Merge master.kernel.org:/home/rmk/linux-2.6-serial
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/devfs_fs_kernel.h>
45
46 #include "csr1212.h"
47 #include "ieee1394.h"
48 #include "ieee1394_types.h"
49 #include "ieee1394_core.h"
50 #include "nodemgr.h"
51 #include "hosts.h"
52 #include "highlevel.h"
53 #include "iso.h"
54 #include "ieee1394_transactions.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 static struct pending_request *__alloc_pending_request(gfp_t flags)
102 {
103         struct pending_request *req;
104
105         req = kzalloc(sizeof(*req), flags);
106         if (req)
107                 INIT_LIST_HEAD(&req->list);
108
109         return req;
110 }
111
112 static inline struct pending_request *alloc_pending_request(void)
113 {
114         return __alloc_pending_request(SLAB_KERNEL);
115 }
116
117 static void free_pending_request(struct pending_request *req)
118 {
119         if (req->ibs) {
120                 if (atomic_dec_and_test(&req->ibs->refcount)) {
121                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
122                         kfree(req->ibs);
123                 }
124         } else if (req->free_data) {
125                 kfree(req->data);
126         }
127         hpsb_free_packet(req->packet);
128         kfree(req);
129 }
130
131 /* fi->reqlists_lock must be taken */
132 static void __queue_complete_req(struct pending_request *req)
133 {
134         struct file_info *fi = req->file_info;
135         list_del(&req->list);
136         list_add_tail(&req->list, &fi->req_complete);
137
138         up(&fi->complete_sem);
139         wake_up_interruptible(&fi->poll_wait_complete);
140 }
141
142 static void queue_complete_req(struct pending_request *req)
143 {
144         unsigned long flags;
145         struct file_info *fi = req->file_info;
146
147         spin_lock_irqsave(&fi->reqlists_lock, flags);
148         __queue_complete_req(req);
149         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
150 }
151
152 static void queue_complete_cb(struct pending_request *req)
153 {
154         struct hpsb_packet *packet = req->packet;
155         int rcode = (packet->header[1] >> 12) & 0xf;
156
157         switch (packet->ack_code) {
158         case ACKX_NONE:
159         case ACKX_SEND_ERROR:
160                 req->req.error = RAW1394_ERROR_SEND_ERROR;
161                 break;
162         case ACKX_ABORTED:
163                 req->req.error = RAW1394_ERROR_ABORTED;
164                 break;
165         case ACKX_TIMEOUT:
166                 req->req.error = RAW1394_ERROR_TIMEOUT;
167                 break;
168         default:
169                 req->req.error = (packet->ack_code << 16) | rcode;
170                 break;
171         }
172
173         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
174                 req->req.length = 0;
175         }
176
177         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
178             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
179             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
180             (req->req.type == RAW1394_REQ_LOCK) ||
181             (req->req.type == RAW1394_REQ_LOCK64))
182                 hpsb_free_tlabel(packet);
183
184         queue_complete_req(req);
185 }
186
187 static void add_host(struct hpsb_host *host)
188 {
189         struct host_info *hi;
190         unsigned long flags;
191
192         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
193
194         if (hi) {
195                 INIT_LIST_HEAD(&hi->list);
196                 hi->host = host;
197                 INIT_LIST_HEAD(&hi->file_info_list);
198
199                 spin_lock_irqsave(&host_info_lock, flags);
200                 list_add_tail(&hi->list, &host_info_list);
201                 host_count++;
202                 spin_unlock_irqrestore(&host_info_lock, flags);
203         }
204
205         atomic_inc(&internal_generation);
206 }
207
208 static struct host_info *find_host_info(struct hpsb_host *host)
209 {
210         struct host_info *hi;
211
212         list_for_each_entry(hi, &host_info_list, list)
213             if (hi->host == host)
214                 return hi;
215
216         return NULL;
217 }
218
219 static void remove_host(struct hpsb_host *host)
220 {
221         struct host_info *hi;
222         unsigned long flags;
223
224         spin_lock_irqsave(&host_info_lock, flags);
225         hi = find_host_info(host);
226
227         if (hi != NULL) {
228                 list_del(&hi->list);
229                 host_count--;
230                 /*
231                    FIXME: address ranges should be removed
232                    and fileinfo states should be initialized
233                    (including setting generation to
234                    internal-generation ...)
235                  */
236         }
237         spin_unlock_irqrestore(&host_info_lock, flags);
238
239         if (hi == NULL) {
240                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
241                        "0x%p\n", host);
242                 return;
243         }
244
245         kfree(hi);
246
247         atomic_inc(&internal_generation);
248 }
249
250 static void host_reset(struct hpsb_host *host)
251 {
252         unsigned long flags;
253         struct host_info *hi;
254         struct file_info *fi;
255         struct pending_request *req;
256
257         spin_lock_irqsave(&host_info_lock, flags);
258         hi = find_host_info(host);
259
260         if (hi != NULL) {
261                 list_for_each_entry(fi, &hi->file_info_list, list) {
262                         if (fi->notification == RAW1394_NOTIFY_ON) {
263                                 req = __alloc_pending_request(SLAB_ATOMIC);
264
265                                 if (req != NULL) {
266                                         req->file_info = fi;
267                                         req->req.type = RAW1394_REQ_BUS_RESET;
268                                         req->req.generation =
269                                             get_hpsb_generation(host);
270                                         req->req.misc = (host->node_id << 16)
271                                             | host->node_count;
272                                         if (fi->protocol_version > 3) {
273                                                 req->req.misc |=
274                                                     (NODEID_TO_NODE
275                                                      (host->irm_id)
276                                                      << 8);
277                                         }
278
279                                         queue_complete_req(req);
280                                 }
281                         }
282                 }
283         }
284         spin_unlock_irqrestore(&host_info_lock, flags);
285 }
286
287 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
288                         size_t length)
289 {
290         unsigned long flags;
291         struct host_info *hi;
292         struct file_info *fi;
293         struct pending_request *req, *req_next;
294         struct iso_block_store *ibs = NULL;
295         LIST_HEAD(reqs);
296
297         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
298                 HPSB_INFO("dropped iso packet");
299                 return;
300         }
301
302         spin_lock_irqsave(&host_info_lock, flags);
303         hi = find_host_info(host);
304
305         if (hi != NULL) {
306                 list_for_each_entry(fi, &hi->file_info_list, list) {
307                         if (!(fi->listen_channels & (1ULL << channel)))
308                                 continue;
309
310                         req = __alloc_pending_request(SLAB_ATOMIC);
311                         if (!req)
312                                 break;
313
314                         if (!ibs) {
315                                 ibs = kmalloc(sizeof(*ibs) + length,
316                                               SLAB_ATOMIC);
317                                 if (!ibs) {
318                                         kfree(req);
319                                         break;
320                                 }
321
322                                 atomic_add(length, &iso_buffer_size);
323                                 atomic_set(&ibs->refcount, 0);
324                                 ibs->data_size = length;
325                                 memcpy(ibs->data, data, length);
326                         }
327
328                         atomic_inc(&ibs->refcount);
329
330                         req->file_info = fi;
331                         req->ibs = ibs;
332                         req->data = ibs->data;
333                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
334                         req->req.generation = get_hpsb_generation(host);
335                         req->req.misc = 0;
336                         req->req.recvb = ptr2int(fi->iso_buffer);
337                         req->req.length = min(length, fi->iso_buffer_length);
338
339                         list_add_tail(&req->list, &reqs);
340                 }
341         }
342         spin_unlock_irqrestore(&host_info_lock, flags);
343
344         list_for_each_entry_safe(req, req_next, &reqs, list)
345             queue_complete_req(req);
346 }
347
348 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
349                         int cts, u8 * data, size_t length)
350 {
351         unsigned long flags;
352         struct host_info *hi;
353         struct file_info *fi;
354         struct pending_request *req, *req_next;
355         struct iso_block_store *ibs = NULL;
356         LIST_HEAD(reqs);
357
358         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
359                 HPSB_INFO("dropped fcp request");
360                 return;
361         }
362
363         spin_lock_irqsave(&host_info_lock, flags);
364         hi = find_host_info(host);
365
366         if (hi != NULL) {
367                 list_for_each_entry(fi, &hi->file_info_list, list) {
368                         if (!fi->fcp_buffer)
369                                 continue;
370
371                         req = __alloc_pending_request(SLAB_ATOMIC);
372                         if (!req)
373                                 break;
374
375                         if (!ibs) {
376                                 ibs = kmalloc(sizeof(*ibs) + length,
377                                               SLAB_ATOMIC);
378                                 if (!ibs) {
379                                         kfree(req);
380                                         break;
381                                 }
382
383                                 atomic_add(length, &iso_buffer_size);
384                                 atomic_set(&ibs->refcount, 0);
385                                 ibs->data_size = length;
386                                 memcpy(ibs->data, data, length);
387                         }
388
389                         atomic_inc(&ibs->refcount);
390
391                         req->file_info = fi;
392                         req->ibs = ibs;
393                         req->data = ibs->data;
394                         req->req.type = RAW1394_REQ_FCP_REQUEST;
395                         req->req.generation = get_hpsb_generation(host);
396                         req->req.misc = nodeid | (direction << 16);
397                         req->req.recvb = ptr2int(fi->fcp_buffer);
398                         req->req.length = length;
399
400                         list_add_tail(&req->list, &reqs);
401                 }
402         }
403         spin_unlock_irqrestore(&host_info_lock, flags);
404
405         list_for_each_entry_safe(req, req_next, &reqs, list)
406             queue_complete_req(req);
407 }
408
409 static ssize_t raw1394_read(struct file *file, char __user * buffer,
410                             size_t count, loff_t * offset_is_ignored)
411 {
412         unsigned long flags;
413         struct file_info *fi = (struct file_info *)file->private_data;
414         struct list_head *lh;
415         struct pending_request *req;
416         ssize_t ret;
417
418         if (count != sizeof(struct raw1394_request)) {
419                 return -EINVAL;
420         }
421
422         if (!access_ok(VERIFY_WRITE, buffer, count)) {
423                 return -EFAULT;
424         }
425
426         if (file->f_flags & O_NONBLOCK) {
427                 if (down_trylock(&fi->complete_sem)) {
428                         return -EAGAIN;
429                 }
430         } else {
431                 if (down_interruptible(&fi->complete_sem)) {
432                         return -ERESTARTSYS;
433                 }
434         }
435
436         spin_lock_irqsave(&fi->reqlists_lock, flags);
437         lh = fi->req_complete.next;
438         list_del(lh);
439         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
440
441         req = list_entry(lh, struct pending_request, list);
442
443         if (req->req.length) {
444                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
445                                  req->req.length)) {
446                         req->req.error = RAW1394_ERROR_MEMFAULT;
447                 }
448         }
449         if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
450                 ret = -EFAULT;
451                 goto out;
452         }
453
454         ret = (ssize_t) sizeof(struct raw1394_request);
455       out:
456         free_pending_request(req);
457         return ret;
458 }
459
460 static int state_opened(struct file_info *fi, struct pending_request *req)
461 {
462         if (req->req.type == RAW1394_REQ_INITIALIZE) {
463                 switch (req->req.misc) {
464                 case RAW1394_KERNELAPI_VERSION:
465                 case 3:
466                         fi->state = initialized;
467                         fi->protocol_version = req->req.misc;
468                         req->req.error = RAW1394_ERROR_NONE;
469                         req->req.generation = atomic_read(&internal_generation);
470                         break;
471
472                 default:
473                         req->req.error = RAW1394_ERROR_COMPAT;
474                         req->req.misc = RAW1394_KERNELAPI_VERSION;
475                 }
476         } else {
477                 req->req.error = RAW1394_ERROR_STATE_ORDER;
478         }
479
480         req->req.length = 0;
481         queue_complete_req(req);
482         return sizeof(struct raw1394_request);
483 }
484
485 static int state_initialized(struct file_info *fi, struct pending_request *req)
486 {
487         unsigned long flags;
488         struct host_info *hi;
489         struct raw1394_khost_list *khl;
490
491         if (req->req.generation != atomic_read(&internal_generation)) {
492                 req->req.error = RAW1394_ERROR_GENERATION;
493                 req->req.generation = atomic_read(&internal_generation);
494                 req->req.length = 0;
495                 queue_complete_req(req);
496                 return sizeof(struct raw1394_request);
497         }
498
499         switch (req->req.type) {
500         case RAW1394_REQ_LIST_CARDS:
501                 spin_lock_irqsave(&host_info_lock, flags);
502                 khl = kmalloc(sizeof(*khl) * host_count, SLAB_ATOMIC);
503
504                 if (khl) {
505                         req->req.misc = host_count;
506                         req->data = (quadlet_t *) khl;
507
508                         list_for_each_entry(hi, &host_info_list, list) {
509                                 khl->nodes = hi->host->node_count;
510                                 strcpy(khl->name, hi->host->driver->name);
511                                 khl++;
512                         }
513                 }
514                 spin_unlock_irqrestore(&host_info_lock, flags);
515
516                 if (khl) {
517                         req->req.error = RAW1394_ERROR_NONE;
518                         req->req.length = min(req->req.length,
519                                               (u32) (sizeof
520                                                      (struct raw1394_khost_list)
521                                                      * req->req.misc));
522                         req->free_data = 1;
523                 } else {
524                         return -ENOMEM;
525                 }
526                 break;
527
528         case RAW1394_REQ_SET_CARD:
529                 spin_lock_irqsave(&host_info_lock, flags);
530                 if (req->req.misc < host_count) {
531                         list_for_each_entry(hi, &host_info_list, list) {
532                                 if (!req->req.misc--)
533                                         break;
534                         }
535                         get_device(&hi->host->device);  // XXX Need to handle failure case
536                         list_add_tail(&fi->list, &hi->file_info_list);
537                         fi->host = hi->host;
538                         fi->state = connected;
539
540                         req->req.error = RAW1394_ERROR_NONE;
541                         req->req.generation = get_hpsb_generation(fi->host);
542                         req->req.misc = (fi->host->node_id << 16)
543                             | fi->host->node_count;
544                         if (fi->protocol_version > 3) {
545                                 req->req.misc |=
546                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
547                         }
548                 } else {
549                         req->req.error = RAW1394_ERROR_INVALID_ARG;
550                 }
551                 spin_unlock_irqrestore(&host_info_lock, flags);
552
553                 req->req.length = 0;
554                 break;
555
556         default:
557                 req->req.error = RAW1394_ERROR_STATE_ORDER;
558                 req->req.length = 0;
559                 break;
560         }
561
562         queue_complete_req(req);
563         return sizeof(struct raw1394_request);
564 }
565
566 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
567 {
568         int channel = req->req.misc;
569
570         if ((channel > 63) || (channel < -64)) {
571                 req->req.error = RAW1394_ERROR_INVALID_ARG;
572         } else if (channel >= 0) {
573                 /* allocate channel req.misc */
574                 if (fi->listen_channels & (1ULL << channel)) {
575                         req->req.error = RAW1394_ERROR_ALREADY;
576                 } else {
577                         if (hpsb_listen_channel
578                             (&raw1394_highlevel, fi->host, channel)) {
579                                 req->req.error = RAW1394_ERROR_ALREADY;
580                         } else {
581                                 fi->listen_channels |= 1ULL << channel;
582                                 fi->iso_buffer = int2ptr(req->req.recvb);
583                                 fi->iso_buffer_length = req->req.length;
584                         }
585                 }
586         } else {
587                 /* deallocate channel (one's complement neg) req.misc */
588                 channel = ~channel;
589
590                 if (fi->listen_channels & (1ULL << channel)) {
591                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
592                                               channel);
593                         fi->listen_channels &= ~(1ULL << channel);
594                 } else {
595                         req->req.error = RAW1394_ERROR_INVALID_ARG;
596                 }
597         }
598
599         req->req.length = 0;
600         queue_complete_req(req);
601 }
602
603 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
604 {
605         if (req->req.misc) {
606                 if (fi->fcp_buffer) {
607                         req->req.error = RAW1394_ERROR_ALREADY;
608                 } else {
609                         fi->fcp_buffer = int2ptr(req->req.recvb);
610                 }
611         } else {
612                 if (!fi->fcp_buffer) {
613                         req->req.error = RAW1394_ERROR_ALREADY;
614                 } else {
615                         fi->fcp_buffer = NULL;
616                 }
617         }
618
619         req->req.length = 0;
620         queue_complete_req(req);
621 }
622
623 static int handle_async_request(struct file_info *fi,
624                                 struct pending_request *req, int node)
625 {
626         unsigned long flags;
627         struct hpsb_packet *packet = NULL;
628         u64 addr = req->req.address & 0xffffffffffffULL;
629
630         switch (req->req.type) {
631         case RAW1394_REQ_ASYNC_READ:
632                 DBGMSG("read_request called");
633                 packet =
634                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
635
636                 if (!packet)
637                         return -ENOMEM;
638
639                 if (req->req.length == 4)
640                         req->data = &packet->header[3];
641                 else
642                         req->data = packet->data;
643
644                 break;
645
646         case RAW1394_REQ_ASYNC_WRITE:
647                 DBGMSG("write_request called");
648
649                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
650                                                req->req.length);
651                 if (!packet)
652                         return -ENOMEM;
653
654                 if (req->req.length == 4) {
655                         if (copy_from_user
656                             (&packet->header[3], int2ptr(req->req.sendb),
657                              req->req.length))
658                                 req->req.error = RAW1394_ERROR_MEMFAULT;
659                 } else {
660                         if (copy_from_user
661                             (packet->data, int2ptr(req->req.sendb),
662                              req->req.length))
663                                 req->req.error = RAW1394_ERROR_MEMFAULT;
664                 }
665
666                 req->req.length = 0;
667                 break;
668
669         case RAW1394_REQ_ASYNC_STREAM:
670                 DBGMSG("stream_request called");
671
672                 packet =
673                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
674                                            node & 0x3f /*channel */ ,
675                                            (req->req.misc >> 16) & 0x3,
676                                            req->req.misc & 0xf);
677                 if (!packet)
678                         return -ENOMEM;
679
680                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
681                                    req->req.length))
682                         req->req.error = RAW1394_ERROR_MEMFAULT;
683
684                 req->req.length = 0;
685                 break;
686
687         case RAW1394_REQ_LOCK:
688                 DBGMSG("lock_request called");
689                 if ((req->req.misc == EXTCODE_FETCH_ADD)
690                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
691                         if (req->req.length != 4) {
692                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
693                                 break;
694                         }
695                 } else {
696                         if (req->req.length != 8) {
697                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
698                                 break;
699                         }
700                 }
701
702                 packet = hpsb_make_lockpacket(fi->host, node, addr,
703                                               req->req.misc, NULL, 0);
704                 if (!packet)
705                         return -ENOMEM;
706
707                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
708                                    req->req.length)) {
709                         req->req.error = RAW1394_ERROR_MEMFAULT;
710                         break;
711                 }
712
713                 req->data = packet->data;
714                 req->req.length = 4;
715                 break;
716
717         case RAW1394_REQ_LOCK64:
718                 DBGMSG("lock64_request called");
719                 if ((req->req.misc == EXTCODE_FETCH_ADD)
720                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
721                         if (req->req.length != 8) {
722                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
723                                 break;
724                         }
725                 } else {
726                         if (req->req.length != 16) {
727                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
728                                 break;
729                         }
730                 }
731                 packet = hpsb_make_lock64packet(fi->host, node, addr,
732                                                 req->req.misc, NULL, 0);
733                 if (!packet)
734                         return -ENOMEM;
735
736                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
737                                    req->req.length)) {
738                         req->req.error = RAW1394_ERROR_MEMFAULT;
739                         break;
740                 }
741
742                 req->data = packet->data;
743                 req->req.length = 8;
744                 break;
745
746         default:
747                 req->req.error = RAW1394_ERROR_STATE_ORDER;
748         }
749
750         req->packet = packet;
751
752         if (req->req.error) {
753                 req->req.length = 0;
754                 queue_complete_req(req);
755                 return sizeof(struct raw1394_request);
756         }
757
758         hpsb_set_packet_complete_task(packet,
759                                       (void (*)(void *))queue_complete_cb, req);
760
761         spin_lock_irqsave(&fi->reqlists_lock, flags);
762         list_add_tail(&req->list, &fi->req_pending);
763         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
764
765         packet->generation = req->req.generation;
766
767         if (hpsb_send_packet(packet) < 0) {
768                 req->req.error = RAW1394_ERROR_SEND_ERROR;
769                 req->req.length = 0;
770                 hpsb_free_tlabel(packet);
771                 queue_complete_req(req);
772         }
773         return sizeof(struct raw1394_request);
774 }
775
776 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
777                            int channel)
778 {
779         unsigned long flags;
780         struct hpsb_packet *packet;
781
782         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
783                                      (req->req.misc >> 16) & 0x3,
784                                      req->req.misc & 0xf);
785         if (!packet)
786                 return -ENOMEM;
787
788         packet->speed_code = req->req.address & 0x3;
789
790         req->packet = packet;
791
792         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
793                            req->req.length)) {
794                 req->req.error = RAW1394_ERROR_MEMFAULT;
795                 req->req.length = 0;
796                 queue_complete_req(req);
797                 return sizeof(struct raw1394_request);
798         }
799
800         req->req.length = 0;
801         hpsb_set_packet_complete_task(packet,
802                                       (void (*)(void *))queue_complete_req,
803                                       req);
804
805         spin_lock_irqsave(&fi->reqlists_lock, flags);
806         list_add_tail(&req->list, &fi->req_pending);
807         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
808
809         /* Update the generation of the packet just before sending. */
810         packet->generation = req->req.generation;
811
812         if (hpsb_send_packet(packet) < 0) {
813                 req->req.error = RAW1394_ERROR_SEND_ERROR;
814                 queue_complete_req(req);
815         }
816
817         return sizeof(struct raw1394_request);
818 }
819
820 static int handle_async_send(struct file_info *fi, struct pending_request *req)
821 {
822         unsigned long flags;
823         struct hpsb_packet *packet;
824         int header_length = req->req.misc & 0xffff;
825         int expect_response = req->req.misc >> 16;
826
827         if ((header_length > req->req.length) || (header_length < 12)) {
828                 req->req.error = RAW1394_ERROR_INVALID_ARG;
829                 req->req.length = 0;
830                 queue_complete_req(req);
831                 return sizeof(struct raw1394_request);
832         }
833
834         packet = hpsb_alloc_packet(req->req.length - header_length);
835         req->packet = packet;
836         if (!packet)
837                 return -ENOMEM;
838
839         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
840                            header_length)) {
841                 req->req.error = RAW1394_ERROR_MEMFAULT;
842                 req->req.length = 0;
843                 queue_complete_req(req);
844                 return sizeof(struct raw1394_request);
845         }
846
847         if (copy_from_user
848             (packet->data, int2ptr(req->req.sendb) + header_length,
849              packet->data_size)) {
850                 req->req.error = RAW1394_ERROR_MEMFAULT;
851                 req->req.length = 0;
852                 queue_complete_req(req);
853                 return sizeof(struct raw1394_request);
854         }
855
856         packet->type = hpsb_async;
857         packet->node_id = packet->header[0] >> 16;
858         packet->tcode = (packet->header[0] >> 4) & 0xf;
859         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
860         packet->host = fi->host;
861         packet->expect_response = expect_response;
862         packet->header_size = header_length;
863         packet->data_size = req->req.length - header_length;
864
865         req->req.length = 0;
866         hpsb_set_packet_complete_task(packet,
867                                       (void (*)(void *))queue_complete_cb, req);
868
869         spin_lock_irqsave(&fi->reqlists_lock, flags);
870         list_add_tail(&req->list, &fi->req_pending);
871         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
872
873         /* Update the generation of the packet just before sending. */
874         packet->generation = req->req.generation;
875
876         if (hpsb_send_packet(packet) < 0) {
877                 req->req.error = RAW1394_ERROR_SEND_ERROR;
878                 queue_complete_req(req);
879         }
880
881         return sizeof(struct raw1394_request);
882 }
883
884 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
885                     u64 addr, size_t length, u16 flags)
886 {
887         unsigned long irqflags;
888         struct pending_request *req;
889         struct host_info *hi;
890         struct file_info *fi = NULL;
891         struct list_head *entry;
892         struct arm_addr *arm_addr = NULL;
893         struct arm_request *arm_req = NULL;
894         struct arm_response *arm_resp = NULL;
895         int found = 0, size = 0, rcode = -1;
896         struct arm_request_response *arm_req_resp = NULL;
897
898         DBGMSG("arm_read  called by node: %X"
899                "addr: %4.4x %8.8x length: %Zu", nodeid,
900                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
901                length);
902         spin_lock_irqsave(&host_info_lock, irqflags);
903         hi = find_host_info(host);      /* search address-entry */
904         if (hi != NULL) {
905                 list_for_each_entry(fi, &hi->file_info_list, list) {
906                         entry = fi->addr_list.next;
907                         while (entry != &(fi->addr_list)) {
908                                 arm_addr =
909                                     list_entry(entry, struct arm_addr,
910                                                addr_list);
911                                 if (((arm_addr->start) <= (addr))
912                                     && ((arm_addr->end) >= (addr + length))) {
913                                         found = 1;
914                                         break;
915                                 }
916                                 entry = entry->next;
917                         }
918                         if (found) {
919                                 break;
920                         }
921                 }
922         }
923         rcode = -1;
924         if (!found) {
925                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
926                        " -> rcode_address_error\n");
927                 spin_unlock_irqrestore(&host_info_lock, irqflags);
928                 return (RCODE_ADDRESS_ERROR);
929         } else {
930                 DBGMSG("arm_read addr_entry FOUND");
931         }
932         if (arm_addr->rec_length < length) {
933                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
934                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
935         }
936         if (rcode == -1) {
937                 if (arm_addr->access_rights & ARM_READ) {
938                         if (!(arm_addr->client_transactions & ARM_READ)) {
939                                 memcpy(buffer,
940                                        (arm_addr->addr_space_buffer) + (addr -
941                                                                         (arm_addr->
942                                                                          start)),
943                                        length);
944                                 DBGMSG("arm_read -> (rcode_complete)");
945                                 rcode = RCODE_COMPLETE;
946                         }
947                 } else {
948                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
949                         DBGMSG("arm_read -> rcode_type_error (access denied)");
950                 }
951         }
952         if (arm_addr->notification_options & ARM_READ) {
953                 DBGMSG("arm_read -> entering notification-section");
954                 req = __alloc_pending_request(SLAB_ATOMIC);
955                 if (!req) {
956                         DBGMSG("arm_read -> rcode_conflict_error");
957                         spin_unlock_irqrestore(&host_info_lock, irqflags);
958                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
959                                                            The request may be retried */
960                 }
961                 if (rcode == RCODE_COMPLETE) {
962                         size =
963                             sizeof(struct arm_request) +
964                             sizeof(struct arm_response) +
965                             length * sizeof(byte_t) +
966                             sizeof(struct arm_request_response);
967                 } else {
968                         size =
969                             sizeof(struct arm_request) +
970                             sizeof(struct arm_response) +
971                             sizeof(struct arm_request_response);
972                 }
973                 req->data = kmalloc(size, SLAB_ATOMIC);
974                 if (!(req->data)) {
975                         free_pending_request(req);
976                         DBGMSG("arm_read -> rcode_conflict_error");
977                         spin_unlock_irqrestore(&host_info_lock, irqflags);
978                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
979                                                            The request may be retried */
980                 }
981                 req->free_data = 1;
982                 req->file_info = fi;
983                 req->req.type = RAW1394_REQ_ARM;
984                 req->req.generation = get_hpsb_generation(host);
985                 req->req.misc =
986                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
987                 req->req.tag = arm_addr->arm_tag;
988                 req->req.recvb = arm_addr->recvb;
989                 req->req.length = size;
990                 arm_req_resp = (struct arm_request_response *)(req->data);
991                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
992                                                  (sizeof
993                                                   (struct
994                                                    arm_request_response)));
995                 arm_resp =
996                     (struct arm_response *)((byte_t *) (arm_req) +
997                                             (sizeof(struct arm_request)));
998                 arm_req->buffer = NULL;
999                 arm_resp->buffer = NULL;
1000                 if (rcode == RCODE_COMPLETE) {
1001                         byte_t *buf =
1002                             (byte_t *) arm_resp + sizeof(struct arm_response);
1003                         memcpy(buf,
1004                                (arm_addr->addr_space_buffer) + (addr -
1005                                                                 (arm_addr->
1006                                                                  start)),
1007                                length);
1008                         arm_resp->buffer =
1009                             int2ptr((arm_addr->recvb) +
1010                                     sizeof(struct arm_request_response) +
1011                                     sizeof(struct arm_request) +
1012                                     sizeof(struct arm_response));
1013                 }
1014                 arm_resp->buffer_length =
1015                     (rcode == RCODE_COMPLETE) ? length : 0;
1016                 arm_resp->response_code = rcode;
1017                 arm_req->buffer_length = 0;
1018                 arm_req->generation = req->req.generation;
1019                 arm_req->extended_transaction_code = 0;
1020                 arm_req->destination_offset = addr;
1021                 arm_req->source_nodeid = nodeid;
1022                 arm_req->destination_nodeid = host->node_id;
1023                 arm_req->tlabel = (flags >> 10) & 0x3f;
1024                 arm_req->tcode = (flags >> 4) & 0x0f;
1025                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1026                                                 sizeof(struct
1027                                                        arm_request_response));
1028                 arm_req_resp->response =
1029                     int2ptr((arm_addr->recvb) +
1030                             sizeof(struct arm_request_response) +
1031                             sizeof(struct arm_request));
1032                 queue_complete_req(req);
1033         }
1034         spin_unlock_irqrestore(&host_info_lock, irqflags);
1035         return (rcode);
1036 }
1037
1038 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1039                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1040 {
1041         unsigned long irqflags;
1042         struct pending_request *req;
1043         struct host_info *hi;
1044         struct file_info *fi = NULL;
1045         struct list_head *entry;
1046         struct arm_addr *arm_addr = NULL;
1047         struct arm_request *arm_req = NULL;
1048         struct arm_response *arm_resp = NULL;
1049         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1050         struct arm_request_response *arm_req_resp = NULL;
1051
1052         DBGMSG("arm_write called by node: %X"
1053                "addr: %4.4x %8.8x length: %Zu", nodeid,
1054                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1055                length);
1056         spin_lock_irqsave(&host_info_lock, irqflags);
1057         hi = find_host_info(host);      /* search address-entry */
1058         if (hi != NULL) {
1059                 list_for_each_entry(fi, &hi->file_info_list, list) {
1060                         entry = fi->addr_list.next;
1061                         while (entry != &(fi->addr_list)) {
1062                                 arm_addr =
1063                                     list_entry(entry, struct arm_addr,
1064                                                addr_list);
1065                                 if (((arm_addr->start) <= (addr))
1066                                     && ((arm_addr->end) >= (addr + length))) {
1067                                         found = 1;
1068                                         break;
1069                                 }
1070                                 entry = entry->next;
1071                         }
1072                         if (found) {
1073                                 break;
1074                         }
1075                 }
1076         }
1077         rcode = -1;
1078         if (!found) {
1079                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1080                        " -> rcode_address_error\n");
1081                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1082                 return (RCODE_ADDRESS_ERROR);
1083         } else {
1084                 DBGMSG("arm_write addr_entry FOUND");
1085         }
1086         if (arm_addr->rec_length < length) {
1087                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1088                 length_conflict = 1;
1089                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1090         }
1091         if (rcode == -1) {
1092                 if (arm_addr->access_rights & ARM_WRITE) {
1093                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1094                                 memcpy((arm_addr->addr_space_buffer) +
1095                                        (addr - (arm_addr->start)), data,
1096                                        length);
1097                                 DBGMSG("arm_write -> (rcode_complete)");
1098                                 rcode = RCODE_COMPLETE;
1099                         }
1100                 } else {
1101                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1102                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1103                 }
1104         }
1105         if (arm_addr->notification_options & ARM_WRITE) {
1106                 DBGMSG("arm_write -> entering notification-section");
1107                 req = __alloc_pending_request(SLAB_ATOMIC);
1108                 if (!req) {
1109                         DBGMSG("arm_write -> rcode_conflict_error");
1110                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1111                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1112                                                            The request my be retried */
1113                 }
1114                 size =
1115                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1116                     (length) * sizeof(byte_t) +
1117                     sizeof(struct arm_request_response);
1118                 req->data = kmalloc(size, SLAB_ATOMIC);
1119                 if (!(req->data)) {
1120                         free_pending_request(req);
1121                         DBGMSG("arm_write -> rcode_conflict_error");
1122                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1123                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1124                                                            The request may be retried */
1125                 }
1126                 req->free_data = 1;
1127                 req->file_info = fi;
1128                 req->req.type = RAW1394_REQ_ARM;
1129                 req->req.generation = get_hpsb_generation(host);
1130                 req->req.misc =
1131                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1132                 req->req.tag = arm_addr->arm_tag;
1133                 req->req.recvb = arm_addr->recvb;
1134                 req->req.length = size;
1135                 arm_req_resp = (struct arm_request_response *)(req->data);
1136                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1137                                                  (sizeof
1138                                                   (struct
1139                                                    arm_request_response)));
1140                 arm_resp =
1141                     (struct arm_response *)((byte_t *) (arm_req) +
1142                                             (sizeof(struct arm_request)));
1143                 arm_resp->buffer = NULL;
1144                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1145                        data, length);
1146                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1147                                           sizeof(struct arm_request_response) +
1148                                           sizeof(struct arm_request) +
1149                                           sizeof(struct arm_response));
1150                 arm_req->buffer_length = length;
1151                 arm_req->generation = req->req.generation;
1152                 arm_req->extended_transaction_code = 0;
1153                 arm_req->destination_offset = addr;
1154                 arm_req->source_nodeid = nodeid;
1155                 arm_req->destination_nodeid = destid;
1156                 arm_req->tlabel = (flags >> 10) & 0x3f;
1157                 arm_req->tcode = (flags >> 4) & 0x0f;
1158                 arm_resp->buffer_length = 0;
1159                 arm_resp->response_code = rcode;
1160                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1161                                                 sizeof(struct
1162                                                        arm_request_response));
1163                 arm_req_resp->response =
1164                     int2ptr((arm_addr->recvb) +
1165                             sizeof(struct arm_request_response) +
1166                             sizeof(struct arm_request));
1167                 queue_complete_req(req);
1168         }
1169         spin_unlock_irqrestore(&host_info_lock, irqflags);
1170         return (rcode);
1171 }
1172
1173 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1174                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1175                     u16 flags)
1176 {
1177         unsigned long irqflags;
1178         struct pending_request *req;
1179         struct host_info *hi;
1180         struct file_info *fi = NULL;
1181         struct list_head *entry;
1182         struct arm_addr *arm_addr = NULL;
1183         struct arm_request *arm_req = NULL;
1184         struct arm_response *arm_resp = NULL;
1185         int found = 0, size = 0, rcode = -1;
1186         quadlet_t old, new;
1187         struct arm_request_response *arm_req_resp = NULL;
1188
1189         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1190             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1191                 DBGMSG("arm_lock  called by node: %X "
1192                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1193                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1194                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1195                        be32_to_cpu(data));
1196         } else {
1197                 DBGMSG("arm_lock  called by node: %X "
1198                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1199                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1200                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1201                        be32_to_cpu(data), be32_to_cpu(arg));
1202         }
1203         spin_lock_irqsave(&host_info_lock, irqflags);
1204         hi = find_host_info(host);      /* search address-entry */
1205         if (hi != NULL) {
1206                 list_for_each_entry(fi, &hi->file_info_list, list) {
1207                         entry = fi->addr_list.next;
1208                         while (entry != &(fi->addr_list)) {
1209                                 arm_addr =
1210                                     list_entry(entry, struct arm_addr,
1211                                                addr_list);
1212                                 if (((arm_addr->start) <= (addr))
1213                                     && ((arm_addr->end) >=
1214                                         (addr + sizeof(*store)))) {
1215                                         found = 1;
1216                                         break;
1217                                 }
1218                                 entry = entry->next;
1219                         }
1220                         if (found) {
1221                                 break;
1222                         }
1223                 }
1224         }
1225         rcode = -1;
1226         if (!found) {
1227                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1228                        " -> rcode_address_error\n");
1229                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1230                 return (RCODE_ADDRESS_ERROR);
1231         } else {
1232                 DBGMSG("arm_lock addr_entry FOUND");
1233         }
1234         if (rcode == -1) {
1235                 if (arm_addr->access_rights & ARM_LOCK) {
1236                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1237                                 memcpy(&old,
1238                                        (arm_addr->addr_space_buffer) + (addr -
1239                                                                         (arm_addr->
1240                                                                          start)),
1241                                        sizeof(old));
1242                                 switch (ext_tcode) {
1243                                 case (EXTCODE_MASK_SWAP):
1244                                         new = data | (old & ~arg);
1245                                         break;
1246                                 case (EXTCODE_COMPARE_SWAP):
1247                                         if (old == arg) {
1248                                                 new = data;
1249                                         } else {
1250                                                 new = old;
1251                                         }
1252                                         break;
1253                                 case (EXTCODE_FETCH_ADD):
1254                                         new =
1255                                             cpu_to_be32(be32_to_cpu(data) +
1256                                                         be32_to_cpu(old));
1257                                         break;
1258                                 case (EXTCODE_LITTLE_ADD):
1259                                         new =
1260                                             cpu_to_le32(le32_to_cpu(data) +
1261                                                         le32_to_cpu(old));
1262                                         break;
1263                                 case (EXTCODE_BOUNDED_ADD):
1264                                         if (old != arg) {
1265                                                 new =
1266                                                     cpu_to_be32(be32_to_cpu
1267                                                                 (data) +
1268                                                                 be32_to_cpu
1269                                                                 (old));
1270                                         } else {
1271                                                 new = old;
1272                                         }
1273                                         break;
1274                                 case (EXTCODE_WRAP_ADD):
1275                                         if (old != arg) {
1276                                                 new =
1277                                                     cpu_to_be32(be32_to_cpu
1278                                                                 (data) +
1279                                                                 be32_to_cpu
1280                                                                 (old));
1281                                         } else {
1282                                                 new = data;
1283                                         }
1284                                         break;
1285                                 default:
1286                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1287                                         printk(KERN_ERR
1288                                                "raw1394: arm_lock FAILED "
1289                                                "ext_tcode not allowed -> rcode_type_error\n");
1290                                         break;
1291                                 }       /*switch */
1292                                 if (rcode == -1) {
1293                                         DBGMSG("arm_lock -> (rcode_complete)");
1294                                         rcode = RCODE_COMPLETE;
1295                                         memcpy(store, &old, sizeof(*store));
1296                                         memcpy((arm_addr->addr_space_buffer) +
1297                                                (addr - (arm_addr->start)),
1298                                                &new, sizeof(*store));
1299                                 }
1300                         }
1301                 } else {
1302                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1303                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1304                 }
1305         }
1306         if (arm_addr->notification_options & ARM_LOCK) {
1307                 byte_t *buf1, *buf2;
1308                 DBGMSG("arm_lock -> entering notification-section");
1309                 req = __alloc_pending_request(SLAB_ATOMIC);
1310                 if (!req) {
1311                         DBGMSG("arm_lock -> rcode_conflict_error");
1312                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1313                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1314                                                            The request may be retried */
1315                 }
1316                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1317                 req->data = kmalloc(size, SLAB_ATOMIC);
1318                 if (!(req->data)) {
1319                         free_pending_request(req);
1320                         DBGMSG("arm_lock -> rcode_conflict_error");
1321                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1322                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1323                                                            The request may be retried */
1324                 }
1325                 req->free_data = 1;
1326                 arm_req_resp = (struct arm_request_response *)(req->data);
1327                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1328                                                  (sizeof
1329                                                   (struct
1330                                                    arm_request_response)));
1331                 arm_resp =
1332                     (struct arm_response *)((byte_t *) (arm_req) +
1333                                             (sizeof(struct arm_request)));
1334                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1335                 buf2 = buf1 + 2 * sizeof(*store);
1336                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1337                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1338                         arm_req->buffer_length = sizeof(*store);
1339                         memcpy(buf1, &data, sizeof(*store));
1340
1341                 } else {
1342                         arm_req->buffer_length = 2 * sizeof(*store);
1343                         memcpy(buf1, &arg, sizeof(*store));
1344                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1345                 }
1346                 if (rcode == RCODE_COMPLETE) {
1347                         arm_resp->buffer_length = sizeof(*store);
1348                         memcpy(buf2, &old, sizeof(*store));
1349                 } else {
1350                         arm_resp->buffer_length = 0;
1351                 }
1352                 req->file_info = fi;
1353                 req->req.type = RAW1394_REQ_ARM;
1354                 req->req.generation = get_hpsb_generation(host);
1355                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1356                                  (ARM_LOCK & 0xFF));
1357                 req->req.tag = arm_addr->arm_tag;
1358                 req->req.recvb = arm_addr->recvb;
1359                 req->req.length = size;
1360                 arm_req->generation = req->req.generation;
1361                 arm_req->extended_transaction_code = ext_tcode;
1362                 arm_req->destination_offset = addr;
1363                 arm_req->source_nodeid = nodeid;
1364                 arm_req->destination_nodeid = host->node_id;
1365                 arm_req->tlabel = (flags >> 10) & 0x3f;
1366                 arm_req->tcode = (flags >> 4) & 0x0f;
1367                 arm_resp->response_code = rcode;
1368                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1369                                                 sizeof(struct
1370                                                        arm_request_response));
1371                 arm_req_resp->response =
1372                     int2ptr((arm_addr->recvb) +
1373                             sizeof(struct arm_request_response) +
1374                             sizeof(struct arm_request));
1375                 arm_req->buffer =
1376                     int2ptr((arm_addr->recvb) +
1377                             sizeof(struct arm_request_response) +
1378                             sizeof(struct arm_request) +
1379                             sizeof(struct arm_response));
1380                 arm_resp->buffer =
1381                     int2ptr((arm_addr->recvb) +
1382                             sizeof(struct arm_request_response) +
1383                             sizeof(struct arm_request) +
1384                             sizeof(struct arm_response) + 2 * sizeof(*store));
1385                 queue_complete_req(req);
1386         }
1387         spin_unlock_irqrestore(&host_info_lock, irqflags);
1388         return (rcode);
1389 }
1390
1391 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1392                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1393                       u16 flags)
1394 {
1395         unsigned long irqflags;
1396         struct pending_request *req;
1397         struct host_info *hi;
1398         struct file_info *fi = NULL;
1399         struct list_head *entry;
1400         struct arm_addr *arm_addr = NULL;
1401         struct arm_request *arm_req = NULL;
1402         struct arm_response *arm_resp = NULL;
1403         int found = 0, size = 0, rcode = -1;
1404         octlet_t old, new;
1405         struct arm_request_response *arm_req_resp = NULL;
1406
1407         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1408             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1409                 DBGMSG("arm_lock64 called by node: %X "
1410                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1411                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1412                        (u32) (addr & 0xFFFFFFFF),
1413                        ext_tcode & 0xFF,
1414                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1415                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1416         } else {
1417                 DBGMSG("arm_lock64 called by node: %X "
1418                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1419                        "%8.8X %8.8X ",
1420                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1421                        (u32) (addr & 0xFFFFFFFF),
1422                        ext_tcode & 0xFF,
1423                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1424                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1425                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1426                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1427         }
1428         spin_lock_irqsave(&host_info_lock, irqflags);
1429         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1430         if (hi != NULL) {
1431                 list_for_each_entry(fi, &hi->file_info_list, list) {
1432                         entry = fi->addr_list.next;
1433                         while (entry != &(fi->addr_list)) {
1434                                 arm_addr =
1435                                     list_entry(entry, struct arm_addr,
1436                                                addr_list);
1437                                 if (((arm_addr->start) <= (addr))
1438                                     && ((arm_addr->end) >=
1439                                         (addr + sizeof(*store)))) {
1440                                         found = 1;
1441                                         break;
1442                                 }
1443                                 entry = entry->next;
1444                         }
1445                         if (found) {
1446                                 break;
1447                         }
1448                 }
1449         }
1450         rcode = -1;
1451         if (!found) {
1452                 printk(KERN_ERR
1453                        "raw1394: arm_lock64 FAILED addr_entry not found"
1454                        " -> rcode_address_error\n");
1455                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1456                 return (RCODE_ADDRESS_ERROR);
1457         } else {
1458                 DBGMSG("arm_lock64 addr_entry FOUND");
1459         }
1460         if (rcode == -1) {
1461                 if (arm_addr->access_rights & ARM_LOCK) {
1462                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1463                                 memcpy(&old,
1464                                        (arm_addr->addr_space_buffer) + (addr -
1465                                                                         (arm_addr->
1466                                                                          start)),
1467                                        sizeof(old));
1468                                 switch (ext_tcode) {
1469                                 case (EXTCODE_MASK_SWAP):
1470                                         new = data | (old & ~arg);
1471                                         break;
1472                                 case (EXTCODE_COMPARE_SWAP):
1473                                         if (old == arg) {
1474                                                 new = data;
1475                                         } else {
1476                                                 new = old;
1477                                         }
1478                                         break;
1479                                 case (EXTCODE_FETCH_ADD):
1480                                         new =
1481                                             cpu_to_be64(be64_to_cpu(data) +
1482                                                         be64_to_cpu(old));
1483                                         break;
1484                                 case (EXTCODE_LITTLE_ADD):
1485                                         new =
1486                                             cpu_to_le64(le64_to_cpu(data) +
1487                                                         le64_to_cpu(old));
1488                                         break;
1489                                 case (EXTCODE_BOUNDED_ADD):
1490                                         if (old != arg) {
1491                                                 new =
1492                                                     cpu_to_be64(be64_to_cpu
1493                                                                 (data) +
1494                                                                 be64_to_cpu
1495                                                                 (old));
1496                                         } else {
1497                                                 new = old;
1498                                         }
1499                                         break;
1500                                 case (EXTCODE_WRAP_ADD):
1501                                         if (old != arg) {
1502                                                 new =
1503                                                     cpu_to_be64(be64_to_cpu
1504                                                                 (data) +
1505                                                                 be64_to_cpu
1506                                                                 (old));
1507                                         } else {
1508                                                 new = data;
1509                                         }
1510                                         break;
1511                                 default:
1512                                         printk(KERN_ERR
1513                                                "raw1394: arm_lock64 FAILED "
1514                                                "ext_tcode not allowed -> rcode_type_error\n");
1515                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1516                                         break;
1517                                 }       /*switch */
1518                                 if (rcode == -1) {
1519                                         DBGMSG
1520                                             ("arm_lock64 -> (rcode_complete)");
1521                                         rcode = RCODE_COMPLETE;
1522                                         memcpy(store, &old, sizeof(*store));
1523                                         memcpy((arm_addr->addr_space_buffer) +
1524                                                (addr - (arm_addr->start)),
1525                                                &new, sizeof(*store));
1526                                 }
1527                         }
1528                 } else {
1529                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1530                         DBGMSG
1531                             ("arm_lock64 -> rcode_type_error (access denied)");
1532                 }
1533         }
1534         if (arm_addr->notification_options & ARM_LOCK) {
1535                 byte_t *buf1, *buf2;
1536                 DBGMSG("arm_lock64 -> entering notification-section");
1537                 req = __alloc_pending_request(SLAB_ATOMIC);
1538                 if (!req) {
1539                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1540                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1541                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1542                                                            The request may be retried */
1543                 }
1544                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1545                 req->data = kmalloc(size, SLAB_ATOMIC);
1546                 if (!(req->data)) {
1547                         free_pending_request(req);
1548                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1549                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1550                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1551                                                            The request may be retried */
1552                 }
1553                 req->free_data = 1;
1554                 arm_req_resp = (struct arm_request_response *)(req->data);
1555                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1556                                                  (sizeof
1557                                                   (struct
1558                                                    arm_request_response)));
1559                 arm_resp =
1560                     (struct arm_response *)((byte_t *) (arm_req) +
1561                                             (sizeof(struct arm_request)));
1562                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1563                 buf2 = buf1 + 2 * sizeof(*store);
1564                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1565                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1566                         arm_req->buffer_length = sizeof(*store);
1567                         memcpy(buf1, &data, sizeof(*store));
1568
1569                 } else {
1570                         arm_req->buffer_length = 2 * sizeof(*store);
1571                         memcpy(buf1, &arg, sizeof(*store));
1572                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1573                 }
1574                 if (rcode == RCODE_COMPLETE) {
1575                         arm_resp->buffer_length = sizeof(*store);
1576                         memcpy(buf2, &old, sizeof(*store));
1577                 } else {
1578                         arm_resp->buffer_length = 0;
1579                 }
1580                 req->file_info = fi;
1581                 req->req.type = RAW1394_REQ_ARM;
1582                 req->req.generation = get_hpsb_generation(host);
1583                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1584                                  (ARM_LOCK & 0xFF));
1585                 req->req.tag = arm_addr->arm_tag;
1586                 req->req.recvb = arm_addr->recvb;
1587                 req->req.length = size;
1588                 arm_req->generation = req->req.generation;
1589                 arm_req->extended_transaction_code = ext_tcode;
1590                 arm_req->destination_offset = addr;
1591                 arm_req->source_nodeid = nodeid;
1592                 arm_req->destination_nodeid = host->node_id;
1593                 arm_req->tlabel = (flags >> 10) & 0x3f;
1594                 arm_req->tcode = (flags >> 4) & 0x0f;
1595                 arm_resp->response_code = rcode;
1596                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1597                                                 sizeof(struct
1598                                                        arm_request_response));
1599                 arm_req_resp->response =
1600                     int2ptr((arm_addr->recvb) +
1601                             sizeof(struct arm_request_response) +
1602                             sizeof(struct arm_request));
1603                 arm_req->buffer =
1604                     int2ptr((arm_addr->recvb) +
1605                             sizeof(struct arm_request_response) +
1606                             sizeof(struct arm_request) +
1607                             sizeof(struct arm_response));
1608                 arm_resp->buffer =
1609                     int2ptr((arm_addr->recvb) +
1610                             sizeof(struct arm_request_response) +
1611                             sizeof(struct arm_request) +
1612                             sizeof(struct arm_response) + 2 * sizeof(*store));
1613                 queue_complete_req(req);
1614         }
1615         spin_unlock_irqrestore(&host_info_lock, irqflags);
1616         return (rcode);
1617 }
1618
1619 static int arm_register(struct file_info *fi, struct pending_request *req)
1620 {
1621         int retval;
1622         struct arm_addr *addr;
1623         struct host_info *hi;
1624         struct file_info *fi_hlp = NULL;
1625         struct list_head *entry;
1626         struct arm_addr *arm_addr = NULL;
1627         int same_host, another_host;
1628         unsigned long flags;
1629
1630         DBGMSG("arm_register called "
1631                "addr(Offset): %8.8x %8.8x length: %u "
1632                "rights: %2.2X notify: %2.2X "
1633                "max_blk_len: %4.4X",
1634                (u32) ((req->req.address >> 32) & 0xFFFF),
1635                (u32) (req->req.address & 0xFFFFFFFF),
1636                req->req.length, ((req->req.misc >> 8) & 0xFF),
1637                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1638         /* check addressrange */
1639         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1640             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1641              0)) {
1642                 req->req.length = 0;
1643                 return (-EINVAL);
1644         }
1645         /* addr-list-entry for fileinfo */
1646         addr = kmalloc(sizeof(*addr), SLAB_KERNEL);
1647         if (!addr) {
1648                 req->req.length = 0;
1649                 return (-ENOMEM);
1650         }
1651         /* allocation of addr_space_buffer */
1652         addr->addr_space_buffer = vmalloc(req->req.length);
1653         if (!(addr->addr_space_buffer)) {
1654                 kfree(addr);
1655                 req->req.length = 0;
1656                 return (-ENOMEM);
1657         }
1658         /* initialization of addr_space_buffer */
1659         if ((req->req.sendb) == (unsigned long)NULL) {
1660                 /* init: set 0 */
1661                 memset(addr->addr_space_buffer, 0, req->req.length);
1662         } else {
1663                 /* init: user -> kernel */
1664                 if (copy_from_user
1665                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1666                      req->req.length)) {
1667                         vfree(addr->addr_space_buffer);
1668                         kfree(addr);
1669                         return (-EFAULT);
1670                 }
1671         }
1672         INIT_LIST_HEAD(&addr->addr_list);
1673         addr->arm_tag = req->req.tag;
1674         addr->start = req->req.address;
1675         addr->end = req->req.address + req->req.length;
1676         addr->access_rights = (u8) (req->req.misc & 0x0F);
1677         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1678         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1679         addr->access_rights |= addr->client_transactions;
1680         addr->notification_options |= addr->client_transactions;
1681         addr->recvb = req->req.recvb;
1682         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1683         spin_lock_irqsave(&host_info_lock, flags);
1684         hi = find_host_info(fi->host);
1685         same_host = 0;
1686         another_host = 0;
1687         /* same host with address-entry containing same addressrange ? */
1688         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1689                 entry = fi_hlp->addr_list.next;
1690                 while (entry != &(fi_hlp->addr_list)) {
1691                         arm_addr =
1692                             list_entry(entry, struct arm_addr, addr_list);
1693                         if ((arm_addr->start == addr->start)
1694                             && (arm_addr->end == addr->end)) {
1695                                 DBGMSG("same host ownes same "
1696                                        "addressrange -> EALREADY");
1697                                 same_host = 1;
1698                                 break;
1699                         }
1700                         entry = entry->next;
1701                 }
1702                 if (same_host) {
1703                         break;
1704                 }
1705         }
1706         if (same_host) {
1707                 /* addressrange occupied by same host */
1708                 vfree(addr->addr_space_buffer);
1709                 kfree(addr);
1710                 spin_unlock_irqrestore(&host_info_lock, flags);
1711                 return (-EALREADY);
1712         }
1713         /* another host with valid address-entry containing same addressrange */
1714         list_for_each_entry(hi, &host_info_list, list) {
1715                 if (hi->host != fi->host) {
1716                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1717                                 entry = fi_hlp->addr_list.next;
1718                                 while (entry != &(fi_hlp->addr_list)) {
1719                                         arm_addr =
1720                                             list_entry(entry, struct arm_addr,
1721                                                        addr_list);
1722                                         if ((arm_addr->start == addr->start)
1723                                             && (arm_addr->end == addr->end)) {
1724                                                 DBGMSG
1725                                                     ("another host ownes same "
1726                                                      "addressrange");
1727                                                 another_host = 1;
1728                                                 break;
1729                                         }
1730                                         entry = entry->next;
1731                                 }
1732                                 if (another_host) {
1733                                         break;
1734                                 }
1735                         }
1736                 }
1737         }
1738         if (another_host) {
1739                 DBGMSG("another hosts entry is valid -> SUCCESS");
1740                 if (copy_to_user(int2ptr(req->req.recvb),
1741                                  &addr->start, sizeof(u64))) {
1742                         printk(KERN_ERR "raw1394: arm_register failed "
1743                                " address-range-entry is invalid -> EFAULT !!!\n");
1744                         vfree(addr->addr_space_buffer);
1745                         kfree(addr);
1746                         spin_unlock_irqrestore(&host_info_lock, flags);
1747                         return (-EFAULT);
1748                 }
1749                 free_pending_request(req);      /* immediate success or fail */
1750                 /* INSERT ENTRY */
1751                 list_add_tail(&addr->addr_list, &fi->addr_list);
1752                 spin_unlock_irqrestore(&host_info_lock, flags);
1753                 return sizeof(struct raw1394_request);
1754         }
1755         retval =
1756             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1757                                     req->req.address,
1758                                     req->req.address + req->req.length);
1759         if (retval) {
1760                 /* INSERT ENTRY */
1761                 list_add_tail(&addr->addr_list, &fi->addr_list);
1762         } else {
1763                 DBGMSG("arm_register failed errno: %d \n", retval);
1764                 vfree(addr->addr_space_buffer);
1765                 kfree(addr);
1766                 spin_unlock_irqrestore(&host_info_lock, flags);
1767                 return (-EALREADY);
1768         }
1769         spin_unlock_irqrestore(&host_info_lock, flags);
1770         free_pending_request(req);      /* immediate success or fail */
1771         return sizeof(struct raw1394_request);
1772 }
1773
1774 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1775 {
1776         int found = 0;
1777         int retval = 0;
1778         struct list_head *entry;
1779         struct arm_addr *addr = NULL;
1780         struct host_info *hi;
1781         struct file_info *fi_hlp = NULL;
1782         struct arm_addr *arm_addr = NULL;
1783         int another_host;
1784         unsigned long flags;
1785
1786         DBGMSG("arm_Unregister called addr(Offset): "
1787                "%8.8x %8.8x",
1788                (u32) ((req->req.address >> 32) & 0xFFFF),
1789                (u32) (req->req.address & 0xFFFFFFFF));
1790         spin_lock_irqsave(&host_info_lock, flags);
1791         /* get addr */
1792         entry = fi->addr_list.next;
1793         while (entry != &(fi->addr_list)) {
1794                 addr = list_entry(entry, struct arm_addr, addr_list);
1795                 if (addr->start == req->req.address) {
1796                         found = 1;
1797                         break;
1798                 }
1799                 entry = entry->next;
1800         }
1801         if (!found) {
1802                 DBGMSG("arm_Unregister addr not found");
1803                 spin_unlock_irqrestore(&host_info_lock, flags);
1804                 return (-EINVAL);
1805         }
1806         DBGMSG("arm_Unregister addr found");
1807         another_host = 0;
1808         /* another host with valid address-entry containing
1809            same addressrange */
1810         list_for_each_entry(hi, &host_info_list, list) {
1811                 if (hi->host != fi->host) {
1812                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1813                                 entry = fi_hlp->addr_list.next;
1814                                 while (entry != &(fi_hlp->addr_list)) {
1815                                         arm_addr = list_entry(entry,
1816                                                               struct arm_addr,
1817                                                               addr_list);
1818                                         if (arm_addr->start == addr->start) {
1819                                                 DBGMSG("another host ownes "
1820                                                        "same addressrange");
1821                                                 another_host = 1;
1822                                                 break;
1823                                         }
1824                                         entry = entry->next;
1825                                 }
1826                                 if (another_host) {
1827                                         break;
1828                                 }
1829                         }
1830                 }
1831         }
1832         if (another_host) {
1833                 DBGMSG("delete entry from list -> success");
1834                 list_del(&addr->addr_list);
1835                 vfree(addr->addr_space_buffer);
1836                 kfree(addr);
1837                 free_pending_request(req);      /* immediate success or fail */
1838                 spin_unlock_irqrestore(&host_info_lock, flags);
1839                 return sizeof(struct raw1394_request);
1840         }
1841         retval =
1842             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1843                                       addr->start);
1844         if (!retval) {
1845                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1846                 spin_unlock_irqrestore(&host_info_lock, flags);
1847                 return (-EINVAL);
1848         }
1849         DBGMSG("delete entry from list -> success");
1850         list_del(&addr->addr_list);
1851         spin_unlock_irqrestore(&host_info_lock, flags);
1852         vfree(addr->addr_space_buffer);
1853         kfree(addr);
1854         free_pending_request(req);      /* immediate success or fail */
1855         return sizeof(struct raw1394_request);
1856 }
1857
1858 /* Copy data from ARM buffer(s) to user buffer. */
1859 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1860 {
1861         struct arm_addr *arm_addr = NULL;
1862         unsigned long flags;
1863         unsigned long offset;
1864
1865         struct list_head *entry;
1866
1867         DBGMSG("arm_get_buf "
1868                "addr(Offset): %04X %08X length: %u",
1869                (u32) ((req->req.address >> 32) & 0xFFFF),
1870                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1871
1872         spin_lock_irqsave(&host_info_lock, flags);
1873         entry = fi->addr_list.next;
1874         while (entry != &(fi->addr_list)) {
1875                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1876                 if ((arm_addr->start <= req->req.address) &&
1877                     (arm_addr->end > req->req.address)) {
1878                         if (req->req.address + req->req.length <= arm_addr->end) {
1879                                 offset = req->req.address - arm_addr->start;
1880
1881                                 DBGMSG
1882                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1883                                      (u32) req->req.recvb,
1884                                      arm_addr->addr_space_buffer + offset,
1885                                      (u32) req->req.length);
1886
1887                                 if (copy_to_user
1888                                     (int2ptr(req->req.recvb),
1889                                      arm_addr->addr_space_buffer + offset,
1890                                      req->req.length)) {
1891                                         spin_unlock_irqrestore(&host_info_lock,
1892                                                                flags);
1893                                         return (-EFAULT);
1894                                 }
1895
1896                                 spin_unlock_irqrestore(&host_info_lock, flags);
1897                                 /* We have to free the request, because we
1898                                  * queue no response, and therefore nobody
1899                                  * will free it. */
1900                                 free_pending_request(req);
1901                                 return sizeof(struct raw1394_request);
1902                         } else {
1903                                 DBGMSG("arm_get_buf request exceeded mapping");
1904                                 spin_unlock_irqrestore(&host_info_lock, flags);
1905                                 return (-EINVAL);
1906                         }
1907                 }
1908                 entry = entry->next;
1909         }
1910         spin_unlock_irqrestore(&host_info_lock, flags);
1911         return (-EINVAL);
1912 }
1913
1914 /* Copy data from user buffer to ARM buffer(s). */
1915 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1916 {
1917         struct arm_addr *arm_addr = NULL;
1918         unsigned long flags;
1919         unsigned long offset;
1920
1921         struct list_head *entry;
1922
1923         DBGMSG("arm_set_buf "
1924                "addr(Offset): %04X %08X length: %u",
1925                (u32) ((req->req.address >> 32) & 0xFFFF),
1926                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1927
1928         spin_lock_irqsave(&host_info_lock, flags);
1929         entry = fi->addr_list.next;
1930         while (entry != &(fi->addr_list)) {
1931                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1932                 if ((arm_addr->start <= req->req.address) &&
1933                     (arm_addr->end > req->req.address)) {
1934                         if (req->req.address + req->req.length <= arm_addr->end) {
1935                                 offset = req->req.address - arm_addr->start;
1936
1937                                 DBGMSG
1938                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
1939                                      arm_addr->addr_space_buffer + offset,
1940                                      (u32) req->req.sendb,
1941                                      (u32) req->req.length);
1942
1943                                 if (copy_from_user
1944                                     (arm_addr->addr_space_buffer + offset,
1945                                      int2ptr(req->req.sendb),
1946                                      req->req.length)) {
1947                                         spin_unlock_irqrestore(&host_info_lock,
1948                                                                flags);
1949                                         return (-EFAULT);
1950                                 }
1951
1952                                 spin_unlock_irqrestore(&host_info_lock, flags);
1953                                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1954                                 return sizeof(struct raw1394_request);
1955                         } else {
1956                                 DBGMSG("arm_set_buf request exceeded mapping");
1957                                 spin_unlock_irqrestore(&host_info_lock, flags);
1958                                 return (-EINVAL);
1959                         }
1960                 }
1961                 entry = entry->next;
1962         }
1963         spin_unlock_irqrestore(&host_info_lock, flags);
1964         return (-EINVAL);
1965 }
1966
1967 static int reset_notification(struct file_info *fi, struct pending_request *req)
1968 {
1969         DBGMSG("reset_notification called - switch %s ",
1970                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1971         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1972             (req->req.misc == RAW1394_NOTIFY_ON)) {
1973                 fi->notification = (u8) req->req.misc;
1974                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1975                 return sizeof(struct raw1394_request);
1976         }
1977         /* error EINVAL (22) invalid argument */
1978         return (-EINVAL);
1979 }
1980
1981 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1982 {
1983         struct hpsb_packet *packet = NULL;
1984         int retval = 0;
1985         quadlet_t data;
1986         unsigned long flags;
1987
1988         data = be32_to_cpu((u32) req->req.sendb);
1989         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1990         packet = hpsb_make_phypacket(fi->host, data);
1991         if (!packet)
1992                 return -ENOMEM;
1993         req->req.length = 0;
1994         req->packet = packet;
1995         hpsb_set_packet_complete_task(packet,
1996                                       (void (*)(void *))queue_complete_cb, req);
1997         spin_lock_irqsave(&fi->reqlists_lock, flags);
1998         list_add_tail(&req->list, &fi->req_pending);
1999         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2000         packet->generation = req->req.generation;
2001         retval = hpsb_send_packet(packet);
2002         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2003         if (retval < 0) {
2004                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2005                 req->req.length = 0;
2006                 queue_complete_req(req);
2007         }
2008         return sizeof(struct raw1394_request);
2009 }
2010
2011 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2012 {
2013         int ret = sizeof(struct raw1394_request);
2014         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2015         int status;
2016
2017         if (!data)
2018                 return -ENOMEM;
2019
2020         status =
2021             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2022                          data, req->req.length);
2023         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2024                 ret = -EFAULT;
2025         if (copy_to_user
2026             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2027              sizeof(fi->host->csr.rom->cache_head->len)))
2028                 ret = -EFAULT;
2029         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2030                          sizeof(fi->host->csr.generation)))
2031                 ret = -EFAULT;
2032         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2033                 ret = -EFAULT;
2034         kfree(data);
2035         if (ret >= 0) {
2036                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2037         }
2038         return ret;
2039 }
2040
2041 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2042 {
2043         int ret = sizeof(struct raw1394_request);
2044         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2045         if (!data)
2046                 return -ENOMEM;
2047         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2048                 ret = -EFAULT;
2049         } else {
2050                 int status = hpsb_update_config_rom(fi->host,
2051                                                     data, req->req.length,
2052                                                     (unsigned char)req->req.
2053                                                     misc);
2054                 if (copy_to_user
2055                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2056                         ret = -ENOMEM;
2057         }
2058         kfree(data);
2059         if (ret >= 0) {
2060                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2061                 fi->cfgrom_upd = 1;
2062         }
2063         return ret;
2064 }
2065
2066 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2067 {
2068         struct csr1212_keyval *kv;
2069         struct csr1212_csr_rom_cache *cache;
2070         struct csr1212_dentry *dentry;
2071         u32 dr;
2072         int ret = 0;
2073
2074         if (req->req.misc == ~0) {
2075                 if (req->req.length == 0)
2076                         return -EINVAL;
2077
2078                 /* Find an unused slot */
2079                 for (dr = 0;
2080                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2081                      dr++) ;
2082
2083                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2084                         return -ENOMEM;
2085
2086                 fi->csr1212_dirs[dr] =
2087                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2088                 if (!fi->csr1212_dirs[dr])
2089                         return -ENOMEM;
2090         } else {
2091                 dr = req->req.misc;
2092                 if (!fi->csr1212_dirs[dr])
2093                         return -EINVAL;
2094
2095                 /* Delete old stuff */
2096                 for (dentry =
2097                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2098                      dentry; dentry = dentry->next) {
2099                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2100                                                              root_kv,
2101                                                              dentry->kv);
2102                 }
2103
2104                 if (req->req.length == 0) {
2105                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2106                         fi->csr1212_dirs[dr] = NULL;
2107
2108                         hpsb_update_config_rom_image(fi->host);
2109                         free_pending_request(req);
2110                         return sizeof(struct raw1394_request);
2111                 }
2112         }
2113
2114         cache = csr1212_rom_cache_malloc(0, req->req.length);
2115         if (!cache) {
2116                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2117                 fi->csr1212_dirs[dr] = NULL;
2118                 return -ENOMEM;
2119         }
2120
2121         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2122         if (!cache->filled_head) {
2123                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2124                 fi->csr1212_dirs[dr] = NULL;
2125                 CSR1212_FREE(cache);
2126                 return -ENOMEM;
2127         }
2128         cache->filled_tail = cache->filled_head;
2129
2130         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2131                            req->req.length)) {
2132                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2133                 fi->csr1212_dirs[dr] = NULL;
2134                 ret = -EFAULT;
2135         } else {
2136                 cache->len = req->req.length;
2137                 cache->filled_head->offset_start = 0;
2138                 cache->filled_head->offset_end = cache->size - 1;
2139
2140                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2141
2142                 ret = CSR1212_SUCCESS;
2143                 /* parse all the items */
2144                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2145                      kv = kv->next) {
2146                         ret = csr1212_parse_keyval(kv, cache);
2147                 }
2148
2149                 /* attach top level items to the root directory */
2150                 for (dentry =
2151                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2152                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2153                         ret =
2154                             csr1212_attach_keyval_to_directory(fi->host->csr.
2155                                                                rom->root_kv,
2156                                                                dentry->kv);
2157                 }
2158
2159                 if (ret == CSR1212_SUCCESS) {
2160                         ret = hpsb_update_config_rom_image(fi->host);
2161
2162                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2163                                                      &dr, sizeof(dr))) {
2164                                 ret = -ENOMEM;
2165                         }
2166                 }
2167         }
2168         kfree(cache->filled_head);
2169         CSR1212_FREE(cache);
2170
2171         if (ret >= 0) {
2172                 /* we have to free the request, because we queue no response,
2173                  * and therefore nobody will free it */
2174                 free_pending_request(req);
2175                 return sizeof(struct raw1394_request);
2176         } else {
2177                 for (dentry =
2178                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2179                      dentry; dentry = dentry->next) {
2180                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2181                                                              root_kv,
2182                                                              dentry->kv);
2183                 }
2184                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2185                 fi->csr1212_dirs[dr] = NULL;
2186                 return ret;
2187         }
2188 }
2189
2190 static int state_connected(struct file_info *fi, struct pending_request *req)
2191 {
2192         int node = req->req.address >> 48;
2193
2194         req->req.error = RAW1394_ERROR_NONE;
2195
2196         switch (req->req.type) {
2197
2198         case RAW1394_REQ_ECHO:
2199                 queue_complete_req(req);
2200                 return sizeof(struct raw1394_request);
2201
2202         case RAW1394_REQ_ISO_SEND:
2203                 return handle_iso_send(fi, req, node);
2204
2205         case RAW1394_REQ_ARM_REGISTER:
2206                 return arm_register(fi, req);
2207
2208         case RAW1394_REQ_ARM_UNREGISTER:
2209                 return arm_unregister(fi, req);
2210
2211         case RAW1394_REQ_ARM_SET_BUF:
2212                 return arm_set_buf(fi, req);
2213
2214         case RAW1394_REQ_ARM_GET_BUF:
2215                 return arm_get_buf(fi, req);
2216
2217         case RAW1394_REQ_RESET_NOTIFY:
2218                 return reset_notification(fi, req);
2219
2220         case RAW1394_REQ_ISO_LISTEN:
2221                 handle_iso_listen(fi, req);
2222                 return sizeof(struct raw1394_request);
2223
2224         case RAW1394_REQ_FCP_LISTEN:
2225                 handle_fcp_listen(fi, req);
2226                 return sizeof(struct raw1394_request);
2227
2228         case RAW1394_REQ_RESET_BUS:
2229                 if (req->req.misc == RAW1394_LONG_RESET) {
2230                         DBGMSG("busreset called (type: LONG)");
2231                         hpsb_reset_bus(fi->host, LONG_RESET);
2232                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2233                         return sizeof(struct raw1394_request);
2234                 }
2235                 if (req->req.misc == RAW1394_SHORT_RESET) {
2236                         DBGMSG("busreset called (type: SHORT)");
2237                         hpsb_reset_bus(fi->host, SHORT_RESET);
2238                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2239                         return sizeof(struct raw1394_request);
2240                 }
2241                 /* error EINVAL (22) invalid argument */
2242                 return (-EINVAL);
2243         case RAW1394_REQ_GET_ROM:
2244                 return get_config_rom(fi, req);
2245
2246         case RAW1394_REQ_UPDATE_ROM:
2247                 return update_config_rom(fi, req);
2248
2249         case RAW1394_REQ_MODIFY_ROM:
2250                 return modify_config_rom(fi, req);
2251         }
2252
2253         if (req->req.generation != get_hpsb_generation(fi->host)) {
2254                 req->req.error = RAW1394_ERROR_GENERATION;
2255                 req->req.generation = get_hpsb_generation(fi->host);
2256                 req->req.length = 0;
2257                 queue_complete_req(req);
2258                 return sizeof(struct raw1394_request);
2259         }
2260
2261         switch (req->req.type) {
2262         case RAW1394_REQ_PHYPACKET:
2263                 return write_phypacket(fi, req);
2264         case RAW1394_REQ_ASYNC_SEND:
2265                 return handle_async_send(fi, req);
2266         }
2267
2268         if (req->req.length == 0) {
2269                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2270                 queue_complete_req(req);
2271                 return sizeof(struct raw1394_request);
2272         }
2273
2274         return handle_async_request(fi, req, node);
2275 }
2276
2277 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2278                              size_t count, loff_t * offset_is_ignored)
2279 {
2280         struct file_info *fi = (struct file_info *)file->private_data;
2281         struct pending_request *req;
2282         ssize_t retval = 0;
2283
2284         if (count != sizeof(struct raw1394_request)) {
2285                 return -EINVAL;
2286         }
2287
2288         req = alloc_pending_request();
2289         if (req == NULL) {
2290                 return -ENOMEM;
2291         }
2292         req->file_info = fi;
2293
2294         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2295                 free_pending_request(req);
2296                 return -EFAULT;
2297         }
2298
2299         switch (fi->state) {
2300         case opened:
2301                 retval = state_opened(fi, req);
2302                 break;
2303
2304         case initialized:
2305                 retval = state_initialized(fi, req);
2306                 break;
2307
2308         case connected:
2309                 retval = state_connected(fi, req);
2310                 break;
2311         }
2312
2313         if (retval < 0) {
2314                 free_pending_request(req);
2315         }
2316
2317         return retval;
2318 }
2319
2320 /* rawiso operations */
2321
2322 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2323  * completion queue (reqlists_lock must be taken) */
2324 static inline int __rawiso_event_in_queue(struct file_info *fi)
2325 {
2326         struct pending_request *req;
2327
2328         list_for_each_entry(req, &fi->req_complete, list)
2329             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2330                 return 1;
2331
2332         return 0;
2333 }
2334
2335 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2336 static void queue_rawiso_event(struct file_info *fi)
2337 {
2338         unsigned long flags;
2339
2340         spin_lock_irqsave(&fi->reqlists_lock, flags);
2341
2342         /* only one ISO activity event may be in the queue */
2343         if (!__rawiso_event_in_queue(fi)) {
2344                 struct pending_request *req =
2345                     __alloc_pending_request(SLAB_ATOMIC);
2346
2347                 if (req) {
2348                         req->file_info = fi;
2349                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2350                         req->req.generation = get_hpsb_generation(fi->host);
2351                         __queue_complete_req(req);
2352                 } else {
2353                         /* on allocation failure, signal an overflow */
2354                         if (fi->iso_handle) {
2355                                 atomic_inc(&fi->iso_handle->overflows);
2356                         }
2357                 }
2358         }
2359         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2360 }
2361
2362 static void rawiso_activity_cb(struct hpsb_iso *iso)
2363 {
2364         unsigned long flags;
2365         struct host_info *hi;
2366         struct file_info *fi;
2367
2368         spin_lock_irqsave(&host_info_lock, flags);
2369         hi = find_host_info(iso->host);
2370
2371         if (hi != NULL) {
2372                 list_for_each_entry(fi, &hi->file_info_list, list) {
2373                         if (fi->iso_handle == iso)
2374                                 queue_rawiso_event(fi);
2375                 }
2376         }
2377
2378         spin_unlock_irqrestore(&host_info_lock, flags);
2379 }
2380
2381 /* helper function - gather all the kernel iso status bits for returning to user-space */
2382 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2383                                     struct raw1394_iso_status *stat)
2384 {
2385         stat->config.data_buf_size = iso->buf_size;
2386         stat->config.buf_packets = iso->buf_packets;
2387         stat->config.channel = iso->channel;
2388         stat->config.speed = iso->speed;
2389         stat->config.irq_interval = iso->irq_interval;
2390         stat->n_packets = hpsb_iso_n_ready(iso);
2391         stat->overflows = atomic_read(&iso->overflows);
2392         stat->xmit_cycle = iso->xmit_cycle;
2393 }
2394
2395 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2396 {
2397         struct raw1394_iso_status stat;
2398
2399         if (!fi->host)
2400                 return -EINVAL;
2401
2402         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2403                 return -EFAULT;
2404
2405         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2406                                             stat.config.data_buf_size,
2407                                             stat.config.buf_packets,
2408                                             stat.config.channel,
2409                                             stat.config.speed,
2410                                             stat.config.irq_interval,
2411                                             rawiso_activity_cb);
2412         if (!fi->iso_handle)
2413                 return -ENOMEM;
2414
2415         fi->iso_state = RAW1394_ISO_XMIT;
2416
2417         raw1394_iso_fill_status(fi->iso_handle, &stat);
2418         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2419                 return -EFAULT;
2420
2421         /* queue an event to get things started */
2422         rawiso_activity_cb(fi->iso_handle);
2423
2424         return 0;
2425 }
2426
2427 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2428 {
2429         struct raw1394_iso_status stat;
2430
2431         if (!fi->host)
2432                 return -EINVAL;
2433
2434         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2435                 return -EFAULT;
2436
2437         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2438                                             stat.config.data_buf_size,
2439                                             stat.config.buf_packets,
2440                                             stat.config.channel,
2441                                             stat.config.dma_mode,
2442                                             stat.config.irq_interval,
2443                                             rawiso_activity_cb);
2444         if (!fi->iso_handle)
2445                 return -ENOMEM;
2446
2447         fi->iso_state = RAW1394_ISO_RECV;
2448
2449         raw1394_iso_fill_status(fi->iso_handle, &stat);
2450         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2451                 return -EFAULT;
2452         return 0;
2453 }
2454
2455 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2456 {
2457         struct raw1394_iso_status stat;
2458         struct hpsb_iso *iso = fi->iso_handle;
2459
2460         raw1394_iso_fill_status(fi->iso_handle, &stat);
2461         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2462                 return -EFAULT;
2463
2464         /* reset overflow counter */
2465         atomic_set(&iso->overflows, 0);
2466
2467         return 0;
2468 }
2469
2470 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2471 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2472 {
2473         struct raw1394_iso_packets upackets;
2474         unsigned int packet = fi->iso_handle->first_packet;
2475         int i;
2476
2477         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2478                 return -EFAULT;
2479
2480         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2481                 return -EINVAL;
2482
2483         /* ensure user-supplied buffer is accessible and big enough */
2484         if (!access_ok(VERIFY_WRITE, upackets.infos,
2485                        upackets.n_packets *
2486                        sizeof(struct raw1394_iso_packet_info)))
2487                 return -EFAULT;
2488
2489         /* copy the packet_infos out */
2490         for (i = 0; i < upackets.n_packets; i++) {
2491                 if (__copy_to_user(&upackets.infos[i],
2492                                    &fi->iso_handle->infos[packet],
2493                                    sizeof(struct raw1394_iso_packet_info)))
2494                         return -EFAULT;
2495
2496                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2497         }
2498
2499         return 0;
2500 }
2501
2502 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2503 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2504 {
2505         struct raw1394_iso_packets upackets;
2506         int i, rv;
2507
2508         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2509                 return -EFAULT;
2510
2511         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2512                 return -EINVAL;
2513
2514         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2515                 return -EAGAIN;
2516
2517         /* ensure user-supplied buffer is accessible and big enough */
2518         if (!access_ok(VERIFY_READ, upackets.infos,
2519                        upackets.n_packets *
2520                        sizeof(struct raw1394_iso_packet_info)))
2521                 return -EFAULT;
2522
2523         /* copy the infos structs in and queue the packets */
2524         for (i = 0; i < upackets.n_packets; i++) {
2525                 struct raw1394_iso_packet_info info;
2526
2527                 if (__copy_from_user(&info, &upackets.infos[i],
2528                                      sizeof(struct raw1394_iso_packet_info)))
2529                         return -EFAULT;
2530
2531                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2532                                                 info.len, info.tag, info.sy);
2533                 if (rv)
2534                         return rv;
2535         }
2536
2537         return 0;
2538 }
2539
2540 static void raw1394_iso_shutdown(struct file_info *fi)
2541 {
2542         if (fi->iso_handle)
2543                 hpsb_iso_shutdown(fi->iso_handle);
2544
2545         fi->iso_handle = NULL;
2546         fi->iso_state = RAW1394_ISO_INACTIVE;
2547 }
2548
2549 /* mmap the rawiso xmit/recv buffer */
2550 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2551 {
2552         struct file_info *fi = file->private_data;
2553
2554         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2555                 return -EINVAL;
2556
2557         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2558 }
2559
2560 /* ioctl is only used for rawiso operations */
2561 static int raw1394_ioctl(struct inode *inode, struct file *file,
2562                          unsigned int cmd, unsigned long arg)
2563 {
2564         struct file_info *fi = file->private_data;
2565         void __user *argp = (void __user *)arg;
2566
2567         switch (fi->iso_state) {
2568         case RAW1394_ISO_INACTIVE:
2569                 switch (cmd) {
2570                 case RAW1394_IOC_ISO_XMIT_INIT:
2571                         return raw1394_iso_xmit_init(fi, argp);
2572                 case RAW1394_IOC_ISO_RECV_INIT:
2573                         return raw1394_iso_recv_init(fi, argp);
2574                 default:
2575                         break;
2576                 }
2577                 break;
2578         case RAW1394_ISO_RECV:
2579                 switch (cmd) {
2580                 case RAW1394_IOC_ISO_RECV_START:{
2581                                 /* copy args from user-space */
2582                                 int args[3];
2583                                 if (copy_from_user
2584                                     (&args[0], argp, sizeof(args)))
2585                                         return -EFAULT;
2586                                 return hpsb_iso_recv_start(fi->iso_handle,
2587                                                            args[0], args[1],
2588                                                            args[2]);
2589                         }
2590                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2591                         hpsb_iso_stop(fi->iso_handle);
2592                         return 0;
2593                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2594                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2595                                                             arg);
2596                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2597                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2598                                                               arg);
2599                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2600                                 /* copy the u64 from user-space */
2601                                 u64 mask;
2602                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2603                                         return -EFAULT;
2604                                 return hpsb_iso_recv_set_channel_mask(fi->
2605                                                                       iso_handle,
2606                                                                       mask);
2607                         }
2608                 case RAW1394_IOC_ISO_GET_STATUS:
2609                         return raw1394_iso_get_status(fi, argp);
2610                 case RAW1394_IOC_ISO_RECV_PACKETS:
2611                         return raw1394_iso_recv_packets(fi, argp);
2612                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2613                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2614                                                              arg);
2615                 case RAW1394_IOC_ISO_RECV_FLUSH:
2616                         return hpsb_iso_recv_flush(fi->iso_handle);
2617                 case RAW1394_IOC_ISO_SHUTDOWN:
2618                         raw1394_iso_shutdown(fi);
2619                         return 0;
2620                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2621                         queue_rawiso_event(fi);
2622                         return 0;
2623                 }
2624                 break;
2625         case RAW1394_ISO_XMIT:
2626                 switch (cmd) {
2627                 case RAW1394_IOC_ISO_XMIT_START:{
2628                                 /* copy two ints from user-space */
2629                                 int args[2];
2630                                 if (copy_from_user
2631                                     (&args[0], argp, sizeof(args)))
2632                                         return -EFAULT;
2633                                 return hpsb_iso_xmit_start(fi->iso_handle,
2634                                                            args[0], args[1]);
2635                         }
2636                 case RAW1394_IOC_ISO_XMIT_SYNC:
2637                         return hpsb_iso_xmit_sync(fi->iso_handle);
2638                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2639                         hpsb_iso_stop(fi->iso_handle);
2640                         return 0;
2641                 case RAW1394_IOC_ISO_GET_STATUS:
2642                         return raw1394_iso_get_status(fi, argp);
2643                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2644                         return raw1394_iso_send_packets(fi, argp);
2645                 case RAW1394_IOC_ISO_SHUTDOWN:
2646                         raw1394_iso_shutdown(fi);
2647                         return 0;
2648                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2649                         queue_rawiso_event(fi);
2650                         return 0;
2651                 }
2652                 break;
2653         default:
2654                 break;
2655         }
2656
2657         return -EINVAL;
2658 }
2659
2660 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2661 {
2662         struct file_info *fi = file->private_data;
2663         unsigned int mask = POLLOUT | POLLWRNORM;
2664         unsigned long flags;
2665
2666         poll_wait(file, &fi->poll_wait_complete, pt);
2667
2668         spin_lock_irqsave(&fi->reqlists_lock, flags);
2669         if (!list_empty(&fi->req_complete)) {
2670                 mask |= POLLIN | POLLRDNORM;
2671         }
2672         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2673
2674         return mask;
2675 }
2676
2677 static int raw1394_open(struct inode *inode, struct file *file)
2678 {
2679         struct file_info *fi;
2680
2681         fi = kzalloc(sizeof(*fi), SLAB_KERNEL);
2682         if (!fi)
2683                 return -ENOMEM;
2684
2685         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2686
2687         INIT_LIST_HEAD(&fi->list);
2688         fi->state = opened;
2689         INIT_LIST_HEAD(&fi->req_pending);
2690         INIT_LIST_HEAD(&fi->req_complete);
2691         sema_init(&fi->complete_sem, 0);
2692         spin_lock_init(&fi->reqlists_lock);
2693         init_waitqueue_head(&fi->poll_wait_complete);
2694         INIT_LIST_HEAD(&fi->addr_list);
2695
2696         file->private_data = fi;
2697
2698         return 0;
2699 }
2700
2701 static int raw1394_release(struct inode *inode, struct file *file)
2702 {
2703         struct file_info *fi = file->private_data;
2704         struct list_head *lh;
2705         struct pending_request *req;
2706         int done = 0, i, fail = 0;
2707         int retval = 0;
2708         struct list_head *entry;
2709         struct arm_addr *addr = NULL;
2710         struct host_info *hi;
2711         struct file_info *fi_hlp = NULL;
2712         struct arm_addr *arm_addr = NULL;
2713         int another_host;
2714         int csr_mod = 0;
2715         unsigned long flags;
2716
2717         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2718                 raw1394_iso_shutdown(fi);
2719
2720         for (i = 0; i < 64; i++) {
2721                 if (fi->listen_channels & (1ULL << i)) {
2722                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2723                 }
2724         }
2725
2726         spin_lock_irqsave(&host_info_lock, flags);
2727         fi->listen_channels = 0;
2728
2729         fail = 0;
2730         /* set address-entries invalid */
2731
2732         while (!list_empty(&fi->addr_list)) {
2733                 another_host = 0;
2734                 lh = fi->addr_list.next;
2735                 addr = list_entry(lh, struct arm_addr, addr_list);
2736                 /* another host with valid address-entry containing
2737                    same addressrange? */
2738                 list_for_each_entry(hi, &host_info_list, list) {
2739                         if (hi->host != fi->host) {
2740                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2741                                                     list) {
2742                                         entry = fi_hlp->addr_list.next;
2743                                         while (entry != &(fi_hlp->addr_list)) {
2744                                                 arm_addr = list_entry(entry, struct
2745                                                                       arm_addr,
2746                                                                       addr_list);
2747                                                 if (arm_addr->start ==
2748                                                     addr->start) {
2749                                                         DBGMSG
2750                                                             ("raw1394_release: "
2751                                                              "another host ownes "
2752                                                              "same addressrange");
2753                                                         another_host = 1;
2754                                                         break;
2755                                                 }
2756                                                 entry = entry->next;
2757                                         }
2758                                         if (another_host) {
2759                                                 break;
2760                                         }
2761                                 }
2762                         }
2763                 }
2764                 if (!another_host) {
2765                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2766                         retval =
2767                             hpsb_unregister_addrspace(&raw1394_highlevel,
2768                                                       fi->host, addr->start);
2769                         if (!retval) {
2770                                 ++fail;
2771                                 printk(KERN_ERR
2772                                        "raw1394_release arm_Unregister failed\n");
2773                         }
2774                 }
2775                 DBGMSG("raw1394_release: delete addr_entry from list");
2776                 list_del(&addr->addr_list);
2777                 vfree(addr->addr_space_buffer);
2778                 kfree(addr);
2779         }                       /* while */
2780         spin_unlock_irqrestore(&host_info_lock, flags);
2781         if (fail > 0) {
2782                 printk(KERN_ERR "raw1394: during addr_list-release "
2783                        "error(s) occurred \n");
2784         }
2785
2786         while (!done) {
2787                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2788
2789                 while (!list_empty(&fi->req_complete)) {
2790                         lh = fi->req_complete.next;
2791                         list_del(lh);
2792
2793                         req = list_entry(lh, struct pending_request, list);
2794
2795                         free_pending_request(req);
2796                 }
2797
2798                 if (list_empty(&fi->req_pending))
2799                         done = 1;
2800
2801                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2802
2803                 if (!done)
2804                         down_interruptible(&fi->complete_sem);
2805         }
2806
2807         /* Remove any sub-trees left by user space programs */
2808         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2809                 struct csr1212_dentry *dentry;
2810                 if (!fi->csr1212_dirs[i])
2811                         continue;
2812                 for (dentry =
2813                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2814                      dentry = dentry->next) {
2815                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2816                                                              root_kv,
2817                                                              dentry->kv);
2818                 }
2819                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2820                 fi->csr1212_dirs[i] = NULL;
2821                 csr_mod = 1;
2822         }
2823
2824         if ((csr_mod || fi->cfgrom_upd)
2825             && hpsb_update_config_rom_image(fi->host) < 0)
2826                 HPSB_ERR
2827                     ("Failed to generate Configuration ROM image for host %d",
2828                      fi->host->id);
2829
2830         if (fi->state == connected) {
2831                 spin_lock_irqsave(&host_info_lock, flags);
2832                 list_del(&fi->list);
2833                 spin_unlock_irqrestore(&host_info_lock, flags);
2834
2835                 put_device(&fi->host->device);
2836         }
2837
2838         kfree(fi);
2839
2840         return 0;
2841 }
2842
2843 /*** HOTPLUG STUFF **********************************************************/
2844 /*
2845  * Export information about protocols/devices supported by this driver.
2846  */
2847 static struct ieee1394_device_id raw1394_id_table[] = {
2848         {
2849          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2850          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2851          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2852         {
2853          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2854          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2855          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2856         {
2857          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2858          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2859          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2860         {
2861          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2862          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2863          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2864         {}
2865 };
2866
2867 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2868
2869 static struct hpsb_protocol_driver raw1394_driver = {
2870         .name = "raw1394 Driver",
2871         .id_table = raw1394_id_table,
2872         .driver = {
2873                    .name = "raw1394",
2874                    .bus = &ieee1394_bus_type,
2875                    },
2876 };
2877
2878 /******************************************************************************/
2879
2880 static struct hpsb_highlevel raw1394_highlevel = {
2881         .name = RAW1394_DEVICE_NAME,
2882         .add_host = add_host,
2883         .remove_host = remove_host,
2884         .host_reset = host_reset,
2885         .iso_receive = iso_receive,
2886         .fcp_request = fcp_request,
2887 };
2888
2889 static struct cdev raw1394_cdev;
2890 static struct file_operations raw1394_fops = {
2891         .owner = THIS_MODULE,
2892         .read = raw1394_read,
2893         .write = raw1394_write,
2894         .mmap = raw1394_mmap,
2895         .ioctl = raw1394_ioctl,
2896         .poll = raw1394_poll,
2897         .open = raw1394_open,
2898         .release = raw1394_release,
2899 };
2900
2901 static int __init init_raw1394(void)
2902 {
2903         int ret = 0;
2904
2905         hpsb_register_highlevel(&raw1394_highlevel);
2906
2907         if (IS_ERR
2908             (class_device_create
2909              (hpsb_protocol_class, NULL,
2910               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
2911               RAW1394_DEVICE_NAME))) {
2912                 ret = -EFAULT;
2913                 goto out_unreg;
2914         }
2915
2916         devfs_mk_cdev(MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16),
2917                       S_IFCHR | S_IRUSR | S_IWUSR, RAW1394_DEVICE_NAME);
2918
2919         cdev_init(&raw1394_cdev, &raw1394_fops);
2920         raw1394_cdev.owner = THIS_MODULE;
2921         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
2922         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
2923         if (ret) {
2924                 HPSB_ERR("raw1394 failed to register minor device block");
2925                 goto out_dev;
2926         }
2927
2928         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
2929
2930         ret = hpsb_register_protocol(&raw1394_driver);
2931         if (ret) {
2932                 HPSB_ERR("raw1394: failed to register protocol");
2933                 cdev_del(&raw1394_cdev);
2934                 goto out_dev;
2935         }
2936
2937         goto out;
2938
2939       out_dev:
2940         devfs_remove(RAW1394_DEVICE_NAME);
2941         class_device_destroy(hpsb_protocol_class,
2942                              MKDEV(IEEE1394_MAJOR,
2943                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2944       out_unreg:
2945         hpsb_unregister_highlevel(&raw1394_highlevel);
2946       out:
2947         return ret;
2948 }
2949
2950 static void __exit cleanup_raw1394(void)
2951 {
2952         class_device_destroy(hpsb_protocol_class,
2953                              MKDEV(IEEE1394_MAJOR,
2954                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2955         cdev_del(&raw1394_cdev);
2956         devfs_remove(RAW1394_DEVICE_NAME);
2957         hpsb_unregister_highlevel(&raw1394_highlevel);
2958         hpsb_unregister_protocol(&raw1394_driver);
2959 }
2960
2961 module_init(init_raw1394);
2962 module_exit(cleanup_raw1394);
2963 MODULE_LICENSE("GPL");