pcmcia: call pcmcia_{read,write}_cis_mem with ops_mutex held
[linux-2.6.git] / drivers / pcmcia / cistpl.c
1 /*
2  * cistpl.c -- 16-bit PCMCIA Card Information Structure parser
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License version 2 as
6  * published by the Free Software Foundation.
7  *
8  * The initial developer of the original code is David A. Hinds
9  * <dahinds@users.sourceforge.net>.  Portions created by David A. Hinds
10  * are Copyright (C) 1999 David A. Hinds.  All Rights Reserved.
11  *
12  * (C) 1999             David A. Hinds
13  */
14
15 #include <linux/module.h>
16 #include <linux/moduleparam.h>
17 #include <linux/kernel.h>
18 #include <linux/string.h>
19 #include <linux/major.h>
20 #include <linux/errno.h>
21 #include <linux/timer.h>
22 #include <linux/slab.h>
23 #include <linux/mm.h>
24 #include <linux/pci.h>
25 #include <linux/ioport.h>
26 #include <linux/io.h>
27 #include <asm/byteorder.h>
28 #include <asm/unaligned.h>
29
30 #include <pcmcia/cs_types.h>
31 #include <pcmcia/ss.h>
32 #include <pcmcia/cs.h>
33 #include <pcmcia/cisreg.h>
34 #include <pcmcia/cistpl.h>
35 #include "cs_internal.h"
36
37 static const u_char mantissa[] = {
38     10, 12, 13, 15, 20, 25, 30, 35,
39     40, 45, 50, 55, 60, 70, 80, 90
40 };
41
42 static const u_int exponent[] = {
43     1, 10, 100, 1000, 10000, 100000, 1000000, 10000000
44 };
45
46 /* Convert an extended speed byte to a time in nanoseconds */
47 #define SPEED_CVT(v) \
48     (mantissa[(((v)>>3)&15)-1] * exponent[(v)&7] / 10)
49 /* Convert a power byte to a current in 0.1 microamps */
50 #define POWER_CVT(v) \
51     (mantissa[((v)>>3)&15] * exponent[(v)&7] / 10)
52 #define POWER_SCALE(v)          (exponent[(v)&7])
53
54 /* Upper limit on reasonable # of tuples */
55 #define MAX_TUPLES              200
56
57 /* 16-bit CIS? */
58 static int cis_width;
59 module_param(cis_width, int, 0444);
60
61 void release_cis_mem(struct pcmcia_socket *s)
62 {
63         mutex_lock(&s->ops_mutex);
64         if (s->cis_mem.flags & MAP_ACTIVE) {
65                 s->cis_mem.flags &= ~MAP_ACTIVE;
66                 s->ops->set_mem_map(s, &s->cis_mem);
67                 if (s->cis_mem.res) {
68                         release_resource(s->cis_mem.res);
69                         kfree(s->cis_mem.res);
70                         s->cis_mem.res = NULL;
71                 }
72                 iounmap(s->cis_virt);
73                 s->cis_virt = NULL;
74         }
75         mutex_unlock(&s->ops_mutex);
76 }
77
78 /**
79  * set_cis_map() - map the card memory at "card_offset" into virtual space.
80  *
81  * If flags & MAP_ATTRIB, map the attribute space, otherwise
82  * map the memory space.
83  *
84  * Must be called with ops_mutex held.
85  */
86 static void __iomem *set_cis_map(struct pcmcia_socket *s,
87                                 unsigned int card_offset, unsigned int flags)
88 {
89         pccard_mem_map *mem = &s->cis_mem;
90         int ret;
91
92         if (!(s->features & SS_CAP_STATIC_MAP) && (mem->res == NULL)) {
93                 mem->res = pcmcia_find_mem_region(0, s->map_size,
94                                                 s->map_size, 0, s);
95                 if (mem->res == NULL) {
96                         dev_printk(KERN_NOTICE, &s->dev,
97                                    "cs: unable to map card memory!\n");
98                         return NULL;
99                 }
100                 s->cis_virt = NULL;
101         }
102
103         if (!(s->features & SS_CAP_STATIC_MAP) && (!s->cis_virt))
104                 s->cis_virt = ioremap(mem->res->start, s->map_size);
105
106         mem->card_start = card_offset;
107         mem->flags = flags;
108
109         ret = s->ops->set_mem_map(s, mem);
110         if (ret) {
111                 iounmap(s->cis_virt);
112                 s->cis_virt = NULL;
113                 return NULL;
114         }
115
116         if (s->features & SS_CAP_STATIC_MAP) {
117                 if (s->cis_virt)
118                         iounmap(s->cis_virt);
119                 s->cis_virt = ioremap(mem->static_start, s->map_size);
120         }
121
122         return s->cis_virt;
123 }
124
125
126 /* Bits in attr field */
127 #define IS_ATTR         1
128 #define IS_INDIRECT     8
129
130 /**
131  * pcmcia_read_cis_mem() - low-level function to read CIS memory
132  *
133  * must be called with ops_mutex held
134  */
135 int pcmcia_read_cis_mem(struct pcmcia_socket *s, int attr, u_int addr,
136                  u_int len, void *ptr)
137 {
138         void __iomem *sys, *end;
139         unsigned char *buf = ptr;
140
141         dev_dbg(&s->dev, "pcmcia_read_cis_mem(%d, %#x, %u)\n", attr, addr, len);
142
143         if (attr & IS_INDIRECT) {
144                 /* Indirect accesses use a bunch of special registers at fixed
145                    locations in common memory */
146                 u_char flags = ICTRL0_COMMON|ICTRL0_AUTOINC|ICTRL0_BYTEGRAN;
147                 if (attr & IS_ATTR) {
148                         addr *= 2;
149                         flags = ICTRL0_AUTOINC;
150                 }
151
152                 sys = set_cis_map(s, 0, MAP_ACTIVE |
153                                 ((cis_width) ? MAP_16BIT : 0));
154                 if (!sys) {
155                         dev_dbg(&s->dev, "could not map memory\n");
156                         memset(ptr, 0xff, len);
157                         return -1;
158                 }
159
160                 writeb(flags, sys+CISREG_ICTRL0);
161                 writeb(addr & 0xff, sys+CISREG_IADDR0);
162                 writeb((addr>>8) & 0xff, sys+CISREG_IADDR1);
163                 writeb((addr>>16) & 0xff, sys+CISREG_IADDR2);
164                 writeb((addr>>24) & 0xff, sys+CISREG_IADDR3);
165                 for ( ; len > 0; len--, buf++)
166                         *buf = readb(sys+CISREG_IDATA0);
167         } else {
168                 u_int inc = 1, card_offset, flags;
169
170                 if (addr > CISTPL_MAX_CIS_SIZE)
171                         dev_dbg(&s->dev,
172                                 "attempt to read CIS mem at addr %#x", addr);
173
174                 flags = MAP_ACTIVE | ((cis_width) ? MAP_16BIT : 0);
175                 if (attr) {
176                         flags |= MAP_ATTRIB;
177                         inc++;
178                         addr *= 2;
179                 }
180
181                 card_offset = addr & ~(s->map_size-1);
182                 while (len) {
183                         sys = set_cis_map(s, card_offset, flags);
184                         if (!sys) {
185                                 dev_dbg(&s->dev, "could not map memory\n");
186                                 memset(ptr, 0xff, len);
187                                 return -1;
188                         }
189                         end = sys + s->map_size;
190                         sys = sys + (addr & (s->map_size-1));
191                         for ( ; len > 0; len--, buf++, sys += inc) {
192                                 if (sys == end)
193                                         break;
194                                 *buf = readb(sys);
195                         }
196                         card_offset += s->map_size;
197                         addr = 0;
198                 }
199         }
200         dev_dbg(&s->dev, "  %#2.2x %#2.2x %#2.2x %#2.2x ...\n",
201                 *(u_char *)(ptr+0), *(u_char *)(ptr+1),
202                 *(u_char *)(ptr+2), *(u_char *)(ptr+3));
203         return 0;
204 }
205
206
207 /**
208  * pcmcia_write_cis_mem() - low-level function to write CIS memory
209  *
210  * Probably only useful for writing one-byte registers. Must be called
211  * with ops_mutex held.
212  */
213 void pcmcia_write_cis_mem(struct pcmcia_socket *s, int attr, u_int addr,
214                    u_int len, void *ptr)
215 {
216         void __iomem *sys, *end;
217         unsigned char *buf = ptr;
218
219         dev_dbg(&s->dev,
220                 "pcmcia_write_cis_mem(%d, %#x, %u)\n", attr, addr, len);
221
222         if (attr & IS_INDIRECT) {
223                 /* Indirect accesses use a bunch of special registers at fixed
224                    locations in common memory */
225                 u_char flags = ICTRL0_COMMON|ICTRL0_AUTOINC|ICTRL0_BYTEGRAN;
226                 if (attr & IS_ATTR) {
227                         addr *= 2;
228                         flags = ICTRL0_AUTOINC;
229                 }
230
231                 sys = set_cis_map(s, 0, MAP_ACTIVE |
232                                 ((cis_width) ? MAP_16BIT : 0));
233                 if (!sys) {
234                         dev_dbg(&s->dev, "could not map memory\n");
235                         return; /* FIXME: Error */
236                 }
237
238                 writeb(flags, sys+CISREG_ICTRL0);
239                 writeb(addr & 0xff, sys+CISREG_IADDR0);
240                 writeb((addr>>8) & 0xff, sys+CISREG_IADDR1);
241                 writeb((addr>>16) & 0xff, sys+CISREG_IADDR2);
242                 writeb((addr>>24) & 0xff, sys+CISREG_IADDR3);
243                 for ( ; len > 0; len--, buf++)
244                         writeb(*buf, sys+CISREG_IDATA0);
245         } else {
246                 u_int inc = 1, card_offset, flags;
247
248                 flags = MAP_ACTIVE | ((cis_width) ? MAP_16BIT : 0);
249                 if (attr & IS_ATTR) {
250                         flags |= MAP_ATTRIB;
251                         inc++;
252                         addr *= 2;
253                 }
254
255                 card_offset = addr & ~(s->map_size-1);
256                 while (len) {
257                         sys = set_cis_map(s, card_offset, flags);
258                         if (!sys) {
259                                 dev_dbg(&s->dev, "could not map memory\n");
260                                 return; /* FIXME: error */
261                         }
262
263                         end = sys + s->map_size;
264                         sys = sys + (addr & (s->map_size-1));
265                         for ( ; len > 0; len--, buf++, sys += inc) {
266                                 if (sys == end)
267                                         break;
268                                 writeb(*buf, sys);
269                         }
270                         card_offset += s->map_size;
271                         addr = 0;
272                 }
273         }
274 }
275
276
277 /**
278  * read_cis_cache() - read CIS memory or its associated cache
279  *
280  * This is a wrapper around read_cis_mem, with the same interface,
281  * but which caches information, for cards whose CIS may not be
282  * readable all the time.
283  */
284 static int read_cis_cache(struct pcmcia_socket *s, int attr, u_int addr,
285                         size_t len, void *ptr)
286 {
287         struct cis_cache_entry *cis;
288         int ret = 0;
289
290         if (s->state & SOCKET_CARDBUS)
291                 return -EINVAL;
292
293         mutex_lock(&s->ops_mutex);
294         if (s->fake_cis) {
295                 if (s->fake_cis_len >= addr+len)
296                         memcpy(ptr, s->fake_cis+addr, len);
297                 else {
298                         memset(ptr, 0xff, len);
299                         ret = -EINVAL;
300                 }
301                 mutex_unlock(&s->ops_mutex);
302                 return ret;
303         }
304
305         list_for_each_entry(cis, &s->cis_cache, node) {
306                 if (cis->addr == addr && cis->len == len && cis->attr == attr) {
307                         memcpy(ptr, cis->cache, len);
308                         mutex_unlock(&s->ops_mutex);
309                         return 0;
310                 }
311         }
312
313         ret = pcmcia_read_cis_mem(s, attr, addr, len, ptr);
314
315         if (ret == 0) {
316                 /* Copy data into the cache */
317                 cis = kmalloc(sizeof(struct cis_cache_entry) + len, GFP_KERNEL);
318                 if (cis) {
319                         cis->addr = addr;
320                         cis->len = len;
321                         cis->attr = attr;
322                         memcpy(cis->cache, ptr, len);
323                         list_add(&cis->node, &s->cis_cache);
324                 }
325         }
326         mutex_unlock(&s->ops_mutex);
327
328         return ret;
329 }
330
331 static void
332 remove_cis_cache(struct pcmcia_socket *s, int attr, u_int addr, u_int len)
333 {
334         struct cis_cache_entry *cis;
335
336         mutex_lock(&s->ops_mutex);
337         list_for_each_entry(cis, &s->cis_cache, node)
338                 if (cis->addr == addr && cis->len == len && cis->attr == attr) {
339                         list_del(&cis->node);
340                         kfree(cis);
341                         break;
342                 }
343         mutex_unlock(&s->ops_mutex);
344 }
345
346 /**
347  * destroy_cis_cache() - destroy the CIS cache
348  * @s:          pcmcia_socket for which CIS cache shall be destroyed
349  *
350  * This destroys the CIS cache but keeps any fake CIS alive. Must be
351  * called with ops_mutex held.
352  */
353 void destroy_cis_cache(struct pcmcia_socket *s)
354 {
355         struct list_head *l, *n;
356         struct cis_cache_entry *cis;
357
358         list_for_each_safe(l, n, &s->cis_cache) {
359                 cis = list_entry(l, struct cis_cache_entry, node);
360                 list_del(&cis->node);
361                 kfree(cis);
362         }
363 }
364
365 /**
366  * verify_cis_cache() - does the CIS match what is in the CIS cache?
367  */
368 int verify_cis_cache(struct pcmcia_socket *s)
369 {
370         struct cis_cache_entry *cis;
371         char *buf;
372         int ret;
373
374         if (s->state & SOCKET_CARDBUS)
375                 return -EINVAL;
376
377         buf = kmalloc(256, GFP_KERNEL);
378         if (buf == NULL) {
379                 dev_printk(KERN_WARNING, &s->dev,
380                            "no memory for verifying CIS\n");
381                 return -ENOMEM;
382         }
383         mutex_lock(&s->ops_mutex);
384         list_for_each_entry(cis, &s->cis_cache, node) {
385                 int len = cis->len;
386
387                 if (len > 256)
388                         len = 256;
389
390                 ret = pcmcia_read_cis_mem(s, cis->attr, cis->addr, len, buf);
391                 if (ret || memcmp(buf, cis->cache, len) != 0) {
392                         kfree(buf);
393                         mutex_unlock(&s->ops_mutex);
394                         return -1;
395                 }
396         }
397         kfree(buf);
398         mutex_unlock(&s->ops_mutex);
399         return 0;
400 }
401
402 /**
403  * pcmcia_replace_cis() - use a replacement CIS instead of the card's CIS
404  *
405  * For really bad cards, we provide a facility for uploading a
406  * replacement CIS.
407  */
408 int pcmcia_replace_cis(struct pcmcia_socket *s,
409                        const u8 *data, const size_t len)
410 {
411         if (len > CISTPL_MAX_CIS_SIZE) {
412                 dev_printk(KERN_WARNING, &s->dev, "replacement CIS too big\n");
413                 return -EINVAL;
414         }
415         mutex_lock(&s->ops_mutex);
416         kfree(s->fake_cis);
417         s->fake_cis = kmalloc(len, GFP_KERNEL);
418         if (s->fake_cis == NULL) {
419                 dev_printk(KERN_WARNING, &s->dev, "no memory to replace CIS\n");
420                 mutex_unlock(&s->ops_mutex);
421                 return -ENOMEM;
422         }
423         s->fake_cis_len = len;
424         memcpy(s->fake_cis, data, len);
425         dev_info(&s->dev, "Using replacement CIS\n");
426         mutex_unlock(&s->ops_mutex);
427         return 0;
428 }
429
430 /* The high-level CIS tuple services */
431
432 typedef struct tuple_flags {
433         u_int           link_space:4;
434         u_int           has_link:1;
435         u_int           mfc_fn:3;
436         u_int           space:4;
437 } tuple_flags;
438
439 #define LINK_SPACE(f)   (((tuple_flags *)(&(f)))->link_space)
440 #define HAS_LINK(f)     (((tuple_flags *)(&(f)))->has_link)
441 #define MFC_FN(f)       (((tuple_flags *)(&(f)))->mfc_fn)
442 #define SPACE(f)        (((tuple_flags *)(&(f)))->space)
443
444 int pccard_get_first_tuple(struct pcmcia_socket *s, unsigned int function,
445                         tuple_t *tuple)
446 {
447         if (!s)
448                 return -EINVAL;
449
450         if (!(s->state & SOCKET_PRESENT) || (s->state & SOCKET_CARDBUS))
451                 return -ENODEV;
452         tuple->TupleLink = tuple->Flags = 0;
453
454         /* Assume presence of a LONGLINK_C to address 0 */
455         tuple->CISOffset = tuple->LinkOffset = 0;
456         SPACE(tuple->Flags) = HAS_LINK(tuple->Flags) = 1;
457
458         if ((s->functions > 1) && !(tuple->Attributes & TUPLE_RETURN_COMMON)) {
459                 cisdata_t req = tuple->DesiredTuple;
460                 tuple->DesiredTuple = CISTPL_LONGLINK_MFC;
461                 if (pccard_get_next_tuple(s, function, tuple) == 0) {
462                         tuple->DesiredTuple = CISTPL_LINKTARGET;
463                         if (pccard_get_next_tuple(s, function, tuple) != 0)
464                                 return -ENOSPC;
465                 } else
466                         tuple->CISOffset = tuple->TupleLink = 0;
467                 tuple->DesiredTuple = req;
468         }
469         return pccard_get_next_tuple(s, function, tuple);
470 }
471
472 static int follow_link(struct pcmcia_socket *s, tuple_t *tuple)
473 {
474         u_char link[5];
475         u_int ofs;
476         int ret;
477
478         if (MFC_FN(tuple->Flags)) {
479                 /* Get indirect link from the MFC tuple */
480                 ret = read_cis_cache(s, LINK_SPACE(tuple->Flags),
481                                 tuple->LinkOffset, 5, link);
482                 if (ret)
483                         return -1;
484                 ofs = get_unaligned_le32(link + 1);
485                 SPACE(tuple->Flags) = (link[0] == CISTPL_MFC_ATTR);
486                 /* Move to the next indirect link */
487                 tuple->LinkOffset += 5;
488                 MFC_FN(tuple->Flags)--;
489         } else if (HAS_LINK(tuple->Flags)) {
490                 ofs = tuple->LinkOffset;
491                 SPACE(tuple->Flags) = LINK_SPACE(tuple->Flags);
492                 HAS_LINK(tuple->Flags) = 0;
493         } else
494                 return -1;
495
496         if (SPACE(tuple->Flags)) {
497                 /* This is ugly, but a common CIS error is to code the long
498                    link offset incorrectly, so we check the right spot... */
499                 ret = read_cis_cache(s, SPACE(tuple->Flags), ofs, 5, link);
500                 if (ret)
501                         return -1;
502                 if ((link[0] == CISTPL_LINKTARGET) && (link[1] >= 3) &&
503                         (strncmp(link+2, "CIS", 3) == 0))
504                         return ofs;
505                 remove_cis_cache(s, SPACE(tuple->Flags), ofs, 5);
506                 /* Then, we try the wrong spot... */
507                 ofs = ofs >> 1;
508         }
509         ret = read_cis_cache(s, SPACE(tuple->Flags), ofs, 5, link);
510         if (ret)
511                 return -1;
512         if ((link[0] == CISTPL_LINKTARGET) && (link[1] >= 3) &&
513                 (strncmp(link+2, "CIS", 3) == 0))
514                 return ofs;
515         remove_cis_cache(s, SPACE(tuple->Flags), ofs, 5);
516         return -1;
517 }
518
519 int pccard_get_next_tuple(struct pcmcia_socket *s, unsigned int function,
520                         tuple_t *tuple)
521 {
522         u_char link[2], tmp;
523         int ofs, i, attr;
524         int ret;
525
526         if (!s)
527                 return -EINVAL;
528         if (!(s->state & SOCKET_PRESENT) || (s->state & SOCKET_CARDBUS))
529                 return -ENODEV;
530
531         link[1] = tuple->TupleLink;
532         ofs = tuple->CISOffset + tuple->TupleLink;
533         attr = SPACE(tuple->Flags);
534
535         for (i = 0; i < MAX_TUPLES; i++) {
536                 if (link[1] == 0xff)
537                         link[0] = CISTPL_END;
538                 else {
539                         ret = read_cis_cache(s, attr, ofs, 2, link);
540                         if (ret)
541                                 return -1;
542                         if (link[0] == CISTPL_NULL) {
543                                 ofs++;
544                                 continue;
545                         }
546                 }
547
548                 /* End of chain?  Follow long link if possible */
549                 if (link[0] == CISTPL_END) {
550                         ofs = follow_link(s, tuple);
551                         if (ofs < 0)
552                                 return -ENOSPC;
553                         attr = SPACE(tuple->Flags);
554                         ret = read_cis_cache(s, attr, ofs, 2, link);
555                         if (ret)
556                                 return -1;
557                 }
558
559                 /* Is this a link tuple?  Make a note of it */
560                 if ((link[0] == CISTPL_LONGLINK_A) ||
561                         (link[0] == CISTPL_LONGLINK_C) ||
562                         (link[0] == CISTPL_LONGLINK_MFC) ||
563                         (link[0] == CISTPL_LINKTARGET) ||
564                         (link[0] == CISTPL_INDIRECT) ||
565                         (link[0] == CISTPL_NO_LINK)) {
566                         switch (link[0]) {
567                         case CISTPL_LONGLINK_A:
568                                 HAS_LINK(tuple->Flags) = 1;
569                                 LINK_SPACE(tuple->Flags) = attr | IS_ATTR;
570                                 ret = read_cis_cache(s, attr, ofs+2, 4,
571                                                 &tuple->LinkOffset);
572                                 if (ret)
573                                         return -1;
574                                 break;
575                         case CISTPL_LONGLINK_C:
576                                 HAS_LINK(tuple->Flags) = 1;
577                                 LINK_SPACE(tuple->Flags) = attr & ~IS_ATTR;
578                                 ret = read_cis_cache(s, attr, ofs+2, 4,
579                                                 &tuple->LinkOffset);
580                                 if (ret)
581                                         return -1;
582                                 break;
583                         case CISTPL_INDIRECT:
584                                 HAS_LINK(tuple->Flags) = 1;
585                                 LINK_SPACE(tuple->Flags) = IS_ATTR |
586                                         IS_INDIRECT;
587                                 tuple->LinkOffset = 0;
588                                 break;
589                         case CISTPL_LONGLINK_MFC:
590                                 tuple->LinkOffset = ofs + 3;
591                                 LINK_SPACE(tuple->Flags) = attr;
592                                 if (function == BIND_FN_ALL) {
593                                         /* Follow all the MFC links */
594                                         ret = read_cis_cache(s, attr, ofs+2,
595                                                         1, &tmp);
596                                         if (ret)
597                                                 return -1;
598                                         MFC_FN(tuple->Flags) = tmp;
599                                 } else {
600                                         /* Follow exactly one of the links */
601                                         MFC_FN(tuple->Flags) = 1;
602                                         tuple->LinkOffset += function * 5;
603                                 }
604                                 break;
605                         case CISTPL_NO_LINK:
606                                 HAS_LINK(tuple->Flags) = 0;
607                                 break;
608                         }
609                         if ((tuple->Attributes & TUPLE_RETURN_LINK) &&
610                                 (tuple->DesiredTuple == RETURN_FIRST_TUPLE))
611                                 break;
612                 } else
613                         if (tuple->DesiredTuple == RETURN_FIRST_TUPLE)
614                                 break;
615
616                 if (link[0] == tuple->DesiredTuple)
617                         break;
618                 ofs += link[1] + 2;
619         }
620         if (i == MAX_TUPLES) {
621                 dev_dbg(&s->dev, "cs: overrun in pcmcia_get_next_tuple\n");
622                 return -ENOSPC;
623         }
624
625         tuple->TupleCode = link[0];
626         tuple->TupleLink = link[1];
627         tuple->CISOffset = ofs + 2;
628         return 0;
629 }
630
631 int pccard_get_tuple_data(struct pcmcia_socket *s, tuple_t *tuple)
632 {
633         u_int len;
634         int ret;
635
636         if (!s)
637                 return -EINVAL;
638
639         if (tuple->TupleLink < tuple->TupleOffset)
640                 return -ENOSPC;
641         len = tuple->TupleLink - tuple->TupleOffset;
642         tuple->TupleDataLen = tuple->TupleLink;
643         if (len == 0)
644                 return 0;
645         ret = read_cis_cache(s, SPACE(tuple->Flags),
646                         tuple->CISOffset + tuple->TupleOffset,
647                         min(len, (u_int) tuple->TupleDataMax),
648                         tuple->TupleData);
649         if (ret)
650                 return -1;
651         return 0;
652 }
653
654
655 /* Parsing routines for individual tuples */
656
657 static int parse_device(tuple_t *tuple, cistpl_device_t *device)
658 {
659         int i;
660         u_char scale;
661         u_char *p, *q;
662
663         p = (u_char *)tuple->TupleData;
664         q = p + tuple->TupleDataLen;
665
666         device->ndev = 0;
667         for (i = 0; i < CISTPL_MAX_DEVICES; i++) {
668
669                 if (*p == 0xff)
670                         break;
671                 device->dev[i].type = (*p >> 4);
672                 device->dev[i].wp = (*p & 0x08) ? 1 : 0;
673                 switch (*p & 0x07) {
674                 case 0:
675                         device->dev[i].speed = 0;
676                         break;
677                 case 1:
678                         device->dev[i].speed = 250;
679                         break;
680                 case 2:
681                         device->dev[i].speed = 200;
682                         break;
683                 case 3:
684                         device->dev[i].speed = 150;
685                         break;
686                 case 4:
687                         device->dev[i].speed = 100;
688                         break;
689                 case 7:
690                         if (++p == q)
691                                 return -EINVAL;
692                         device->dev[i].speed = SPEED_CVT(*p);
693                         while (*p & 0x80)
694                                 if (++p == q)
695                                         return -EINVAL;
696                         break;
697                 default:
698                         return -EINVAL;
699                 }
700
701                 if (++p == q)
702                         return -EINVAL;
703                 if (*p == 0xff)
704                         break;
705                 scale = *p & 7;
706                 if (scale == 7)
707                         return -EINVAL;
708                 device->dev[i].size = ((*p >> 3) + 1) * (512 << (scale*2));
709                 device->ndev++;
710                 if (++p == q)
711                         break;
712         }
713
714         return 0;
715 }
716
717
718 static int parse_checksum(tuple_t *tuple, cistpl_checksum_t *csum)
719 {
720         u_char *p;
721         if (tuple->TupleDataLen < 5)
722                 return -EINVAL;
723         p = (u_char *) tuple->TupleData;
724         csum->addr = tuple->CISOffset + get_unaligned_le16(p) - 2;
725         csum->len = get_unaligned_le16(p + 2);
726         csum->sum = *(p + 4);
727         return 0;
728 }
729
730
731 static int parse_longlink(tuple_t *tuple, cistpl_longlink_t *link)
732 {
733         if (tuple->TupleDataLen < 4)
734                 return -EINVAL;
735         link->addr = get_unaligned_le32(tuple->TupleData);
736         return 0;
737 }
738
739
740 static int parse_longlink_mfc(tuple_t *tuple, cistpl_longlink_mfc_t *link)
741 {
742         u_char *p;
743         int i;
744
745         p = (u_char *)tuple->TupleData;
746
747         link->nfn = *p; p++;
748         if (tuple->TupleDataLen <= link->nfn*5)
749                 return -EINVAL;
750         for (i = 0; i < link->nfn; i++) {
751                 link->fn[i].space = *p; p++;
752                 link->fn[i].addr = get_unaligned_le32(p);
753                 p += 4;
754         }
755         return 0;
756 }
757
758
759 static int parse_strings(u_char *p, u_char *q, int max,
760                          char *s, u_char *ofs, u_char *found)
761 {
762         int i, j, ns;
763
764         if (p == q)
765                 return -EINVAL;
766         ns = 0; j = 0;
767         for (i = 0; i < max; i++) {
768                 if (*p == 0xff)
769                         break;
770                 ofs[i] = j;
771                 ns++;
772                 for (;;) {
773                         s[j++] = (*p == 0xff) ? '\0' : *p;
774                         if ((*p == '\0') || (*p == 0xff))
775                                 break;
776                         if (++p == q)
777                                 return -EINVAL;
778                 }
779                 if ((*p == 0xff) || (++p == q))
780                         break;
781         }
782         if (found) {
783                 *found = ns;
784                 return 0;
785         }
786
787         return (ns == max) ? 0 : -EINVAL;
788 }
789
790
791 static int parse_vers_1(tuple_t *tuple, cistpl_vers_1_t *vers_1)
792 {
793         u_char *p, *q;
794
795         p = (u_char *)tuple->TupleData;
796         q = p + tuple->TupleDataLen;
797
798         vers_1->major = *p; p++;
799         vers_1->minor = *p; p++;
800         if (p >= q)
801                 return -EINVAL;
802
803         return parse_strings(p, q, CISTPL_VERS_1_MAX_PROD_STRINGS,
804                         vers_1->str, vers_1->ofs, &vers_1->ns);
805 }
806
807
808 static int parse_altstr(tuple_t *tuple, cistpl_altstr_t *altstr)
809 {
810         u_char *p, *q;
811
812         p = (u_char *)tuple->TupleData;
813         q = p + tuple->TupleDataLen;
814
815         return parse_strings(p, q, CISTPL_MAX_ALTSTR_STRINGS,
816                         altstr->str, altstr->ofs, &altstr->ns);
817 }
818
819
820 static int parse_jedec(tuple_t *tuple, cistpl_jedec_t *jedec)
821 {
822         u_char *p, *q;
823         int nid;
824
825         p = (u_char *)tuple->TupleData;
826         q = p + tuple->TupleDataLen;
827
828         for (nid = 0; nid < CISTPL_MAX_DEVICES; nid++) {
829                 if (p > q-2)
830                         break;
831                 jedec->id[nid].mfr = p[0];
832                 jedec->id[nid].info = p[1];
833                 p += 2;
834         }
835         jedec->nid = nid;
836         return 0;
837 }
838
839
840 static int parse_manfid(tuple_t *tuple, cistpl_manfid_t *m)
841 {
842         if (tuple->TupleDataLen < 4)
843                 return -EINVAL;
844         m->manf = get_unaligned_le16(tuple->TupleData);
845         m->card = get_unaligned_le16(tuple->TupleData + 2);
846         return 0;
847 }
848
849
850 static int parse_funcid(tuple_t *tuple, cistpl_funcid_t *f)
851 {
852         u_char *p;
853         if (tuple->TupleDataLen < 2)
854                 return -EINVAL;
855         p = (u_char *)tuple->TupleData;
856         f->func = p[0];
857         f->sysinit = p[1];
858         return 0;
859 }
860
861
862 static int parse_funce(tuple_t *tuple, cistpl_funce_t *f)
863 {
864         u_char *p;
865         int i;
866         if (tuple->TupleDataLen < 1)
867                 return -EINVAL;
868         p = (u_char *)tuple->TupleData;
869         f->type = p[0];
870         for (i = 1; i < tuple->TupleDataLen; i++)
871                 f->data[i-1] = p[i];
872         return 0;
873 }
874
875
876 static int parse_config(tuple_t *tuple, cistpl_config_t *config)
877 {
878         int rasz, rmsz, i;
879         u_char *p;
880
881         p = (u_char *)tuple->TupleData;
882         rasz = *p & 0x03;
883         rmsz = (*p & 0x3c) >> 2;
884         if (tuple->TupleDataLen < rasz+rmsz+4)
885                 return -EINVAL;
886         config->last_idx = *(++p);
887         p++;
888         config->base = 0;
889         for (i = 0; i <= rasz; i++)
890                 config->base += p[i] << (8*i);
891         p += rasz+1;
892         for (i = 0; i < 4; i++)
893                 config->rmask[i] = 0;
894         for (i = 0; i <= rmsz; i++)
895                 config->rmask[i>>2] += p[i] << (8*(i%4));
896         config->subtuples = tuple->TupleDataLen - (rasz+rmsz+4);
897         return 0;
898 }
899
900 /* The following routines are all used to parse the nightmarish
901  * config table entries.
902  */
903
904 static u_char *parse_power(u_char *p, u_char *q, cistpl_power_t *pwr)
905 {
906         int i;
907         u_int scale;
908
909         if (p == q)
910                 return NULL;
911         pwr->present = *p;
912         pwr->flags = 0;
913         p++;
914         for (i = 0; i < 7; i++)
915                 if (pwr->present & (1<<i)) {
916                         if (p == q)
917                                 return NULL;
918                         pwr->param[i] = POWER_CVT(*p);
919                         scale = POWER_SCALE(*p);
920                         while (*p & 0x80) {
921                                 if (++p == q)
922                                         return NULL;
923                                 if ((*p & 0x7f) < 100)
924                                         pwr->param[i] +=
925                                                 (*p & 0x7f) * scale / 100;
926                                 else if (*p == 0x7d)
927                                         pwr->flags |= CISTPL_POWER_HIGHZ_OK;
928                                 else if (*p == 0x7e)
929                                         pwr->param[i] = 0;
930                                 else if (*p == 0x7f)
931                                         pwr->flags |= CISTPL_POWER_HIGHZ_REQ;
932                                 else
933                                         return NULL;
934                         }
935                         p++;
936                 }
937         return p;
938 }
939
940
941 static u_char *parse_timing(u_char *p, u_char *q, cistpl_timing_t *timing)
942 {
943         u_char scale;
944
945         if (p == q)
946                 return NULL;
947         scale = *p;
948         if ((scale & 3) != 3) {
949                 if (++p == q)
950                         return NULL;
951                 timing->wait = SPEED_CVT(*p);
952                 timing->waitscale = exponent[scale & 3];
953         } else
954                 timing->wait = 0;
955         scale >>= 2;
956         if ((scale & 7) != 7) {
957                 if (++p == q)
958                         return NULL;
959                 timing->ready = SPEED_CVT(*p);
960                 timing->rdyscale = exponent[scale & 7];
961         } else
962                 timing->ready = 0;
963         scale >>= 3;
964         if (scale != 7) {
965                 if (++p == q)
966                         return NULL;
967                 timing->reserved = SPEED_CVT(*p);
968                 timing->rsvscale = exponent[scale];
969         } else
970                 timing->reserved = 0;
971         p++;
972         return p;
973 }
974
975
976 static u_char *parse_io(u_char *p, u_char *q, cistpl_io_t *io)
977 {
978         int i, j, bsz, lsz;
979
980         if (p == q)
981                 return NULL;
982         io->flags = *p;
983
984         if (!(*p & 0x80)) {
985                 io->nwin = 1;
986                 io->win[0].base = 0;
987                 io->win[0].len = (1 << (io->flags & CISTPL_IO_LINES_MASK));
988                 return p+1;
989         }
990
991         if (++p == q)
992                 return NULL;
993         io->nwin = (*p & 0x0f) + 1;
994         bsz = (*p & 0x30) >> 4;
995         if (bsz == 3)
996                 bsz++;
997         lsz = (*p & 0xc0) >> 6;
998         if (lsz == 3)
999                 lsz++;
1000         p++;
1001
1002         for (i = 0; i < io->nwin; i++) {
1003                 io->win[i].base = 0;
1004                 io->win[i].len = 1;
1005                 for (j = 0; j < bsz; j++, p++) {
1006                         if (p == q)
1007                                 return NULL;
1008                         io->win[i].base += *p << (j*8);
1009                 }
1010                 for (j = 0; j < lsz; j++, p++) {
1011                         if (p == q)
1012                                 return NULL;
1013                         io->win[i].len += *p << (j*8);
1014                 }
1015         }
1016         return p;
1017 }
1018
1019
1020 static u_char *parse_mem(u_char *p, u_char *q, cistpl_mem_t *mem)
1021 {
1022         int i, j, asz, lsz, has_ha;
1023         u_int len, ca, ha;
1024
1025         if (p == q)
1026                 return NULL;
1027
1028         mem->nwin = (*p & 0x07) + 1;
1029         lsz = (*p & 0x18) >> 3;
1030         asz = (*p & 0x60) >> 5;
1031         has_ha = (*p & 0x80);
1032         if (++p == q)
1033                 return NULL;
1034
1035         for (i = 0; i < mem->nwin; i++) {
1036                 len = ca = ha = 0;
1037                 for (j = 0; j < lsz; j++, p++) {
1038                         if (p == q)
1039                                 return NULL;
1040                         len += *p << (j*8);
1041                 }
1042                 for (j = 0; j < asz; j++, p++) {
1043                         if (p == q)
1044                                 return NULL;
1045                         ca += *p << (j*8);
1046                 }
1047                 if (has_ha)
1048                         for (j = 0; j < asz; j++, p++) {
1049                                 if (p == q)
1050                                         return NULL;
1051                                 ha += *p << (j*8);
1052                         }
1053                 mem->win[i].len = len << 8;
1054                 mem->win[i].card_addr = ca << 8;
1055                 mem->win[i].host_addr = ha << 8;
1056         }
1057         return p;
1058 }
1059
1060
1061 static u_char *parse_irq(u_char *p, u_char *q, cistpl_irq_t *irq)
1062 {
1063         if (p == q)
1064                 return NULL;
1065         irq->IRQInfo1 = *p; p++;
1066         if (irq->IRQInfo1 & IRQ_INFO2_VALID) {
1067                 if (p+2 > q)
1068                         return NULL;
1069                 irq->IRQInfo2 = (p[1]<<8) + p[0];
1070                 p += 2;
1071         }
1072         return p;
1073 }
1074
1075
1076 static int parse_cftable_entry(tuple_t *tuple,
1077                                cistpl_cftable_entry_t *entry)
1078 {
1079         u_char *p, *q, features;
1080
1081         p = tuple->TupleData;
1082         q = p + tuple->TupleDataLen;
1083         entry->index = *p & 0x3f;
1084         entry->flags = 0;
1085         if (*p & 0x40)
1086                 entry->flags |= CISTPL_CFTABLE_DEFAULT;
1087         if (*p & 0x80) {
1088                 if (++p == q)
1089                         return -EINVAL;
1090                 if (*p & 0x10)
1091                         entry->flags |= CISTPL_CFTABLE_BVDS;
1092                 if (*p & 0x20)
1093                         entry->flags |= CISTPL_CFTABLE_WP;
1094                 if (*p & 0x40)
1095                         entry->flags |= CISTPL_CFTABLE_RDYBSY;
1096                 if (*p & 0x80)
1097                         entry->flags |= CISTPL_CFTABLE_MWAIT;
1098                 entry->interface = *p & 0x0f;
1099         } else
1100                 entry->interface = 0;
1101
1102         /* Process optional features */
1103         if (++p == q)
1104                 return -EINVAL;
1105         features = *p; p++;
1106
1107         /* Power options */
1108         if ((features & 3) > 0) {
1109                 p = parse_power(p, q, &entry->vcc);
1110                 if (p == NULL)
1111                         return -EINVAL;
1112         } else
1113                 entry->vcc.present = 0;
1114         if ((features & 3) > 1) {
1115                 p = parse_power(p, q, &entry->vpp1);
1116                 if (p == NULL)
1117                         return -EINVAL;
1118         } else
1119                 entry->vpp1.present = 0;
1120         if ((features & 3) > 2) {
1121                 p = parse_power(p, q, &entry->vpp2);
1122                 if (p == NULL)
1123                         return -EINVAL;
1124         } else
1125                 entry->vpp2.present = 0;
1126
1127         /* Timing options */
1128         if (features & 0x04) {
1129                 p = parse_timing(p, q, &entry->timing);
1130                 if (p == NULL)
1131                         return -EINVAL;
1132         } else {
1133                 entry->timing.wait = 0;
1134                 entry->timing.ready = 0;
1135                 entry->timing.reserved = 0;
1136         }
1137
1138         /* I/O window options */
1139         if (features & 0x08) {
1140                 p = parse_io(p, q, &entry->io);
1141                 if (p == NULL)
1142                         return -EINVAL;
1143         } else
1144                 entry->io.nwin = 0;
1145
1146         /* Interrupt options */
1147         if (features & 0x10) {
1148                 p = parse_irq(p, q, &entry->irq);
1149                 if (p == NULL)
1150                         return -EINVAL;
1151         } else
1152                 entry->irq.IRQInfo1 = 0;
1153
1154         switch (features & 0x60) {
1155         case 0x00:
1156                 entry->mem.nwin = 0;
1157                 break;
1158         case 0x20:
1159                 entry->mem.nwin = 1;
1160                 entry->mem.win[0].len = get_unaligned_le16(p) << 8;
1161                 entry->mem.win[0].card_addr = 0;
1162                 entry->mem.win[0].host_addr = 0;
1163                 p += 2;
1164                 if (p > q)
1165                         return -EINVAL;
1166                 break;
1167         case 0x40:
1168                 entry->mem.nwin = 1;
1169                 entry->mem.win[0].len = get_unaligned_le16(p) << 8;
1170                 entry->mem.win[0].card_addr = get_unaligned_le16(p + 2) << 8;
1171                 entry->mem.win[0].host_addr = 0;
1172                 p += 4;
1173                 if (p > q)
1174                         return -EINVAL;
1175                 break;
1176         case 0x60:
1177                 p = parse_mem(p, q, &entry->mem);
1178                 if (p == NULL)
1179                         return -EINVAL;
1180                 break;
1181         }
1182
1183         /* Misc features */
1184         if (features & 0x80) {
1185                 if (p == q)
1186                         return -EINVAL;
1187                 entry->flags |= (*p << 8);
1188                 while (*p & 0x80)
1189                         if (++p == q)
1190                                 return -EINVAL;
1191                 p++;
1192         }
1193
1194         entry->subtuples = q-p;
1195
1196         return 0;
1197 }
1198
1199
1200 static int parse_device_geo(tuple_t *tuple, cistpl_device_geo_t *geo)
1201 {
1202         u_char *p, *q;
1203         int n;
1204
1205         p = (u_char *)tuple->TupleData;
1206         q = p + tuple->TupleDataLen;
1207
1208         for (n = 0; n < CISTPL_MAX_DEVICES; n++) {
1209                 if (p > q-6)
1210                         break;
1211                 geo->geo[n].buswidth = p[0];
1212                 geo->geo[n].erase_block = 1 << (p[1]-1);
1213                 geo->geo[n].read_block  = 1 << (p[2]-1);
1214                 geo->geo[n].write_block = 1 << (p[3]-1);
1215                 geo->geo[n].partition   = 1 << (p[4]-1);
1216                 geo->geo[n].interleave  = 1 << (p[5]-1);
1217                 p += 6;
1218         }
1219         geo->ngeo = n;
1220         return 0;
1221 }
1222
1223
1224 static int parse_vers_2(tuple_t *tuple, cistpl_vers_2_t *v2)
1225 {
1226         u_char *p, *q;
1227
1228         if (tuple->TupleDataLen < 10)
1229                 return -EINVAL;
1230
1231         p = tuple->TupleData;
1232         q = p + tuple->TupleDataLen;
1233
1234         v2->vers = p[0];
1235         v2->comply = p[1];
1236         v2->dindex = get_unaligned_le16(p + 2);
1237         v2->vspec8 = p[6];
1238         v2->vspec9 = p[7];
1239         v2->nhdr = p[8];
1240         p += 9;
1241         return parse_strings(p, q, 2, v2->str, &v2->vendor, NULL);
1242 }
1243
1244
1245 static int parse_org(tuple_t *tuple, cistpl_org_t *org)
1246 {
1247         u_char *p, *q;
1248         int i;
1249
1250         p = tuple->TupleData;
1251         q = p + tuple->TupleDataLen;
1252         if (p == q)
1253                 return -EINVAL;
1254         org->data_org = *p;
1255         if (++p == q)
1256                 return -EINVAL;
1257         for (i = 0; i < 30; i++) {
1258                 org->desc[i] = *p;
1259                 if (*p == '\0')
1260                         break;
1261                 if (++p == q)
1262                         return -EINVAL;
1263         }
1264         return 0;
1265 }
1266
1267
1268 static int parse_format(tuple_t *tuple, cistpl_format_t *fmt)
1269 {
1270         u_char *p;
1271
1272         if (tuple->TupleDataLen < 10)
1273                 return -EINVAL;
1274
1275         p = tuple->TupleData;
1276
1277         fmt->type = p[0];
1278         fmt->edc = p[1];
1279         fmt->offset = get_unaligned_le32(p + 2);
1280         fmt->length = get_unaligned_le32(p + 6);
1281
1282         return 0;
1283 }
1284
1285
1286 int pcmcia_parse_tuple(tuple_t *tuple, cisparse_t *parse)
1287 {
1288         int ret = 0;
1289
1290         if (tuple->TupleDataLen > tuple->TupleDataMax)
1291                 return -EINVAL;
1292         switch (tuple->TupleCode) {
1293         case CISTPL_DEVICE:
1294         case CISTPL_DEVICE_A:
1295                 ret = parse_device(tuple, &parse->device);
1296                 break;
1297         case CISTPL_CHECKSUM:
1298                 ret = parse_checksum(tuple, &parse->checksum);
1299                 break;
1300         case CISTPL_LONGLINK_A:
1301         case CISTPL_LONGLINK_C:
1302                 ret = parse_longlink(tuple, &parse->longlink);
1303                 break;
1304         case CISTPL_LONGLINK_MFC:
1305                 ret = parse_longlink_mfc(tuple, &parse->longlink_mfc);
1306                 break;
1307         case CISTPL_VERS_1:
1308                 ret = parse_vers_1(tuple, &parse->version_1);
1309                 break;
1310         case CISTPL_ALTSTR:
1311                 ret = parse_altstr(tuple, &parse->altstr);
1312                 break;
1313         case CISTPL_JEDEC_A:
1314         case CISTPL_JEDEC_C:
1315                 ret = parse_jedec(tuple, &parse->jedec);
1316                 break;
1317         case CISTPL_MANFID:
1318                 ret = parse_manfid(tuple, &parse->manfid);
1319                 break;
1320         case CISTPL_FUNCID:
1321                 ret = parse_funcid(tuple, &parse->funcid);
1322                 break;
1323         case CISTPL_FUNCE:
1324                 ret = parse_funce(tuple, &parse->funce);
1325                 break;
1326         case CISTPL_CONFIG:
1327                 ret = parse_config(tuple, &parse->config);
1328                 break;
1329         case CISTPL_CFTABLE_ENTRY:
1330                 ret = parse_cftable_entry(tuple, &parse->cftable_entry);
1331                 break;
1332         case CISTPL_DEVICE_GEO:
1333         case CISTPL_DEVICE_GEO_A:
1334                 ret = parse_device_geo(tuple, &parse->device_geo);
1335                 break;
1336         case CISTPL_VERS_2:
1337                 ret = parse_vers_2(tuple, &parse->vers_2);
1338                 break;
1339         case CISTPL_ORG:
1340                 ret = parse_org(tuple, &parse->org);
1341                 break;
1342         case CISTPL_FORMAT:
1343         case CISTPL_FORMAT_A:
1344                 ret = parse_format(tuple, &parse->format);
1345                 break;
1346         case CISTPL_NO_LINK:
1347         case CISTPL_LINKTARGET:
1348                 ret = 0;
1349                 break;
1350         default:
1351                 ret = -EINVAL;
1352                 break;
1353         }
1354         if (ret)
1355                 pr_debug("parse_tuple failed %d\n", ret);
1356         return ret;
1357 }
1358 EXPORT_SYMBOL(pcmcia_parse_tuple);
1359
1360
1361 /**
1362  * pccard_validate_cis() - check whether card has a sensible CIS
1363  * @s:          the struct pcmcia_socket we are to check
1364  * @info:       returns the number of tuples in the (valid) CIS, or 0
1365  *
1366  * This tries to determine if a card has a sensible CIS.  In @info, it
1367  * returns the number of tuples in the CIS, or 0 if the CIS looks bad. The
1368  * checks include making sure several critical tuples are present and
1369  * valid; seeing if the total number of tuples is reasonable; and
1370  * looking for tuples that use reserved codes.
1371  *
1372  * The function returns 0 on success.
1373  */
1374 int pccard_validate_cis(struct pcmcia_socket *s, unsigned int *info)
1375 {
1376         tuple_t *tuple;
1377         cisparse_t *p;
1378         unsigned int count = 0;
1379         int ret, reserved, dev_ok = 0, ident_ok = 0;
1380
1381         if (!s)
1382                 return -EINVAL;
1383
1384         if (s->functions) {
1385                 WARN_ON(1);
1386                 return -EINVAL;
1387         }
1388
1389         /* We do not want to validate the CIS cache... */
1390         mutex_lock(&s->ops_mutex);
1391         destroy_cis_cache(s);
1392         mutex_unlock(&s->ops_mutex);
1393
1394         tuple = kmalloc(sizeof(*tuple), GFP_KERNEL);
1395         if (tuple == NULL) {
1396                 dev_warn(&s->dev, "no memory to validate CIS\n");
1397                 return -ENOMEM;
1398         }
1399         p = kmalloc(sizeof(*p), GFP_KERNEL);
1400         if (p == NULL) {
1401                 kfree(tuple);
1402                 dev_warn(&s->dev, "no memory to validate CIS\n");
1403                 return -ENOMEM;
1404         }
1405
1406         count = reserved = 0;
1407         tuple->DesiredTuple = RETURN_FIRST_TUPLE;
1408         tuple->Attributes = TUPLE_RETURN_COMMON;
1409         ret = pccard_get_first_tuple(s, BIND_FN_ALL, tuple);
1410         if (ret != 0)
1411                 goto done;
1412
1413         /* First tuple should be DEVICE; we should really have either that
1414            or a CFTABLE_ENTRY of some sort */
1415         if ((tuple->TupleCode == CISTPL_DEVICE) ||
1416             (!pccard_read_tuple(s, BIND_FN_ALL, CISTPL_CFTABLE_ENTRY, p)) ||
1417             (!pccard_read_tuple(s, BIND_FN_ALL, CISTPL_CFTABLE_ENTRY_CB, p)))
1418                 dev_ok++;
1419
1420         /* All cards should have a MANFID tuple, and/or a VERS_1 or VERS_2
1421            tuple, for card identification.  Certain old D-Link and Linksys
1422            cards have only a broken VERS_2 tuple; hence the bogus test. */
1423         if ((pccard_read_tuple(s, BIND_FN_ALL, CISTPL_MANFID, p) == 0) ||
1424             (pccard_read_tuple(s, BIND_FN_ALL, CISTPL_VERS_1, p) == 0) ||
1425             (pccard_read_tuple(s, BIND_FN_ALL, CISTPL_VERS_2, p) != -ENOSPC))
1426                 ident_ok++;
1427
1428         if (!dev_ok && !ident_ok)
1429                 goto done;
1430
1431         for (count = 1; count < MAX_TUPLES; count++) {
1432                 ret = pccard_get_next_tuple(s, BIND_FN_ALL, tuple);
1433                 if (ret != 0)
1434                         break;
1435                 if (((tuple->TupleCode > 0x23) && (tuple->TupleCode < 0x40)) ||
1436                     ((tuple->TupleCode > 0x47) && (tuple->TupleCode < 0x80)) ||
1437                     ((tuple->TupleCode > 0x90) && (tuple->TupleCode < 0xff)))
1438                         reserved++;
1439         }
1440         if ((count == MAX_TUPLES) || (reserved > 5) ||
1441                 ((!dev_ok || !ident_ok) && (count > 10)))
1442                 count = 0;
1443
1444         ret = 0;
1445
1446 done:
1447         /* invalidate CIS cache on failure */
1448         if (!dev_ok || !ident_ok || !count) {
1449                 mutex_lock(&s->ops_mutex);
1450                 destroy_cis_cache(s);
1451                 mutex_unlock(&s->ops_mutex);
1452                 ret = -EIO;
1453         }
1454
1455         if (info)
1456                 *info = count;
1457         kfree(tuple);
1458         kfree(p);
1459         return ret;
1460 }
1461
1462
1463 #define to_socket(_dev) container_of(_dev, struct pcmcia_socket, dev)
1464
1465 static ssize_t pccard_extract_cis(struct pcmcia_socket *s, char *buf,
1466                                   loff_t off, size_t count)
1467 {
1468         tuple_t tuple;
1469         int status, i;
1470         loff_t pointer = 0;
1471         ssize_t ret = 0;
1472         u_char *tuplebuffer;
1473         u_char *tempbuffer;
1474
1475         tuplebuffer = kmalloc(sizeof(u_char) * 256, GFP_KERNEL);
1476         if (!tuplebuffer)
1477                 return -ENOMEM;
1478
1479         tempbuffer = kmalloc(sizeof(u_char) * 258, GFP_KERNEL);
1480         if (!tempbuffer) {
1481                 ret = -ENOMEM;
1482                 goto free_tuple;
1483         }
1484
1485         memset(&tuple, 0, sizeof(tuple_t));
1486
1487         tuple.Attributes = TUPLE_RETURN_LINK | TUPLE_RETURN_COMMON;
1488         tuple.DesiredTuple = RETURN_FIRST_TUPLE;
1489         tuple.TupleOffset = 0;
1490
1491         status = pccard_get_first_tuple(s, BIND_FN_ALL, &tuple);
1492         while (!status) {
1493                 tuple.TupleData = tuplebuffer;
1494                 tuple.TupleDataMax = 255;
1495                 memset(tuplebuffer, 0, sizeof(u_char) * 255);
1496
1497                 status = pccard_get_tuple_data(s, &tuple);
1498                 if (status)
1499                         break;
1500
1501                 if (off < (pointer + 2 + tuple.TupleDataLen)) {
1502                         tempbuffer[0] = tuple.TupleCode & 0xff;
1503                         tempbuffer[1] = tuple.TupleLink & 0xff;
1504                         for (i = 0; i < tuple.TupleDataLen; i++)
1505                                 tempbuffer[i + 2] = tuplebuffer[i] & 0xff;
1506
1507                         for (i = 0; i < (2 + tuple.TupleDataLen); i++) {
1508                                 if (((i + pointer) >= off) &&
1509                                     (i + pointer) < (off + count)) {
1510                                         buf[ret] = tempbuffer[i];
1511                                         ret++;
1512                                 }
1513                         }
1514                 }
1515
1516                 pointer += 2 + tuple.TupleDataLen;
1517
1518                 if (pointer >= (off + count))
1519                         break;
1520
1521                 if (tuple.TupleCode == CISTPL_END)
1522                         break;
1523                 status = pccard_get_next_tuple(s, BIND_FN_ALL, &tuple);
1524         }
1525
1526         kfree(tempbuffer);
1527  free_tuple:
1528         kfree(tuplebuffer);
1529
1530         return ret;
1531 }
1532
1533
1534 static ssize_t pccard_show_cis(struct kobject *kobj,
1535                                struct bin_attribute *bin_attr,
1536                                char *buf, loff_t off, size_t count)
1537 {
1538         unsigned int size = 0x200;
1539
1540         if (off >= size)
1541                 count = 0;
1542         else {
1543                 struct pcmcia_socket *s;
1544                 unsigned int chains = 1;
1545
1546                 if (off + count > size)
1547                         count = size - off;
1548
1549                 s = to_socket(container_of(kobj, struct device, kobj));
1550
1551                 if (!(s->state & SOCKET_PRESENT))
1552                         return -ENODEV;
1553                 if (!s->functions && pccard_validate_cis(s, &chains))
1554                         return -EIO;
1555                 if (!chains)
1556                         return -ENODATA;
1557
1558                 count = pccard_extract_cis(s, buf, off, count);
1559         }
1560
1561         return count;
1562 }
1563
1564
1565 static ssize_t pccard_store_cis(struct kobject *kobj,
1566                                 struct bin_attribute *bin_attr,
1567                                 char *buf, loff_t off, size_t count)
1568 {
1569         struct pcmcia_socket *s;
1570         int error;
1571
1572         s = to_socket(container_of(kobj, struct device, kobj));
1573
1574         if (off)
1575                 return -EINVAL;
1576
1577         if (count >= CISTPL_MAX_CIS_SIZE)
1578                 return -EINVAL;
1579
1580         if (!(s->state & SOCKET_PRESENT))
1581                 return -ENODEV;
1582
1583         error = pcmcia_replace_cis(s, buf, count);
1584         if (error)
1585                 return -EIO;
1586
1587         pcmcia_parse_uevents(s, PCMCIA_UEVENT_REQUERY);
1588
1589         return count;
1590 }
1591
1592
1593 struct bin_attribute pccard_cis_attr = {
1594         .attr = { .name = "cis", .mode = S_IRUGO | S_IWUSR },
1595         .size = 0x200,
1596         .read = pccard_show_cis,
1597         .write = pccard_store_cis,
1598 };