Pull bugzilla-7349 into test branch
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
58
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
61
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
65
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
72
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
77
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
80
81 static struct hpsb_highlevel raw1394_highlevel;
82
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84                     u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86                      quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89                     u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92                       u16 flags);
93 static struct hpsb_address_ops arm_ops = {
94         .read = arm_read,
95         .write = arm_write,
96         .lock = arm_lock,
97         .lock64 = arm_lock64,
98 };
99
100 static void queue_complete_cb(struct pending_request *req);
101
102 #include <asm/current.h>
103 static void print_old_iso_deprecation(void)
104 {
105         static pid_t p;
106
107         if (p == current->pid)
108                 return;
109         p = current->pid;
110         printk(KERN_WARNING "raw1394: WARNING - Program \"%s\" uses unsupported"
111                " isochronous request types which will be removed in a next"
112                " kernel release\n", current->comm);
113         printk(KERN_WARNING "raw1394: Update your software to use libraw1394's"
114                " newer interface\n");
115 }
116
117 static struct pending_request *__alloc_pending_request(gfp_t flags)
118 {
119         struct pending_request *req;
120
121         req = kzalloc(sizeof(*req), flags);
122         if (req)
123                 INIT_LIST_HEAD(&req->list);
124
125         return req;
126 }
127
128 static inline struct pending_request *alloc_pending_request(void)
129 {
130         return __alloc_pending_request(GFP_KERNEL);
131 }
132
133 static void free_pending_request(struct pending_request *req)
134 {
135         if (req->ibs) {
136                 if (atomic_dec_and_test(&req->ibs->refcount)) {
137                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
138                         kfree(req->ibs);
139                 }
140         } else if (req->free_data) {
141                 kfree(req->data);
142         }
143         hpsb_free_packet(req->packet);
144         kfree(req);
145 }
146
147 /* fi->reqlists_lock must be taken */
148 static void __queue_complete_req(struct pending_request *req)
149 {
150         struct file_info *fi = req->file_info;
151
152         list_move_tail(&req->list, &fi->req_complete);
153         wake_up(&fi->wait_complete);
154 }
155
156 static void queue_complete_req(struct pending_request *req)
157 {
158         unsigned long flags;
159         struct file_info *fi = req->file_info;
160
161         spin_lock_irqsave(&fi->reqlists_lock, flags);
162         __queue_complete_req(req);
163         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
164 }
165
166 static void queue_complete_cb(struct pending_request *req)
167 {
168         struct hpsb_packet *packet = req->packet;
169         int rcode = (packet->header[1] >> 12) & 0xf;
170
171         switch (packet->ack_code) {
172         case ACKX_NONE:
173         case ACKX_SEND_ERROR:
174                 req->req.error = RAW1394_ERROR_SEND_ERROR;
175                 break;
176         case ACKX_ABORTED:
177                 req->req.error = RAW1394_ERROR_ABORTED;
178                 break;
179         case ACKX_TIMEOUT:
180                 req->req.error = RAW1394_ERROR_TIMEOUT;
181                 break;
182         default:
183                 req->req.error = (packet->ack_code << 16) | rcode;
184                 break;
185         }
186
187         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
188                 req->req.length = 0;
189         }
190
191         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
192             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
193             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
194             (req->req.type == RAW1394_REQ_LOCK) ||
195             (req->req.type == RAW1394_REQ_LOCK64))
196                 hpsb_free_tlabel(packet);
197
198         queue_complete_req(req);
199 }
200
201 static void add_host(struct hpsb_host *host)
202 {
203         struct host_info *hi;
204         unsigned long flags;
205
206         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
207
208         if (hi) {
209                 INIT_LIST_HEAD(&hi->list);
210                 hi->host = host;
211                 INIT_LIST_HEAD(&hi->file_info_list);
212
213                 spin_lock_irqsave(&host_info_lock, flags);
214                 list_add_tail(&hi->list, &host_info_list);
215                 host_count++;
216                 spin_unlock_irqrestore(&host_info_lock, flags);
217         }
218
219         atomic_inc(&internal_generation);
220 }
221
222 static struct host_info *find_host_info(struct hpsb_host *host)
223 {
224         struct host_info *hi;
225
226         list_for_each_entry(hi, &host_info_list, list)
227             if (hi->host == host)
228                 return hi;
229
230         return NULL;
231 }
232
233 static void remove_host(struct hpsb_host *host)
234 {
235         struct host_info *hi;
236         unsigned long flags;
237
238         spin_lock_irqsave(&host_info_lock, flags);
239         hi = find_host_info(host);
240
241         if (hi != NULL) {
242                 list_del(&hi->list);
243                 host_count--;
244                 /*
245                    FIXME: address ranges should be removed
246                    and fileinfo states should be initialized
247                    (including setting generation to
248                    internal-generation ...)
249                  */
250         }
251         spin_unlock_irqrestore(&host_info_lock, flags);
252
253         if (hi == NULL) {
254                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
255                        "0x%p\n", host);
256                 return;
257         }
258
259         kfree(hi);
260
261         atomic_inc(&internal_generation);
262 }
263
264 static void host_reset(struct hpsb_host *host)
265 {
266         unsigned long flags;
267         struct host_info *hi;
268         struct file_info *fi;
269         struct pending_request *req;
270
271         spin_lock_irqsave(&host_info_lock, flags);
272         hi = find_host_info(host);
273
274         if (hi != NULL) {
275                 list_for_each_entry(fi, &hi->file_info_list, list) {
276                         if (fi->notification == RAW1394_NOTIFY_ON) {
277                                 req = __alloc_pending_request(GFP_ATOMIC);
278
279                                 if (req != NULL) {
280                                         req->file_info = fi;
281                                         req->req.type = RAW1394_REQ_BUS_RESET;
282                                         req->req.generation =
283                                             get_hpsb_generation(host);
284                                         req->req.misc = (host->node_id << 16)
285                                             | host->node_count;
286                                         if (fi->protocol_version > 3) {
287                                                 req->req.misc |=
288                                                     (NODEID_TO_NODE
289                                                      (host->irm_id)
290                                                      << 8);
291                                         }
292
293                                         queue_complete_req(req);
294                                 }
295                         }
296                 }
297         }
298         spin_unlock_irqrestore(&host_info_lock, flags);
299 }
300
301 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
302                         size_t length)
303 {
304         unsigned long flags;
305         struct host_info *hi;
306         struct file_info *fi;
307         struct pending_request *req, *req_next;
308         struct iso_block_store *ibs = NULL;
309         LIST_HEAD(reqs);
310
311         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
312                 HPSB_INFO("dropped iso packet");
313                 return;
314         }
315
316         spin_lock_irqsave(&host_info_lock, flags);
317         hi = find_host_info(host);
318
319         if (hi != NULL) {
320                 list_for_each_entry(fi, &hi->file_info_list, list) {
321                         if (!(fi->listen_channels & (1ULL << channel)))
322                                 continue;
323
324                         req = __alloc_pending_request(GFP_ATOMIC);
325                         if (!req)
326                                 break;
327
328                         if (!ibs) {
329                                 ibs = kmalloc(sizeof(*ibs) + length,
330                                               GFP_ATOMIC);
331                                 if (!ibs) {
332                                         kfree(req);
333                                         break;
334                                 }
335
336                                 atomic_add(length, &iso_buffer_size);
337                                 atomic_set(&ibs->refcount, 0);
338                                 ibs->data_size = length;
339                                 memcpy(ibs->data, data, length);
340                         }
341
342                         atomic_inc(&ibs->refcount);
343
344                         req->file_info = fi;
345                         req->ibs = ibs;
346                         req->data = ibs->data;
347                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
348                         req->req.generation = get_hpsb_generation(host);
349                         req->req.misc = 0;
350                         req->req.recvb = ptr2int(fi->iso_buffer);
351                         req->req.length = min(length, fi->iso_buffer_length);
352
353                         list_add_tail(&req->list, &reqs);
354                 }
355         }
356         spin_unlock_irqrestore(&host_info_lock, flags);
357
358         list_for_each_entry_safe(req, req_next, &reqs, list)
359             queue_complete_req(req);
360 }
361
362 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
363                         int cts, u8 * data, size_t length)
364 {
365         unsigned long flags;
366         struct host_info *hi;
367         struct file_info *fi;
368         struct pending_request *req, *req_next;
369         struct iso_block_store *ibs = NULL;
370         LIST_HEAD(reqs);
371
372         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
373                 HPSB_INFO("dropped fcp request");
374                 return;
375         }
376
377         spin_lock_irqsave(&host_info_lock, flags);
378         hi = find_host_info(host);
379
380         if (hi != NULL) {
381                 list_for_each_entry(fi, &hi->file_info_list, list) {
382                         if (!fi->fcp_buffer)
383                                 continue;
384
385                         req = __alloc_pending_request(GFP_ATOMIC);
386                         if (!req)
387                                 break;
388
389                         if (!ibs) {
390                                 ibs = kmalloc(sizeof(*ibs) + length,
391                                               GFP_ATOMIC);
392                                 if (!ibs) {
393                                         kfree(req);
394                                         break;
395                                 }
396
397                                 atomic_add(length, &iso_buffer_size);
398                                 atomic_set(&ibs->refcount, 0);
399                                 ibs->data_size = length;
400                                 memcpy(ibs->data, data, length);
401                         }
402
403                         atomic_inc(&ibs->refcount);
404
405                         req->file_info = fi;
406                         req->ibs = ibs;
407                         req->data = ibs->data;
408                         req->req.type = RAW1394_REQ_FCP_REQUEST;
409                         req->req.generation = get_hpsb_generation(host);
410                         req->req.misc = nodeid | (direction << 16);
411                         req->req.recvb = ptr2int(fi->fcp_buffer);
412                         req->req.length = length;
413
414                         list_add_tail(&req->list, &reqs);
415                 }
416         }
417         spin_unlock_irqrestore(&host_info_lock, flags);
418
419         list_for_each_entry_safe(req, req_next, &reqs, list)
420             queue_complete_req(req);
421 }
422
423 #ifdef CONFIG_COMPAT
424 struct compat_raw1394_req {
425         __u32 type;
426         __s32 error;
427         __u32 misc;
428
429         __u32 generation;
430         __u32 length;
431
432         __u64 address;
433
434         __u64 tag;
435
436         __u64 sendb;
437         __u64 recvb;
438 } __attribute__((packed));
439
440 static const char __user *raw1394_compat_write(const char __user *buf)
441 {
442         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
443         struct raw1394_request __user *r;
444         r = compat_alloc_user_space(sizeof(struct raw1394_request));
445
446 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
447
448         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
449             C(address) ||
450             C(tag) ||
451             C(sendb) ||
452             C(recvb))
453                 return ERR_PTR(-EFAULT);
454         return (const char __user *)r;
455 }
456 #undef C
457
458 #define P(x) __put_user(r->x, &cr->x)
459
460 static int
461 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
462 {
463         struct compat_raw1394_req __user *cr = (typeof(cr)) r;
464         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
465             P(type) ||
466             P(error) ||
467             P(misc) ||
468             P(generation) ||
469             P(length) ||
470             P(address) ||
471             P(tag) ||
472             P(sendb) ||
473             P(recvb))
474                 return -EFAULT;
475         return sizeof(struct compat_raw1394_req);
476 }
477 #undef P
478
479 #endif
480
481 /* get next completed request  (caller must hold fi->reqlists_lock) */
482 static inline struct pending_request *__next_complete_req(struct file_info *fi)
483 {
484         struct list_head *lh;
485         struct pending_request *req = NULL;
486
487         if (!list_empty(&fi->req_complete)) {
488                 lh = fi->req_complete.next;
489                 list_del(lh);
490                 req = list_entry(lh, struct pending_request, list);
491         }
492         return req;
493 }
494
495 /* atomically get next completed request */
496 static struct pending_request *next_complete_req(struct file_info *fi)
497 {
498         unsigned long flags;
499         struct pending_request *req;
500
501         spin_lock_irqsave(&fi->reqlists_lock, flags);
502         req = __next_complete_req(fi);
503         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
504         return req;
505 }
506
507 static ssize_t raw1394_read(struct file *file, char __user * buffer,
508                             size_t count, loff_t * offset_is_ignored)
509 {
510         struct file_info *fi = (struct file_info *)file->private_data;
511         struct pending_request *req;
512         ssize_t ret;
513
514 #ifdef CONFIG_COMPAT
515         if (count == sizeof(struct compat_raw1394_req)) {
516                 /* ok */
517         } else
518 #endif
519         if (count != sizeof(struct raw1394_request)) {
520                 return -EINVAL;
521         }
522
523         if (!access_ok(VERIFY_WRITE, buffer, count)) {
524                 return -EFAULT;
525         }
526
527         if (file->f_flags & O_NONBLOCK) {
528                 if (!(req = next_complete_req(fi)))
529                         return -EAGAIN;
530         } else {
531                 /*
532                  * NB: We call the macro wait_event_interruptible() with a
533                  * condition argument with side effect.  This is only possible
534                  * because the side effect does not occur until the condition
535                  * became true, and wait_event_interruptible() won't evaluate
536                  * the condition again after that.
537                  */
538                 if (wait_event_interruptible(fi->wait_complete,
539                                              (req = next_complete_req(fi))))
540                         return -ERESTARTSYS;
541         }
542
543         if (req->req.length) {
544                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
545                                  req->req.length)) {
546                         req->req.error = RAW1394_ERROR_MEMFAULT;
547                 }
548         }
549
550 #ifdef CONFIG_COMPAT
551         if (count == sizeof(struct compat_raw1394_req) &&
552             sizeof(struct compat_raw1394_req) !=
553                         sizeof(struct raw1394_request)) {
554                 ret = raw1394_compat_read(buffer, &req->req);
555         } else
556 #endif
557         {
558                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
559                         ret = -EFAULT;
560                         goto out;
561                 }
562                 ret = (ssize_t) sizeof(struct raw1394_request);
563         }
564       out:
565         free_pending_request(req);
566         return ret;
567 }
568
569 static int state_opened(struct file_info *fi, struct pending_request *req)
570 {
571         if (req->req.type == RAW1394_REQ_INITIALIZE) {
572                 switch (req->req.misc) {
573                 case RAW1394_KERNELAPI_VERSION:
574                 case 3:
575                         fi->state = initialized;
576                         fi->protocol_version = req->req.misc;
577                         req->req.error = RAW1394_ERROR_NONE;
578                         req->req.generation = atomic_read(&internal_generation);
579                         break;
580
581                 default:
582                         req->req.error = RAW1394_ERROR_COMPAT;
583                         req->req.misc = RAW1394_KERNELAPI_VERSION;
584                 }
585         } else {
586                 req->req.error = RAW1394_ERROR_STATE_ORDER;
587         }
588
589         req->req.length = 0;
590         queue_complete_req(req);
591         return sizeof(struct raw1394_request);
592 }
593
594 static int state_initialized(struct file_info *fi, struct pending_request *req)
595 {
596         unsigned long flags;
597         struct host_info *hi;
598         struct raw1394_khost_list *khl;
599
600         if (req->req.generation != atomic_read(&internal_generation)) {
601                 req->req.error = RAW1394_ERROR_GENERATION;
602                 req->req.generation = atomic_read(&internal_generation);
603                 req->req.length = 0;
604                 queue_complete_req(req);
605                 return sizeof(struct raw1394_request);
606         }
607
608         switch (req->req.type) {
609         case RAW1394_REQ_LIST_CARDS:
610                 spin_lock_irqsave(&host_info_lock, flags);
611                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
612
613                 if (khl) {
614                         req->req.misc = host_count;
615                         req->data = (quadlet_t *) khl;
616
617                         list_for_each_entry(hi, &host_info_list, list) {
618                                 khl->nodes = hi->host->node_count;
619                                 strcpy(khl->name, hi->host->driver->name);
620                                 khl++;
621                         }
622                 }
623                 spin_unlock_irqrestore(&host_info_lock, flags);
624
625                 if (khl) {
626                         req->req.error = RAW1394_ERROR_NONE;
627                         req->req.length = min(req->req.length,
628                                               (u32) (sizeof
629                                                      (struct raw1394_khost_list)
630                                                      * req->req.misc));
631                         req->free_data = 1;
632                 } else {
633                         return -ENOMEM;
634                 }
635                 break;
636
637         case RAW1394_REQ_SET_CARD:
638                 spin_lock_irqsave(&host_info_lock, flags);
639                 if (req->req.misc < host_count) {
640                         list_for_each_entry(hi, &host_info_list, list) {
641                                 if (!req->req.misc--)
642                                         break;
643                         }
644                         get_device(&hi->host->device);  // XXX Need to handle failure case
645                         list_add_tail(&fi->list, &hi->file_info_list);
646                         fi->host = hi->host;
647                         fi->state = connected;
648
649                         req->req.error = RAW1394_ERROR_NONE;
650                         req->req.generation = get_hpsb_generation(fi->host);
651                         req->req.misc = (fi->host->node_id << 16)
652                             | fi->host->node_count;
653                         if (fi->protocol_version > 3) {
654                                 req->req.misc |=
655                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
656                         }
657                 } else {
658                         req->req.error = RAW1394_ERROR_INVALID_ARG;
659                 }
660                 spin_unlock_irqrestore(&host_info_lock, flags);
661
662                 req->req.length = 0;
663                 break;
664
665         default:
666                 req->req.error = RAW1394_ERROR_STATE_ORDER;
667                 req->req.length = 0;
668                 break;
669         }
670
671         queue_complete_req(req);
672         return sizeof(struct raw1394_request);
673 }
674
675 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
676 {
677         int channel = req->req.misc;
678
679         if ((channel > 63) || (channel < -64)) {
680                 req->req.error = RAW1394_ERROR_INVALID_ARG;
681         } else if (channel >= 0) {
682                 /* allocate channel req.misc */
683                 if (fi->listen_channels & (1ULL << channel)) {
684                         req->req.error = RAW1394_ERROR_ALREADY;
685                 } else {
686                         if (hpsb_listen_channel
687                             (&raw1394_highlevel, fi->host, channel)) {
688                                 req->req.error = RAW1394_ERROR_ALREADY;
689                         } else {
690                                 fi->listen_channels |= 1ULL << channel;
691                                 fi->iso_buffer = int2ptr(req->req.recvb);
692                                 fi->iso_buffer_length = req->req.length;
693                         }
694                 }
695         } else {
696                 /* deallocate channel (one's complement neg) req.misc */
697                 channel = ~channel;
698
699                 if (fi->listen_channels & (1ULL << channel)) {
700                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
701                                               channel);
702                         fi->listen_channels &= ~(1ULL << channel);
703                 } else {
704                         req->req.error = RAW1394_ERROR_INVALID_ARG;
705                 }
706         }
707
708         req->req.length = 0;
709         queue_complete_req(req);
710 }
711
712 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
713 {
714         if (req->req.misc) {
715                 if (fi->fcp_buffer) {
716                         req->req.error = RAW1394_ERROR_ALREADY;
717                 } else {
718                         fi->fcp_buffer = int2ptr(req->req.recvb);
719                 }
720         } else {
721                 if (!fi->fcp_buffer) {
722                         req->req.error = RAW1394_ERROR_ALREADY;
723                 } else {
724                         fi->fcp_buffer = NULL;
725                 }
726         }
727
728         req->req.length = 0;
729         queue_complete_req(req);
730 }
731
732 static int handle_async_request(struct file_info *fi,
733                                 struct pending_request *req, int node)
734 {
735         unsigned long flags;
736         struct hpsb_packet *packet = NULL;
737         u64 addr = req->req.address & 0xffffffffffffULL;
738
739         switch (req->req.type) {
740         case RAW1394_REQ_ASYNC_READ:
741                 DBGMSG("read_request called");
742                 packet =
743                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
744
745                 if (!packet)
746                         return -ENOMEM;
747
748                 if (req->req.length == 4)
749                         req->data = &packet->header[3];
750                 else
751                         req->data = packet->data;
752
753                 break;
754
755         case RAW1394_REQ_ASYNC_WRITE:
756                 DBGMSG("write_request called");
757
758                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
759                                                req->req.length);
760                 if (!packet)
761                         return -ENOMEM;
762
763                 if (req->req.length == 4) {
764                         if (copy_from_user
765                             (&packet->header[3], int2ptr(req->req.sendb),
766                              req->req.length))
767                                 req->req.error = RAW1394_ERROR_MEMFAULT;
768                 } else {
769                         if (copy_from_user
770                             (packet->data, int2ptr(req->req.sendb),
771                              req->req.length))
772                                 req->req.error = RAW1394_ERROR_MEMFAULT;
773                 }
774
775                 req->req.length = 0;
776                 break;
777
778         case RAW1394_REQ_ASYNC_STREAM:
779                 DBGMSG("stream_request called");
780
781                 packet =
782                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
783                                            node & 0x3f /*channel */ ,
784                                            (req->req.misc >> 16) & 0x3,
785                                            req->req.misc & 0xf);
786                 if (!packet)
787                         return -ENOMEM;
788
789                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
790                                    req->req.length))
791                         req->req.error = RAW1394_ERROR_MEMFAULT;
792
793                 req->req.length = 0;
794                 break;
795
796         case RAW1394_REQ_LOCK:
797                 DBGMSG("lock_request called");
798                 if ((req->req.misc == EXTCODE_FETCH_ADD)
799                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
800                         if (req->req.length != 4) {
801                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
802                                 break;
803                         }
804                 } else {
805                         if (req->req.length != 8) {
806                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
807                                 break;
808                         }
809                 }
810
811                 packet = hpsb_make_lockpacket(fi->host, node, addr,
812                                               req->req.misc, NULL, 0);
813                 if (!packet)
814                         return -ENOMEM;
815
816                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
817                                    req->req.length)) {
818                         req->req.error = RAW1394_ERROR_MEMFAULT;
819                         break;
820                 }
821
822                 req->data = packet->data;
823                 req->req.length = 4;
824                 break;
825
826         case RAW1394_REQ_LOCK64:
827                 DBGMSG("lock64_request called");
828                 if ((req->req.misc == EXTCODE_FETCH_ADD)
829                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
830                         if (req->req.length != 8) {
831                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
832                                 break;
833                         }
834                 } else {
835                         if (req->req.length != 16) {
836                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
837                                 break;
838                         }
839                 }
840                 packet = hpsb_make_lock64packet(fi->host, node, addr,
841                                                 req->req.misc, NULL, 0);
842                 if (!packet)
843                         return -ENOMEM;
844
845                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
846                                    req->req.length)) {
847                         req->req.error = RAW1394_ERROR_MEMFAULT;
848                         break;
849                 }
850
851                 req->data = packet->data;
852                 req->req.length = 8;
853                 break;
854
855         default:
856                 req->req.error = RAW1394_ERROR_STATE_ORDER;
857         }
858
859         req->packet = packet;
860
861         if (req->req.error) {
862                 req->req.length = 0;
863                 queue_complete_req(req);
864                 return sizeof(struct raw1394_request);
865         }
866
867         hpsb_set_packet_complete_task(packet,
868                                       (void (*)(void *))queue_complete_cb, req);
869
870         spin_lock_irqsave(&fi->reqlists_lock, flags);
871         list_add_tail(&req->list, &fi->req_pending);
872         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
873
874         packet->generation = req->req.generation;
875
876         if (hpsb_send_packet(packet) < 0) {
877                 req->req.error = RAW1394_ERROR_SEND_ERROR;
878                 req->req.length = 0;
879                 hpsb_free_tlabel(packet);
880                 queue_complete_req(req);
881         }
882         return sizeof(struct raw1394_request);
883 }
884
885 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
886                            int channel)
887 {
888         unsigned long flags;
889         struct hpsb_packet *packet;
890
891         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
892                                      (req->req.misc >> 16) & 0x3,
893                                      req->req.misc & 0xf);
894         if (!packet)
895                 return -ENOMEM;
896
897         packet->speed_code = req->req.address & 0x3;
898
899         req->packet = packet;
900
901         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
902                            req->req.length)) {
903                 req->req.error = RAW1394_ERROR_MEMFAULT;
904                 req->req.length = 0;
905                 queue_complete_req(req);
906                 return sizeof(struct raw1394_request);
907         }
908
909         req->req.length = 0;
910         hpsb_set_packet_complete_task(packet,
911                                       (void (*)(void *))queue_complete_req,
912                                       req);
913
914         spin_lock_irqsave(&fi->reqlists_lock, flags);
915         list_add_tail(&req->list, &fi->req_pending);
916         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
917
918         /* Update the generation of the packet just before sending. */
919         packet->generation = req->req.generation;
920
921         if (hpsb_send_packet(packet) < 0) {
922                 req->req.error = RAW1394_ERROR_SEND_ERROR;
923                 queue_complete_req(req);
924         }
925
926         return sizeof(struct raw1394_request);
927 }
928
929 static int handle_async_send(struct file_info *fi, struct pending_request *req)
930 {
931         unsigned long flags;
932         struct hpsb_packet *packet;
933         int header_length = req->req.misc & 0xffff;
934         int expect_response = req->req.misc >> 16;
935
936         if ((header_length > req->req.length) || (header_length < 12)) {
937                 req->req.error = RAW1394_ERROR_INVALID_ARG;
938                 req->req.length = 0;
939                 queue_complete_req(req);
940                 return sizeof(struct raw1394_request);
941         }
942
943         packet = hpsb_alloc_packet(req->req.length - header_length);
944         req->packet = packet;
945         if (!packet)
946                 return -ENOMEM;
947
948         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
949                            header_length)) {
950                 req->req.error = RAW1394_ERROR_MEMFAULT;
951                 req->req.length = 0;
952                 queue_complete_req(req);
953                 return sizeof(struct raw1394_request);
954         }
955
956         if (copy_from_user
957             (packet->data, int2ptr(req->req.sendb) + header_length,
958              packet->data_size)) {
959                 req->req.error = RAW1394_ERROR_MEMFAULT;
960                 req->req.length = 0;
961                 queue_complete_req(req);
962                 return sizeof(struct raw1394_request);
963         }
964
965         packet->type = hpsb_async;
966         packet->node_id = packet->header[0] >> 16;
967         packet->tcode = (packet->header[0] >> 4) & 0xf;
968         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
969         packet->host = fi->host;
970         packet->expect_response = expect_response;
971         packet->header_size = header_length;
972         packet->data_size = req->req.length - header_length;
973
974         req->req.length = 0;
975         hpsb_set_packet_complete_task(packet,
976                                       (void (*)(void *))queue_complete_cb, req);
977
978         spin_lock_irqsave(&fi->reqlists_lock, flags);
979         list_add_tail(&req->list, &fi->req_pending);
980         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
981
982         /* Update the generation of the packet just before sending. */
983         packet->generation = req->req.generation;
984
985         if (hpsb_send_packet(packet) < 0) {
986                 req->req.error = RAW1394_ERROR_SEND_ERROR;
987                 queue_complete_req(req);
988         }
989
990         return sizeof(struct raw1394_request);
991 }
992
993 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
994                     u64 addr, size_t length, u16 flags)
995 {
996         unsigned long irqflags;
997         struct pending_request *req;
998         struct host_info *hi;
999         struct file_info *fi = NULL;
1000         struct list_head *entry;
1001         struct arm_addr *arm_addr = NULL;
1002         struct arm_request *arm_req = NULL;
1003         struct arm_response *arm_resp = NULL;
1004         int found = 0, size = 0, rcode = -1;
1005         struct arm_request_response *arm_req_resp = NULL;
1006
1007         DBGMSG("arm_read  called by node: %X"
1008                "addr: %4.4x %8.8x length: %Zu", nodeid,
1009                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1010                length);
1011         spin_lock_irqsave(&host_info_lock, irqflags);
1012         hi = find_host_info(host);      /* search address-entry */
1013         if (hi != NULL) {
1014                 list_for_each_entry(fi, &hi->file_info_list, list) {
1015                         entry = fi->addr_list.next;
1016                         while (entry != &(fi->addr_list)) {
1017                                 arm_addr =
1018                                     list_entry(entry, struct arm_addr,
1019                                                addr_list);
1020                                 if (((arm_addr->start) <= (addr))
1021                                     && ((arm_addr->end) >= (addr + length))) {
1022                                         found = 1;
1023                                         break;
1024                                 }
1025                                 entry = entry->next;
1026                         }
1027                         if (found) {
1028                                 break;
1029                         }
1030                 }
1031         }
1032         rcode = -1;
1033         if (!found) {
1034                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1035                        " -> rcode_address_error\n");
1036                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1037                 return (RCODE_ADDRESS_ERROR);
1038         } else {
1039                 DBGMSG("arm_read addr_entry FOUND");
1040         }
1041         if (arm_addr->rec_length < length) {
1042                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1043                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1044         }
1045         if (rcode == -1) {
1046                 if (arm_addr->access_rights & ARM_READ) {
1047                         if (!(arm_addr->client_transactions & ARM_READ)) {
1048                                 memcpy(buffer,
1049                                        (arm_addr->addr_space_buffer) + (addr -
1050                                                                         (arm_addr->
1051                                                                          start)),
1052                                        length);
1053                                 DBGMSG("arm_read -> (rcode_complete)");
1054                                 rcode = RCODE_COMPLETE;
1055                         }
1056                 } else {
1057                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1058                         DBGMSG("arm_read -> rcode_type_error (access denied)");
1059                 }
1060         }
1061         if (arm_addr->notification_options & ARM_READ) {
1062                 DBGMSG("arm_read -> entering notification-section");
1063                 req = __alloc_pending_request(GFP_ATOMIC);
1064                 if (!req) {
1065                         DBGMSG("arm_read -> rcode_conflict_error");
1066                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1067                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1068                                                            The request may be retried */
1069                 }
1070                 if (rcode == RCODE_COMPLETE) {
1071                         size =
1072                             sizeof(struct arm_request) +
1073                             sizeof(struct arm_response) +
1074                             length * sizeof(byte_t) +
1075                             sizeof(struct arm_request_response);
1076                 } else {
1077                         size =
1078                             sizeof(struct arm_request) +
1079                             sizeof(struct arm_response) +
1080                             sizeof(struct arm_request_response);
1081                 }
1082                 req->data = kmalloc(size, GFP_ATOMIC);
1083                 if (!(req->data)) {
1084                         free_pending_request(req);
1085                         DBGMSG("arm_read -> rcode_conflict_error");
1086                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1087                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1088                                                            The request may be retried */
1089                 }
1090                 req->free_data = 1;
1091                 req->file_info = fi;
1092                 req->req.type = RAW1394_REQ_ARM;
1093                 req->req.generation = get_hpsb_generation(host);
1094                 req->req.misc =
1095                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1096                 req->req.tag = arm_addr->arm_tag;
1097                 req->req.recvb = arm_addr->recvb;
1098                 req->req.length = size;
1099                 arm_req_resp = (struct arm_request_response *)(req->data);
1100                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1101                                                  (sizeof
1102                                                   (struct
1103                                                    arm_request_response)));
1104                 arm_resp =
1105                     (struct arm_response *)((byte_t *) (arm_req) +
1106                                             (sizeof(struct arm_request)));
1107                 arm_req->buffer = NULL;
1108                 arm_resp->buffer = NULL;
1109                 if (rcode == RCODE_COMPLETE) {
1110                         byte_t *buf =
1111                             (byte_t *) arm_resp + sizeof(struct arm_response);
1112                         memcpy(buf,
1113                                (arm_addr->addr_space_buffer) + (addr -
1114                                                                 (arm_addr->
1115                                                                  start)),
1116                                length);
1117                         arm_resp->buffer =
1118                             int2ptr((arm_addr->recvb) +
1119                                     sizeof(struct arm_request_response) +
1120                                     sizeof(struct arm_request) +
1121                                     sizeof(struct arm_response));
1122                 }
1123                 arm_resp->buffer_length =
1124                     (rcode == RCODE_COMPLETE) ? length : 0;
1125                 arm_resp->response_code = rcode;
1126                 arm_req->buffer_length = 0;
1127                 arm_req->generation = req->req.generation;
1128                 arm_req->extended_transaction_code = 0;
1129                 arm_req->destination_offset = addr;
1130                 arm_req->source_nodeid = nodeid;
1131                 arm_req->destination_nodeid = host->node_id;
1132                 arm_req->tlabel = (flags >> 10) & 0x3f;
1133                 arm_req->tcode = (flags >> 4) & 0x0f;
1134                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1135                                                 sizeof(struct
1136                                                        arm_request_response));
1137                 arm_req_resp->response =
1138                     int2ptr((arm_addr->recvb) +
1139                             sizeof(struct arm_request_response) +
1140                             sizeof(struct arm_request));
1141                 queue_complete_req(req);
1142         }
1143         spin_unlock_irqrestore(&host_info_lock, irqflags);
1144         return (rcode);
1145 }
1146
1147 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1148                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1149 {
1150         unsigned long irqflags;
1151         struct pending_request *req;
1152         struct host_info *hi;
1153         struct file_info *fi = NULL;
1154         struct list_head *entry;
1155         struct arm_addr *arm_addr = NULL;
1156         struct arm_request *arm_req = NULL;
1157         struct arm_response *arm_resp = NULL;
1158         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1159         struct arm_request_response *arm_req_resp = NULL;
1160
1161         DBGMSG("arm_write called by node: %X"
1162                "addr: %4.4x %8.8x length: %Zu", nodeid,
1163                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1164                length);
1165         spin_lock_irqsave(&host_info_lock, irqflags);
1166         hi = find_host_info(host);      /* search address-entry */
1167         if (hi != NULL) {
1168                 list_for_each_entry(fi, &hi->file_info_list, list) {
1169                         entry = fi->addr_list.next;
1170                         while (entry != &(fi->addr_list)) {
1171                                 arm_addr =
1172                                     list_entry(entry, struct arm_addr,
1173                                                addr_list);
1174                                 if (((arm_addr->start) <= (addr))
1175                                     && ((arm_addr->end) >= (addr + length))) {
1176                                         found = 1;
1177                                         break;
1178                                 }
1179                                 entry = entry->next;
1180                         }
1181                         if (found) {
1182                                 break;
1183                         }
1184                 }
1185         }
1186         rcode = -1;
1187         if (!found) {
1188                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1189                        " -> rcode_address_error\n");
1190                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1191                 return (RCODE_ADDRESS_ERROR);
1192         } else {
1193                 DBGMSG("arm_write addr_entry FOUND");
1194         }
1195         if (arm_addr->rec_length < length) {
1196                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1197                 length_conflict = 1;
1198                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1199         }
1200         if (rcode == -1) {
1201                 if (arm_addr->access_rights & ARM_WRITE) {
1202                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1203                                 memcpy((arm_addr->addr_space_buffer) +
1204                                        (addr - (arm_addr->start)), data,
1205                                        length);
1206                                 DBGMSG("arm_write -> (rcode_complete)");
1207                                 rcode = RCODE_COMPLETE;
1208                         }
1209                 } else {
1210                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1211                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1212                 }
1213         }
1214         if (arm_addr->notification_options & ARM_WRITE) {
1215                 DBGMSG("arm_write -> entering notification-section");
1216                 req = __alloc_pending_request(GFP_ATOMIC);
1217                 if (!req) {
1218                         DBGMSG("arm_write -> rcode_conflict_error");
1219                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1220                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1221                                                            The request my be retried */
1222                 }
1223                 size =
1224                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1225                     (length) * sizeof(byte_t) +
1226                     sizeof(struct arm_request_response);
1227                 req->data = kmalloc(size, GFP_ATOMIC);
1228                 if (!(req->data)) {
1229                         free_pending_request(req);
1230                         DBGMSG("arm_write -> rcode_conflict_error");
1231                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1232                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1233                                                            The request may be retried */
1234                 }
1235                 req->free_data = 1;
1236                 req->file_info = fi;
1237                 req->req.type = RAW1394_REQ_ARM;
1238                 req->req.generation = get_hpsb_generation(host);
1239                 req->req.misc =
1240                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1241                 req->req.tag = arm_addr->arm_tag;
1242                 req->req.recvb = arm_addr->recvb;
1243                 req->req.length = size;
1244                 arm_req_resp = (struct arm_request_response *)(req->data);
1245                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1246                                                  (sizeof
1247                                                   (struct
1248                                                    arm_request_response)));
1249                 arm_resp =
1250                     (struct arm_response *)((byte_t *) (arm_req) +
1251                                             (sizeof(struct arm_request)));
1252                 arm_resp->buffer = NULL;
1253                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1254                        data, length);
1255                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1256                                           sizeof(struct arm_request_response) +
1257                                           sizeof(struct arm_request) +
1258                                           sizeof(struct arm_response));
1259                 arm_req->buffer_length = length;
1260                 arm_req->generation = req->req.generation;
1261                 arm_req->extended_transaction_code = 0;
1262                 arm_req->destination_offset = addr;
1263                 arm_req->source_nodeid = nodeid;
1264                 arm_req->destination_nodeid = destid;
1265                 arm_req->tlabel = (flags >> 10) & 0x3f;
1266                 arm_req->tcode = (flags >> 4) & 0x0f;
1267                 arm_resp->buffer_length = 0;
1268                 arm_resp->response_code = rcode;
1269                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1270                                                 sizeof(struct
1271                                                        arm_request_response));
1272                 arm_req_resp->response =
1273                     int2ptr((arm_addr->recvb) +
1274                             sizeof(struct arm_request_response) +
1275                             sizeof(struct arm_request));
1276                 queue_complete_req(req);
1277         }
1278         spin_unlock_irqrestore(&host_info_lock, irqflags);
1279         return (rcode);
1280 }
1281
1282 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1283                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1284                     u16 flags)
1285 {
1286         unsigned long irqflags;
1287         struct pending_request *req;
1288         struct host_info *hi;
1289         struct file_info *fi = NULL;
1290         struct list_head *entry;
1291         struct arm_addr *arm_addr = NULL;
1292         struct arm_request *arm_req = NULL;
1293         struct arm_response *arm_resp = NULL;
1294         int found = 0, size = 0, rcode = -1;
1295         quadlet_t old, new;
1296         struct arm_request_response *arm_req_resp = NULL;
1297
1298         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1299             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1300                 DBGMSG("arm_lock  called by node: %X "
1301                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1302                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1303                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1304                        be32_to_cpu(data));
1305         } else {
1306                 DBGMSG("arm_lock  called by node: %X "
1307                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1308                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1309                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1310                        be32_to_cpu(data), be32_to_cpu(arg));
1311         }
1312         spin_lock_irqsave(&host_info_lock, irqflags);
1313         hi = find_host_info(host);      /* search address-entry */
1314         if (hi != NULL) {
1315                 list_for_each_entry(fi, &hi->file_info_list, list) {
1316                         entry = fi->addr_list.next;
1317                         while (entry != &(fi->addr_list)) {
1318                                 arm_addr =
1319                                     list_entry(entry, struct arm_addr,
1320                                                addr_list);
1321                                 if (((arm_addr->start) <= (addr))
1322                                     && ((arm_addr->end) >=
1323                                         (addr + sizeof(*store)))) {
1324                                         found = 1;
1325                                         break;
1326                                 }
1327                                 entry = entry->next;
1328                         }
1329                         if (found) {
1330                                 break;
1331                         }
1332                 }
1333         }
1334         rcode = -1;
1335         if (!found) {
1336                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1337                        " -> rcode_address_error\n");
1338                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1339                 return (RCODE_ADDRESS_ERROR);
1340         } else {
1341                 DBGMSG("arm_lock addr_entry FOUND");
1342         }
1343         if (rcode == -1) {
1344                 if (arm_addr->access_rights & ARM_LOCK) {
1345                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1346                                 memcpy(&old,
1347                                        (arm_addr->addr_space_buffer) + (addr -
1348                                                                         (arm_addr->
1349                                                                          start)),
1350                                        sizeof(old));
1351                                 switch (ext_tcode) {
1352                                 case (EXTCODE_MASK_SWAP):
1353                                         new = data | (old & ~arg);
1354                                         break;
1355                                 case (EXTCODE_COMPARE_SWAP):
1356                                         if (old == arg) {
1357                                                 new = data;
1358                                         } else {
1359                                                 new = old;
1360                                         }
1361                                         break;
1362                                 case (EXTCODE_FETCH_ADD):
1363                                         new =
1364                                             cpu_to_be32(be32_to_cpu(data) +
1365                                                         be32_to_cpu(old));
1366                                         break;
1367                                 case (EXTCODE_LITTLE_ADD):
1368                                         new =
1369                                             cpu_to_le32(le32_to_cpu(data) +
1370                                                         le32_to_cpu(old));
1371                                         break;
1372                                 case (EXTCODE_BOUNDED_ADD):
1373                                         if (old != arg) {
1374                                                 new =
1375                                                     cpu_to_be32(be32_to_cpu
1376                                                                 (data) +
1377                                                                 be32_to_cpu
1378                                                                 (old));
1379                                         } else {
1380                                                 new = old;
1381                                         }
1382                                         break;
1383                                 case (EXTCODE_WRAP_ADD):
1384                                         if (old != arg) {
1385                                                 new =
1386                                                     cpu_to_be32(be32_to_cpu
1387                                                                 (data) +
1388                                                                 be32_to_cpu
1389                                                                 (old));
1390                                         } else {
1391                                                 new = data;
1392                                         }
1393                                         break;
1394                                 default:
1395                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1396                                         printk(KERN_ERR
1397                                                "raw1394: arm_lock FAILED "
1398                                                "ext_tcode not allowed -> rcode_type_error\n");
1399                                         break;
1400                                 }       /*switch */
1401                                 if (rcode == -1) {
1402                                         DBGMSG("arm_lock -> (rcode_complete)");
1403                                         rcode = RCODE_COMPLETE;
1404                                         memcpy(store, &old, sizeof(*store));
1405                                         memcpy((arm_addr->addr_space_buffer) +
1406                                                (addr - (arm_addr->start)),
1407                                                &new, sizeof(*store));
1408                                 }
1409                         }
1410                 } else {
1411                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1412                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1413                 }
1414         }
1415         if (arm_addr->notification_options & ARM_LOCK) {
1416                 byte_t *buf1, *buf2;
1417                 DBGMSG("arm_lock -> entering notification-section");
1418                 req = __alloc_pending_request(GFP_ATOMIC);
1419                 if (!req) {
1420                         DBGMSG("arm_lock -> rcode_conflict_error");
1421                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1422                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1423                                                            The request may be retried */
1424                 }
1425                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1426                 req->data = kmalloc(size, GFP_ATOMIC);
1427                 if (!(req->data)) {
1428                         free_pending_request(req);
1429                         DBGMSG("arm_lock -> rcode_conflict_error");
1430                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1431                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1432                                                            The request may be retried */
1433                 }
1434                 req->free_data = 1;
1435                 arm_req_resp = (struct arm_request_response *)(req->data);
1436                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1437                                                  (sizeof
1438                                                   (struct
1439                                                    arm_request_response)));
1440                 arm_resp =
1441                     (struct arm_response *)((byte_t *) (arm_req) +
1442                                             (sizeof(struct arm_request)));
1443                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1444                 buf2 = buf1 + 2 * sizeof(*store);
1445                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1446                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1447                         arm_req->buffer_length = sizeof(*store);
1448                         memcpy(buf1, &data, sizeof(*store));
1449
1450                 } else {
1451                         arm_req->buffer_length = 2 * sizeof(*store);
1452                         memcpy(buf1, &arg, sizeof(*store));
1453                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1454                 }
1455                 if (rcode == RCODE_COMPLETE) {
1456                         arm_resp->buffer_length = sizeof(*store);
1457                         memcpy(buf2, &old, sizeof(*store));
1458                 } else {
1459                         arm_resp->buffer_length = 0;
1460                 }
1461                 req->file_info = fi;
1462                 req->req.type = RAW1394_REQ_ARM;
1463                 req->req.generation = get_hpsb_generation(host);
1464                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1465                                  (ARM_LOCK & 0xFF));
1466                 req->req.tag = arm_addr->arm_tag;
1467                 req->req.recvb = arm_addr->recvb;
1468                 req->req.length = size;
1469                 arm_req->generation = req->req.generation;
1470                 arm_req->extended_transaction_code = ext_tcode;
1471                 arm_req->destination_offset = addr;
1472                 arm_req->source_nodeid = nodeid;
1473                 arm_req->destination_nodeid = host->node_id;
1474                 arm_req->tlabel = (flags >> 10) & 0x3f;
1475                 arm_req->tcode = (flags >> 4) & 0x0f;
1476                 arm_resp->response_code = rcode;
1477                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1478                                                 sizeof(struct
1479                                                        arm_request_response));
1480                 arm_req_resp->response =
1481                     int2ptr((arm_addr->recvb) +
1482                             sizeof(struct arm_request_response) +
1483                             sizeof(struct arm_request));
1484                 arm_req->buffer =
1485                     int2ptr((arm_addr->recvb) +
1486                             sizeof(struct arm_request_response) +
1487                             sizeof(struct arm_request) +
1488                             sizeof(struct arm_response));
1489                 arm_resp->buffer =
1490                     int2ptr((arm_addr->recvb) +
1491                             sizeof(struct arm_request_response) +
1492                             sizeof(struct arm_request) +
1493                             sizeof(struct arm_response) + 2 * sizeof(*store));
1494                 queue_complete_req(req);
1495         }
1496         spin_unlock_irqrestore(&host_info_lock, irqflags);
1497         return (rcode);
1498 }
1499
1500 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1501                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1502                       u16 flags)
1503 {
1504         unsigned long irqflags;
1505         struct pending_request *req;
1506         struct host_info *hi;
1507         struct file_info *fi = NULL;
1508         struct list_head *entry;
1509         struct arm_addr *arm_addr = NULL;
1510         struct arm_request *arm_req = NULL;
1511         struct arm_response *arm_resp = NULL;
1512         int found = 0, size = 0, rcode = -1;
1513         octlet_t old, new;
1514         struct arm_request_response *arm_req_resp = NULL;
1515
1516         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1517             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1518                 DBGMSG("arm_lock64 called by node: %X "
1519                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1520                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1521                        (u32) (addr & 0xFFFFFFFF),
1522                        ext_tcode & 0xFF,
1523                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1524                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1525         } else {
1526                 DBGMSG("arm_lock64 called by node: %X "
1527                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1528                        "%8.8X %8.8X ",
1529                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1530                        (u32) (addr & 0xFFFFFFFF),
1531                        ext_tcode & 0xFF,
1532                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1533                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1534                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1535                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1536         }
1537         spin_lock_irqsave(&host_info_lock, irqflags);
1538         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1539         if (hi != NULL) {
1540                 list_for_each_entry(fi, &hi->file_info_list, list) {
1541                         entry = fi->addr_list.next;
1542                         while (entry != &(fi->addr_list)) {
1543                                 arm_addr =
1544                                     list_entry(entry, struct arm_addr,
1545                                                addr_list);
1546                                 if (((arm_addr->start) <= (addr))
1547                                     && ((arm_addr->end) >=
1548                                         (addr + sizeof(*store)))) {
1549                                         found = 1;
1550                                         break;
1551                                 }
1552                                 entry = entry->next;
1553                         }
1554                         if (found) {
1555                                 break;
1556                         }
1557                 }
1558         }
1559         rcode = -1;
1560         if (!found) {
1561                 printk(KERN_ERR
1562                        "raw1394: arm_lock64 FAILED addr_entry not found"
1563                        " -> rcode_address_error\n");
1564                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1565                 return (RCODE_ADDRESS_ERROR);
1566         } else {
1567                 DBGMSG("arm_lock64 addr_entry FOUND");
1568         }
1569         if (rcode == -1) {
1570                 if (arm_addr->access_rights & ARM_LOCK) {
1571                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1572                                 memcpy(&old,
1573                                        (arm_addr->addr_space_buffer) + (addr -
1574                                                                         (arm_addr->
1575                                                                          start)),
1576                                        sizeof(old));
1577                                 switch (ext_tcode) {
1578                                 case (EXTCODE_MASK_SWAP):
1579                                         new = data | (old & ~arg);
1580                                         break;
1581                                 case (EXTCODE_COMPARE_SWAP):
1582                                         if (old == arg) {
1583                                                 new = data;
1584                                         } else {
1585                                                 new = old;
1586                                         }
1587                                         break;
1588                                 case (EXTCODE_FETCH_ADD):
1589                                         new =
1590                                             cpu_to_be64(be64_to_cpu(data) +
1591                                                         be64_to_cpu(old));
1592                                         break;
1593                                 case (EXTCODE_LITTLE_ADD):
1594                                         new =
1595                                             cpu_to_le64(le64_to_cpu(data) +
1596                                                         le64_to_cpu(old));
1597                                         break;
1598                                 case (EXTCODE_BOUNDED_ADD):
1599                                         if (old != arg) {
1600                                                 new =
1601                                                     cpu_to_be64(be64_to_cpu
1602                                                                 (data) +
1603                                                                 be64_to_cpu
1604                                                                 (old));
1605                                         } else {
1606                                                 new = old;
1607                                         }
1608                                         break;
1609                                 case (EXTCODE_WRAP_ADD):
1610                                         if (old != arg) {
1611                                                 new =
1612                                                     cpu_to_be64(be64_to_cpu
1613                                                                 (data) +
1614                                                                 be64_to_cpu
1615                                                                 (old));
1616                                         } else {
1617                                                 new = data;
1618                                         }
1619                                         break;
1620                                 default:
1621                                         printk(KERN_ERR
1622                                                "raw1394: arm_lock64 FAILED "
1623                                                "ext_tcode not allowed -> rcode_type_error\n");
1624                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1625                                         break;
1626                                 }       /*switch */
1627                                 if (rcode == -1) {
1628                                         DBGMSG
1629                                             ("arm_lock64 -> (rcode_complete)");
1630                                         rcode = RCODE_COMPLETE;
1631                                         memcpy(store, &old, sizeof(*store));
1632                                         memcpy((arm_addr->addr_space_buffer) +
1633                                                (addr - (arm_addr->start)),
1634                                                &new, sizeof(*store));
1635                                 }
1636                         }
1637                 } else {
1638                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1639                         DBGMSG
1640                             ("arm_lock64 -> rcode_type_error (access denied)");
1641                 }
1642         }
1643         if (arm_addr->notification_options & ARM_LOCK) {
1644                 byte_t *buf1, *buf2;
1645                 DBGMSG("arm_lock64 -> entering notification-section");
1646                 req = __alloc_pending_request(GFP_ATOMIC);
1647                 if (!req) {
1648                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1649                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1650                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1651                                                            The request may be retried */
1652                 }
1653                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1654                 req->data = kmalloc(size, GFP_ATOMIC);
1655                 if (!(req->data)) {
1656                         free_pending_request(req);
1657                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1658                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1659                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1660                                                            The request may be retried */
1661                 }
1662                 req->free_data = 1;
1663                 arm_req_resp = (struct arm_request_response *)(req->data);
1664                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1665                                                  (sizeof
1666                                                   (struct
1667                                                    arm_request_response)));
1668                 arm_resp =
1669                     (struct arm_response *)((byte_t *) (arm_req) +
1670                                             (sizeof(struct arm_request)));
1671                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1672                 buf2 = buf1 + 2 * sizeof(*store);
1673                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1674                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1675                         arm_req->buffer_length = sizeof(*store);
1676                         memcpy(buf1, &data, sizeof(*store));
1677
1678                 } else {
1679                         arm_req->buffer_length = 2 * sizeof(*store);
1680                         memcpy(buf1, &arg, sizeof(*store));
1681                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1682                 }
1683                 if (rcode == RCODE_COMPLETE) {
1684                         arm_resp->buffer_length = sizeof(*store);
1685                         memcpy(buf2, &old, sizeof(*store));
1686                 } else {
1687                         arm_resp->buffer_length = 0;
1688                 }
1689                 req->file_info = fi;
1690                 req->req.type = RAW1394_REQ_ARM;
1691                 req->req.generation = get_hpsb_generation(host);
1692                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1693                                  (ARM_LOCK & 0xFF));
1694                 req->req.tag = arm_addr->arm_tag;
1695                 req->req.recvb = arm_addr->recvb;
1696                 req->req.length = size;
1697                 arm_req->generation = req->req.generation;
1698                 arm_req->extended_transaction_code = ext_tcode;
1699                 arm_req->destination_offset = addr;
1700                 arm_req->source_nodeid = nodeid;
1701                 arm_req->destination_nodeid = host->node_id;
1702                 arm_req->tlabel = (flags >> 10) & 0x3f;
1703                 arm_req->tcode = (flags >> 4) & 0x0f;
1704                 arm_resp->response_code = rcode;
1705                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1706                                                 sizeof(struct
1707                                                        arm_request_response));
1708                 arm_req_resp->response =
1709                     int2ptr((arm_addr->recvb) +
1710                             sizeof(struct arm_request_response) +
1711                             sizeof(struct arm_request));
1712                 arm_req->buffer =
1713                     int2ptr((arm_addr->recvb) +
1714                             sizeof(struct arm_request_response) +
1715                             sizeof(struct arm_request) +
1716                             sizeof(struct arm_response));
1717                 arm_resp->buffer =
1718                     int2ptr((arm_addr->recvb) +
1719                             sizeof(struct arm_request_response) +
1720                             sizeof(struct arm_request) +
1721                             sizeof(struct arm_response) + 2 * sizeof(*store));
1722                 queue_complete_req(req);
1723         }
1724         spin_unlock_irqrestore(&host_info_lock, irqflags);
1725         return (rcode);
1726 }
1727
1728 static int arm_register(struct file_info *fi, struct pending_request *req)
1729 {
1730         int retval;
1731         struct arm_addr *addr;
1732         struct host_info *hi;
1733         struct file_info *fi_hlp = NULL;
1734         struct list_head *entry;
1735         struct arm_addr *arm_addr = NULL;
1736         int same_host, another_host;
1737         unsigned long flags;
1738
1739         DBGMSG("arm_register called "
1740                "addr(Offset): %8.8x %8.8x length: %u "
1741                "rights: %2.2X notify: %2.2X "
1742                "max_blk_len: %4.4X",
1743                (u32) ((req->req.address >> 32) & 0xFFFF),
1744                (u32) (req->req.address & 0xFFFFFFFF),
1745                req->req.length, ((req->req.misc >> 8) & 0xFF),
1746                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1747         /* check addressrange */
1748         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1749             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1750              0)) {
1751                 req->req.length = 0;
1752                 return (-EINVAL);
1753         }
1754         /* addr-list-entry for fileinfo */
1755         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1756         if (!addr) {
1757                 req->req.length = 0;
1758                 return (-ENOMEM);
1759         }
1760         /* allocation of addr_space_buffer */
1761         addr->addr_space_buffer = vmalloc(req->req.length);
1762         if (!(addr->addr_space_buffer)) {
1763                 kfree(addr);
1764                 req->req.length = 0;
1765                 return (-ENOMEM);
1766         }
1767         /* initialization of addr_space_buffer */
1768         if ((req->req.sendb) == (unsigned long)NULL) {
1769                 /* init: set 0 */
1770                 memset(addr->addr_space_buffer, 0, req->req.length);
1771         } else {
1772                 /* init: user -> kernel */
1773                 if (copy_from_user
1774                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1775                      req->req.length)) {
1776                         vfree(addr->addr_space_buffer);
1777                         kfree(addr);
1778                         return (-EFAULT);
1779                 }
1780         }
1781         INIT_LIST_HEAD(&addr->addr_list);
1782         addr->arm_tag = req->req.tag;
1783         addr->start = req->req.address;
1784         addr->end = req->req.address + req->req.length;
1785         addr->access_rights = (u8) (req->req.misc & 0x0F);
1786         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1787         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1788         addr->access_rights |= addr->client_transactions;
1789         addr->notification_options |= addr->client_transactions;
1790         addr->recvb = req->req.recvb;
1791         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1792
1793         spin_lock_irqsave(&host_info_lock, flags);
1794         hi = find_host_info(fi->host);
1795         same_host = 0;
1796         another_host = 0;
1797         /* same host with address-entry containing same addressrange ? */
1798         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1799                 entry = fi_hlp->addr_list.next;
1800                 while (entry != &(fi_hlp->addr_list)) {
1801                         arm_addr =
1802                             list_entry(entry, struct arm_addr, addr_list);
1803                         if ((arm_addr->start == addr->start)
1804                             && (arm_addr->end == addr->end)) {
1805                                 DBGMSG("same host ownes same "
1806                                        "addressrange -> EALREADY");
1807                                 same_host = 1;
1808                                 break;
1809                         }
1810                         entry = entry->next;
1811                 }
1812                 if (same_host) {
1813                         break;
1814                 }
1815         }
1816         if (same_host) {
1817                 /* addressrange occupied by same host */
1818                 spin_unlock_irqrestore(&host_info_lock, flags);
1819                 vfree(addr->addr_space_buffer);
1820                 kfree(addr);
1821                 return (-EALREADY);
1822         }
1823         /* another host with valid address-entry containing same addressrange */
1824         list_for_each_entry(hi, &host_info_list, list) {
1825                 if (hi->host != fi->host) {
1826                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1827                                 entry = fi_hlp->addr_list.next;
1828                                 while (entry != &(fi_hlp->addr_list)) {
1829                                         arm_addr =
1830                                             list_entry(entry, struct arm_addr,
1831                                                        addr_list);
1832                                         if ((arm_addr->start == addr->start)
1833                                             && (arm_addr->end == addr->end)) {
1834                                                 DBGMSG
1835                                                     ("another host ownes same "
1836                                                      "addressrange");
1837                                                 another_host = 1;
1838                                                 break;
1839                                         }
1840                                         entry = entry->next;
1841                                 }
1842                                 if (another_host) {
1843                                         break;
1844                                 }
1845                         }
1846                 }
1847         }
1848         spin_unlock_irqrestore(&host_info_lock, flags);
1849
1850         if (another_host) {
1851                 DBGMSG("another hosts entry is valid -> SUCCESS");
1852                 if (copy_to_user(int2ptr(req->req.recvb),
1853                                  &addr->start, sizeof(u64))) {
1854                         printk(KERN_ERR "raw1394: arm_register failed "
1855                                " address-range-entry is invalid -> EFAULT !!!\n");
1856                         vfree(addr->addr_space_buffer);
1857                         kfree(addr);
1858                         return (-EFAULT);
1859                 }
1860                 free_pending_request(req);      /* immediate success or fail */
1861                 /* INSERT ENTRY */
1862                 spin_lock_irqsave(&host_info_lock, flags);
1863                 list_add_tail(&addr->addr_list, &fi->addr_list);
1864                 spin_unlock_irqrestore(&host_info_lock, flags);
1865                 return sizeof(struct raw1394_request);
1866         }
1867         retval =
1868             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1869                                     req->req.address,
1870                                     req->req.address + req->req.length);
1871         if (retval) {
1872                 /* INSERT ENTRY */
1873                 spin_lock_irqsave(&host_info_lock, flags);
1874                 list_add_tail(&addr->addr_list, &fi->addr_list);
1875                 spin_unlock_irqrestore(&host_info_lock, flags);
1876         } else {
1877                 DBGMSG("arm_register failed errno: %d \n", retval);
1878                 vfree(addr->addr_space_buffer);
1879                 kfree(addr);
1880                 return (-EALREADY);
1881         }
1882         free_pending_request(req);      /* immediate success or fail */
1883         return sizeof(struct raw1394_request);
1884 }
1885
1886 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1887 {
1888         int found = 0;
1889         int retval = 0;
1890         struct list_head *entry;
1891         struct arm_addr *addr = NULL;
1892         struct host_info *hi;
1893         struct file_info *fi_hlp = NULL;
1894         struct arm_addr *arm_addr = NULL;
1895         int another_host;
1896         unsigned long flags;
1897
1898         DBGMSG("arm_Unregister called addr(Offset): "
1899                "%8.8x %8.8x",
1900                (u32) ((req->req.address >> 32) & 0xFFFF),
1901                (u32) (req->req.address & 0xFFFFFFFF));
1902         spin_lock_irqsave(&host_info_lock, flags);
1903         /* get addr */
1904         entry = fi->addr_list.next;
1905         while (entry != &(fi->addr_list)) {
1906                 addr = list_entry(entry, struct arm_addr, addr_list);
1907                 if (addr->start == req->req.address) {
1908                         found = 1;
1909                         break;
1910                 }
1911                 entry = entry->next;
1912         }
1913         if (!found) {
1914                 DBGMSG("arm_Unregister addr not found");
1915                 spin_unlock_irqrestore(&host_info_lock, flags);
1916                 return (-EINVAL);
1917         }
1918         DBGMSG("arm_Unregister addr found");
1919         another_host = 0;
1920         /* another host with valid address-entry containing
1921            same addressrange */
1922         list_for_each_entry(hi, &host_info_list, list) {
1923                 if (hi->host != fi->host) {
1924                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1925                                 entry = fi_hlp->addr_list.next;
1926                                 while (entry != &(fi_hlp->addr_list)) {
1927                                         arm_addr = list_entry(entry,
1928                                                               struct arm_addr,
1929                                                               addr_list);
1930                                         if (arm_addr->start == addr->start) {
1931                                                 DBGMSG("another host ownes "
1932                                                        "same addressrange");
1933                                                 another_host = 1;
1934                                                 break;
1935                                         }
1936                                         entry = entry->next;
1937                                 }
1938                                 if (another_host) {
1939                                         break;
1940                                 }
1941                         }
1942                 }
1943         }
1944         if (another_host) {
1945                 DBGMSG("delete entry from list -> success");
1946                 list_del(&addr->addr_list);
1947                 spin_unlock_irqrestore(&host_info_lock, flags);
1948                 vfree(addr->addr_space_buffer);
1949                 kfree(addr);
1950                 free_pending_request(req);      /* immediate success or fail */
1951                 return sizeof(struct raw1394_request);
1952         }
1953         retval =
1954             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1955                                       addr->start);
1956         if (!retval) {
1957                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1958                 spin_unlock_irqrestore(&host_info_lock, flags);
1959                 return (-EINVAL);
1960         }
1961         DBGMSG("delete entry from list -> success");
1962         list_del(&addr->addr_list);
1963         spin_unlock_irqrestore(&host_info_lock, flags);
1964         vfree(addr->addr_space_buffer);
1965         kfree(addr);
1966         free_pending_request(req);      /* immediate success or fail */
1967         return sizeof(struct raw1394_request);
1968 }
1969
1970 /* Copy data from ARM buffer(s) to user buffer. */
1971 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1972 {
1973         struct arm_addr *arm_addr = NULL;
1974         unsigned long flags;
1975         unsigned long offset;
1976
1977         struct list_head *entry;
1978
1979         DBGMSG("arm_get_buf "
1980                "addr(Offset): %04X %08X length: %u",
1981                (u32) ((req->req.address >> 32) & 0xFFFF),
1982                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1983
1984         spin_lock_irqsave(&host_info_lock, flags);
1985         entry = fi->addr_list.next;
1986         while (entry != &(fi->addr_list)) {
1987                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1988                 if ((arm_addr->start <= req->req.address) &&
1989                     (arm_addr->end > req->req.address)) {
1990                         if (req->req.address + req->req.length <= arm_addr->end) {
1991                                 offset = req->req.address - arm_addr->start;
1992                                 spin_unlock_irqrestore(&host_info_lock, flags);
1993
1994                                 DBGMSG
1995                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1996                                      (u32) req->req.recvb,
1997                                      arm_addr->addr_space_buffer + offset,
1998                                      (u32) req->req.length);
1999                                 if (copy_to_user
2000                                     (int2ptr(req->req.recvb),
2001                                      arm_addr->addr_space_buffer + offset,
2002                                      req->req.length))
2003                                         return (-EFAULT);
2004
2005                                 /* We have to free the request, because we
2006                                  * queue no response, and therefore nobody
2007                                  * will free it. */
2008                                 free_pending_request(req);
2009                                 return sizeof(struct raw1394_request);
2010                         } else {
2011                                 DBGMSG("arm_get_buf request exceeded mapping");
2012                                 spin_unlock_irqrestore(&host_info_lock, flags);
2013                                 return (-EINVAL);
2014                         }
2015                 }
2016                 entry = entry->next;
2017         }
2018         spin_unlock_irqrestore(&host_info_lock, flags);
2019         return (-EINVAL);
2020 }
2021
2022 /* Copy data from user buffer to ARM buffer(s). */
2023 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2024 {
2025         struct arm_addr *arm_addr = NULL;
2026         unsigned long flags;
2027         unsigned long offset;
2028
2029         struct list_head *entry;
2030
2031         DBGMSG("arm_set_buf "
2032                "addr(Offset): %04X %08X length: %u",
2033                (u32) ((req->req.address >> 32) & 0xFFFF),
2034                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2035
2036         spin_lock_irqsave(&host_info_lock, flags);
2037         entry = fi->addr_list.next;
2038         while (entry != &(fi->addr_list)) {
2039                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2040                 if ((arm_addr->start <= req->req.address) &&
2041                     (arm_addr->end > req->req.address)) {
2042                         if (req->req.address + req->req.length <= arm_addr->end) {
2043                                 offset = req->req.address - arm_addr->start;
2044                                 spin_unlock_irqrestore(&host_info_lock, flags);
2045
2046                                 DBGMSG
2047                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
2048                                      arm_addr->addr_space_buffer + offset,
2049                                      (u32) req->req.sendb,
2050                                      (u32) req->req.length);
2051                                 if (copy_from_user
2052                                     (arm_addr->addr_space_buffer + offset,
2053                                      int2ptr(req->req.sendb),
2054                                      req->req.length))
2055                                         return (-EFAULT);
2056
2057                                 /* We have to free the request, because we
2058                                  * queue no response, and therefore nobody
2059                                  * will free it. */
2060                                 free_pending_request(req);
2061                                 return sizeof(struct raw1394_request);
2062                         } else {
2063                                 DBGMSG("arm_set_buf request exceeded mapping");
2064                                 spin_unlock_irqrestore(&host_info_lock, flags);
2065                                 return (-EINVAL);
2066                         }
2067                 }
2068                 entry = entry->next;
2069         }
2070         spin_unlock_irqrestore(&host_info_lock, flags);
2071         return (-EINVAL);
2072 }
2073
2074 static int reset_notification(struct file_info *fi, struct pending_request *req)
2075 {
2076         DBGMSG("reset_notification called - switch %s ",
2077                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2078         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2079             (req->req.misc == RAW1394_NOTIFY_ON)) {
2080                 fi->notification = (u8) req->req.misc;
2081                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2082                 return sizeof(struct raw1394_request);
2083         }
2084         /* error EINVAL (22) invalid argument */
2085         return (-EINVAL);
2086 }
2087
2088 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2089 {
2090         struct hpsb_packet *packet = NULL;
2091         int retval = 0;
2092         quadlet_t data;
2093         unsigned long flags;
2094
2095         data = be32_to_cpu((u32) req->req.sendb);
2096         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2097         packet = hpsb_make_phypacket(fi->host, data);
2098         if (!packet)
2099                 return -ENOMEM;
2100         req->req.length = 0;
2101         req->packet = packet;
2102         hpsb_set_packet_complete_task(packet,
2103                                       (void (*)(void *))queue_complete_cb, req);
2104         spin_lock_irqsave(&fi->reqlists_lock, flags);
2105         list_add_tail(&req->list, &fi->req_pending);
2106         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2107         packet->generation = req->req.generation;
2108         retval = hpsb_send_packet(packet);
2109         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2110         if (retval < 0) {
2111                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2112                 req->req.length = 0;
2113                 queue_complete_req(req);
2114         }
2115         return sizeof(struct raw1394_request);
2116 }
2117
2118 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2119 {
2120         int ret = sizeof(struct raw1394_request);
2121         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2122         int status;
2123
2124         if (!data)
2125                 return -ENOMEM;
2126
2127         status =
2128             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2129                          data, req->req.length);
2130         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2131                 ret = -EFAULT;
2132         if (copy_to_user
2133             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2134              sizeof(fi->host->csr.rom->cache_head->len)))
2135                 ret = -EFAULT;
2136         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2137                          sizeof(fi->host->csr.generation)))
2138                 ret = -EFAULT;
2139         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2140                 ret = -EFAULT;
2141         kfree(data);
2142         if (ret >= 0) {
2143                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2144         }
2145         return ret;
2146 }
2147
2148 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2149 {
2150         int ret = sizeof(struct raw1394_request);
2151         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2152         if (!data)
2153                 return -ENOMEM;
2154         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2155                 ret = -EFAULT;
2156         } else {
2157                 int status = hpsb_update_config_rom(fi->host,
2158                                                     data, req->req.length,
2159                                                     (unsigned char)req->req.
2160                                                     misc);
2161                 if (copy_to_user
2162                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2163                         ret = -ENOMEM;
2164         }
2165         kfree(data);
2166         if (ret >= 0) {
2167                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2168                 fi->cfgrom_upd = 1;
2169         }
2170         return ret;
2171 }
2172
2173 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2174 {
2175         struct csr1212_keyval *kv;
2176         struct csr1212_csr_rom_cache *cache;
2177         struct csr1212_dentry *dentry;
2178         u32 dr;
2179         int ret = 0;
2180
2181         if (req->req.misc == ~0) {
2182                 if (req->req.length == 0)
2183                         return -EINVAL;
2184
2185                 /* Find an unused slot */
2186                 for (dr = 0;
2187                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2188                      dr++) ;
2189
2190                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2191                         return -ENOMEM;
2192
2193                 fi->csr1212_dirs[dr] =
2194                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2195                 if (!fi->csr1212_dirs[dr])
2196                         return -ENOMEM;
2197         } else {
2198                 dr = req->req.misc;
2199                 if (!fi->csr1212_dirs[dr])
2200                         return -EINVAL;
2201
2202                 /* Delete old stuff */
2203                 for (dentry =
2204                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2205                      dentry; dentry = dentry->next) {
2206                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2207                                                              root_kv,
2208                                                              dentry->kv);
2209                 }
2210
2211                 if (req->req.length == 0) {
2212                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2213                         fi->csr1212_dirs[dr] = NULL;
2214
2215                         hpsb_update_config_rom_image(fi->host);
2216                         free_pending_request(req);
2217                         return sizeof(struct raw1394_request);
2218                 }
2219         }
2220
2221         cache = csr1212_rom_cache_malloc(0, req->req.length);
2222         if (!cache) {
2223                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2224                 fi->csr1212_dirs[dr] = NULL;
2225                 return -ENOMEM;
2226         }
2227
2228         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2229         if (!cache->filled_head) {
2230                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2231                 fi->csr1212_dirs[dr] = NULL;
2232                 CSR1212_FREE(cache);
2233                 return -ENOMEM;
2234         }
2235         cache->filled_tail = cache->filled_head;
2236
2237         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2238                            req->req.length)) {
2239                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2240                 fi->csr1212_dirs[dr] = NULL;
2241                 ret = -EFAULT;
2242         } else {
2243                 cache->len = req->req.length;
2244                 cache->filled_head->offset_start = 0;
2245                 cache->filled_head->offset_end = cache->size - 1;
2246
2247                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2248
2249                 ret = CSR1212_SUCCESS;
2250                 /* parse all the items */
2251                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2252                      kv = kv->next) {
2253                         ret = csr1212_parse_keyval(kv, cache);
2254                 }
2255
2256                 /* attach top level items to the root directory */
2257                 for (dentry =
2258                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2259                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2260                         ret =
2261                             csr1212_attach_keyval_to_directory(fi->host->csr.
2262                                                                rom->root_kv,
2263                                                                dentry->kv);
2264                 }
2265
2266                 if (ret == CSR1212_SUCCESS) {
2267                         ret = hpsb_update_config_rom_image(fi->host);
2268
2269                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2270                                                      &dr, sizeof(dr))) {
2271                                 ret = -ENOMEM;
2272                         }
2273                 }
2274         }
2275         kfree(cache->filled_head);
2276         CSR1212_FREE(cache);
2277
2278         if (ret >= 0) {
2279                 /* we have to free the request, because we queue no response,
2280                  * and therefore nobody will free it */
2281                 free_pending_request(req);
2282                 return sizeof(struct raw1394_request);
2283         } else {
2284                 for (dentry =
2285                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2286                      dentry; dentry = dentry->next) {
2287                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2288                                                              root_kv,
2289                                                              dentry->kv);
2290                 }
2291                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2292                 fi->csr1212_dirs[dr] = NULL;
2293                 return ret;
2294         }
2295 }
2296
2297 static int state_connected(struct file_info *fi, struct pending_request *req)
2298 {
2299         int node = req->req.address >> 48;
2300
2301         req->req.error = RAW1394_ERROR_NONE;
2302
2303         switch (req->req.type) {
2304
2305         case RAW1394_REQ_ECHO:
2306                 queue_complete_req(req);
2307                 return sizeof(struct raw1394_request);
2308
2309         case RAW1394_REQ_ISO_SEND:
2310                 print_old_iso_deprecation();
2311                 return handle_iso_send(fi, req, node);
2312
2313         case RAW1394_REQ_ARM_REGISTER:
2314                 return arm_register(fi, req);
2315
2316         case RAW1394_REQ_ARM_UNREGISTER:
2317                 return arm_unregister(fi, req);
2318
2319         case RAW1394_REQ_ARM_SET_BUF:
2320                 return arm_set_buf(fi, req);
2321
2322         case RAW1394_REQ_ARM_GET_BUF:
2323                 return arm_get_buf(fi, req);
2324
2325         case RAW1394_REQ_RESET_NOTIFY:
2326                 return reset_notification(fi, req);
2327
2328         case RAW1394_REQ_ISO_LISTEN:
2329                 print_old_iso_deprecation();
2330                 handle_iso_listen(fi, req);
2331                 return sizeof(struct raw1394_request);
2332
2333         case RAW1394_REQ_FCP_LISTEN:
2334                 handle_fcp_listen(fi, req);
2335                 return sizeof(struct raw1394_request);
2336
2337         case RAW1394_REQ_RESET_BUS:
2338                 if (req->req.misc == RAW1394_LONG_RESET) {
2339                         DBGMSG("busreset called (type: LONG)");
2340                         hpsb_reset_bus(fi->host, LONG_RESET);
2341                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2342                         return sizeof(struct raw1394_request);
2343                 }
2344                 if (req->req.misc == RAW1394_SHORT_RESET) {
2345                         DBGMSG("busreset called (type: SHORT)");
2346                         hpsb_reset_bus(fi->host, SHORT_RESET);
2347                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2348                         return sizeof(struct raw1394_request);
2349                 }
2350                 /* error EINVAL (22) invalid argument */
2351                 return (-EINVAL);
2352         case RAW1394_REQ_GET_ROM:
2353                 return get_config_rom(fi, req);
2354
2355         case RAW1394_REQ_UPDATE_ROM:
2356                 return update_config_rom(fi, req);
2357
2358         case RAW1394_REQ_MODIFY_ROM:
2359                 return modify_config_rom(fi, req);
2360         }
2361
2362         if (req->req.generation != get_hpsb_generation(fi->host)) {
2363                 req->req.error = RAW1394_ERROR_GENERATION;
2364                 req->req.generation = get_hpsb_generation(fi->host);
2365                 req->req.length = 0;
2366                 queue_complete_req(req);
2367                 return sizeof(struct raw1394_request);
2368         }
2369
2370         switch (req->req.type) {
2371         case RAW1394_REQ_PHYPACKET:
2372                 return write_phypacket(fi, req);
2373         case RAW1394_REQ_ASYNC_SEND:
2374                 return handle_async_send(fi, req);
2375         }
2376
2377         if (req->req.length == 0) {
2378                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2379                 queue_complete_req(req);
2380                 return sizeof(struct raw1394_request);
2381         }
2382
2383         return handle_async_request(fi, req, node);
2384 }
2385
2386 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2387                              size_t count, loff_t * offset_is_ignored)
2388 {
2389         struct file_info *fi = (struct file_info *)file->private_data;
2390         struct pending_request *req;
2391         ssize_t retval = 0;
2392
2393 #ifdef CONFIG_COMPAT
2394         if (count == sizeof(struct compat_raw1394_req) &&
2395             sizeof(struct compat_raw1394_req) !=
2396                         sizeof(struct raw1394_request)) {
2397                 buffer = raw1394_compat_write(buffer);
2398                 if (IS_ERR(buffer))
2399                         return PTR_ERR(buffer);
2400         } else
2401 #endif
2402         if (count != sizeof(struct raw1394_request)) {
2403                 return -EINVAL;
2404         }
2405
2406         req = alloc_pending_request();
2407         if (req == NULL) {
2408                 return -ENOMEM;
2409         }
2410         req->file_info = fi;
2411
2412         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2413                 free_pending_request(req);
2414                 return -EFAULT;
2415         }
2416
2417         switch (fi->state) {
2418         case opened:
2419                 retval = state_opened(fi, req);
2420                 break;
2421
2422         case initialized:
2423                 retval = state_initialized(fi, req);
2424                 break;
2425
2426         case connected:
2427                 retval = state_connected(fi, req);
2428                 break;
2429         }
2430
2431         if (retval < 0) {
2432                 free_pending_request(req);
2433         }
2434
2435         return retval;
2436 }
2437
2438 /* rawiso operations */
2439
2440 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2441  * completion queue (reqlists_lock must be taken) */
2442 static inline int __rawiso_event_in_queue(struct file_info *fi)
2443 {
2444         struct pending_request *req;
2445
2446         list_for_each_entry(req, &fi->req_complete, list)
2447             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2448                 return 1;
2449
2450         return 0;
2451 }
2452
2453 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2454 static void queue_rawiso_event(struct file_info *fi)
2455 {
2456         unsigned long flags;
2457
2458         spin_lock_irqsave(&fi->reqlists_lock, flags);
2459
2460         /* only one ISO activity event may be in the queue */
2461         if (!__rawiso_event_in_queue(fi)) {
2462                 struct pending_request *req =
2463                     __alloc_pending_request(GFP_ATOMIC);
2464
2465                 if (req) {
2466                         req->file_info = fi;
2467                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2468                         req->req.generation = get_hpsb_generation(fi->host);
2469                         __queue_complete_req(req);
2470                 } else {
2471                         /* on allocation failure, signal an overflow */
2472                         if (fi->iso_handle) {
2473                                 atomic_inc(&fi->iso_handle->overflows);
2474                         }
2475                 }
2476         }
2477         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2478 }
2479
2480 static void rawiso_activity_cb(struct hpsb_iso *iso)
2481 {
2482         unsigned long flags;
2483         struct host_info *hi;
2484         struct file_info *fi;
2485
2486         spin_lock_irqsave(&host_info_lock, flags);
2487         hi = find_host_info(iso->host);
2488
2489         if (hi != NULL) {
2490                 list_for_each_entry(fi, &hi->file_info_list, list) {
2491                         if (fi->iso_handle == iso)
2492                                 queue_rawiso_event(fi);
2493                 }
2494         }
2495
2496         spin_unlock_irqrestore(&host_info_lock, flags);
2497 }
2498
2499 /* helper function - gather all the kernel iso status bits for returning to user-space */
2500 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2501                                     struct raw1394_iso_status *stat)
2502 {
2503         stat->config.data_buf_size = iso->buf_size;
2504         stat->config.buf_packets = iso->buf_packets;
2505         stat->config.channel = iso->channel;
2506         stat->config.speed = iso->speed;
2507         stat->config.irq_interval = iso->irq_interval;
2508         stat->n_packets = hpsb_iso_n_ready(iso);
2509         stat->overflows = atomic_read(&iso->overflows);
2510         stat->xmit_cycle = iso->xmit_cycle;
2511 }
2512
2513 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2514 {
2515         struct raw1394_iso_status stat;
2516
2517         if (!fi->host)
2518                 return -EINVAL;
2519
2520         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2521                 return -EFAULT;
2522
2523         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2524                                             stat.config.data_buf_size,
2525                                             stat.config.buf_packets,
2526                                             stat.config.channel,
2527                                             stat.config.speed,
2528                                             stat.config.irq_interval,
2529                                             rawiso_activity_cb);
2530         if (!fi->iso_handle)
2531                 return -ENOMEM;
2532
2533         fi->iso_state = RAW1394_ISO_XMIT;
2534
2535         raw1394_iso_fill_status(fi->iso_handle, &stat);
2536         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2537                 return -EFAULT;
2538
2539         /* queue an event to get things started */
2540         rawiso_activity_cb(fi->iso_handle);
2541
2542         return 0;
2543 }
2544
2545 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2546 {
2547         struct raw1394_iso_status stat;
2548
2549         if (!fi->host)
2550                 return -EINVAL;
2551
2552         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2553                 return -EFAULT;
2554
2555         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2556                                             stat.config.data_buf_size,
2557                                             stat.config.buf_packets,
2558                                             stat.config.channel,
2559                                             stat.config.dma_mode,
2560                                             stat.config.irq_interval,
2561                                             rawiso_activity_cb);
2562         if (!fi->iso_handle)
2563                 return -ENOMEM;
2564
2565         fi->iso_state = RAW1394_ISO_RECV;
2566
2567         raw1394_iso_fill_status(fi->iso_handle, &stat);
2568         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2569                 return -EFAULT;
2570         return 0;
2571 }
2572
2573 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2574 {
2575         struct raw1394_iso_status stat;
2576         struct hpsb_iso *iso = fi->iso_handle;
2577
2578         raw1394_iso_fill_status(fi->iso_handle, &stat);
2579         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2580                 return -EFAULT;
2581
2582         /* reset overflow counter */
2583         atomic_set(&iso->overflows, 0);
2584
2585         return 0;
2586 }
2587
2588 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2589 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2590 {
2591         struct raw1394_iso_packets upackets;
2592         unsigned int packet = fi->iso_handle->first_packet;
2593         int i;
2594
2595         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2596                 return -EFAULT;
2597
2598         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2599                 return -EINVAL;
2600
2601         /* ensure user-supplied buffer is accessible and big enough */
2602         if (!access_ok(VERIFY_WRITE, upackets.infos,
2603                        upackets.n_packets *
2604                        sizeof(struct raw1394_iso_packet_info)))
2605                 return -EFAULT;
2606
2607         /* copy the packet_infos out */
2608         for (i = 0; i < upackets.n_packets; i++) {
2609                 if (__copy_to_user(&upackets.infos[i],
2610                                    &fi->iso_handle->infos[packet],
2611                                    sizeof(struct raw1394_iso_packet_info)))
2612                         return -EFAULT;
2613
2614                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2615         }
2616
2617         return 0;
2618 }
2619
2620 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2621 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2622 {
2623         struct raw1394_iso_packets upackets;
2624         int i, rv;
2625
2626         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2627                 return -EFAULT;
2628
2629         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2630                 return -EINVAL;
2631
2632         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2633                 return -EAGAIN;
2634
2635         /* ensure user-supplied buffer is accessible and big enough */
2636         if (!access_ok(VERIFY_READ, upackets.infos,
2637                        upackets.n_packets *
2638                        sizeof(struct raw1394_iso_packet_info)))
2639                 return -EFAULT;
2640
2641         /* copy the infos structs in and queue the packets */
2642         for (i = 0; i < upackets.n_packets; i++) {
2643                 struct raw1394_iso_packet_info info;
2644
2645                 if (__copy_from_user(&info, &upackets.infos[i],
2646                                      sizeof(struct raw1394_iso_packet_info)))
2647                         return -EFAULT;
2648
2649                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2650                                                 info.len, info.tag, info.sy);
2651                 if (rv)
2652                         return rv;
2653         }
2654
2655         return 0;
2656 }
2657
2658 static void raw1394_iso_shutdown(struct file_info *fi)
2659 {
2660         if (fi->iso_handle)
2661                 hpsb_iso_shutdown(fi->iso_handle);
2662
2663         fi->iso_handle = NULL;
2664         fi->iso_state = RAW1394_ISO_INACTIVE;
2665 }
2666
2667 /* mmap the rawiso xmit/recv buffer */
2668 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2669 {
2670         struct file_info *fi = file->private_data;
2671
2672         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2673                 return -EINVAL;
2674
2675         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2676 }
2677
2678 /* ioctl is only used for rawiso operations */
2679 static int raw1394_ioctl(struct inode *inode, struct file *file,
2680                          unsigned int cmd, unsigned long arg)
2681 {
2682         struct file_info *fi = file->private_data;
2683         void __user *argp = (void __user *)arg;
2684
2685         switch (fi->iso_state) {
2686         case RAW1394_ISO_INACTIVE:
2687                 switch (cmd) {
2688                 case RAW1394_IOC_ISO_XMIT_INIT:
2689                         return raw1394_iso_xmit_init(fi, argp);
2690                 case RAW1394_IOC_ISO_RECV_INIT:
2691                         return raw1394_iso_recv_init(fi, argp);
2692                 default:
2693                         break;
2694                 }
2695                 break;
2696         case RAW1394_ISO_RECV:
2697                 switch (cmd) {
2698                 case RAW1394_IOC_ISO_RECV_START:{
2699                                 /* copy args from user-space */
2700                                 int args[3];
2701                                 if (copy_from_user
2702                                     (&args[0], argp, sizeof(args)))
2703                                         return -EFAULT;
2704                                 return hpsb_iso_recv_start(fi->iso_handle,
2705                                                            args[0], args[1],
2706                                                            args[2]);
2707                         }
2708                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2709                         hpsb_iso_stop(fi->iso_handle);
2710                         return 0;
2711                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2712                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2713                                                             arg);
2714                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2715                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2716                                                               arg);
2717                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2718                                 /* copy the u64 from user-space */
2719                                 u64 mask;
2720                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2721                                         return -EFAULT;
2722                                 return hpsb_iso_recv_set_channel_mask(fi->
2723                                                                       iso_handle,
2724                                                                       mask);
2725                         }
2726                 case RAW1394_IOC_ISO_GET_STATUS:
2727                         return raw1394_iso_get_status(fi, argp);
2728                 case RAW1394_IOC_ISO_RECV_PACKETS:
2729                         return raw1394_iso_recv_packets(fi, argp);
2730                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2731                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2732                                                              arg);
2733                 case RAW1394_IOC_ISO_RECV_FLUSH:
2734                         return hpsb_iso_recv_flush(fi->iso_handle);
2735                 case RAW1394_IOC_ISO_SHUTDOWN:
2736                         raw1394_iso_shutdown(fi);
2737                         return 0;
2738                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2739                         queue_rawiso_event(fi);
2740                         return 0;
2741                 }
2742                 break;
2743         case RAW1394_ISO_XMIT:
2744                 switch (cmd) {
2745                 case RAW1394_IOC_ISO_XMIT_START:{
2746                                 /* copy two ints from user-space */
2747                                 int args[2];
2748                                 if (copy_from_user
2749                                     (&args[0], argp, sizeof(args)))
2750                                         return -EFAULT;
2751                                 return hpsb_iso_xmit_start(fi->iso_handle,
2752                                                            args[0], args[1]);
2753                         }
2754                 case RAW1394_IOC_ISO_XMIT_SYNC:
2755                         return hpsb_iso_xmit_sync(fi->iso_handle);
2756                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2757                         hpsb_iso_stop(fi->iso_handle);
2758                         return 0;
2759                 case RAW1394_IOC_ISO_GET_STATUS:
2760                         return raw1394_iso_get_status(fi, argp);
2761                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2762                         return raw1394_iso_send_packets(fi, argp);
2763                 case RAW1394_IOC_ISO_SHUTDOWN:
2764                         raw1394_iso_shutdown(fi);
2765                         return 0;
2766                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2767                         queue_rawiso_event(fi);
2768                         return 0;
2769                 }
2770                 break;
2771         default:
2772                 break;
2773         }
2774
2775         return -EINVAL;
2776 }
2777
2778 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2779 {
2780         struct file_info *fi = file->private_data;
2781         unsigned int mask = POLLOUT | POLLWRNORM;
2782         unsigned long flags;
2783
2784         poll_wait(file, &fi->wait_complete, pt);
2785
2786         spin_lock_irqsave(&fi->reqlists_lock, flags);
2787         if (!list_empty(&fi->req_complete)) {
2788                 mask |= POLLIN | POLLRDNORM;
2789         }
2790         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2791
2792         return mask;
2793 }
2794
2795 static int raw1394_open(struct inode *inode, struct file *file)
2796 {
2797         struct file_info *fi;
2798
2799         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2800         if (!fi)
2801                 return -ENOMEM;
2802
2803         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2804
2805         INIT_LIST_HEAD(&fi->list);
2806         fi->state = opened;
2807         INIT_LIST_HEAD(&fi->req_pending);
2808         INIT_LIST_HEAD(&fi->req_complete);
2809         spin_lock_init(&fi->reqlists_lock);
2810         init_waitqueue_head(&fi->wait_complete);
2811         INIT_LIST_HEAD(&fi->addr_list);
2812
2813         file->private_data = fi;
2814
2815         return 0;
2816 }
2817
2818 static int raw1394_release(struct inode *inode, struct file *file)
2819 {
2820         struct file_info *fi = file->private_data;
2821         struct list_head *lh;
2822         struct pending_request *req;
2823         int i, fail;
2824         int retval = 0;
2825         struct list_head *entry;
2826         struct arm_addr *addr = NULL;
2827         struct host_info *hi;
2828         struct file_info *fi_hlp = NULL;
2829         struct arm_addr *arm_addr = NULL;
2830         int another_host;
2831         int csr_mod = 0;
2832         unsigned long flags;
2833
2834         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2835                 raw1394_iso_shutdown(fi);
2836
2837         for (i = 0; i < 64; i++) {
2838                 if (fi->listen_channels & (1ULL << i)) {
2839                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2840                 }
2841         }
2842
2843         spin_lock_irqsave(&host_info_lock, flags);
2844         fi->listen_channels = 0;
2845
2846         fail = 0;
2847         /* set address-entries invalid */
2848
2849         while (!list_empty(&fi->addr_list)) {
2850                 another_host = 0;
2851                 lh = fi->addr_list.next;
2852                 addr = list_entry(lh, struct arm_addr, addr_list);
2853                 /* another host with valid address-entry containing
2854                    same addressrange? */
2855                 list_for_each_entry(hi, &host_info_list, list) {
2856                         if (hi->host != fi->host) {
2857                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2858                                                     list) {
2859                                         entry = fi_hlp->addr_list.next;
2860                                         while (entry != &(fi_hlp->addr_list)) {
2861                                                 arm_addr = list_entry(entry, struct
2862                                                                       arm_addr,
2863                                                                       addr_list);
2864                                                 if (arm_addr->start ==
2865                                                     addr->start) {
2866                                                         DBGMSG
2867                                                             ("raw1394_release: "
2868                                                              "another host ownes "
2869                                                              "same addressrange");
2870                                                         another_host = 1;
2871                                                         break;
2872                                                 }
2873                                                 entry = entry->next;
2874                                         }
2875                                         if (another_host) {
2876                                                 break;
2877                                         }
2878                                 }
2879                         }
2880                 }
2881                 if (!another_host) {
2882                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2883                         retval =
2884                             hpsb_unregister_addrspace(&raw1394_highlevel,
2885                                                       fi->host, addr->start);
2886                         if (!retval) {
2887                                 ++fail;
2888                                 printk(KERN_ERR
2889                                        "raw1394_release arm_Unregister failed\n");
2890                         }
2891                 }
2892                 DBGMSG("raw1394_release: delete addr_entry from list");
2893                 list_del(&addr->addr_list);
2894                 vfree(addr->addr_space_buffer);
2895                 kfree(addr);
2896         }                       /* while */
2897         spin_unlock_irqrestore(&host_info_lock, flags);
2898         if (fail > 0) {
2899                 printk(KERN_ERR "raw1394: during addr_list-release "
2900                        "error(s) occurred \n");
2901         }
2902
2903         for (;;) {
2904                 /* This locked section guarantees that neither
2905                  * complete nor pending requests exist once i!=0 */
2906                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2907                 while ((req = __next_complete_req(fi)))
2908                         free_pending_request(req);
2909
2910                 i = list_empty(&fi->req_pending);
2911                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2912
2913                 if (i)
2914                         break;
2915                 /*
2916                  * Sleep until more requests can be freed.
2917                  *
2918                  * NB: We call the macro wait_event() with a condition argument
2919                  * with side effect.  This is only possible because the side
2920                  * effect does not occur until the condition became true, and
2921                  * wait_event() won't evaluate the condition again after that.
2922                  */
2923                 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2924                 free_pending_request(req);
2925         }
2926
2927         /* Remove any sub-trees left by user space programs */
2928         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2929                 struct csr1212_dentry *dentry;
2930                 if (!fi->csr1212_dirs[i])
2931                         continue;
2932                 for (dentry =
2933                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2934                      dentry = dentry->next) {
2935                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2936                                                              root_kv,
2937                                                              dentry->kv);
2938                 }
2939                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2940                 fi->csr1212_dirs[i] = NULL;
2941                 csr_mod = 1;
2942         }
2943
2944         if ((csr_mod || fi->cfgrom_upd)
2945             && hpsb_update_config_rom_image(fi->host) < 0)
2946                 HPSB_ERR
2947                     ("Failed to generate Configuration ROM image for host %d",
2948                      fi->host->id);
2949
2950         if (fi->state == connected) {
2951                 spin_lock_irqsave(&host_info_lock, flags);
2952                 list_del(&fi->list);
2953                 spin_unlock_irqrestore(&host_info_lock, flags);
2954
2955                 put_device(&fi->host->device);
2956         }
2957
2958         kfree(fi);
2959
2960         return 0;
2961 }
2962
2963 /*** HOTPLUG STUFF **********************************************************/
2964 /*
2965  * Export information about protocols/devices supported by this driver.
2966  */
2967 static struct ieee1394_device_id raw1394_id_table[] = {
2968         {
2969          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2970          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2971          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2972         {
2973          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2974          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2975          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2976         {
2977          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2978          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2979          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2980         {
2981          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2982          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2983          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2984         {}
2985 };
2986
2987 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2988
2989 static struct hpsb_protocol_driver raw1394_driver = {
2990         .name = "raw1394",
2991         .id_table = raw1394_id_table,
2992 };
2993
2994 /******************************************************************************/
2995
2996 static struct hpsb_highlevel raw1394_highlevel = {
2997         .name = RAW1394_DEVICE_NAME,
2998         .add_host = add_host,
2999         .remove_host = remove_host,
3000         .host_reset = host_reset,
3001         .iso_receive = iso_receive,
3002         .fcp_request = fcp_request,
3003 };
3004
3005 static struct cdev raw1394_cdev;
3006 static struct file_operations raw1394_fops = {
3007         .owner = THIS_MODULE,
3008         .read = raw1394_read,
3009         .write = raw1394_write,
3010         .mmap = raw1394_mmap,
3011         .ioctl = raw1394_ioctl,
3012         // .compat_ioctl = ... someone needs to do this
3013         .poll = raw1394_poll,
3014         .open = raw1394_open,
3015         .release = raw1394_release,
3016 };
3017
3018 static int __init init_raw1394(void)
3019 {
3020         int ret = 0;
3021
3022         hpsb_register_highlevel(&raw1394_highlevel);
3023
3024         if (IS_ERR
3025             (class_device_create
3026              (hpsb_protocol_class, NULL,
3027               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
3028               RAW1394_DEVICE_NAME))) {
3029                 ret = -EFAULT;
3030                 goto out_unreg;
3031         }
3032
3033         cdev_init(&raw1394_cdev, &raw1394_fops);
3034         raw1394_cdev.owner = THIS_MODULE;
3035         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3036         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3037         if (ret) {
3038                 HPSB_ERR("raw1394 failed to register minor device block");
3039                 goto out_dev;
3040         }
3041
3042         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3043
3044         ret = hpsb_register_protocol(&raw1394_driver);
3045         if (ret) {
3046                 HPSB_ERR("raw1394: failed to register protocol");
3047                 cdev_del(&raw1394_cdev);
3048                 goto out_dev;
3049         }
3050
3051         goto out;
3052
3053       out_dev:
3054         class_device_destroy(hpsb_protocol_class,
3055                              MKDEV(IEEE1394_MAJOR,
3056                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3057       out_unreg:
3058         hpsb_unregister_highlevel(&raw1394_highlevel);
3059       out:
3060         return ret;
3061 }
3062
3063 static void __exit cleanup_raw1394(void)
3064 {
3065         class_device_destroy(hpsb_protocol_class,
3066                              MKDEV(IEEE1394_MAJOR,
3067                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3068         cdev_del(&raw1394_cdev);
3069         hpsb_unregister_highlevel(&raw1394_highlevel);
3070         hpsb_unregister_protocol(&raw1394_driver);
3071 }
3072
3073 module_init(init_raw1394);
3074 module_exit(cleanup_raw1394);
3075 MODULE_LICENSE("GPL");