[TG3]: 5784 / 5764 DMA engine lockup fix
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/vmalloc.h>
40 #include <linux/cdev.h>
41 #include <asm/uaccess.h>
42 #include <asm/atomic.h>
43 #include <linux/compat.h>
44
45 #include "csr1212.h"
46 #include "highlevel.h"
47 #include "hosts.h"
48 #include "ieee1394.h"
49 #include "ieee1394_core.h"
50 #include "ieee1394_hotplug.h"
51 #include "ieee1394_transactions.h"
52 #include "ieee1394_types.h"
53 #include "iso.h"
54 #include "nodemgr.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...) do {} while (0)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 static struct pending_request *__alloc_pending_request(gfp_t flags)
102 {
103         struct pending_request *req;
104
105         req = kzalloc(sizeof(*req), flags);
106         if (req)
107                 INIT_LIST_HEAD(&req->list);
108
109         return req;
110 }
111
112 static inline struct pending_request *alloc_pending_request(void)
113 {
114         return __alloc_pending_request(GFP_KERNEL);
115 }
116
117 static void free_pending_request(struct pending_request *req)
118 {
119         if (req->ibs) {
120                 if (atomic_dec_and_test(&req->ibs->refcount)) {
121                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
122                         kfree(req->ibs);
123                 }
124         } else if (req->free_data) {
125                 kfree(req->data);
126         }
127         hpsb_free_packet(req->packet);
128         kfree(req);
129 }
130
131 /* fi->reqlists_lock must be taken */
132 static void __queue_complete_req(struct pending_request *req)
133 {
134         struct file_info *fi = req->file_info;
135
136         list_move_tail(&req->list, &fi->req_complete);
137         wake_up(&fi->wait_complete);
138 }
139
140 static void queue_complete_req(struct pending_request *req)
141 {
142         unsigned long flags;
143         struct file_info *fi = req->file_info;
144
145         spin_lock_irqsave(&fi->reqlists_lock, flags);
146         __queue_complete_req(req);
147         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
148 }
149
150 static void queue_complete_cb(struct pending_request *req)
151 {
152         struct hpsb_packet *packet = req->packet;
153         int rcode = (packet->header[1] >> 12) & 0xf;
154
155         switch (packet->ack_code) {
156         case ACKX_NONE:
157         case ACKX_SEND_ERROR:
158                 req->req.error = RAW1394_ERROR_SEND_ERROR;
159                 break;
160         case ACKX_ABORTED:
161                 req->req.error = RAW1394_ERROR_ABORTED;
162                 break;
163         case ACKX_TIMEOUT:
164                 req->req.error = RAW1394_ERROR_TIMEOUT;
165                 break;
166         default:
167                 req->req.error = (packet->ack_code << 16) | rcode;
168                 break;
169         }
170
171         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
172                 req->req.length = 0;
173         }
174
175         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
176             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
177             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
178             (req->req.type == RAW1394_REQ_LOCK) ||
179             (req->req.type == RAW1394_REQ_LOCK64))
180                 hpsb_free_tlabel(packet);
181
182         queue_complete_req(req);
183 }
184
185 static void add_host(struct hpsb_host *host)
186 {
187         struct host_info *hi;
188         unsigned long flags;
189
190         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
191
192         if (hi) {
193                 INIT_LIST_HEAD(&hi->list);
194                 hi->host = host;
195                 INIT_LIST_HEAD(&hi->file_info_list);
196
197                 spin_lock_irqsave(&host_info_lock, flags);
198                 list_add_tail(&hi->list, &host_info_list);
199                 host_count++;
200                 spin_unlock_irqrestore(&host_info_lock, flags);
201         }
202
203         atomic_inc(&internal_generation);
204 }
205
206 static struct host_info *find_host_info(struct hpsb_host *host)
207 {
208         struct host_info *hi;
209
210         list_for_each_entry(hi, &host_info_list, list)
211             if (hi->host == host)
212                 return hi;
213
214         return NULL;
215 }
216
217 static void remove_host(struct hpsb_host *host)
218 {
219         struct host_info *hi;
220         unsigned long flags;
221
222         spin_lock_irqsave(&host_info_lock, flags);
223         hi = find_host_info(host);
224
225         if (hi != NULL) {
226                 list_del(&hi->list);
227                 host_count--;
228                 /*
229                    FIXME: address ranges should be removed
230                    and fileinfo states should be initialized
231                    (including setting generation to
232                    internal-generation ...)
233                  */
234         }
235         spin_unlock_irqrestore(&host_info_lock, flags);
236
237         if (hi == NULL) {
238                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
239                        "0x%p\n", host);
240                 return;
241         }
242
243         kfree(hi);
244
245         atomic_inc(&internal_generation);
246 }
247
248 static void host_reset(struct hpsb_host *host)
249 {
250         unsigned long flags;
251         struct host_info *hi;
252         struct file_info *fi;
253         struct pending_request *req;
254
255         spin_lock_irqsave(&host_info_lock, flags);
256         hi = find_host_info(host);
257
258         if (hi != NULL) {
259                 list_for_each_entry(fi, &hi->file_info_list, list) {
260                         if (fi->notification == RAW1394_NOTIFY_ON) {
261                                 req = __alloc_pending_request(GFP_ATOMIC);
262
263                                 if (req != NULL) {
264                                         req->file_info = fi;
265                                         req->req.type = RAW1394_REQ_BUS_RESET;
266                                         req->req.generation =
267                                             get_hpsb_generation(host);
268                                         req->req.misc = (host->node_id << 16)
269                                             | host->node_count;
270                                         if (fi->protocol_version > 3) {
271                                                 req->req.misc |=
272                                                     (NODEID_TO_NODE
273                                                      (host->irm_id)
274                                                      << 8);
275                                         }
276
277                                         queue_complete_req(req);
278                                 }
279                         }
280                 }
281         }
282         spin_unlock_irqrestore(&host_info_lock, flags);
283 }
284
285 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
286                         int cts, u8 * data, size_t length)
287 {
288         unsigned long flags;
289         struct host_info *hi;
290         struct file_info *fi;
291         struct pending_request *req, *req_next;
292         struct iso_block_store *ibs = NULL;
293         LIST_HEAD(reqs);
294
295         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
296                 HPSB_INFO("dropped fcp request");
297                 return;
298         }
299
300         spin_lock_irqsave(&host_info_lock, flags);
301         hi = find_host_info(host);
302
303         if (hi != NULL) {
304                 list_for_each_entry(fi, &hi->file_info_list, list) {
305                         if (!fi->fcp_buffer)
306                                 continue;
307
308                         req = __alloc_pending_request(GFP_ATOMIC);
309                         if (!req)
310                                 break;
311
312                         if (!ibs) {
313                                 ibs = kmalloc(sizeof(*ibs) + length,
314                                               GFP_ATOMIC);
315                                 if (!ibs) {
316                                         kfree(req);
317                                         break;
318                                 }
319
320                                 atomic_add(length, &iso_buffer_size);
321                                 atomic_set(&ibs->refcount, 0);
322                                 ibs->data_size = length;
323                                 memcpy(ibs->data, data, length);
324                         }
325
326                         atomic_inc(&ibs->refcount);
327
328                         req->file_info = fi;
329                         req->ibs = ibs;
330                         req->data = ibs->data;
331                         req->req.type = RAW1394_REQ_FCP_REQUEST;
332                         req->req.generation = get_hpsb_generation(host);
333                         req->req.misc = nodeid | (direction << 16);
334                         req->req.recvb = ptr2int(fi->fcp_buffer);
335                         req->req.length = length;
336
337                         list_add_tail(&req->list, &reqs);
338                 }
339         }
340         spin_unlock_irqrestore(&host_info_lock, flags);
341
342         list_for_each_entry_safe(req, req_next, &reqs, list)
343             queue_complete_req(req);
344 }
345
346 #ifdef CONFIG_COMPAT
347 struct compat_raw1394_req {
348         __u32 type;
349         __s32 error;
350         __u32 misc;
351
352         __u32 generation;
353         __u32 length;
354
355         __u64 address;
356
357         __u64 tag;
358
359         __u64 sendb;
360         __u64 recvb;
361 }
362 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
363 __attribute__((packed))
364 #endif
365 ;
366
367 static const char __user *raw1394_compat_write(const char __user *buf)
368 {
369         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
370         struct raw1394_request __user *r;
371         r = compat_alloc_user_space(sizeof(struct raw1394_request));
372
373 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
374
375         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
376             C(address) ||
377             C(tag) ||
378             C(sendb) ||
379             C(recvb))
380                 return ERR_PTR(-EFAULT);
381         return (const char __user *)r;
382 }
383 #undef C
384
385 #define P(x) __put_user(r->x, &cr->x)
386
387 static int
388 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
389 {
390         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
391         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
392             P(type) ||
393             P(error) ||
394             P(misc) ||
395             P(generation) ||
396             P(length) ||
397             P(address) ||
398             P(tag) ||
399             P(sendb) ||
400             P(recvb))
401                 return -EFAULT;
402         return sizeof(struct compat_raw1394_req);
403 }
404 #undef P
405
406 #endif
407
408 /* get next completed request  (caller must hold fi->reqlists_lock) */
409 static inline struct pending_request *__next_complete_req(struct file_info *fi)
410 {
411         struct list_head *lh;
412         struct pending_request *req = NULL;
413
414         if (!list_empty(&fi->req_complete)) {
415                 lh = fi->req_complete.next;
416                 list_del(lh);
417                 req = list_entry(lh, struct pending_request, list);
418         }
419         return req;
420 }
421
422 /* atomically get next completed request */
423 static struct pending_request *next_complete_req(struct file_info *fi)
424 {
425         unsigned long flags;
426         struct pending_request *req;
427
428         spin_lock_irqsave(&fi->reqlists_lock, flags);
429         req = __next_complete_req(fi);
430         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
431         return req;
432 }
433
434 static ssize_t raw1394_read(struct file *file, char __user * buffer,
435                             size_t count, loff_t * offset_is_ignored)
436 {
437         struct file_info *fi = (struct file_info *)file->private_data;
438         struct pending_request *req;
439         ssize_t ret;
440
441 #ifdef CONFIG_COMPAT
442         if (count == sizeof(struct compat_raw1394_req)) {
443                 /* ok */
444         } else
445 #endif
446         if (count != sizeof(struct raw1394_request)) {
447                 return -EINVAL;
448         }
449
450         if (!access_ok(VERIFY_WRITE, buffer, count)) {
451                 return -EFAULT;
452         }
453
454         if (file->f_flags & O_NONBLOCK) {
455                 if (!(req = next_complete_req(fi)))
456                         return -EAGAIN;
457         } else {
458                 /*
459                  * NB: We call the macro wait_event_interruptible() with a
460                  * condition argument with side effect.  This is only possible
461                  * because the side effect does not occur until the condition
462                  * became true, and wait_event_interruptible() won't evaluate
463                  * the condition again after that.
464                  */
465                 if (wait_event_interruptible(fi->wait_complete,
466                                              (req = next_complete_req(fi))))
467                         return -ERESTARTSYS;
468         }
469
470         if (req->req.length) {
471                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
472                                  req->req.length)) {
473                         req->req.error = RAW1394_ERROR_MEMFAULT;
474                 }
475         }
476
477 #ifdef CONFIG_COMPAT
478         if (count == sizeof(struct compat_raw1394_req) &&
479             sizeof(struct compat_raw1394_req) !=
480                         sizeof(struct raw1394_request)) {
481                 ret = raw1394_compat_read(buffer, &req->req);
482         } else
483 #endif
484         {
485                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
486                         ret = -EFAULT;
487                         goto out;
488                 }
489                 ret = (ssize_t) sizeof(struct raw1394_request);
490         }
491       out:
492         free_pending_request(req);
493         return ret;
494 }
495
496 static int state_opened(struct file_info *fi, struct pending_request *req)
497 {
498         if (req->req.type == RAW1394_REQ_INITIALIZE) {
499                 switch (req->req.misc) {
500                 case RAW1394_KERNELAPI_VERSION:
501                 case 3:
502                         fi->state = initialized;
503                         fi->protocol_version = req->req.misc;
504                         req->req.error = RAW1394_ERROR_NONE;
505                         req->req.generation = atomic_read(&internal_generation);
506                         break;
507
508                 default:
509                         req->req.error = RAW1394_ERROR_COMPAT;
510                         req->req.misc = RAW1394_KERNELAPI_VERSION;
511                 }
512         } else {
513                 req->req.error = RAW1394_ERROR_STATE_ORDER;
514         }
515
516         req->req.length = 0;
517         queue_complete_req(req);
518         return 0;
519 }
520
521 static int state_initialized(struct file_info *fi, struct pending_request *req)
522 {
523         unsigned long flags;
524         struct host_info *hi;
525         struct raw1394_khost_list *khl;
526
527         if (req->req.generation != atomic_read(&internal_generation)) {
528                 req->req.error = RAW1394_ERROR_GENERATION;
529                 req->req.generation = atomic_read(&internal_generation);
530                 req->req.length = 0;
531                 queue_complete_req(req);
532                 return 0;
533         }
534
535         switch (req->req.type) {
536         case RAW1394_REQ_LIST_CARDS:
537                 spin_lock_irqsave(&host_info_lock, flags);
538                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
539
540                 if (khl) {
541                         req->req.misc = host_count;
542                         req->data = (quadlet_t *) khl;
543
544                         list_for_each_entry(hi, &host_info_list, list) {
545                                 khl->nodes = hi->host->node_count;
546                                 strcpy(khl->name, hi->host->driver->name);
547                                 khl++;
548                         }
549                 }
550                 spin_unlock_irqrestore(&host_info_lock, flags);
551
552                 if (khl) {
553                         req->req.error = RAW1394_ERROR_NONE;
554                         req->req.length = min(req->req.length,
555                                               (u32) (sizeof
556                                                      (struct raw1394_khost_list)
557                                                      * req->req.misc));
558                         req->free_data = 1;
559                 } else {
560                         return -ENOMEM;
561                 }
562                 break;
563
564         case RAW1394_REQ_SET_CARD:
565                 spin_lock_irqsave(&host_info_lock, flags);
566                 if (req->req.misc >= host_count) {
567                         req->req.error = RAW1394_ERROR_INVALID_ARG;
568                         goto out_set_card;
569                 }
570                 list_for_each_entry(hi, &host_info_list, list)
571                         if (!req->req.misc--)
572                                 break;
573                 get_device(&hi->host->device); /* FIXME handle failure case */
574                 list_add_tail(&fi->list, &hi->file_info_list);
575
576                 /* prevent unloading of the host's low-level driver */
577                 if (!try_module_get(hi->host->driver->owner)) {
578                         req->req.error = RAW1394_ERROR_ABORTED;
579                         goto out_set_card;
580                 }
581                 WARN_ON(fi->host);
582                 fi->host = hi->host;
583                 fi->state = connected;
584
585                 req->req.error = RAW1394_ERROR_NONE;
586                 req->req.generation = get_hpsb_generation(fi->host);
587                 req->req.misc = (fi->host->node_id << 16)
588                                 | fi->host->node_count;
589                 if (fi->protocol_version > 3)
590                         req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
591 out_set_card:
592                 spin_unlock_irqrestore(&host_info_lock, flags);
593
594                 req->req.length = 0;
595                 break;
596
597         default:
598                 req->req.error = RAW1394_ERROR_STATE_ORDER;
599                 req->req.length = 0;
600                 break;
601         }
602
603         queue_complete_req(req);
604         return 0;
605 }
606
607 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
608 {
609         if (req->req.misc) {
610                 if (fi->fcp_buffer) {
611                         req->req.error = RAW1394_ERROR_ALREADY;
612                 } else {
613                         fi->fcp_buffer = int2ptr(req->req.recvb);
614                 }
615         } else {
616                 if (!fi->fcp_buffer) {
617                         req->req.error = RAW1394_ERROR_ALREADY;
618                 } else {
619                         fi->fcp_buffer = NULL;
620                 }
621         }
622
623         req->req.length = 0;
624         queue_complete_req(req);
625 }
626
627 static int handle_async_request(struct file_info *fi,
628                                 struct pending_request *req, int node)
629 {
630         unsigned long flags;
631         struct hpsb_packet *packet = NULL;
632         u64 addr = req->req.address & 0xffffffffffffULL;
633
634         switch (req->req.type) {
635         case RAW1394_REQ_ASYNC_READ:
636                 DBGMSG("read_request called");
637                 packet =
638                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
639
640                 if (!packet)
641                         return -ENOMEM;
642
643                 if (req->req.length == 4)
644                         req->data = &packet->header[3];
645                 else
646                         req->data = packet->data;
647
648                 break;
649
650         case RAW1394_REQ_ASYNC_WRITE:
651                 DBGMSG("write_request called");
652
653                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
654                                                req->req.length);
655                 if (!packet)
656                         return -ENOMEM;
657
658                 if (req->req.length == 4) {
659                         if (copy_from_user
660                             (&packet->header[3], int2ptr(req->req.sendb),
661                              req->req.length))
662                                 req->req.error = RAW1394_ERROR_MEMFAULT;
663                 } else {
664                         if (copy_from_user
665                             (packet->data, int2ptr(req->req.sendb),
666                              req->req.length))
667                                 req->req.error = RAW1394_ERROR_MEMFAULT;
668                 }
669
670                 req->req.length = 0;
671                 break;
672
673         case RAW1394_REQ_ASYNC_STREAM:
674                 DBGMSG("stream_request called");
675
676                 packet =
677                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
678                                            node & 0x3f /*channel */ ,
679                                            (req->req.misc >> 16) & 0x3,
680                                            req->req.misc & 0xf);
681                 if (!packet)
682                         return -ENOMEM;
683
684                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
685                                    req->req.length))
686                         req->req.error = RAW1394_ERROR_MEMFAULT;
687
688                 req->req.length = 0;
689                 break;
690
691         case RAW1394_REQ_LOCK:
692                 DBGMSG("lock_request called");
693                 if ((req->req.misc == EXTCODE_FETCH_ADD)
694                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
695                         if (req->req.length != 4) {
696                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
697                                 break;
698                         }
699                 } else {
700                         if (req->req.length != 8) {
701                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
702                                 break;
703                         }
704                 }
705
706                 packet = hpsb_make_lockpacket(fi->host, node, addr,
707                                               req->req.misc, NULL, 0);
708                 if (!packet)
709                         return -ENOMEM;
710
711                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
712                                    req->req.length)) {
713                         req->req.error = RAW1394_ERROR_MEMFAULT;
714                         break;
715                 }
716
717                 req->data = packet->data;
718                 req->req.length = 4;
719                 break;
720
721         case RAW1394_REQ_LOCK64:
722                 DBGMSG("lock64_request called");
723                 if ((req->req.misc == EXTCODE_FETCH_ADD)
724                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
725                         if (req->req.length != 8) {
726                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
727                                 break;
728                         }
729                 } else {
730                         if (req->req.length != 16) {
731                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
732                                 break;
733                         }
734                 }
735                 packet = hpsb_make_lock64packet(fi->host, node, addr,
736                                                 req->req.misc, NULL, 0);
737                 if (!packet)
738                         return -ENOMEM;
739
740                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
741                                    req->req.length)) {
742                         req->req.error = RAW1394_ERROR_MEMFAULT;
743                         break;
744                 }
745
746                 req->data = packet->data;
747                 req->req.length = 8;
748                 break;
749
750         default:
751                 req->req.error = RAW1394_ERROR_STATE_ORDER;
752         }
753
754         req->packet = packet;
755
756         if (req->req.error) {
757                 req->req.length = 0;
758                 queue_complete_req(req);
759                 return 0;
760         }
761
762         hpsb_set_packet_complete_task(packet,
763                                       (void (*)(void *))queue_complete_cb, req);
764
765         spin_lock_irqsave(&fi->reqlists_lock, flags);
766         list_add_tail(&req->list, &fi->req_pending);
767         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
768
769         packet->generation = req->req.generation;
770
771         if (hpsb_send_packet(packet) < 0) {
772                 req->req.error = RAW1394_ERROR_SEND_ERROR;
773                 req->req.length = 0;
774                 hpsb_free_tlabel(packet);
775                 queue_complete_req(req);
776         }
777         return 0;
778 }
779
780 static int handle_async_send(struct file_info *fi, struct pending_request *req)
781 {
782         unsigned long flags;
783         struct hpsb_packet *packet;
784         int header_length = req->req.misc & 0xffff;
785         int expect_response = req->req.misc >> 16;
786         size_t data_size;
787
788         if (header_length > req->req.length || header_length < 12 ||
789             header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
790                 req->req.error = RAW1394_ERROR_INVALID_ARG;
791                 req->req.length = 0;
792                 queue_complete_req(req);
793                 return 0;
794         }
795
796         data_size = req->req.length - header_length;
797         packet = hpsb_alloc_packet(data_size);
798         req->packet = packet;
799         if (!packet)
800                 return -ENOMEM;
801
802         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
803                            header_length)) {
804                 req->req.error = RAW1394_ERROR_MEMFAULT;
805                 req->req.length = 0;
806                 queue_complete_req(req);
807                 return 0;
808         }
809
810         if (copy_from_user
811             (packet->data, int2ptr(req->req.sendb) + header_length,
812              data_size)) {
813                 req->req.error = RAW1394_ERROR_MEMFAULT;
814                 req->req.length = 0;
815                 queue_complete_req(req);
816                 return 0;
817         }
818
819         packet->type = hpsb_async;
820         packet->node_id = packet->header[0] >> 16;
821         packet->tcode = (packet->header[0] >> 4) & 0xf;
822         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
823         packet->host = fi->host;
824         packet->expect_response = expect_response;
825         packet->header_size = header_length;
826         packet->data_size = data_size;
827
828         req->req.length = 0;
829         hpsb_set_packet_complete_task(packet,
830                                       (void (*)(void *))queue_complete_cb, req);
831
832         spin_lock_irqsave(&fi->reqlists_lock, flags);
833         list_add_tail(&req->list, &fi->req_pending);
834         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
835
836         /* Update the generation of the packet just before sending. */
837         packet->generation = req->req.generation;
838
839         if (hpsb_send_packet(packet) < 0) {
840                 req->req.error = RAW1394_ERROR_SEND_ERROR;
841                 queue_complete_req(req);
842         }
843
844         return 0;
845 }
846
847 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
848                     u64 addr, size_t length, u16 flags)
849 {
850         unsigned long irqflags;
851         struct pending_request *req;
852         struct host_info *hi;
853         struct file_info *fi = NULL;
854         struct list_head *entry;
855         struct arm_addr *arm_addr = NULL;
856         struct arm_request *arm_req = NULL;
857         struct arm_response *arm_resp = NULL;
858         int found = 0, size = 0, rcode = -1;
859         struct arm_request_response *arm_req_resp = NULL;
860
861         DBGMSG("arm_read  called by node: %X"
862                "addr: %4.4x %8.8x length: %Zu", nodeid,
863                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
864                length);
865         spin_lock_irqsave(&host_info_lock, irqflags);
866         hi = find_host_info(host);      /* search address-entry */
867         if (hi != NULL) {
868                 list_for_each_entry(fi, &hi->file_info_list, list) {
869                         entry = fi->addr_list.next;
870                         while (entry != &(fi->addr_list)) {
871                                 arm_addr =
872                                     list_entry(entry, struct arm_addr,
873                                                addr_list);
874                                 if (((arm_addr->start) <= (addr))
875                                     && ((arm_addr->end) >= (addr + length))) {
876                                         found = 1;
877                                         break;
878                                 }
879                                 entry = entry->next;
880                         }
881                         if (found) {
882                                 break;
883                         }
884                 }
885         }
886         rcode = -1;
887         if (!found) {
888                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
889                        " -> rcode_address_error\n");
890                 spin_unlock_irqrestore(&host_info_lock, irqflags);
891                 return (RCODE_ADDRESS_ERROR);
892         } else {
893                 DBGMSG("arm_read addr_entry FOUND");
894         }
895         if (arm_addr->rec_length < length) {
896                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
897                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
898         }
899         if (rcode == -1) {
900                 if (arm_addr->access_rights & ARM_READ) {
901                         if (!(arm_addr->client_transactions & ARM_READ)) {
902                                 memcpy(buffer,
903                                        (arm_addr->addr_space_buffer) + (addr -
904                                                                         (arm_addr->
905                                                                          start)),
906                                        length);
907                                 DBGMSG("arm_read -> (rcode_complete)");
908                                 rcode = RCODE_COMPLETE;
909                         }
910                 } else {
911                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
912                         DBGMSG("arm_read -> rcode_type_error (access denied)");
913                 }
914         }
915         if (arm_addr->notification_options & ARM_READ) {
916                 DBGMSG("arm_read -> entering notification-section");
917                 req = __alloc_pending_request(GFP_ATOMIC);
918                 if (!req) {
919                         DBGMSG("arm_read -> rcode_conflict_error");
920                         spin_unlock_irqrestore(&host_info_lock, irqflags);
921                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
922                                                            The request may be retried */
923                 }
924                 if (rcode == RCODE_COMPLETE) {
925                         size =
926                             sizeof(struct arm_request) +
927                             sizeof(struct arm_response) +
928                             length * sizeof(byte_t) +
929                             sizeof(struct arm_request_response);
930                 } else {
931                         size =
932                             sizeof(struct arm_request) +
933                             sizeof(struct arm_response) +
934                             sizeof(struct arm_request_response);
935                 }
936                 req->data = kmalloc(size, GFP_ATOMIC);
937                 if (!(req->data)) {
938                         free_pending_request(req);
939                         DBGMSG("arm_read -> rcode_conflict_error");
940                         spin_unlock_irqrestore(&host_info_lock, irqflags);
941                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
942                                                            The request may be retried */
943                 }
944                 req->free_data = 1;
945                 req->file_info = fi;
946                 req->req.type = RAW1394_REQ_ARM;
947                 req->req.generation = get_hpsb_generation(host);
948                 req->req.misc =
949                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
950                 req->req.tag = arm_addr->arm_tag;
951                 req->req.recvb = arm_addr->recvb;
952                 req->req.length = size;
953                 arm_req_resp = (struct arm_request_response *)(req->data);
954                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
955                                                  (sizeof
956                                                   (struct
957                                                    arm_request_response)));
958                 arm_resp =
959                     (struct arm_response *)((byte_t *) (arm_req) +
960                                             (sizeof(struct arm_request)));
961                 arm_req->buffer = NULL;
962                 arm_resp->buffer = NULL;
963                 if (rcode == RCODE_COMPLETE) {
964                         byte_t *buf =
965                             (byte_t *) arm_resp + sizeof(struct arm_response);
966                         memcpy(buf,
967                                (arm_addr->addr_space_buffer) + (addr -
968                                                                 (arm_addr->
969                                                                  start)),
970                                length);
971                         arm_resp->buffer =
972                             int2ptr((arm_addr->recvb) +
973                                     sizeof(struct arm_request_response) +
974                                     sizeof(struct arm_request) +
975                                     sizeof(struct arm_response));
976                 }
977                 arm_resp->buffer_length =
978                     (rcode == RCODE_COMPLETE) ? length : 0;
979                 arm_resp->response_code = rcode;
980                 arm_req->buffer_length = 0;
981                 arm_req->generation = req->req.generation;
982                 arm_req->extended_transaction_code = 0;
983                 arm_req->destination_offset = addr;
984                 arm_req->source_nodeid = nodeid;
985                 arm_req->destination_nodeid = host->node_id;
986                 arm_req->tlabel = (flags >> 10) & 0x3f;
987                 arm_req->tcode = (flags >> 4) & 0x0f;
988                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
989                                                 sizeof(struct
990                                                        arm_request_response));
991                 arm_req_resp->response =
992                     int2ptr((arm_addr->recvb) +
993                             sizeof(struct arm_request_response) +
994                             sizeof(struct arm_request));
995                 queue_complete_req(req);
996         }
997         spin_unlock_irqrestore(&host_info_lock, irqflags);
998         return (rcode);
999 }
1000
1001 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1002                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1003 {
1004         unsigned long irqflags;
1005         struct pending_request *req;
1006         struct host_info *hi;
1007         struct file_info *fi = NULL;
1008         struct list_head *entry;
1009         struct arm_addr *arm_addr = NULL;
1010         struct arm_request *arm_req = NULL;
1011         struct arm_response *arm_resp = NULL;
1012         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1013         struct arm_request_response *arm_req_resp = NULL;
1014
1015         DBGMSG("arm_write called by node: %X"
1016                "addr: %4.4x %8.8x length: %Zu", nodeid,
1017                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1018                length);
1019         spin_lock_irqsave(&host_info_lock, irqflags);
1020         hi = find_host_info(host);      /* search address-entry */
1021         if (hi != NULL) {
1022                 list_for_each_entry(fi, &hi->file_info_list, list) {
1023                         entry = fi->addr_list.next;
1024                         while (entry != &(fi->addr_list)) {
1025                                 arm_addr =
1026                                     list_entry(entry, struct arm_addr,
1027                                                addr_list);
1028                                 if (((arm_addr->start) <= (addr))
1029                                     && ((arm_addr->end) >= (addr + length))) {
1030                                         found = 1;
1031                                         break;
1032                                 }
1033                                 entry = entry->next;
1034                         }
1035                         if (found) {
1036                                 break;
1037                         }
1038                 }
1039         }
1040         rcode = -1;
1041         if (!found) {
1042                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1043                        " -> rcode_address_error\n");
1044                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1045                 return (RCODE_ADDRESS_ERROR);
1046         } else {
1047                 DBGMSG("arm_write addr_entry FOUND");
1048         }
1049         if (arm_addr->rec_length < length) {
1050                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1051                 length_conflict = 1;
1052                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1053         }
1054         if (rcode == -1) {
1055                 if (arm_addr->access_rights & ARM_WRITE) {
1056                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1057                                 memcpy((arm_addr->addr_space_buffer) +
1058                                        (addr - (arm_addr->start)), data,
1059                                        length);
1060                                 DBGMSG("arm_write -> (rcode_complete)");
1061                                 rcode = RCODE_COMPLETE;
1062                         }
1063                 } else {
1064                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1065                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1066                 }
1067         }
1068         if (arm_addr->notification_options & ARM_WRITE) {
1069                 DBGMSG("arm_write -> entering notification-section");
1070                 req = __alloc_pending_request(GFP_ATOMIC);
1071                 if (!req) {
1072                         DBGMSG("arm_write -> rcode_conflict_error");
1073                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1074                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1075                                                            The request my be retried */
1076                 }
1077                 size =
1078                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1079                     (length) * sizeof(byte_t) +
1080                     sizeof(struct arm_request_response);
1081                 req->data = kmalloc(size, GFP_ATOMIC);
1082                 if (!(req->data)) {
1083                         free_pending_request(req);
1084                         DBGMSG("arm_write -> rcode_conflict_error");
1085                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1086                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1087                                                            The request may be retried */
1088                 }
1089                 req->free_data = 1;
1090                 req->file_info = fi;
1091                 req->req.type = RAW1394_REQ_ARM;
1092                 req->req.generation = get_hpsb_generation(host);
1093                 req->req.misc =
1094                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1095                 req->req.tag = arm_addr->arm_tag;
1096                 req->req.recvb = arm_addr->recvb;
1097                 req->req.length = size;
1098                 arm_req_resp = (struct arm_request_response *)(req->data);
1099                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1100                                                  (sizeof
1101                                                   (struct
1102                                                    arm_request_response)));
1103                 arm_resp =
1104                     (struct arm_response *)((byte_t *) (arm_req) +
1105                                             (sizeof(struct arm_request)));
1106                 arm_resp->buffer = NULL;
1107                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1108                        data, length);
1109                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1110                                           sizeof(struct arm_request_response) +
1111                                           sizeof(struct arm_request) +
1112                                           sizeof(struct arm_response));
1113                 arm_req->buffer_length = length;
1114                 arm_req->generation = req->req.generation;
1115                 arm_req->extended_transaction_code = 0;
1116                 arm_req->destination_offset = addr;
1117                 arm_req->source_nodeid = nodeid;
1118                 arm_req->destination_nodeid = destid;
1119                 arm_req->tlabel = (flags >> 10) & 0x3f;
1120                 arm_req->tcode = (flags >> 4) & 0x0f;
1121                 arm_resp->buffer_length = 0;
1122                 arm_resp->response_code = rcode;
1123                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1124                                                 sizeof(struct
1125                                                        arm_request_response));
1126                 arm_req_resp->response =
1127                     int2ptr((arm_addr->recvb) +
1128                             sizeof(struct arm_request_response) +
1129                             sizeof(struct arm_request));
1130                 queue_complete_req(req);
1131         }
1132         spin_unlock_irqrestore(&host_info_lock, irqflags);
1133         return (rcode);
1134 }
1135
1136 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1137                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1138                     u16 flags)
1139 {
1140         unsigned long irqflags;
1141         struct pending_request *req;
1142         struct host_info *hi;
1143         struct file_info *fi = NULL;
1144         struct list_head *entry;
1145         struct arm_addr *arm_addr = NULL;
1146         struct arm_request *arm_req = NULL;
1147         struct arm_response *arm_resp = NULL;
1148         int found = 0, size = 0, rcode = -1;
1149         quadlet_t old, new;
1150         struct arm_request_response *arm_req_resp = NULL;
1151
1152         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1153             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1154                 DBGMSG("arm_lock  called by node: %X "
1155                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1156                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1157                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1158                        be32_to_cpu(data));
1159         } else {
1160                 DBGMSG("arm_lock  called by node: %X "
1161                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1162                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1163                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1164                        be32_to_cpu(data), be32_to_cpu(arg));
1165         }
1166         spin_lock_irqsave(&host_info_lock, irqflags);
1167         hi = find_host_info(host);      /* search address-entry */
1168         if (hi != NULL) {
1169                 list_for_each_entry(fi, &hi->file_info_list, list) {
1170                         entry = fi->addr_list.next;
1171                         while (entry != &(fi->addr_list)) {
1172                                 arm_addr =
1173                                     list_entry(entry, struct arm_addr,
1174                                                addr_list);
1175                                 if (((arm_addr->start) <= (addr))
1176                                     && ((arm_addr->end) >=
1177                                         (addr + sizeof(*store)))) {
1178                                         found = 1;
1179                                         break;
1180                                 }
1181                                 entry = entry->next;
1182                         }
1183                         if (found) {
1184                                 break;
1185                         }
1186                 }
1187         }
1188         rcode = -1;
1189         if (!found) {
1190                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1191                        " -> rcode_address_error\n");
1192                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1193                 return (RCODE_ADDRESS_ERROR);
1194         } else {
1195                 DBGMSG("arm_lock addr_entry FOUND");
1196         }
1197         if (rcode == -1) {
1198                 if (arm_addr->access_rights & ARM_LOCK) {
1199                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1200                                 memcpy(&old,
1201                                        (arm_addr->addr_space_buffer) + (addr -
1202                                                                         (arm_addr->
1203                                                                          start)),
1204                                        sizeof(old));
1205                                 switch (ext_tcode) {
1206                                 case (EXTCODE_MASK_SWAP):
1207                                         new = data | (old & ~arg);
1208                                         break;
1209                                 case (EXTCODE_COMPARE_SWAP):
1210                                         if (old == arg) {
1211                                                 new = data;
1212                                         } else {
1213                                                 new = old;
1214                                         }
1215                                         break;
1216                                 case (EXTCODE_FETCH_ADD):
1217                                         new =
1218                                             cpu_to_be32(be32_to_cpu(data) +
1219                                                         be32_to_cpu(old));
1220                                         break;
1221                                 case (EXTCODE_LITTLE_ADD):
1222                                         new =
1223                                             cpu_to_le32(le32_to_cpu(data) +
1224                                                         le32_to_cpu(old));
1225                                         break;
1226                                 case (EXTCODE_BOUNDED_ADD):
1227                                         if (old != arg) {
1228                                                 new =
1229                                                     cpu_to_be32(be32_to_cpu
1230                                                                 (data) +
1231                                                                 be32_to_cpu
1232                                                                 (old));
1233                                         } else {
1234                                                 new = old;
1235                                         }
1236                                         break;
1237                                 case (EXTCODE_WRAP_ADD):
1238                                         if (old != arg) {
1239                                                 new =
1240                                                     cpu_to_be32(be32_to_cpu
1241                                                                 (data) +
1242                                                                 be32_to_cpu
1243                                                                 (old));
1244                                         } else {
1245                                                 new = data;
1246                                         }
1247                                         break;
1248                                 default:
1249                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1250                                         printk(KERN_ERR
1251                                                "raw1394: arm_lock FAILED "
1252                                                "ext_tcode not allowed -> rcode_type_error\n");
1253                                         break;
1254                                 }       /*switch */
1255                                 if (rcode == -1) {
1256                                         DBGMSG("arm_lock -> (rcode_complete)");
1257                                         rcode = RCODE_COMPLETE;
1258                                         memcpy(store, &old, sizeof(*store));
1259                                         memcpy((arm_addr->addr_space_buffer) +
1260                                                (addr - (arm_addr->start)),
1261                                                &new, sizeof(*store));
1262                                 }
1263                         }
1264                 } else {
1265                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1266                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1267                 }
1268         }
1269         if (arm_addr->notification_options & ARM_LOCK) {
1270                 byte_t *buf1, *buf2;
1271                 DBGMSG("arm_lock -> entering notification-section");
1272                 req = __alloc_pending_request(GFP_ATOMIC);
1273                 if (!req) {
1274                         DBGMSG("arm_lock -> rcode_conflict_error");
1275                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1276                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1277                                                            The request may be retried */
1278                 }
1279                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1280                 req->data = kmalloc(size, GFP_ATOMIC);
1281                 if (!(req->data)) {
1282                         free_pending_request(req);
1283                         DBGMSG("arm_lock -> rcode_conflict_error");
1284                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1285                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1286                                                            The request may be retried */
1287                 }
1288                 req->free_data = 1;
1289                 arm_req_resp = (struct arm_request_response *)(req->data);
1290                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1291                                                  (sizeof
1292                                                   (struct
1293                                                    arm_request_response)));
1294                 arm_resp =
1295                     (struct arm_response *)((byte_t *) (arm_req) +
1296                                             (sizeof(struct arm_request)));
1297                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1298                 buf2 = buf1 + 2 * sizeof(*store);
1299                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1300                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1301                         arm_req->buffer_length = sizeof(*store);
1302                         memcpy(buf1, &data, sizeof(*store));
1303
1304                 } else {
1305                         arm_req->buffer_length = 2 * sizeof(*store);
1306                         memcpy(buf1, &arg, sizeof(*store));
1307                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1308                 }
1309                 if (rcode == RCODE_COMPLETE) {
1310                         arm_resp->buffer_length = sizeof(*store);
1311                         memcpy(buf2, &old, sizeof(*store));
1312                 } else {
1313                         arm_resp->buffer_length = 0;
1314                 }
1315                 req->file_info = fi;
1316                 req->req.type = RAW1394_REQ_ARM;
1317                 req->req.generation = get_hpsb_generation(host);
1318                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1319                                  (ARM_LOCK & 0xFF));
1320                 req->req.tag = arm_addr->arm_tag;
1321                 req->req.recvb = arm_addr->recvb;
1322                 req->req.length = size;
1323                 arm_req->generation = req->req.generation;
1324                 arm_req->extended_transaction_code = ext_tcode;
1325                 arm_req->destination_offset = addr;
1326                 arm_req->source_nodeid = nodeid;
1327                 arm_req->destination_nodeid = host->node_id;
1328                 arm_req->tlabel = (flags >> 10) & 0x3f;
1329                 arm_req->tcode = (flags >> 4) & 0x0f;
1330                 arm_resp->response_code = rcode;
1331                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1332                                                 sizeof(struct
1333                                                        arm_request_response));
1334                 arm_req_resp->response =
1335                     int2ptr((arm_addr->recvb) +
1336                             sizeof(struct arm_request_response) +
1337                             sizeof(struct arm_request));
1338                 arm_req->buffer =
1339                     int2ptr((arm_addr->recvb) +
1340                             sizeof(struct arm_request_response) +
1341                             sizeof(struct arm_request) +
1342                             sizeof(struct arm_response));
1343                 arm_resp->buffer =
1344                     int2ptr((arm_addr->recvb) +
1345                             sizeof(struct arm_request_response) +
1346                             sizeof(struct arm_request) +
1347                             sizeof(struct arm_response) + 2 * sizeof(*store));
1348                 queue_complete_req(req);
1349         }
1350         spin_unlock_irqrestore(&host_info_lock, irqflags);
1351         return (rcode);
1352 }
1353
1354 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1355                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1356                       u16 flags)
1357 {
1358         unsigned long irqflags;
1359         struct pending_request *req;
1360         struct host_info *hi;
1361         struct file_info *fi = NULL;
1362         struct list_head *entry;
1363         struct arm_addr *arm_addr = NULL;
1364         struct arm_request *arm_req = NULL;
1365         struct arm_response *arm_resp = NULL;
1366         int found = 0, size = 0, rcode = -1;
1367         octlet_t old, new;
1368         struct arm_request_response *arm_req_resp = NULL;
1369
1370         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1371             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1372                 DBGMSG("arm_lock64 called by node: %X "
1373                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1374                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1375                        (u32) (addr & 0xFFFFFFFF),
1376                        ext_tcode & 0xFF,
1377                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1378                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1379         } else {
1380                 DBGMSG("arm_lock64 called by node: %X "
1381                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1382                        "%8.8X %8.8X ",
1383                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1384                        (u32) (addr & 0xFFFFFFFF),
1385                        ext_tcode & 0xFF,
1386                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1387                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1388                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1389                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1390         }
1391         spin_lock_irqsave(&host_info_lock, irqflags);
1392         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1393         if (hi != NULL) {
1394                 list_for_each_entry(fi, &hi->file_info_list, list) {
1395                         entry = fi->addr_list.next;
1396                         while (entry != &(fi->addr_list)) {
1397                                 arm_addr =
1398                                     list_entry(entry, struct arm_addr,
1399                                                addr_list);
1400                                 if (((arm_addr->start) <= (addr))
1401                                     && ((arm_addr->end) >=
1402                                         (addr + sizeof(*store)))) {
1403                                         found = 1;
1404                                         break;
1405                                 }
1406                                 entry = entry->next;
1407                         }
1408                         if (found) {
1409                                 break;
1410                         }
1411                 }
1412         }
1413         rcode = -1;
1414         if (!found) {
1415                 printk(KERN_ERR
1416                        "raw1394: arm_lock64 FAILED addr_entry not found"
1417                        " -> rcode_address_error\n");
1418                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1419                 return (RCODE_ADDRESS_ERROR);
1420         } else {
1421                 DBGMSG("arm_lock64 addr_entry FOUND");
1422         }
1423         if (rcode == -1) {
1424                 if (arm_addr->access_rights & ARM_LOCK) {
1425                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1426                                 memcpy(&old,
1427                                        (arm_addr->addr_space_buffer) + (addr -
1428                                                                         (arm_addr->
1429                                                                          start)),
1430                                        sizeof(old));
1431                                 switch (ext_tcode) {
1432                                 case (EXTCODE_MASK_SWAP):
1433                                         new = data | (old & ~arg);
1434                                         break;
1435                                 case (EXTCODE_COMPARE_SWAP):
1436                                         if (old == arg) {
1437                                                 new = data;
1438                                         } else {
1439                                                 new = old;
1440                                         }
1441                                         break;
1442                                 case (EXTCODE_FETCH_ADD):
1443                                         new =
1444                                             cpu_to_be64(be64_to_cpu(data) +
1445                                                         be64_to_cpu(old));
1446                                         break;
1447                                 case (EXTCODE_LITTLE_ADD):
1448                                         new =
1449                                             cpu_to_le64(le64_to_cpu(data) +
1450                                                         le64_to_cpu(old));
1451                                         break;
1452                                 case (EXTCODE_BOUNDED_ADD):
1453                                         if (old != arg) {
1454                                                 new =
1455                                                     cpu_to_be64(be64_to_cpu
1456                                                                 (data) +
1457                                                                 be64_to_cpu
1458                                                                 (old));
1459                                         } else {
1460                                                 new = old;
1461                                         }
1462                                         break;
1463                                 case (EXTCODE_WRAP_ADD):
1464                                         if (old != arg) {
1465                                                 new =
1466                                                     cpu_to_be64(be64_to_cpu
1467                                                                 (data) +
1468                                                                 be64_to_cpu
1469                                                                 (old));
1470                                         } else {
1471                                                 new = data;
1472                                         }
1473                                         break;
1474                                 default:
1475                                         printk(KERN_ERR
1476                                                "raw1394: arm_lock64 FAILED "
1477                                                "ext_tcode not allowed -> rcode_type_error\n");
1478                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1479                                         break;
1480                                 }       /*switch */
1481                                 if (rcode == -1) {
1482                                         DBGMSG
1483                                             ("arm_lock64 -> (rcode_complete)");
1484                                         rcode = RCODE_COMPLETE;
1485                                         memcpy(store, &old, sizeof(*store));
1486                                         memcpy((arm_addr->addr_space_buffer) +
1487                                                (addr - (arm_addr->start)),
1488                                                &new, sizeof(*store));
1489                                 }
1490                         }
1491                 } else {
1492                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1493                         DBGMSG
1494                             ("arm_lock64 -> rcode_type_error (access denied)");
1495                 }
1496         }
1497         if (arm_addr->notification_options & ARM_LOCK) {
1498                 byte_t *buf1, *buf2;
1499                 DBGMSG("arm_lock64 -> entering notification-section");
1500                 req = __alloc_pending_request(GFP_ATOMIC);
1501                 if (!req) {
1502                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1503                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1504                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1505                                                            The request may be retried */
1506                 }
1507                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1508                 req->data = kmalloc(size, GFP_ATOMIC);
1509                 if (!(req->data)) {
1510                         free_pending_request(req);
1511                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1512                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1513                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1514                                                            The request may be retried */
1515                 }
1516                 req->free_data = 1;
1517                 arm_req_resp = (struct arm_request_response *)(req->data);
1518                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1519                                                  (sizeof
1520                                                   (struct
1521                                                    arm_request_response)));
1522                 arm_resp =
1523                     (struct arm_response *)((byte_t *) (arm_req) +
1524                                             (sizeof(struct arm_request)));
1525                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1526                 buf2 = buf1 + 2 * sizeof(*store);
1527                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1528                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1529                         arm_req->buffer_length = sizeof(*store);
1530                         memcpy(buf1, &data, sizeof(*store));
1531
1532                 } else {
1533                         arm_req->buffer_length = 2 * sizeof(*store);
1534                         memcpy(buf1, &arg, sizeof(*store));
1535                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1536                 }
1537                 if (rcode == RCODE_COMPLETE) {
1538                         arm_resp->buffer_length = sizeof(*store);
1539                         memcpy(buf2, &old, sizeof(*store));
1540                 } else {
1541                         arm_resp->buffer_length = 0;
1542                 }
1543                 req->file_info = fi;
1544                 req->req.type = RAW1394_REQ_ARM;
1545                 req->req.generation = get_hpsb_generation(host);
1546                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1547                                  (ARM_LOCK & 0xFF));
1548                 req->req.tag = arm_addr->arm_tag;
1549                 req->req.recvb = arm_addr->recvb;
1550                 req->req.length = size;
1551                 arm_req->generation = req->req.generation;
1552                 arm_req->extended_transaction_code = ext_tcode;
1553                 arm_req->destination_offset = addr;
1554                 arm_req->source_nodeid = nodeid;
1555                 arm_req->destination_nodeid = host->node_id;
1556                 arm_req->tlabel = (flags >> 10) & 0x3f;
1557                 arm_req->tcode = (flags >> 4) & 0x0f;
1558                 arm_resp->response_code = rcode;
1559                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1560                                                 sizeof(struct
1561                                                        arm_request_response));
1562                 arm_req_resp->response =
1563                     int2ptr((arm_addr->recvb) +
1564                             sizeof(struct arm_request_response) +
1565                             sizeof(struct arm_request));
1566                 arm_req->buffer =
1567                     int2ptr((arm_addr->recvb) +
1568                             sizeof(struct arm_request_response) +
1569                             sizeof(struct arm_request) +
1570                             sizeof(struct arm_response));
1571                 arm_resp->buffer =
1572                     int2ptr((arm_addr->recvb) +
1573                             sizeof(struct arm_request_response) +
1574                             sizeof(struct arm_request) +
1575                             sizeof(struct arm_response) + 2 * sizeof(*store));
1576                 queue_complete_req(req);
1577         }
1578         spin_unlock_irqrestore(&host_info_lock, irqflags);
1579         return (rcode);
1580 }
1581
1582 static int arm_register(struct file_info *fi, struct pending_request *req)
1583 {
1584         int retval;
1585         struct arm_addr *addr;
1586         struct host_info *hi;
1587         struct file_info *fi_hlp = NULL;
1588         struct list_head *entry;
1589         struct arm_addr *arm_addr = NULL;
1590         int same_host, another_host;
1591         unsigned long flags;
1592
1593         DBGMSG("arm_register called "
1594                "addr(Offset): %8.8x %8.8x length: %u "
1595                "rights: %2.2X notify: %2.2X "
1596                "max_blk_len: %4.4X",
1597                (u32) ((req->req.address >> 32) & 0xFFFF),
1598                (u32) (req->req.address & 0xFFFFFFFF),
1599                req->req.length, ((req->req.misc >> 8) & 0xFF),
1600                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1601         /* check addressrange */
1602         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1603             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1604              0)) {
1605                 req->req.length = 0;
1606                 return (-EINVAL);
1607         }
1608         /* addr-list-entry for fileinfo */
1609         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1610         if (!addr) {
1611                 req->req.length = 0;
1612                 return (-ENOMEM);
1613         }
1614         /* allocation of addr_space_buffer */
1615         addr->addr_space_buffer = vmalloc(req->req.length);
1616         if (!(addr->addr_space_buffer)) {
1617                 kfree(addr);
1618                 req->req.length = 0;
1619                 return (-ENOMEM);
1620         }
1621         /* initialization of addr_space_buffer */
1622         if ((req->req.sendb) == (unsigned long)NULL) {
1623                 /* init: set 0 */
1624                 memset(addr->addr_space_buffer, 0, req->req.length);
1625         } else {
1626                 /* init: user -> kernel */
1627                 if (copy_from_user
1628                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1629                      req->req.length)) {
1630                         vfree(addr->addr_space_buffer);
1631                         kfree(addr);
1632                         return (-EFAULT);
1633                 }
1634         }
1635         INIT_LIST_HEAD(&addr->addr_list);
1636         addr->arm_tag = req->req.tag;
1637         addr->start = req->req.address;
1638         addr->end = req->req.address + req->req.length;
1639         addr->access_rights = (u8) (req->req.misc & 0x0F);
1640         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1641         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1642         addr->access_rights |= addr->client_transactions;
1643         addr->notification_options |= addr->client_transactions;
1644         addr->recvb = req->req.recvb;
1645         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1646
1647         spin_lock_irqsave(&host_info_lock, flags);
1648         hi = find_host_info(fi->host);
1649         same_host = 0;
1650         another_host = 0;
1651         /* same host with address-entry containing same addressrange ? */
1652         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1653                 entry = fi_hlp->addr_list.next;
1654                 while (entry != &(fi_hlp->addr_list)) {
1655                         arm_addr =
1656                             list_entry(entry, struct arm_addr, addr_list);
1657                         if ((arm_addr->start == addr->start)
1658                             && (arm_addr->end == addr->end)) {
1659                                 DBGMSG("same host ownes same "
1660                                        "addressrange -> EALREADY");
1661                                 same_host = 1;
1662                                 break;
1663                         }
1664                         entry = entry->next;
1665                 }
1666                 if (same_host) {
1667                         break;
1668                 }
1669         }
1670         if (same_host) {
1671                 /* addressrange occupied by same host */
1672                 spin_unlock_irqrestore(&host_info_lock, flags);
1673                 vfree(addr->addr_space_buffer);
1674                 kfree(addr);
1675                 return (-EALREADY);
1676         }
1677         /* another host with valid address-entry containing same addressrange */
1678         list_for_each_entry(hi, &host_info_list, list) {
1679                 if (hi->host != fi->host) {
1680                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1681                                 entry = fi_hlp->addr_list.next;
1682                                 while (entry != &(fi_hlp->addr_list)) {
1683                                         arm_addr =
1684                                             list_entry(entry, struct arm_addr,
1685                                                        addr_list);
1686                                         if ((arm_addr->start == addr->start)
1687                                             && (arm_addr->end == addr->end)) {
1688                                                 DBGMSG
1689                                                     ("another host ownes same "
1690                                                      "addressrange");
1691                                                 another_host = 1;
1692                                                 break;
1693                                         }
1694                                         entry = entry->next;
1695                                 }
1696                                 if (another_host) {
1697                                         break;
1698                                 }
1699                         }
1700                 }
1701         }
1702         spin_unlock_irqrestore(&host_info_lock, flags);
1703
1704         if (another_host) {
1705                 DBGMSG("another hosts entry is valid -> SUCCESS");
1706                 if (copy_to_user(int2ptr(req->req.recvb),
1707                                  &addr->start, sizeof(u64))) {
1708                         printk(KERN_ERR "raw1394: arm_register failed "
1709                                " address-range-entry is invalid -> EFAULT !!!\n");
1710                         vfree(addr->addr_space_buffer);
1711                         kfree(addr);
1712                         return (-EFAULT);
1713                 }
1714                 free_pending_request(req);      /* immediate success or fail */
1715                 /* INSERT ENTRY */
1716                 spin_lock_irqsave(&host_info_lock, flags);
1717                 list_add_tail(&addr->addr_list, &fi->addr_list);
1718                 spin_unlock_irqrestore(&host_info_lock, flags);
1719                 return 0;
1720         }
1721         retval =
1722             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1723                                     req->req.address,
1724                                     req->req.address + req->req.length);
1725         if (retval) {
1726                 /* INSERT ENTRY */
1727                 spin_lock_irqsave(&host_info_lock, flags);
1728                 list_add_tail(&addr->addr_list, &fi->addr_list);
1729                 spin_unlock_irqrestore(&host_info_lock, flags);
1730         } else {
1731                 DBGMSG("arm_register failed errno: %d \n", retval);
1732                 vfree(addr->addr_space_buffer);
1733                 kfree(addr);
1734                 return (-EALREADY);
1735         }
1736         free_pending_request(req);      /* immediate success or fail */
1737         return 0;
1738 }
1739
1740 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1741 {
1742         int found = 0;
1743         int retval = 0;
1744         struct list_head *entry;
1745         struct arm_addr *addr = NULL;
1746         struct host_info *hi;
1747         struct file_info *fi_hlp = NULL;
1748         struct arm_addr *arm_addr = NULL;
1749         int another_host;
1750         unsigned long flags;
1751
1752         DBGMSG("arm_Unregister called addr(Offset): "
1753                "%8.8x %8.8x",
1754                (u32) ((req->req.address >> 32) & 0xFFFF),
1755                (u32) (req->req.address & 0xFFFFFFFF));
1756         spin_lock_irqsave(&host_info_lock, flags);
1757         /* get addr */
1758         entry = fi->addr_list.next;
1759         while (entry != &(fi->addr_list)) {
1760                 addr = list_entry(entry, struct arm_addr, addr_list);
1761                 if (addr->start == req->req.address) {
1762                         found = 1;
1763                         break;
1764                 }
1765                 entry = entry->next;
1766         }
1767         if (!found) {
1768                 DBGMSG("arm_Unregister addr not found");
1769                 spin_unlock_irqrestore(&host_info_lock, flags);
1770                 return (-EINVAL);
1771         }
1772         DBGMSG("arm_Unregister addr found");
1773         another_host = 0;
1774         /* another host with valid address-entry containing
1775            same addressrange */
1776         list_for_each_entry(hi, &host_info_list, list) {
1777                 if (hi->host != fi->host) {
1778                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1779                                 entry = fi_hlp->addr_list.next;
1780                                 while (entry != &(fi_hlp->addr_list)) {
1781                                         arm_addr = list_entry(entry,
1782                                                               struct arm_addr,
1783                                                               addr_list);
1784                                         if (arm_addr->start == addr->start) {
1785                                                 DBGMSG("another host ownes "
1786                                                        "same addressrange");
1787                                                 another_host = 1;
1788                                                 break;
1789                                         }
1790                                         entry = entry->next;
1791                                 }
1792                                 if (another_host) {
1793                                         break;
1794                                 }
1795                         }
1796                 }
1797         }
1798         if (another_host) {
1799                 DBGMSG("delete entry from list -> success");
1800                 list_del(&addr->addr_list);
1801                 spin_unlock_irqrestore(&host_info_lock, flags);
1802                 vfree(addr->addr_space_buffer);
1803                 kfree(addr);
1804                 free_pending_request(req);      /* immediate success or fail */
1805                 return 0;
1806         }
1807         retval =
1808             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1809                                       addr->start);
1810         if (!retval) {
1811                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1812                 spin_unlock_irqrestore(&host_info_lock, flags);
1813                 return (-EINVAL);
1814         }
1815         DBGMSG("delete entry from list -> success");
1816         list_del(&addr->addr_list);
1817         spin_unlock_irqrestore(&host_info_lock, flags);
1818         vfree(addr->addr_space_buffer);
1819         kfree(addr);
1820         free_pending_request(req);      /* immediate success or fail */
1821         return 0;
1822 }
1823
1824 /* Copy data from ARM buffer(s) to user buffer. */
1825 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1826 {
1827         struct arm_addr *arm_addr = NULL;
1828         unsigned long flags;
1829         unsigned long offset;
1830
1831         struct list_head *entry;
1832
1833         DBGMSG("arm_get_buf "
1834                "addr(Offset): %04X %08X length: %u",
1835                (u32) ((req->req.address >> 32) & 0xFFFF),
1836                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1837
1838         spin_lock_irqsave(&host_info_lock, flags);
1839         entry = fi->addr_list.next;
1840         while (entry != &(fi->addr_list)) {
1841                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1842                 if ((arm_addr->start <= req->req.address) &&
1843                     (arm_addr->end > req->req.address)) {
1844                         if (req->req.address + req->req.length <= arm_addr->end) {
1845                                 offset = req->req.address - arm_addr->start;
1846                                 spin_unlock_irqrestore(&host_info_lock, flags);
1847
1848                                 DBGMSG
1849                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1850                                      (u32) req->req.recvb,
1851                                      arm_addr->addr_space_buffer + offset,
1852                                      (u32) req->req.length);
1853                                 if (copy_to_user
1854                                     (int2ptr(req->req.recvb),
1855                                      arm_addr->addr_space_buffer + offset,
1856                                      req->req.length))
1857                                         return (-EFAULT);
1858
1859                                 /* We have to free the request, because we
1860                                  * queue no response, and therefore nobody
1861                                  * will free it. */
1862                                 free_pending_request(req);
1863                                 return 0;
1864                         } else {
1865                                 DBGMSG("arm_get_buf request exceeded mapping");
1866                                 spin_unlock_irqrestore(&host_info_lock, flags);
1867                                 return (-EINVAL);
1868                         }
1869                 }
1870                 entry = entry->next;
1871         }
1872         spin_unlock_irqrestore(&host_info_lock, flags);
1873         return (-EINVAL);
1874 }
1875
1876 /* Copy data from user buffer to ARM buffer(s). */
1877 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1878 {
1879         struct arm_addr *arm_addr = NULL;
1880         unsigned long flags;
1881         unsigned long offset;
1882
1883         struct list_head *entry;
1884
1885         DBGMSG("arm_set_buf "
1886                "addr(Offset): %04X %08X length: %u",
1887                (u32) ((req->req.address >> 32) & 0xFFFF),
1888                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1889
1890         spin_lock_irqsave(&host_info_lock, flags);
1891         entry = fi->addr_list.next;
1892         while (entry != &(fi->addr_list)) {
1893                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1894                 if ((arm_addr->start <= req->req.address) &&
1895                     (arm_addr->end > req->req.address)) {
1896                         if (req->req.address + req->req.length <= arm_addr->end) {
1897                                 offset = req->req.address - arm_addr->start;
1898                                 spin_unlock_irqrestore(&host_info_lock, flags);
1899
1900                                 DBGMSG
1901                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
1902                                      arm_addr->addr_space_buffer + offset,
1903                                      (u32) req->req.sendb,
1904                                      (u32) req->req.length);
1905                                 if (copy_from_user
1906                                     (arm_addr->addr_space_buffer + offset,
1907                                      int2ptr(req->req.sendb),
1908                                      req->req.length))
1909                                         return (-EFAULT);
1910
1911                                 /* We have to free the request, because we
1912                                  * queue no response, and therefore nobody
1913                                  * will free it. */
1914                                 free_pending_request(req);
1915                                 return 0;
1916                         } else {
1917                                 DBGMSG("arm_set_buf request exceeded mapping");
1918                                 spin_unlock_irqrestore(&host_info_lock, flags);
1919                                 return (-EINVAL);
1920                         }
1921                 }
1922                 entry = entry->next;
1923         }
1924         spin_unlock_irqrestore(&host_info_lock, flags);
1925         return (-EINVAL);
1926 }
1927
1928 static int reset_notification(struct file_info *fi, struct pending_request *req)
1929 {
1930         DBGMSG("reset_notification called - switch %s ",
1931                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1932         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1933             (req->req.misc == RAW1394_NOTIFY_ON)) {
1934                 fi->notification = (u8) req->req.misc;
1935                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1936                 return 0;
1937         }
1938         /* error EINVAL (22) invalid argument */
1939         return (-EINVAL);
1940 }
1941
1942 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1943 {
1944         struct hpsb_packet *packet = NULL;
1945         int retval = 0;
1946         quadlet_t data;
1947         unsigned long flags;
1948
1949         data = be32_to_cpu((u32) req->req.sendb);
1950         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1951         packet = hpsb_make_phypacket(fi->host, data);
1952         if (!packet)
1953                 return -ENOMEM;
1954         req->req.length = 0;
1955         req->packet = packet;
1956         hpsb_set_packet_complete_task(packet,
1957                                       (void (*)(void *))queue_complete_cb, req);
1958         spin_lock_irqsave(&fi->reqlists_lock, flags);
1959         list_add_tail(&req->list, &fi->req_pending);
1960         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
1961         packet->generation = req->req.generation;
1962         retval = hpsb_send_packet(packet);
1963         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
1964         if (retval < 0) {
1965                 req->req.error = RAW1394_ERROR_SEND_ERROR;
1966                 req->req.length = 0;
1967                 queue_complete_req(req);
1968         }
1969         return 0;
1970 }
1971
1972 static int get_config_rom(struct file_info *fi, struct pending_request *req)
1973 {
1974         int ret = 0;
1975         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
1976         int status;
1977
1978         if (!data)
1979                 return -ENOMEM;
1980
1981         status =
1982             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
1983                          data, req->req.length);
1984         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
1985                 ret = -EFAULT;
1986         if (copy_to_user
1987             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
1988              sizeof(fi->host->csr.rom->cache_head->len)))
1989                 ret = -EFAULT;
1990         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
1991                          sizeof(fi->host->csr.generation)))
1992                 ret = -EFAULT;
1993         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
1994                 ret = -EFAULT;
1995         kfree(data);
1996         if (ret >= 0) {
1997                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1998         }
1999         return ret;
2000 }
2001
2002 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2003 {
2004         int ret = 0;
2005         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2006         if (!data)
2007                 return -ENOMEM;
2008         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2009                 ret = -EFAULT;
2010         } else {
2011                 int status = hpsb_update_config_rom(fi->host,
2012                                                     data, req->req.length,
2013                                                     (unsigned char)req->req.
2014                                                     misc);
2015                 if (copy_to_user
2016                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2017                         ret = -ENOMEM;
2018         }
2019         kfree(data);
2020         if (ret >= 0) {
2021                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2022                 fi->cfgrom_upd = 1;
2023         }
2024         return ret;
2025 }
2026
2027 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2028 {
2029         struct csr1212_keyval *kv;
2030         struct csr1212_csr_rom_cache *cache;
2031         struct csr1212_dentry *dentry;
2032         u32 dr;
2033         int ret = 0;
2034
2035         if (req->req.misc == ~0) {
2036                 if (req->req.length == 0)
2037                         return -EINVAL;
2038
2039                 /* Find an unused slot */
2040                 for (dr = 0;
2041                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2042                      dr++) ;
2043
2044                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2045                         return -ENOMEM;
2046
2047                 fi->csr1212_dirs[dr] =
2048                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2049                 if (!fi->csr1212_dirs[dr])
2050                         return -ENOMEM;
2051         } else {
2052                 dr = req->req.misc;
2053                 if (!fi->csr1212_dirs[dr])
2054                         return -EINVAL;
2055
2056                 /* Delete old stuff */
2057                 for (dentry =
2058                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2059                      dentry; dentry = dentry->next) {
2060                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2061                                                              root_kv,
2062                                                              dentry->kv);
2063                 }
2064
2065                 if (req->req.length == 0) {
2066                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2067                         fi->csr1212_dirs[dr] = NULL;
2068
2069                         hpsb_update_config_rom_image(fi->host);
2070                         free_pending_request(req);
2071                         return 0;
2072                 }
2073         }
2074
2075         cache = csr1212_rom_cache_malloc(0, req->req.length);
2076         if (!cache) {
2077                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2078                 fi->csr1212_dirs[dr] = NULL;
2079                 return -ENOMEM;
2080         }
2081
2082         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2083         if (!cache->filled_head) {
2084                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2085                 fi->csr1212_dirs[dr] = NULL;
2086                 CSR1212_FREE(cache);
2087                 return -ENOMEM;
2088         }
2089         cache->filled_tail = cache->filled_head;
2090
2091         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2092                            req->req.length)) {
2093                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2094                 fi->csr1212_dirs[dr] = NULL;
2095                 ret = -EFAULT;
2096         } else {
2097                 cache->len = req->req.length;
2098                 cache->filled_head->offset_start = 0;
2099                 cache->filled_head->offset_end = cache->size - 1;
2100
2101                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2102
2103                 ret = CSR1212_SUCCESS;
2104                 /* parse all the items */
2105                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2106                      kv = kv->next) {
2107                         ret = csr1212_parse_keyval(kv, cache);
2108                 }
2109
2110                 /* attach top level items to the root directory */
2111                 for (dentry =
2112                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2113                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2114                         ret =
2115                             csr1212_attach_keyval_to_directory(fi->host->csr.
2116                                                                rom->root_kv,
2117                                                                dentry->kv);
2118                 }
2119
2120                 if (ret == CSR1212_SUCCESS) {
2121                         ret = hpsb_update_config_rom_image(fi->host);
2122
2123                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2124                                                      &dr, sizeof(dr))) {
2125                                 ret = -ENOMEM;
2126                         }
2127                 }
2128         }
2129         kfree(cache->filled_head);
2130         CSR1212_FREE(cache);
2131
2132         if (ret >= 0) {
2133                 /* we have to free the request, because we queue no response,
2134                  * and therefore nobody will free it */
2135                 free_pending_request(req);
2136                 return 0;
2137         } else {
2138                 for (dentry =
2139                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2140                      dentry; dentry = dentry->next) {
2141                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2142                                                              root_kv,
2143                                                              dentry->kv);
2144                 }
2145                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2146                 fi->csr1212_dirs[dr] = NULL;
2147                 return ret;
2148         }
2149 }
2150
2151 static int state_connected(struct file_info *fi, struct pending_request *req)
2152 {
2153         int node = req->req.address >> 48;
2154
2155         req->req.error = RAW1394_ERROR_NONE;
2156
2157         switch (req->req.type) {
2158
2159         case RAW1394_REQ_ECHO:
2160                 queue_complete_req(req);
2161                 return 0;
2162
2163         case RAW1394_REQ_ARM_REGISTER:
2164                 return arm_register(fi, req);
2165
2166         case RAW1394_REQ_ARM_UNREGISTER:
2167                 return arm_unregister(fi, req);
2168
2169         case RAW1394_REQ_ARM_SET_BUF:
2170                 return arm_set_buf(fi, req);
2171
2172         case RAW1394_REQ_ARM_GET_BUF:
2173                 return arm_get_buf(fi, req);
2174
2175         case RAW1394_REQ_RESET_NOTIFY:
2176                 return reset_notification(fi, req);
2177
2178         case RAW1394_REQ_ISO_SEND:
2179         case RAW1394_REQ_ISO_LISTEN:
2180                 printk(KERN_DEBUG "raw1394: old iso ABI has been removed\n");
2181                 req->req.error = RAW1394_ERROR_COMPAT;
2182                 req->req.misc = RAW1394_KERNELAPI_VERSION;
2183                 queue_complete_req(req);
2184                 return 0;
2185
2186         case RAW1394_REQ_FCP_LISTEN:
2187                 handle_fcp_listen(fi, req);
2188                 return 0;
2189
2190         case RAW1394_REQ_RESET_BUS:
2191                 if (req->req.misc == RAW1394_LONG_RESET) {
2192                         DBGMSG("busreset called (type: LONG)");
2193                         hpsb_reset_bus(fi->host, LONG_RESET);
2194                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2195                         return 0;
2196                 }
2197                 if (req->req.misc == RAW1394_SHORT_RESET) {
2198                         DBGMSG("busreset called (type: SHORT)");
2199                         hpsb_reset_bus(fi->host, SHORT_RESET);
2200                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2201                         return 0;
2202                 }
2203                 /* error EINVAL (22) invalid argument */
2204                 return (-EINVAL);
2205         case RAW1394_REQ_GET_ROM:
2206                 return get_config_rom(fi, req);
2207
2208         case RAW1394_REQ_UPDATE_ROM:
2209                 return update_config_rom(fi, req);
2210
2211         case RAW1394_REQ_MODIFY_ROM:
2212                 return modify_config_rom(fi, req);
2213         }
2214
2215         if (req->req.generation != get_hpsb_generation(fi->host)) {
2216                 req->req.error = RAW1394_ERROR_GENERATION;
2217                 req->req.generation = get_hpsb_generation(fi->host);
2218                 req->req.length = 0;
2219                 queue_complete_req(req);
2220                 return 0;
2221         }
2222
2223         switch (req->req.type) {
2224         case RAW1394_REQ_PHYPACKET:
2225                 return write_phypacket(fi, req);
2226         case RAW1394_REQ_ASYNC_SEND:
2227                 return handle_async_send(fi, req);
2228         }
2229
2230         if (req->req.length == 0) {
2231                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2232                 queue_complete_req(req);
2233                 return 0;
2234         }
2235
2236         return handle_async_request(fi, req, node);
2237 }
2238
2239 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2240                              size_t count, loff_t * offset_is_ignored)
2241 {
2242         struct file_info *fi = (struct file_info *)file->private_data;
2243         struct pending_request *req;
2244         ssize_t retval = -EBADFD;
2245
2246 #ifdef CONFIG_COMPAT
2247         if (count == sizeof(struct compat_raw1394_req) &&
2248             sizeof(struct compat_raw1394_req) !=
2249                         sizeof(struct raw1394_request)) {
2250                 buffer = raw1394_compat_write(buffer);
2251                 if (IS_ERR(buffer))
2252                         return PTR_ERR(buffer);
2253         } else
2254 #endif
2255         if (count != sizeof(struct raw1394_request)) {
2256                 return -EINVAL;
2257         }
2258
2259         req = alloc_pending_request();
2260         if (req == NULL) {
2261                 return -ENOMEM;
2262         }
2263         req->file_info = fi;
2264
2265         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2266                 free_pending_request(req);
2267                 return -EFAULT;
2268         }
2269
2270         switch (fi->state) {
2271         case opened:
2272                 retval = state_opened(fi, req);
2273                 break;
2274
2275         case initialized:
2276                 retval = state_initialized(fi, req);
2277                 break;
2278
2279         case connected:
2280                 retval = state_connected(fi, req);
2281                 break;
2282         }
2283
2284         if (retval < 0) {
2285                 free_pending_request(req);
2286         } else {
2287                 BUG_ON(retval);
2288                 retval = count;
2289         }
2290
2291         return retval;
2292 }
2293
2294 /* rawiso operations */
2295
2296 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2297  * completion queue (reqlists_lock must be taken) */
2298 static inline int __rawiso_event_in_queue(struct file_info *fi)
2299 {
2300         struct pending_request *req;
2301
2302         list_for_each_entry(req, &fi->req_complete, list)
2303             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2304                 return 1;
2305
2306         return 0;
2307 }
2308
2309 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2310 static void queue_rawiso_event(struct file_info *fi)
2311 {
2312         unsigned long flags;
2313
2314         spin_lock_irqsave(&fi->reqlists_lock, flags);
2315
2316         /* only one ISO activity event may be in the queue */
2317         if (!__rawiso_event_in_queue(fi)) {
2318                 struct pending_request *req =
2319                     __alloc_pending_request(GFP_ATOMIC);
2320
2321                 if (req) {
2322                         req->file_info = fi;
2323                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2324                         req->req.generation = get_hpsb_generation(fi->host);
2325                         __queue_complete_req(req);
2326                 } else {
2327                         /* on allocation failure, signal an overflow */
2328                         if (fi->iso_handle) {
2329                                 atomic_inc(&fi->iso_handle->overflows);
2330                         }
2331                 }
2332         }
2333         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2334 }
2335
2336 static void rawiso_activity_cb(struct hpsb_iso *iso)
2337 {
2338         unsigned long flags;
2339         struct host_info *hi;
2340         struct file_info *fi;
2341
2342         spin_lock_irqsave(&host_info_lock, flags);
2343         hi = find_host_info(iso->host);
2344
2345         if (hi != NULL) {
2346                 list_for_each_entry(fi, &hi->file_info_list, list) {
2347                         if (fi->iso_handle == iso)
2348                                 queue_rawiso_event(fi);
2349                 }
2350         }
2351
2352         spin_unlock_irqrestore(&host_info_lock, flags);
2353 }
2354
2355 /* helper function - gather all the kernel iso status bits for returning to user-space */
2356 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2357                                     struct raw1394_iso_status *stat)
2358 {
2359         stat->config.data_buf_size = iso->buf_size;
2360         stat->config.buf_packets = iso->buf_packets;
2361         stat->config.channel = iso->channel;
2362         stat->config.speed = iso->speed;
2363         stat->config.irq_interval = iso->irq_interval;
2364         stat->n_packets = hpsb_iso_n_ready(iso);
2365         stat->overflows = atomic_read(&iso->overflows);
2366         stat->xmit_cycle = iso->xmit_cycle;
2367 }
2368
2369 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2370 {
2371         struct raw1394_iso_status stat;
2372
2373         if (!fi->host)
2374                 return -EINVAL;
2375
2376         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2377                 return -EFAULT;
2378
2379         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2380                                             stat.config.data_buf_size,
2381                                             stat.config.buf_packets,
2382                                             stat.config.channel,
2383                                             stat.config.speed,
2384                                             stat.config.irq_interval,
2385                                             rawiso_activity_cb);
2386         if (!fi->iso_handle)
2387                 return -ENOMEM;
2388
2389         fi->iso_state = RAW1394_ISO_XMIT;
2390
2391         raw1394_iso_fill_status(fi->iso_handle, &stat);
2392         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2393                 return -EFAULT;
2394
2395         /* queue an event to get things started */
2396         rawiso_activity_cb(fi->iso_handle);
2397
2398         return 0;
2399 }
2400
2401 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2402 {
2403         struct raw1394_iso_status stat;
2404
2405         if (!fi->host)
2406                 return -EINVAL;
2407
2408         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2409                 return -EFAULT;
2410
2411         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2412                                             stat.config.data_buf_size,
2413                                             stat.config.buf_packets,
2414                                             stat.config.channel,
2415                                             stat.config.dma_mode,
2416                                             stat.config.irq_interval,
2417                                             rawiso_activity_cb);
2418         if (!fi->iso_handle)
2419                 return -ENOMEM;
2420
2421         fi->iso_state = RAW1394_ISO_RECV;
2422
2423         raw1394_iso_fill_status(fi->iso_handle, &stat);
2424         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2425                 return -EFAULT;
2426         return 0;
2427 }
2428
2429 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2430 {
2431         struct raw1394_iso_status stat;
2432         struct hpsb_iso *iso = fi->iso_handle;
2433
2434         raw1394_iso_fill_status(fi->iso_handle, &stat);
2435         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2436                 return -EFAULT;
2437
2438         /* reset overflow counter */
2439         atomic_set(&iso->overflows, 0);
2440
2441         return 0;
2442 }
2443
2444 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2445 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2446 {
2447         struct raw1394_iso_packets upackets;
2448         unsigned int packet = fi->iso_handle->first_packet;
2449         int i;
2450
2451         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2452                 return -EFAULT;
2453
2454         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2455                 return -EINVAL;
2456
2457         /* ensure user-supplied buffer is accessible and big enough */
2458         if (!access_ok(VERIFY_WRITE, upackets.infos,
2459                        upackets.n_packets *
2460                        sizeof(struct raw1394_iso_packet_info)))
2461                 return -EFAULT;
2462
2463         /* copy the packet_infos out */
2464         for (i = 0; i < upackets.n_packets; i++) {
2465                 if (__copy_to_user(&upackets.infos[i],
2466                                    &fi->iso_handle->infos[packet],
2467                                    sizeof(struct raw1394_iso_packet_info)))
2468                         return -EFAULT;
2469
2470                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2471         }
2472
2473         return 0;
2474 }
2475
2476 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2477 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2478 {
2479         struct raw1394_iso_packets upackets;
2480         int i, rv;
2481
2482         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2483                 return -EFAULT;
2484
2485         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2486                 return -EINVAL;
2487
2488         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2489                 return -EAGAIN;
2490
2491         /* ensure user-supplied buffer is accessible and big enough */
2492         if (!access_ok(VERIFY_READ, upackets.infos,
2493                        upackets.n_packets *
2494                        sizeof(struct raw1394_iso_packet_info)))
2495                 return -EFAULT;
2496
2497         /* copy the infos structs in and queue the packets */
2498         for (i = 0; i < upackets.n_packets; i++) {
2499                 struct raw1394_iso_packet_info info;
2500
2501                 if (__copy_from_user(&info, &upackets.infos[i],
2502                                      sizeof(struct raw1394_iso_packet_info)))
2503                         return -EFAULT;
2504
2505                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2506                                                 info.len, info.tag, info.sy);
2507                 if (rv)
2508                         return rv;
2509         }
2510
2511         return 0;
2512 }
2513
2514 static void raw1394_iso_shutdown(struct file_info *fi)
2515 {
2516         if (fi->iso_handle)
2517                 hpsb_iso_shutdown(fi->iso_handle);
2518
2519         fi->iso_handle = NULL;
2520         fi->iso_state = RAW1394_ISO_INACTIVE;
2521 }
2522
2523 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2524 {
2525         struct raw1394_cycle_timer ct;
2526         int err;
2527
2528         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2529         if (!err)
2530                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2531                         err = -EFAULT;
2532         return err;
2533 }
2534
2535 /* mmap the rawiso xmit/recv buffer */
2536 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2537 {
2538         struct file_info *fi = file->private_data;
2539
2540         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2541                 return -EINVAL;
2542
2543         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2544 }
2545
2546 /* ioctl is only used for rawiso operations */
2547 static int raw1394_ioctl(struct inode *inode, struct file *file,
2548                          unsigned int cmd, unsigned long arg)
2549 {
2550         struct file_info *fi = file->private_data;
2551         void __user *argp = (void __user *)arg;
2552
2553         switch (fi->iso_state) {
2554         case RAW1394_ISO_INACTIVE:
2555                 switch (cmd) {
2556                 case RAW1394_IOC_ISO_XMIT_INIT:
2557                         return raw1394_iso_xmit_init(fi, argp);
2558                 case RAW1394_IOC_ISO_RECV_INIT:
2559                         return raw1394_iso_recv_init(fi, argp);
2560                 default:
2561                         break;
2562                 }
2563                 break;
2564         case RAW1394_ISO_RECV:
2565                 switch (cmd) {
2566                 case RAW1394_IOC_ISO_RECV_START:{
2567                                 /* copy args from user-space */
2568                                 int args[3];
2569                                 if (copy_from_user
2570                                     (&args[0], argp, sizeof(args)))
2571                                         return -EFAULT;
2572                                 return hpsb_iso_recv_start(fi->iso_handle,
2573                                                            args[0], args[1],
2574                                                            args[2]);
2575                         }
2576                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2577                         hpsb_iso_stop(fi->iso_handle);
2578                         return 0;
2579                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2580                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2581                                                             arg);
2582                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2583                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2584                                                               arg);
2585                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2586                                 /* copy the u64 from user-space */
2587                                 u64 mask;
2588                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2589                                         return -EFAULT;
2590                                 return hpsb_iso_recv_set_channel_mask(fi->
2591                                                                       iso_handle,
2592                                                                       mask);
2593                         }
2594                 case RAW1394_IOC_ISO_GET_STATUS:
2595                         return raw1394_iso_get_status(fi, argp);
2596                 case RAW1394_IOC_ISO_RECV_PACKETS:
2597                         return raw1394_iso_recv_packets(fi, argp);
2598                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2599                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2600                                                              arg);
2601                 case RAW1394_IOC_ISO_RECV_FLUSH:
2602                         return hpsb_iso_recv_flush(fi->iso_handle);
2603                 case RAW1394_IOC_ISO_SHUTDOWN:
2604                         raw1394_iso_shutdown(fi);
2605                         return 0;
2606                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2607                         queue_rawiso_event(fi);
2608                         return 0;
2609                 }
2610                 break;
2611         case RAW1394_ISO_XMIT:
2612                 switch (cmd) {
2613                 case RAW1394_IOC_ISO_XMIT_START:{
2614                                 /* copy two ints from user-space */
2615                                 int args[2];
2616                                 if (copy_from_user
2617                                     (&args[0], argp, sizeof(args)))
2618                                         return -EFAULT;
2619                                 return hpsb_iso_xmit_start(fi->iso_handle,
2620                                                            args[0], args[1]);
2621                         }
2622                 case RAW1394_IOC_ISO_XMIT_SYNC:
2623                         return hpsb_iso_xmit_sync(fi->iso_handle);
2624                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2625                         hpsb_iso_stop(fi->iso_handle);
2626                         return 0;
2627                 case RAW1394_IOC_ISO_GET_STATUS:
2628                         return raw1394_iso_get_status(fi, argp);
2629                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2630                         return raw1394_iso_send_packets(fi, argp);
2631                 case RAW1394_IOC_ISO_SHUTDOWN:
2632                         raw1394_iso_shutdown(fi);
2633                         return 0;
2634                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2635                         queue_rawiso_event(fi);
2636                         return 0;
2637                 }
2638                 break;
2639         default:
2640                 break;
2641         }
2642
2643         /* state-independent commands */
2644         switch(cmd) {
2645         case RAW1394_IOC_GET_CYCLE_TIMER:
2646                 return raw1394_read_cycle_timer(fi, argp);
2647         default:
2648                 break;
2649         }
2650
2651         return -EINVAL;
2652 }
2653
2654 #ifdef CONFIG_COMPAT
2655 struct raw1394_iso_packets32 {
2656         __u32 n_packets;
2657         compat_uptr_t infos;
2658 } __attribute__((packed));
2659
2660 struct raw1394_cycle_timer32 {
2661         __u32 cycle_timer;
2662         __u64 local_time;
2663 }
2664 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
2665 __attribute__((packed))
2666 #endif
2667 ;
2668
2669 #define RAW1394_IOC_ISO_RECV_PACKETS32          \
2670         _IOW ('#', 0x25, struct raw1394_iso_packets32)
2671 #define RAW1394_IOC_ISO_XMIT_PACKETS32          \
2672         _IOW ('#', 0x27, struct raw1394_iso_packets32)
2673 #define RAW1394_IOC_GET_CYCLE_TIMER32           \
2674         _IOR ('#', 0x30, struct raw1394_cycle_timer32)
2675
2676 static long raw1394_iso_xmit_recv_packets32(struct file *file, unsigned int cmd,
2677                                           struct raw1394_iso_packets32 __user *arg)
2678 {
2679         compat_uptr_t infos32;
2680         void __user *infos;
2681         long err = -EFAULT;
2682         struct raw1394_iso_packets __user *dst = compat_alloc_user_space(sizeof(struct raw1394_iso_packets));
2683
2684         if (!copy_in_user(&dst->n_packets, &arg->n_packets, sizeof arg->n_packets) &&
2685             !copy_from_user(&infos32, &arg->infos, sizeof infos32)) {
2686                 infos = compat_ptr(infos32);
2687                 if (!copy_to_user(&dst->infos, &infos, sizeof infos))
2688                         err = raw1394_ioctl(NULL, file, cmd, (unsigned long)dst);
2689         }
2690         return err;
2691 }
2692
2693 static long raw1394_read_cycle_timer32(struct file_info *fi, void __user * uaddr)
2694 {
2695         struct raw1394_cycle_timer32 ct;
2696         int err;
2697
2698         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2699         if (!err)
2700                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2701                         err = -EFAULT;
2702         return err;
2703 }
2704
2705 static long raw1394_compat_ioctl(struct file *file,
2706                                  unsigned int cmd, unsigned long arg)
2707 {
2708         struct file_info *fi = file->private_data;
2709         void __user *argp = (void __user *)arg;
2710         long err;
2711
2712         lock_kernel();
2713         switch (cmd) {
2714         /* These requests have same format as long as 'int' has same size. */
2715         case RAW1394_IOC_ISO_RECV_INIT:
2716         case RAW1394_IOC_ISO_RECV_START:
2717         case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2718         case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2719         case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:
2720         case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2721         case RAW1394_IOC_ISO_RECV_FLUSH:
2722         case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2723         case RAW1394_IOC_ISO_XMIT_INIT:
2724         case RAW1394_IOC_ISO_XMIT_START:
2725         case RAW1394_IOC_ISO_XMIT_SYNC:
2726         case RAW1394_IOC_ISO_GET_STATUS:
2727         case RAW1394_IOC_ISO_SHUTDOWN:
2728         case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2729                 err = raw1394_ioctl(NULL, file, cmd, arg);
2730                 break;
2731         /* These request have different format. */
2732         case RAW1394_IOC_ISO_RECV_PACKETS32:
2733                 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_RECV_PACKETS, argp);
2734                 break;
2735         case RAW1394_IOC_ISO_XMIT_PACKETS32:
2736                 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_XMIT_PACKETS, argp);
2737                 break;
2738         case RAW1394_IOC_GET_CYCLE_TIMER32:
2739                 err = raw1394_read_cycle_timer32(fi, argp);
2740                 break;
2741         default:
2742                 err = -EINVAL;
2743                 break;
2744         }
2745         unlock_kernel();
2746
2747         return err;
2748 }
2749 #endif
2750
2751 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2752 {
2753         struct file_info *fi = file->private_data;
2754         unsigned int mask = POLLOUT | POLLWRNORM;
2755         unsigned long flags;
2756
2757         poll_wait(file, &fi->wait_complete, pt);
2758
2759         spin_lock_irqsave(&fi->reqlists_lock, flags);
2760         if (!list_empty(&fi->req_complete)) {
2761                 mask |= POLLIN | POLLRDNORM;
2762         }
2763         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2764
2765         return mask;
2766 }
2767
2768 static int raw1394_open(struct inode *inode, struct file *file)
2769 {
2770         struct file_info *fi;
2771
2772         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2773         if (!fi)
2774                 return -ENOMEM;
2775
2776         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2777
2778         INIT_LIST_HEAD(&fi->list);
2779         fi->state = opened;
2780         INIT_LIST_HEAD(&fi->req_pending);
2781         INIT_LIST_HEAD(&fi->req_complete);
2782         spin_lock_init(&fi->reqlists_lock);
2783         init_waitqueue_head(&fi->wait_complete);
2784         INIT_LIST_HEAD(&fi->addr_list);
2785
2786         file->private_data = fi;
2787
2788         return 0;
2789 }
2790
2791 static int raw1394_release(struct inode *inode, struct file *file)
2792 {
2793         struct file_info *fi = file->private_data;
2794         struct list_head *lh;
2795         struct pending_request *req;
2796         int i, fail;
2797         int retval = 0;
2798         struct list_head *entry;
2799         struct arm_addr *addr = NULL;
2800         struct host_info *hi;
2801         struct file_info *fi_hlp = NULL;
2802         struct arm_addr *arm_addr = NULL;
2803         int another_host;
2804         int csr_mod = 0;
2805         unsigned long flags;
2806
2807         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2808                 raw1394_iso_shutdown(fi);
2809
2810         spin_lock_irqsave(&host_info_lock, flags);
2811
2812         fail = 0;
2813         /* set address-entries invalid */
2814
2815         while (!list_empty(&fi->addr_list)) {
2816                 another_host = 0;
2817                 lh = fi->addr_list.next;
2818                 addr = list_entry(lh, struct arm_addr, addr_list);
2819                 /* another host with valid address-entry containing
2820                    same addressrange? */
2821                 list_for_each_entry(hi, &host_info_list, list) {
2822                         if (hi->host != fi->host) {
2823                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2824                                                     list) {
2825                                         entry = fi_hlp->addr_list.next;
2826                                         while (entry != &(fi_hlp->addr_list)) {
2827                                                 arm_addr = list_entry(entry, struct
2828                                                                       arm_addr,
2829                                                                       addr_list);
2830                                                 if (arm_addr->start ==
2831                                                     addr->start) {
2832                                                         DBGMSG
2833                                                             ("raw1394_release: "
2834                                                              "another host ownes "
2835                                                              "same addressrange");
2836                                                         another_host = 1;
2837                                                         break;
2838                                                 }
2839                                                 entry = entry->next;
2840                                         }
2841                                         if (another_host) {
2842                                                 break;
2843                                         }
2844                                 }
2845                         }
2846                 }
2847                 if (!another_host) {
2848                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2849                         retval =
2850                             hpsb_unregister_addrspace(&raw1394_highlevel,
2851                                                       fi->host, addr->start);
2852                         if (!retval) {
2853                                 ++fail;
2854                                 printk(KERN_ERR
2855                                        "raw1394_release arm_Unregister failed\n");
2856                         }
2857                 }
2858                 DBGMSG("raw1394_release: delete addr_entry from list");
2859                 list_del(&addr->addr_list);
2860                 vfree(addr->addr_space_buffer);
2861                 kfree(addr);
2862         }                       /* while */
2863         spin_unlock_irqrestore(&host_info_lock, flags);
2864         if (fail > 0) {
2865                 printk(KERN_ERR "raw1394: during addr_list-release "
2866                        "error(s) occurred \n");
2867         }
2868
2869         for (;;) {
2870                 /* This locked section guarantees that neither
2871                  * complete nor pending requests exist once i!=0 */
2872                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2873                 while ((req = __next_complete_req(fi)))
2874                         free_pending_request(req);
2875
2876                 i = list_empty(&fi->req_pending);
2877                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2878
2879                 if (i)
2880                         break;
2881                 /*
2882                  * Sleep until more requests can be freed.
2883                  *
2884                  * NB: We call the macro wait_event() with a condition argument
2885                  * with side effect.  This is only possible because the side
2886                  * effect does not occur until the condition became true, and
2887                  * wait_event() won't evaluate the condition again after that.
2888                  */
2889                 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2890                 free_pending_request(req);
2891         }
2892
2893         /* Remove any sub-trees left by user space programs */
2894         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2895                 struct csr1212_dentry *dentry;
2896                 if (!fi->csr1212_dirs[i])
2897                         continue;
2898                 for (dentry =
2899                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2900                      dentry = dentry->next) {
2901                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2902                                                              root_kv,
2903                                                              dentry->kv);
2904                 }
2905                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2906                 fi->csr1212_dirs[i] = NULL;
2907                 csr_mod = 1;
2908         }
2909
2910         if ((csr_mod || fi->cfgrom_upd)
2911             && hpsb_update_config_rom_image(fi->host) < 0)
2912                 HPSB_ERR
2913                     ("Failed to generate Configuration ROM image for host %d",
2914                      fi->host->id);
2915
2916         if (fi->state == connected) {
2917                 spin_lock_irqsave(&host_info_lock, flags);
2918                 list_del(&fi->list);
2919                 spin_unlock_irqrestore(&host_info_lock, flags);
2920
2921                 put_device(&fi->host->device);
2922         }
2923
2924         spin_lock_irqsave(&host_info_lock, flags);
2925         if (fi->host)
2926                 module_put(fi->host->driver->owner);
2927         spin_unlock_irqrestore(&host_info_lock, flags);
2928
2929         kfree(fi);
2930
2931         return 0;
2932 }
2933
2934 /*** HOTPLUG STUFF **********************************************************/
2935 /*
2936  * Export information about protocols/devices supported by this driver.
2937  */
2938 static struct ieee1394_device_id raw1394_id_table[] = {
2939         {
2940          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2941          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2942          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2943         {
2944          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2945          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2946          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2947         {
2948          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2949          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2950          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2951         {
2952          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2953          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2954          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2955         {}
2956 };
2957
2958 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2959
2960 static struct hpsb_protocol_driver raw1394_driver = {
2961         .name = "raw1394",
2962         .id_table = raw1394_id_table,
2963 };
2964
2965 /******************************************************************************/
2966
2967 static struct hpsb_highlevel raw1394_highlevel = {
2968         .name = RAW1394_DEVICE_NAME,
2969         .add_host = add_host,
2970         .remove_host = remove_host,
2971         .host_reset = host_reset,
2972         .fcp_request = fcp_request,
2973 };
2974
2975 static struct cdev raw1394_cdev;
2976 static const struct file_operations raw1394_fops = {
2977         .owner = THIS_MODULE,
2978         .read = raw1394_read,
2979         .write = raw1394_write,
2980         .mmap = raw1394_mmap,
2981         .ioctl = raw1394_ioctl,
2982 #ifdef CONFIG_COMPAT
2983         .compat_ioctl = raw1394_compat_ioctl,
2984 #endif
2985         .poll = raw1394_poll,
2986         .open = raw1394_open,
2987         .release = raw1394_release,
2988 };
2989
2990 static int __init init_raw1394(void)
2991 {
2992         int ret = 0;
2993
2994         hpsb_register_highlevel(&raw1394_highlevel);
2995
2996         if (IS_ERR
2997             (device_create(
2998               hpsb_protocol_class, NULL,
2999               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16),
3000               RAW1394_DEVICE_NAME))) {
3001                 ret = -EFAULT;
3002                 goto out_unreg;
3003         }
3004
3005         cdev_init(&raw1394_cdev, &raw1394_fops);
3006         raw1394_cdev.owner = THIS_MODULE;
3007         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3008         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3009         if (ret) {
3010                 HPSB_ERR("raw1394 failed to register minor device block");
3011                 goto out_dev;
3012         }
3013
3014         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3015
3016         ret = hpsb_register_protocol(&raw1394_driver);
3017         if (ret) {
3018                 HPSB_ERR("raw1394: failed to register protocol");
3019                 cdev_del(&raw1394_cdev);
3020                 goto out_dev;
3021         }
3022
3023         goto out;
3024
3025       out_dev:
3026         device_destroy(hpsb_protocol_class,
3027                        MKDEV(IEEE1394_MAJOR,
3028                              IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3029       out_unreg:
3030         hpsb_unregister_highlevel(&raw1394_highlevel);
3031       out:
3032         return ret;
3033 }
3034
3035 static void __exit cleanup_raw1394(void)
3036 {
3037         device_destroy(hpsb_protocol_class,
3038                        MKDEV(IEEE1394_MAJOR,
3039                              IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3040         cdev_del(&raw1394_cdev);
3041         hpsb_unregister_highlevel(&raw1394_highlevel);
3042         hpsb_unregister_protocol(&raw1394_driver);
3043 }
3044
3045 module_init(init_raw1394);
3046 module_exit(cleanup_raw1394);
3047 MODULE_LICENSE("GPL");