kmalloc/kzalloc changes:
[linux-2.6.git] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/devfs_fs_kernel.h>
45
46 #include "csr1212.h"
47 #include "ieee1394.h"
48 #include "ieee1394_types.h"
49 #include "ieee1394_core.h"
50 #include "nodemgr.h"
51 #include "hosts.h"
52 #include "highlevel.h"
53 #include "iso.h"
54 #include "ieee1394_transactions.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 static struct pending_request *__alloc_pending_request(gfp_t flags)
102 {
103         struct pending_request *req;
104
105         req = kzalloc(sizeof(*req), flags);
106         if (req)
107                 INIT_LIST_HEAD(&req->list);
108
109         return req;
110 }
111
112 static inline struct pending_request *alloc_pending_request(void)
113 {
114         return __alloc_pending_request(SLAB_KERNEL);
115 }
116
117 static void free_pending_request(struct pending_request *req)
118 {
119         if (req->ibs) {
120                 if (atomic_dec_and_test(&req->ibs->refcount)) {
121                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
122                         kfree(req->ibs);
123                 }
124         } else if (req->free_data) {
125                 kfree(req->data);
126         }
127         hpsb_free_packet(req->packet);
128         kfree(req);
129 }
130
131 /* fi->reqlists_lock must be taken */
132 static void __queue_complete_req(struct pending_request *req)
133 {
134         struct file_info *fi = req->file_info;
135         list_del(&req->list);
136         list_add_tail(&req->list, &fi->req_complete);
137
138         up(&fi->complete_sem);
139         wake_up_interruptible(&fi->poll_wait_complete);
140 }
141
142 static void queue_complete_req(struct pending_request *req)
143 {
144         unsigned long flags;
145         struct file_info *fi = req->file_info;
146
147         spin_lock_irqsave(&fi->reqlists_lock, flags);
148         __queue_complete_req(req);
149         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
150 }
151
152 static void queue_complete_cb(struct pending_request *req)
153 {
154         struct hpsb_packet *packet = req->packet;
155         int rcode = (packet->header[1] >> 12) & 0xf;
156
157         switch (packet->ack_code) {
158         case ACKX_NONE:
159         case ACKX_SEND_ERROR:
160                 req->req.error = RAW1394_ERROR_SEND_ERROR;
161                 break;
162         case ACKX_ABORTED:
163                 req->req.error = RAW1394_ERROR_ABORTED;
164                 break;
165         case ACKX_TIMEOUT:
166                 req->req.error = RAW1394_ERROR_TIMEOUT;
167                 break;
168         default:
169                 req->req.error = (packet->ack_code << 16) | rcode;
170                 break;
171         }
172
173         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
174                 req->req.length = 0;
175         }
176
177         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
178             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
179             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
180             (req->req.type == RAW1394_REQ_LOCK) ||
181             (req->req.type == RAW1394_REQ_LOCK64))
182                 hpsb_free_tlabel(packet);
183
184         queue_complete_req(req);
185 }
186
187 static void add_host(struct hpsb_host *host)
188 {
189         struct host_info *hi;
190         unsigned long flags;
191
192         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
193
194         if (hi) {
195                 INIT_LIST_HEAD(&hi->list);
196                 hi->host = host;
197                 INIT_LIST_HEAD(&hi->file_info_list);
198
199                 spin_lock_irqsave(&host_info_lock, flags);
200                 list_add_tail(&hi->list, &host_info_list);
201                 host_count++;
202                 spin_unlock_irqrestore(&host_info_lock, flags);
203         }
204
205         atomic_inc(&internal_generation);
206 }
207
208 static struct host_info *find_host_info(struct hpsb_host *host)
209 {
210         struct host_info *hi;
211
212         list_for_each_entry(hi, &host_info_list, list)
213             if (hi->host == host)
214                 return hi;
215
216         return NULL;
217 }
218
219 static void remove_host(struct hpsb_host *host)
220 {
221         struct host_info *hi;
222         unsigned long flags;
223
224         spin_lock_irqsave(&host_info_lock, flags);
225         hi = find_host_info(host);
226
227         if (hi != NULL) {
228                 list_del(&hi->list);
229                 host_count--;
230                 /*
231                    FIXME: address ranges should be removed
232                    and fileinfo states should be initialized
233                    (including setting generation to
234                    internal-generation ...)
235                  */
236         }
237         spin_unlock_irqrestore(&host_info_lock, flags);
238
239         if (hi == NULL) {
240                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
241                        "0x%p\n", host);
242                 return;
243         }
244
245         kfree(hi);
246
247         atomic_inc(&internal_generation);
248 }
249
250 static void host_reset(struct hpsb_host *host)
251 {
252         unsigned long flags;
253         struct host_info *hi;
254         struct file_info *fi;
255         struct pending_request *req;
256
257         spin_lock_irqsave(&host_info_lock, flags);
258         hi = find_host_info(host);
259
260         if (hi != NULL) {
261                 list_for_each_entry(fi, &hi->file_info_list, list) {
262                         if (fi->notification == RAW1394_NOTIFY_ON) {
263                                 req = __alloc_pending_request(SLAB_ATOMIC);
264
265                                 if (req != NULL) {
266                                         req->file_info = fi;
267                                         req->req.type = RAW1394_REQ_BUS_RESET;
268                                         req->req.generation =
269                                             get_hpsb_generation(host);
270                                         req->req.misc = (host->node_id << 16)
271                                             | host->node_count;
272                                         if (fi->protocol_version > 3) {
273                                                 req->req.misc |=
274                                                     (NODEID_TO_NODE
275                                                      (host->irm_id)
276                                                      << 8);
277                                         }
278
279                                         queue_complete_req(req);
280                                 }
281                         }
282                 }
283         }
284         spin_unlock_irqrestore(&host_info_lock, flags);
285 }
286
287 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
288                         size_t length)
289 {
290         unsigned long flags;
291         struct host_info *hi;
292         struct file_info *fi;
293         struct pending_request *req, *req_next;
294         struct iso_block_store *ibs = NULL;
295         LIST_HEAD(reqs);
296
297         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
298                 HPSB_INFO("dropped iso packet");
299                 return;
300         }
301
302         spin_lock_irqsave(&host_info_lock, flags);
303         hi = find_host_info(host);
304
305         if (hi != NULL) {
306                 list_for_each_entry(fi, &hi->file_info_list, list) {
307                         if (!(fi->listen_channels & (1ULL << channel)))
308                                 continue;
309
310                         req = __alloc_pending_request(SLAB_ATOMIC);
311                         if (!req)
312                                 break;
313
314                         if (!ibs) {
315                                 ibs = kmalloc(sizeof(*ibs) + length,
316                                               SLAB_ATOMIC);
317                                 if (!ibs) {
318                                         kfree(req);
319                                         break;
320                                 }
321
322                                 atomic_add(length, &iso_buffer_size);
323                                 atomic_set(&ibs->refcount, 0);
324                                 ibs->data_size = length;
325                                 memcpy(ibs->data, data, length);
326                         }
327
328                         atomic_inc(&ibs->refcount);
329
330                         req->file_info = fi;
331                         req->ibs = ibs;
332                         req->data = ibs->data;
333                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
334                         req->req.generation = get_hpsb_generation(host);
335                         req->req.misc = 0;
336                         req->req.recvb = ptr2int(fi->iso_buffer);
337                         req->req.length = min(length, fi->iso_buffer_length);
338
339                         list_add_tail(&req->list, &reqs);
340                 }
341         }
342         spin_unlock_irqrestore(&host_info_lock, flags);
343
344         list_for_each_entry_safe(req, req_next, &reqs, list)
345             queue_complete_req(req);
346 }
347
348 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
349                         int cts, u8 * data, size_t length)
350 {
351         unsigned long flags;
352         struct host_info *hi;
353         struct file_info *fi;
354         struct pending_request *req, *req_next;
355         struct iso_block_store *ibs = NULL;
356         LIST_HEAD(reqs);
357
358         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
359                 HPSB_INFO("dropped fcp request");
360                 return;
361         }
362
363         spin_lock_irqsave(&host_info_lock, flags);
364         hi = find_host_info(host);
365
366         if (hi != NULL) {
367                 list_for_each_entry(fi, &hi->file_info_list, list) {
368                         if (!fi->fcp_buffer)
369                                 continue;
370
371                         req = __alloc_pending_request(SLAB_ATOMIC);
372                         if (!req)
373                                 break;
374
375                         if (!ibs) {
376                                 ibs = kmalloc(sizeof(*ibs) + length,
377                                               SLAB_ATOMIC);
378                                 if (!ibs) {
379                                         kfree(req);
380                                         break;
381                                 }
382
383                                 atomic_add(length, &iso_buffer_size);
384                                 atomic_set(&ibs->refcount, 0);
385                                 ibs->data_size = length;
386                                 memcpy(ibs->data, data, length);
387                         }
388
389                         atomic_inc(&ibs->refcount);
390
391                         req->file_info = fi;
392                         req->ibs = ibs;
393                         req->data = ibs->data;
394                         req->req.type = RAW1394_REQ_FCP_REQUEST;
395                         req->req.generation = get_hpsb_generation(host);
396                         req->req.misc = nodeid | (direction << 16);
397                         req->req.recvb = ptr2int(fi->fcp_buffer);
398                         req->req.length = length;
399
400                         list_add_tail(&req->list, &reqs);
401                 }
402         }
403         spin_unlock_irqrestore(&host_info_lock, flags);
404
405         list_for_each_entry_safe(req, req_next, &reqs, list)
406             queue_complete_req(req);
407 }
408
409 static ssize_t raw1394_read(struct file *file, char __user * buffer,
410                             size_t count, loff_t * offset_is_ignored)
411 {
412         unsigned long flags;
413         struct file_info *fi = (struct file_info *)file->private_data;
414         struct list_head *lh;
415         struct pending_request *req;
416         ssize_t ret;
417
418         if (count != sizeof(struct raw1394_request)) {
419                 return -EINVAL;
420         }
421
422         if (!access_ok(VERIFY_WRITE, buffer, count)) {
423                 return -EFAULT;
424         }
425
426         if (file->f_flags & O_NONBLOCK) {
427                 if (down_trylock(&fi->complete_sem)) {
428                         return -EAGAIN;
429                 }
430         } else {
431                 if (down_interruptible(&fi->complete_sem)) {
432                         return -ERESTARTSYS;
433                 }
434         }
435
436         spin_lock_irqsave(&fi->reqlists_lock, flags);
437         lh = fi->req_complete.next;
438         list_del(lh);
439         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
440
441         req = list_entry(lh, struct pending_request, list);
442
443         if (req->req.length) {
444                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
445                                  req->req.length)) {
446                         req->req.error = RAW1394_ERROR_MEMFAULT;
447                 }
448         }
449         if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
450                 ret = -EFAULT;
451                 goto out;
452         }
453
454         ret = (ssize_t) sizeof(struct raw1394_request);
455       out:
456         free_pending_request(req);
457         return ret;
458 }
459
460 static int state_opened(struct file_info *fi, struct pending_request *req)
461 {
462         if (req->req.type == RAW1394_REQ_INITIALIZE) {
463                 switch (req->req.misc) {
464                 case RAW1394_KERNELAPI_VERSION:
465                 case 3:
466                         fi->state = initialized;
467                         fi->protocol_version = req->req.misc;
468                         req->req.error = RAW1394_ERROR_NONE;
469                         req->req.generation = atomic_read(&internal_generation);
470                         break;
471
472                 default:
473                         req->req.error = RAW1394_ERROR_COMPAT;
474                         req->req.misc = RAW1394_KERNELAPI_VERSION;
475                 }
476         } else {
477                 req->req.error = RAW1394_ERROR_STATE_ORDER;
478         }
479
480         req->req.length = 0;
481         queue_complete_req(req);
482         return sizeof(struct raw1394_request);
483 }
484
485 static int state_initialized(struct file_info *fi, struct pending_request *req)
486 {
487         unsigned long flags;
488         struct host_info *hi;
489         struct raw1394_khost_list *khl;
490
491         if (req->req.generation != atomic_read(&internal_generation)) {
492                 req->req.error = RAW1394_ERROR_GENERATION;
493                 req->req.generation = atomic_read(&internal_generation);
494                 req->req.length = 0;
495                 queue_complete_req(req);
496                 return sizeof(struct raw1394_request);
497         }
498
499         switch (req->req.type) {
500         case RAW1394_REQ_LIST_CARDS:
501                 spin_lock_irqsave(&host_info_lock, flags);
502                 khl = kmalloc(sizeof(*khl) * host_count, SLAB_ATOMIC);
503
504                 if (khl) {
505                         req->req.misc = host_count;
506                         req->data = (quadlet_t *) khl;
507
508                         list_for_each_entry(hi, &host_info_list, list) {
509                                 khl->nodes = hi->host->node_count;
510                                 strcpy(khl->name, hi->host->driver->name);
511                                 khl++;
512                         }
513                 }
514                 spin_unlock_irqrestore(&host_info_lock, flags);
515
516                 if (khl) {
517                         req->req.error = RAW1394_ERROR_NONE;
518                         req->req.length = min(req->req.length,
519                                               (u32) (sizeof
520                                                      (struct raw1394_khost_list)
521                                                      * req->req.misc));
522                         req->free_data = 1;
523                 } else {
524                         return -ENOMEM;
525                 }
526                 break;
527
528         case RAW1394_REQ_SET_CARD:
529                 spin_lock_irqsave(&host_info_lock, flags);
530                 if (req->req.misc < host_count) {
531                         list_for_each_entry(hi, &host_info_list, list) {
532                                 if (!req->req.misc--)
533                                         break;
534                         }
535                         get_device(&hi->host->device);  // XXX Need to handle failure case
536                         list_add_tail(&fi->list, &hi->file_info_list);
537                         fi->host = hi->host;
538                         fi->state = connected;
539
540                         req->req.error = RAW1394_ERROR_NONE;
541                         req->req.generation = get_hpsb_generation(fi->host);
542                         req->req.misc = (fi->host->node_id << 16)
543                             | fi->host->node_count;
544                         if (fi->protocol_version > 3) {
545                                 req->req.misc |=
546                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
547                         }
548                 } else {
549                         req->req.error = RAW1394_ERROR_INVALID_ARG;
550                 }
551                 spin_unlock_irqrestore(&host_info_lock, flags);
552
553                 req->req.length = 0;
554                 break;
555
556         default:
557                 req->req.error = RAW1394_ERROR_STATE_ORDER;
558                 req->req.length = 0;
559                 break;
560         }
561
562         queue_complete_req(req);
563         return sizeof(struct raw1394_request);
564 }
565
566 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
567 {
568         int channel = req->req.misc;
569
570         if ((channel > 63) || (channel < -64)) {
571                 req->req.error = RAW1394_ERROR_INVALID_ARG;
572         } else if (channel >= 0) {
573                 /* allocate channel req.misc */
574                 if (fi->listen_channels & (1ULL << channel)) {
575                         req->req.error = RAW1394_ERROR_ALREADY;
576                 } else {
577                         if (hpsb_listen_channel
578                             (&raw1394_highlevel, fi->host, channel)) {
579                                 req->req.error = RAW1394_ERROR_ALREADY;
580                         } else {
581                                 fi->listen_channels |= 1ULL << channel;
582                                 fi->iso_buffer = int2ptr(req->req.recvb);
583                                 fi->iso_buffer_length = req->req.length;
584                         }
585                 }
586         } else {
587                 /* deallocate channel (one's complement neg) req.misc */
588                 channel = ~channel;
589
590                 if (fi->listen_channels & (1ULL << channel)) {
591                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
592                                               channel);
593                         fi->listen_channels &= ~(1ULL << channel);
594                 } else {
595                         req->req.error = RAW1394_ERROR_INVALID_ARG;
596                 }
597         }
598
599         req->req.length = 0;
600         queue_complete_req(req);
601 }
602
603 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
604 {
605         if (req->req.misc) {
606                 if (fi->fcp_buffer) {
607                         req->req.error = RAW1394_ERROR_ALREADY;
608                 } else {
609                         fi->fcp_buffer = int2ptr(req->req.recvb);
610                 }
611         } else {
612                 if (!fi->fcp_buffer) {
613                         req->req.error = RAW1394_ERROR_ALREADY;
614                 } else {
615                         fi->fcp_buffer = NULL;
616                 }
617         }
618
619         req->req.length = 0;
620         queue_complete_req(req);
621 }
622
623 static int handle_async_request(struct file_info *fi,
624                                 struct pending_request *req, int node)
625 {
626         unsigned long flags;
627         struct hpsb_packet *packet = NULL;
628         u64 addr = req->req.address & 0xffffffffffffULL;
629
630         switch (req->req.type) {
631         case RAW1394_REQ_ASYNC_READ:
632                 DBGMSG("read_request called");
633                 packet =
634                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
635
636                 if (!packet)
637                         return -ENOMEM;
638
639                 if (req->req.length == 4)
640                         req->data = &packet->header[3];
641                 else
642                         req->data = packet->data;
643
644                 break;
645
646         case RAW1394_REQ_ASYNC_WRITE:
647                 DBGMSG("write_request called");
648
649                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
650                                                req->req.length);
651                 if (!packet)
652                         return -ENOMEM;
653
654                 if (req->req.length == 4) {
655                         if (copy_from_user
656                             (&packet->header[3], int2ptr(req->req.sendb),
657                              req->req.length))
658                                 req->req.error = RAW1394_ERROR_MEMFAULT;
659                 } else {
660                         if (copy_from_user
661                             (packet->data, int2ptr(req->req.sendb),
662                              req->req.length))
663                                 req->req.error = RAW1394_ERROR_MEMFAULT;
664                 }
665
666                 req->req.length = 0;
667                 break;
668
669         case RAW1394_REQ_ASYNC_STREAM:
670                 DBGMSG("stream_request called");
671
672                 packet =
673                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
674                                            node & 0x3f /*channel */ ,
675                                            (req->req.misc >> 16) & 0x3,
676                                            req->req.misc & 0xf);
677                 if (!packet)
678                         return -ENOMEM;
679
680                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
681                                    req->req.length))
682                         req->req.error = RAW1394_ERROR_MEMFAULT;
683
684                 req->req.length = 0;
685                 break;
686
687         case RAW1394_REQ_LOCK:
688                 DBGMSG("lock_request called");
689                 if ((req->req.misc == EXTCODE_FETCH_ADD)
690                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
691                         if (req->req.length != 4) {
692                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
693                                 break;
694                         }
695                 } else {
696                         if (req->req.length != 8) {
697                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
698                                 break;
699                         }
700                 }
701
702                 packet = hpsb_make_lockpacket(fi->host, node, addr,
703                                               req->req.misc, NULL, 0);
704                 if (!packet)
705                         return -ENOMEM;
706
707                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
708                                    req->req.length)) {
709                         req->req.error = RAW1394_ERROR_MEMFAULT;
710                         break;
711                 }
712
713                 req->data = packet->data;
714                 req->req.length = 4;
715                 break;
716
717         case RAW1394_REQ_LOCK64:
718                 DBGMSG("lock64_request called");
719                 if ((req->req.misc == EXTCODE_FETCH_ADD)
720                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
721                         if (req->req.length != 8) {
722                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
723                                 break;
724                         }
725                 } else {
726                         if (req->req.length != 16) {
727                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
728                                 break;
729                         }
730                 }
731                 packet = hpsb_make_lock64packet(fi->host, node, addr,
732                                                 req->req.misc, NULL, 0);
733                 if (!packet)
734                         return -ENOMEM;
735
736                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
737                                    req->req.length)) {
738                         req->req.error = RAW1394_ERROR_MEMFAULT;
739                         break;
740                 }
741
742                 req->data = packet->data;
743                 req->req.length = 8;
744                 break;
745
746         default:
747                 req->req.error = RAW1394_ERROR_STATE_ORDER;
748         }
749
750         req->packet = packet;
751
752         if (req->req.error) {
753                 req->req.length = 0;
754                 queue_complete_req(req);
755                 return sizeof(struct raw1394_request);
756         }
757
758         hpsb_set_packet_complete_task(packet,
759                                       (void (*)(void *))queue_complete_cb, req);
760
761         spin_lock_irqsave(&fi->reqlists_lock, flags);
762         list_add_tail(&req->list, &fi->req_pending);
763         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
764
765         packet->generation = req->req.generation;
766
767         if (hpsb_send_packet(packet) < 0) {
768                 req->req.error = RAW1394_ERROR_SEND_ERROR;
769                 req->req.length = 0;
770                 hpsb_free_tlabel(packet);
771                 queue_complete_req(req);
772         }
773         return sizeof(struct raw1394_request);
774 }
775
776 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
777                            int channel)
778 {
779         unsigned long flags;
780         struct hpsb_packet *packet;
781
782         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
783                                      (req->req.misc >> 16) & 0x3,
784                                      req->req.misc & 0xf);
785         if (!packet)
786                 return -ENOMEM;
787
788         packet->speed_code = req->req.address & 0x3;
789
790         req->packet = packet;
791
792         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
793                            req->req.length)) {
794                 req->req.error = RAW1394_ERROR_MEMFAULT;
795                 req->req.length = 0;
796                 queue_complete_req(req);
797                 return sizeof(struct raw1394_request);
798         }
799
800         req->req.length = 0;
801         hpsb_set_packet_complete_task(packet,
802                                       (void (*)(void *))queue_complete_req,
803                                       req);
804
805         spin_lock_irqsave(&fi->reqlists_lock, flags);
806         list_add_tail(&req->list, &fi->req_pending);
807         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
808
809         /* Update the generation of the packet just before sending. */
810         packet->generation = req->req.generation;
811
812         if (hpsb_send_packet(packet) < 0) {
813                 req->req.error = RAW1394_ERROR_SEND_ERROR;
814                 queue_complete_req(req);
815         }
816
817         return sizeof(struct raw1394_request);
818 }
819
820 static int handle_async_send(struct file_info *fi, struct pending_request *req)
821 {
822         unsigned long flags;
823         struct hpsb_packet *packet;
824         int header_length = req->req.misc & 0xffff;
825         int expect_response = req->req.misc >> 16;
826
827         if ((header_length > req->req.length) || (header_length < 12)) {
828                 req->req.error = RAW1394_ERROR_INVALID_ARG;
829                 req->req.length = 0;
830                 queue_complete_req(req);
831                 return sizeof(struct raw1394_request);
832         }
833
834         packet = hpsb_alloc_packet(req->req.length - header_length);
835         req->packet = packet;
836         if (!packet)
837                 return -ENOMEM;
838
839         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
840                            header_length)) {
841                 req->req.error = RAW1394_ERROR_MEMFAULT;
842                 req->req.length = 0;
843                 queue_complete_req(req);
844                 return sizeof(struct raw1394_request);
845         }
846
847         if (copy_from_user
848             (packet->data, int2ptr(req->req.sendb) + header_length,
849              packet->data_size)) {
850                 req->req.error = RAW1394_ERROR_MEMFAULT;
851                 req->req.length = 0;
852                 queue_complete_req(req);
853                 return sizeof(struct raw1394_request);
854         }
855
856         packet->type = hpsb_async;
857         packet->node_id = packet->header[0] >> 16;
858         packet->tcode = (packet->header[0] >> 4) & 0xf;
859         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
860         packet->host = fi->host;
861         packet->expect_response = expect_response;
862         packet->header_size = header_length;
863         packet->data_size = req->req.length - header_length;
864
865         req->req.length = 0;
866         hpsb_set_packet_complete_task(packet,
867                                       (void (*)(void *))queue_complete_cb, req);
868
869         spin_lock_irqsave(&fi->reqlists_lock, flags);
870         list_add_tail(&req->list, &fi->req_pending);
871         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
872
873         /* Update the generation of the packet just before sending. */
874         packet->generation = req->req.generation;
875
876         if (hpsb_send_packet(packet) < 0) {
877                 req->req.error = RAW1394_ERROR_SEND_ERROR;
878                 queue_complete_req(req);
879         }
880
881         return sizeof(struct raw1394_request);
882 }
883
884 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
885                     u64 addr, size_t length, u16 flags)
886 {
887         unsigned long irqflags;
888         struct pending_request *req;
889         struct host_info *hi;
890         struct file_info *fi = NULL;
891         struct list_head *entry;
892         struct arm_addr *arm_addr = NULL;
893         struct arm_request *arm_req = NULL;
894         struct arm_response *arm_resp = NULL;
895         int found = 0, size = 0, rcode = -1;
896         struct arm_request_response *arm_req_resp = NULL;
897
898         DBGMSG("arm_read  called by node: %X"
899                "addr: %4.4x %8.8x length: %Zu", nodeid,
900                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
901                length);
902         spin_lock_irqsave(&host_info_lock, irqflags);
903         hi = find_host_info(host);      /* search address-entry */
904         if (hi != NULL) {
905                 list_for_each_entry(fi, &hi->file_info_list, list) {
906                         entry = fi->addr_list.next;
907                         while (entry != &(fi->addr_list)) {
908                                 arm_addr =
909                                     list_entry(entry, struct arm_addr,
910                                                addr_list);
911                                 if (((arm_addr->start) <= (addr))
912                                     && ((arm_addr->end) >= (addr + length))) {
913                                         found = 1;
914                                         break;
915                                 }
916                                 entry = entry->next;
917                         }
918                         if (found) {
919                                 break;
920                         }
921                 }
922         }
923         rcode = -1;
924         if (!found) {
925                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
926                        " -> rcode_address_error\n");
927                 spin_unlock_irqrestore(&host_info_lock, irqflags);
928                 return (RCODE_ADDRESS_ERROR);
929         } else {
930                 DBGMSG("arm_read addr_entry FOUND");
931         }
932         if (arm_addr->rec_length < length) {
933                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
934                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
935         }
936         if (rcode == -1) {
937                 if (arm_addr->access_rights & ARM_READ) {
938                         if (!(arm_addr->client_transactions & ARM_READ)) {
939                                 memcpy(buffer,
940                                        (arm_addr->addr_space_buffer) + (addr -
941                                                                         (arm_addr->
942                                                                          start)),
943                                        length);
944                                 DBGMSG("arm_read -> (rcode_complete)");
945                                 rcode = RCODE_COMPLETE;
946                         }
947                 } else {
948                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
949                         DBGMSG("arm_read -> rcode_type_error (access denied)");
950                 }
951         }
952         if (arm_addr->notification_options & ARM_READ) {
953                 DBGMSG("arm_read -> entering notification-section");
954                 req = __alloc_pending_request(SLAB_ATOMIC);
955                 if (!req) {
956                         DBGMSG("arm_read -> rcode_conflict_error");
957                         spin_unlock_irqrestore(&host_info_lock, irqflags);
958                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
959                                                            The request may be retried */
960                 }
961                 if (rcode == RCODE_COMPLETE) {
962                         size =
963                             sizeof(struct arm_request) +
964                             sizeof(struct arm_response) +
965                             length * sizeof(byte_t) +
966                             sizeof(struct arm_request_response);
967                 } else {
968                         size =
969                             sizeof(struct arm_request) +
970                             sizeof(struct arm_response) +
971                             sizeof(struct arm_request_response);
972                 }
973                 req->data = kmalloc(size, SLAB_ATOMIC);
974                 if (!(req->data)) {
975                         free_pending_request(req);
976                         DBGMSG("arm_read -> rcode_conflict_error");
977                         spin_unlock_irqrestore(&host_info_lock, irqflags);
978                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
979                                                            The request may be retried */
980                 }
981                 req->free_data = 1;
982                 req->file_info = fi;
983                 req->req.type = RAW1394_REQ_ARM;
984                 req->req.generation = get_hpsb_generation(host);
985                 req->req.misc =
986                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
987                 req->req.tag = arm_addr->arm_tag;
988                 req->req.recvb = arm_addr->recvb;
989                 req->req.length = size;
990                 arm_req_resp = (struct arm_request_response *)(req->data);
991                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
992                                                  (sizeof
993                                                   (struct
994                                                    arm_request_response)));
995                 arm_resp =
996                     (struct arm_response *)((byte_t *) (arm_req) +
997                                             (sizeof(struct arm_request)));
998                 arm_req->buffer = NULL;
999                 arm_resp->buffer = NULL;
1000                 if (rcode == RCODE_COMPLETE) {
1001                         byte_t *buf =
1002                             (byte_t *) arm_resp + sizeof(struct arm_response);
1003                         memcpy(buf,
1004                                (arm_addr->addr_space_buffer) + (addr -
1005                                                                 (arm_addr->
1006                                                                  start)),
1007                                length);
1008                         arm_resp->buffer =
1009                             int2ptr((arm_addr->recvb) +
1010                                     sizeof(struct arm_request_response) +
1011                                     sizeof(struct arm_request) +
1012                                     sizeof(struct arm_response));
1013                 }
1014                 arm_resp->buffer_length =
1015                     (rcode == RCODE_COMPLETE) ? length : 0;
1016                 arm_resp->response_code = rcode;
1017                 arm_req->buffer_length = 0;
1018                 arm_req->generation = req->req.generation;
1019                 arm_req->extended_transaction_code = 0;
1020                 arm_req->destination_offset = addr;
1021                 arm_req->source_nodeid = nodeid;
1022                 arm_req->destination_nodeid = host->node_id;
1023                 arm_req->tlabel = (flags >> 10) & 0x3f;
1024                 arm_req->tcode = (flags >> 4) & 0x0f;
1025                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1026                                                 sizeof(struct
1027                                                        arm_request_response));
1028                 arm_req_resp->response =
1029                     int2ptr((arm_addr->recvb) +
1030                             sizeof(struct arm_request_response) +
1031                             sizeof(struct arm_request));
1032                 queue_complete_req(req);
1033         }
1034         spin_unlock_irqrestore(&host_info_lock, irqflags);
1035         return (rcode);
1036 }
1037
1038 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1039                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1040 {
1041         unsigned long irqflags;
1042         struct pending_request *req;
1043         struct host_info *hi;
1044         struct file_info *fi = NULL;
1045         struct list_head *entry;
1046         struct arm_addr *arm_addr = NULL;
1047         struct arm_request *arm_req = NULL;
1048         struct arm_response *arm_resp = NULL;
1049         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1050         struct arm_request_response *arm_req_resp = NULL;
1051
1052         DBGMSG("arm_write called by node: %X"
1053                "addr: %4.4x %8.8x length: %Zu", nodeid,
1054                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1055                length);
1056         spin_lock_irqsave(&host_info_lock, irqflags);
1057         hi = find_host_info(host);      /* search address-entry */
1058         if (hi != NULL) {
1059                 list_for_each_entry(fi, &hi->file_info_list, list) {
1060                         entry = fi->addr_list.next;
1061                         while (entry != &(fi->addr_list)) {
1062                                 arm_addr =
1063                                     list_entry(entry, struct arm_addr,
1064                                                addr_list);
1065                                 if (((arm_addr->start) <= (addr))
1066                                     && ((arm_addr->end) >= (addr + length))) {
1067                                         found = 1;
1068                                         break;
1069                                 }
1070                                 entry = entry->next;
1071                         }
1072                         if (found) {
1073                                 break;
1074                         }
1075                 }
1076         }
1077         rcode = -1;
1078         if (!found) {
1079                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1080                        " -> rcode_address_error\n");
1081                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1082                 return (RCODE_ADDRESS_ERROR);
1083         } else {
1084                 DBGMSG("arm_write addr_entry FOUND");
1085         }
1086         if (arm_addr->rec_length < length) {
1087                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1088                 length_conflict = 1;
1089                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1090         }
1091         if (rcode == -1) {
1092                 if (arm_addr->access_rights & ARM_WRITE) {
1093                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1094                                 memcpy((arm_addr->addr_space_buffer) +
1095                                        (addr - (arm_addr->start)), data,
1096                                        length);
1097                                 DBGMSG("arm_write -> (rcode_complete)");
1098                                 rcode = RCODE_COMPLETE;
1099                         }
1100                 } else {
1101                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1102                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1103                 }
1104         }
1105         if (arm_addr->notification_options & ARM_WRITE) {
1106                 DBGMSG("arm_write -> entering notification-section");
1107                 req = __alloc_pending_request(SLAB_ATOMIC);
1108                 if (!req) {
1109                         DBGMSG("arm_write -> rcode_conflict_error");
1110                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1111                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1112                                                            The request my be retried */
1113                 }
1114                 size =
1115                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1116                     (length) * sizeof(byte_t) +
1117                     sizeof(struct arm_request_response);
1118                 req->data = kmalloc(size, SLAB_ATOMIC);
1119                 if (!(req->data)) {
1120                         free_pending_request(req);
1121                         DBGMSG("arm_write -> rcode_conflict_error");
1122                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1123                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1124                                                            The request may be retried */
1125                 }
1126                 req->free_data = 1;
1127                 req->file_info = fi;
1128                 req->req.type = RAW1394_REQ_ARM;
1129                 req->req.generation = get_hpsb_generation(host);
1130                 req->req.misc =
1131                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1132                 req->req.tag = arm_addr->arm_tag;
1133                 req->req.recvb = arm_addr->recvb;
1134                 req->req.length = size;
1135                 arm_req_resp = (struct arm_request_response *)(req->data);
1136                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1137                                                  (sizeof
1138                                                   (struct
1139                                                    arm_request_response)));
1140                 arm_resp =
1141                     (struct arm_response *)((byte_t *) (arm_req) +
1142                                             (sizeof(struct arm_request)));
1143                 arm_resp->buffer = NULL;
1144                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1145                        data, length);
1146                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1147                                           sizeof(struct arm_request_response) +
1148                                           sizeof(struct arm_request) +
1149                                           sizeof(struct arm_response));
1150                 arm_req->buffer_length = length;
1151                 arm_req->generation = req->req.generation;
1152                 arm_req->extended_transaction_code = 0;
1153                 arm_req->destination_offset = addr;
1154                 arm_req->source_nodeid = nodeid;
1155                 arm_req->destination_nodeid = destid;
1156                 arm_req->tlabel = (flags >> 10) & 0x3f;
1157                 arm_req->tcode = (flags >> 4) & 0x0f;
1158                 arm_resp->buffer_length = 0;
1159                 arm_resp->response_code = rcode;
1160                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1161                                                 sizeof(struct
1162                                                        arm_request_response));
1163                 arm_req_resp->response =
1164                     int2ptr((arm_addr->recvb) +
1165                             sizeof(struct arm_request_response) +
1166                             sizeof(struct arm_request));
1167                 queue_complete_req(req);
1168         }
1169         spin_unlock_irqrestore(&host_info_lock, irqflags);
1170         return (rcode);
1171 }
1172
1173 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1174                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1175                     u16 flags)
1176 {
1177         unsigned long irqflags;
1178         struct pending_request *req;
1179         struct host_info *hi;
1180         struct file_info *fi = NULL;
1181         struct list_head *entry;
1182         struct arm_addr *arm_addr = NULL;
1183         struct arm_request *arm_req = NULL;
1184         struct arm_response *arm_resp = NULL;
1185         int found = 0, size = 0, rcode = -1;
1186         quadlet_t old, new;
1187         struct arm_request_response *arm_req_resp = NULL;
1188
1189         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1190             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1191                 DBGMSG("arm_lock  called by node: %X "
1192                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1193                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1194                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1195                        be32_to_cpu(data));
1196         } else {
1197                 DBGMSG("arm_lock  called by node: %X "
1198                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1199                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1200                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1201                        be32_to_cpu(data), be32_to_cpu(arg));
1202         }
1203         spin_lock_irqsave(&host_info_lock, irqflags);
1204         hi = find_host_info(host);      /* search address-entry */
1205         if (hi != NULL) {
1206                 list_for_each_entry(fi, &hi->file_info_list, list) {
1207                         entry = fi->addr_list.next;
1208                         while (entry != &(fi->addr_list)) {
1209                                 arm_addr =
1210                                     list_entry(entry, struct arm_addr,
1211                                                addr_list);
1212                                 if (((arm_addr->start) <= (addr))
1213                                     && ((arm_addr->end) >=
1214                                         (addr + sizeof(*store)))) {
1215                                         found = 1;
1216                                         break;
1217                                 }
1218                                 entry = entry->next;
1219                         }
1220                         if (found) {
1221                                 break;
1222                         }
1223                 }
1224         }
1225         rcode = -1;
1226         if (!found) {
1227                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1228                        " -> rcode_address_error\n");
1229                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1230                 return (RCODE_ADDRESS_ERROR);
1231         } else {
1232                 DBGMSG("arm_lock addr_entry FOUND");
1233         }
1234         if (rcode == -1) {
1235                 if (arm_addr->access_rights & ARM_LOCK) {
1236                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1237                                 memcpy(&old,
1238                                        (arm_addr->addr_space_buffer) + (addr -
1239                                                                         (arm_addr->
1240                                                                          start)),
1241                                        sizeof(old));
1242                                 switch (ext_tcode) {
1243                                 case (EXTCODE_MASK_SWAP):
1244                                         new = data | (old & ~arg);
1245                                         break;
1246                                 case (EXTCODE_COMPARE_SWAP):
1247                                         if (old == arg) {
1248                                                 new = data;
1249                                         } else {
1250                                                 new = old;
1251                                         }
1252                                         break;
1253                                 case (EXTCODE_FETCH_ADD):
1254                                         new =
1255                                             cpu_to_be32(be32_to_cpu(data) +
1256                                                         be32_to_cpu(old));
1257                                         break;
1258                                 case (EXTCODE_LITTLE_ADD):
1259                                         new =
1260                                             cpu_to_le32(le32_to_cpu(data) +
1261                                                         le32_to_cpu(old));
1262                                         break;
1263                                 case (EXTCODE_BOUNDED_ADD):
1264                                         if (old != arg) {
1265                                                 new =
1266                                                     cpu_to_be32(be32_to_cpu
1267                                                                 (data) +
1268                                                                 be32_to_cpu
1269                                                                 (old));
1270                                         } else {
1271                                                 new = old;
1272                                         }
1273                                         break;
1274                                 case (EXTCODE_WRAP_ADD):
1275                                         if (old != arg) {
1276                                                 new =
1277                                                     cpu_to_be32(be32_to_cpu
1278                                                                 (data) +
1279                                                                 be32_to_cpu
1280                                                                 (old));
1281                                         } else {
1282                                                 new = data;
1283                                         }
1284                                         break;
1285                                 default:
1286                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1287                                         printk(KERN_ERR
1288                                                "raw1394: arm_lock FAILED "
1289                                                "ext_tcode not allowed -> rcode_type_error\n");
1290                                         break;
1291                                 }       /*switch */
1292                                 if (rcode == -1) {
1293                                         DBGMSG("arm_lock -> (rcode_complete)");
1294                                         rcode = RCODE_COMPLETE;
1295                                         memcpy(store, &old, sizeof(*store));
1296                                         memcpy((arm_addr->addr_space_buffer) +
1297                                                (addr - (arm_addr->start)),
1298                                                &new, sizeof(*store));
1299                                 }
1300                         }
1301                 } else {
1302                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1303                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1304                 }
1305         }
1306         if (arm_addr->notification_options & ARM_LOCK) {
1307                 byte_t *buf1, *buf2;
1308                 DBGMSG("arm_lock -> entering notification-section");
1309                 req = __alloc_pending_request(SLAB_ATOMIC);
1310                 if (!req) {
1311                         DBGMSG("arm_lock -> rcode_conflict_error");
1312                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1313                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1314                                                            The request may be retried */
1315                 }
1316                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1317                 req->data = kmalloc(size, SLAB_ATOMIC);
1318                 if (!(req->data)) {
1319                         free_pending_request(req);
1320                         DBGMSG("arm_lock -> rcode_conflict_error");
1321                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1322                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1323                                                            The request may be retried */
1324                 }
1325                 req->free_data = 1;
1326                 arm_req_resp = (struct arm_request_response *)(req->data);
1327                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1328                                                  (sizeof
1329                                                   (struct
1330                                                    arm_request_response)));
1331                 arm_resp =
1332                     (struct arm_response *)((byte_t *) (arm_req) +
1333                                             (sizeof(struct arm_request)));
1334                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1335                 buf2 = buf1 + 2 * sizeof(*store);
1336                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1337                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1338                         arm_req->buffer_length = sizeof(*store);
1339                         memcpy(buf1, &data, sizeof(*store));
1340
1341                 } else {
1342                         arm_req->buffer_length = 2 * sizeof(*store);
1343                         memcpy(buf1, &arg, sizeof(*store));
1344                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1345                 }
1346                 if (rcode == RCODE_COMPLETE) {
1347                         arm_resp->buffer_length = sizeof(*store);
1348                         memcpy(buf2, &old, sizeof(*store));
1349                 } else {
1350                         arm_resp->buffer_length = 0;
1351                 }
1352                 req->file_info = fi;
1353                 req->req.type = RAW1394_REQ_ARM;
1354                 req->req.generation = get_hpsb_generation(host);
1355                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1356                                  (ARM_LOCK & 0xFF));
1357                 req->req.tag = arm_addr->arm_tag;
1358                 req->req.recvb = arm_addr->recvb;
1359                 req->req.length = size;
1360                 arm_req->generation = req->req.generation;
1361                 arm_req->extended_transaction_code = ext_tcode;
1362                 arm_req->destination_offset = addr;
1363                 arm_req->source_nodeid = nodeid;
1364                 arm_req->destination_nodeid = host->node_id;
1365                 arm_req->tlabel = (flags >> 10) & 0x3f;
1366                 arm_req->tcode = (flags >> 4) & 0x0f;
1367                 arm_resp->response_code = rcode;
1368                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1369                                                 sizeof(struct
1370                                                        arm_request_response));
1371                 arm_req_resp->response =
1372                     int2ptr((arm_addr->recvb) +
1373                             sizeof(struct arm_request_response) +
1374                             sizeof(struct arm_request));
1375                 arm_req->buffer =
1376                     int2ptr((arm_addr->recvb) +
1377                             sizeof(struct arm_request_response) +
1378                             sizeof(struct arm_request) +
1379                             sizeof(struct arm_response));
1380                 arm_resp->buffer =
1381                     int2ptr((arm_addr->recvb) +
1382                             sizeof(struct arm_request_response) +
1383                             sizeof(struct arm_request) +
1384                             sizeof(struct arm_response) + 2 * sizeof(*store));
1385                 queue_complete_req(req);
1386         }
1387         spin_unlock_irqrestore(&host_info_lock, irqflags);
1388         return (rcode);
1389 }
1390
1391 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1392                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1393                       u16 flags)
1394 {
1395         unsigned long irqflags;
1396         struct pending_request *req;
1397         struct host_info *hi;
1398         struct file_info *fi = NULL;
1399         struct list_head *entry;
1400         struct arm_addr *arm_addr = NULL;
1401         struct arm_request *arm_req = NULL;
1402         struct arm_response *arm_resp = NULL;
1403         int found = 0, size = 0, rcode = -1;
1404         octlet_t old, new;
1405         struct arm_request_response *arm_req_resp = NULL;
1406
1407         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1408             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1409                 DBGMSG("arm_lock64 called by node: %X "
1410                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1411                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1412                        (u32) (addr & 0xFFFFFFFF),
1413                        ext_tcode & 0xFF,
1414                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1415                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1416         } else {
1417                 DBGMSG("arm_lock64 called by node: %X "
1418                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1419                        "%8.8X %8.8X ",
1420                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1421                        (u32) (addr & 0xFFFFFFFF),
1422                        ext_tcode & 0xFF,
1423                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1424                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1425                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1426                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1427         }
1428         spin_lock_irqsave(&host_info_lock, irqflags);
1429         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1430         if (hi != NULL) {
1431                 list_for_each_entry(fi, &hi->file_info_list, list) {
1432                         entry = fi->addr_list.next;
1433                         while (entry != &(fi->addr_list)) {
1434                                 arm_addr =
1435                                     list_entry(entry, struct arm_addr,
1436                                                addr_list);
1437                                 if (((arm_addr->start) <= (addr))
1438                                     && ((arm_addr->end) >=
1439                                         (addr + sizeof(*store)))) {
1440                                         found = 1;
1441                                         break;
1442                                 }
1443                                 entry = entry->next;
1444                         }
1445                         if (found) {
1446                                 break;
1447                         }
1448                 }
1449         }
1450         rcode = -1;
1451         if (!found) {
1452                 printk(KERN_ERR
1453                        "raw1394: arm_lock64 FAILED addr_entry not found"
1454                        " -> rcode_address_error\n");
1455                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1456                 return (RCODE_ADDRESS_ERROR);
1457         } else {
1458                 DBGMSG("arm_lock64 addr_entry FOUND");
1459         }
1460         if (rcode == -1) {
1461                 if (arm_addr->access_rights & ARM_LOCK) {
1462                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1463                                 memcpy(&old,
1464                                        (arm_addr->addr_space_buffer) + (addr -
1465                                                                         (arm_addr->
1466                                                                          start)),
1467                                        sizeof(old));
1468                                 switch (ext_tcode) {
1469                                 case (EXTCODE_MASK_SWAP):
1470                                         new = data | (old & ~arg);
1471                                         break;
1472                                 case (EXTCODE_COMPARE_SWAP):
1473                                         if (old == arg) {
1474                                                 new = data;
1475                                         } else {
1476                                                 new = old;
1477                                         }
1478                                         break;
1479                                 case (EXTCODE_FETCH_ADD):
1480                                         new =
1481                                             cpu_to_be64(be64_to_cpu(data) +
1482                                                         be64_to_cpu(old));
1483                                         break;
1484                                 case (EXTCODE_LITTLE_ADD):
1485                                         new =
1486                                             cpu_to_le64(le64_to_cpu(data) +
1487                                                         le64_to_cpu(old));
1488                                         break;
1489                                 case (EXTCODE_BOUNDED_ADD):
1490                                         if (old != arg) {
1491                                                 new =
1492                                                     cpu_to_be64(be64_to_cpu
1493                                                                 (data) +
1494                                                                 be64_to_cpu
1495                                                                 (old));
1496                                         } else {
1497                                                 new = old;
1498                                         }
1499                                         break;
1500                                 case (EXTCODE_WRAP_ADD):
1501                                         if (old != arg) {
1502                                                 new =
1503                                                     cpu_to_be64(be64_to_cpu
1504                                                                 (data) +
1505                                                                 be64_to_cpu
1506                                                                 (old));
1507                                         } else {
1508                                                 new = data;
1509                                         }
1510                                         break;
1511                                 default:
1512                                         printk(KERN_ERR
1513                                                "raw1394: arm_lock64 FAILED "
1514                                                "ext_tcode not allowed -> rcode_type_error\n");
1515                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1516                                         break;
1517                                 }       /*switch */
1518                                 if (rcode == -1) {
1519                                         DBGMSG
1520                                             ("arm_lock64 -> (rcode_complete)");
1521                                         rcode = RCODE_COMPLETE;
1522                                         memcpy(store, &old, sizeof(*store));
1523                                         memcpy((arm_addr->addr_space_buffer) +
1524                                                (addr - (arm_addr->start)),
1525                                                &new, sizeof(*store));
1526                                 }
1527                         }
1528                 } else {
1529                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1530                         DBGMSG
1531                             ("arm_lock64 -> rcode_type_error (access denied)");
1532                 }
1533         }
1534         if (arm_addr->notification_options & ARM_LOCK) {
1535                 byte_t *buf1, *buf2;
1536                 DBGMSG("arm_lock64 -> entering notification-section");
1537                 req = __alloc_pending_request(SLAB_ATOMIC);
1538                 if (!req) {
1539                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1540                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1541                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1542                                                            The request may be retried */
1543                 }
1544                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1545                 req->data = kmalloc(size, SLAB_ATOMIC);
1546                 if (!(req->data)) {
1547                         free_pending_request(req);
1548                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1549                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1550                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1551                                                            The request may be retried */
1552                 }
1553                 req->free_data = 1;
1554                 arm_req_resp = (struct arm_request_response *)(req->data);
1555                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1556                                                  (sizeof
1557                                                   (struct
1558                                                    arm_request_response)));
1559                 arm_resp =
1560                     (struct arm_response *)((byte_t *) (arm_req) +
1561                                             (sizeof(struct arm_request)));
1562                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1563                 buf2 = buf1 + 2 * sizeof(*store);
1564                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1565                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1566                         arm_req->buffer_length = sizeof(*store);
1567                         memcpy(buf1, &data, sizeof(*store));
1568
1569                 } else {
1570                         arm_req->buffer_length = 2 * sizeof(*store);
1571                         memcpy(buf1, &arg, sizeof(*store));
1572                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1573                 }
1574                 if (rcode == RCODE_COMPLETE) {
1575                         arm_resp->buffer_length = sizeof(*store);
1576                         memcpy(buf2, &old, sizeof(*store));
1577                 } else {
1578                         arm_resp->buffer_length = 0;
1579                 }
1580                 req->file_info = fi;
1581                 req->req.type = RAW1394_REQ_ARM;
1582                 req->req.generation = get_hpsb_generation(host);
1583                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1584                                  (ARM_LOCK & 0xFF));
1585                 req->req.tag = arm_addr->arm_tag;
1586                 req->req.recvb = arm_addr->recvb;
1587                 req->req.length = size;
1588                 arm_req->generation = req->req.generation;
1589                 arm_req->extended_transaction_code = ext_tcode;
1590                 arm_req->destination_offset = addr;
1591                 arm_req->source_nodeid = nodeid;
1592                 arm_req->destination_nodeid = host->node_id;
1593                 arm_req->tlabel = (flags >> 10) & 0x3f;
1594                 arm_req->tcode = (flags >> 4) & 0x0f;
1595                 arm_resp->response_code = rcode;
1596                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1597                                                 sizeof(struct
1598                                                        arm_request_response));
1599                 arm_req_resp->response =
1600                     int2ptr((arm_addr->recvb) +
1601                             sizeof(struct arm_request_response) +
1602                             sizeof(struct arm_request));
1603                 arm_req->buffer =
1604                     int2ptr((arm_addr->recvb) +
1605                             sizeof(struct arm_request_response) +
1606                             sizeof(struct arm_request) +
1607                             sizeof(struct arm_response));
1608                 arm_resp->buffer =
1609                     int2ptr((arm_addr->recvb) +
1610                             sizeof(struct arm_request_response) +
1611                             sizeof(struct arm_request) +
1612                             sizeof(struct arm_response) + 2 * sizeof(*store));
1613                 queue_complete_req(req);
1614         }
1615         spin_unlock_irqrestore(&host_info_lock, irqflags);
1616         return (rcode);
1617 }
1618
1619 static int arm_register(struct file_info *fi, struct pending_request *req)
1620 {
1621         int retval;
1622         struct arm_addr *addr;
1623         struct host_info *hi;
1624         struct file_info *fi_hlp = NULL;
1625         struct list_head *entry;
1626         struct arm_addr *arm_addr = NULL;
1627         int same_host, another_host;
1628         unsigned long flags;
1629
1630         DBGMSG("arm_register called "
1631                "addr(Offset): %8.8x %8.8x length: %u "
1632                "rights: %2.2X notify: %2.2X "
1633                "max_blk_len: %4.4X",
1634                (u32) ((req->req.address >> 32) & 0xFFFF),
1635                (u32) (req->req.address & 0xFFFFFFFF),
1636                req->req.length, ((req->req.misc >> 8) & 0xFF),
1637                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1638         /* check addressrange */
1639         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1640             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1641              0)) {
1642                 req->req.length = 0;
1643                 return (-EINVAL);
1644         }
1645         /* addr-list-entry for fileinfo */
1646         addr = kmalloc(sizeof(*addr), SLAB_KERNEL);
1647         if (!addr) {
1648                 req->req.length = 0;
1649                 return (-ENOMEM);
1650         }
1651         /* allocation of addr_space_buffer */
1652         addr->addr_space_buffer = vmalloc(req->req.length);
1653         if (!(addr->addr_space_buffer)) {
1654                 kfree(addr);
1655                 req->req.length = 0;
1656                 return (-ENOMEM);
1657         }
1658         /* initialization of addr_space_buffer */
1659         if ((req->req.sendb) == (unsigned long)NULL) {
1660                 /* init: set 0 */
1661                 memset(addr->addr_space_buffer, 0, req->req.length);
1662         } else {
1663                 /* init: user -> kernel */
1664                 if (copy_from_user
1665                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1666                      req->req.length)) {
1667                         vfree(addr->addr_space_buffer);
1668                         kfree(addr);
1669                         return (-EFAULT);
1670                 }
1671         }
1672         INIT_LIST_HEAD(&addr->addr_list);
1673         addr->arm_tag = req->req.tag;
1674         addr->start = req->req.address;
1675         addr->end = req->req.address + req->req.length;
1676         addr->access_rights = (u8) (req->req.misc & 0x0F);
1677         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1678         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1679         addr->access_rights |= addr->client_transactions;
1680         addr->notification_options |= addr->client_transactions;
1681         addr->recvb = req->req.recvb;
1682         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1683         spin_lock_irqsave(&host_info_lock, flags);
1684         hi = find_host_info(fi->host);
1685         same_host = 0;
1686         another_host = 0;
1687         /* same host with address-entry containing same addressrange ? */
1688         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1689                 entry = fi_hlp->addr_list.next;
1690                 while (entry != &(fi_hlp->addr_list)) {
1691                         arm_addr =
1692                             list_entry(entry, struct arm_addr, addr_list);
1693                         if ((arm_addr->start == addr->start)
1694                             && (arm_addr->end == addr->end)) {
1695                                 DBGMSG("same host ownes same "
1696                                        "addressrange -> EALREADY");
1697                                 same_host = 1;
1698                                 break;
1699                         }
1700                         entry = entry->next;
1701                 }
1702                 if (same_host) {
1703                         break;
1704                 }
1705         }
1706         if (same_host) {
1707                 /* addressrange occupied by same host */
1708                 vfree(addr->addr_space_buffer);
1709                 kfree(addr);
1710                 spin_unlock_irqrestore(&host_info_lock, flags);
1711                 return (-EALREADY);
1712         }
1713         /* another host with valid address-entry containing same addressrange */
1714         list_for_each_entry(hi, &host_info_list, list) {
1715                 if (hi->host != fi->host) {
1716                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1717                                 entry = fi_hlp->addr_list.next;
1718                                 while (entry != &(fi_hlp->addr_list)) {
1719                                         arm_addr =
1720                                             list_entry(entry, struct arm_addr,
1721                                                        addr_list);
1722                                         if ((arm_addr->start == addr->start)
1723                                             && (arm_addr->end == addr->end)) {
1724                                                 DBGMSG
1725                                                     ("another host ownes same "
1726                                                      "addressrange");
1727                                                 another_host = 1;
1728                                                 break;
1729                                         }
1730                                         entry = entry->next;
1731                                 }
1732                                 if (another_host) {
1733                                         break;
1734                                 }
1735                         }
1736                 }
1737         }
1738         if (another_host) {
1739                 DBGMSG("another hosts entry is valid -> SUCCESS");
1740                 if (copy_to_user(int2ptr(req->req.recvb),
1741                                  &addr->start, sizeof(u64))) {
1742                         printk(KERN_ERR "raw1394: arm_register failed "
1743                                " address-range-entry is invalid -> EFAULT !!!\n");
1744                         vfree(addr->addr_space_buffer);
1745                         kfree(addr);
1746                         spin_unlock_irqrestore(&host_info_lock, flags);
1747                         return (-EFAULT);
1748                 }
1749                 free_pending_request(req);      /* immediate success or fail */
1750                 /* INSERT ENTRY */
1751                 list_add_tail(&addr->addr_list, &fi->addr_list);
1752                 spin_unlock_irqrestore(&host_info_lock, flags);
1753                 return sizeof(struct raw1394_request);
1754         }
1755         retval =
1756             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1757                                     req->req.address,
1758                                     req->req.address + req->req.length);
1759         if (retval) {
1760                 /* INSERT ENTRY */
1761                 list_add_tail(&addr->addr_list, &fi->addr_list);
1762         } else {
1763                 DBGMSG("arm_register failed errno: %d \n", retval);
1764                 vfree(addr->addr_space_buffer);
1765                 kfree(addr);
1766                 spin_unlock_irqrestore(&host_info_lock, flags);
1767                 return (-EALREADY);
1768         }
1769         spin_unlock_irqrestore(&host_info_lock, flags);
1770         free_pending_request(req);      /* immediate success or fail */
1771         return sizeof(struct raw1394_request);
1772 }
1773
1774 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1775 {
1776         int found = 0;
1777         int retval = 0;
1778         struct list_head *entry;
1779         struct arm_addr *addr = NULL;
1780         struct host_info *hi;
1781         struct file_info *fi_hlp = NULL;
1782         struct arm_addr *arm_addr = NULL;
1783         int another_host;
1784         unsigned long flags;
1785
1786         DBGMSG("arm_Unregister called addr(Offset): "
1787                "%8.8x %8.8x",
1788                (u32) ((req->req.address >> 32) & 0xFFFF),
1789                (u32) (req->req.address & 0xFFFFFFFF));
1790         spin_lock_irqsave(&host_info_lock, flags);
1791         /* get addr */
1792         entry = fi->addr_list.next;
1793         while (entry != &(fi->addr_list)) {
1794                 addr = list_entry(entry, struct arm_addr, addr_list);
1795                 if (addr->start == req->req.address) {
1796                         found = 1;
1797                         break;
1798                 }
1799                 entry = entry->next;
1800         }
1801         if (!found) {
1802                 DBGMSG("arm_Unregister addr not found");
1803                 spin_unlock_irqrestore(&host_info_lock, flags);
1804                 return (-EINVAL);
1805         }
1806         DBGMSG("arm_Unregister addr found");
1807         another_host = 0;
1808         /* another host with valid address-entry containing
1809            same addressrange */
1810         list_for_each_entry(hi, &host_info_list, list) {
1811                 if (hi->host != fi->host) {
1812                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1813                                 entry = fi_hlp->addr_list.next;
1814                                 while (entry != &(fi_hlp->addr_list)) {
1815                                         arm_addr = list_entry(entry,
1816                                                               struct arm_addr,
1817                                                               addr_list);
1818                                         if (arm_addr->start == addr->start) {
1819                                                 DBGMSG("another host ownes "
1820                                                        "same addressrange");
1821                                                 another_host = 1;
1822                                                 break;
1823                                         }
1824                                         entry = entry->next;
1825                                 }
1826                                 if (another_host) {
1827                                         break;
1828                                 }
1829                         }
1830                 }
1831         }
1832         if (another_host) {
1833                 DBGMSG("delete entry from list -> success");
1834                 list_del(&addr->addr_list);
1835                 vfree(addr->addr_space_buffer);
1836                 kfree(addr);
1837                 free_pending_request(req);      /* immediate success or fail */
1838                 spin_unlock_irqrestore(&host_info_lock, flags);
1839                 return sizeof(struct raw1394_request);
1840         }
1841         retval =
1842             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1843                                       addr->start);
1844         if (!retval) {
1845                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1846                 spin_unlock_irqrestore(&host_info_lock, flags);
1847                 return (-EINVAL);
1848         }
1849         DBGMSG("delete entry from list -> success");
1850         list_del(&addr->addr_list);
1851         spin_unlock_irqrestore(&host_info_lock, flags);
1852         vfree(addr->addr_space_buffer);
1853         kfree(addr);
1854         free_pending_request(req);      /* immediate success or fail */
1855         return sizeof(struct raw1394_request);
1856 }
1857
1858 /* Copy data from ARM buffer(s) to user buffer. */
1859 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1860 {
1861         struct arm_addr *arm_addr = NULL;
1862         unsigned long flags;
1863         unsigned long offset;
1864
1865         struct list_head *entry;
1866
1867         DBGMSG("arm_get_buf "
1868                "addr(Offset): %04X %08X length: %u",
1869                (u32) ((req->req.address >> 32) & 0xFFFF),
1870                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1871
1872         spin_lock_irqsave(&host_info_lock, flags);
1873         entry = fi->addr_list.next;
1874         while (entry != &(fi->addr_list)) {
1875                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1876                 if ((arm_addr->start <= req->req.address) &&
1877                     (arm_addr->end > req->req.address)) {
1878                         if (req->req.address + req->req.length <= arm_addr->end) {
1879                                 offset = req->req.address - arm_addr->start;
1880
1881                                 DBGMSG
1882                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1883                                      (u32) req->req.recvb,
1884                                      arm_addr->addr_space_buffer + offset,
1885                                      (u32) req->req.length);
1886
1887                                 if (copy_to_user
1888                                     (int2ptr(req->req.recvb),
1889                                      arm_addr->addr_space_buffer + offset,
1890                                      req->req.length)) {
1891                                         spin_unlock_irqrestore(&host_info_lock,
1892                                                                flags);
1893                                         return (-EFAULT);
1894                                 }
1895
1896                                 spin_unlock_irqrestore(&host_info_lock, flags);
1897                                 /* We have to free the request, because we
1898                                  * queue no response, and therefore nobody
1899                                  * will free it. */
1900                                 free_pending_request(req);
1901                                 return sizeof(struct raw1394_request);
1902                         } else {
1903                                 DBGMSG("arm_get_buf request exceeded mapping");
1904                                 spin_unlock_irqrestore(&host_info_lock, flags);
1905                                 return (-EINVAL);
1906                         }
1907                 }
1908                 entry = entry->next;
1909         }
1910         spin_unlock_irqrestore(&host_info_lock, flags);
1911         return (-EINVAL);
1912 }
1913
1914 /* Copy data from user buffer to ARM buffer(s). */
1915 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1916 {
1917         struct arm_addr *arm_addr = NULL;
1918         unsigned long flags;
1919         unsigned long offset;
1920
1921         struct list_head *entry;
1922
1923         DBGMSG("arm_set_buf "
1924                "addr(Offset): %04X %08X length: %u",
1925                (u32) ((req->req.address >> 32) & 0xFFFF),
1926                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1927
1928         spin_lock_irqsave(&host_info_lock, flags);
1929         entry = fi->addr_list.next;
1930         while (entry != &(fi->addr_list)) {
1931                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1932                 if ((arm_addr->start <= req->req.address) &&
1933                     (arm_addr->end > req->req.address)) {
1934                         if (req->req.address + req->req.length <= arm_addr->end) {
1935                                 offset = req->req.address - arm_addr->start;
1936
1937                                 DBGMSG
1938                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
1939                                      arm_addr->addr_space_buffer + offset,
1940                                      (u32) req->req.sendb,
1941                                      (u32) req->req.length);
1942
1943                                 if (copy_from_user
1944                                     (arm_addr->addr_space_buffer + offset,
1945                                      int2ptr(req->req.sendb),
1946                                      req->req.length)) {
1947                                         spin_unlock_irqrestore(&host_info_lock,
1948                                                                flags);
1949                                         return (-EFAULT);
1950                                 }
1951
1952                                 spin_unlock_irqrestore(&host_info_lock, flags);
1953                                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1954                                 return sizeof(struct raw1394_request);
1955                         } else {
1956                                 DBGMSG("arm_set_buf request exceeded mapping");
1957                                 spin_unlock_irqrestore(&host_info_lock, flags);
1958                                 return (-EINVAL);
1959                         }
1960                 }
1961                 entry = entry->next;
1962         }
1963         spin_unlock_irqrestore(&host_info_lock, flags);
1964         return (-EINVAL);
1965 }
1966
1967 static int reset_notification(struct file_info *fi, struct pending_request *req)
1968 {
1969         DBGMSG("reset_notification called - switch %s ",
1970                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1971         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1972             (req->req.misc == RAW1394_NOTIFY_ON)) {
1973                 fi->notification = (u8) req->req.misc;
1974                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1975                 return sizeof(struct raw1394_request);
1976         }
1977         /* error EINVAL (22) invalid argument */
1978         return (-EINVAL);
1979 }
1980
1981 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1982 {
1983         struct hpsb_packet *packet = NULL;
1984         int retval = 0;
1985         quadlet_t data;
1986         unsigned long flags;
1987
1988         data = be32_to_cpu((u32) req->req.sendb);
1989         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1990         packet = hpsb_make_phypacket(fi->host, data);
1991         if (!packet)
1992                 return -ENOMEM;
1993         req->req.length = 0;
1994         req->packet = packet;
1995         hpsb_set_packet_complete_task(packet,
1996                                       (void (*)(void *))queue_complete_cb, req);
1997         spin_lock_irqsave(&fi->reqlists_lock, flags);
1998         list_add_tail(&req->list, &fi->req_pending);
1999         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2000         packet->generation = req->req.generation;
2001         retval = hpsb_send_packet(packet);
2002         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2003         if (retval < 0) {
2004                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2005                 req->req.length = 0;
2006                 queue_complete_req(req);
2007         }
2008         return sizeof(struct raw1394_request);
2009 }
2010
2011 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2012 {
2013         int ret = sizeof(struct raw1394_request);
2014         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2015         int status;
2016
2017         if (!data)
2018                 return -ENOMEM;
2019
2020         status =
2021             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2022                          data, req->req.length);
2023         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2024                 ret = -EFAULT;
2025         if (copy_to_user
2026             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2027              sizeof(fi->host->csr.rom->cache_head->len)))
2028                 ret = -EFAULT;
2029         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2030                          sizeof(fi->host->csr.generation)))
2031                 ret = -EFAULT;
2032         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2033                 ret = -EFAULT;
2034         kfree(data);
2035         if (ret >= 0) {
2036                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2037         }
2038         return ret;
2039 }
2040
2041 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2042 {
2043         int ret = sizeof(struct raw1394_request);
2044         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2045         if (!data)
2046                 return -ENOMEM;
2047         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2048                 ret = -EFAULT;
2049         } else {
2050                 int status = hpsb_update_config_rom(fi->host,
2051                                                     data, req->req.length,
2052                                                     (unsigned char)req->req.
2053                                                     misc);
2054                 if (copy_to_user
2055                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2056                         ret = -ENOMEM;
2057         }
2058         kfree(data);
2059         if (ret >= 0) {
2060                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2061                 fi->cfgrom_upd = 1;
2062         }
2063         return ret;
2064 }
2065
2066 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2067 {
2068         struct csr1212_keyval *kv;
2069         struct csr1212_csr_rom_cache *cache;
2070         struct csr1212_dentry *dentry;
2071         u32 dr;
2072         int ret = 0;
2073
2074         if (req->req.misc == ~0) {
2075                 if (req->req.length == 0)
2076                         return -EINVAL;
2077
2078                 /* Find an unused slot */
2079                 for (dr = 0;
2080                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2081                      dr++) ;
2082
2083                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2084                         return -ENOMEM;
2085
2086                 fi->csr1212_dirs[dr] =
2087                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2088                 if (!fi->csr1212_dirs[dr])
2089                         return -ENOMEM;
2090         } else {
2091                 dr = req->req.misc;
2092                 if (!fi->csr1212_dirs[dr])
2093                         return -EINVAL;
2094
2095                 /* Delete old stuff */
2096                 for (dentry =
2097                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2098                      dentry; dentry = dentry->next) {
2099                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2100                                                              root_kv,
2101                                                              dentry->kv);
2102                 }
2103
2104                 if (req->req.length == 0) {
2105                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2106                         fi->csr1212_dirs[dr] = NULL;
2107
2108                         hpsb_update_config_rom_image(fi->host);
2109                         free_pending_request(req);
2110                         return sizeof(struct raw1394_request);
2111                 }
2112         }
2113
2114         cache = csr1212_rom_cache_malloc(0, req->req.length);
2115         if (!cache) {
2116                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2117                 fi->csr1212_dirs[dr] = NULL;
2118                 return -ENOMEM;
2119         }
2120
2121         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2122         if (!cache->filled_head) {
2123                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2124                 fi->csr1212_dirs[dr] = NULL;
2125                 CSR1212_FREE(cache);
2126                 return -ENOMEM;
2127         }
2128         cache->filled_tail = cache->filled_head;
2129
2130         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2131                            req->req.length)) {
2132                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2133                 fi->csr1212_dirs[dr] = NULL;
2134                 CSR1212_FREE(cache);
2135                 ret = -EFAULT;
2136         } else {
2137                 cache->len = req->req.length;
2138                 cache->filled_head->offset_start = 0;
2139                 cache->filled_head->offset_end = cache->size - 1;
2140
2141                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2142
2143                 ret = CSR1212_SUCCESS;
2144                 /* parse all the items */
2145                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2146                      kv = kv->next) {
2147                         ret = csr1212_parse_keyval(kv, cache);
2148                 }
2149
2150                 /* attach top level items to the root directory */
2151                 for (dentry =
2152                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2153                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2154                         ret =
2155                             csr1212_attach_keyval_to_directory(fi->host->csr.
2156                                                                rom->root_kv,
2157                                                                dentry->kv);
2158                 }
2159
2160                 if (ret == CSR1212_SUCCESS) {
2161                         ret = hpsb_update_config_rom_image(fi->host);
2162
2163                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2164                                                      &dr, sizeof(dr))) {
2165                                 ret = -ENOMEM;
2166                         }
2167                 }
2168         }
2169         kfree(cache->filled_head);
2170         kfree(cache);
2171
2172         if (ret >= 0) {
2173                 /* we have to free the request, because we queue no response,
2174                  * and therefore nobody will free it */
2175                 free_pending_request(req);
2176                 return sizeof(struct raw1394_request);
2177         } else {
2178                 for (dentry =
2179                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2180                      dentry; dentry = dentry->next) {
2181                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2182                                                              root_kv,
2183                                                              dentry->kv);
2184                 }
2185                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2186                 fi->csr1212_dirs[dr] = NULL;
2187                 return ret;
2188         }
2189 }
2190
2191 static int state_connected(struct file_info *fi, struct pending_request *req)
2192 {
2193         int node = req->req.address >> 48;
2194
2195         req->req.error = RAW1394_ERROR_NONE;
2196
2197         switch (req->req.type) {
2198
2199         case RAW1394_REQ_ECHO:
2200                 queue_complete_req(req);
2201                 return sizeof(struct raw1394_request);
2202
2203         case RAW1394_REQ_ISO_SEND:
2204                 return handle_iso_send(fi, req, node);
2205
2206         case RAW1394_REQ_ARM_REGISTER:
2207                 return arm_register(fi, req);
2208
2209         case RAW1394_REQ_ARM_UNREGISTER:
2210                 return arm_unregister(fi, req);
2211
2212         case RAW1394_REQ_ARM_SET_BUF:
2213                 return arm_set_buf(fi, req);
2214
2215         case RAW1394_REQ_ARM_GET_BUF:
2216                 return arm_get_buf(fi, req);
2217
2218         case RAW1394_REQ_RESET_NOTIFY:
2219                 return reset_notification(fi, req);
2220
2221         case RAW1394_REQ_ISO_LISTEN:
2222                 handle_iso_listen(fi, req);
2223                 return sizeof(struct raw1394_request);
2224
2225         case RAW1394_REQ_FCP_LISTEN:
2226                 handle_fcp_listen(fi, req);
2227                 return sizeof(struct raw1394_request);
2228
2229         case RAW1394_REQ_RESET_BUS:
2230                 if (req->req.misc == RAW1394_LONG_RESET) {
2231                         DBGMSG("busreset called (type: LONG)");
2232                         hpsb_reset_bus(fi->host, LONG_RESET);
2233                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2234                         return sizeof(struct raw1394_request);
2235                 }
2236                 if (req->req.misc == RAW1394_SHORT_RESET) {
2237                         DBGMSG("busreset called (type: SHORT)");
2238                         hpsb_reset_bus(fi->host, SHORT_RESET);
2239                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2240                         return sizeof(struct raw1394_request);
2241                 }
2242                 /* error EINVAL (22) invalid argument */
2243                 return (-EINVAL);
2244         case RAW1394_REQ_GET_ROM:
2245                 return get_config_rom(fi, req);
2246
2247         case RAW1394_REQ_UPDATE_ROM:
2248                 return update_config_rom(fi, req);
2249
2250         case RAW1394_REQ_MODIFY_ROM:
2251                 return modify_config_rom(fi, req);
2252         }
2253
2254         if (req->req.generation != get_hpsb_generation(fi->host)) {
2255                 req->req.error = RAW1394_ERROR_GENERATION;
2256                 req->req.generation = get_hpsb_generation(fi->host);
2257                 req->req.length = 0;
2258                 queue_complete_req(req);
2259                 return sizeof(struct raw1394_request);
2260         }
2261
2262         switch (req->req.type) {
2263         case RAW1394_REQ_PHYPACKET:
2264                 return write_phypacket(fi, req);
2265         case RAW1394_REQ_ASYNC_SEND:
2266                 return handle_async_send(fi, req);
2267         }
2268
2269         if (req->req.length == 0) {
2270                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2271                 queue_complete_req(req);
2272                 return sizeof(struct raw1394_request);
2273         }
2274
2275         return handle_async_request(fi, req, node);
2276 }
2277
2278 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2279                              size_t count, loff_t * offset_is_ignored)
2280 {
2281         struct file_info *fi = (struct file_info *)file->private_data;
2282         struct pending_request *req;
2283         ssize_t retval = 0;
2284
2285         if (count != sizeof(struct raw1394_request)) {
2286                 return -EINVAL;
2287         }
2288
2289         req = alloc_pending_request();
2290         if (req == NULL) {
2291                 return -ENOMEM;
2292         }
2293         req->file_info = fi;
2294
2295         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2296                 free_pending_request(req);
2297                 return -EFAULT;
2298         }
2299
2300         switch (fi->state) {
2301         case opened:
2302                 retval = state_opened(fi, req);
2303                 break;
2304
2305         case initialized:
2306                 retval = state_initialized(fi, req);
2307                 break;
2308
2309         case connected:
2310                 retval = state_connected(fi, req);
2311                 break;
2312         }
2313
2314         if (retval < 0) {
2315                 free_pending_request(req);
2316         }
2317
2318         return retval;
2319 }
2320
2321 /* rawiso operations */
2322
2323 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2324  * completion queue (reqlists_lock must be taken) */
2325 static inline int __rawiso_event_in_queue(struct file_info *fi)
2326 {
2327         struct pending_request *req;
2328
2329         list_for_each_entry(req, &fi->req_complete, list)
2330             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2331                 return 1;
2332
2333         return 0;
2334 }
2335
2336 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2337 static void queue_rawiso_event(struct file_info *fi)
2338 {
2339         unsigned long flags;
2340
2341         spin_lock_irqsave(&fi->reqlists_lock, flags);
2342
2343         /* only one ISO activity event may be in the queue */
2344         if (!__rawiso_event_in_queue(fi)) {
2345                 struct pending_request *req =
2346                     __alloc_pending_request(SLAB_ATOMIC);
2347
2348                 if (req) {
2349                         req->file_info = fi;
2350                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2351                         req->req.generation = get_hpsb_generation(fi->host);
2352                         __queue_complete_req(req);
2353                 } else {
2354                         /* on allocation failure, signal an overflow */
2355                         if (fi->iso_handle) {
2356                                 atomic_inc(&fi->iso_handle->overflows);
2357                         }
2358                 }
2359         }
2360         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2361 }
2362
2363 static void rawiso_activity_cb(struct hpsb_iso *iso)
2364 {
2365         unsigned long flags;
2366         struct host_info *hi;
2367         struct file_info *fi;
2368
2369         spin_lock_irqsave(&host_info_lock, flags);
2370         hi = find_host_info(iso->host);
2371
2372         if (hi != NULL) {
2373                 list_for_each_entry(fi, &hi->file_info_list, list) {
2374                         if (fi->iso_handle == iso)
2375                                 queue_rawiso_event(fi);
2376                 }
2377         }
2378
2379         spin_unlock_irqrestore(&host_info_lock, flags);
2380 }
2381
2382 /* helper function - gather all the kernel iso status bits for returning to user-space */
2383 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2384                                     struct raw1394_iso_status *stat)
2385 {
2386         stat->config.data_buf_size = iso->buf_size;
2387         stat->config.buf_packets = iso->buf_packets;
2388         stat->config.channel = iso->channel;
2389         stat->config.speed = iso->speed;
2390         stat->config.irq_interval = iso->irq_interval;
2391         stat->n_packets = hpsb_iso_n_ready(iso);
2392         stat->overflows = atomic_read(&iso->overflows);
2393         stat->xmit_cycle = iso->xmit_cycle;
2394 }
2395
2396 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2397 {
2398         struct raw1394_iso_status stat;
2399
2400         if (!fi->host)
2401                 return -EINVAL;
2402
2403         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2404                 return -EFAULT;
2405
2406         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2407                                             stat.config.data_buf_size,
2408                                             stat.config.buf_packets,
2409                                             stat.config.channel,
2410                                             stat.config.speed,
2411                                             stat.config.irq_interval,
2412                                             rawiso_activity_cb);
2413         if (!fi->iso_handle)
2414                 return -ENOMEM;
2415
2416         fi->iso_state = RAW1394_ISO_XMIT;
2417
2418         raw1394_iso_fill_status(fi->iso_handle, &stat);
2419         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2420                 return -EFAULT;
2421
2422         /* queue an event to get things started */
2423         rawiso_activity_cb(fi->iso_handle);
2424
2425         return 0;
2426 }
2427
2428 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2429 {
2430         struct raw1394_iso_status stat;
2431
2432         if (!fi->host)
2433                 return -EINVAL;
2434
2435         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2436                 return -EFAULT;
2437
2438         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2439                                             stat.config.data_buf_size,
2440                                             stat.config.buf_packets,
2441                                             stat.config.channel,
2442                                             stat.config.dma_mode,
2443                                             stat.config.irq_interval,
2444                                             rawiso_activity_cb);
2445         if (!fi->iso_handle)
2446                 return -ENOMEM;
2447
2448         fi->iso_state = RAW1394_ISO_RECV;
2449
2450         raw1394_iso_fill_status(fi->iso_handle, &stat);
2451         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2452                 return -EFAULT;
2453         return 0;
2454 }
2455
2456 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2457 {
2458         struct raw1394_iso_status stat;
2459         struct hpsb_iso *iso = fi->iso_handle;
2460
2461         raw1394_iso_fill_status(fi->iso_handle, &stat);
2462         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2463                 return -EFAULT;
2464
2465         /* reset overflow counter */
2466         atomic_set(&iso->overflows, 0);
2467
2468         return 0;
2469 }
2470
2471 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2472 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2473 {
2474         struct raw1394_iso_packets upackets;
2475         unsigned int packet = fi->iso_handle->first_packet;
2476         int i;
2477
2478         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2479                 return -EFAULT;
2480
2481         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2482                 return -EINVAL;
2483
2484         /* ensure user-supplied buffer is accessible and big enough */
2485         if (!access_ok(VERIFY_WRITE, upackets.infos,
2486                         upackets.n_packets *
2487                         sizeof(struct raw1394_iso_packet_info)))
2488                 return -EFAULT;
2489
2490         /* copy the packet_infos out */
2491         for (i = 0; i < upackets.n_packets; i++) {
2492                 if (__copy_to_user(&upackets.infos[i],
2493                                    &fi->iso_handle->infos[packet],
2494                                    sizeof(struct raw1394_iso_packet_info)))
2495                         return -EFAULT;
2496
2497                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2498         }
2499
2500         return 0;
2501 }
2502
2503 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2504 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2505 {
2506         struct raw1394_iso_packets upackets;
2507         int i, rv;
2508
2509         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2510                 return -EFAULT;
2511
2512         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2513                 return -EINVAL;
2514
2515         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2516                 return -EAGAIN;
2517
2518         /* ensure user-supplied buffer is accessible and big enough */
2519         if (!access_ok(VERIFY_READ, upackets.infos,
2520                         upackets.n_packets *
2521                         sizeof(struct raw1394_iso_packet_info)))
2522                 return -EFAULT;
2523
2524         /* copy the infos structs in and queue the packets */
2525         for (i = 0; i < upackets.n_packets; i++) {
2526                 struct raw1394_iso_packet_info info;
2527
2528                 if (__copy_from_user(&info, &upackets.infos[i],
2529                                      sizeof(struct raw1394_iso_packet_info)))
2530                         return -EFAULT;
2531
2532                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2533                                                 info.len, info.tag, info.sy);
2534                 if (rv)
2535                         return rv;
2536         }
2537
2538         return 0;
2539 }
2540
2541 static void raw1394_iso_shutdown(struct file_info *fi)
2542 {
2543         if (fi->iso_handle)
2544                 hpsb_iso_shutdown(fi->iso_handle);
2545
2546         fi->iso_handle = NULL;
2547         fi->iso_state = RAW1394_ISO_INACTIVE;
2548 }
2549
2550 /* mmap the rawiso xmit/recv buffer */
2551 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2552 {
2553         struct file_info *fi = file->private_data;
2554
2555         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2556                 return -EINVAL;
2557
2558         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2559 }
2560
2561 /* ioctl is only used for rawiso operations */
2562 static int raw1394_ioctl(struct inode *inode, struct file *file,
2563                          unsigned int cmd, unsigned long arg)
2564 {
2565         struct file_info *fi = file->private_data;
2566         void __user *argp = (void __user *)arg;
2567
2568         switch (fi->iso_state) {
2569         case RAW1394_ISO_INACTIVE:
2570                 switch (cmd) {
2571                 case RAW1394_IOC_ISO_XMIT_INIT:
2572                         return raw1394_iso_xmit_init(fi, argp);
2573                 case RAW1394_IOC_ISO_RECV_INIT:
2574                         return raw1394_iso_recv_init(fi, argp);
2575                 default:
2576                         break;
2577                 }
2578                 break;
2579         case RAW1394_ISO_RECV:
2580                 switch (cmd) {
2581                 case RAW1394_IOC_ISO_RECV_START:{
2582                                 /* copy args from user-space */
2583                                 int args[3];
2584                                 if (copy_from_user
2585                                     (&args[0], argp, sizeof(args)))
2586                                         return -EFAULT;
2587                                 return hpsb_iso_recv_start(fi->iso_handle,
2588                                                            args[0], args[1],
2589                                                            args[2]);
2590                         }
2591                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2592                         hpsb_iso_stop(fi->iso_handle);
2593                         return 0;
2594                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2595                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2596                                                             arg);
2597                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2598                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2599                                                               arg);
2600                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2601                                 /* copy the u64 from user-space */
2602                                 u64 mask;
2603                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2604                                         return -EFAULT;
2605                                 return hpsb_iso_recv_set_channel_mask(fi->
2606                                                                       iso_handle,
2607                                                                       mask);
2608                         }
2609                 case RAW1394_IOC_ISO_GET_STATUS:
2610                         return raw1394_iso_get_status(fi, argp);
2611                 case RAW1394_IOC_ISO_RECV_PACKETS:
2612                         return raw1394_iso_recv_packets(fi, argp);
2613                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2614                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2615                                                              arg);
2616                 case RAW1394_IOC_ISO_RECV_FLUSH:
2617                         return hpsb_iso_recv_flush(fi->iso_handle);
2618                 case RAW1394_IOC_ISO_SHUTDOWN:
2619                         raw1394_iso_shutdown(fi);
2620                         return 0;
2621                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2622                         queue_rawiso_event(fi);
2623                         return 0;
2624                 }
2625                 break;
2626         case RAW1394_ISO_XMIT:
2627                 switch (cmd) {
2628                 case RAW1394_IOC_ISO_XMIT_START:{
2629                                 /* copy two ints from user-space */
2630                                 int args[2];
2631                                 if (copy_from_user
2632                                     (&args[0], argp, sizeof(args)))
2633                                         return -EFAULT;
2634                                 return hpsb_iso_xmit_start(fi->iso_handle,
2635                                                            args[0], args[1]);
2636                         }
2637                 case RAW1394_IOC_ISO_XMIT_SYNC:
2638                         return hpsb_iso_xmit_sync(fi->iso_handle);
2639                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2640                         hpsb_iso_stop(fi->iso_handle);
2641                         return 0;
2642                 case RAW1394_IOC_ISO_GET_STATUS:
2643                         return raw1394_iso_get_status(fi, argp);
2644                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2645                         return raw1394_iso_send_packets(fi, argp);
2646                 case RAW1394_IOC_ISO_SHUTDOWN:
2647                         raw1394_iso_shutdown(fi);
2648                         return 0;
2649                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2650                         queue_rawiso_event(fi);
2651                         return 0;
2652                 }
2653                 break;
2654         default:
2655                 break;
2656         }
2657
2658         return -EINVAL;
2659 }
2660
2661 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2662 {
2663         struct file_info *fi = file->private_data;
2664         unsigned int mask = POLLOUT | POLLWRNORM;
2665         unsigned long flags;
2666
2667         poll_wait(file, &fi->poll_wait_complete, pt);
2668
2669         spin_lock_irqsave(&fi->reqlists_lock, flags);
2670         if (!list_empty(&fi->req_complete)) {
2671                 mask |= POLLIN | POLLRDNORM;
2672         }
2673         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2674
2675         return mask;
2676 }
2677
2678 static int raw1394_open(struct inode *inode, struct file *file)
2679 {
2680         struct file_info *fi;
2681
2682         fi = kzalloc(sizeof(*fi), SLAB_KERNEL);
2683         if (!fi)
2684                 return -ENOMEM;
2685
2686         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2687
2688         INIT_LIST_HEAD(&fi->list);
2689         fi->state = opened;
2690         INIT_LIST_HEAD(&fi->req_pending);
2691         INIT_LIST_HEAD(&fi->req_complete);
2692         sema_init(&fi->complete_sem, 0);
2693         spin_lock_init(&fi->reqlists_lock);
2694         init_waitqueue_head(&fi->poll_wait_complete);
2695         INIT_LIST_HEAD(&fi->addr_list);
2696
2697         file->private_data = fi;
2698
2699         return 0;
2700 }
2701
2702 static int raw1394_release(struct inode *inode, struct file *file)
2703 {
2704         struct file_info *fi = file->private_data;
2705         struct list_head *lh;
2706         struct pending_request *req;
2707         int done = 0, i, fail = 0;
2708         int retval = 0;
2709         struct list_head *entry;
2710         struct arm_addr *addr = NULL;
2711         struct host_info *hi;
2712         struct file_info *fi_hlp = NULL;
2713         struct arm_addr *arm_addr = NULL;
2714         int another_host;
2715         int csr_mod = 0;
2716         unsigned long flags;
2717
2718         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2719                 raw1394_iso_shutdown(fi);
2720
2721         for (i = 0; i < 64; i++) {
2722                 if (fi->listen_channels & (1ULL << i)) {
2723                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2724                 }
2725         }
2726
2727         spin_lock_irqsave(&host_info_lock, flags);
2728         fi->listen_channels = 0;
2729
2730         fail = 0;
2731         /* set address-entries invalid */
2732
2733         while (!list_empty(&fi->addr_list)) {
2734                 another_host = 0;
2735                 lh = fi->addr_list.next;
2736                 addr = list_entry(lh, struct arm_addr, addr_list);
2737                 /* another host with valid address-entry containing
2738                    same addressrange? */
2739                 list_for_each_entry(hi, &host_info_list, list) {
2740                         if (hi->host != fi->host) {
2741                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2742                                                     list) {
2743                                         entry = fi_hlp->addr_list.next;
2744                                         while (entry != &(fi_hlp->addr_list)) {
2745                                                 arm_addr = list_entry(entry,
2746                                                                       struct
2747                                                                       arm_addr,
2748                                                                       addr_list);
2749                                                 if (arm_addr->start ==
2750                                                     addr->start) {
2751                                                         DBGMSG
2752                                                             ("raw1394_release: "
2753                                                              "another host ownes "
2754                                                              "same addressrange");
2755                                                         another_host = 1;
2756                                                         break;
2757                                                 }
2758                                                 entry = entry->next;
2759                                         }
2760                                         if (another_host) {
2761                                                 break;
2762                                         }
2763                                 }
2764                         }
2765                 }
2766                 if (!another_host) {
2767                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2768                         retval =
2769                             hpsb_unregister_addrspace(&raw1394_highlevel,
2770                                                       fi->host, addr->start);
2771                         if (!retval) {
2772                                 ++fail;
2773                                 printk(KERN_ERR
2774                                        "raw1394_release arm_Unregister failed\n");
2775                         }
2776                 }
2777                 DBGMSG("raw1394_release: delete addr_entry from list");
2778                 list_del(&addr->addr_list);
2779                 vfree(addr->addr_space_buffer);
2780                 kfree(addr);
2781         }                       /* while */
2782         spin_unlock_irqrestore(&host_info_lock, flags);
2783         if (fail > 0) {
2784                 printk(KERN_ERR "raw1394: during addr_list-release "
2785                        "error(s) occurred \n");
2786         }
2787
2788         while (!done) {
2789                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2790
2791                 while (!list_empty(&fi->req_complete)) {
2792                         lh = fi->req_complete.next;
2793                         list_del(lh);
2794
2795                         req = list_entry(lh, struct pending_request, list);
2796
2797                         free_pending_request(req);
2798                 }
2799
2800                 if (list_empty(&fi->req_pending))
2801                         done = 1;
2802
2803                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2804
2805                 if (!done)
2806                         down_interruptible(&fi->complete_sem);
2807         }
2808
2809         /* Remove any sub-trees left by user space programs */
2810         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2811                 struct csr1212_dentry *dentry;
2812                 if (!fi->csr1212_dirs[i])
2813                         continue;
2814                 for (dentry =
2815                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2816                      dentry = dentry->next) {
2817                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2818                                                              root_kv,
2819                                                              dentry->kv);
2820                 }
2821                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2822                 fi->csr1212_dirs[i] = NULL;
2823                 csr_mod = 1;
2824         }
2825
2826         if ((csr_mod || fi->cfgrom_upd)
2827             && hpsb_update_config_rom_image(fi->host) < 0)
2828                 HPSB_ERR
2829                     ("Failed to generate Configuration ROM image for host %d",
2830                      fi->host->id);
2831
2832         if (fi->state == connected) {
2833                 spin_lock_irqsave(&host_info_lock, flags);
2834                 list_del(&fi->list);
2835                 spin_unlock_irqrestore(&host_info_lock, flags);
2836
2837                 put_device(&fi->host->device);
2838         }
2839
2840         kfree(fi);
2841
2842         return 0;
2843 }
2844
2845 /*** HOTPLUG STUFF **********************************************************/
2846 /*
2847  * Export information about protocols/devices supported by this driver.
2848  */
2849 static struct ieee1394_device_id raw1394_id_table[] = {
2850         {
2851          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2852          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2853          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2854         {
2855          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2856          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2857          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2858         {
2859          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2860          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2861          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2862         {
2863          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2864          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2865          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2866         {}
2867 };
2868
2869 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2870
2871 static struct hpsb_protocol_driver raw1394_driver = {
2872         .name = "raw1394 Driver",
2873         .id_table = raw1394_id_table,
2874         .driver = {
2875                    .name = "raw1394",
2876                    .bus = &ieee1394_bus_type,
2877                    },
2878 };
2879
2880 /******************************************************************************/
2881
2882 static struct hpsb_highlevel raw1394_highlevel = {
2883         .name = RAW1394_DEVICE_NAME,
2884         .add_host = add_host,
2885         .remove_host = remove_host,
2886         .host_reset = host_reset,
2887         .iso_receive = iso_receive,
2888         .fcp_request = fcp_request,
2889 };
2890
2891 static struct cdev raw1394_cdev;
2892 static struct file_operations raw1394_fops = {
2893         .owner = THIS_MODULE,
2894         .read = raw1394_read,
2895         .write = raw1394_write,
2896         .mmap = raw1394_mmap,
2897         .ioctl = raw1394_ioctl,
2898         .poll = raw1394_poll,
2899         .open = raw1394_open,
2900         .release = raw1394_release,
2901 };
2902
2903 static int __init init_raw1394(void)
2904 {
2905         int ret = 0;
2906
2907         hpsb_register_highlevel(&raw1394_highlevel);
2908
2909         if (IS_ERR(class_device_create(hpsb_protocol_class, NULL, MKDEV(
2910                 IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), 
2911                 NULL, RAW1394_DEVICE_NAME))) {
2912                 ret = -EFAULT;
2913                 goto out_unreg;
2914         }
2915         
2916         devfs_mk_cdev(MKDEV(
2917                 IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16),
2918                 S_IFCHR | S_IRUSR | S_IWUSR, RAW1394_DEVICE_NAME);
2919
2920         cdev_init(&raw1394_cdev, &raw1394_fops);
2921         raw1394_cdev.owner = THIS_MODULE;
2922         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
2923         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
2924         if (ret) {
2925                 HPSB_ERR("raw1394 failed to register minor device block");
2926                 goto out_dev;
2927         }
2928
2929         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
2930
2931         ret = hpsb_register_protocol(&raw1394_driver);
2932         if (ret) {
2933                 HPSB_ERR("raw1394: failed to register protocol");
2934                 cdev_del(&raw1394_cdev);
2935                 goto out_dev;
2936         }
2937
2938         goto out;
2939
2940 out_dev:
2941         devfs_remove(RAW1394_DEVICE_NAME);
2942         class_device_destroy(hpsb_protocol_class,
2943                 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2944 out_unreg:
2945         hpsb_unregister_highlevel(&raw1394_highlevel);
2946 out:
2947         return ret;
2948 }
2949
2950 static void __exit cleanup_raw1394(void)
2951 {
2952         class_device_destroy(hpsb_protocol_class,
2953                 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16));
2954         cdev_del(&raw1394_cdev);
2955         devfs_remove(RAW1394_DEVICE_NAME);
2956         hpsb_unregister_highlevel(&raw1394_highlevel);
2957         hpsb_unregister_protocol(&raw1394_driver);
2958 }
2959
2960 module_init(init_raw1394);
2961 module_exit(cleanup_raw1394);
2962 MODULE_LICENSE("GPL");