Merge branch 'master'
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/devfs_fs_kernel.h>
45
46 #include "csr1212.h"
47 #include "ieee1394.h"
48 #include "ieee1394_types.h"
49 #include "ieee1394_core.h"
50 #include "nodemgr.h"
51 #include "hosts.h"
52 #include "highlevel.h"
53 #include "iso.h"
54 #include "ieee1394_transactions.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 static struct pending_request *__alloc_pending_request(gfp_t flags)
102 {
103         struct pending_request *req;
104
105         req = (struct pending_request *)kmalloc(sizeof(struct pending_request),
106                                                 flags);
107         if (req != NULL) {
108                 memset(req, 0, sizeof(struct pending_request));
109                 INIT_LIST_HEAD(&req->list);
110         }
111
112         return req;
113 }
114
115 static inline struct pending_request *alloc_pending_request(void)
116 {
117         return __alloc_pending_request(SLAB_KERNEL);
118 }
119
120 static void free_pending_request(struct pending_request *req)
121 {
122         if (req->ibs) {
123                 if (atomic_dec_and_test(&req->ibs->refcount)) {
124                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
125                         kfree(req->ibs);
126                 }
127         } else if (req->free_data) {
128                 kfree(req->data);
129         }
130         hpsb_free_packet(req->packet);
131         kfree(req);
132 }
133
134 /* fi->reqlists_lock must be taken */
135 static void __queue_complete_req(struct pending_request *req)
136 {
137         struct file_info *fi = req->file_info;
138         list_del(&req->list);
139         list_add_tail(&req->list, &fi->req_complete);
140
141         up(&fi->complete_sem);
142         wake_up_interruptible(&fi->poll_wait_complete);
143 }
144
145 static void queue_complete_req(struct pending_request *req)
146 {
147         unsigned long flags;
148         struct file_info *fi = req->file_info;
149
150         spin_lock_irqsave(&fi->reqlists_lock, flags);
151         __queue_complete_req(req);
152         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
153 }
154
155 static void queue_complete_cb(struct pending_request *req)
156 {
157         struct hpsb_packet *packet = req->packet;
158         int rcode = (packet->header[1] >> 12) & 0xf;
159
160         switch (packet->ack_code) {
161         case ACKX_NONE:
162         case ACKX_SEND_ERROR:
163                 req->req.error = RAW1394_ERROR_SEND_ERROR;
164                 break;
165         case ACKX_ABORTED:
166                 req->req.error = RAW1394_ERROR_ABORTED;
167                 break;
168         case ACKX_TIMEOUT:
169                 req->req.error = RAW1394_ERROR_TIMEOUT;
170                 break;
171         default:
172                 req->req.error = (packet->ack_code << 16) | rcode;
173                 break;
174         }
175
176         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
177                 req->req.length = 0;
178         }
179
180         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
181             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
182             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
183             (req->req.type == RAW1394_REQ_LOCK) ||
184             (req->req.type == RAW1394_REQ_LOCK64))
185                 hpsb_free_tlabel(packet);
186
187         queue_complete_req(req);
188 }
189
190 static void add_host(struct hpsb_host *host)
191 {
192         struct host_info *hi;
193         unsigned long flags;
194
195         hi = (struct host_info *)kmalloc(sizeof(struct host_info), GFP_KERNEL);
196
197         if (hi != NULL) {
198                 INIT_LIST_HEAD(&hi->list);
199                 hi->host = host;
200                 INIT_LIST_HEAD(&hi->file_info_list);
201
202                 spin_lock_irqsave(&host_info_lock, flags);
203                 list_add_tail(&hi->list, &host_info_list);
204                 host_count++;
205                 spin_unlock_irqrestore(&host_info_lock, flags);
206         }
207
208         atomic_inc(&internal_generation);
209 }
210
211 static struct host_info *find_host_info(struct hpsb_host *host)
212 {
213         struct host_info *hi;
214
215         list_for_each_entry(hi, &host_info_list, list)
216             if (hi->host == host)
217                 return hi;
218
219         return NULL;
220 }
221
222 static void remove_host(struct hpsb_host *host)
223 {
224         struct host_info *hi;
225         unsigned long flags;
226
227         spin_lock_irqsave(&host_info_lock, flags);
228         hi = find_host_info(host);
229
230         if (hi != NULL) {
231                 list_del(&hi->list);
232                 host_count--;
233                 /*
234                    FIXME: address ranges should be removed
235                    and fileinfo states should be initialized
236                    (including setting generation to
237                    internal-generation ...)
238                  */
239         }
240         spin_unlock_irqrestore(&host_info_lock, flags);
241
242         if (hi == NULL) {
243                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
244                        "0x%p\n", host);
245                 return;
246         }
247
248         kfree(hi);
249
250         atomic_inc(&internal_generation);
251 }
252
253 static void host_reset(struct hpsb_host *host)
254 {
255         unsigned long flags;
256         struct host_info *hi;
257         struct file_info *fi;
258         struct pending_request *req;
259
260         spin_lock_irqsave(&host_info_lock, flags);
261         hi = find_host_info(host);
262
263         if (hi != NULL) {
264                 list_for_each_entry(fi, &hi->file_info_list, list) {
265                         if (fi->notification == RAW1394_NOTIFY_ON) {
266                                 req = __alloc_pending_request(SLAB_ATOMIC);
267
268                                 if (req != NULL) {
269                                         req->file_info = fi;
270                                         req->req.type = RAW1394_REQ_BUS_RESET;
271                                         req->req.generation =
272                                             get_hpsb_generation(host);
273                                         req->req.misc = (host->node_id << 16)
274                                             | host->node_count;
275                                         if (fi->protocol_version > 3) {
276                                                 req->req.misc |=
277                                                     (NODEID_TO_NODE
278                                                      (host->irm_id)
279                                                      << 8);
280                                         }
281
282                                         queue_complete_req(req);
283                                 }
284                         }
285                 }
286         }
287         spin_unlock_irqrestore(&host_info_lock, flags);
288 }
289
290 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
291                         size_t length)
292 {
293         unsigned long flags;
294         struct host_info *hi;
295         struct file_info *fi;
296         struct pending_request *req, *req_next;
297         struct iso_block_store *ibs = NULL;
298         LIST_HEAD(reqs);
299
300         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
301                 HPSB_INFO("dropped iso packet");
302                 return;
303         }
304
305         spin_lock_irqsave(&host_info_lock, flags);
306         hi = find_host_info(host);
307
308         if (hi != NULL) {
309                 list_for_each_entry(fi, &hi->file_info_list, list) {
310                         if (!(fi->listen_channels & (1ULL << channel)))
311                                 continue;
312
313                         req = __alloc_pending_request(SLAB_ATOMIC);
314                         if (!req)
315                                 break;
316
317                         if (!ibs) {
318                                 ibs = kmalloc(sizeof(struct iso_block_store)
319                                               + length, SLAB_ATOMIC);
320                                 if (!ibs) {
321                                         kfree(req);
322                                         break;
323                                 }
324
325                                 atomic_add(length, &iso_buffer_size);
326                                 atomic_set(&ibs->refcount, 0);
327                                 ibs->data_size = length;
328                                 memcpy(ibs->data, data, length);
329                         }
330
331                         atomic_inc(&ibs->refcount);
332
333                         req->file_info = fi;
334                         req->ibs = ibs;
335                         req->data = ibs->data;
336                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
337                         req->req.generation = get_hpsb_generation(host);
338                         req->req.misc = 0;
339                         req->req.recvb = ptr2int(fi->iso_buffer);
340                         req->req.length = min(length, fi->iso_buffer_length);
341
342                         list_add_tail(&req->list, &reqs);
343                 }
344         }
345         spin_unlock_irqrestore(&host_info_lock, flags);
346
347         list_for_each_entry_safe(req, req_next, &reqs, list)
348             queue_complete_req(req);
349 }
350
351 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
352                         int cts, u8 * data, size_t length)
353 {
354         unsigned long flags;
355         struct host_info *hi;
356         struct file_info *fi;
357         struct pending_request *req, *req_next;
358         struct iso_block_store *ibs = NULL;
359         LIST_HEAD(reqs);
360
361         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
362                 HPSB_INFO("dropped fcp request");
363                 return;
364         }
365
366         spin_lock_irqsave(&host_info_lock, flags);
367         hi = find_host_info(host);
368
369         if (hi != NULL) {
370                 list_for_each_entry(fi, &hi->file_info_list, list) {
371                         if (!fi->fcp_buffer)
372                                 continue;
373
374                         req = __alloc_pending_request(SLAB_ATOMIC);
375                         if (!req)
376                                 break;
377
378                         if (!ibs) {
379                                 ibs = kmalloc(sizeof(struct iso_block_store)
380                                               + length, SLAB_ATOMIC);
381                                 if (!ibs) {
382                                         kfree(req);
383                                         break;
384                                 }
385
386                                 atomic_add(length, &iso_buffer_size);
387                                 atomic_set(&ibs->refcount, 0);
388                                 ibs->data_size = length;
389                                 memcpy(ibs->data, data, length);
390                         }
391
392                         atomic_inc(&ibs->refcount);
393
394                         req->file_info = fi;
395                         req->ibs = ibs;
396                         req->data = ibs->data;
397                         req->req.type = RAW1394_REQ_FCP_REQUEST;
398                         req->req.generation = get_hpsb_generation(host);
399                         req->req.misc = nodeid | (direction << 16);
400                         req->req.recvb = ptr2int(fi->fcp_buffer);
401                         req->req.length = length;
402
403                         list_add_tail(&req->list, &reqs);
404                 }
405         }
406         spin_unlock_irqrestore(&host_info_lock, flags);
407
408         list_for_each_entry_safe(req, req_next, &reqs, list)
409             queue_complete_req(req);
410 }
411
412 static ssize_t raw1394_read(struct file *file, char __user * buffer,
413                             size_t count, loff_t * offset_is_ignored)
414 {
415         unsigned long flags;
416         struct file_info *fi = (struct file_info *)file->private_data;
417         struct list_head *lh;
418         struct pending_request *req;
419         ssize_t ret;
420
421         if (count != sizeof(struct raw1394_request)) {
422                 return -EINVAL;
423         }
424
425         if (!access_ok(VERIFY_WRITE, buffer, count)) {
426                 return -EFAULT;
427         }
428
429         if (file->f_flags & O_NONBLOCK) {
430                 if (down_trylock(&fi->complete_sem)) {
431                         return -EAGAIN;
432                 }
433         } else {
434                 if (down_interruptible(&fi->complete_sem)) {
435                         return -ERESTARTSYS;
436                 }
437         }
438
439         spin_lock_irqsave(&fi->reqlists_lock, flags);
440         lh = fi->req_complete.next;
441         list_del(lh);
442         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
443
444         req = list_entry(lh, struct pending_request, list);
445
446         if (req->req.length) {
447                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
448                                  req->req.length)) {
449                         req->req.error = RAW1394_ERROR_MEMFAULT;
450                 }
451         }
452         if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
453                 ret = -EFAULT;
454                 goto out;
455         }
456
457         ret = (ssize_t) sizeof(struct raw1394_request);
458       out:
459         free_pending_request(req);
460         return ret;
461 }
462
463 static int state_opened(struct file_info *fi, struct pending_request *req)
464 {
465         if (req->req.type == RAW1394_REQ_INITIALIZE) {
466                 switch (req->req.misc) {
467                 case RAW1394_KERNELAPI_VERSION:
468                 case 3:
469                         fi->state = initialized;
470                         fi->protocol_version = req->req.misc;
471                         req->req.error = RAW1394_ERROR_NONE;
472                         req->req.generation = atomic_read(&internal_generation);
473                         break;
474
475                 default:
476                         req->req.error = RAW1394_ERROR_COMPAT;
477                         req->req.misc = RAW1394_KERNELAPI_VERSION;
478                 }
479         } else {
480                 req->req.error = RAW1394_ERROR_STATE_ORDER;
481         }
482
483         req->req.length = 0;
484         queue_complete_req(req);
485         return sizeof(struct raw1394_request);
486 }
487
488 static int state_initialized(struct file_info *fi, struct pending_request *req)
489 {
490         unsigned long flags;
491         struct host_info *hi;
492         struct raw1394_khost_list *khl;
493
494         if (req->req.generation != atomic_read(&internal_generation)) {
495                 req->req.error = RAW1394_ERROR_GENERATION;
496                 req->req.generation = atomic_read(&internal_generation);
497                 req->req.length = 0;
498                 queue_complete_req(req);
499                 return sizeof(struct raw1394_request);
500         }
501
502         switch (req->req.type) {
503         case RAW1394_REQ_LIST_CARDS:
504                 spin_lock_irqsave(&host_info_lock, flags);
505                 khl = kmalloc(sizeof(struct raw1394_khost_list) * host_count,
506                               SLAB_ATOMIC);
507
508                 if (khl != NULL) {
509                         req->req.misc = host_count;
510                         req->data = (quadlet_t *) khl;
511
512                         list_for_each_entry(hi, &host_info_list, list) {
513                                 khl->nodes = hi->host->node_count;
514                                 strcpy(khl->name, hi->host->driver->name);
515                                 khl++;
516                         }
517                 }
518                 spin_unlock_irqrestore(&host_info_lock, flags);
519
520                 if (khl != NULL) {
521                         req->req.error = RAW1394_ERROR_NONE;
522                         req->req.length = min(req->req.length,
523                                               (u32) (sizeof
524                                                      (struct raw1394_khost_list)
525                                                      * req->req.misc));
526                         req->free_data = 1;
527                 } else {
528                         return -ENOMEM;
529                 }
530                 break;
531
532         case RAW1394_REQ_SET_CARD:
533                 spin_lock_irqsave(&host_info_lock, flags);
534                 if (req->req.misc < host_count) {
535                         list_for_each_entry(hi, &host_info_list, list) {
536                                 if (!req->req.misc--)
537                                         break;
538                         }
539                         get_device(&hi->host->device);  // XXX Need to handle failure case
540                         list_add_tail(&fi->list, &hi->file_info_list);
541                         fi->host = hi->host;
542                         fi->state = connected;
543
544                         req->req.error = RAW1394_ERROR_NONE;
545                         req->req.generation = get_hpsb_generation(fi->host);
546                         req->req.misc = (fi->host->node_id << 16)
547                             | fi->host->node_count;
548                         if (fi->protocol_version > 3) {
549                                 req->req.misc |=
550                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
551                         }
552                 } else {
553                         req->req.error = RAW1394_ERROR_INVALID_ARG;
554                 }
555                 spin_unlock_irqrestore(&host_info_lock, flags);
556
557                 req->req.length = 0;
558                 break;
559
560         default:
561                 req->req.error = RAW1394_ERROR_STATE_ORDER;
562                 req->req.length = 0;
563                 break;
564         }
565
566         queue_complete_req(req);
567         return sizeof(struct raw1394_request);
568 }
569
570 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
571 {
572         int channel = req->req.misc;
573
574         if ((channel > 63) || (channel < -64)) {
575                 req->req.error = RAW1394_ERROR_INVALID_ARG;
576         } else if (channel >= 0) {
577                 /* allocate channel req.misc */
578                 if (fi->listen_channels & (1ULL << channel)) {
579                         req->req.error = RAW1394_ERROR_ALREADY;
580                 } else {
581                         if (hpsb_listen_channel
582                             (&raw1394_highlevel, fi->host, channel)) {
583                                 req->req.error = RAW1394_ERROR_ALREADY;
584                         } else {
585                                 fi->listen_channels |= 1ULL << channel;
586                                 fi->iso_buffer = int2ptr(req->req.recvb);
587                                 fi->iso_buffer_length = req->req.length;
588                         }
589                 }
590         } else {
591                 /* deallocate channel (one's complement neg) req.misc */
592                 channel = ~channel;
593
594                 if (fi->listen_channels & (1ULL << channel)) {
595                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
596                                               channel);
597                         fi->listen_channels &= ~(1ULL << channel);
598                 } else {
599                         req->req.error = RAW1394_ERROR_INVALID_ARG;
600                 }
601         }
602
603         req->req.length = 0;
604         queue_complete_req(req);
605 }
606
607 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
608 {
609         if (req->req.misc) {
610                 if (fi->fcp_buffer) {
611                         req->req.error = RAW1394_ERROR_ALREADY;
612                 } else {
613                         fi->fcp_buffer = int2ptr(req->req.recvb);
614                 }
615         } else {
616                 if (!fi->fcp_buffer) {
617                         req->req.error = RAW1394_ERROR_ALREADY;
618                 } else {
619                         fi->fcp_buffer = NULL;
620                 }
621         }
622
623         req->req.length = 0;
624         queue_complete_req(req);
625 }
626
627 static int handle_async_request(struct file_info *fi,
628                                 struct pending_request *req, int node)
629 {
630         unsigned long flags;
631         struct hpsb_packet *packet = NULL;
632         u64 addr = req->req.address & 0xffffffffffffULL;
633
634         switch (req->req.type) {
635         case RAW1394_REQ_ASYNC_READ:
636                 DBGMSG("read_request called");
637                 packet =
638                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
639
640                 if (!packet)
641                         return -ENOMEM;
642
643                 if (req->req.length == 4)
644                         req->data = &packet->header[3];
645                 else
646                         req->data = packet->data;
647
648                 break;
649
650         case RAW1394_REQ_ASYNC_WRITE:
651                 DBGMSG("write_request called");
652
653                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
654                                                req->req.length);
655                 if (!packet)
656                         return -ENOMEM;
657
658                 if (req->req.length == 4) {
659                         if (copy_from_user
660                             (&packet->header[3], int2ptr(req->req.sendb),
661                              req->req.length))
662                                 req->req.error = RAW1394_ERROR_MEMFAULT;
663                 } else {
664                         if (copy_from_user
665                             (packet->data, int2ptr(req->req.sendb),
666                              req->req.length))
667                                 req->req.error = RAW1394_ERROR_MEMFAULT;
668                 }
669
670                 req->req.length = 0;
671                 break;
672
673         case RAW1394_REQ_ASYNC_STREAM:
674                 DBGMSG("stream_request called");
675
676                 packet =
677                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
678                                            node & 0x3f /*channel */ ,
679                                            (req->req.misc >> 16) & 0x3,
680                                            req->req.misc & 0xf);
681                 if (!packet)
682                         return -ENOMEM;
683
684                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
685                                    req->req.length))
686                         req->req.error = RAW1394_ERROR_MEMFAULT;
687
688                 req->req.length = 0;
689                 break;
690
691         case RAW1394_REQ_LOCK:
692                 DBGMSG("lock_request called");
693                 if ((req->req.misc == EXTCODE_FETCH_ADD)
694                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
695                         if (req->req.length != 4) {
696                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
697                                 break;
698                         }
699                 } else {
700                         if (req->req.length != 8) {
701                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
702                                 break;
703                         }
704                 }
705
706                 packet = hpsb_make_lockpacket(fi->host, node, addr,
707                                               req->req.misc, NULL, 0);
708                 if (!packet)
709                         return -ENOMEM;
710
711                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
712                                    req->req.length)) {
713                         req->req.error = RAW1394_ERROR_MEMFAULT;
714                         break;
715                 }
716
717                 req->data = packet->data;
718                 req->req.length = 4;
719                 break;
720
721         case RAW1394_REQ_LOCK64:
722                 DBGMSG("lock64_request called");
723                 if ((req->req.misc == EXTCODE_FETCH_ADD)
724                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
725                         if (req->req.length != 8) {
726                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
727                                 break;
728                         }
729                 } else {
730                         if (req->req.length != 16) {
731                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
732                                 break;
733                         }
734                 }
735                 packet = hpsb_make_lock64packet(fi->host, node, addr,
736                                                 req->req.misc, NULL, 0);
737                 if (!packet)
738                         return -ENOMEM;
739
740                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
741                                    req->req.length)) {
742                         req->req.error = RAW1394_ERROR_MEMFAULT;
743                         break;
744                 }
745
746                 req->data = packet->data;
747                 req->req.length = 8;
748                 break;
749
750         default:
751                 req->req.error = RAW1394_ERROR_STATE_ORDER;
752         }
753
754         req->packet = packet;
755
756         if (req->req.error) {
757                 req->req.length = 0;
758                 queue_complete_req(req);
759                 return sizeof(struct raw1394_request);
760         }
761
762         hpsb_set_packet_complete_task(packet,
763                                       (void (*)(void *))queue_complete_cb, req);
764
765         spin_lock_irqsave(&fi->reqlists_lock, flags);
766         list_add_tail(&req->list, &fi->req_pending);
767         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
768
769         packet->generation = req->req.generation;
770
771         if (hpsb_send_packet(packet) < 0) {
772                 req->req.error = RAW1394_ERROR_SEND_ERROR;
773                 req->req.length = 0;
774                 hpsb_free_tlabel(packet);
775                 queue_complete_req(req);
776         }
777         return sizeof(struct raw1394_request);
778 }
779
780 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
781                            int channel)
782 {
783         unsigned long flags;
784         struct hpsb_packet *packet;
785
786         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
787                                      (req->req.misc >> 16) & 0x3,
788                                      req->req.misc & 0xf);
789         if (!packet)
790                 return -ENOMEM;
791
792         packet->speed_code = req->req.address & 0x3;
793
794         req->packet = packet;
795
796         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
797                            req->req.length)) {
798                 req->req.error = RAW1394_ERROR_MEMFAULT;
799                 req->req.length = 0;
800                 queue_complete_req(req);
801                 return sizeof(struct raw1394_request);
802         }
803
804         req->req.length = 0;
805         hpsb_set_packet_complete_task(packet,
806                                       (void (*)(void *))queue_complete_req,
807                                       req);
808
809         spin_lock_irqsave(&fi->reqlists_lock, flags);
810         list_add_tail(&req->list, &fi->req_pending);
811         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
812
813         /* Update the generation of the packet just before sending. */
814         packet->generation = req->req.generation;
815
816         if (hpsb_send_packet(packet) < 0) {
817                 req->req.error = RAW1394_ERROR_SEND_ERROR;
818                 queue_complete_req(req);
819         }
820
821         return sizeof(struct raw1394_request);
822 }
823
824 static int handle_async_send(struct file_info *fi, struct pending_request *req)
825 {
826         unsigned long flags;
827         struct hpsb_packet *packet;
828         int header_length = req->req.misc & 0xffff;
829         int expect_response = req->req.misc >> 16;
830
831         if ((header_length > req->req.length) || (header_length < 12)) {
832                 req->req.error = RAW1394_ERROR_INVALID_ARG;
833                 req->req.length = 0;
834                 queue_complete_req(req);
835                 return sizeof(struct raw1394_request);
836         }
837
838         packet = hpsb_alloc_packet(req->req.length - header_length);
839         req->packet = packet;
840         if (!packet)
841                 return -ENOMEM;
842
843         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
844                            header_length)) {
845                 req->req.error = RAW1394_ERROR_MEMFAULT;
846                 req->req.length = 0;
847                 queue_complete_req(req);
848                 return sizeof(struct raw1394_request);
849         }
850
851         if (copy_from_user
852             (packet->data, int2ptr(req->req.sendb) + header_length,
853              packet->data_size)) {
854                 req->req.error = RAW1394_ERROR_MEMFAULT;
855                 req->req.length = 0;
856                 queue_complete_req(req);
857                 return sizeof(struct raw1394_request);
858         }
859
860         packet->type = hpsb_async;
861         packet->node_id = packet->header[0] >> 16;
862         packet->tcode = (packet->header[0] >> 4) & 0xf;
863         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
864         packet->host = fi->host;
865         packet->expect_response = expect_response;
866         packet->header_size = header_length;
867         packet->data_size = req->req.length - header_length;
868
869         req->req.length = 0;
870         hpsb_set_packet_complete_task(packet,
871                                       (void (*)(void *))queue_complete_cb, req);
872
873         spin_lock_irqsave(&fi->reqlists_lock, flags);
874         list_add_tail(&req->list, &fi->req_pending);
875         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
876
877         /* Update the generation of the packet just before sending. */
878         packet->generation = req->req.generation;
879
880         if (hpsb_send_packet(packet) < 0) {
881                 req->req.error = RAW1394_ERROR_SEND_ERROR;
882                 queue_complete_req(req);
883         }
884
885         return sizeof(struct raw1394_request);
886 }
887
888 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
889                     u64 addr, size_t length, u16 flags)
890 {
891         unsigned long irqflags;
892         struct pending_request *req;
893         struct host_info *hi;
894         struct file_info *fi = NULL;
895         struct list_head *entry;
896         struct arm_addr *arm_addr = NULL;
897         struct arm_request *arm_req = NULL;
898         struct arm_response *arm_resp = NULL;
899         int found = 0, size = 0, rcode = -1;
900         struct arm_request_response *arm_req_resp = NULL;
901
902         DBGMSG("arm_read  called by node: %X"
903                "addr: %4.4x %8.8x length: %Zu", nodeid,
904                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
905                length);
906         spin_lock_irqsave(&host_info_lock, irqflags);
907         hi = find_host_info(host);      /* search address-entry */
908         if (hi != NULL) {
909                 list_for_each_entry(fi, &hi->file_info_list, list) {
910                         entry = fi->addr_list.next;
911                         while (entry != &(fi->addr_list)) {
912                                 arm_addr =
913                                     list_entry(entry, struct arm_addr,
914                                                addr_list);
915                                 if (((arm_addr->start) <= (addr))
916                                     && ((arm_addr->end) >= (addr + length))) {
917                                         found = 1;
918                                         break;
919                                 }
920                                 entry = entry->next;
921                         }
922                         if (found) {
923                                 break;
924                         }
925                 }
926         }
927         rcode = -1;
928         if (!found) {
929                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
930                        " -> rcode_address_error\n");
931                 spin_unlock_irqrestore(&host_info_lock, irqflags);
932                 return (RCODE_ADDRESS_ERROR);
933         } else {
934                 DBGMSG("arm_read addr_entry FOUND");
935         }
936         if (arm_addr->rec_length < length) {
937                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
938                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
939         }
940         if (rcode == -1) {
941                 if (arm_addr->access_rights & ARM_READ) {
942                         if (!(arm_addr->client_transactions & ARM_READ)) {
943                                 memcpy(buffer,
944                                        (arm_addr->addr_space_buffer) + (addr -
945                                                                         (arm_addr->
946                                                                          start)),
947                                        length);
948                                 DBGMSG("arm_read -> (rcode_complete)");
949                                 rcode = RCODE_COMPLETE;
950                         }
951                 } else {
952                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
953                         DBGMSG("arm_read -> rcode_type_error (access denied)");
954                 }
955         }
956         if (arm_addr->notification_options & ARM_READ) {
957                 DBGMSG("arm_read -> entering notification-section");
958                 req = __alloc_pending_request(SLAB_ATOMIC);
959                 if (!req) {
960                         DBGMSG("arm_read -> rcode_conflict_error");
961                         spin_unlock_irqrestore(&host_info_lock, irqflags);
962                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
963                                                            The request may be retried */
964                 }
965                 if (rcode == RCODE_COMPLETE) {
966                         size =
967                             sizeof(struct arm_request) +
968                             sizeof(struct arm_response) +
969                             length * sizeof(byte_t) +
970                             sizeof(struct arm_request_response);
971                 } else {
972                         size =
973                             sizeof(struct arm_request) +
974                             sizeof(struct arm_response) +
975                             sizeof(struct arm_request_response);
976                 }
977                 req->data = kmalloc(size, SLAB_ATOMIC);
978                 if (!(req->data)) {
979                         free_pending_request(req);
980                         DBGMSG("arm_read -> rcode_conflict_error");
981                         spin_unlock_irqrestore(&host_info_lock, irqflags);
982                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
983                                                            The request may be retried */
984                 }
985                 req->free_data = 1;
986                 req->file_info = fi;
987                 req->req.type = RAW1394_REQ_ARM;
988                 req->req.generation = get_hpsb_generation(host);
989                 req->req.misc =
990                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
991                 req->req.tag = arm_addr->arm_tag;
992                 req->req.recvb = arm_addr->recvb;
993                 req->req.length = size;
994                 arm_req_resp = (struct arm_request_response *)(req->data);
995                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
996                                                  (sizeof
997                                                   (struct
998                                                    arm_request_response)));
999                 arm_resp =
1000                     (struct arm_response *)((byte_t *) (arm_req) +
1001                                             (sizeof(struct arm_request)));
1002                 arm_req->buffer = NULL;
1003                 arm_resp->buffer = NULL;
1004                 if (rcode == RCODE_COMPLETE) {
1005                         byte_t *buf =
1006                             (byte_t *) arm_resp + sizeof(struct arm_response);
1007                         memcpy(buf,
1008                                (arm_addr->addr_space_buffer) + (addr -
1009                                                                 (arm_addr->
1010                                                                  start)),
1011                                length);
1012                         arm_resp->buffer =
1013                             int2ptr((arm_addr->recvb) +
1014                                     sizeof(struct arm_request_response) +
1015                                     sizeof(struct arm_request) +
1016                                     sizeof(struct arm_response));
1017                 }
1018                 arm_resp->buffer_length =
1019                     (rcode == RCODE_COMPLETE) ? length : 0;
1020                 arm_resp->response_code = rcode;
1021                 arm_req->buffer_length = 0;
1022                 arm_req->generation = req->req.generation;
1023                 arm_req->extended_transaction_code = 0;
1024                 arm_req->destination_offset = addr;
1025                 arm_req->source_nodeid = nodeid;
1026                 arm_req->destination_nodeid = host->node_id;
1027                 arm_req->tlabel = (flags >> 10) & 0x3f;
1028                 arm_req->tcode = (flags >> 4) & 0x0f;
1029                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1030                                                 sizeof(struct
1031                                                        arm_request_response));
1032                 arm_req_resp->response =
1033                     int2ptr((arm_addr->recvb) +
1034                             sizeof(struct arm_request_response) +
1035                             sizeof(struct arm_request));
1036                 queue_complete_req(req);
1037         }
1038         spin_unlock_irqrestore(&host_info_lock, irqflags);
1039         return (rcode);
1040 }
1041
1042 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1043                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1044 {
1045         unsigned long irqflags;
1046         struct pending_request *req;
1047         struct host_info *hi;
1048         struct file_info *fi = NULL;
1049         struct list_head *entry;
1050         struct arm_addr *arm_addr = NULL;
1051         struct arm_request *arm_req = NULL;
1052         struct arm_response *arm_resp = NULL;
1053         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1054         struct arm_request_response *arm_req_resp = NULL;
1055
1056         DBGMSG("arm_write called by node: %X"
1057                "addr: %4.4x %8.8x length: %Zu", nodeid,
1058                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1059                length);
1060         spin_lock_irqsave(&host_info_lock, irqflags);
1061         hi = find_host_info(host);      /* search address-entry */
1062         if (hi != NULL) {
1063                 list_for_each_entry(fi, &hi->file_info_list, list) {
1064                         entry = fi->addr_list.next;
1065                         while (entry != &(fi->addr_list)) {
1066                                 arm_addr =
1067                                     list_entry(entry, struct arm_addr,
1068                                                addr_list);
1069                                 if (((arm_addr->start) <= (addr))
1070                                     && ((arm_addr->end) >= (addr + length))) {
1071                                         found = 1;
1072                                         break;
1073                                 }
1074                                 entry = entry->next;
1075                         }
1076                         if (found) {
1077                                 break;
1078                         }
1079                 }
1080         }
1081         rcode = -1;
1082         if (!found) {
1083                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1084                        " -> rcode_address_error\n");
1085                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1086                 return (RCODE_ADDRESS_ERROR);
1087         } else {
1088                 DBGMSG("arm_write addr_entry FOUND");
1089         }
1090         if (arm_addr->rec_length < length) {
1091                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1092                 length_conflict = 1;
1093                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1094         }
1095         if (rcode == -1) {
1096                 if (arm_addr->access_rights & ARM_WRITE) {
1097                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1098                                 memcpy((arm_addr->addr_space_buffer) +
1099                                        (addr - (arm_addr->start)), data,
1100                                        length);
1101                                 DBGMSG("arm_write -> (rcode_complete)");
1102                                 rcode = RCODE_COMPLETE;
1103                         }
1104                 } else {
1105                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1106                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1107                 }
1108         }
1109         if (arm_addr->notification_options & ARM_WRITE) {
1110                 DBGMSG("arm_write -> entering notification-section");
1111                 req = __alloc_pending_request(SLAB_ATOMIC);
1112                 if (!req) {
1113                         DBGMSG("arm_write -> rcode_conflict_error");
1114                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1115                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1116                                                            The request my be retried */
1117                 }
1118                 size =
1119                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1120                     (length) * sizeof(byte_t) +
1121                     sizeof(struct arm_request_response);
1122                 req->data = kmalloc(size, SLAB_ATOMIC);
1123                 if (!(req->data)) {
1124                         free_pending_request(req);
1125                         DBGMSG("arm_write -> rcode_conflict_error");
1126                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1127                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1128                                                            The request may be retried */
1129                 }
1130                 req->free_data = 1;
1131                 req->file_info = fi;
1132                 req->req.type = RAW1394_REQ_ARM;
1133                 req->req.generation = get_hpsb_generation(host);
1134                 req->req.misc =
1135                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1136                 req->req.tag = arm_addr->arm_tag;
1137                 req->req.recvb = arm_addr->recvb;
1138                 req->req.length = size;
1139                 arm_req_resp = (struct arm_request_response *)(req->data);
1140                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1141                                                  (sizeof
1142                                                   (struct
1143                                                    arm_request_response)));
1144                 arm_resp =
1145                     (struct arm_response *)((byte_t *) (arm_req) +
1146                                             (sizeof(struct arm_request)));
1147                 arm_resp->buffer = NULL;
1148                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1149                        data, length);
1150                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1151                                           sizeof(struct arm_request_response) +
1152                                           sizeof(struct arm_request) +
1153                                           sizeof(struct arm_response));
1154                 arm_req->buffer_length = length;
1155                 arm_req->generation = req->req.generation;
1156                 arm_req->extended_transaction_code = 0;
1157                 arm_req->destination_offset = addr;
1158                 arm_req->source_nodeid = nodeid;
1159                 arm_req->destination_nodeid = destid;
1160                 arm_req->tlabel = (flags >> 10) & 0x3f;
1161                 arm_req->tcode = (flags >> 4) & 0x0f;
1162                 arm_resp->buffer_length = 0;
1163                 arm_resp->response_code = rcode;
1164                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1165                                                 sizeof(struct
1166                                                        arm_request_response));
1167                 arm_req_resp->response =
1168                     int2ptr((arm_addr->recvb) +
1169                             sizeof(struct arm_request_response) +
1170                             sizeof(struct arm_request));
1171                 queue_complete_req(req);
1172         }
1173         spin_unlock_irqrestore(&host_info_lock, irqflags);
1174         return (rcode);
1175 }
1176
1177 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1178                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1179                     u16 flags)
1180 {
1181         unsigned long irqflags;
1182         struct pending_request *req;
1183         struct host_info *hi;
1184         struct file_info *fi = NULL;
1185         struct list_head *entry;
1186         struct arm_addr *arm_addr = NULL;
1187         struct arm_request *arm_req = NULL;
1188         struct arm_response *arm_resp = NULL;
1189         int found = 0, size = 0, rcode = -1;
1190         quadlet_t old, new;
1191         struct arm_request_response *arm_req_resp = NULL;
1192
1193         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1194             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1195                 DBGMSG("arm_lock  called by node: %X "
1196                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1197                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1198                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1199                        be32_to_cpu(data));
1200         } else {
1201                 DBGMSG("arm_lock  called by node: %X "
1202                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1203                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1204                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1205                        be32_to_cpu(data), be32_to_cpu(arg));
1206         }
1207         spin_lock_irqsave(&host_info_lock, irqflags);
1208         hi = find_host_info(host);      /* search address-entry */
1209         if (hi != NULL) {
1210                 list_for_each_entry(fi, &hi->file_info_list, list) {
1211                         entry = fi->addr_list.next;
1212                         while (entry != &(fi->addr_list)) {
1213                                 arm_addr =
1214                                     list_entry(entry, struct arm_addr,
1215                                                addr_list);
1216                                 if (((arm_addr->start) <= (addr))
1217                                     && ((arm_addr->end) >=
1218                                         (addr + sizeof(*store)))) {
1219                                         found = 1;
1220                                         break;
1221                                 }
1222                                 entry = entry->next;
1223                         }
1224                         if (found) {
1225                                 break;
1226                         }
1227                 }
1228         }
1229         rcode = -1;
1230         if (!found) {
1231                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1232                        " -> rcode_address_error\n");
1233                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1234                 return (RCODE_ADDRESS_ERROR);
1235         } else {
1236                 DBGMSG("arm_lock addr_entry FOUND");
1237         }
1238         if (rcode == -1) {
1239                 if (arm_addr->access_rights & ARM_LOCK) {
1240                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1241                                 memcpy(&old,
1242                                        (arm_addr->addr_space_buffer) + (addr -
1243                                                                         (arm_addr->
1244                                                                          start)),
1245                                        sizeof(old));
1246                                 switch (ext_tcode) {
1247                                 case (EXTCODE_MASK_SWAP):
1248                                         new = data | (old & ~arg);
1249                                         break;
1250                                 case (EXTCODE_COMPARE_SWAP):
1251                                         if (old == arg) {
1252                                                 new = data;
1253                                         } else {
1254                                                 new = old;
1255                                         }
1256                                         break;
1257                                 case (EXTCODE_FETCH_ADD):
1258                                         new =
1259                                             cpu_to_be32(be32_to_cpu(data) +
1260                                                         be32_to_cpu(old));
1261                                         break;
1262                                 case (EXTCODE_LITTLE_ADD):
1263                                         new =
1264                                             cpu_to_le32(le32_to_cpu(data) +
1265                                                         le32_to_cpu(old));
1266                                         break;
1267                                 case (EXTCODE_BOUNDED_ADD):
1268                                         if (old != arg) {
1269                                                 new =
1270                                                     cpu_to_be32(be32_to_cpu
1271                                                                 (data) +
1272                                                                 be32_to_cpu
1273                                                                 (old));
1274                                         } else {
1275                                                 new = old;
1276                                         }
1277                                         break;
1278                                 case (EXTCODE_WRAP_ADD):
1279                                         if (old != arg) {
1280                                                 new =
1281                                                     cpu_to_be32(be32_to_cpu
1282                                                                 (data) +
1283                                                                 be32_to_cpu
1284                                                                 (old));
1285                                         } else {
1286                                                 new = data;
1287                                         }
1288                                         break;
1289                                 default:
1290                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1291                                         printk(KERN_ERR
1292                                                "raw1394: arm_lock FAILED "
1293                                                "ext_tcode not allowed -> rcode_type_error\n");
1294                                         break;
1295                                 }       /*switch */
1296                                 if (rcode == -1) {
1297                                         DBGMSG("arm_lock -> (rcode_complete)");
1298                                         rcode = RCODE_COMPLETE;
1299                                         memcpy(store, &old, sizeof(*store));
1300                                         memcpy((arm_addr->addr_space_buffer) +
1301                                                (addr - (arm_addr->start)),
1302                                                &new, sizeof(*store));
1303                                 }
1304                         }
1305                 } else {
1306                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1307                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1308                 }
1309         }
1310         if (arm_addr->notification_options & ARM_LOCK) {
1311                 byte_t *buf1, *buf2;
1312                 DBGMSG("arm_lock -> entering notification-section");
1313                 req = __alloc_pending_request(SLAB_ATOMIC);
1314                 if (!req) {
1315                         DBGMSG("arm_lock -> rcode_conflict_error");
1316                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1317                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1318                                                            The request may be retried */
1319                 }
1320                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1321                 req->data = kmalloc(size, SLAB_ATOMIC);
1322                 if (!(req->data)) {
1323                         free_pending_request(req);
1324                         DBGMSG("arm_lock -> rcode_conflict_error");
1325                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1326                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1327                                                            The request may be retried */
1328                 }
1329                 req->free_data = 1;
1330                 arm_req_resp = (struct arm_request_response *)(req->data);
1331                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1332                                                  (sizeof
1333                                                   (struct
1334                                                    arm_request_response)));
1335                 arm_resp =
1336                     (struct arm_response *)((byte_t *) (arm_req) +
1337                                             (sizeof(struct arm_request)));
1338                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1339                 buf2 = buf1 + 2 * sizeof(*store);
1340                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1341                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1342                         arm_req->buffer_length = sizeof(*store);
1343                         memcpy(buf1, &data, sizeof(*store));
1344
1345                 } else {
1346                         arm_req->buffer_length = 2 * sizeof(*store);
1347                         memcpy(buf1, &arg, sizeof(*store));
1348                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1349                 }
1350                 if (rcode == RCODE_COMPLETE) {
1351                         arm_resp->buffer_length = sizeof(*store);
1352                         memcpy(buf2, &old, sizeof(*store));
1353                 } else {
1354                         arm_resp->buffer_length = 0;
1355                 }
1356                 req->file_info = fi;
1357                 req->req.type = RAW1394_REQ_ARM;
1358                 req->req.generation = get_hpsb_generation(host);
1359                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1360                                  (ARM_LOCK & 0xFF));
1361                 req->req.tag = arm_addr->arm_tag;
1362                 req->req.recvb = arm_addr->recvb;
1363                 req->req.length = size;
1364                 arm_req->generation = req->req.generation;
1365                 arm_req->extended_transaction_code = ext_tcode;
1366                 arm_req->destination_offset = addr;
1367                 arm_req->source_nodeid = nodeid;
1368                 arm_req->destination_nodeid = host->node_id;
1369                 arm_req->tlabel = (flags >> 10) & 0x3f;
1370                 arm_req->tcode = (flags >> 4) & 0x0f;
1371                 arm_resp->response_code = rcode;
1372                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1373                                                 sizeof(struct
1374                                                        arm_request_response));
1375                 arm_req_resp->response =
1376                     int2ptr((arm_addr->recvb) +
1377                             sizeof(struct arm_request_response) +
1378                             sizeof(struct arm_request));
1379                 arm_req->buffer =
1380                     int2ptr((arm_addr->recvb) +
1381                             sizeof(struct arm_request_response) +
1382                             sizeof(struct arm_request) +
1383                             sizeof(struct arm_response));
1384                 arm_resp->buffer =
1385                     int2ptr((arm_addr->recvb) +
1386                             sizeof(struct arm_request_response) +
1387                             sizeof(struct arm_request) +
1388                             sizeof(struct arm_response) + 2 * sizeof(*store));
1389                 queue_complete_req(req);
1390         }
1391         spin_unlock_irqrestore(&host_info_lock, irqflags);
1392         return (rcode);
1393 }
1394
1395 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1396                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1397                       u16 flags)
1398 {
1399         unsigned long irqflags;
1400         struct pending_request *req;
1401         struct host_info *hi;
1402         struct file_info *fi = NULL;
1403         struct list_head *entry;
1404         struct arm_addr *arm_addr = NULL;
1405         struct arm_request *arm_req = NULL;
1406         struct arm_response *arm_resp = NULL;
1407         int found = 0, size = 0, rcode = -1;
1408         octlet_t old, new;
1409         struct arm_request_response *arm_req_resp = NULL;
1410
1411         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1412             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1413                 DBGMSG("arm_lock64 called by node: %X "
1414                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1415                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1416                        (u32) (addr & 0xFFFFFFFF),
1417                        ext_tcode & 0xFF,
1418                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1419                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1420         } else {
1421                 DBGMSG("arm_lock64 called by node: %X "
1422                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1423                        "%8.8X %8.8X ",
1424                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1425                        (u32) (addr & 0xFFFFFFFF),
1426                        ext_tcode & 0xFF,
1427                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1428                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1429                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1430                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1431         }
1432         spin_lock_irqsave(&host_info_lock, irqflags);
1433         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1434         if (hi != NULL) {
1435                 list_for_each_entry(fi, &hi->file_info_list, list) {
1436                         entry = fi->addr_list.next;
1437                         while (entry != &(fi->addr_list)) {
1438                                 arm_addr =
1439                                     list_entry(entry, struct arm_addr,
1440                                                addr_list);
1441                                 if (((arm_addr->start) <= (addr))
1442                                     && ((arm_addr->end) >=
1443                                         (addr + sizeof(*store)))) {
1444                                         found = 1;
1445                                         break;
1446                                 }
1447                                 entry = entry->next;
1448                         }
1449                         if (found) {
1450                                 break;
1451                         }
1452                 }
1453         }
1454         rcode = -1;
1455         if (!found) {
1456                 printk(KERN_ERR
1457                        "raw1394: arm_lock64 FAILED addr_entry not found"
1458                        " -> rcode_address_error\n");
1459                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1460                 return (RCODE_ADDRESS_ERROR);
1461         } else {
1462                 DBGMSG("arm_lock64 addr_entry FOUND");
1463         }
1464         if (rcode == -1) {
1465                 if (arm_addr->access_rights & ARM_LOCK) {
1466                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1467                                 memcpy(&old,
1468                                        (arm_addr->addr_space_buffer) + (addr -
1469                                                                         (arm_addr->
1470                                                                          start)),
1471                                        sizeof(old));
1472                                 switch (ext_tcode) {
1473                                 case (EXTCODE_MASK_SWAP):
1474                                         new = data | (old & ~arg);
1475                                         break;
1476                                 case (EXTCODE_COMPARE_SWAP):
1477                                         if (old == arg) {
1478                                                 new = data;
1479                                         } else {
1480                                                 new = old;
1481                                         }
1482                                         break;
1483                                 case (EXTCODE_FETCH_ADD):
1484                                         new =
1485                                             cpu_to_be64(be64_to_cpu(data) +
1486                                                         be64_to_cpu(old));
1487                                         break;
1488                                 case (EXTCODE_LITTLE_ADD):
1489                                         new =
1490                                             cpu_to_le64(le64_to_cpu(data) +
1491                                                         le64_to_cpu(old));
1492                                         break;
1493                                 case (EXTCODE_BOUNDED_ADD):
1494                                         if (old != arg) {
1495                                                 new =
1496                                                     cpu_to_be64(be64_to_cpu
1497                                                                 (data) +
1498                                                                 be64_to_cpu
1499                                                                 (old));
1500                                         } else {
1501                                                 new = old;
1502                                         }
1503                                         break;
1504                                 case (EXTCODE_WRAP_ADD):
1505                                         if (old != arg) {
1506                                                 new =
1507                                                     cpu_to_be64(be64_to_cpu
1508                                                                 (data) +
1509                                                                 be64_to_cpu
1510                                                                 (old));
1511                                         } else {
1512                                                 new = data;
1513                                         }
1514                                         break;
1515                                 default:
1516                                         printk(KERN_ERR
1517                                                "raw1394: arm_lock64 FAILED "
1518                                                "ext_tcode not allowed -> rcode_type_error\n");
1519                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1520                                         break;
1521                                 }       /*switch */
1522                                 if (rcode == -1) {
1523                                         DBGMSG
1524                                             ("arm_lock64 -> (rcode_complete)");
1525                                         rcode = RCODE_COMPLETE;
1526                                         memcpy(store, &old, sizeof(*store));
1527                                         memcpy((arm_addr->addr_space_buffer) +
1528                                                (addr - (arm_addr->start)),
1529                                                &new, sizeof(*store));
1530                                 }
1531                         }
1532                 } else {
1533                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1534                         DBGMSG
1535                             ("arm_lock64 -> rcode_type_error (access denied)");
1536                 }
1537         }
1538         if (arm_addr->notification_options & ARM_LOCK) {
1539                 byte_t *buf1, *buf2;
1540                 DBGMSG("arm_lock64 -> entering notification-section");
1541                 req = __alloc_pending_request(SLAB_ATOMIC);
1542                 if (!req) {
1543                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1544                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1545                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1546                                                            The request may be retried */
1547                 }
1548                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1549                 req->data = kmalloc(size, SLAB_ATOMIC);
1550                 if (!(req->data)) {
1551                         free_pending_request(req);
1552                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1553                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1554                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1555                                                            The request may be retried */
1556                 }
1557                 req->free_data = 1;
1558                 arm_req_resp = (struct arm_request_response *)(req->data);
1559                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1560                                                  (sizeof
1561                                                   (struct
1562                                                    arm_request_response)));
1563                 arm_resp =
1564                     (struct arm_response *)((byte_t *) (arm_req) +
1565                                             (sizeof(struct arm_request)));
1566                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1567                 buf2 = buf1 + 2 * sizeof(*store);
1568                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1569                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1570                         arm_req->buffer_length = sizeof(*store);
1571                         memcpy(buf1, &data, sizeof(*store));
1572
1573                 } else {
1574                         arm_req->buffer_length = 2 * sizeof(*store);
1575                         memcpy(buf1, &arg, sizeof(*store));
1576                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1577                 }
1578                 if (rcode == RCODE_COMPLETE) {
1579                         arm_resp->buffer_length = sizeof(*store);
1580                         memcpy(buf2, &old, sizeof(*store));
1581                 } else {
1582                         arm_resp->buffer_length = 0;
1583                 }
1584                 req->file_info = fi;
1585                 req->req.type = RAW1394_REQ_ARM;
1586                 req->req.generation = get_hpsb_generation(host);
1587                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1588                                  (ARM_LOCK & 0xFF));
1589                 req->req.tag = arm_addr->arm_tag;
1590                 req->req.recvb = arm_addr->recvb;
1591                 req->req.length = size;
1592                 arm_req->generation = req->req.generation;
1593                 arm_req->extended_transaction_code = ext_tcode;
1594                 arm_req->destination_offset = addr;
1595                 arm_req->source_nodeid = nodeid;
1596                 arm_req->destination_nodeid = host->node_id;
1597                 arm_req->tlabel = (flags >> 10) & 0x3f;
1598                 arm_req->tcode = (flags >> 4) & 0x0f;
1599                 arm_resp->response_code = rcode;
1600                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1601                                                 sizeof(struct
1602                                                        arm_request_response));
1603                 arm_req_resp->response =
1604                     int2ptr((arm_addr->recvb) +
1605                             sizeof(struct arm_request_response) +
1606                             sizeof(struct arm_request));
1607                 arm_req->buffer =
1608                     int2ptr((arm_addr->recvb) +
1609                             sizeof(struct arm_request_response) +
1610                             sizeof(struct arm_request) +
1611                             sizeof(struct arm_response));
1612                 arm_resp->buffer =
1613                     int2ptr((arm_addr->recvb) +
1614                             sizeof(struct arm_request_response) +
1615                             sizeof(struct arm_request) +
1616                             sizeof(struct arm_response) + 2 * sizeof(*store));
1617                 queue_complete_req(req);
1618         }
1619         spin_unlock_irqrestore(&host_info_lock, irqflags);
1620         return (rcode);
1621 }
1622
1623 static int arm_register(struct file_info *fi, struct pending_request *req)
1624 {
1625         int retval;
1626         struct arm_addr *addr;
1627         struct host_info *hi;
1628         struct file_info *fi_hlp = NULL;
1629         struct list_head *entry;
1630         struct arm_addr *arm_addr = NULL;
1631         int same_host, another_host;
1632         unsigned long flags;
1633
1634         DBGMSG("arm_register called "
1635                "addr(Offset): %8.8x %8.8x length: %u "
1636                "rights: %2.2X notify: %2.2X "
1637                "max_blk_len: %4.4X",
1638                (u32) ((req->req.address >> 32) & 0xFFFF),
1639                (u32) (req->req.address & 0xFFFFFFFF),
1640                req->req.length, ((req->req.misc >> 8) & 0xFF),
1641                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1642         /* check addressrange */
1643         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1644             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1645              0)) {
1646                 req->req.length = 0;
1647                 return (-EINVAL);
1648         }
1649         /* addr-list-entry for fileinfo */
1650         addr = (struct arm_addr *)kmalloc(sizeof(struct arm_addr), SLAB_KERNEL);
1651         if (!addr) {
1652                 req->req.length = 0;
1653                 return (-ENOMEM);
1654         }
1655         /* allocation of addr_space_buffer */
1656         addr->addr_space_buffer = (u8 *) vmalloc(req->req.length);
1657         if (!(addr->addr_space_buffer)) {
1658                 kfree(addr);
1659                 req->req.length = 0;
1660                 return (-ENOMEM);
1661         }
1662         /* initialization of addr_space_buffer */
1663         if ((req->req.sendb) == (unsigned long)NULL) {
1664                 /* init: set 0 */
1665                 memset(addr->addr_space_buffer, 0, req->req.length);
1666         } else {
1667                 /* init: user -> kernel */
1668                 if (copy_from_user
1669                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1670                      req->req.length)) {
1671                         vfree(addr->addr_space_buffer);
1672                         kfree(addr);
1673                         return (-EFAULT);
1674                 }
1675         }
1676         INIT_LIST_HEAD(&addr->addr_list);
1677         addr->arm_tag = req->req.tag;
1678         addr->start = req->req.address;
1679         addr->end = req->req.address + req->req.length;
1680         addr->access_rights = (u8) (req->req.misc & 0x0F);
1681         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1682         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1683         addr->access_rights |= addr->client_transactions;
1684         addr->notification_options |= addr->client_transactions;
1685         addr->recvb = req->req.recvb;
1686         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1687         spin_lock_irqsave(&host_info_lock, flags);
1688         hi = find_host_info(fi->host);
1689         same_host = 0;
1690         another_host = 0;
1691         /* same host with address-entry containing same addressrange ? */
1692         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1693                 entry = fi_hlp->addr_list.next;
1694                 while (entry != &(fi_hlp->addr_list)) {
1695                         arm_addr =
1696                             list_entry(entry, struct arm_addr, addr_list);
1697                         if ((arm_addr->start == addr->start)
1698                             && (arm_addr->end == addr->end)) {
1699                                 DBGMSG("same host ownes same "
1700                                        "addressrange -> EALREADY");
1701                                 same_host = 1;
1702                                 break;
1703                         }
1704                         entry = entry->next;
1705                 }
1706                 if (same_host) {
1707                         break;
1708                 }
1709         }
1710         if (same_host) {
1711                 /* addressrange occupied by same host */
1712                 vfree(addr->addr_space_buffer);
1713                 kfree(addr);
1714                 spin_unlock_irqrestore(&host_info_lock, flags);
1715                 return (-EALREADY);
1716         }
1717         /* another host with valid address-entry containing same addressrange */
1718         list_for_each_entry(hi, &host_info_list, list) {
1719                 if (hi->host != fi->host) {
1720                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1721                                 entry = fi_hlp->addr_list.next;
1722                                 while (entry != &(fi_hlp->addr_list)) {
1723                                         arm_addr =
1724                                             list_entry(entry, struct arm_addr,
1725                                                        addr_list);
1726                                         if ((arm_addr->start == addr->start)
1727                                             && (arm_addr->end == addr->end)) {
1728                                                 DBGMSG
1729                                                     ("another host ownes same "
1730                                                      "addressrange");
1731                                                 another_host = 1;
1732                                                 break;
1733                                         }
1734                                         entry = entry->next;
1735                                 }
1736                                 if (another_host) {
1737                                         break;
1738                                 }
1739                         }
1740                 }
1741         }
1742         if (another_host) {
1743                 DBGMSG("another hosts entry is valid -> SUCCESS");
1744                 if (copy_to_user(int2ptr(req->req.recvb),
1745                                  &addr->start, sizeof(u64))) {
1746                         printk(KERN_ERR "raw1394: arm_register failed "
1747                                " address-range-entry is invalid -> EFAULT !!!\n");
1748                         vfree(addr->addr_space_buffer);
1749                         kfree(addr);
1750                         spin_unlock_irqrestore(&host_info_lock, flags);
1751                         return (-EFAULT);
1752                 }
1753                 free_pending_request(req);      /* immediate success or fail */
1754                 /* INSERT ENTRY */
1755                 list_add_tail(&addr->addr_list, &fi->addr_list);
1756                 spin_unlock_irqrestore(&host_info_lock, flags);
1757                 return sizeof(struct raw1394_request);
1758         }
1759         retval =
1760             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1761                                     req->req.address,
1762                                     req->req.address + req->req.length);
1763         if (retval) {
1764                 /* INSERT ENTRY */
1765                 list_add_tail(&addr->addr_list, &fi->addr_list);
1766         } else {
1767                 DBGMSG("arm_register failed errno: %d \n", retval);
1768                 vfree(addr->addr_space_buffer);
1769                 kfree(addr);
1770                 spin_unlock_irqrestore(&host_info_lock, flags);
1771                 return (-EALREADY);
1772         }
1773         spin_unlock_irqrestore(&host_info_lock, flags);
1774         free_pending_request(req);      /* immediate success or fail */
1775         return sizeof(struct raw1394_request);
1776 }
1777
1778 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1779 {
1780         int found = 0;
1781         int retval = 0;
1782         struct list_head *entry;
1783         struct arm_addr *addr = NULL;
1784         struct host_info *hi;
1785         struct file_info *fi_hlp = NULL;
1786         struct arm_addr *arm_addr = NULL;
1787         int another_host;
1788         unsigned long flags;
1789
1790         DBGMSG("arm_Unregister called addr(Offset): "
1791                "%8.8x %8.8x",
1792                (u32) ((req->req.address >> 32) & 0xFFFF),
1793                (u32) (req->req.address & 0xFFFFFFFF));
1794         spin_lock_irqsave(&host_info_lock, flags);
1795         /* get addr */
1796         entry = fi->addr_list.next;
1797         while (entry != &(fi->addr_list)) {
1798                 addr = list_entry(entry, struct arm_addr, addr_list);
1799                 if (addr->start == req->req.address) {
1800                         found = 1;
1801                         break;
1802                 }
1803                 entry = entry->next;
1804         }
1805         if (!found) {
1806                 DBGMSG("arm_Unregister addr not found");
1807                 spin_unlock_irqrestore(&host_info_lock, flags);
1808                 return (-EINVAL);
1809         }
1810         DBGMSG("arm_Unregister addr found");
1811         another_host = 0;
1812         /* another host with valid address-entry containing
1813            same addressrange */
1814         list_for_each_entry(hi, &host_info_list, list) {
1815                 if (hi->host != fi->host) {
1816                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1817                                 entry = fi_hlp->addr_list.next;
1818                                 while (entry != &(fi_hlp->addr_list)) {
1819                                         arm_addr = list_entry(entry,
1820                                                               struct arm_addr,
1821                                                               addr_list);
1822                                         if (arm_addr->start == addr->start) {
1823                                                 DBGMSG("another host ownes "
1824                                                        "same addressrange");
1825                                                 another_host = 1;
1826                                                 break;
1827                                         }
1828                                         entry = entry->next;
1829                                 }
1830                                 if (another_host) {
1831                                         break;
1832                                 }
1833                         }
1834                 }
1835         }
1836         if (another_host) {
1837                 DBGMSG("delete entry from list -> success");
1838                 list_del(&addr->addr_list);
1839                 vfree(addr->addr_space_buffer);
1840                 kfree(addr);
1841                 free_pending_request(req);      /* immediate success or fail */
1842                 spin_unlock_irqrestore(&host_info_lock, flags);
1843                 return sizeof(struct raw1394_request);
1844         }
1845         retval =
1846             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1847                                       addr->start);
1848         if (!retval) {
1849                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1850                 spin_unlock_irqrestore(&host_info_lock, flags);
1851                 return (-EINVAL);
1852         }
1853         DBGMSG("delete entry from list -> success");
1854         list_del(&addr->addr_list);
1855         spin_unlock_irqrestore(&host_info_lock, flags);
1856         vfree(addr->addr_space_buffer);
1857         kfree(addr);
1858         free_pending_request(req);      /* immediate success or fail */
1859         return sizeof(struct raw1394_request);
1860 }
1861
1862 /* Copy data from ARM buffer(s) to user buffer. */
1863 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1864 {
1865         struct arm_addr *arm_addr = NULL;
1866         unsigned long flags;
1867         unsigned long offset;
1868
1869         struct list_head *entry;
1870
1871         DBGMSG("arm_get_buf "
1872                "addr(Offset): %04X %08X length: %u",
1873                (u32) ((req->req.address >> 32) & 0xFFFF),
1874                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1875
1876         spin_lock_irqsave(&host_info_lock, flags);
1877         entry = fi->addr_list.next;
1878         while (entry != &(fi->addr_list)) {
1879                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1880                 if ((arm_addr->start <= req->req.address) &&
1881                     (arm_addr->end > req->req.address)) {
1882                         if (req->req.address + req->req.length <= arm_addr->end) {
1883                                 offset = req->req.address - arm_addr->start;
1884
1885                                 DBGMSG
1886                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1887                                      (u32) req->req.recvb,
1888                                      arm_addr->addr_space_buffer + offset,
1889                                      (u32) req->req.length);
1890
1891                                 if (copy_to_user
1892                                     (int2ptr(req->req.recvb),
1893                                      arm_addr->addr_space_buffer + offset,
1894                                      req->req.length)) {
1895                                         spin_unlock_irqrestore(&host_info_lock,
1896                                                                flags);
1897                                         return (-EFAULT);
1898                                 }
1899
1900                                 spin_unlock_irqrestore(&host_info_lock, flags);
1901                                 /* We have to free the request, because we
1902                                  * queue no response, and therefore nobody
1903                                  * will free it. */
1904                                 free_pending_request(req);
1905                                 return sizeof(struct raw1394_request);
1906                         } else {
1907                                 DBGMSG("arm_get_buf request exceeded mapping");
1908                                 spin_unlock_irqrestore(&host_info_lock, flags);
1909                                 return (-EINVAL);
1910                         }
1911                 }
1912                 entry = entry->next;
1913         }
1914         spin_unlock_irqrestore(&host_info_lock, flags);
1915         return (-EINVAL);
1916 }
1917
1918 /* Copy data from user buffer to ARM buffer(s). */
1919 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1920 {
1921         struct arm_addr *arm_addr = NULL;
1922         unsigned long flags;
1923         unsigned long offset;
1924
1925         struct list_head *entry;
1926
1927         DBGMSG("arm_set_buf "
1928                "addr(Offset): %04X %08X length: %u",
1929                (u32) ((req->req.address >> 32) & 0xFFFF),
1930                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1931
1932         spin_lock_irqsave(&host_info_lock, flags);
1933         entry = fi->addr_list.next;
1934         while (entry != &(fi->addr_list)) {
1935                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1936                 if ((arm_addr->start <= req->req.address) &&
1937                     (arm_addr->end > req->req.address)) {
1938                         if (req->req.address + req->req.length <= arm_addr->end) {
1939                                 offset = req->req.address - arm_addr->start;
1940
1941                                 DBGMSG
1942                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
1943                                      arm_addr->addr_space_buffer + offset,
1944                                      (u32) req->req.sendb,
1945                                      (u32) req->req.length);
1946
1947                                 if (copy_from_user
1948                                     (arm_addr->addr_space_buffer + offset,
1949                                      int2ptr(req->req.sendb),
1950                                      req->req.length)) {
1951                                         spin_unlock_irqrestore(&host_info_lock,
1952                                                                flags);
1953                                         return (-EFAULT);
1954                                 }
1955
1956                                 spin_unlock_irqrestore(&host_info_lock, flags);
1957                                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1958                                 return sizeof(struct raw1394_request);
1959                         } else {
1960                                 DBGMSG("arm_set_buf request exceeded mapping");
1961                                 spin_unlock_irqrestore(&host_info_lock, flags);
1962                                 return (-EINVAL);
1963                         }
1964                 }
1965                 entry = entry->next;
1966         }
1967         spin_unlock_irqrestore(&host_info_lock, flags);
1968         return (-EINVAL);
1969 }
1970
1971 static int reset_notification(struct file_info *fi, struct pending_request *req)
1972 {
1973         DBGMSG("reset_notification called - switch %s ",
1974                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1975         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1976             (req->req.misc == RAW1394_NOTIFY_ON)) {
1977                 fi->notification = (u8) req->req.misc;
1978                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1979                 return sizeof(struct raw1394_request);
1980         }
1981         /* error EINVAL (22) invalid argument */
1982         return (-EINVAL);
1983 }
1984
1985 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1986 {
1987         struct hpsb_packet *packet = NULL;
1988         int retval = 0;
1989         quadlet_t data;
1990         unsigned long flags;
1991
1992         data = be32_to_cpu((u32) req->req.sendb);
1993         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1994         packet = hpsb_make_phypacket(fi->host, data);
1995         if (!packet)
1996                 return -ENOMEM;
1997         req->req.length = 0;
1998         req->packet = packet;
1999         hpsb_set_packet_complete_task(packet,
2000                                       (void (*)(void *))queue_complete_cb, req);
2001         spin_lock_irqsave(&fi->reqlists_lock, flags);
2002         list_add_tail(&req->list, &fi->req_pending);
2003         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2004         packet->generation = req->req.generation;
2005         retval = hpsb_send_packet(packet);
2006         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2007         if (retval < 0) {
2008                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2009                 req->req.length = 0;
2010                 queue_complete_req(req);
2011         }
2012         return sizeof(struct raw1394_request);
2013 }
2014
2015 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2016 {
2017         int ret = sizeof(struct raw1394_request);
2018         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2019         int status;
2020
2021         if (!data)
2022                 return -ENOMEM;
2023
2024         status =
2025             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2026                          data, req->req.length);
2027         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2028                 ret = -EFAULT;
2029         if (copy_to_user
2030             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2031              sizeof(fi->host->csr.rom->cache_head->len)))
2032                 ret = -EFAULT;
2033         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2034                          sizeof(fi->host->csr.generation)))
2035                 ret = -EFAULT;
2036         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2037                 ret = -EFAULT;
2038         kfree(data);
2039         if (ret >= 0) {
2040                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2041         }
2042         return ret;
2043 }
2044
2045 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2046 {
2047         int ret = sizeof(struct raw1394_request);
2048         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2049         if (!data)
2050                 return -ENOMEM;
2051         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2052                 ret = -EFAULT;
2053         } else {
2054                 int status = hpsb_update_config_rom(fi->host,
2055                                                     data, req->req.length,
2056                                                     (unsigned char)req->req.
2057                                                     misc);
2058                 if (copy_to_user
2059                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2060                         ret = -ENOMEM;
2061         }
2062         kfree(data);
2063         if (ret >= 0) {
2064                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2065                 fi->cfgrom_upd = 1;
2066         }
2067         return ret;
2068 }
2069
2070 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2071 {
2072         struct csr1212_keyval *kv;
2073         struct csr1212_csr_rom_cache *cache;
2074         struct csr1212_dentry *dentry;
2075         u32 dr;
2076         int ret = 0;
2077
2078         if (req->req.misc == ~0) {
2079                 if (req->req.length == 0)
2080                         return -EINVAL;
2081
2082                 /* Find an unused slot */
2083                 for (dr = 0;
2084                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2085                      dr++) ;
2086
2087                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2088                         return -ENOMEM;
2089
2090                 fi->csr1212_dirs[dr] =
2091                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2092                 if (!fi->csr1212_dirs[dr])
2093                         return -ENOMEM;
2094         } else {
2095                 dr = req->req.misc;
2096                 if (!fi->csr1212_dirs[dr])
2097                         return -EINVAL;
2098
2099                 /* Delete old stuff */
2100                 for (dentry =
2101                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2102                      dentry; dentry = dentry->next) {
2103                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2104                                                              root_kv,
2105                                                              dentry->kv);
2106                 }
2107
2108                 if (req->req.length == 0) {
2109                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2110                         fi->csr1212_dirs[dr] = NULL;
2111
2112                         hpsb_update_config_rom_image(fi->host);
2113                         free_pending_request(req);
2114                         return sizeof(struct raw1394_request);
2115                 }
2116         }
2117
2118         cache = csr1212_rom_cache_malloc(0, req->req.length);
2119         if (!cache) {
2120                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2121                 fi->csr1212_dirs[dr] = NULL;
2122                 return -ENOMEM;
2123         }
2124
2125         cache->filled_head =
2126             kmalloc(sizeof(struct csr1212_cache_region), GFP_KERNEL);
2127         if (!cache->filled_head) {
2128                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2129                 fi->csr1212_dirs[dr] = NULL;
2130                 CSR1212_FREE(cache);
2131                 return -ENOMEM;
2132         }
2133         cache->filled_tail = cache->filled_head;
2134
2135         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2136                            req->req.length)) {
2137                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2138                 fi->csr1212_dirs[dr] = NULL;
2139                 CSR1212_FREE(cache);
2140                 ret = -EFAULT;
2141         } else {
2142                 cache->len = req->req.length;
2143                 cache->filled_head->offset_start = 0;
2144                 cache->filled_head->offset_end = cache->size - 1;
2145
2146                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2147
2148                 ret = CSR1212_SUCCESS;
2149                 /* parse all the items */
2150                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2151                      kv = kv->next) {
2152                         ret = csr1212_parse_keyval(kv, cache);
2153                 }
2154
2155                 /* attach top level items to the root directory */
2156                 for (dentry =
2157                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2158                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2159                         ret =
2160                             csr1212_attach_keyval_to_directory(fi->host->csr.
2161                                                                rom->root_kv,
2162                                                                dentry->kv);
2163                 }
2164
2165                 if (ret == CSR1212_SUCCESS) {
2166                         ret = hpsb_update_config_rom_image(fi->host);
2167
2168                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2169                                                      &dr, sizeof(dr))) {
2170                                 ret = -ENOMEM;
2171                         }
2172                 }
2173         }
2174         kfree(cache->filled_head);
2175         kfree(cache);
2176
2177         if (ret >= 0) {
2178                 /* we have to free the request, because we queue no response,
2179                  * and therefore nobody will free it */
2180                 free_pending_request(req);
2181                 return sizeof(struct raw1394_request);
2182         } else {
2183                 for (dentry =
2184                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2185                      dentry; dentry = dentry->next) {
2186                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2187                                                              root_kv,
2188                                                              dentry->kv);
2189                 }
2190                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2191                 fi->csr1212_dirs[dr] = NULL;
2192                 return ret;
2193         }
2194 }
2195
2196 static int state_connected(struct file_info *fi, struct pending_request *req)
2197 {
2198         int node = req->req.address >> 48;
2199
2200         req->req.error = RAW1394_ERROR_NONE;
2201
2202         switch (req->req.type) {
2203
2204         case RAW1394_REQ_ECHO:
2205                 queue_complete_req(req);
2206                 return sizeof(struct raw1394_request);
2207
2208         case RAW1394_REQ_ISO_SEND:
2209                 return handle_iso_send(fi, req, node);
2210
2211         case RAW1394_REQ_ARM_REGISTER:
2212                 return arm_register(fi, req);
2213
2214         case RAW1394_REQ_ARM_UNREGISTER:
2215                 return arm_unregister(fi, req);
2216
2217         case RAW1394_REQ_ARM_SET_BUF:
2218                 return arm_set_buf(fi, req);
2219
2220         case RAW1394_REQ_ARM_GET_BUF:
2221                 return arm_get_buf(fi, req);
2222
2223         case RAW1394_REQ_RESET_NOTIFY:
2224                 return reset_notification(fi, req);
2225
2226         case RAW1394_REQ_ISO_LISTEN:
2227                 handle_iso_listen(fi, req);
2228                 return sizeof(struct raw1394_request);
2229
2230         case RAW1394_REQ_FCP_LISTEN:
2231                 handle_fcp_listen(fi, req);
2232                 return sizeof(struct raw1394_request);
2233
2234         case RAW1394_REQ_RESET_BUS:
2235                 if (req->req.misc == RAW1394_LONG_RESET) {
2236                         DBGMSG("busreset called (type: LONG)");
2237                         hpsb_reset_bus(fi->host, LONG_RESET);
2238                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2239                         return sizeof(struct raw1394_request);
2240                 }
2241                 if (req->req.misc == RAW1394_SHORT_RESET) {
2242                         DBGMSG("busreset called (type: SHORT)");
2243                         hpsb_reset_bus(fi->host, SHORT_RESET);
2244                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2245                         return sizeof(struct raw1394_request);
2246                 }
2247                 /* error EINVAL (22) invalid argument */
2248                 return (-EINVAL);
2249         case RAW1394_REQ_GET_ROM:
2250                 return get_config_rom(fi, req);
2251
2252         case RAW1394_REQ_UPDATE_ROM:
2253                 return update_config_rom(fi, req);
2254
2255         case RAW1394_REQ_MODIFY_ROM:
2256                 return modify_config_rom(fi, req);
2257         }
2258
2259         if (req->req.generation != get_hpsb_generation(fi->host)) {
2260                 req->req.error = RAW1394_ERROR_GENERATION;
2261                 req->req.generation = get_hpsb_generation(fi->host);
2262                 req->req.length = 0;
2263                 queue_complete_req(req);
2264                 return sizeof(struct raw1394_request);
2265         }
2266
2267         switch (req->req.type) {
2268         case RAW1394_REQ_PHYPACKET:
2269                 return write_phypacket(fi, req);
2270         case RAW1394_REQ_ASYNC_SEND:
2271                 return handle_async_send(fi, req);
2272         }
2273
2274         if (req->req.length == 0) {
2275                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2276                 queue_complete_req(req);
2277                 return sizeof(struct raw1394_request);
2278         }
2279
2280         return handle_async_request(fi, req, node);
2281 }
2282
2283 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2284                              size_t count, loff_t * offset_is_ignored)
2285 {
2286         struct file_info *fi = (struct file_info *)file->private_data;
2287         struct pending_request *req;
2288         ssize_t retval = 0;
2289
2290         if (count != sizeof(struct raw1394_request)) {
2291                 return -EINVAL;
2292         }
2293
2294         req = alloc_pending_request();
2295         if (req == NULL) {
2296                 return -ENOMEM;
2297         }
2298         req->file_info = fi;
2299
2300         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2301                 free_pending_request(req);
2302                 return -EFAULT;
2303         }
2304
2305         switch (fi->state) {
2306         case opened:
2307                 retval = state_opened(fi, req);
2308                 break;
2309
2310         case initialized:
2311                 retval = state_initialized(fi, req);
2312                 break;
2313
2314         case connected:
2315                 retval = state_connected(fi, req);
2316                 break;
2317         }
2318
2319         if (retval < 0) {
2320                 free_pending_request(req);
2321         }
2322
2323         return retval;
2324 }
2325
2326 /* rawiso operations */
2327
2328 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2329  * completion queue (reqlists_lock must be taken) */
2330 static inline int __rawiso_event_in_queue(struct file_info *fi)
2331 {
2332         struct pending_request *req;
2333
2334         list_for_each_entry(req, &fi->req_complete, list)
2335             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2336                 return 1;
2337
2338         return 0;
2339 }
2340
2341 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2342 static void queue_rawiso_event(struct file_info *fi)
2343 {
2344         unsigned long flags;
2345
2346         spin_lock_irqsave(&fi->reqlists_lock, flags);
2347
2348         /* only one ISO activity event may be in the queue */
2349         if (!__rawiso_event_in_queue(fi)) {
2350                 struct pending_request *req =
2351                     __alloc_pending_request(SLAB_ATOMIC);
2352
2353                 if (req) {
2354                         req->file_info = fi;
2355                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2356                         req->req.generation = get_hpsb_generation(fi->host);
2357                         __queue_complete_req(req);
2358                 } else {
2359                         /* on allocation failure, signal an overflow */
2360                         if (fi->iso_handle) {
2361                                 atomic_inc(&fi->iso_handle->overflows);
2362                         }
2363                 }
2364         }
2365         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2366 }
2367
2368 static void rawiso_activity_cb(struct hpsb_iso *iso)
2369 {
2370         unsigned long flags;
2371         struct host_info *hi;
2372         struct file_info *fi;
2373
2374         spin_lock_irqsave(&host_info_lock, flags);
2375         hi = find_host_info(iso->host);
2376
2377         if (hi != NULL) {
2378                 list_for_each_entry(fi, &hi->file_info_list, list) {
2379                         if (fi->iso_handle == iso)
2380                                 queue_rawiso_event(fi);
2381                 }
2382         }
2383
2384         spin_unlock_irqrestore(&host_info_lock, flags);
2385 }
2386
2387 /* helper function - gather all the kernel iso status bits for returning to user-space */
2388 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2389                                     struct raw1394_iso_status *stat)
2390 {
2391         stat->config.data_buf_size = iso->buf_size;
2392         stat->config.buf_packets = iso->buf_packets;
2393         stat->config.channel = iso->channel;
2394         stat->config.speed = iso->speed;
2395         stat->config.irq_interval = iso->irq_interval;
2396         stat->n_packets = hpsb_iso_n_ready(iso);
2397         stat->overflows = atomic_read(&iso->overflows);
2398         stat->xmit_cycle = iso->xmit_cycle;
2399 }
2400
2401 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2402 {
2403         struct raw1394_iso_status stat;
2404
2405         if (!fi->host)
2406                 return -EINVAL;
2407
2408         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2409                 return -EFAULT;
2410
2411         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2412                                             stat.config.data_buf_size,
2413                                             stat.config.buf_packets,
2414                                             stat.config.channel,
2415                                             stat.config.speed,
2416                                             stat.config.irq_interval,
2417                                             rawiso_activity_cb);
2418         if (!fi->iso_handle)
2419                 return -ENOMEM;
2420
2421         fi->iso_state = RAW1394_ISO_XMIT;
2422
2423         raw1394_iso_fill_status(fi->iso_handle, &stat);
2424         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2425                 return -EFAULT;
2426
2427         /* queue an event to get things started */
2428         rawiso_activity_cb(fi->iso_handle);
2429
2430         return 0;
2431 }
2432
2433 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2434 {
2435         struct raw1394_iso_status stat;
2436
2437         if (!fi->host)
2438                 return -EINVAL;
2439
2440         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2441                 return -EFAULT;
2442
2443         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2444                                             stat.config.data_buf_size,
2445                                             stat.config.buf_packets,
2446                                             stat.config.channel,
2447                                             stat.config.dma_mode,
2448                                             stat.config.irq_interval,
2449                                             rawiso_activity_cb);
2450         if (!fi->iso_handle)
2451                 return -ENOMEM;
2452
2453         fi->iso_state = RAW1394_ISO_RECV;
2454
2455         raw1394_iso_fill_status(fi->iso_handle, &stat);
2456         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2457                 return -EFAULT;
2458         return 0;
2459 }
2460
2461 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2462 {
2463         struct raw1394_iso_status stat;
2464         struct hpsb_iso *iso = fi->iso_handle;
2465
2466         raw1394_iso_fill_status(fi->iso_handle, &stat);
2467         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2468                 return -EFAULT;
2469
2470         /* reset overflow counter */
2471         atomic_set(&iso->overflows, 0);
2472
2473         return 0;
2474 }
2475
2476 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2477 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2478 {
2479         struct raw1394_iso_packets upackets;
2480         unsigned int packet = fi->iso_handle->first_packet;
2481         int i;
2482
2483         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2484                 return -EFAULT;
2485
2486         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2487                 return -EINVAL;
2488
2489         /* ensure user-supplied buffer is accessible and big enough */
2490         if (!access_ok(VERIFY_WRITE, upackets.infos,
2491                         upackets.n_packets *
2492                         sizeof(struct raw1394_iso_packet_info)))
2493                 return -EFAULT;
2494
2495         /* copy the packet_infos out */
2496         for (i = 0; i < upackets.n_packets; i++) {
2497                 if (__copy_to_user(&upackets.infos[i],
2498                                    &fi->iso_handle->infos[packet],
2499                                    sizeof(struct raw1394_iso_packet_info)))
2500                         return -EFAULT;
2501
2502                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2503         }
2504
2505         return 0;
2506 }
2507
2508 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2509 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2510 {
2511         struct raw1394_iso_packets upackets;
2512         int i, rv;
2513
2514         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2515                 return -EFAULT;
2516
2517         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2518                 return -EINVAL;
2519
2520         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2521                 return -EAGAIN;
2522
2523         /* ensure user-supplied buffer is accessible and big enough */
2524         if (!access_ok(VERIFY_READ, upackets.infos,
2525                         upackets.n_packets *
2526                         sizeof(struct raw1394_iso_packet_info)))
2527                 return -EFAULT;
2528
2529         /* copy the infos structs in and queue the packets */
2530         for (i = 0; i < upackets.n_packets; i++) {
2531                 struct raw1394_iso_packet_info info;
2532
2533                 if (__copy_from_user(&info, &upackets.infos[i],
2534                                      sizeof(struct raw1394_iso_packet_info)))
2535                         return -EFAULT;
2536
2537                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2538                                                 info.len, info.tag, info.sy);
2539                 if (rv)
2540                         return rv;
2541         }
2542
2543         return 0;
2544 }
2545
2546 static void raw1394_iso_shutdown(struct file_info *fi)
2547 {
2548         if (fi->iso_handle)
2549                 hpsb_iso_shutdown(fi->iso_handle);
2550
2551         fi->iso_handle = NULL;
2552         fi->iso_state = RAW1394_ISO_INACTIVE;
2553 }
2554
2555 /* mmap the rawiso xmit/recv buffer */
2556 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2557 {
2558         struct file_info *fi = file->private_data;
2559
2560         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2561                 return -EINVAL;
2562
2563         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2564 }
2565
2566 /* ioctl is only used for rawiso operations */
2567 static int raw1394_ioctl(struct inode *inode, struct file *file,
2568                          unsigned int cmd, unsigned long arg)
2569 {
2570         struct file_info *fi = file->private_data;
2571         void __user *argp = (void __user *)arg;
2572
2573         switch (fi->iso_state) {
2574         case RAW1394_ISO_INACTIVE:
2575                 switch (cmd) {
2576                 case RAW1394_IOC_ISO_XMIT_INIT:
2577                         return raw1394_iso_xmit_init(fi, argp);
2578                 case RAW1394_IOC_ISO_RECV_INIT:
2579                         return raw1394_iso_recv_init(fi, argp);
2580                 default:
2581                         break;
2582                 }
2583                 break;
2584         case RAW1394_ISO_RECV:
2585                 switch (cmd) {
2586                 case RAW1394_IOC_ISO_RECV_START:{
2587                                 /* copy args from user-space */
2588                                 int args[3];
2589                                 if (copy_from_user
2590                                     (&args[0], argp, sizeof(args)))
2591                                         return -EFAULT;
2592                                 return hpsb_iso_recv_start(fi->iso_handle,
2593                                                            args[0], args[1],
2594                                                            args[2]);
2595                         }
2596                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2597                         hpsb_iso_stop(fi->iso_handle);
2598                         return 0;
2599                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2600                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2601                                                             arg);
2602                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2603                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2604                                                               arg);
2605                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2606                                 /* copy the u64 from user-space */
2607                                 u64 mask;
2608                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2609                                         return -EFAULT;
2610                                 return hpsb_iso_recv_set_channel_mask(fi->
2611                                                                       iso_handle,
2612                                                                       mask);
2613                         }
2614                 case RAW1394_IOC_ISO_GET_STATUS:
2615                         return raw1394_iso_get_status(fi, argp);
2616                 case RAW1394_IOC_ISO_RECV_PACKETS:
2617                         return raw1394_iso_recv_packets(fi, argp);
2618                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2619                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2620                                                              arg);
2621                 case RAW1394_IOC_ISO_RECV_FLUSH:
2622                         return hpsb_iso_recv_flush(fi->iso_handle);
2623                 case RAW1394_IOC_ISO_SHUTDOWN:
2624                         raw1394_iso_shutdown(fi);
2625                         return 0;
2626                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2627                         queue_rawiso_event(fi);
2628                         return 0;
2629                 }
2630                 break;
2631         case RAW1394_ISO_XMIT:
2632                 switch (cmd) {
2633                 case RAW1394_IOC_ISO_XMIT_START:{
2634                                 /* copy two ints from user-space */
2635                                 int args[2];
2636                                 if (copy_from_user
2637                                     (&args[0], argp, sizeof(args)))
2638                                         return -EFAULT;
2639                                 return hpsb_iso_xmit_start(fi->iso_handle,
2640                                                            args[0], args[1]);
2641                         }
2642                 case RAW1394_IOC_ISO_XMIT_SYNC:
2643                         return hpsb_iso_xmit_sync(fi->iso_handle);
2644                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2645                         hpsb_iso_stop(fi->iso_handle);
2646                         return 0;
2647                 case RAW1394_IOC_ISO_GET_STATUS:
2648                         return raw1394_iso_get_status(fi, argp);
2649                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2650                         return raw1394_iso_send_packets(fi, argp);
2651                 case RAW1394_IOC_ISO_SHUTDOWN:
2652                         raw1394_iso_shutdown(fi);
2653                         return 0;
2654                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2655                         queue_rawiso_event(fi);
2656                         return 0;
2657                 }
2658                 break;
2659         default:
2660                 break;
2661         }
2662
2663         return -EINVAL;
2664 }
2665
2666 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2667 {
2668         struct file_info *fi = file->private_data;
2669         unsigned int mask = POLLOUT | POLLWRNORM;
2670         unsigned long flags;
2671
2672         poll_wait(file, &fi->poll_wait_complete, pt);
2673
2674         spin_lock_irqsave(&fi->reqlists_lock, flags);
2675         if (!list_empty(&fi->req_complete)) {
2676                 mask |= POLLIN | POLLRDNORM;
2677         }
2678         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2679
2680         return mask;
2681 }
2682
2683 static int raw1394_open(struct inode *inode, struct file *file)
2684 {
2685         struct file_info *fi;
2686
2687         fi = kmalloc(sizeof(struct file_info), SLAB_KERNEL);
2688         if (fi == NULL)
2689                 return -ENOMEM;
2690
2691         memset(fi, 0, sizeof(struct file_info));
2692         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2693
2694         INIT_LIST_HEAD(&fi->list);
2695         fi->state = opened;
2696         INIT_LIST_HEAD(&fi->req_pending);
2697         INIT_LIST_HEAD(&fi->req_complete);
2698         sema_init(&fi->complete_sem, 0);
2699         spin_lock_init(&fi->reqlists_lock);
2700         init_waitqueue_head(&fi->poll_wait_complete);
2701         INIT_LIST_HEAD(&fi->addr_list);
2702
2703         file->private_data = fi;
2704
2705         return 0;
2706 }
2707
2708 static int raw1394_release(struct inode *inode, struct file *file)
2709 {
2710         struct file_info *fi = file->private_data;
2711         struct list_head *lh;
2712         struct pending_request *req;
2713         int done = 0, i, fail = 0;
2714         int retval = 0;
2715         struct list_head *entry;
2716         struct arm_addr *addr = NULL;
2717         struct host_info *hi;
2718         struct file_info *fi_hlp = NULL;
2719         struct arm_addr *arm_addr = NULL;
2720         int another_host;
2721         int csr_mod = 0;
2722         unsigned long flags;
2723
2724         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2725                 raw1394_iso_shutdown(fi);
2726
2727         for (i = 0; i < 64; i++) {
2728                 if (fi->listen_channels & (1ULL << i)) {
2729                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2730                 }
2731         }
2732
2733         spin_lock_irqsave(&host_info_lock, flags);
2734         fi->listen_channels = 0;
2735
2736         fail = 0;
2737         /* set address-entries invalid */
2738
2739         while (!list_empty(&fi->addr_list)) {
2740                 another_host = 0;
2741                 lh = fi->addr_list.next;
2742                 addr = list_entry(lh, struct arm_addr, addr_list);
2743                 /* another host with valid address-entry containing
2744                    same addressrange? */
2745                 list_for_each_entry(hi, &host_info_list, list) {
2746                         if (hi->host != fi->host) {
2747                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2748                                                     list) {
2749                                         entry = fi_hlp->addr_list.next;
2750                                         while (entry != &(fi_hlp->addr_list)) {
2751                                                 arm_addr = list_entry(entry,
2752                                                                       struct
2753                                                                       arm_addr,
2754                                                                       addr_list);
2755                                                 if (arm_addr->start ==
2756                                                     addr->start) {
2757                                                         DBGMSG
2758                                                             ("raw1394_release: "
2759                                                              "another host ownes "
2760                                                              "same addressrange");
2761                                                         another_host = 1;
2762                                                         break;
2763                                                 }
2764                                                 entry = entry->next;
2765                                         }
2766                                         if (another_host) {
2767                                                 break;
2768                                         }
2769                                 }
2770                         }
2771                 }
2772                 if (!another_host) {
2773                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2774                         retval =
2775                             hpsb_unregister_addrspace(&raw1394_highlevel,
2776                                                       fi->host, addr->start);
2777                         if (!retval) {
2778                                 ++fail;
2779                                 printk(KERN_ERR
2780                                        "raw1394_release arm_Unregister failed\n");
2781                         }
2782                 }
2783                 DBGMSG("raw1394_release: delete addr_entry from list");
2784                 list_del(&addr->addr_list);
2785                 vfree(addr->addr_space_buffer);
2786                 kfree(addr);
2787         }                       /* while */
2788         spin_unlock_irqrestore(&host_info_lock, flags);
2789         if (fail > 0) {
2790                 printk(KERN_ERR "raw1394: during addr_list-release "
2791                        "error(s) occurred \n");
2792         }
2793
2794         while (!done) {
2795                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2796
2797                 while (!list_empty(&fi->req_complete)) {
2798                         lh = fi->req_complete.next;
2799                         list_del(lh);
2800
2801                         req = list_entry(lh, struct pending_request, list);
2802
2803                         free_pending_request(req);
2804                 }
2805
2806                 if (list_empty(&fi->req_pending))
2807                         done = 1;
2808
2809                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2810
2811                 if (!done)
2812                         down_interruptible(&fi->complete_sem);
2813         }
2814
2815         /* Remove any sub-trees left by user space programs */
2816         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2817                 struct csr1212_dentry *dentry;
2818                 if (!fi->csr1212_dirs[i])
2819                         continue;
2820                 for (dentry =
2821                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2822                      dentry = dentry->next) {
2823                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2824                                                              root_kv,
2825                                                              dentry->kv);
2826                 }
2827                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2828                 fi->csr1212_dirs[i] = NULL;
2829                 csr_mod = 1;
2830         }
2831
2832         if ((csr_mod || fi->cfgrom_upd)
2833             && hpsb_update_config_rom_image(fi->host) < 0)
2834                 HPSB_ERR
2835                     ("Failed to generate Configuration ROM image for host %d",
2836                      fi->host->id);
2837
2838         if (fi->state == connected) {
2839                 spin_lock_irqsave(&host_info_lock, flags);
2840                 list_del(&fi->list);
2841                 spin_unlock_irqrestore(&host_info_lock, flags);
2842
2843                 put_device(&fi->host->device);
2844         }
2845
2846         kfree(fi);
2847
2848         return 0;
2849 }
2850
2851 /*** HOTPLUG STUFF **********************************************************/
2852 /*
2853  * Export information about protocols/devices supported by this driver.
2854  */
2855 static struct ieee1394_device_id raw1394_id_table[] = {
2856         {
2857          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2858          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2859          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2860         {
2861          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2862          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2863          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2864         {
2865          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2866          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2867          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2868         {
2869          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2870          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2871          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2872         {}
2873 };
2874
2875 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2876
2877 static struct hpsb_protocol_driver raw1394_driver = {
2878         .name = "raw1394 Driver",
2879         .id_table = raw1394_id_table,
2880         .driver = {
2881                    .name = "raw1394",
2882                    .bus = &ieee1394_bus_type,
2883                    },
2884 };
2885
2886 /******************************************************************************/
2887
2888 static struct hpsb_highlevel raw1394_highlevel = {
2889         .name = RAW1394_DEVICE_NAME,
2890         .add_host = add_host,
2891         .remove_host = remove_host,
2892         .host_reset = host_reset,
2893         .iso_receive = iso_receive,
2894         .fcp_request = fcp_request,
2895 };
2896
2897 static struct cdev raw1394_cdev;
2898 static struct file_operations raw1394_fops = {
2899         .owner = THIS_MODULE,
2900         .read = raw1394_read,
2901         .write = raw1394_write,
2902         .mmap = raw1394_mmap,
2903         .ioctl = raw1394_ioctl,
2904         .poll = raw1394_poll,
2905         .open = raw1394_open,
2906         .release = raw1394_release,
2907 };
2908
2909 static int __init init_raw1394(void)
2910 {
2911         int ret = 0;
2912
2913         hpsb_register_highlevel(&raw1394_highlevel);
2914
2915         if (IS_ERR(class_device_create(hpsb_protocol_class, NULL, MKDEV(
2916                 IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), 
2917                 NULL, RAW1394_DEVICE_NAME))) {
2918                 ret = -EFAULT;
2919                 goto out_unreg;
2920         }
2921         
2922         devfs_mk_cdev(MKDEV(
2923                 IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16),
2924                 S_IFCHR | S_IRUSR | S_IWUSR, RAW1394_DEVICE_NAME);
2925
2926         cdev_init(&raw1394_cdev, &raw1394_fops);
2927         raw1394_cdev.owner = THIS_MODULE;
2928         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
2929         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
2930         if (ret) {
2931                 HPSB_ERR("raw1394 failed to register minor device block");
2932                 goto out_dev;
2933         }
2934
2935         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
2936
2937         ret = hpsb_register_protocol(&raw1394_driver);
2938         if (ret) {
2939                 HPSB_ERR("raw1394: failed to register protocol");
2940                 cdev_del(&raw1394_cdev);
2941                 goto out_dev;
2942         }
2943
2944         goto out;
2945
2946 out_dev:
2947         devfs_remove(RAW1394_DEVICE_NAME);
2948         class_device_destroy(hpsb_protocol_class,
2949                 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2950 out_unreg:
2951         hpsb_unregister_highlevel(&raw1394_highlevel);
2952 out:
2953         return ret;
2954 }
2955
2956 static void __exit cleanup_raw1394(void)
2957 {
2958         class_device_destroy(hpsb_protocol_class,
2959                 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2960         cdev_del(&raw1394_cdev);
2961         devfs_remove(RAW1394_DEVICE_NAME);
2962         hpsb_unregister_highlevel(&raw1394_highlevel);
2963         hpsb_unregister_protocol(&raw1394_driver);
2964 }
2965
2966 module_init(init_raw1394);
2967 module_exit(cleanup_raw1394);
2968 MODULE_LICENSE("GPL");