add_tail(&req->list, &reqs);
353                 }
354         }
355         spin_unlock_irqrestore(&host_info_lock, flags);
356
357         list_for_each_entry_safe(req, req_next, &reqs, list)
358             queue_complete_req(req);
359 }
360
361 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
362                         int cts, u8 * data, size_t length)
363 {
364         unsigned long flags;
365         struct host_info *hi;
366         struct file_info *fi;
367         struct pending_request *req, *req_next;
368         struct iso_block_store *ibs = NULL;
369         LIST_HEAD(reqs);
370
371         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
372                 HPSB_INFO("dropped fcp request");
373                 return;
374         }
375
376         spin_lock_irqsave(&host_info_lock, flags);
377         hi = find_host_info(host);
378
379         if (hi != NULL) {
380                 list_for_each_entry(fi, &hi->file_info_list, list) {
381                         if (!fi->fcp_buffer)
382                                 continue;
383
384                         req = __alloc_pending_request(GFP_ATOMIC);
385                         if (!req)
386                                 break;
387
388                         if (!ibs) {
389                                 ibs = kmalloc(sizeof(*ibs) + length,
390                                               GFP_ATOMIC);
391                                 if (!ibs) {
392                                         kfree(req);
393                                         break;
394                                 }
395
396                                 atomic_add(length, &iso_buffer_size);
397                                 atomic_set(&ibs->refcount, 0);
398                                 ibs->data_size = length;
399                                 memcpy(ibs->data, data, length);
400                         }
401
402                         atomic_inc(&ibs->refcount);
403
404                         req->file_info = fi;
405                         req->ibs = ibs;
406                         req->data = ibs->data;
407                         req->req.type = RAW1394_REQ_FCP_REQUEST;
408                         req->req.generation = get_hpsb_generation(host);
409                         req->req.misc = nodeid | (direction << 16);
410                         req->req.recvb = ptr2int(fi->fcp_buffer);
411                         req->req.length = length;
412
413                         list_add_tail(&req->list, &reqs);
414                 }
415         }
416         spin_unlock_irqrestore(&host_info_lock, flags);
417
418         list_for_each_entry_safe(req, req_next, &reqs, list)
419             queue_complete_req(req);
420 }
421
422 #ifdef CONFIG_COMPAT
423 struct compat_raw1394_req {
424         __u32 type;
425         __s32 error;
426         __u32 misc;
427
428         __u32 generation;
429         __u32 length;
430
431         __u64 address;
432
433         __u64 tag;
434
435         __u64 sendb;
436         __u64 recvb;
437 } __attribute__((packed));
438
439 static const char __user *raw1394_compat_write(const char __user *buf)
440 {
441         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
442         struct raw1394_request __user *r;
443         r = compat_alloc_user_space(sizeof(struct raw1394_request));
444
445 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
446
447         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
448             C(address) ||
449             C(tag) ||
450             C(sendb) ||
451             C(recvb))
452                 return ERR_PTR(-EFAULT);
453         return (const char __user *)r;
454 }
455 #undef C
456
457 #define P(x) __put_user(r->x, &cr->x)
458
459 static int
460 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
461 {
462         struct compat_raw1394_req __user *cr = (typeof(cr)) r;
463         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
464             P(type) ||
465             P(error) ||
466             P(misc) ||
467             P(generation) ||
468             P(length) ||
469             P(address) ||
470             P(tag) ||
471             P(sendb) ||
472             P(recvb))
473                 return -EFAULT;
474         return sizeof(struct compat_raw1394_req);
475 }
476 #undef P
477
478 #endif
479
480 /* get next completed request  (caller must hold fi->reqlists_lock) */
481 static inline struct pending_request *__next_complete_req(struct file_info *fi)
482 {
483         struct list_head *lh;
484         struct pending_request *req = NULL;
485
486         if (!list_empty(&fi->req_complete)) {
487                 lh = fi->req_complete.next;
488                 list_del(lh);
489                 req = list_entry(lh, struct pending_request, list);
490         }
491         return req;
492 }
493
494 /* atomically get next completed request */
495 static struct pending_request *next_complete_req(struct file_info *fi)
496 {
497         unsigned long flags;
498         struct pending_request *req;
499
500         spin_lock_irqsave(&fi->reqlists_lock, flags);
501         req = __next_complete_req(fi);
502         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
503         return req;
504 }
505
506 static ssize_t raw1394_read(struct file *file, char __user * buffer,
507                             size_t count, loff_t * offset_is_ignored)
508 {
509         struct file_info *fi = (struct file_info *)file->private_data;
510         struct pending_request *req;
511         ssize_t ret;
512
513 #ifdef CONFIG_COMPAT
514         if (count == sizeof(struct compat_raw1394_req)) {
515                 /* ok */
516         } else
517 #endif
518         if (count != sizeof(struct raw1394_request)) {
519                 return -EINVAL;
520         }
521
522         if (!access_ok(VERIFY_WRITE, buffer, count)) {
523                 return -EFAULT;
524         }
525
526         if (file->f_flags & O_NONBLOCK) {
527                 if (!(req = next_complete_req(fi)))
528                         return -EAGAIN;
529         } else {
530                 /*
531                  * NB: We call the macro wait_event_interruptible() with a
532                  * condition argument with side effect.  This is only possible
533                  * because the side effect does not occur until the condition
534                  * became true, and wait_event_interruptible() won't evaluate
535                  * the condition again after that.
536                  */
537                 if (wait_event_interruptible(fi->wait_complete,
538                                              (req = next_complete_req(fi))))
539                         return -ERESTARTSYS;
540         }
541
542         if (req->req.length) {
543                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
544                                  req->req.length)) {
545                         req->req.error = RAW1394_ERROR_MEMFAULT;
546                 }
547         }
548
549 #ifdef CONFIG_COMPAT
550         if (count == sizeof(struct compat_raw1394_req) &&
551             sizeof(struct compat_raw1394_req) !=
552                         sizeof(struct raw1394_request)) {
553                 ret = raw1394_compat_read(buffer, &req->req);
554         } else
555 #endif
556         {
557                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
558                         ret = -EFAULT;
559                         goto out;
560                 }
561                 ret = (ssize_t) sizeof(struct raw1394_request);
562         }
563       out:
564         free_pending_request(req);
565         return ret;
566 }
567
568 static int state_opened(struct file_info *fi, struct pending_request *req)
569 {
570         if (req->req.type == RAW1394_REQ_INITIALIZE) {
571                 switch (req->req.misc) {
572                 case RAW1394_KERNELAPI_VERSION:
573                 case 3:
574                         fi->state = initialized;
575                         fi->protocol_version = req->req.misc;
576                         req->req.error = RAW1394_ERROR_NONE;
577                         req->req.generation = atomic_read(&internal_generation);
578                         break;
579
580                 default:
581                         req->req.error = RAW1394_ERROR_COMPAT;
582                         req->req.misc = RAW1394_KERNELAPI_VERSION;
583                 }
584         } else {
585                 req->req.error = RAW1394_ERROR_STATE_ORDER;
586         }
587
588         req->req.length = 0;
589         queue_complete_req(req);
590         return sizeof(struct raw1394_request);
591 }
592
593 static int state_initialized(struct file_info *fi, struct pending_request *req)
594 {
595         unsigned long flags;
596         struct host_info *hi;
597         struct raw1394_khost_list *khl;
598
599         if (req->req.generation != atomic_read(&internal_generation)) {
600                 req->req.error = RAW1394_ERROR_GENERATION;
601                 req->req.generation = atomic_read(&internal_generation);
602                 req->req.length = 0;
603                 queue_complete_req(req);
604                 return sizeof(struct raw1394_request);
605         }
606
607         switch (req->req.type) {
608         case RAW1394_REQ_LIST_CARDS:
609                 spin_lock_irqsave(&host_info_lock, flags);
610                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
611
612                 if (khl) {
613                         req->req.misc = host_count;
614                         req->data = (quadlet_t *) khl;
615
616                         list_for_each_entry(hi, &host_info_list, list) {
617                                 khl->nodes = hi->host->node_count;
618                                 strcpy(khl->name, hi->host->driver->name);
619                                 khl++;
620                         }
621                 }
622                 spin_unlock_irqrestore(&host_info_lock, flags);
623
624                 if (khl) {
625                         req->req.error = RAW1394_ERROR_NONE;
626                         req->req.length = min(req->req.length,
627                                               (u32) (sizeof
628                                                      (struct raw1394_khost_list)
629                                                      * req->req.misc));
630                         req->free_data = 1;
631                 } else {
632                         return -ENOMEM;
633                 }
634                 break;
635
636         case RAW1394_REQ_SET_CARD:
637                 spin_lock_irqsave(&host_info_lock, flags);
638                 if (req->req.misc >= host_count) {
639                         req->req.error = RAW1394_ERROR_INVALID_ARG;
640                         goto out_set_card;
641                 }
642                 list_for_each_entry(hi, &host_info_list, list)
643                         if (!req->req.misc--)
644                                 break;
645                 get_device(&hi->host->device); /* FIXME handle failure case */
646                 list_add_tail(&fi->list, &hi->file_info_list);
647
648                 /* prevent unloading of the host's low-level driver */
649                 if (!try_module_get(hi->host->driver->owner)) {
650                         req->req.error = RAW1394_ERROR_ABORTED;
651                         goto out_set_card;
652                 }
653                 WARN_ON(fi->host);
654                 fi->host = hi->host;
655                 fi->state = connected;
656
657                 req->req.error = RAW1394_ERROR_NONE;
658                 req->req.generation = get_hpsb_generation(fi->host);
659                 req->req.misc = (fi->host->node_id << 16)
660                                 | fi->host->node_count;
661                 if (fi->protocol_version > 3)
662                         req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
663 out_set_card:
664                 spin_unlock_irqrestore(&host_info_lock, flags);
665
666                 req->req.length = 0;
667                 break;
668
669         default:
670                 req->req.error = RAW1394_ERROR_STATE_ORDER;
671                 req->req.length = 0;
672                 break;
673         }
674
675         queue_complete_req(req);
676         return sizeof(struct raw1394_request);
677 }
678
679 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
680 {
681         int channel = req->req.misc;
682
683         if ((channel > 63) || (channel < -64)) {
684                 req->req.error = RAW1394_ERROR_INVALID_ARG;
685         } else if (channel >= 0) {
686                 /* allocate channel req.misc */
687                 if (fi->listen_channels & (1ULL << channel)) {
688                         req->req.error = RAW1394_ERROR_ALREADY;
689                 } else {
690                         if (hpsb_listen_channel
691                             (&raw1394_highlevel, fi->host, channel)) {
692                                 req->req.error = RAW1394_ERROR_ALREADY;
693                         } else {
694                                 fi->listen_channels |= 1ULL << channel;
695                                 fi->iso_buffer = int2ptr(req->req.recvb);
696                                 fi->iso_buffer_length = req->req.length;
697                         }
698                 }
699         } else {
700                 /* deallocate channel (one's complement neg) req.misc */
701                 channel = ~channel;
702
703                 if (fi->listen_channels & (1ULL << channel)) {
704                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
705                                               channel);
706                         fi->listen_channels &= ~(1ULL << channel);
707                 } else {
708                         req->req.error = RAW1394_ERROR_INVALID_ARG;
709                 }
710         }
711
712         req->req.length = 0;
713         queue_complete_req(req);
714 }
715
716 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
717 {
718         if (req->req.misc) {
719                 if (fi->fcp_buffer) {
720                         req->req.error = RAW1394_ERROR_ALREADY;
721                 } else {
722                         fi->fcp_buffer = int2ptr(req->req.recvb);
723                 }
724         } else {
725                 if (!fi->fcp_buffer) {
726                         req->req.error = RAW1394_ERROR_ALREADY;
727                 } else {
728                         fi->fcp_buffer = NULL;
729                 }
730         }
731
732         req->req.length = 0;
733         queue_complete_req(req);
734 }
735
736 static int handle_async_request(struct file_info *fi,
737                                 struct pending_request *req, int node)
738 {
739         unsigned long flags;
740         struct hpsb_packet *packet = NULL;
741         u64 addr = req->req.address & 0xffffffffffffULL;
742
743         switch (req->req.type) {
744         case RAW1394_REQ_ASYNC_READ:
745                 DBGMSG("read_request called");
746                 packet =
747                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
748
749                 if (!packet)
750                         return -ENOMEM;
751
752                 if (req->req.length == 4)
753                         req->data = &packet->header[3];
754                 else
755                         req->data = packet->data;
756
757                 break;
758
759         case RAW1394_REQ_ASYNC_WRITE:
760                 DBGMSG("write_request called");
761
762                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
763                                                req->req.length);
764                 if (!packet)
765                         return -ENOMEM;
766
767                 if (req->req.length == 4) {
768                         if (copy_from_user
769                             (&packet->header[3], int2ptr(req->req.sendb),
770                              req->req.length))
771                                 req->req.error = RAW1394_ERROR_MEMFAULT;
772                 } else {
773                         if (copy_from_user
774                             (packet->data, int2ptr(req->req.sendb),
775                              req->req.length))
776                                 req->req.error = RAW1394_ERROR_MEMFAULT;
777                 }
778
779                 req->req.length = 0;
780                 break;
781
782         case RAW1394_REQ_ASYNC_STREAM:
783                 DBGMSG("stream_request called");
784
785                 packet =
786                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
787                                            node & 0x3f /*channel */ ,
788                                            (req->req.misc >> 16) & 0x3,
789                                            req->req.misc & 0xf);
790                 if (!packet)
791                         return -ENOMEM;
792
793                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
794                                    req->req.length))
795                         req->req.error = RAW1394_ERROR_MEMFAULT;
796
797                 req->req.length = 0;
798                 break;
799
800         case RAW1394_REQ_LOCK:
801                 DBGMSG("lock_request called");
802                 if ((req->req.misc == EXTCODE_FETCH_ADD)
803                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
804                         if (req->req.length != 4) {
805                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
806                                 break;
807                         }
808                 } else {
809                         if (req->req.length != 8) {
810                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
811                                 break;
812                         }
813                 }
814
815                 packet = hpsb_make_lockpacket(fi->host, node, addr,
816                                               req->req.misc, NULL, 0);
817                 if (!packet)
818                         return -ENOMEM;
819
820                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
821                                    req->req.length)) {
822                         req->req.error = RAW1394_ERROR_MEMFAULT;
823                         break;
824                 }
825
826                 req->data = packet->data;
827                 req->req.length = 4;
828                 break;
829
830         case RAW1394_REQ_LOCK64:
831                 DBGMSG("lock64_request called");
832                 if ((req->req.misc == EXTCODE_FETCH_ADD)
833                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
834                         if (req->req.length != 8) {
835                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
836                                 break;
837                         }
838                 } else {
839                         if (req->req.length != 16) {
840                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
841                                 break;
842                         }
843                 }
844                 packet = hpsb_make_lock64packet(fi->host, node, addr,
845                                                 req->req.misc, NULL, 0);
846                 if (!packet)
847                         return -ENOMEM;
848
849                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
850                                    req->req.length)) {
851                         req->req.error = RAW1394_ERROR_MEMFAULT;
852                         break;
853                 }
854
855                 req->data = packet->data;
856                 req->req.length = 8;
857                 break;
858
859         default:
860                 req->req.error = RAW1394_ERROR_STATE_ORDER;
861         }
862
863         req->packet = packet;
864
865         if (req->req.error) {
866                 req->req.length = 0;
867                 queue_complete_req(req);
868                 return sizeof(struct raw1394_request);
869         }
870
871         hpsb_set_packet_complete_task(packet,
872                                       (void (*)(void *))queue_complete_cb, req);
873
874         spin_lock_irqsave(&fi->reqlists_lock, flags);
875         list_add_tail(&req->list, &fi->req_pending);
876         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
877
878         packet->generation = req->req.generation;
879
880         if (hpsb_send_packet(packet) < 0) {
881                 req->req.error = RAW1394_ERROR_SEND_ERROR;
882                 req->req.length = 0;
883                 hpsb_free_tlabel(packet);
884                 queue_complete_req(req);
885         }
886         return sizeof(struct raw1394_request);
887 }
888
889 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
890                            int channel)
891 {
892         unsigned long flags;
893         struct hpsb_packet *packet;
894
895         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
896                                      (req->req.misc >> 16) & 0x3,
897                                      req->req.misc & 0xf);
898         if (!packet)
899                 return -ENOMEM;
900
901         packet->speed_code = req->req.address & 0x3;
902
903         req->packet = packet;
904
905         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
906                            req->req.length)) {
907                 req->req.error = RAW1394_ERROR_MEMFAULT;
908                 req->req.length = 0;
909                 queue_complete_req(req);
910                 return sizeof(struct raw1394_request);
911         }
912
913         req->req.length = 0;
914         hpsb_set_packet_complete_task(packet,
915                                       (void (*)(void *))queue_complete_req,
916                                       req);
917
918         spin_lock_irqsave(&fi->reqlists_lock, flags);
919         list_add_tail(&req->list, &fi->req_pending);
920         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
921
922         /* Update the generation of the packet just before sending. */
923         packet->generation = req->req.generation;
924
925         if (hpsb_send_packet(packet) < 0) {
926                 req->req.error = RAW1394_ERROR_SEND_ERROR;
927                 queue_complete_req(req);
928         }
929
930         return sizeof(struct raw1394_request);
931 }
932
933 static int handle_async_send(struct file_info *fi, struct pending_request *req)
934 {
935         unsigned long flags;
936         struct hpsb_packet *packet;
937         int header_length = req->req.misc & 0xffff;
938         int expect_response = req->req.misc >> 16;
939         size_t data_size;
940
941         if (header_length > req->req.length || header_length < 12 ||
942             header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
943                 req->req.error = RAW1394_ERROR_INVALID_ARG;
944                 req->req.length = 0;
945                 queue_complete_req(req);
946                 return sizeof(struct raw1394_request);
947         }
948
949         data_size = req->req.length - header_length;
950         packet = hpsb_alloc_packet(data_size);
951         req->packet = packet;
952         if (!packet)
953                 return -ENOMEM;
954
955         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
956                            header_length)) {
957                 req->req.error = RAW1394_ERROR_MEMFAULT;
958                 req->req.length = 0;
959                 queue_complete_req(req);
960                 return sizeof(struct raw1394_request);
961         }
962
963         if (copy_from_user
964             (packet->data, int2ptr(req->req.sendb) + header_length,
965              data_size)) {
966                 req->req.error = RAW1394_ERROR_MEMFAULT;
967                 req->req.length = 0;
968                 queue_complete_req(req);
969                 return sizeof(struct raw1394_request);
970         }
971
972         packet->type = hpsb_async;
973         packet->node_id = packet->header[0] >> 16;
974         packet->tcode = (packet->header[0] >> 4) & 0xf;
975         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
976         packet->host = fi->host;
977         packet->expect_response = expect_response;
978         packet->header_size = header_length;
979         packet->data_size = data_size;
980
981         req->req.length = 0;
982         hpsb_set_packet_complete_task(packet,
983                                       (void (*)(void *))queue_complete_cb, req);
984
985         spin_lock_irqsave(&fi->reqlists_lock, flags);
986         list_add_tail(&req->list, &fi->req_pending);
987         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
988
989         /* Update the generation of the packet just before sending. */
990         packet->generation = req->req.generation;
991
992         if (hpsb_send_packet(packet) < 0) {
993                 req->req.error = RAW1394_ERROR_SEND_ERROR;
994                 queue_complete_req(req);
995         }
996
997         return sizeof(struct raw1394_request);
998 }
999
1000 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
1001                     u64 addr, size_t length, u16 flags)
1002 {
1003         unsigned long irqflags;
1004         struct pending_request *req;
1005         struct host_info *hi;
1006         struct file_info *fi = NULL;
1007         struct list_head *entry;
1008         struct arm_addr *arm_addr = NULL;
1009         struct arm_request *arm_req = NULL;
1010         struct arm_response *arm_resp = NULL;
1011         int found = 0, size = 0, rcode = -1;
1012         struct arm_request_response *arm_req_resp = NULL;
1013
1014         DBGMSG("arm_read  called by node: %X"
1015                "addr: %4.4x %8.8x length: %Zu", nodeid,
1016                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1017                length);
1018         spin_lock_irqsave(&host_info_lock, irqflags);
1019         hi = find_host_info(host);      /* search address-entry */
1020         if (hi != NULL) {
1021                 list_for_each_entry(fi, &hi->file_info_list, list) {
1022                         entry = fi->addr_list.next;
1023                         while (entry != &(fi->addr_list)) {
1024                                 arm_addr =
1025                                     list_entry(entry, struct arm_addr,
1026                                                addr_list);
1027                                 if (((arm_addr->start) <= (addr))
1028                                     && ((arm_addr->end) >= (addr + length))) {
1029                                         found = 1;
1030                                         break;
1031                                 }
1032                                 entry = entry->next;
1033                         }
1034                         if (found) {
1035                                 break;
1036                         }
1037                 }
1038         }
1039         rcode = -1;
1040         if (!found) {
1041                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1042                        " -> rcode_address_error\n");
1043                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1044                 return (RCODE_ADDRESS_ERROR);
1045         } else {
1046                 DBGMSG("arm_read addr_entry FOUND");
1047         }
1048         if (arm_addr->rec_length < length) {
1049                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1050                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1051         }
1052         if (rcode == -1) {
1053                 if (arm_addr->access_rights & ARM_READ) {
1054                         if (!(arm_addr->client_transactions & ARM_READ)) {
1055                                 memcpy(buffer,
1056                                        (arm_addr->addr_space_buffer) + (addr -
1057                                                                         (arm_addr->
1058                                                                          start)),
1059                                        length);
1060                                 DBGMSG("arm_read -> (rcode_complete)");
1061                                 rcode = RCODE_COMPLETE;
1062                         }
1063                 } else {
1064                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1065                         DBGMSG("arm_read -> rcode_type_error (access denied)");
1066                 }
1067         }
1068         if (arm_addr->notification_options & ARM_READ) {
1069                 DBGMSG("arm_read -> entering notification-section");
1070                 req = __alloc_pending_request(GFP_ATOMIC);
1071                 if (!req) {
1072                         DBGMSG("arm_read -> rcode_conflict_error");
1073                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1074                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1075                                                            The request may be retried */
1076                 }
1077                 if (rcode == RCODE_COMPLETE) {
1078                         size =
1079                             sizeof(struct arm_request) +
1080                             sizeof(struct arm_response) +
1081                             length * sizeof(byte_t) +
1082                             sizeof(struct arm_request_response);
1083                 } else {
1084                         size =
1085                             sizeof(struct arm_request) +
1086                             sizeof(struct arm_response) +
1087                             sizeof(struct arm_request_response);
1088                 }
1089                 req->data = kmalloc(size, GFP_ATOMIC);
1090                 if (!(req->data)) {
1091                         free_pending_request(req);
1092                         DBGMSG("arm_read -> rcode_conflict_error");
1093                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1094                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1095                                                            The request may be retried */
1096                 }
1097                 req->free_data = 1;
1098                 req->file_info = fi;
1099                 req->req.type = RAW1394_REQ_ARM;
1100                 req->req.generation = get_hpsb_generation(host);
1101                 req->req.misc =
1102                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1103                 req->req.tag = arm_addr->arm_tag;
1104                 req->req.recvb = arm_addr->recvb;
1105                 req->req.length = size;
1106                 arm_req_resp = (struct arm_request_response *)(req->data);
1107                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1108                                                  (sizeof
1109                                                   (struct
1110                                                    arm_request_response)));
1111                 arm_resp =
1112                     (struct arm_response *)((byte_t *) (arm_req) +
1113                                             (sizeof(struct arm_request)));
1114                 arm_req->buffer = NULL;
1115                 arm_resp->buffer = NULL;
1116                 if (rcode == RCODE_COMPLETE) {
1117                         byte_t *buf =
1118                             (byte_t *) arm_resp + sizeof(struct arm_response);
1119                         memcpy(buf,
1120                                (arm_addr->addr_space_buffer) + (addr -
1121                                                                 (arm_addr->
1122                                                                  start)),
1123                                length);
1124                         arm_resp->buffer =
1125                             int2ptr((arm_addr->recvb) +
1126                                     sizeof(struct arm_request_response) +
1127                                     sizeof(struct arm_request) +
1128                                     sizeof(struct arm_response));
1129                 }
1130                 arm_resp->buffer_length =
1131                     (rcode == RCODE_COMPLETE) ? length : 0;
1132                 arm_resp->response_code = rcode;
1133                 arm_req->buffer_length = 0;
1134                 arm_req->generation = req->req.generation;
1135                 arm_req->extended_transaction_code = 0;
1136                 arm_req->destination_offset = addr;
1137                 arm_req->source_nodeid = nodeid;
1138                 arm_req->destination_nodeid = host->node_id;
1139                 arm_req->tlabel = (flags >> 10) & 0x3f;
1140                 arm_req->tcode = (flags >> 4) & 0x0f;
1141                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1142                                                 sizeof(struct
1143                                                        arm_request_response));
1144                 arm_req_resp->response =
1145                     int2ptr((arm_addr->recvb) +
1146                             sizeof(struct arm_request_response) +
1147                             sizeof(struct arm_request));
1148                 queue_complete_req(req);
1149         }
1150         spin_unlock_irqrestore(&host_info_lock, irqflags);
1151         return (rcode);
1152 }
1153
1154 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1155                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1156 {
1157         unsigned long irqflags;
1158         struct pending_request *req;
1159         struct host_info *hi;
1160         struct file_info *fi = NULL;
1161         struct list_head *entry;
1162         struct arm_addr *arm_addr = NULL;
1163         struct arm_request *arm_req = NULL;
1164         struct arm_response *arm_resp = NULL;
1165         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1166         struct arm_request_response *arm_req_resp = NULL;
1167
1168         DBGMSG("arm_write called by node: %X"
1169                "addr: %4.4x %8.8x length: %Zu", nodeid,
1170                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1171                length);
1172         spin_lock_irqsave(&host_info_lock, irqflags);
1173         hi = find_host_info(host);      /* search address-entry */
1174         if (hi != NULL) {
1175                 list_for_each_entry(fi, &hi->file_info_list, list) {
1176                         entry = fi->addr_list.next;
1177                         while (entry != &(fi->addr_list)) {
1178                                 arm_addr =
1179                                     list_entry(entry, struct arm_addr,
1180                                                addr_list);
1181                                 if (((arm_addr->start) <= (addr))
1182                                     && ((arm_addr->end) >= (addr + length))) {
1183                                         found = 1;
1184                                         break;
1185                                 }
1186                                 entry = entry->next;
1187                         }
1188                         if (found) {
1189                                 break;
1190                         }
1191                 }
1192         }
1193         rcode = -1;
1194         if (!found) {
1195                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1196                        " -> rcode_address_error\n");
1197                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1198                 return (RCODE_ADDRESS_ERROR);
1199         } else {
1200                 DBGMSG("arm_write addr_entry FOUND");
1201         }
1202         if (arm_addr->rec_length < length) {
1203                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1204                 length_conflict = 1;
1205                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1206         }
1207         if (rcode == -1) {
1208                 if (arm_addr->access_rights & ARM_WRITE) {
1209                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1210                                 memcpy((arm_addr->addr_space_buffer) +
1211                                        (addr - (arm_addr->start)), data,
1212                                        length);
1213                                 DBGMSG("arm_write -> (rcode_complete)");
1214                                 rcode = RCODE_COMPLETE;
1215                         }
1216                 } else {
1217                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1218                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1219                 }
1220         }
1221         if (arm_addr->notification_options & ARM_WRITE) {
1222                 DBGMSG("arm_write -> entering notification-section");
1223                 req = __alloc_pending_request(GFP_ATOMIC);
1224                 if (!req) {
1225                         DBGMSG("arm_write -> rcode_conflict_error");
1226                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1227                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1228                                                            The request my be retried */
1229                 }
1230                 size =
1231                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1232                     (length) * sizeof(byte_t) +
1233                     sizeof(struct arm_request_response);
1234                 req->data = kmalloc(size, GFP_ATOMIC);
1235                 if (!(req->data)) {
1236                         free_pending_request(req);
1237                         DBGMSG("arm_write -> rcode_conflict_error");
1238                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1239                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1240                                                            The request may be retried */
1241                 }
1242                 req->free_data = 1;
1243                 req->file_info = fi;
1244                 req->req.type = RAW1394_REQ_ARM;
1245                 req->req.generation = get_hpsb_generation(host);
1246                 req->req.misc =
1247                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1248                 req->req.tag = arm_addr->arm_tag;
1249                 req->req.recvb = arm_addr->recvb;
1250                 req->req.length = size;
1251                 arm_req_resp = (struct arm_request_response *)(req->data);
1252                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1253                                                  (sizeof
1254                                                   (struct
1255                                                    arm_request_response)));
1256                 arm_resp =
1257                     (struct arm_response *)((byte_t *) (arm_req) +
1258                                             (sizeof(struct arm_request)));
1259                 arm_resp->buffer = NULL;
1260                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1261                        data, length);
1262                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1263                                           sizeof(struct arm_request_response) +
1264                                           sizeof(struct arm_request) +
1265                                           sizeof(struct arm_response));
1266                 arm_req->buffer_length = length;
1267                 arm_req->generation = req->req.generation;
1268                 arm_req->extended_transaction_code = 0;
1269                 arm_req->destination_offset = addr;
1270                 arm_req->source_nodeid = nodeid;
1271                 arm_req->destination_nodeid = destid;
1272                 arm_req->tlabel = (flags >> 10) & 0x3f;
1273                 arm_req->tcode = (flags >> 4) & 0x0f;
1274                 arm_resp->buffer_length = 0;
1275                 arm_resp->response_code = rcode;
1276                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1277                                                 sizeof(struct
1278                                                        arm_request_response));
1279                 arm_req_resp->response =
1280                     int2ptr((arm_addr->recvb) +
1281                             sizeof(struct arm_request_response) +
1282                             sizeof(struct arm_request));
1283                 queue_complete_req(req);
1284         }
1285         spin_unlock_irqrestore(&host_info_lock, irqflags);
1286         return (rcode);
1287 }
1288
1289 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1290                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1291                     u16 flags)
1292 {
1293         unsigned long irqflags;
1294         struct pending_request *req;
1295         struct host_info *hi;
1296         struct file_info *fi = NULL;
1297         struct list_head *entry;
1298         struct arm_addr *arm_addr = NULL;
1299         struct arm_request *arm_req = NULL;
1300         struct arm_response *arm_resp = NULL;
1301         int found = 0, size = 0, rcode = -1;
1302         quadlet_t old, new;
1303         struct arm_request_response *arm_req_resp = NULL;
1304
1305         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1306             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1307                 DBGMSG("arm_lock  called by node: %X "
1308                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1309                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1310                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1311                        be32_to_cpu(data));
1312         } else {
1313                 DBGMSG("arm_lock  called by node: %X "
1314                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1315                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1316                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1317                        be32_to_cpu(data), be32_to_cpu(arg));
1318         }
1319         spin_lock_irqsave(&host_info_lock, irqflags);
1320         hi = find_host_info(host);      /* search address-entry */
1321         if (hi != NULL) {
1322                 list_for_each_entry(fi, &hi->file_info_list, list) {
1323                         entry = fi->addr_list.next;
1324                         while (entry != &(fi->addr_list)) {
1325                                 arm_addr =
1326                                     list_entry(entry, struct arm_addr,
1327                                                addr_list);
1328                                 if (((arm_addr->start) <= (addr))
1329                                     && ((arm_addr->end) >=
1330                                         (addr + sizeof(*store)))) {
1331                                         found = 1;
1332                                         break;
1333                                 }
1334                                 entry = entry->next;
1335                         }
1336                         if (found) {
1337                                 break;
1338                         }
1339                 }
1340         }
1341         rcode = -1;
1342         if (!found) {
1343                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1344                        " -> rcode_address_error\n");
1345                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1346                 return (RCODE_ADDRESS_ERROR);
1347         } else {
1348                 DBGMSG("arm_lock addr_entry FOUND");
1349         }
1350         if (rcode == -1) {
1351                 if (arm_addr->access_rights & ARM_LOCK) {
1352                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1353                                 memcpy(&old,
1354                                        (arm_addr->addr_space_buffer) + (addr -
1355                                                                         (arm_addr->
1356                                                                          start)),
1357                                        sizeof(old));
1358                                 switch (ext_tcode) {
1359                                 case (EXTCODE_MASK_SWAP):
1360                                         new = data | (old & ~arg);
1361                                         break;
1362                                 case (EXTCODE_COMPARE_SWAP):
1363                                         if (old == arg) {
1364                                                 new = data;
1365                                         } else {
1366                                                 new = old;
1367                                         }
1368                                         break;
1369                                 case (EXTCODE_FETCH_ADD):
1370                                         new =
1371                                             cpu_to_be32(be32_to_cpu(data) +
1372                                                         be32_to_cpu(old));
1373                                         break;
1374                                 case (EXTCODE_LITTLE_ADD):
1375                                         new =
1376                                             cpu_to_le32(le32_to_cpu(data) +
1377                                                         le32_to_cpu(old));
1378                                         break;
1379                                 case (EXTCODE_BOUNDED_ADD):
1380                                         if (old != arg) {
1381                                                 new =
1382                                                     cpu_to_be32(be32_to_cpu
1383                                                                 (data) +
1384                                                                 be32_to_cpu
1385                                                                 (old));
1386                                         } else {
1387                                                 new = old;
1388                                         }
1389                                         break;
1390                                 case (EXTCODE_WRAP_ADD):
1391                                         if (old != arg) {
1392                                                 new =
1393                                                     cpu_to_be32(be32_to_cpu
1394                                                                 (data) +
1395                                                                 be32_to_cpu
1396                                                                 (old));
1397                                         } else {
1398                                                 new = data;
1399                                         }
1400                                         break;
1401                                 default:
1402                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1403                                         printk(KERN_ERR
1404                                                "raw1394: arm_lock FAILED "
1405                                                "ext_tcode not allowed -> rcode_type_error\n");
1406                                         break;
1407                                 }       /*switch */
1408                                 if (rcode == -1) {
1409                                         DBGMSG("arm_lock -> (rcode_complete)");
1410                                         rcode = RCODE_COMPLETE;
1411                                         memcpy(store, &old, sizeof(*store));
1412                                         memcpy((arm_addr->addr_space_buffer) +
1413                                                (addr - (arm_addr->start)),
1414                                                &new, sizeof(*store));
1415                                 }
1416                         }
1417                 } else {
1418                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1419                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1420                 }
1421         }
1422         if (arm_addr->notification_options & ARM_LOCK) {
1423                 byte_t *buf1, *buf2;
1424                 DBGMSG("arm_lock -> entering notification-section");
1425                 req = __alloc_pending_request(GFP_ATOMIC);
1426                 if (!req) {
1427                         DBGMSG("arm_lock -> rcode_conflict_error");
1428                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1429                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1430                                                            The request may be retried */
1431                 }
1432                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1433                 req->data = kmalloc(size, GFP_ATOMIC);
1434                 if (!(req->data)) {
1435                         free_pending_request(req);
1436                         DBGMSG("arm_lock -> rcode_conflict_error");
1437                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1438                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1439                                                            The request may be retried */
1440                 }
1441                 req->free_data = 1;
1442                 arm_req_resp = (struct arm_request_response *)(req->data);
1443                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1444                                                  (sizeof
1445                                                   (struct
1446                                                    arm_request_response)));
1447                 arm_resp =
1448                     (struct arm_response *)((byte_t *) (arm_req) +
1449                                             (sizeof(struct arm_request)));
1450                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1451                 buf2 = buf1 + 2 * sizeof(*store);
1452                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1453                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1454                         arm_req->buffer_length = sizeof(*store);
1455                         memcpy(buf1, &data, sizeof(*store));
1456
1457                 } else {
1458                         arm_req->buffer_length = 2 * sizeof(*store);
1459                         memcpy(buf1, &arg, sizeof(*store));
1460                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1461                 }
1462                 if (rcode == RCODE_COMPLETE) {
1463                         arm_resp->buffer_length = sizeof(*store);
1464                         memcpy(buf2, &old, sizeof(*store));
1465                 } else {
1466                         arm_resp->buffer_length = 0;
1467                 }
1468                 req->file_info = fi;
1469                 req->req.type = RAW1394_REQ_ARM;
1470                 req->req.generation = get_hpsb_generation(host);
1471                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1472                                  (ARM_LOCK & 0xFF));
1473                 req->req.tag = arm_addr->arm_tag;
1474                 req->req.recvb = arm_addr->recvb;
1475                 req->req.length = size;
1476                 arm_req->generation = req->req.generation;
1477                 arm_req->extended_transaction_code = ext_tcode;
1478                 arm_req->destination_offset = addr;
1479                 arm_req->source_nodeid = nodeid;
1480                 arm_req->destination_nodeid = host->node_id;
1481                 arm_req->tlabel = (flags >> 10) & 0x3f;
1482                 arm_req->tcode = (flags >> 4) & 0x0f;
1483                 arm_resp->response_code = rcode;
1484                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1485                                                 sizeof(struct
1486                                                        arm_request_response));
1487                 arm_req_resp->response =
1488                     int2ptr((arm_addr->recvb) +
1489                             sizeof(struct arm_request_response) +
1490                             sizeof(struct arm_request));
1491                 arm_req->buffer =
1492                     int2ptr((arm_addr->recvb) +
1493                             sizeof(struct arm_request_response) +
1494                             sizeof(struct arm_request) +
1495                             sizeof(struct arm_response));
1496                 arm_resp->buffer =
1497                     int2ptr((arm_addr->recvb) +
1498                             sizeof(struct arm_request_response) +
1499                             sizeof(struct arm_request) +
1500                             sizeof(struct arm_response) + 2 * sizeof(*store));
1501                 queue_complete_req(req);
1502         }
1503         spin_unlock_irqrestore(&host_info_lock, irqflags);
1504         return (rcode);
1505 }
1506
1507 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1508                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1509                       u16 flags)
1510 {
1511         unsigned long irqflags;
1512         struct pending_request *req;
1513         struct host_info *hi;
1514         struct file_info *fi = NULL;
1515         struct list_head *entry;
1516         struct arm_addr *arm_addr = NULL;
1517         struct arm_request *arm_req = NULL;
1518         struct arm_response *arm_resp = NULL;
1519         int found = 0, size = 0, rcode = -1;
1520         octlet_t old, new;
1521         struct arm_request_response *arm_req_resp = NULL;
1522
1523         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1524             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1525                 DBGMSG("arm_lock64 called by node: %X "
1526                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1527                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1528                        (u32) (addr & 0xFFFFFFFF),
1529                        ext_tcode & 0xFF,
1530                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1531                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1532         } else {
1533                 DBGMSG("arm_lock64 called by node: %X "
1534                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1535                        "%8.8X %8.8X ",
1536                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1537                        (u32) (addr & 0xFFFFFFFF),
1538                        ext_tcode & 0xFF,
1539                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1540                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1541                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1542                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1543         }
1544         spin_lock_irqsave(&host_info_lock, irqflags);
1545         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1546         if (hi != NULL) {
1547                 list_for_each_entry(fi, &hi->file_info_list, list) {
1548                         entry = fi->addr_list.next;
1549                         while (entry != &(fi->addr_list)) {
1550                                 arm_addr =
1551                                     list_entry(entry, struct arm_addr,
1552                                                addr_list);
1553                                 if (((arm_addr->start) <= (addr))
1554                                     && ((arm_addr->end) >=
1555                                         (addr + sizeof(*store)))) {
1556                                         found = 1;
1557                                         break;
1558                                 }
1559                                 entry = entry->next;
1560                         }
1561                         if (found) {
1562                                 break;
1563                         }
1564                 }
1565         }
1566         rcode = -1;
1567         if (!found) {
1568                 printk(KERN_ERR
1569                        "raw1394: arm_lock64 FAILED addr_entry not found"
1570                        " -> rcode_address_error\n");
1571                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1572                 return (RCODE_ADDRESS_ERROR);
1573         } else {
1574                 DBGMSG("arm_lock64 addr_entry FOUND");
1575         }
1576         if (rcode == -1) {
1577                 if (arm_addr->access_rights & ARM_LOCK) {
1578                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1579                                 memcpy(&old,
1580                                        (arm_addr->addr_space_buffer) + (addr -
1581                                                                         (arm_addr->
1582                                                                          start)),
1583                                        sizeof(old));
1584                                 switch (ext_tcode) {
1585                                 case (EXTCODE_MASK_SWAP):
1586                                         new = data | (old & ~arg);
1587                                         break;
1588                                 case (EXTCODE_COMPARE_SWAP):
1589                                         if (old == arg) {
1590                                                 new = data;
1591                                         } else {
1592                                                 new = old;
1593                                         }
1594                                         break;
1595                                 case (EXTCODE_FETCH_ADD):
1596                                         new =
1597                                             cpu_to_be64(be64_to_cpu(data) +
1598                                                         be64_to_cpu(old));
1599                                         break;
1600                                 case (EXTCODE_LITTLE_ADD):
1601                                         new =
1602                                             cpu_to_le64(le64_to_cpu(data) +
1603                                                         le64_to_cpu(old));
1604                                         break;
1605                                 case (EXTCODE_BOUNDED_ADD):
1606                                         if (old != arg) {
1607                                                 new =
1608                                                     cpu_to_be64(be64_to_cpu
1609                                                                 (data) +
1610                                                                 be64_to_cpu
1611                                                                 (old));
1612                                         } else {
1613                                                 new = old;
1614                                         }
1615                                         break;
1616                                 case (EXTCODE_WRAP_ADD):
1617                                         if (old != arg) {
1618                                                 new =
1619                                                     cpu_to_be64(be64_to_cpu
1620                                                                 (data) +
1621                                                                 be64_to_cpu
1622                                                                 (old));
1623                                         } else {
1624                                                 new = data;
1625                                         }
1626                                         break;
1627                                 default:
1628                                         printk(KERN_ERR
1629                                                "raw1394: arm_lock64 FAILED "
1630                                                "ext_tcode not allowed -> rcode_type_error\n");
1631                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1632                                         break;
1633                                 }       /*switch */
1634                                 if (rcode == -1) {
1635                                         DBGMSG
1636                                             ("arm_lock64 -> (rcode_complete)");
1637                                         rcode = RCODE_COMPLETE;
1638                                         memcpy(store, &old, sizeof(*store));
1639                                         memcpy((arm_addr->addr_space_buffer) +
1640                                                (addr - (arm_addr->start)),
1641                                                &new, sizeof(*store));
1642                                 }
1643                         }
1644                 } else {
1645                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1646                         DBGMSG
1647                             ("arm_lock64 -> rcode_type_error (access denied)");
1648                 }
1649         }
1650         if (arm_addr->notification_options & ARM_LOCK) {
1651                 byte_t *buf1, *buf2;
1652                 DBGMSG("arm_lock64 -> entering notification-section");
1653                 req = __alloc_pending_request(GFP_ATOMIC);
1654                 if (!req) {
1655                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1656                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1657                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1658                                                            The request may be retried */
1659                 }
1660                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1661                 req->data = kmalloc(size, GFP_ATOMIC);
1662                 if (!(req->data)) {
1663                         free_pending_request(req);
1664                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1665                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1666                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1667                                                            The request may be retried */
1668                 }
1669                 req->free_data = 1;
1670                 arm_req_resp = (struct arm_request_response *)(req->data);
1671                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1672                                                  (sizeof
1673                                                   (struct
1674                                                    arm_request_response)));
1675                 arm_resp =
1676                     (struct arm_response *)((byte_t *) (arm_req) +
1677                                             (sizeof(struct arm_request)));
1678                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1679                 buf2 = buf1 + 2 * sizeof(*store);
1680                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1681                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1682                         arm_req->buffer_length = sizeof(*store);
1683                         memcpy(buf1, &data, sizeof(*store));
1684
1685                 } else {
1686                         arm_req->buffer_length = 2 * sizeof(*store);
1687                         memcpy(buf1, &arg, sizeof(*store));
1688                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1689                 }
1690                 if (rcode == RCODE_COMPLETE) {
1691                         arm_resp->buffer_length = sizeof(*store);
1692                         memcpy(buf2, &old, sizeof(*store));
1693                 } else {
1694                         arm_resp->buffer_length = 0;
1695                 }
1696                 req->file_info = fi;
1697                 req->req.type = RAW1394_REQ_ARM;
1698                 req->req.generation = get_hpsb_generation(host);
1699                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1700                                  (ARM_LOCK & 0xFF));
1701                 req->req.tag = arm_addr->arm_tag;
1702                 req->req.recvb = arm_addr->recvb;
1703                 req->req.length = size;
1704                 arm_req->generation = req->req.generation;
1705                 arm_req->extended_transaction_code = ext_tcode;
1706                 arm_req->destination_offset = addr;
1707                 arm_req->source_nodeid = nodeid;
1708                 arm_req->destination_nodeid = host->node_id;
1709                 arm_req->tlabel = (flags >> 10) & 0x3f;
1710                 arm_req->tcode = (flags >> 4) & 0x0f;
1711                 arm_resp->response_code = rcode;
1712                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1713                                                 sizeof(struct
1714                                                        arm_request_response));
1715                 arm_req_resp->response =
1716                     int2ptr((arm_addr->recvb) +
1717                             sizeof(struct arm_request_response) +
1718                             sizeof(struct arm_request));
1719                 arm_req->buffer =
1720                     int2ptr((arm_addr->recvb) +
1721                             sizeof(struct arm_request_response) +
1722                             sizeof(struct arm_request) +
1723                             sizeof(struct arm_response));
1724                 arm_resp->buffer =
1725                     int2ptr((arm_addr->recvb) +
1726                             sizeof(struct arm_request_response) +
1727                             sizeof(struct arm_request) +
1728                             sizeof(struct arm_response) + 2 * sizeof(*store));
1729                 queue_complete_req(req);
1730         }
1731         spin_unlock_irqrestore(&host_info_lock, irqflags);
1732         return (rcode);
1733 }
1734
1735 static int arm_register(struct file_info *fi, struct pending_request *req)
1736 {
1737         int retval;
1738         struct arm_addr *addr;
1739         struct host_info *hi;
1740         struct file_info *fi_hlp = NULL;
1741         struct list_head *entry;
1742         struct arm_addr *arm_addr = NULL;
1743         int same_host, another_host;
1744         unsigned long flags;
1745
1746         DBGMSG("arm_register called "
1747                "addr(Offset): %8.8x %8.8x length: %u "
1748                "rights: %2.2X notify: %2.2X "
1749                "max_blk_len: %4.4X",
1750                (u32) ((req->req.address >> 32) & 0xFFFF),
1751                (u32) (req->req.address & 0xFFFFFFFF),
1752                req->req.length, ((req->req.misc >> 8) & 0xFF),
1753                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1754         /* check addressrange */
1755         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1756             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1757              0)) {
1758                 req->req.length = 0;
1759                 return (-EINVAL);
1760         }
1761         /* addr-list-entry for fileinfo */
1762         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1763         if (!addr) {
1764                 req->req.length = 0;
1765                 return (-ENOMEM);
1766         }
1767         /* allocation of addr_space_buffer */
1768         addr->addr_space_buffer = vmalloc(req->req.length);
1769         if (!(addr->addr_space_buffer)) {
1770                 kfree(addr);
1771                 req->req.length = 0;
1772                 return (-ENOMEM);
1773         }
1774         /* initialization of addr_space_buffer */
1775         if ((req->req.sendb) == (unsigned long)NULL) {
1776                 /* init: set 0 */
1777                 memset(addr->addr_space_buffer, 0, req->req.length);
1778         } else {
1779                 /* init: user -> kernel */
1780                 if (copy_from_user
1781                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1782                      req->req.length)) {
1783                         vfree(addr->addr_space_buffer);
1784                         kfree(addr);
1785                         return (-EFAULT);
1786                 }
1787         }
1788         INIT_LIST_HEAD(&addr->addr_list);
1789         addr->arm_tag = req->req.tag;
1790         addr->start = req->req.address;
1791         addr->end = req->req.address + req->req.length;
1792         addr->access_rights = (u8) (req->req.misc & 0x0F);
1793         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1794         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1795         addr->access_rights |= addr->client_transactions;
1796         addr->notification_options |= addr->client_transactions;
1797         addr->recvb = req->req.recvb;
1798         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1799
1800         spin_lock_irqsave(&host_info_lock, flags);
1801         hi = find_host_info(fi->host);
1802         same_host = 0;
1803         another_host = 0;
1804         /* same host with address-entry containing same addressrange ? */
1805         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1806                 entry = fi_hlp->addr_list.next;
1807                 while (entry != &(fi_hlp->addr_list)) {
1808                         arm_addr =
1809                             list_entry(entry, struct arm_addr, addr_list);
1810                         if ((arm_addr->start == addr->start)
1811                             && (arm_addr->end == addr->end)) {
1812                                 DBGMSG("same host ownes same "
1813                                        "addressrange -> EALREADY");
1814                                 same_host = 1;
1815                                 break;
1816                         }
1817                         entry = entry->next;
1818                 }
1819                 if (same_host) {
1820                         break;
1821                 }
1822         }
1823         if (same_host) {
1824                 /* addressrange occupied by same host */
1825                 spin_unlock_irqrestore(&host_info_lock, flags);
1826                 vfree(addr->addr_space_buffer);
1827                 kfree(addr);
1828                 return (-EALREADY);
1829         }
1830         /* another host with valid address-entry containing same addressrange */
1831         list_for_each_entry(hi, &host_info_list, list) {
1832                 if (hi->host != fi->host) {
1833                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1834                                 entry = fi_hlp->addr_list.next;
1835                                 while (entry != &(fi_hlp->addr_list)) {
1836                                         arm_addr =
1837                                             list_entry(entry, struct arm_addr,
1838                                                        addr_list);
1839                                         if ((arm_addr->start == addr->start)
1840                                             && (arm_addr->end == addr->end)) {
1841                                                 DBGMSG
1842                                                     ("another host ownes same "
1843                                                      "addressrange");
1844                                                 another_host = 1;
1845                                                 break;
1846                                         }
1847                                         entry = entry->next;
1848                                 }
1849                                 if (another_host) {
1850                                         break;
1851                                 }
1852                         }
1853                 }
1854         }
1855         spin_unlock_irqrestore(&host_info_lock, flags);
1856
1857         if (another_host) {
1858                 DBGMSG("another hosts entry is valid -> SUCCESS");
1859                 if (copy_to_user(int2ptr(req->req.recvb),
1860                                  &addr->start, sizeof(u64))) {
1861                         printk(KERN_ERR "raw1394: arm_register failed "
1862                                " address-range-entry is invalid -> EFAULT !!!\n");
1863                         vfree(addr->addr_space_buffer);
1864                         kfree(addr);
1865                         return (-EFAULT);
1866                 }
1867                 free_pending_request(req);      /* immediate success or fail */
1868                 /* INSERT ENTRY */
1869                 spin_lock_irqsave(&host_info_lock, flags);
1870                 list_add_tail(&addr->addr_list, &fi->addr_list);
1871                 spin_unlock_irqrestore(&host_info_lock, flags);
1872                 return sizeof(struct raw1394_request);
1873         }
1874         retval =
1875             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1876                                     req->req.address,
1877                                     req->req.address + req->req.length);
1878         if (retval) {
1879                 /* INSERT ENTRY */
1880                 spin_lock_irqsave(&host_info_lock, flags);
1881                 list_add_tail(&addr->addr_list, &fi->addr_list);
1882                 spin_unlock_irqrestore(&host_info_lock, flags);
1883         } else {
1884                 DBGMSG("arm_register failed errno: %d \n", retval);
1885                 vfree(addr->addr_space_buffer);
1886                 kfree(addr);
1887                 return (-EALREADY);
1888         }
1889         free_pending_request(req);      /* immediate success or fail */
1890         return sizeof(struct raw1394_request);
1891 }
1892
1893 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1894 {
1895         int found = 0;
1896         int retval = 0;
1897         struct list_head *entry;
1898         struct arm_addr *addr = NULL;
1899         struct host_info *hi;
1900         struct file_info *fi_hlp = NULL;
1901         struct arm_addr *arm_addr = NULL;
1902         int another_host;
1903         unsigned long flags;
1904
1905         DBGMSG("arm_Unregister called addr(Offset): "
1906                "%8.8x %8.8x",
1907                (u32) ((req->req.address >> 32) & 0xFFFF),
1908                (u32) (req->req.address & 0xFFFFFFFF));
1909         spin_lock_irqsave(&host_info_lock, flags);
1910         /* get addr */
1911         entry = fi->addr_list.next;
1912         while (entry != &(fi->addr_list)) {
1913                 addr = list_entry(entry, struct arm_addr, addr_list);
1914                 if (addr->start == req->req.address) {
1915                         found = 1;
1916                         break;
1917                 }
1918                 entry = entry->next;
1919         }
1920         if (!found) {
1921                 DBGMSG("arm_Unregister addr not found");
1922                 spin_unlock_irqrestore(&host_info_lock, flags);
1923                 return (-EINVAL);
1924         }
1925         DBGMSG("arm_Unregister addr found");
1926         another_host = 0;
1927         /* another host with valid address-entry containing
1928            same addressrange */
1929         list_for_each_entry(hi, &host_info_list, list) {
1930                 if (hi->host != fi->host) {
1931                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1932                                 entry = fi_hlp->addr_list.next;
1933                                 while (entry != &(fi_hlp->addr_list)) {
1934                                         arm_addr = list_entry(entry,
1935                                                               struct arm_addr,
1936                                                               addr_list);
1937                                         if (arm_addr->start == addr->start) {
1938                                                 DBGMSG("another host ownes "
1939                                                        "same addressrange");
1940                                                 another_host = 1;
1941                                                 break;
1942                                         }
1943                                         entry = entry->next;
1944                                 }
1945                                 if (another_host) {
1946                                         break;
1947                                 }
1948                         }
1949                 }
1950         }
1951         if (another_host) {
1952                 DBGMSG("delete entry from list -> success");
1953                 list_del(&addr->addr_list);
1954                 spin_unlock_irqrestore(&host_info_lock, flags);
1955                 vfree(addr->addr_space_buffer);
1956                 kfree(addr);
1957                 free_pending_request(req);      /* immediate success or fail */
1958                 return sizeof(struct raw1394_request);
1959         }
1960         retval =
1961             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1962                                       addr->start);
1963         if (!retval) {
1964                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1965                 spin_unlock_irqrestore(&host_info_lock, flags);
1966                 return (-EINVAL);
1967         }
1968         DBGMSG("delete entry from list -> success");
1969         list_del(&addr->addr_list);
1970         spin_unlock_irqrestore(&host_info_lock, flags);
1971         vfree(addr->addr_space_buffer);
1972         kfree(addr);
1973         free_pending_request(req);      /* immediate success or fail */
1974         return sizeof(struct raw1394_request);
1975 }
1976
1977 /* Copy data from ARM buffer(s) to user buffer. */
1978 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1979 {
1980         struct arm_addr *arm_addr = NULL;
1981         unsigned long flags;
1982         unsigned long offset;
1983
1984         struct list_head *entry;
1985
1986         DBGMSG("arm_get_buf "
1987                "addr(Offset): %04X %08X length: %u",
1988                (u32) ((req->req.address >> 32) & 0xFFFF),
1989                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1990
1991         spin_lock_irqsave(&host_info_lock, flags);
1992         entry = fi->addr_list.next;
1993         while (entry != &(fi->addr_list)) {
1994                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1995                 if ((arm_addr->start <= req->req.address) &&
1996                     (arm_addr->end > req->req.address)) {
1997                         if (req->req.address + req->req.length <= arm_addr->end) {
1998                                 offset = req->req.address - arm_addr->start;
1999                                 spin_unlock_irqrestore(&host_info_lock, flags);
2000
2001                                 DBGMSG
2002                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
2003                                      (u32) req->req.recvb,
2004                                      arm_addr->addr_space_buffer + offset,
2005                                      (u32) req->req.length);
2006                                 if (copy_to_user
2007                                     (int2ptr(req->req.recvb),
2008                                      arm_addr->addr_space_buffer + offset,
2009                                      req->req.length))
2010                                         return (-EFAULT);
2011
2012                                 /* We have to free the request, because we
2013                                  * queue no response, and therefore nobody
2014                                  * will free it. */
2015                                 free_pending_request(req);
2016                                 return sizeof(struct raw1394_request);
2017                         } else {
2018                                 DBGMSG("arm_get_buf request exceeded mapping");
2019                                 spin_unlock_irqrestore(&host_info_lock, flags);
2020                                 return (-EINVAL);
2021                         }
2022                 }
2023                 entry = entry->next;
2024         }
2025         spin_unlock_irqrestore(&host_info_lock, flags);
2026         return (-EINVAL);
2027 }
2028
2029 /* Copy data from user buffer to ARM buffer(s). */
2030 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2031 {
2032         struct arm_addr *arm_addr = NULL;
2033         unsigned long flags;
2034         unsigned long offset;
2035
2036         struct list_head *entry;
2037
2038         DBGMSG("arm_set_buf "
2039                "addr(Offset): %04X %08X length: %u",
2040                (u32) ((req->req.address >> 32) & 0xFFFF),
2041                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2042
2043         spin_lock_irqsave(&host_info_lock, flags);
2044         entry = fi->addr_list.next;
2045         while (entry != &(fi->addr_list)) {
2046                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2047                 if ((arm_addr->start <= req->req.address) &&
2048                     (arm_addr->end > req->req.address)) {
2049                         if (req->req.address + req->req.length <= arm_addr->end) {
2050                                 offset = req->req.address - arm_addr->start;
2051                                 spin_unlock_irqrestore(&host_info_lock, flags);
2052
2053                                 DBGMSG
2054                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
2055                                      arm_addr->addr_space_buffer + offset,
2056                                      (u32) req->req.sendb,
2057                                      (u32) req->req.length);
2058                                 if (copy_from_user
2059                                     (arm_addr->addr_space_buffer + offset,
2060                                      int2ptr(req->req.sendb),
2061                                      req->req.length))
2062                                         return (-EFAULT);
2063
2064                                 /* We have to free the request, because we
2065                                  * queue no response, and therefore nobody
2066                                  * will free it. */
2067                                 free_pending_request(req);
2068                                 return sizeof(struct raw1394_request);
2069                         } else {
2070                                 DBGMSG("arm_set_buf request exceeded mapping");
2071                                 spin_unlock_irqrestore(&host_info_lock, flags);
2072                                 return (-EINVAL);
2073                         }
2074                 }
2075                 entry = entry->next;
2076         }
2077         spin_unlock_irqrestore(&host_info_lock, flags);
2078         return (-EINVAL);
2079 }
2080
2081 static int reset_notification(struct file_info *fi, struct pending_request *req)
2082 {
2083         DBGMSG("reset_notification called - switch %s ",
2084                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2085         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2086             (req->req.misc == RAW1394_NOTIFY_ON)) {
2087                 fi->notification = (u8) req->req.misc;
2088                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2089                 return sizeof(struct raw1394_request);
2090         }
2091         /* error EINVAL (22) invalid argument */
2092         return (-EINVAL);
2093 }
2094
2095 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2096 {
2097         struct hpsb_packet *packet = NULL;
2098         int retval = 0;
2099         quadlet_t data;
2100         unsigned long flags;
2101
2102         data = be32_to_cpu((u32) req->req.sendb);
2103         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2104         packet = hpsb_make_phypacket(fi->host, data);
2105         if (!packet)
2106                 return -ENOMEM;
2107         req->req.length = 0;
2108         req->packet = packet;
2109         hpsb_set_packet_complete_task(packet,
2110                                       (void (*)(void *))queue_complete_cb, req);
2111         spin_lock_irqsave(&fi->reqlists_lock, flags);
2112         list_add_tail(&req->list, &fi->req_pending);
2113         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2114         packet->generation = req->req.generation;
2115         retval = hpsb_send_packet(packet);
2116         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2117         if (retval < 0) {
2118                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2119                 req->req.length = 0;
2120                 queue_complete_req(req);
2121         }
2122         return sizeof(struct raw1394_request);
2123 }
2124
2125 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2126 {
2127         int ret = sizeof(struct raw1394_request);
2128         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2129         int status;
2130
2131         if (!data)
2132                 return -ENOMEM;
2133
2134         status =
2135             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2136                          data, req->req.length);
2137         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2138                 ret = -EFAULT;
2139         if (copy_to_user
2140             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2141              sizeof(fi->host->csr.rom->cache_head->len)))
2142                 ret = -EFAULT;
2143         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2144                          sizeof(fi->host->csr.generation)))
2145                 ret = -EFAULT;
2146         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2147                 ret = -EFAULT;
2148         kfree(data);
2149         if (ret >= 0) {
2150                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2151         }
2152         return ret;
2153 }
2154
2155 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2156 {
2157         int ret = sizeof(struct raw1394_request);
2158         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2159         if (!data)
2160                 return -ENOMEM;
2161         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2162                 ret = -EFAULT;
2163         } else {
2164                 int status = hpsb_update_config_rom(fi->host,
2165                                                     data, req->req.length,
2166                                                     (unsigned char)req->req.
2167                                                     misc);
2168                 if (copy_to_user
2169                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2170                         ret = -ENOMEM;
2171         }
2172         kfree(data);
2173         if (ret >= 0) {
2174                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2175                 fi->cfgrom_upd = 1;
2176         }
2177         return ret;
2178 }
2179
2180 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2181 {
2182         struct csr1212_keyval *kv;
2183         struct csr1212_csr_rom_cache *cache;
2184         struct csr1212_dentry *dentry;
2185         u32 dr;
2186         int ret = 0;
2187
2188         if (req->req.misc == ~0) {
2189                 if (req->req.length == 0)
2190                         return -EINVAL;
2191
2192                 /* Find an unused slot */
2193                 for (dr = 0;
2194                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2195                      dr++) ;
2196
2197                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2198                         return -ENOMEM;
2199
2200                 fi->csr1212_dirs[dr] =
2201                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2202                 if (!fi->csr1212_dirs[dr])
2203                         return -ENOMEM;
2204         } else {
2205                 dr = req->req.misc;
2206                 if (!fi->csr1212_dirs[dr])
2207                         return -EINVAL;
2208
2209                 /* Delete old stuff */
2210                 for (dentry =
2211                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2212                      dentry; dentry = dentry->next) {
2213                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2214                                                              root_kv,
2215                                                              dentry->kv);
2216                 }
2217
2218                 if (req->req.length == 0) {
2219                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2220                         fi->csr1212_dirs[dr] = NULL;
2221
2222                         hpsb_update_config_rom_image(fi->host);
2223                         free_pending_request(req);
2224                         return sizeof(struct raw1394_request);
2225                 }
2226         }
2227
2228         cache = csr1212_rom_cache_malloc(0, req->req.length);
2229         if (!cache) {
2230                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2231                 fi->csr1212_dirs[dr] = NULL;
2232                 return -ENOMEM;
2233         }
2234
2235         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2236         if (!cache->filled_head) {
2237                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2238                 fi->csr1212_dirs[dr] = NULL;
2239                 CSR1212_FREE(cache);
2240                 return -ENOMEM;
2241         }
2242         cache->filled_tail = cache->filled_head;
2243
2244         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2245                            req->req.length)) {
2246                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2247                 fi->csr1212_dirs[dr] = NULL;
2248                 ret = -EFAULT;
2249         } else {
2250                 cache->len = req->req.length;
2251                 cache->filled_head->offset_start = 0;
2252                 cache->filled_head->offset_end = cache->size - 1;
2253
2254                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2255
2256                 ret = CSR1212_SUCCESS;
2257                 /* parse all the items */
2258                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2259                      kv = kv->next) {
2260                         ret = csr1212_parse_keyval(kv, cache);
2261                 }
2262
2263                 /* attach top level items to the root directory */
2264                 for (dentry =
2265                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2266                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2267                         ret =
2268                             csr1212_attach_keyval_to_directory(fi->host->csr.
2269                                                                rom->root_kv,
2270                                                                dentry->kv);
2271                 }
2272
2273                 if (ret == CSR1212_SUCCESS) {
2274                         ret = hpsb_update_config_rom_image(fi->host);
2275
2276                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2277                                                      &dr, sizeof(dr))) {
2278                                 ret = -ENOMEM;
2279                         }
2280                 }
2281         }
2282         kfree(cache->filled_head);
2283         CSR1212_FREE(cache);
2284
2285         if (ret >= 0) {
2286                 /* we have to free the request, because we queue no response,
2287                  * and therefore nobody will free it */
2288                 free_pending_request(req);
2289                 return sizeof(struct raw1394_request);
2290         } else {
2291                 for (dentry =
2292                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2293                      dentry; dentry = dentry->next) {
2294                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2295                                                              root_kv,
2296                                                              dentry->kv);
2297                 }
2298                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2299                 fi->csr1212_dirs[dr] = NULL;
2300                 return ret;
2301         }
2302 }
2303
2304 static int state_connected(struct file_info *fi, struct pending_request *req)
2305 {
2306         int node = req->req.address >> 48;
2307
2308         req->req.error = RAW1394_ERROR_NONE;
2309
2310         switch (req->req.type) {
2311
2312         case RAW1394_REQ_ECHO:
2313                 queue_complete_req(req);
2314                 return sizeof(struct raw1394_request);
2315
2316         case RAW1394_REQ_ISO_SEND:
2317                 print_old_iso_deprecation();
2318                 return handle_iso_send(fi, req, node);
2319
2320         case RAW1394_REQ_ARM_REGISTER:
2321                 return arm_register(fi, req);
2322
2323         case RAW1394_REQ_ARM_UNREGISTER:
2324                 return arm_unregister(fi, req);
2325
2326         case RAW1394_REQ_ARM_SET_BUF:
2327                 return arm_set_buf(fi, req);
2328
2329         case RAW1394_REQ_ARM_GET_BUF:
2330                 return arm_get_buf(fi, req);
2331
2332         case RAW1394_REQ_RESET_NOTIFY:
2333                 return reset_notification(fi, req);
2334
2335         case RAW1394_REQ_ISO_LISTEN:
2336                 print_old_iso_deprecation();
2337                 handle_iso_listen(fi, req);
2338                 return sizeof(struct raw1394_request);
2339
2340         case RAW1394_REQ_FCP_LISTEN:
2341                 handle_fcp_listen(fi, req);
2342                 return sizeof(struct raw1394_request);
2343
2344         case RAW1394_REQ_RESET_BUS:
2345                 if (req->req.misc == RAW1394_LONG_RESET) {
2346                         DBGMSG("busreset called (type: LONG)");
2347                         hpsb_reset_bus(fi->host, LONG_RESET);
2348                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2349                         return sizeof(struct raw1394_request);
2350                 }
2351                 if (req->req.misc == RAW1394_SHORT_RESET) {
2352                         DBGMSG("busreset called (type: SHORT)");
2353                         hpsb_reset_bus(fi->host, SHORT_RESET);
2354                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2355                         return sizeof(struct raw1394_request);
2356                 }
2357                 /* error EINVAL (22) invalid argument */
2358                 return (-EINVAL);
2359         case RAW1394_REQ_GET_ROM:
2360                 return get_config_rom(fi, req);
2361
2362         case RAW1394_REQ_UPDATE_ROM:
2363                 return update_config_rom(fi, req);
2364
2365         case RAW1394_REQ_MODIFY_ROM:
2366                 return modify_config_rom(fi, req);
2367         }
2368
2369         if (req->req.generation != get_hpsb_generation(fi->host)) {
2370                 req->req.error = RAW1394_ERROR_GENERATION;
2371                 req->req.generation = get_hpsb_generation(fi->host);
2372                 req->req.length = 0;
2373                 queue_complete_req(req);
2374                 return sizeof(struct raw1394_request);
2375         }
2376
2377         switch (req->req.type) {
2378         case RAW1394_REQ_PHYPACKET:
2379                 return write_phypacket(fi, req);
2380         case RAW1394_REQ_ASYNC_SEND:
2381                 return handle_async_send(fi, req);
2382         }
2383
2384         if (req->req.length == 0) {
2385                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2386                 queue_complete_req(req);
2387                 return sizeof(struct raw1394_request);
2388         }
2389
2390         return handle_async_request(fi, req, node);
2391 }
2392
2393 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2394                              size_t count, loff_t * offset_is_ignored)
2395 {
2396         struct file_info *fi = (struct file_info *)file->private_data;
2397         struct pending_request *req;
2398         ssize_t retval = 0;
2399
2400 #ifdef CONFIG_COMPAT
2401         if (count == sizeof(struct compat_raw1394_req) &&
2402             sizeof(struct compat_raw1394_req) !=
2403                         sizeof(struct raw1394_request)) {
2404                 buffer = raw1394_compat_write(buffer);
2405                 if (IS_ERR(buffer))
2406                         return PTR_ERR(buffer);
2407         } else
2408 #endif
2409         if (count != sizeof(struct raw1394_request)) {
2410                 return -EINVAL;
2411         }
2412
2413         req = alloc_pending_request();
2414         if (req == NULL) {
2415                 return -ENOMEM;
2416         }
2417         req->file_info = fi;
2418
2419         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2420                 free_pending_request(req);
2421                 return -EFAULT;
2422         }
2423
2424         switch (fi->state) {
2425         case opened:
2426                 retval = state_opened(fi, req);
2427                 break;
2428
2429         case initialized:
2430                 retval = state_initialized(fi, req);
2431                 break;
2432
2433         case connected:
2434                 retval = state_connected(fi, req);
2435                 break;
2436         }
2437
2438         if (retval < 0) {
2439                 free_pending_request(req);
2440         }
2441
2442         return retval;
2443 }
2444
2445 /* rawiso operations */
2446
2447 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2448  * completion queue (reqlists_lock must be taken) */
2449 static inline int __rawiso_event_in_queue(struct file_info *fi)
2450 {
2451         struct pending_request *req;
2452
2453         list_for_each_entry(req, &fi->req_complete, list)
2454             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2455                 return 1;
2456
2457         return 0;
2458 }
2459
2460 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2461 static void queue_rawiso_event(struct file_info *fi)
2462 {
2463         unsigned long flags;
2464
2465         spin_lock_irqsave(&fi->reqlists_lock, flags);
2466
2467         /* only one ISO activity event may be in the queue */
2468         if (!__rawiso_event_in_queue(fi)) {
2469                 struct pending_request *req =
2470                     __alloc_pending_request(GFP_ATOMIC);
2471
2472                 if (req) {
2473                         req->file_info = fi;
2474                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2475                         req->req.generation = get_hpsb_generation(fi->host);
2476                         __queue_complete_req(req);
2477                 } else {
2478                         /* on allocation failure, signal an overflow */
2479                         if (fi->iso_handle) {
2480                                 atomic_inc(&fi->iso_handle->overflows);
2481                         }
2482                 }
2483         }
2484         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2485 }
2486
2487 static void rawiso_activity_cb(struct hpsb_iso *iso)
2488 {
2489         unsigned long flags;
2490         struct host_info *hi;
2491         struct file_info *fi;
2492
2493         spin_lock_irqsave(&host_info_lock, flags);
2494         hi = find_host_info(iso->host);
2495
2496         if (hi != NULL) {
2497                 list_for_each_entry(fi, &hi->file_info_list, list) {
2498                         if (fi->iso_handle == iso)
2499                                 queue_rawiso_event(fi);
2500                 }
2501         }
2502
2503         spin_unlock_irqrestore(&host_info_lock, flags);
2504 }
2505
2506 /* helper function - gather all the kernel iso status bits for returning to user-space */
2507 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2508                                     struct raw1394_iso_status *stat)
2509 {
2510         stat->config.data_buf_size = iso->buf_size;
2511         stat->config.buf_packets = iso->buf_packets;
2512         stat->config.channel = iso->channel;
2513         stat->config.speed = iso->speed;
2514         stat->config.irq_interval = iso->irq_interval;
2515         stat->n_packets = hpsb_iso_n_ready(iso);
2516         stat->overflows = atomic_read(&iso->overflows);
2517         stat->xmit_cycle = iso->xmit_cycle;
2518 }
2519
2520 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2521 {
2522         struct raw1394_iso_status stat;
2523
2524         if (!fi->host)
2525                 return -EINVAL;
2526
2527         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2528                 return -EFAULT;
2529
2530         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2531                                             stat.config.data_buf_size,
2532                                             stat.config.buf_packets,
2533                                             stat.config.channel,
2534                                             stat.config.speed,
2535                                             stat.config.irq_interval,
2536                                             rawiso_activity_cb);
2537         if (!fi->iso_handle)
2538                 return -ENOMEM;
2539
2540         fi->iso_state = RAW1394_ISO_XMIT;
2541
2542         raw1394_iso_fill_status(fi->iso_handle, &stat);
2543         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2544                 return -EFAULT;
2545
2546         /* queue an event to get things started */
2547         rawiso_activity_cb(fi->iso_handle);
2548
2549         return 0;
2550 }
2551
2552 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2553 {
2554         struct raw1394_iso_status stat;
2555
2556         if (!fi->host)
2557                 return -EINVAL;
2558
2559         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2560                 return -EFAULT;
2561
2562         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2563                                             stat.config.data_buf_size,
2564                                             stat.config.buf_packets,
2565                                             stat.config.channel,
2566                                             stat.config.dma_mode,
2567                                             stat.config.irq_interval,
2568                                             rawiso_activity_cb);
2569         if (!fi->iso_handle)
2570                 return -ENOMEM;
2571
2572         fi->iso_state = RAW1394_ISO_RECV;
2573
2574         raw1394_iso_fill_status(fi->iso_handle, &stat);
2575         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2576                 return -EFAULT;
2577         return 0;
2578 }
2579
2580 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2581 {
2582         struct raw1394_iso_status stat;
2583         struct hpsb_iso *iso = fi->iso_handle;
2584
2585         raw1394_iso_fill_status(fi->iso_handle, &stat);
2586         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2587                 return -EFAULT;
2588
2589         /* reset overflow counter */
2590         atomic_set(&iso->overflows, 0);
2591
2592         return 0;
2593 }
2594
2595 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2596 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2597 {
2598         struct raw1394_iso_packets upackets;
2599         unsigned int packet = fi->iso_handle->first_packet;
2600         int i;
2601
2602         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2603                 return -EFAULT;
2604
2605         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2606                 return -EINVAL;
2607
2608         /* ensure user-supplied buffer is accessible and big enough */
2609         if (!access_ok(VERIFY_WRITE, upackets.infos,
2610                        upackets.n_packets *
2611                        sizeof(struct raw1394_iso_packet_info)))
2612                 return -EFAULT;
2613
2614         /* copy the packet_infos out */
2615         for (i = 0; i < upackets.n_packets; i++) {
2616                 if (__copy_to_user(&upackets.infos[i],
2617                                    &fi->iso_handle->infos[packet],
2618                                    sizeof(struct raw1394_iso_packet_info)))
2619                         return -EFAULT;
2620
2621                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2622         }
2623
2624         return 0;
2625 }
2626
2627 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2628 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2629 {
2630         struct raw1394_iso_packets upackets;
2631         int i, rv;
2632
2633         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2634                 return -EFAULT;
2635
2636         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2637                 return -EINVAL;
2638
2639         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2640                 return -EAGAIN;
2641
2642         /* ensure user-supplied buffer is accessible and big enough */
2643         if (!access_ok(VERIFY_READ, upackets.infos,
2644                        upackets.n_packets *
2645                        sizeof(struct raw1394_iso_packet_info)))
2646                 return -EFAULT;
2647
2648         /* copy the infos structs in and queue the packets */
2649         for (i = 0; i < upackets.n_packets; i++) {
2650                 struct raw1394_iso_packet_info info;
2651
2652                 if (__copy_from_user(&info, &upackets.infos[i],
2653                                      sizeof(struct raw1394_iso_packet_info)))
2654                         return -EFAULT;
2655
2656                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2657                                                 info.len, info.tag, info.sy);
2658                 if (rv)
2659                         return rv;
2660         }
2661
2662         return 0;
2663 }
2664
2665 static void raw1394_iso_shutdown(struct file_info *fi)
2666 {
2667         if (fi->iso_handle)
2668                 hpsb_iso_shutdown(fi->iso_handle);
2669
2670         fi->iso_handle = NULL;
2671         fi->iso_state = RAW1394_ISO_INACTIVE;
2672 }
2673
2674 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2675 {
2676         struct raw1394_cycle_timer ct;
2677         int err;
2678
2679         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2680         if (!err)
2681                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2682                         err = -EFAULT;
2683         return err;
2684 }
2685
2686 /* mmap the rawiso xmit/recv buffer */
2687 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2688 {
2689         struct file_info *fi = file->private_data;
2690
2691         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2692                 return -EINVAL;
2693
2694         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2695 }
2696
2697 /* ioctl is only used for rawiso operations */
2698 static int raw1394_ioctl(struct inode *inode, struct file *file,
2699                          unsigned int cmd, unsigned long arg)
2700 {
2701         struct file_info *fi = file->private_data;
2702         void __user *argp = (void __user *)arg;
2703
2704         switch (fi->iso_state) {
2705         case RAW1394_ISO_INACTIVE:
2706                 switch (cmd) {
2707                 case RAW1394_IOC_ISO_XMIT_INIT:
2708                         return raw1394_iso_xmit_init(fi, argp);
2709                 case RAW1394_IOC_ISO_RECV_INIT:
2710                         return raw1394_iso_recv_init(fi, argp);
2711                 default:
2712                         break;
2713                 }
2714                 break;
2715         case RAW1394_ISO_RECV:
2716                 switch (cmd) {
2717                 case RAW1394_IOC_ISO_RECV_START:{
2718                                 /* copy args from user-space */
2719                                 int args[3];
2720                                 if (copy_from_user
2721                                     (&args[0], argp, sizeof(args)))
2722                                         return -EFAULT;
2723                                 return hpsb_iso_recv_start(fi->iso_handle,
2724                                                            args[0], args[1],
2725                                                            args[2]);
2726                         }
2727                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2728                         hpsb_iso_stop(fi->iso_handle);
2729                         return 0;
2730                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2731                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2732                                                             arg);
2733                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2734                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2735                                                               arg);
2736                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2737                                 /* copy the u64 from user-space */
2738                                 u64 mask;
2739                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2740                                         return -EFAULT;
2741                                 return hpsb_iso_recv_set_channel_mask(fi->
2742                                                                       iso_handle,
2743                                                                       mask);
2744                         }
2745                 case RAW1394_IOC_ISO_GET_STATUS:
2746                         return raw1394_iso_get_status(fi, argp);
2747                 case RAW1394_IOC_ISO_RECV_PACKETS:
2748                         return raw1394_iso_recv_packets(fi, argp);
2749                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2750                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2751                                                              arg);
2752                 case RAW1394_IOC_ISO_RECV_FLUSH:
2753                         return hpsb_iso_recv_flush(fi->iso_handle);
2754                 case RAW1394_IOC_ISO_SHUTDOWN:
2755                         raw1394_iso_shutdown(fi);
2756                         return 0;
2757                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2758                         queue_rawiso_event(fi);
2759                         return 0;
2760                 }
2761                 break;
2762         case RAW1394_ISO_XMIT:
2763                 switch (cmd) {
2764                 case RAW1394_IOC_ISO_XMIT_START:{
2765                                 /* copy two ints from user-space */
2766                                 int args[2];
2767                                 if (copy_from_user
2768                                     (&args[0], argp, sizeof(args)))
2769                                         return -EFAULT;
2770                                 return hpsb_iso_xmit_start(fi->iso_handle,
2771                                                            args[0], args[1]);
2772                         }
2773                 case RAW1394_IOC_ISO_XMIT_SYNC:
2774                         return hpsb_iso_xmit_sync(fi->iso_handle);
2775                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2776                         hpsb_iso_stop(fi->iso_handle);
2777                         return 0;
2778                 case RAW1394_IOC_ISO_GET_STATUS:
2779                         return raw1394_iso_get_status(fi, argp);
2780                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2781                         return raw1394_iso_send_packets(fi, argp);
2782                 case RAW1394_IOC_ISO_SHUTDOWN:
2783                         raw1394_iso_shutdown(fi);
2784                         return 0;
2785                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2786                         queue_rawiso_event(fi);
2787                         return 0;
2788                 }
2789                 break;
2790         default:
2791                 break;
2792         }
2793
2794         /* state-independent commands */
2795         switch(cmd) {
2796         case RAW1394_IOC_GET_CYCLE_TIMER:
2797                 return raw1394_read_cycle_timer(fi, argp);
2798         default:
2799                 break;
2800         }
2801
2802         return -EINVAL;
2803 }
2804
2805 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2806 {
2807         struct file_info *fi = file->private_data;
2808         unsigned int mask = POLLOUT | POLLWRNORM;
2809         unsigned long flags;
2810
2811         poll_wait(file, &fi->wait_complete, pt);
2812
2813         spin_lock_irqsave(&fi->reqlists_lock, flags);
2814         if (!list_empty(&fi->req_complete)) {
2815                 mask |= POLLIN | POLLRDNORM;
2816         }
2817         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2818
2819         return mask;
2820 }
2821
2822 static int raw1394_open(struct inode *inode, struct file *file)
2823 {
2824         struct file_info *fi;
2825
2826         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2827         if (!fi)
2828                 return -ENOMEM;
2829
2830         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2831
2832         INIT_LIST_HEAD(&fi->list);
2833         fi->state = opened;
2834         INIT_LIST_HEAD(&fi->req_pending);
2835         INIT_LIST_HEAD(&fi->req_complete);
2836         spin_lock_init(&fi->reqlists_lock);
2837         init_waitqueue_head(&fi->wait_complete);
2838         INIT_LIST_HEAD(&fi->addr_list);
2839
2840         file->private_data = fi;
2841
2842         return 0;
2843 }
2844
2845 static int raw1394_release(struct inode *inode, struct file *file)
2846 {
2847         struct file_info *fi = file->private_data;
2848         struct list_head *lh;
2849         struct pending_request *req;
2850         int i, fail;
2851         int retval = 0;
2852         struct list_head *entry;
2853         struct arm_addr *addr = NULL;
2854         struct host_info *hi;
2855         struct file_info *fi_hlp = NULL;
2856         struct arm_addr *arm_addr = NULL;
2857         int another_host;
2858         int csr_mod = 0;
2859         unsigned long flags;
2860
2861         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2862                 raw1394_iso_shutdown(fi);
2863
2864         for (i = 0; i < 64; i++) {
2865                 if (fi->listen_channels & (1ULL << i)) {
2866                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2867                 }
2868         }
2869
2870         spin_lock_irqsave(&host_info_lock, flags);
2871         fi->listen_channels = 0;
2872
2873         fail = 0;
2874         /* set address-entries invalid */
2875
2876         while (!list_empty(&fi->addr_list)) {
2877                 another_host = 0;
2878                 lh = fi->addr_list.next;
2879                 addr = list_entry(lh, struct arm_addr, addr_list);
2880                 /* another host with valid address-entry containing
2881                    same addressrange? */
2882                 list_for_each_entry(hi, &host_info_list, list) {
2883                         if (hi->host != fi->host) {
2884                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2885                                                     list) {
2886                                         entry = fi_hlp->addr_list.next;
2887                                         while (entry != &(fi_hlp->addr_list)) {
2888                                                 arm_addr = list_entry(entry, struct
2889                                                                       arm_addr,
2890                                                                       addr_list);
2891                                                 if (arm_addr->start ==
2892                                                     addr->start) {
2893                                                         DBGMSG
2894                                                             ("raw1394_release: "
2895                                                              "another host ownes "
2896                                                              "same addressrange");
2897                                                         another_host = 1;
2898                                                         break;
2899                                                 }
2900                                                 entry = entry->next;
2901                                         }
2902                                         if (another_host) {
2903                                                 break;
2904                                         }
2905                                 }
2906                         }
2907                 }
2908                 if (!another_host) {
2909                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2910                         retval =
2911                             hpsb_unregister_addrspace(&raw1394_highlevel,
2912                                                       fi->host, addr->start);
2913                         if (!retval) {
2914                                 ++fail;
2915                                 printk(KERN_ERR
2916                                        "raw1394_release arm_Unregister failed\n");
2917                         }
2918                 }
2919                 DBGMSG("raw1394_release: delete addr_entry from list");
2920                 list_del(&addr->addr_list);
2921                 vfree(addr->addr_space_buffer);
2922                 kfree(addr);
2923         }                       /* while */
2924         spin_unlock_irqrestore(&host_info_lock, flags);
2925         if (fail > 0) {
2926                 printk(KERN_ERR "raw1394: during addr_list-release "
2927                        "error(s) occurred \n");
2928         }
2929
2930         for (;;) {
2931                 /* This locked section guarantees that neither
2932                  * complete nor pending requests exist once i!=0 */
2933                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2934                 while ((req = __next_complete_req(fi)))
2935                         free_pending_request(req);
2936
2937                 i = list_empty(&fi->req_pending);
2938                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2939
2940                 if (i)
2941                         break;
2942                 /*
2943                  * Sleep until more requests can be freed.
2944                  *
2945                  * NB: We call the macro wait_event() with a condition argument
2946                  * with side effect.  This is only possible because the side
2947                  * effect does not occur until the condition became true, and
2948                  * wait_event() won't evaluate the condition again after that.
2949                  */
2950                 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2951                 free_pending_request(req);
2952         }
2953
2954         /* Remove any sub-trees left by user space programs */
2955         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2956                 struct csr1212_dentry *dentry;
2957                 if (!fi->csr1212_dirs[i])
2958                         continue;
2959                 for (dentry =
2960                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2961                      dentry = dentry->next) {
2962                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2963                                                              root_kv,
2964                                                              dentry->kv);
2965                 }
2966                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2967                 fi->csr1212_dirs[i] = NULL;
2968                 csr_mod = 1;
2969         }
2970
2971         if ((csr_mod || fi->cfgrom_upd)
2972             && hpsb_update_config_rom_image(fi->host) < 0)
2973                 HPSB_ERR
2974                     ("Failed to generate Configuration ROM image for host %d",
2975                      fi->host->id);
2976
2977         if (fi->state == connected) {
2978                 spin_lock_irqsave(&host_info_lock, flags);
2979                 list_del(&fi->list);
2980                 spin_unlock_irqrestore(&host_info_lock, flags);
2981
2982                 put_device(&fi->host->device);
2983         }
2984
2985         spin_lock_irqsave(&host_info_lock, flags);
2986         if (fi->host)
2987                 module_put(fi->host->driver->owner);
2988         spin_unlock_irqrestore(&host_info_lock, flags);
2989
2990         kfree(fi);
2991
2992         return 0;
2993 }
2994
2995 /*** HOTPLUG STUFF **********************************************************/
2996 /*
2997  * Export information about protocols/devices supported by this driver.
2998  */
2999 static struct ieee1394_device_id raw1394_id_table[] = {
3000         {
3001          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3002          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
3003          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
3004         {
3005          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3006          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3007          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
3008         {
3009          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3010          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3011          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
3012         {
3013          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3014          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3015          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
3016         {}
3017 };
3018
3019 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
3020
3021 static struct hpsb_protocol_driver raw1394_driver = {
3022         .name = "raw1394",
3023         .id_table = raw1394_id_table,
3024 };
3025
3026 /******************************************************************************/
3027
3028 static struct hpsb_highlevel raw1394_highlevel = {
3029         .name = RAW1394_DEVICE_NAME,
3030         .add_host = add_host,
3031         .remove_host = remove_host,
3032         .host_reset = host_reset,
3033         .iso_receive = iso_receive,
3034         .fcp_request = fcp_request,
3035 };
3036
3037 static struct cdev raw1394_cdev;
3038 static const struct file_operations raw1394_fops = {
3039         .owner = THIS_MODULE,
3040         .read = raw1394_read,
3041         .write = raw1394_write,
3042         .mmap = raw1394_mmap,
3043         .ioctl = raw1394_ioctl,
3044         // .compat_ioctl = ... someone needs to do this
3045         .poll = raw1394_poll,
3046         .open = raw1394_open,
3047         .release = raw1394_release,
3048 };
3049
3050 static int __init init_raw1394(void)
3051 {
3052         int ret = 0;
3053
3054         hpsb_register_highlevel(&raw1394_highlevel);
3055
3056         if (IS_ERR
3057             (class_device_create
3058              (hpsb_protocol_class, NULL,
3059               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
3060               RAW1394_DEVICE_NAME))) {
3061                 ret = -EFAULT;
3062                 goto out_unreg;
3063         }
3064
3065         cdev_init(&raw1394_cdev, &raw1394_fops);
3066         raw1394_cdev.owner = THIS_MODULE;
3067         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3068         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3069         if (ret) {
3070                 HPSB_ERR("raw1394 failed to register minor device block");
3071                 goto out_dev;
3072         }
3073
3074         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3075
3076         ret = hpsb_register_protocol(&raw1394_driver);
3077         if (ret) {
3078                 HPSB_ERR("raw1394: failed to register protocol");
3079                 cdev_del(&raw1394_cdev);
3080                 goto out_dev;
3081         }
3082
3083         goto out;
3084
3085       out_dev:
3086         class_device_destroy(hpsb_protocol_class,
3087                              MKDEV(IEEE1394_MAJOR,
3088                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3089       out_unreg:
3090         hpsb_unregister_highlevel(&raw1394_highlevel);
3091       out:
3092         return ret;
3093 }
3094
3095 static void __exit cleanup_raw1394(void)
3096 {
3097         class_device_destroy(hpsb_protocol_class,
3098                              MKDEV(IEEE1394_MAJOR,
3099                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3100         cdev_del(&raw1394_cdev);
3101         hpsb_unregister_highlevel(&raw1394_highlevel);
3102         hpsb_unregister_protocol(&raw1394_driver);
3103 }
3104
3105 module_init(init_raw1394);
3106 module_exit(cleanup_raw1394);
3107 MODULE_LICENSE("GPL");