[PATCH] KVM: MMU: Support emulated writes into RAM
[linux-2.6] / drivers / macintosh / adb.c
1 /*
2  * Device driver for the Apple Desktop Bus
3  * and the /dev/adb device on macintoshes.
4  *
5  * Copyright (C) 1996 Paul Mackerras.
6  *
7  * Modified to declare controllers as structures, added
8  * client notification of bus reset and handles PowerBook
9  * sleep, by Benjamin Herrenschmidt.
10  *
11  * To do:
12  *
13  * - /sys/bus/adb to list the devices and infos
14  * - more /dev/adb to allow userland to receive the
15  *   flow of auto-polling datas from a given device.
16  * - move bus probe to a kernel thread
17  */
18
19 #include <linux/types.h>
20 #include <linux/errno.h>
21 #include <linux/kernel.h>
22 #include <linux/slab.h>
23 #include <linux/module.h>
24 #include <linux/fs.h>
25 #include <linux/mm.h>
26 #include <linux/sched.h>
27 #include <linux/smp_lock.h>
28 #include <linux/adb.h>
29 #include <linux/cuda.h>
30 #include <linux/pmu.h>
31 #include <linux/notifier.h>
32 #include <linux/wait.h>
33 #include <linux/init.h>
34 #include <linux/delay.h>
35 #include <linux/spinlock.h>
36 #include <linux/completion.h>
37 #include <linux/device.h>
38
39 #include <asm/uaccess.h>
40 #include <asm/semaphore.h>
41 #ifdef CONFIG_PPC
42 #include <asm/prom.h>
43 #include <asm/machdep.h>
44 #endif
45
46
47 EXPORT_SYMBOL(adb_controller);
48 EXPORT_SYMBOL(adb_client_list);
49
50 extern struct adb_driver via_macii_driver;
51 extern struct adb_driver via_maciisi_driver;
52 extern struct adb_driver via_cuda_driver;
53 extern struct adb_driver adb_iop_driver;
54 extern struct adb_driver via_pmu_driver;
55 extern struct adb_driver macio_adb_driver;
56
57 static struct adb_driver *adb_driver_list[] = {
58 #ifdef CONFIG_ADB_MACII
59         &via_macii_driver,
60 #endif
61 #ifdef CONFIG_ADB_MACIISI
62         &via_maciisi_driver,
63 #endif
64 #ifdef CONFIG_ADB_CUDA
65         &via_cuda_driver,
66 #endif
67 #ifdef CONFIG_ADB_IOP
68         &adb_iop_driver,
69 #endif
70 #if defined(CONFIG_ADB_PMU) || defined(CONFIG_ADB_PMU68K)
71         &via_pmu_driver,
72 #endif
73 #ifdef CONFIG_ADB_MACIO
74         &macio_adb_driver,
75 #endif
76         NULL
77 };
78
79 static struct class *adb_dev_class;
80
81 struct adb_driver *adb_controller;
82 BLOCKING_NOTIFIER_HEAD(adb_client_list);
83 static int adb_got_sleep;
84 static int adb_inited;
85 static pid_t adb_probe_task_pid;
86 static DECLARE_MUTEX(adb_probe_mutex);
87 static struct completion adb_probe_task_comp;
88 static int sleepy_trackpad;
89 static int autopoll_devs;
90 int __adb_probe_sync;
91
92 #ifdef CONFIG_PM
93 static int adb_notify_sleep(struct pmu_sleep_notifier *self, int when);
94 static struct pmu_sleep_notifier adb_sleep_notifier = {
95         adb_notify_sleep,
96         SLEEP_LEVEL_ADB,
97 };
98 #endif
99
100 static int adb_scan_bus(void);
101 static int do_adb_reset_bus(void);
102 static void adbdev_init(void);
103 static int try_handler_change(int, int);
104
105 static struct adb_handler {
106         void (*handler)(unsigned char *, int, int);
107         int original_address;
108         int handler_id;
109         int busy;
110 } adb_handler[16];
111
112 /*
113  * The adb_handler_sem mutex protects all accesses to the original_address
114  * and handler_id fields of adb_handler[i] for all i, and changes to the
115  * handler field.
116  * Accesses to the handler field are protected by the adb_handler_lock
117  * rwlock.  It is held across all calls to any handler, so that by the
118  * time adb_unregister returns, we know that the old handler isn't being
119  * called.
120  */
121 static DECLARE_MUTEX(adb_handler_sem);
122 static DEFINE_RWLOCK(adb_handler_lock);
123
124 #if 0
125 static void printADBreply(struct adb_request *req)
126 {
127         int i;
128
129         printk("adb reply (%d)", req->reply_len);
130         for(i = 0; i < req->reply_len; i++)
131                 printk(" %x", req->reply[i]);
132         printk("\n");
133
134 }
135 #endif
136
137
138 static __inline__ void adb_wait_ms(unsigned int ms)
139 {
140         if (current->pid && adb_probe_task_pid &&
141           adb_probe_task_pid == current->pid)
142                 msleep(ms);
143         else
144                 mdelay(ms);
145 }
146
147 static int adb_scan_bus(void)
148 {
149         int i, highFree=0, noMovement;
150         int devmask = 0;
151         struct adb_request req;
152         
153         /* assumes adb_handler[] is all zeroes at this point */
154         for (i = 1; i < 16; i++) {
155                 /* see if there is anything at address i */
156                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
157                             (i << 4) | 0xf);
158                 if (req.reply_len > 1)
159                         /* one or more devices at this address */
160                         adb_handler[i].original_address = i;
161                 else if (i > highFree)
162                         highFree = i;
163         }
164
165         /* Note we reset noMovement to 0 each time we move a device */
166         for (noMovement = 1; noMovement < 2 && highFree > 0; noMovement++) {
167                 for (i = 1; i < 16; i++) {
168                         if (adb_handler[i].original_address == 0)
169                                 continue;
170                         /*
171                          * Send a "talk register 3" command to address i
172                          * to provoke a collision if there is more than
173                          * one device at this address.
174                          */
175                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
176                                     (i << 4) | 0xf);
177                         /*
178                          * Move the device(s) which didn't detect a
179                          * collision to address `highFree'.  Hopefully
180                          * this only moves one device.
181                          */
182                         adb_request(&req, NULL, ADBREQ_SYNC, 3,
183                                     (i<< 4) | 0xb, (highFree | 0x60), 0xfe);
184                         /*
185                          * See if anybody actually moved. This is suggested
186                          * by HW TechNote 01:
187                          *
188                          * http://developer.apple.com/technotes/hw/hw_01.html
189                          */
190                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
191                                     (highFree << 4) | 0xf);
192                         if (req.reply_len <= 1) continue;
193                         /*
194                          * Test whether there are any device(s) left
195                          * at address i.
196                          */
197                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
198                                     (i << 4) | 0xf);
199                         if (req.reply_len > 1) {
200                                 /*
201                                  * There are still one or more devices
202                                  * left at address i.  Register the one(s)
203                                  * we moved to `highFree', and find a new
204                                  * value for highFree.
205                                  */
206                                 adb_handler[highFree].original_address =
207                                         adb_handler[i].original_address;
208                                 while (highFree > 0 &&
209                                        adb_handler[highFree].original_address)
210                                         highFree--;
211                                 if (highFree <= 0)
212                                         break;
213
214                                 noMovement = 0;
215                         }
216                         else {
217                                 /*
218                                  * No devices left at address i; move the
219                                  * one(s) we moved to `highFree' back to i.
220                                  */
221                                 adb_request(&req, NULL, ADBREQ_SYNC, 3,
222                                             (highFree << 4) | 0xb,
223                                             (i | 0x60), 0xfe);
224                         }
225                 }       
226         }
227
228         /* Now fill in the handler_id field of the adb_handler entries. */
229         printk(KERN_DEBUG "adb devices:");
230         for (i = 1; i < 16; i++) {
231                 if (adb_handler[i].original_address == 0)
232                         continue;
233                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
234                             (i << 4) | 0xf);
235                 adb_handler[i].handler_id = req.reply[2];
236                 printk(" [%d]: %d %x", i, adb_handler[i].original_address,
237                        adb_handler[i].handler_id);
238                 devmask |= 1 << i;
239         }
240         printk("\n");
241         return devmask;
242 }
243
244 /*
245  * This kernel task handles ADB probing. It dies once probing is
246  * completed.
247  */
248 static int
249 adb_probe_task(void *x)
250 {
251         sigset_t blocked;
252
253         strcpy(current->comm, "kadbprobe");
254
255         sigfillset(&blocked);
256         sigprocmask(SIG_BLOCK, &blocked, NULL);
257         flush_signals(current);
258
259         printk(KERN_INFO "adb: starting probe task...\n");
260         do_adb_reset_bus();
261         printk(KERN_INFO "adb: finished probe task...\n");
262         
263         adb_probe_task_pid = 0;
264         up(&adb_probe_mutex);
265         
266         return 0;
267 }
268
269 static void
270 __adb_probe_task(struct work_struct *bullshit)
271 {
272         adb_probe_task_pid = kernel_thread(adb_probe_task, NULL, SIGCHLD | CLONE_KERNEL);
273 }
274
275 static DECLARE_WORK(adb_reset_work, __adb_probe_task);
276
277 int
278 adb_reset_bus(void)
279 {
280         if (__adb_probe_sync) {
281                 do_adb_reset_bus();
282                 return 0;
283         }
284
285         down(&adb_probe_mutex);
286         schedule_work(&adb_reset_work);
287         return 0;
288 }
289
290 int __init adb_init(void)
291 {
292         struct adb_driver *driver;
293         int i;
294
295 #ifdef CONFIG_PPC32
296         if (!machine_is(chrp) && !machine_is(powermac))
297                 return 0;
298 #endif
299 #ifdef CONFIG_MAC
300         if (!MACH_IS_MAC)
301                 return 0;
302 #endif
303
304         /* xmon may do early-init */
305         if (adb_inited)
306                 return 0;
307         adb_inited = 1;
308                 
309         adb_controller = NULL;
310
311         i = 0;
312         while ((driver = adb_driver_list[i++]) != NULL) {
313                 if (!driver->probe()) {
314                         adb_controller = driver;
315                         break;
316                 }
317         }
318         if ((adb_controller == NULL) || adb_controller->init()) {
319                 printk(KERN_WARNING "Warning: no ADB interface detected\n");
320                 adb_controller = NULL;
321         } else {
322 #ifdef CONFIG_PM
323                 pmu_register_sleep_notifier(&adb_sleep_notifier);
324 #endif /* CONFIG_PM */
325 #ifdef CONFIG_PPC
326                 if (machine_is_compatible("AAPL,PowerBook1998") ||
327                         machine_is_compatible("PowerBook1,1"))
328                         sleepy_trackpad = 1;
329 #endif /* CONFIG_PPC */
330                 init_completion(&adb_probe_task_comp);
331                 adbdev_init();
332                 adb_reset_bus();
333         }
334         return 0;
335 }
336
337 __initcall(adb_init);
338
339 #ifdef CONFIG_PM
340 /*
341  * notify clients before sleep and reset bus afterwards
342  */
343 int
344 adb_notify_sleep(struct pmu_sleep_notifier *self, int when)
345 {
346         int ret;
347         
348         switch (when) {
349         case PBOOK_SLEEP_REQUEST:
350                 adb_got_sleep = 1;
351                 /* We need to get a lock on the probe thread */
352                 down(&adb_probe_mutex);
353                 /* Stop autopoll */
354                 if (adb_controller->autopoll)
355                         adb_controller->autopoll(0);
356                 ret = blocking_notifier_call_chain(&adb_client_list,
357                                 ADB_MSG_POWERDOWN, NULL);
358                 if (ret & NOTIFY_STOP_MASK) {
359                         up(&adb_probe_mutex);
360                         return PBOOK_SLEEP_REFUSE;
361                 }
362                 break;
363         case PBOOK_SLEEP_REJECT:
364                 if (adb_got_sleep) {
365                         adb_got_sleep = 0;
366                         up(&adb_probe_mutex);
367                         adb_reset_bus();
368                 }
369                 break;
370                 
371         case PBOOK_SLEEP_NOW:
372                 break;
373         case PBOOK_WAKE:
374                 adb_got_sleep = 0;
375                 up(&adb_probe_mutex);
376                 adb_reset_bus();
377                 break;
378         }
379         return PBOOK_SLEEP_OK;
380 }
381 #endif /* CONFIG_PM */
382
383 static int
384 do_adb_reset_bus(void)
385 {
386         int ret, nret;
387         
388         if (adb_controller == NULL)
389                 return -ENXIO;
390                 
391         if (adb_controller->autopoll)
392                 adb_controller->autopoll(0);
393
394         nret = blocking_notifier_call_chain(&adb_client_list,
395                         ADB_MSG_PRE_RESET, NULL);
396         if (nret & NOTIFY_STOP_MASK) {
397                 if (adb_controller->autopoll)
398                         adb_controller->autopoll(autopoll_devs);
399                 return -EBUSY;
400         }
401
402         if (sleepy_trackpad) {
403                 /* Let the trackpad settle down */
404                 adb_wait_ms(500);
405         }
406
407         down(&adb_handler_sem);
408         write_lock_irq(&adb_handler_lock);
409         memset(adb_handler, 0, sizeof(adb_handler));
410         write_unlock_irq(&adb_handler_lock);
411
412         /* That one is still a bit synchronous, oh well... */
413         if (adb_controller->reset_bus)
414                 ret = adb_controller->reset_bus();
415         else
416                 ret = 0;
417
418         if (sleepy_trackpad) {
419                 /* Let the trackpad settle down */
420                 adb_wait_ms(1500);
421         }
422
423         if (!ret) {
424                 autopoll_devs = adb_scan_bus();
425                 if (adb_controller->autopoll)
426                         adb_controller->autopoll(autopoll_devs);
427         }
428         up(&adb_handler_sem);
429
430         nret = blocking_notifier_call_chain(&adb_client_list,
431                         ADB_MSG_POST_RESET, NULL);
432         if (nret & NOTIFY_STOP_MASK)
433                 return -EBUSY;
434         
435         return ret;
436 }
437
438 void
439 adb_poll(void)
440 {
441         if ((adb_controller == NULL)||(adb_controller->poll == NULL))
442                 return;
443         adb_controller->poll();
444 }
445
446 static void
447 adb_probe_wakeup(struct adb_request *req)
448 {
449         complete(&adb_probe_task_comp);
450 }
451
452 /* Static request used during probe */
453 static struct adb_request adb_sreq;
454 static unsigned long adb_sreq_lock; // Use semaphore ! */ 
455
456 int
457 adb_request(struct adb_request *req, void (*done)(struct adb_request *),
458             int flags, int nbytes, ...)
459 {
460         va_list list;
461         int i, use_sreq;
462         int rc;
463
464         if ((adb_controller == NULL) || (adb_controller->send_request == NULL))
465                 return -ENXIO;
466         if (nbytes < 1)
467                 return -EINVAL;
468         if (req == NULL && (flags & ADBREQ_NOSEND))
469                 return -EINVAL;
470         
471         if (req == NULL) {
472                 if (test_and_set_bit(0,&adb_sreq_lock)) {
473                         printk("adb.c: Warning: contention on static request !\n");
474                         return -EPERM;
475                 }
476                 req = &adb_sreq;
477                 flags |= ADBREQ_SYNC;
478                 use_sreq = 1;
479         } else
480                 use_sreq = 0;
481         req->nbytes = nbytes+1;
482         req->done = done;
483         req->reply_expected = flags & ADBREQ_REPLY;
484         req->data[0] = ADB_PACKET;
485         va_start(list, nbytes);
486         for (i = 0; i < nbytes; ++i)
487                 req->data[i+1] = va_arg(list, int);
488         va_end(list);
489
490         if (flags & ADBREQ_NOSEND)
491                 return 0;
492
493         /* Synchronous requests send from the probe thread cause it to
494          * block. Beware that the "done" callback will be overriden !
495          */
496         if ((flags & ADBREQ_SYNC) &&
497             (current->pid && adb_probe_task_pid &&
498             adb_probe_task_pid == current->pid)) {
499                 req->done = adb_probe_wakeup;
500                 rc = adb_controller->send_request(req, 0);
501                 if (rc || req->complete)
502                         goto bail;
503                 wait_for_completion(&adb_probe_task_comp);
504                 rc = 0;
505                 goto bail;
506         }
507
508         rc = adb_controller->send_request(req, flags & ADBREQ_SYNC);
509 bail:
510         if (use_sreq)
511                 clear_bit(0, &adb_sreq_lock);
512
513         return rc;
514 }
515
516  /* Ultimately this should return the number of devices with
517     the given default id.
518     And it does it now ! Note: changed behaviour: This function
519     will now register if default_id _and_ handler_id both match
520     but handler_id can be left to 0 to match with default_id only.
521     When handler_id is set, this function will try to adjust
522     the handler_id id it doesn't match. */
523 int
524 adb_register(int default_id, int handler_id, struct adb_ids *ids,
525              void (*handler)(unsigned char *, int, int))
526 {
527         int i;
528
529         down(&adb_handler_sem);
530         ids->nids = 0;
531         for (i = 1; i < 16; i++) {
532                 if ((adb_handler[i].original_address == default_id) &&
533                     (!handler_id || (handler_id == adb_handler[i].handler_id) || 
534                     try_handler_change(i, handler_id))) {
535                         if (adb_handler[i].handler != 0) {
536                                 printk(KERN_ERR
537                                        "Two handlers for ADB device %d\n",
538                                        default_id);
539                                 continue;
540                         }
541                         write_lock_irq(&adb_handler_lock);
542                         adb_handler[i].handler = handler;
543                         write_unlock_irq(&adb_handler_lock);
544                         ids->id[ids->nids++] = i;
545                 }
546         }
547         up(&adb_handler_sem);
548         return ids->nids;
549 }
550
551 int
552 adb_unregister(int index)
553 {
554         int ret = -ENODEV;
555
556         down(&adb_handler_sem);
557         write_lock_irq(&adb_handler_lock);
558         if (adb_handler[index].handler) {
559                 while(adb_handler[index].busy) {
560                         write_unlock_irq(&adb_handler_lock);
561                         yield();
562                         write_lock_irq(&adb_handler_lock);
563                 }
564                 ret = 0;
565                 adb_handler[index].handler = NULL;
566         }
567         write_unlock_irq(&adb_handler_lock);
568         up(&adb_handler_sem);
569         return ret;
570 }
571
572 void
573 adb_input(unsigned char *buf, int nb, int autopoll)
574 {
575         int i, id;
576         static int dump_adb_input = 0;
577         unsigned long flags;
578         
579         void (*handler)(unsigned char *, int, int);
580
581         /* We skip keystrokes and mouse moves when the sleep process
582          * has been started. We stop autopoll, but this is another security
583          */
584         if (adb_got_sleep)
585                 return;
586                 
587         id = buf[0] >> 4;
588         if (dump_adb_input) {
589                 printk(KERN_INFO "adb packet: ");
590                 for (i = 0; i < nb; ++i)
591                         printk(" %x", buf[i]);
592                 printk(", id = %d\n", id);
593         }
594         write_lock_irqsave(&adb_handler_lock, flags);
595         handler = adb_handler[id].handler;
596         if (handler != NULL)
597                 adb_handler[id].busy = 1;
598         write_unlock_irqrestore(&adb_handler_lock, flags);
599         if (handler != NULL) {
600                 (*handler)(buf, nb, autopoll);
601                 wmb();
602                 adb_handler[id].busy = 0;
603         }
604                 
605 }
606
607 /* Try to change handler to new_id. Will return 1 if successful. */
608 static int try_handler_change(int address, int new_id)
609 {
610         struct adb_request req;
611
612         if (adb_handler[address].handler_id == new_id)
613             return 1;
614         adb_request(&req, NULL, ADBREQ_SYNC, 3,
615             ADB_WRITEREG(address, 3), address | 0x20, new_id);
616         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
617             ADB_READREG(address, 3));
618         if (req.reply_len < 2)
619             return 0;
620         if (req.reply[2] != new_id)
621             return 0;
622         adb_handler[address].handler_id = req.reply[2];
623
624         return 1;
625 }
626
627 int
628 adb_try_handler_change(int address, int new_id)
629 {
630         int ret;
631
632         down(&adb_handler_sem);
633         ret = try_handler_change(address, new_id);
634         up(&adb_handler_sem);
635         return ret;
636 }
637
638 int
639 adb_get_infos(int address, int *original_address, int *handler_id)
640 {
641         down(&adb_handler_sem);
642         *original_address = adb_handler[address].original_address;
643         *handler_id = adb_handler[address].handler_id;
644         up(&adb_handler_sem);
645
646         return (*original_address != 0);
647 }
648
649
650 /*
651  * /dev/adb device driver.
652  */
653
654 #define ADB_MAJOR       56      /* major number for /dev/adb */
655
656 struct adbdev_state {
657         spinlock_t      lock;
658         atomic_t        n_pending;
659         struct adb_request *completed;
660         wait_queue_head_t wait_queue;
661         int             inuse;
662 };
663
664 static void adb_write_done(struct adb_request *req)
665 {
666         struct adbdev_state *state = (struct adbdev_state *) req->arg;
667         unsigned long flags;
668
669         if (!req->complete) {
670                 req->reply_len = 0;
671                 req->complete = 1;
672         }
673         spin_lock_irqsave(&state->lock, flags);
674         atomic_dec(&state->n_pending);
675         if (!state->inuse) {
676                 kfree(req);
677                 if (atomic_read(&state->n_pending) == 0) {
678                         spin_unlock_irqrestore(&state->lock, flags);
679                         kfree(state);
680                         return;
681                 }
682         } else {
683                 struct adb_request **ap = &state->completed;
684                 while (*ap != NULL)
685                         ap = &(*ap)->next;
686                 req->next = NULL;
687                 *ap = req;
688                 wake_up_interruptible(&state->wait_queue);
689         }
690         spin_unlock_irqrestore(&state->lock, flags);
691 }
692
693 static int
694 do_adb_query(struct adb_request *req)
695 {
696         int     ret = -EINVAL;
697
698         switch(req->data[1])
699         {
700         case ADB_QUERY_GETDEVINFO:
701                 if (req->nbytes < 3)
702                         break;
703                 down(&adb_handler_sem);
704                 req->reply[0] = adb_handler[req->data[2]].original_address;
705                 req->reply[1] = adb_handler[req->data[2]].handler_id;
706                 up(&adb_handler_sem);
707                 req->complete = 1;
708                 req->reply_len = 2;
709                 adb_write_done(req);
710                 ret = 0;
711                 break;
712         }
713         return ret;
714 }
715
716 static int adb_open(struct inode *inode, struct file *file)
717 {
718         struct adbdev_state *state;
719
720         if (iminor(inode) > 0 || adb_controller == NULL)
721                 return -ENXIO;
722         state = kmalloc(sizeof(struct adbdev_state), GFP_KERNEL);
723         if (state == 0)
724                 return -ENOMEM;
725         file->private_data = state;
726         spin_lock_init(&state->lock);
727         atomic_set(&state->n_pending, 0);
728         state->completed = NULL;
729         init_waitqueue_head(&state->wait_queue);
730         state->inuse = 1;
731
732         return 0;
733 }
734
735 static int adb_release(struct inode *inode, struct file *file)
736 {
737         struct adbdev_state *state = file->private_data;
738         unsigned long flags;
739
740         lock_kernel();
741         if (state) {
742                 file->private_data = NULL;
743                 spin_lock_irqsave(&state->lock, flags);
744                 if (atomic_read(&state->n_pending) == 0
745                     && state->completed == NULL) {
746                         spin_unlock_irqrestore(&state->lock, flags);
747                         kfree(state);
748                 } else {
749                         state->inuse = 0;
750                         spin_unlock_irqrestore(&state->lock, flags);
751                 }
752         }
753         unlock_kernel();
754         return 0;
755 }
756
757 static ssize_t adb_read(struct file *file, char __user *buf,
758                         size_t count, loff_t *ppos)
759 {
760         int ret = 0;
761         struct adbdev_state *state = file->private_data;
762         struct adb_request *req;
763         wait_queue_t wait = __WAITQUEUE_INITIALIZER(wait,current);
764         unsigned long flags;
765
766         if (count < 2)
767                 return -EINVAL;
768         if (count > sizeof(req->reply))
769                 count = sizeof(req->reply);
770         if (!access_ok(VERIFY_WRITE, buf, count))
771                 return -EFAULT;
772
773         req = NULL;
774         spin_lock_irqsave(&state->lock, flags);
775         add_wait_queue(&state->wait_queue, &wait);
776         current->state = TASK_INTERRUPTIBLE;
777
778         for (;;) {
779                 req = state->completed;
780                 if (req != NULL)
781                         state->completed = req->next;
782                 else if (atomic_read(&state->n_pending) == 0)
783                         ret = -EIO;
784                 if (req != NULL || ret != 0)
785                         break;
786                 
787                 if (file->f_flags & O_NONBLOCK) {
788                         ret = -EAGAIN;
789                         break;
790                 }
791                 if (signal_pending(current)) {
792                         ret = -ERESTARTSYS;
793                         break;
794                 }
795                 spin_unlock_irqrestore(&state->lock, flags);
796                 schedule();
797                 spin_lock_irqsave(&state->lock, flags);
798         }
799
800         current->state = TASK_RUNNING;
801         remove_wait_queue(&state->wait_queue, &wait);
802         spin_unlock_irqrestore(&state->lock, flags);
803         
804         if (ret)
805                 return ret;
806
807         ret = req->reply_len;
808         if (ret > count)
809                 ret = count;
810         if (ret > 0 && copy_to_user(buf, req->reply, ret))
811                 ret = -EFAULT;
812
813         kfree(req);
814         return ret;
815 }
816
817 static ssize_t adb_write(struct file *file, const char __user *buf,
818                          size_t count, loff_t *ppos)
819 {
820         int ret/*, i*/;
821         struct adbdev_state *state = file->private_data;
822         struct adb_request *req;
823
824         if (count < 2 || count > sizeof(req->data))
825                 return -EINVAL;
826         if (adb_controller == NULL)
827                 return -ENXIO;
828         if (!access_ok(VERIFY_READ, buf, count))
829                 return -EFAULT;
830
831         req = kmalloc(sizeof(struct adb_request),
832                                              GFP_KERNEL);
833         if (req == NULL)
834                 return -ENOMEM;
835
836         req->nbytes = count;
837         req->done = adb_write_done;
838         req->arg = (void *) state;
839         req->complete = 0;
840         
841         ret = -EFAULT;
842         if (copy_from_user(req->data, buf, count))
843                 goto out;
844
845         atomic_inc(&state->n_pending);
846
847         /* If a probe is in progress or we are sleeping, wait for it to complete */
848         down(&adb_probe_mutex);
849
850         /* Queries are special requests sent to the ADB driver itself */
851         if (req->data[0] == ADB_QUERY) {
852                 if (count > 1)
853                         ret = do_adb_query(req);
854                 else
855                         ret = -EINVAL;
856                 up(&adb_probe_mutex);
857         }
858         /* Special case for ADB_BUSRESET request, all others are sent to
859            the controller */
860         else if ((req->data[0] == ADB_PACKET)&&(count > 1)
861                 &&(req->data[1] == ADB_BUSRESET)) {
862                 ret = do_adb_reset_bus();
863                 up(&adb_probe_mutex);
864                 atomic_dec(&state->n_pending);
865                 if (ret == 0)
866                         ret = count;
867                 goto out;
868         } else {        
869                 req->reply_expected = ((req->data[1] & 0xc) == 0xc);
870                 if (adb_controller && adb_controller->send_request)
871                         ret = adb_controller->send_request(req, 0);
872                 else
873                         ret = -ENXIO;
874                 up(&adb_probe_mutex);
875         }
876
877         if (ret != 0) {
878                 atomic_dec(&state->n_pending);
879                 goto out;
880         }
881         return count;
882
883 out:
884         kfree(req);
885         return ret;
886 }
887
888 static struct file_operations adb_fops = {
889         .owner          = THIS_MODULE,
890         .llseek         = no_llseek,
891         .read           = adb_read,
892         .write          = adb_write,
893         .open           = adb_open,
894         .release        = adb_release,
895 };
896
897 static void
898 adbdev_init(void)
899 {
900         if (register_chrdev(ADB_MAJOR, "adb", &adb_fops)) {
901                 printk(KERN_ERR "adb: unable to get major %d\n", ADB_MAJOR);
902                 return;
903         }
904
905         adb_dev_class = class_create(THIS_MODULE, "adb");
906         if (IS_ERR(adb_dev_class))
907                 return;
908         class_device_create(adb_dev_class, NULL, MKDEV(ADB_MAJOR, 0), NULL, "adb");
909 }