[libata] Fix decoding of 6-byte commands
[linux-2.6] / drivers / macintosh / adb.c
1 /*
2  * Device driver for the Apple Desktop Bus
3  * and the /dev/adb device on macintoshes.
4  *
5  * Copyright (C) 1996 Paul Mackerras.
6  *
7  * Modified to declare controllers as structures, added
8  * client notification of bus reset and handles PowerBook
9  * sleep, by Benjamin Herrenschmidt.
10  *
11  * To do:
12  *
13  * - /sys/bus/adb to list the devices and infos
14  * - more /dev/adb to allow userland to receive the
15  *   flow of auto-polling datas from a given device.
16  * - move bus probe to a kernel thread
17  */
18
19 #include <linux/types.h>
20 #include <linux/errno.h>
21 #include <linux/kernel.h>
22 #include <linux/slab.h>
23 #include <linux/module.h>
24 #include <linux/fs.h>
25 #include <linux/mm.h>
26 #include <linux/sched.h>
27 #include <linux/smp_lock.h>
28 #include <linux/adb.h>
29 #include <linux/cuda.h>
30 #include <linux/pmu.h>
31 #include <linux/notifier.h>
32 #include <linux/wait.h>
33 #include <linux/init.h>
34 #include <linux/delay.h>
35 #include <linux/spinlock.h>
36 #include <linux/completion.h>
37 #include <linux/device.h>
38
39 #include <asm/uaccess.h>
40 #include <asm/semaphore.h>
41 #ifdef CONFIG_PPC
42 #include <asm/prom.h>
43 #include <asm/machdep.h>
44 #endif
45
46
47 EXPORT_SYMBOL(adb_controller);
48 EXPORT_SYMBOL(adb_client_list);
49
50 extern struct adb_driver via_macii_driver;
51 extern struct adb_driver via_maciisi_driver;
52 extern struct adb_driver via_cuda_driver;
53 extern struct adb_driver adb_iop_driver;
54 extern struct adb_driver via_pmu_driver;
55 extern struct adb_driver macio_adb_driver;
56
57 static struct adb_driver *adb_driver_list[] = {
58 #ifdef CONFIG_ADB_MACII
59         &via_macii_driver,
60 #endif
61 #ifdef CONFIG_ADB_MACIISI
62         &via_maciisi_driver,
63 #endif
64 #ifdef CONFIG_ADB_CUDA
65         &via_cuda_driver,
66 #endif
67 #ifdef CONFIG_ADB_IOP
68         &adb_iop_driver,
69 #endif
70 #if defined(CONFIG_ADB_PMU) || defined(CONFIG_ADB_PMU68K)
71         &via_pmu_driver,
72 #endif
73 #ifdef CONFIG_ADB_MACIO
74         &macio_adb_driver,
75 #endif
76         NULL
77 };
78
79 static struct class *adb_dev_class;
80
81 struct adb_driver *adb_controller;
82 BLOCKING_NOTIFIER_HEAD(adb_client_list);
83 static int adb_got_sleep;
84 static int adb_inited;
85 static pid_t adb_probe_task_pid;
86 static DECLARE_MUTEX(adb_probe_mutex);
87 static struct completion adb_probe_task_comp;
88 static int sleepy_trackpad;
89 static int autopoll_devs;
90 int __adb_probe_sync;
91
92 #ifdef CONFIG_PM
93 static void adb_notify_sleep(struct pmu_sleep_notifier *self, int when);
94 static struct pmu_sleep_notifier adb_sleep_notifier = {
95         adb_notify_sleep,
96         SLEEP_LEVEL_ADB,
97 };
98 #endif
99
100 static int adb_scan_bus(void);
101 static int do_adb_reset_bus(void);
102 static void adbdev_init(void);
103 static int try_handler_change(int, int);
104
105 static struct adb_handler {
106         void (*handler)(unsigned char *, int, int);
107         int original_address;
108         int handler_id;
109         int busy;
110 } adb_handler[16];
111
112 /*
113  * The adb_handler_sem mutex protects all accesses to the original_address
114  * and handler_id fields of adb_handler[i] for all i, and changes to the
115  * handler field.
116  * Accesses to the handler field are protected by the adb_handler_lock
117  * rwlock.  It is held across all calls to any handler, so that by the
118  * time adb_unregister returns, we know that the old handler isn't being
119  * called.
120  */
121 static DECLARE_MUTEX(adb_handler_sem);
122 static DEFINE_RWLOCK(adb_handler_lock);
123
124 #if 0
125 static void printADBreply(struct adb_request *req)
126 {
127         int i;
128
129         printk("adb reply (%d)", req->reply_len);
130         for(i = 0; i < req->reply_len; i++)
131                 printk(" %x", req->reply[i]);
132         printk("\n");
133
134 }
135 #endif
136
137
138 static __inline__ void adb_wait_ms(unsigned int ms)
139 {
140         if (current->pid && adb_probe_task_pid &&
141           adb_probe_task_pid == current->pid)
142                 msleep(ms);
143         else
144                 mdelay(ms);
145 }
146
147 static int adb_scan_bus(void)
148 {
149         int i, highFree=0, noMovement;
150         int devmask = 0;
151         struct adb_request req;
152         
153         /* assumes adb_handler[] is all zeroes at this point */
154         for (i = 1; i < 16; i++) {
155                 /* see if there is anything at address i */
156                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
157                             (i << 4) | 0xf);
158                 if (req.reply_len > 1)
159                         /* one or more devices at this address */
160                         adb_handler[i].original_address = i;
161                 else if (i > highFree)
162                         highFree = i;
163         }
164
165         /* Note we reset noMovement to 0 each time we move a device */
166         for (noMovement = 1; noMovement < 2 && highFree > 0; noMovement++) {
167                 for (i = 1; i < 16; i++) {
168                         if (adb_handler[i].original_address == 0)
169                                 continue;
170                         /*
171                          * Send a "talk register 3" command to address i
172                          * to provoke a collision if there is more than
173                          * one device at this address.
174                          */
175                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
176                                     (i << 4) | 0xf);
177                         /*
178                          * Move the device(s) which didn't detect a
179                          * collision to address `highFree'.  Hopefully
180                          * this only moves one device.
181                          */
182                         adb_request(&req, NULL, ADBREQ_SYNC, 3,
183                                     (i<< 4) | 0xb, (highFree | 0x60), 0xfe);
184                         /*
185                          * See if anybody actually moved. This is suggested
186                          * by HW TechNote 01:
187                          *
188                          * http://developer.apple.com/technotes/hw/hw_01.html
189                          */
190                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
191                                     (highFree << 4) | 0xf);
192                         if (req.reply_len <= 1) continue;
193                         /*
194                          * Test whether there are any device(s) left
195                          * at address i.
196                          */
197                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
198                                     (i << 4) | 0xf);
199                         if (req.reply_len > 1) {
200                                 /*
201                                  * There are still one or more devices
202                                  * left at address i.  Register the one(s)
203                                  * we moved to `highFree', and find a new
204                                  * value for highFree.
205                                  */
206                                 adb_handler[highFree].original_address =
207                                         adb_handler[i].original_address;
208                                 while (highFree > 0 &&
209                                        adb_handler[highFree].original_address)
210                                         highFree--;
211                                 if (highFree <= 0)
212                                         break;
213
214                                 noMovement = 0;
215                         }
216                         else {
217                                 /*
218                                  * No devices left at address i; move the
219                                  * one(s) we moved to `highFree' back to i.
220                                  */
221                                 adb_request(&req, NULL, ADBREQ_SYNC, 3,
222                                             (highFree << 4) | 0xb,
223                                             (i | 0x60), 0xfe);
224                         }
225                 }       
226         }
227
228         /* Now fill in the handler_id field of the adb_handler entries. */
229         printk(KERN_DEBUG "adb devices:");
230         for (i = 1; i < 16; i++) {
231                 if (adb_handler[i].original_address == 0)
232                         continue;
233                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
234                             (i << 4) | 0xf);
235                 adb_handler[i].handler_id = req.reply[2];
236                 printk(" [%d]: %d %x", i, adb_handler[i].original_address,
237                        adb_handler[i].handler_id);
238                 devmask |= 1 << i;
239         }
240         printk("\n");
241         return devmask;
242 }
243
244 /*
245  * This kernel task handles ADB probing. It dies once probing is
246  * completed.
247  */
248 static int
249 adb_probe_task(void *x)
250 {
251         sigset_t blocked;
252
253         strcpy(current->comm, "kadbprobe");
254
255         sigfillset(&blocked);
256         sigprocmask(SIG_BLOCK, &blocked, NULL);
257         flush_signals(current);
258
259         printk(KERN_INFO "adb: starting probe task...\n");
260         do_adb_reset_bus();
261         printk(KERN_INFO "adb: finished probe task...\n");
262         
263         adb_probe_task_pid = 0;
264         up(&adb_probe_mutex);
265         
266         return 0;
267 }
268
269 static void
270 __adb_probe_task(struct work_struct *bullshit)
271 {
272         adb_probe_task_pid = kernel_thread(adb_probe_task, NULL, SIGCHLD | CLONE_KERNEL);
273 }
274
275 static DECLARE_WORK(adb_reset_work, __adb_probe_task);
276
277 int
278 adb_reset_bus(void)
279 {
280         if (__adb_probe_sync) {
281                 do_adb_reset_bus();
282                 return 0;
283         }
284
285         down(&adb_probe_mutex);
286         schedule_work(&adb_reset_work);
287         return 0;
288 }
289
290 int __init adb_init(void)
291 {
292         struct adb_driver *driver;
293         int i;
294
295 #ifdef CONFIG_PPC32
296         if (!machine_is(chrp) && !machine_is(powermac))
297                 return 0;
298 #endif
299 #ifdef CONFIG_MAC
300         if (!MACH_IS_MAC)
301                 return 0;
302 #endif
303
304         /* xmon may do early-init */
305         if (adb_inited)
306                 return 0;
307         adb_inited = 1;
308                 
309         adb_controller = NULL;
310
311         i = 0;
312         while ((driver = adb_driver_list[i++]) != NULL) {
313                 if (!driver->probe()) {
314                         adb_controller = driver;
315                         break;
316                 }
317         }
318         if ((adb_controller == NULL) || adb_controller->init()) {
319                 printk(KERN_WARNING "Warning: no ADB interface detected\n");
320                 adb_controller = NULL;
321         } else {
322 #ifdef CONFIG_PM
323                 pmu_register_sleep_notifier(&adb_sleep_notifier);
324 #endif /* CONFIG_PM */
325 #ifdef CONFIG_PPC
326                 if (machine_is_compatible("AAPL,PowerBook1998") ||
327                         machine_is_compatible("PowerBook1,1"))
328                         sleepy_trackpad = 1;
329 #endif /* CONFIG_PPC */
330                 init_completion(&adb_probe_task_comp);
331                 adbdev_init();
332                 adb_reset_bus();
333         }
334         return 0;
335 }
336
337 __initcall(adb_init);
338
339 #ifdef CONFIG_PM
340 /*
341  * notify clients before sleep and reset bus afterwards
342  */
343 void
344 adb_notify_sleep(struct pmu_sleep_notifier *self, int when)
345 {
346         switch (when) {
347         case PBOOK_SLEEP_REQUEST:
348                 adb_got_sleep = 1;
349                 /* We need to get a lock on the probe thread */
350                 down(&adb_probe_mutex);
351                 /* Stop autopoll */
352                 if (adb_controller->autopoll)
353                         adb_controller->autopoll(0);
354                 blocking_notifier_call_chain(&adb_client_list,
355                         ADB_MSG_POWERDOWN, NULL);
356                 break;
357         case PBOOK_WAKE:
358                 adb_got_sleep = 0;
359                 up(&adb_probe_mutex);
360                 adb_reset_bus();
361                 break;
362         }
363 }
364 #endif /* CONFIG_PM */
365
366 static int
367 do_adb_reset_bus(void)
368 {
369         int ret;
370         
371         if (adb_controller == NULL)
372                 return -ENXIO;
373                 
374         if (adb_controller->autopoll)
375                 adb_controller->autopoll(0);
376
377         blocking_notifier_call_chain(&adb_client_list,
378                 ADB_MSG_PRE_RESET, NULL);
379
380         if (sleepy_trackpad) {
381                 /* Let the trackpad settle down */
382                 adb_wait_ms(500);
383         }
384
385         down(&adb_handler_sem);
386         write_lock_irq(&adb_handler_lock);
387         memset(adb_handler, 0, sizeof(adb_handler));
388         write_unlock_irq(&adb_handler_lock);
389
390         /* That one is still a bit synchronous, oh well... */
391         if (adb_controller->reset_bus)
392                 ret = adb_controller->reset_bus();
393         else
394                 ret = 0;
395
396         if (sleepy_trackpad) {
397                 /* Let the trackpad settle down */
398                 adb_wait_ms(1500);
399         }
400
401         if (!ret) {
402                 autopoll_devs = adb_scan_bus();
403                 if (adb_controller->autopoll)
404                         adb_controller->autopoll(autopoll_devs);
405         }
406         up(&adb_handler_sem);
407
408         blocking_notifier_call_chain(&adb_client_list,
409                 ADB_MSG_POST_RESET, NULL);
410         
411         return ret;
412 }
413
414 void
415 adb_poll(void)
416 {
417         if ((adb_controller == NULL)||(adb_controller->poll == NULL))
418                 return;
419         adb_controller->poll();
420 }
421
422 static void
423 adb_probe_wakeup(struct adb_request *req)
424 {
425         complete(&adb_probe_task_comp);
426 }
427
428 /* Static request used during probe */
429 static struct adb_request adb_sreq;
430 static unsigned long adb_sreq_lock; // Use semaphore ! */ 
431
432 int
433 adb_request(struct adb_request *req, void (*done)(struct adb_request *),
434             int flags, int nbytes, ...)
435 {
436         va_list list;
437         int i, use_sreq;
438         int rc;
439
440         if ((adb_controller == NULL) || (adb_controller->send_request == NULL))
441                 return -ENXIO;
442         if (nbytes < 1)
443                 return -EINVAL;
444         if (req == NULL && (flags & ADBREQ_NOSEND))
445                 return -EINVAL;
446         
447         if (req == NULL) {
448                 if (test_and_set_bit(0,&adb_sreq_lock)) {
449                         printk("adb.c: Warning: contention on static request !\n");
450                         return -EPERM;
451                 }
452                 req = &adb_sreq;
453                 flags |= ADBREQ_SYNC;
454                 use_sreq = 1;
455         } else
456                 use_sreq = 0;
457         req->nbytes = nbytes+1;
458         req->done = done;
459         req->reply_expected = flags & ADBREQ_REPLY;
460         req->data[0] = ADB_PACKET;
461         va_start(list, nbytes);
462         for (i = 0; i < nbytes; ++i)
463                 req->data[i+1] = va_arg(list, int);
464         va_end(list);
465
466         if (flags & ADBREQ_NOSEND)
467                 return 0;
468
469         /* Synchronous requests send from the probe thread cause it to
470          * block. Beware that the "done" callback will be overriden !
471          */
472         if ((flags & ADBREQ_SYNC) &&
473             (current->pid && adb_probe_task_pid &&
474             adb_probe_task_pid == current->pid)) {
475                 req->done = adb_probe_wakeup;
476                 rc = adb_controller->send_request(req, 0);
477                 if (rc || req->complete)
478                         goto bail;
479                 wait_for_completion(&adb_probe_task_comp);
480                 rc = 0;
481                 goto bail;
482         }
483
484         rc = adb_controller->send_request(req, flags & ADBREQ_SYNC);
485 bail:
486         if (use_sreq)
487                 clear_bit(0, &adb_sreq_lock);
488
489         return rc;
490 }
491
492  /* Ultimately this should return the number of devices with
493     the given default id.
494     And it does it now ! Note: changed behaviour: This function
495     will now register if default_id _and_ handler_id both match
496     but handler_id can be left to 0 to match with default_id only.
497     When handler_id is set, this function will try to adjust
498     the handler_id id it doesn't match. */
499 int
500 adb_register(int default_id, int handler_id, struct adb_ids *ids,
501              void (*handler)(unsigned char *, int, int))
502 {
503         int i;
504
505         down(&adb_handler_sem);
506         ids->nids = 0;
507         for (i = 1; i < 16; i++) {
508                 if ((adb_handler[i].original_address == default_id) &&
509                     (!handler_id || (handler_id == adb_handler[i].handler_id) || 
510                     try_handler_change(i, handler_id))) {
511                         if (adb_handler[i].handler != 0) {
512                                 printk(KERN_ERR
513                                        "Two handlers for ADB device %d\n",
514                                        default_id);
515                                 continue;
516                         }
517                         write_lock_irq(&adb_handler_lock);
518                         adb_handler[i].handler = handler;
519                         write_unlock_irq(&adb_handler_lock);
520                         ids->id[ids->nids++] = i;
521                 }
522         }
523         up(&adb_handler_sem);
524         return ids->nids;
525 }
526
527 int
528 adb_unregister(int index)
529 {
530         int ret = -ENODEV;
531
532         down(&adb_handler_sem);
533         write_lock_irq(&adb_handler_lock);
534         if (adb_handler[index].handler) {
535                 while(adb_handler[index].busy) {
536                         write_unlock_irq(&adb_handler_lock);
537                         yield();
538                         write_lock_irq(&adb_handler_lock);
539                 }
540                 ret = 0;
541                 adb_handler[index].handler = NULL;
542         }
543         write_unlock_irq(&adb_handler_lock);
544         up(&adb_handler_sem);
545         return ret;
546 }
547
548 void
549 adb_input(unsigned char *buf, int nb, int autopoll)
550 {
551         int i, id;
552         static int dump_adb_input = 0;
553         unsigned long flags;
554         
555         void (*handler)(unsigned char *, int, int);
556
557         /* We skip keystrokes and mouse moves when the sleep process
558          * has been started. We stop autopoll, but this is another security
559          */
560         if (adb_got_sleep)
561                 return;
562                 
563         id = buf[0] >> 4;
564         if (dump_adb_input) {
565                 printk(KERN_INFO "adb packet: ");
566                 for (i = 0; i < nb; ++i)
567                         printk(" %x", buf[i]);
568                 printk(", id = %d\n", id);
569         }
570         write_lock_irqsave(&adb_handler_lock, flags);
571         handler = adb_handler[id].handler;
572         if (handler != NULL)
573                 adb_handler[id].busy = 1;
574         write_unlock_irqrestore(&adb_handler_lock, flags);
575         if (handler != NULL) {
576                 (*handler)(buf, nb, autopoll);
577                 wmb();
578                 adb_handler[id].busy = 0;
579         }
580                 
581 }
582
583 /* Try to change handler to new_id. Will return 1 if successful. */
584 static int try_handler_change(int address, int new_id)
585 {
586         struct adb_request req;
587
588         if (adb_handler[address].handler_id == new_id)
589             return 1;
590         adb_request(&req, NULL, ADBREQ_SYNC, 3,
591             ADB_WRITEREG(address, 3), address | 0x20, new_id);
592         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
593             ADB_READREG(address, 3));
594         if (req.reply_len < 2)
595             return 0;
596         if (req.reply[2] != new_id)
597             return 0;
598         adb_handler[address].handler_id = req.reply[2];
599
600         return 1;
601 }
602
603 int
604 adb_try_handler_change(int address, int new_id)
605 {
606         int ret;
607
608         down(&adb_handler_sem);
609         ret = try_handler_change(address, new_id);
610         up(&adb_handler_sem);
611         return ret;
612 }
613
614 int
615 adb_get_infos(int address, int *original_address, int *handler_id)
616 {
617         down(&adb_handler_sem);
618         *original_address = adb_handler[address].original_address;
619         *handler_id = adb_handler[address].handler_id;
620         up(&adb_handler_sem);
621
622         return (*original_address != 0);
623 }
624
625
626 /*
627  * /dev/adb device driver.
628  */
629
630 #define ADB_MAJOR       56      /* major number for /dev/adb */
631
632 struct adbdev_state {
633         spinlock_t      lock;
634         atomic_t        n_pending;
635         struct adb_request *completed;
636         wait_queue_head_t wait_queue;
637         int             inuse;
638 };
639
640 static void adb_write_done(struct adb_request *req)
641 {
642         struct adbdev_state *state = (struct adbdev_state *) req->arg;
643         unsigned long flags;
644
645         if (!req->complete) {
646                 req->reply_len = 0;
647                 req->complete = 1;
648         }
649         spin_lock_irqsave(&state->lock, flags);
650         atomic_dec(&state->n_pending);
651         if (!state->inuse) {
652                 kfree(req);
653                 if (atomic_read(&state->n_pending) == 0) {
654                         spin_unlock_irqrestore(&state->lock, flags);
655                         kfree(state);
656                         return;
657                 }
658         } else {
659                 struct adb_request **ap = &state->completed;
660                 while (*ap != NULL)
661                         ap = &(*ap)->next;
662                 req->next = NULL;
663                 *ap = req;
664                 wake_up_interruptible(&state->wait_queue);
665         }
666         spin_unlock_irqrestore(&state->lock, flags);
667 }
668
669 static int
670 do_adb_query(struct adb_request *req)
671 {
672         int     ret = -EINVAL;
673
674         switch(req->data[1])
675         {
676         case ADB_QUERY_GETDEVINFO:
677                 if (req->nbytes < 3)
678                         break;
679                 down(&adb_handler_sem);
680                 req->reply[0] = adb_handler[req->data[2]].original_address;
681                 req->reply[1] = adb_handler[req->data[2]].handler_id;
682                 up(&adb_handler_sem);
683                 req->complete = 1;
684                 req->reply_len = 2;
685                 adb_write_done(req);
686                 ret = 0;
687                 break;
688         }
689         return ret;
690 }
691
692 static int adb_open(struct inode *inode, struct file *file)
693 {
694         struct adbdev_state *state;
695
696         if (iminor(inode) > 0 || adb_controller == NULL)
697                 return -ENXIO;
698         state = kmalloc(sizeof(struct adbdev_state), GFP_KERNEL);
699         if (state == 0)
700                 return -ENOMEM;
701         file->private_data = state;
702         spin_lock_init(&state->lock);
703         atomic_set(&state->n_pending, 0);
704         state->completed = NULL;
705         init_waitqueue_head(&state->wait_queue);
706         state->inuse = 1;
707
708         return 0;
709 }
710
711 static int adb_release(struct inode *inode, struct file *file)
712 {
713         struct adbdev_state *state = file->private_data;
714         unsigned long flags;
715
716         lock_kernel();
717         if (state) {
718                 file->private_data = NULL;
719                 spin_lock_irqsave(&state->lock, flags);
720                 if (atomic_read(&state->n_pending) == 0
721                     && state->completed == NULL) {
722                         spin_unlock_irqrestore(&state->lock, flags);
723                         kfree(state);
724                 } else {
725                         state->inuse = 0;
726                         spin_unlock_irqrestore(&state->lock, flags);
727                 }
728         }
729         unlock_kernel();
730         return 0;
731 }
732
733 static ssize_t adb_read(struct file *file, char __user *buf,
734                         size_t count, loff_t *ppos)
735 {
736         int ret = 0;
737         struct adbdev_state *state = file->private_data;
738         struct adb_request *req;
739         wait_queue_t wait = __WAITQUEUE_INITIALIZER(wait,current);
740         unsigned long flags;
741
742         if (count < 2)
743                 return -EINVAL;
744         if (count > sizeof(req->reply))
745                 count = sizeof(req->reply);
746         if (!access_ok(VERIFY_WRITE, buf, count))
747                 return -EFAULT;
748
749         req = NULL;
750         spin_lock_irqsave(&state->lock, flags);
751         add_wait_queue(&state->wait_queue, &wait);
752         current->state = TASK_INTERRUPTIBLE;
753
754         for (;;) {
755                 req = state->completed;
756                 if (req != NULL)
757                         state->completed = req->next;
758                 else if (atomic_read(&state->n_pending) == 0)
759                         ret = -EIO;
760                 if (req != NULL || ret != 0)
761                         break;
762                 
763                 if (file->f_flags & O_NONBLOCK) {
764                         ret = -EAGAIN;
765                         break;
766                 }
767                 if (signal_pending(current)) {
768                         ret = -ERESTARTSYS;
769                         break;
770                 }
771                 spin_unlock_irqrestore(&state->lock, flags);
772                 schedule();
773                 spin_lock_irqsave(&state->lock, flags);
774         }
775
776         current->state = TASK_RUNNING;
777         remove_wait_queue(&state->wait_queue, &wait);
778         spin_unlock_irqrestore(&state->lock, flags);
779         
780         if (ret)
781                 return ret;
782
783         ret = req->reply_len;
784         if (ret > count)
785                 ret = count;
786         if (ret > 0 && copy_to_user(buf, req->reply, ret))
787                 ret = -EFAULT;
788
789         kfree(req);
790         return ret;
791 }
792
793 static ssize_t adb_write(struct file *file, const char __user *buf,
794                          size_t count, loff_t *ppos)
795 {
796         int ret/*, i*/;
797         struct adbdev_state *state = file->private_data;
798         struct adb_request *req;
799
800         if (count < 2 || count > sizeof(req->data))
801                 return -EINVAL;
802         if (adb_controller == NULL)
803                 return -ENXIO;
804         if (!access_ok(VERIFY_READ, buf, count))
805                 return -EFAULT;
806
807         req = kmalloc(sizeof(struct adb_request),
808                                              GFP_KERNEL);
809         if (req == NULL)
810                 return -ENOMEM;
811
812         req->nbytes = count;
813         req->done = adb_write_done;
814         req->arg = (void *) state;
815         req->complete = 0;
816         
817         ret = -EFAULT;
818         if (copy_from_user(req->data, buf, count))
819                 goto out;
820
821         atomic_inc(&state->n_pending);
822
823         /* If a probe is in progress or we are sleeping, wait for it to complete */
824         down(&adb_probe_mutex);
825
826         /* Queries are special requests sent to the ADB driver itself */
827         if (req->data[0] == ADB_QUERY) {
828                 if (count > 1)
829                         ret = do_adb_query(req);
830                 else
831                         ret = -EINVAL;
832                 up(&adb_probe_mutex);
833         }
834         /* Special case for ADB_BUSRESET request, all others are sent to
835            the controller */
836         else if ((req->data[0] == ADB_PACKET)&&(count > 1)
837                 &&(req->data[1] == ADB_BUSRESET)) {
838                 ret = do_adb_reset_bus();
839                 up(&adb_probe_mutex);
840                 atomic_dec(&state->n_pending);
841                 if (ret == 0)
842                         ret = count;
843                 goto out;
844         } else {        
845                 req->reply_expected = ((req->data[1] & 0xc) == 0xc);
846                 if (adb_controller && adb_controller->send_request)
847                         ret = adb_controller->send_request(req, 0);
848                 else
849                         ret = -ENXIO;
850                 up(&adb_probe_mutex);
851         }
852
853         if (ret != 0) {
854                 atomic_dec(&state->n_pending);
855                 goto out;
856         }
857         return count;
858
859 out:
860         kfree(req);
861         return ret;
862 }
863
864 static const struct file_operations adb_fops = {
865         .owner          = THIS_MODULE,
866         .llseek         = no_llseek,
867         .read           = adb_read,
868         .write          = adb_write,
869         .open           = adb_open,
870         .release        = adb_release,
871 };
872
873 static void
874 adbdev_init(void)
875 {
876         if (register_chrdev(ADB_MAJOR, "adb", &adb_fops)) {
877                 printk(KERN_ERR "adb: unable to get major %d\n", ADB_MAJOR);
878                 return;
879         }
880
881         adb_dev_class = class_create(THIS_MODULE, "adb");
882         if (IS_ERR(adb_dev_class))
883                 return;
884         class_device_create(adb_dev_class, NULL, MKDEV(ADB_MAJOR, 0), NULL, "adb");
885 }