Merge branch 'for-linus' of ssh://master.kernel.org/pub/scm/linux/kernel/git/ieee1394...
[pandora-kernel.git] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
58
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
61
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
65
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
72
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
77
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
80
81 static struct hpsb_highlevel raw1394_highlevel;
82
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84                     u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86                      quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89                     u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92                       u16 flags);
93 static struct hpsb_address_ops arm_ops = {
94         .read = arm_read,
95         .write = arm_write,
96         .lock = arm_lock,
97         .lock64 = arm_lock64,
98 };
99
100 static void queue_complete_cb(struct pending_request *req);
101
102 #include <asm/current.h>
103 static void print_old_iso_deprecation(void)
104 {
105         static pid_t p;
106
107         if (p == current->pid)
108                 return;
109         p = current->pid;
110         printk(KERN_WARNING "raw1394: WARNING - Program \"%s\" uses unsupported"
111                " isochronous request types which will be removed in a next"
112                " kernel release\n", current->comm);
113         printk(KERN_WARNING "raw1394: Update your software to use libraw1394's"
114                " newer interface\n");
115 }
116
117 static struct pending_request *__alloc_pending_request(gfp_t flags)
118 {
119         struct pending_request *req;
120
121         req = kzalloc(sizeof(*req), flags);
122         if (req)
123                 INIT_LIST_HEAD(&req->list);
124
125         return req;
126 }
127
128 static inline struct pending_request *alloc_pending_request(void)
129 {
130         return __alloc_pending_request(GFP_KERNEL);
131 }
132
133 static void free_pending_request(struct pending_request *req)
134 {
135         if (req->ibs) {
136                 if (atomic_dec_and_test(&req->ibs->refcount)) {
137                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
138                         kfree(req->ibs);
139                 }
140         } else if (req->free_data) {
141                 kfree(req->data);
142         }
143         hpsb_free_packet(req->packet);
144         kfree(req);
145 }
146
147 /* fi->reqlists_lock must be taken */
148 static void __queue_complete_req(struct pending_request *req)
149 {
150         struct file_info *fi = req->file_info;
151
152         list_move_tail(&req->list, &fi->req_complete);
153         wake_up(&fi->wait_complete);
154 }
155
156 static void queue_complete_req(struct pending_request *req)
157 {
158         unsigned long flags;
159         struct file_info *fi = req->file_info;
160
161         spin_lock_irqsave(&fi->reqlists_lock, flags);
162         __queue_complete_req(req);
163         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
164 }
165
166 static void queue_complete_cb(struct pending_request *req)
167 {
168         struct hpsb_packet *packet = req->packet;
169         int rcode = (packet->header[1] >> 12) & 0xf;
170
171         switch (packet->ack_code) {
172         case ACKX_NONE:
173         case ACKX_SEND_ERROR:
174                 req->req.error = RAW1394_ERROR_SEND_ERROR;
175                 break;
176         case ACKX_ABORTED:
177                 req->req.error = RAW1394_ERROR_ABORTED;
178                 break;
179         case ACKX_TIMEOUT:
180                 req->req.error = RAW1394_ERROR_TIMEOUT;
181                 break;
182         default:
183                 req->req.error = (packet->ack_code << 16) | rcode;
184                 break;
185         }
186
187         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
188                 req->req.length = 0;
189         }
190
191         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
192             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
193             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
194             (req->req.type == RAW1394_REQ_LOCK) ||
195             (req->req.type == RAW1394_REQ_LOCK64))
196                 hpsb_free_tlabel(packet);
197
198         queue_complete_req(req);
199 }
200
201 static void add_host(struct hpsb_host *host)
202 {
203         struct host_info *hi;
204         unsigned long flags;
205
206         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
207
208         if (hi) {
209                 INIT_LIST_HEAD(&hi->list);
210                 hi->host = host;
211                 INIT_LIST_HEAD(&hi->file_info_list);
212
213                 spin_lock_irqsave(&host_info_lock, flags);
214                 list_add_tail(&hi->list, &host_info_list);
215                 host_count++;
216                 spin_unlock_irqrestore(&host_info_lock, flags);
217         }
218
219         atomic_inc(&internal_generation);
220 }
221
222 static struct host_info *find_host_info(struct hpsb_host *host)
223 {
224         struct host_info *hi;
225
226         list_for_each_entry(hi, &host_info_list, list)
227             if (hi->host == host)
228                 return hi;
229
230         return NULL;
231 }
232
233 static void remove_host(struct hpsb_host *host)
234 {
235         struct host_info *hi;
236         unsigned long flags;
237
238         spin_lock_irqsave(&host_info_lock, flags);
239         hi = find_host_info(host);
240
241         if (hi != NULL) {
242                 list_del(&hi->list);
243                 host_count--;
244                 /*
245                    FIXME: address ranges should be removed
246                    and fileinfo states should be initialized
247                    (including setting generation to
248                    internal-generation ...)
249                  */
250         }
251         spin_unlock_irqrestore(&host_info_lock, flags);
252
253         if (hi == NULL) {
254                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
255                        "0x%p\n", host);
256                 return;
257         }
258
259         kfree(hi);
260
261         atomic_inc(&internal_generation);
262 }
263
264 static void host_reset(struct hpsb_host *host)
265 {
266         unsigned long flags;
267         struct host_info *hi;
268         struct file_info *fi;
269         struct pending_request *req;
270
271         spin_lock_irqsave(&host_info_lock, flags);
272         hi = find_host_info(host);
273
274         if (hi != NULL) {
275                 list_for_each_entry(fi, &hi->file_info_list, list) {
276                         if (fi->notification == RAW1394_NOTIFY_ON) {
277                                 req = __alloc_pending_request(GFP_ATOMIC);
278
279                                 if (req != NULL) {
280                                         req->file_info = fi;
281                                         req->req.type = RAW1394_REQ_BUS_RESET;
282                                         req->req.generation =
283                                             get_hpsb_generation(host);
284                                         req->req.misc = (host->node_id << 16)
285                                             | host->node_count;
286                                         if (fi->protocol_version > 3) {
287                                                 req->req.misc |=
288                                                     (NODEID_TO_NODE
289                                                      (host->irm_id)
290                                                      << 8);
291                                         }
292
293                                         queue_complete_req(req);
294                                 }
295                         }
296                 }
297         }
298         spin_unlock_irqrestore(&host_info_lock, flags);
299 }
300
301 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
302                         size_t length)
303 {
304         unsigned long flags;
305         struct host_info *hi;
306         struct file_info *fi;
307         struct pending_request *req, *req_next;
308         struct iso_block_store *ibs = NULL;
309         LIST_HEAD(reqs);
310
311         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
312                 HPSB_INFO("dropped iso packet");
313                 return;
314         }
315
316         spin_lock_irqsave(&host_info_lock, flags);
317         hi = find_host_info(host);
318
319         if (hi != NULL) {
320                 list_for_each_entry(fi, &hi->file_info_list, list) {
321                         if (!(fi->listen_channels & (1ULL << channel)))
322                                 continue;
323
324                         req = __alloc_pending_request(GFP_ATOMIC);
325                         if (!req)
326                                 break;
327
328                         if (!ibs) {
329                                 ibs = kmalloc(sizeof(*ibs) + length,
330                                               GFP_ATOMIC);
331                                 if (!ibs) {
332                                         kfree(req);
333                                         break;
334                                 }
335
336                                 atomic_add(length, &iso_buffer_size);
337                                 atomic_set(&ibs->refcount, 0);
338                                 ibs->data_size = length;
339                                 memcpy(ibs->data, data, length);
340                         }
341
342                         atomic_inc(&ibs->refcount);
343
344                         req->file_info = fi;
345                         req->ibs = ibs;
346                         req->data = ibs->data;
347                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
348                         req->req.generation = get_hpsb_generation(host);
349                         req->req.misc = 0;
350                         req->req.recvb = ptr2int(fi->iso_buffer);
351                         req->req.length = min(length, fi->iso_buffer_length);
352
353                         list_add_tail(&req->list, &reqs);
354                 }
355         }
356         spin_unlock_irqrestore(&host_info_lock, flags);
357
358         list_for_each_entry_safe(req, req_next, &reqs, list)
359             queue_complete_req(req);
360 }
361
362 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
363                         int cts, u8 * data, size_t length)
364 {
365         unsigned long flags;
366         struct host_info *hi;
367         struct file_info *fi;
368         struct pending_request *req, *req_next;
369         struct iso_block_store *ibs = NULL;
370         LIST_HEAD(reqs);
371
372         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
373                 HPSB_INFO("dropped fcp request");
374                 return;
375         }
376
377         spin_lock_irqsave(&host_info_lock, flags);
378         hi = find_host_info(host);
379
380         if (hi != NULL) {
381                 list_for_each_entry(fi, &hi->file_info_list, list) {
382                         if (!fi->fcp_buffer)
383                                 continue;
384
385                         req = __alloc_pending_request(GFP_ATOMIC);
386                         if (!req)
387                                 break;
388
389                         if (!ibs) {
390                                 ibs = kmalloc(sizeof(*ibs) + length,
391                                               GFP_ATOMIC);
392                                 if (!ibs) {
393                                         kfree(req);
394                                         break;
395                                 }
396
397                                 atomic_add(length, &iso_buffer_size);
398                                 atomic_set(&ibs->refcount, 0);
399                                 ibs->data_size = length;
400                                 memcpy(ibs->data, data, length);
401                         }
402
403                         atomic_inc(&ibs->refcount);
404
405                         req->file_info = fi;
406                         req->ibs = ibs;
407                         req->data = ibs->data;
408                         req->req.type = RAW1394_REQ_FCP_REQUEST;
409                         req->req.generation = get_hpsb_generation(host);
410                         req->req.misc = nodeid | (direction << 16);
411                         req->req.recvb = ptr2int(fi->fcp_buffer);
412                         req->req.length = length;
413
414                         list_add_tail(&req->list, &reqs);
415                 }
416         }
417         spin_unlock_irqrestore(&host_info_lock, flags);
418
419         list_for_each_entry_safe(req, req_next, &reqs, list)
420             queue_complete_req(req);
421 }
422
423 #ifdef CONFIG_COMPAT
424 struct compat_raw1394_req {
425         __u32 type;
426         __s32 error;
427         __u32 misc;
428
429         __u32 generation;
430         __u32 length;
431
432         __u64 address;
433
434         __u64 tag;
435
436         __u64 sendb;
437         __u64 recvb;
438 } __attribute__((packed));
439
440 static const char __user *raw1394_compat_write(const char __user *buf)
441 {
442         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
443         struct raw1394_request __user *r;
444         r = compat_alloc_user_space(sizeof(struct raw1394_request));
445
446 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
447
448         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
449             C(address) ||
450             C(tag) ||
451             C(sendb) ||
452             C(recvb))
453                 return ERR_PTR(-EFAULT);
454         return (const char __user *)r;
455 }
456 #undef C
457
458 #define P(x) __put_user(r->x, &cr->x)
459
460 static int
461 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
462 {
463         struct compat_raw1394_req __user *cr = (typeof(cr)) r;
464         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
465             P(type) ||
466             P(error) ||
467             P(misc) ||
468             P(generation) ||
469             P(length) ||
470             P(address) ||
471             P(tag) ||
472             P(sendb) ||
473             P(recvb))
474                 return -EFAULT;
475         return sizeof(struct compat_raw1394_req);
476 }
477 #undef P
478
479 #endif
480
481 /* get next completed request  (caller must hold fi->reqlists_lock) */
482 static inline struct pending_request *__next_complete_req(struct file_info *fi)
483 {
484         struct list_head *lh;
485         struct pending_request *req = NULL;
486
487         if (!list_empty(&fi->req_complete)) {
488                 lh = fi->req_complete.next;
489                 list_del(lh);
490                 req = list_entry(lh, struct pending_request, list);
491         }
492         return req;
493 }
494
495 /* atomically get next completed request */
496 static struct pending_request *next_complete_req(struct file_info *fi)
497 {
498         unsigned long flags;
499         struct pending_request *req;
500
501         spin_lock_irqsave(&fi->reqlists_lock, flags);
502         req = __next_complete_req(fi);
503         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
504         return req;
505 }
506
507 static ssize_t raw1394_read(struct file *file, char __user * buffer,
508                             size_t count, loff_t * offset_is_ignored)
509 {
510         struct file_info *fi = (struct file_info *)file->private_data;
511         struct pending_request *req;
512         ssize_t ret;
513
514 #ifdef CONFIG_COMPAT
515         if (count == sizeof(struct compat_raw1394_req)) {
516                 /* ok */
517         } else
518 #endif
519         if (count != sizeof(struct raw1394_request)) {
520                 return -EINVAL;
521         }
522
523         if (!access_ok(VERIFY_WRITE, buffer, count)) {
524                 return -EFAULT;
525         }
526
527         if (file->f_flags & O_NONBLOCK) {
528                 if (!(req = next_complete_req(fi)))
529                         return -EAGAIN;
530         } else {
531                 /*
532                  * NB: We call the macro wait_event_interruptible() with a
533                  * condition argument with side effect.  This is only possible
534                  * because the side effect does not occur until the condition
535                  * became true, and wait_event_interruptible() won't evaluate
536                  * the condition again after that.
537                  */
538                 if (wait_event_interruptible(fi->wait_complete,
539                                              (req = next_complete_req(fi))))
540                         return -ERESTARTSYS;
541         }
542
543         if (req->req.length) {
544                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
545                                  req->req.length)) {
546                         req->req.error = RAW1394_ERROR_MEMFAULT;
547                 }
548         }
549
550 #ifdef CONFIG_COMPAT
551         if (count == sizeof(struct compat_raw1394_req) &&
552             sizeof(struct compat_raw1394_req) !=
553                         sizeof(struct raw1394_request)) {
554                 ret = raw1394_compat_read(buffer, &req->req);
555         } else
556 #endif
557         {
558                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
559                         ret = -EFAULT;
560                         goto out;
561                 }
562                 ret = (ssize_t) sizeof(struct raw1394_request);
563         }
564       out:
565         free_pending_request(req);
566         return ret;
567 }
568
569 static int state_opened(struct file_info *fi, struct pending_request *req)
570 {
571         if (req->req.type == RAW1394_REQ_INITIALIZE) {
572                 switch (req->req.misc) {
573                 case RAW1394_KERNELAPI_VERSION:
574                 case 3:
575                         fi->state = initialized;
576                         fi->protocol_version = req->req.misc;
577                         req->req.error = RAW1394_ERROR_NONE;
578                         req->req.generation = atomic_read(&internal_generation);
579                         break;
580
581                 default:
582                         req->req.error = RAW1394_ERROR_COMPAT;
583                         req->req.misc = RAW1394_KERNELAPI_VERSION;
584                 }
585         } else {
586                 req->req.error = RAW1394_ERROR_STATE_ORDER;
587         }
588
589         req->req.length = 0;
590         queue_complete_req(req);
591         return sizeof(struct raw1394_request);
592 }
593
594 static int state_initialized(struct file_info *fi, struct pending_request *req)
595 {
596         unsigned long flags;
597         struct host_info *hi;
598         struct raw1394_khost_list *khl;
599
600         if (req->req.generation != atomic_read(&internal_generation)) {
601                 req->req.error = RAW1394_ERROR_GENERATION;
602                 req->req.generation = atomic_read(&internal_generation);
603                 req->req.length = 0;
604                 queue_complete_req(req);
605                 return sizeof(struct raw1394_request);
606         }
607
608         switch (req->req.type) {
609         case RAW1394_REQ_LIST_CARDS:
610                 spin_lock_irqsave(&host_info_lock, flags);
611                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
612
613                 if (khl) {
614                         req->req.misc = host_count;
615                         req->data = (quadlet_t *) khl;
616
617                         list_for_each_entry(hi, &host_info_list, list) {
618                                 khl->nodes = hi->host->node_count;
619                                 strcpy(khl->name, hi->host->driver->name);
620                                 khl++;
621                         }
622                 }
623                 spin_unlock_irqrestore(&host_info_lock, flags);
624
625                 if (khl) {
626                         req->req.error = RAW1394_ERROR_NONE;
627                         req->req.length = min(req->req.length,
628                                               (u32) (sizeof
629                                                      (struct raw1394_khost_list)
630                                                      * req->req.misc));
631                         req->free_data = 1;
632                 } else {
633                         return -ENOMEM;
634                 }
635                 break;
636
637         case RAW1394_REQ_SET_CARD:
638                 spin_lock_irqsave(&host_info_lock, flags);
639                 if (req->req.misc >= host_count) {
640                         req->req.error = RAW1394_ERROR_INVALID_ARG;
641                         goto out_set_card;
642                 }
643                 list_for_each_entry(hi, &host_info_list, list)
644                         if (!req->req.misc--)
645                                 break;
646                 get_device(&hi->host->device); /* FIXME handle failure case */
647                 list_add_tail(&fi->list, &hi->file_info_list);
648
649                 /* prevent unloading of the host's low-level driver */
650                 if (!try_module_get(hi->host->driver->owner)) {
651                         req->req.error = RAW1394_ERROR_ABORTED;
652                         goto out_set_card;
653                 }
654                 WARN_ON(fi->host);
655                 fi->host = hi->host;
656                 fi->state = connected;
657
658                 req->req.error = RAW1394_ERROR_NONE;
659                 req->req.generation = get_hpsb_generation(fi->host);
660                 req->req.misc = (fi->host->node_id << 16)
661                                 | fi->host->node_count;
662                 if (fi->protocol_version > 3)
663                         req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
664 out_set_card:
665                 spin_unlock_irqrestore(&host_info_lock, flags);
666
667                 req->req.length = 0;
668                 break;
669
670         default:
671                 req->req.error = RAW1394_ERROR_STATE_ORDER;
672                 req->req.length = 0;
673                 break;
674         }
675
676         queue_complete_req(req);
677         return sizeof(struct raw1394_request);
678 }
679
680 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
681 {
682         int channel = req->req.misc;
683
684         if ((channel > 63) || (channel < -64)) {
685                 req->req.error = RAW1394_ERROR_INVALID_ARG;
686         } else if (channel >= 0) {
687                 /* allocate channel req.misc */
688                 if (fi->listen_channels & (1ULL << channel)) {
689                         req->req.error = RAW1394_ERROR_ALREADY;
690                 } else {
691                         if (hpsb_listen_channel
692                             (&raw1394_highlevel, fi->host, channel)) {
693                                 req->req.error = RAW1394_ERROR_ALREADY;
694                         } else {
695                                 fi->listen_channels |= 1ULL << channel;
696                                 fi->iso_buffer = int2ptr(req->req.recvb);
697                                 fi->iso_buffer_length = req->req.length;
698                         }
699                 }
700         } else {
701                 /* deallocate channel (one's complement neg) req.misc */
702                 channel = ~channel;
703
704                 if (fi->listen_channels & (1ULL << channel)) {
705                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
706                                               channel);
707                         fi->listen_channels &= ~(1ULL << channel);
708                 } else {
709                         req->req.error = RAW1394_ERROR_INVALID_ARG;
710                 }
711         }
712
713         req->req.length = 0;
714         queue_complete_req(req);
715 }
716
717 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
718 {
719         if (req->req.misc) {
720                 if (fi->fcp_buffer) {
721                         req->req.error = RAW1394_ERROR_ALREADY;
722                 } else {
723                         fi->fcp_buffer = int2ptr(req->req.recvb);
724                 }
725         } else {
726                 if (!fi->fcp_buffer) {
727                         req->req.error = RAW1394_ERROR_ALREADY;
728                 } else {
729                         fi->fcp_buffer = NULL;
730                 }
731         }
732
733         req->req.length = 0;
734         queue_complete_req(req);
735 }
736
737 static int handle_async_request(struct file_info *fi,
738                                 struct pending_request *req, int node)
739 {
740         unsigned long flags;
741         struct hpsb_packet *packet = NULL;
742         u64 addr = req->req.address & 0xffffffffffffULL;
743
744         switch (req->req.type) {
745         case RAW1394_REQ_ASYNC_READ:
746                 DBGMSG("read_request called");
747                 packet =
748                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
749
750                 if (!packet)
751                         return -ENOMEM;
752
753                 if (req->req.length == 4)
754                         req->data = &packet->header[3];
755                 else
756                         req->data = packet->data;
757
758                 break;
759
760         case RAW1394_REQ_ASYNC_WRITE:
761                 DBGMSG("write_request called");
762
763                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
764                                                req->req.length);
765                 if (!packet)
766                         return -ENOMEM;
767
768                 if (req->req.length == 4) {
769                         if (copy_from_user
770                             (&packet->header[3], int2ptr(req->req.sendb),
771                              req->req.length))
772                                 req->req.error = RAW1394_ERROR_MEMFAULT;
773                 } else {
774                         if (copy_from_user
775                             (packet->data, int2ptr(req->req.sendb),
776                              req->req.length))
777                                 req->req.error = RAW1394_ERROR_MEMFAULT;
778                 }
779
780                 req->req.length = 0;
781                 break;
782
783         case RAW1394_REQ_ASYNC_STREAM:
784                 DBGMSG("stream_request called");
785
786                 packet =
787                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
788                                            node & 0x3f /*channel */ ,
789                                            (req->req.misc >> 16) & 0x3,
790                                            req->req.misc & 0xf);
791                 if (!packet)
792                         return -ENOMEM;
793
794                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
795                                    req->req.length))
796                         req->req.error = RAW1394_ERROR_MEMFAULT;
797
798                 req->req.length = 0;
799                 break;
800
801         case RAW1394_REQ_LOCK:
802                 DBGMSG("lock_request called");
803                 if ((req->req.misc == EXTCODE_FETCH_ADD)
804                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
805                         if (req->req.length != 4) {
806                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
807                                 break;
808                         }
809                 } else {
810                         if (req->req.length != 8) {
811                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
812                                 break;
813                         }
814                 }
815
816                 packet = hpsb_make_lockpacket(fi->host, node, addr,
817                                               req->req.misc, NULL, 0);
818                 if (!packet)
819                         return -ENOMEM;
820
821                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
822                                    req->req.length)) {
823                         req->req.error = RAW1394_ERROR_MEMFAULT;
824                         break;
825                 }
826
827                 req->data = packet->data;
828                 req->req.length = 4;
829                 break;
830
831         case RAW1394_REQ_LOCK64:
832                 DBGMSG("lock64_request called");
833                 if ((req->req.misc == EXTCODE_FETCH_ADD)
834                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
835                         if (req->req.length != 8) {
836                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
837                                 break;
838                         }
839                 } else {
840                         if (req->req.length != 16) {
841                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
842                                 break;
843                         }
844                 }
845                 packet = hpsb_make_lock64packet(fi->host, node, addr,
846                                                 req->req.misc, NULL, 0);
847                 if (!packet)
848                         return -ENOMEM;
849
850                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
851                                    req->req.length)) {
852                         req->req.error = RAW1394_ERROR_MEMFAULT;
853                         break;
854                 }
855
856                 req->data = packet->data;
857                 req->req.length = 8;
858                 break;
859
860         default:
861                 req->req.error = RAW1394_ERROR_STATE_ORDER;
862         }
863
864         req->packet = packet;
865
866         if (req->req.error) {
867                 req->req.length = 0;
868                 queue_complete_req(req);
869                 return sizeof(struct raw1394_request);
870         }
871
872         hpsb_set_packet_complete_task(packet,
873                                       (void (*)(void *))queue_complete_cb, req);
874
875         spin_lock_irqsave(&fi->reqlists_lock, flags);
876         list_add_tail(&req->list, &fi->req_pending);
877         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
878
879         packet->generation = req->req.generation;
880
881         if (hpsb_send_packet(packet) < 0) {
882                 req->req.error = RAW1394_ERROR_SEND_ERROR;
883                 req->req.length = 0;
884                 hpsb_free_tlabel(packet);
885                 queue_complete_req(req);
886         }
887         return sizeof(struct raw1394_request);
888 }
889
890 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
891                            int channel)
892 {
893         unsigned long flags;
894         struct hpsb_packet *packet;
895
896         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
897                                      (req->req.misc >> 16) & 0x3,
898                                      req->req.misc & 0xf);
899         if (!packet)
900                 return -ENOMEM;
901
902         packet->speed_code = req->req.address & 0x3;
903
904         req->packet = packet;
905
906         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
907                            req->req.length)) {
908                 req->req.error = RAW1394_ERROR_MEMFAULT;
909                 req->req.length = 0;
910                 queue_complete_req(req);
911                 return sizeof(struct raw1394_request);
912         }
913
914         req->req.length = 0;
915         hpsb_set_packet_complete_task(packet,
916                                       (void (*)(void *))queue_complete_req,
917                                       req);
918
919         spin_lock_irqsave(&fi->reqlists_lock, flags);
920         list_add_tail(&req->list, &fi->req_pending);
921         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
922
923         /* Update the generation of the packet just before sending. */
924         packet->generation = req->req.generation;
925
926         if (hpsb_send_packet(packet) < 0) {
927                 req->req.error = RAW1394_ERROR_SEND_ERROR;
928                 queue_complete_req(req);
929         }
930
931         return sizeof(struct raw1394_request);
932 }
933
934 static int handle_async_send(struct file_info *fi, struct pending_request *req)
935 {
936         unsigned long flags;
937         struct hpsb_packet *packet;
938         int header_length = req->req.misc & 0xffff;
939         int expect_response = req->req.misc >> 16;
940
941         if ((header_length > req->req.length) || (header_length < 12)) {
942                 req->req.error = RAW1394_ERROR_INVALID_ARG;
943                 req->req.length = 0;
944                 queue_complete_req(req);
945                 return sizeof(struct raw1394_request);
946         }
947
948         packet = hpsb_alloc_packet(req->req.length - header_length);
949         req->packet = packet;
950         if (!packet)
951                 return -ENOMEM;
952
953         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
954                            header_length)) {
955                 req->req.error = RAW1394_ERROR_MEMFAULT;
956                 req->req.length = 0;
957                 queue_complete_req(req);
958                 return sizeof(struct raw1394_request);
959         }
960
961         if (copy_from_user
962             (packet->data, int2ptr(req->req.sendb) + header_length,
963              packet->data_size)) {
964                 req->req.error = RAW1394_ERROR_MEMFAULT;
965                 req->req.length = 0;
966                 queue_complete_req(req);
967                 return sizeof(struct raw1394_request);
968         }
969
970         packet->type = hpsb_async;
971         packet->node_id = packet->header[0] >> 16;
972         packet->tcode = (packet->header[0] >> 4) & 0xf;
973         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
974         packet->host = fi->host;
975         packet->expect_response = expect_response;
976         packet->header_size = header_length;
977         packet->data_size = req->req.length - header_length;
978
979         req->req.length = 0;
980         hpsb_set_packet_complete_task(packet,
981                                       (void (*)(void *))queue_complete_cb, req);
982
983         spin_lock_irqsave(&fi->reqlists_lock, flags);
984         list_add_tail(&req->list, &fi->req_pending);
985         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
986
987         /* Update the generation of the packet just before sending. */
988         packet->generation = req->req.generation;
989
990         if (hpsb_send_packet(packet) < 0) {
991                 req->req.error = RAW1394_ERROR_SEND_ERROR;
992                 queue_complete_req(req);
993         }
994
995         return sizeof(struct raw1394_request);
996 }
997
998 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
999                     u64 addr, size_t length, u16 flags)
1000 {
1001         unsigned long irqflags;
1002         struct pending_request *req;
1003         struct host_info *hi;
1004         struct file_info *fi = NULL;
1005         struct list_head *entry;
1006         struct arm_addr *arm_addr = NULL;
1007         struct arm_request *arm_req = NULL;
1008         struct arm_response *arm_resp = NULL;
1009         int found = 0, size = 0, rcode = -1;
1010         struct arm_request_response *arm_req_resp = NULL;
1011
1012         DBGMSG("arm_read  called by node: %X"
1013                "addr: %4.4x %8.8x length: %Zu", nodeid,
1014                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1015                length);
1016         spin_lock_irqsave(&host_info_lock, irqflags);
1017         hi = find_host_info(host);      /* search address-entry */
1018         if (hi != NULL) {
1019                 list_for_each_entry(fi, &hi->file_info_list, list) {
1020                         entry = fi->addr_list.next;
1021                         while (entry != &(fi->addr_list)) {
1022                                 arm_addr =
1023                                     list_entry(entry, struct arm_addr,
1024                                                addr_list);
1025                                 if (((arm_addr->start) <= (addr))
1026                                     && ((arm_addr->end) >= (addr + length))) {
1027                                         found = 1;
1028                                         break;
1029                                 }
1030                                 entry = entry->next;
1031                         }
1032                         if (found) {
1033                                 break;
1034                         }
1035                 }
1036         }
1037         rcode = -1;
1038         if (!found) {
1039                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1040                        " -> rcode_address_error\n");
1041                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1042                 return (RCODE_ADDRESS_ERROR);
1043         } else {
1044                 DBGMSG("arm_read addr_entry FOUND");
1045         }
1046         if (arm_addr->rec_length < length) {
1047                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1048                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1049         }
1050         if (rcode == -1) {
1051                 if (arm_addr->access_rights & ARM_READ) {
1052                         if (!(arm_addr->client_transactions & ARM_READ)) {
1053                                 memcpy(buffer,
1054                                        (arm_addr->addr_space_buffer) + (addr -
1055                                                                         (arm_addr->
1056                                                                          start)),
1057                                        length);
1058                                 DBGMSG("arm_read -> (rcode_complete)");
1059                                 rcode = RCODE_COMPLETE;
1060                         }
1061                 } else {
1062                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1063                         DBGMSG("arm_read -> rcode_type_error (access denied)");
1064                 }
1065         }
1066         if (arm_addr->notification_options & ARM_READ) {
1067                 DBGMSG("arm_read -> entering notification-section");
1068                 req = __alloc_pending_request(GFP_ATOMIC);
1069                 if (!req) {
1070                         DBGMSG("arm_read -> rcode_conflict_error");
1071                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1072                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1073                                                            The request may be retried */
1074                 }
1075                 if (rcode == RCODE_COMPLETE) {
1076                         size =
1077                             sizeof(struct arm_request) +
1078                             sizeof(struct arm_response) +
1079                             length * sizeof(byte_t) +
1080                             sizeof(struct arm_request_response);
1081                 } else {
1082                         size =
1083                             sizeof(struct arm_request) +
1084                             sizeof(struct arm_response) +
1085                             sizeof(struct arm_request_response);
1086                 }
1087                 req->data = kmalloc(size, GFP_ATOMIC);
1088                 if (!(req->data)) {
1089                         free_pending_request(req);
1090                         DBGMSG("arm_read -> rcode_conflict_error");
1091                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1092                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1093                                                            The request may be retried */
1094                 }
1095                 req->free_data = 1;
1096                 req->file_info = fi;
1097                 req->req.type = RAW1394_REQ_ARM;
1098                 req->req.generation = get_hpsb_generation(host);
1099                 req->req.misc =
1100                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1101                 req->req.tag = arm_addr->arm_tag;
1102                 req->req.recvb = arm_addr->recvb;
1103                 req->req.length = size;
1104                 arm_req_resp = (struct arm_request_response *)(req->data);
1105                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1106                                                  (sizeof
1107                                                   (struct
1108                                                    arm_request_response)));
1109                 arm_resp =
1110                     (struct arm_response *)((byte_t *) (arm_req) +
1111                                             (sizeof(struct arm_request)));
1112                 arm_req->buffer = NULL;
1113                 arm_resp->buffer = NULL;
1114                 if (rcode == RCODE_COMPLETE) {
1115                         byte_t *buf =
1116                             (byte_t *) arm_resp + sizeof(struct arm_response);
1117                         memcpy(buf,
1118                                (arm_addr->addr_space_buffer) + (addr -
1119                                                                 (arm_addr->
1120                                                                  start)),
1121                                length);
1122                         arm_resp->buffer =
1123                             int2ptr((arm_addr->recvb) +
1124                                     sizeof(struct arm_request_response) +
1125                                     sizeof(struct arm_request) +
1126                                     sizeof(struct arm_response));
1127                 }
1128                 arm_resp->buffer_length =
1129                     (rcode == RCODE_COMPLETE) ? length : 0;
1130                 arm_resp->response_code = rcode;
1131                 arm_req->buffer_length = 0;
1132                 arm_req->generation = req->req.generation;
1133                 arm_req->extended_transaction_code = 0;
1134                 arm_req->destination_offset = addr;
1135                 arm_req->source_nodeid = nodeid;
1136                 arm_req->destination_nodeid = host->node_id;
1137                 arm_req->tlabel = (flags >> 10) & 0x3f;
1138                 arm_req->tcode = (flags >> 4) & 0x0f;
1139                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1140                                                 sizeof(struct
1141                                                        arm_request_response));
1142                 arm_req_resp->response =
1143                     int2ptr((arm_addr->recvb) +
1144                             sizeof(struct arm_request_response) +
1145                             sizeof(struct arm_request));
1146                 queue_complete_req(req);
1147         }
1148         spin_unlock_irqrestore(&host_info_lock, irqflags);
1149         return (rcode);
1150 }
1151
1152 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1153                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1154 {
1155         unsigned long irqflags;
1156         struct pending_request *req;
1157         struct host_info *hi;
1158         struct file_info *fi = NULL;
1159         struct list_head *entry;
1160         struct arm_addr *arm_addr = NULL;
1161         struct arm_request *arm_req = NULL;
1162         struct arm_response *arm_resp = NULL;
1163         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1164         struct arm_request_response *arm_req_resp = NULL;
1165
1166         DBGMSG("arm_write called by node: %X"
1167                "addr: %4.4x %8.8x length: %Zu", nodeid,
1168                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1169                length);
1170         spin_lock_irqsave(&host_info_lock, irqflags);
1171         hi = find_host_info(host);      /* search address-entry */
1172         if (hi != NULL) {
1173                 list_for_each_entry(fi, &hi->file_info_list, list) {
1174                         entry = fi->addr_list.next;
1175                         while (entry != &(fi->addr_list)) {
1176                                 arm_addr =
1177                                     list_entry(entry, struct arm_addr,
1178                                                addr_list);
1179                                 if (((arm_addr->start) <= (addr))
1180                                     && ((arm_addr->end) >= (addr + length))) {
1181                                         found = 1;
1182                                         break;
1183                                 }
1184                                 entry = entry->next;
1185                         }
1186                         if (found) {
1187                                 break;
1188                         }
1189                 }
1190         }
1191         rcode = -1;
1192         if (!found) {
1193                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1194                        " -> rcode_address_error\n");
1195                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1196                 return (RCODE_ADDRESS_ERROR);
1197         } else {
1198                 DBGMSG("arm_write addr_entry FOUND");
1199         }
1200         if (arm_addr->rec_length < length) {
1201                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1202                 length_conflict = 1;
1203                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1204         }
1205         if (rcode == -1) {
1206                 if (arm_addr->access_rights & ARM_WRITE) {
1207                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1208                                 memcpy((arm_addr->addr_space_buffer) +
1209                                        (addr - (arm_addr->start)), data,
1210                                        length);
1211                                 DBGMSG("arm_write -> (rcode_complete)");
1212                                 rcode = RCODE_COMPLETE;
1213                         }
1214                 } else {
1215                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1216                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1217                 }
1218         }
1219         if (arm_addr->notification_options & ARM_WRITE) {
1220                 DBGMSG("arm_write -> entering notification-section");
1221                 req = __alloc_pending_request(GFP_ATOMIC);
1222                 if (!req) {
1223                         DBGMSG("arm_write -> rcode_conflict_error");
1224                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1225                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1226                                                            The request my be retried */
1227                 }
1228                 size =
1229                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1230                     (length) * sizeof(byte_t) +
1231                     sizeof(struct arm_request_response);
1232                 req->data = kmalloc(size, GFP_ATOMIC);
1233                 if (!(req->data)) {
1234                         free_pending_request(req);
1235                         DBGMSG("arm_write -> rcode_conflict_error");
1236                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1237                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1238                                                            The request may be retried */
1239                 }
1240                 req->free_data = 1;
1241                 req->file_info = fi;
1242                 req->req.type = RAW1394_REQ_ARM;
1243                 req->req.generation = get_hpsb_generation(host);
1244                 req->req.misc =
1245                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1246                 req->req.tag = arm_addr->arm_tag;
1247                 req->req.recvb = arm_addr->recvb;
1248                 req->req.length = size;
1249                 arm_req_resp = (struct arm_request_response *)(req->data);
1250                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1251                                                  (sizeof
1252                                                   (struct
1253                                                    arm_request_response)));
1254                 arm_resp =
1255                     (struct arm_response *)((byte_t *) (arm_req) +
1256                                             (sizeof(struct arm_request)));
1257                 arm_resp->buffer = NULL;
1258                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1259                        data, length);
1260                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1261                                           sizeof(struct arm_request_response) +
1262                                           sizeof(struct arm_request) +
1263                                           sizeof(struct arm_response));
1264                 arm_req->buffer_length = length;
1265                 arm_req->generation = req->req.generation;
1266                 arm_req->extended_transaction_code = 0;
1267                 arm_req->destination_offset = addr;
1268                 arm_req->source_nodeid = nodeid;
1269                 arm_req->destination_nodeid = destid;
1270                 arm_req->tlabel = (flags >> 10) & 0x3f;
1271                 arm_req->tcode = (flags >> 4) & 0x0f;
1272                 arm_resp->buffer_length = 0;
1273                 arm_resp->response_code = rcode;
1274                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1275                                                 sizeof(struct
1276                                                        arm_request_response));
1277                 arm_req_resp->response =
1278                     int2ptr((arm_addr->recvb) +
1279                             sizeof(struct arm_request_response) +
1280                             sizeof(struct arm_request));
1281                 queue_complete_req(req);
1282         }
1283         spin_unlock_irqrestore(&host_info_lock, irqflags);
1284         return (rcode);
1285 }
1286
1287 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1288                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1289                     u16 flags)
1290 {
1291         unsigned long irqflags;
1292         struct pending_request *req;
1293         struct host_info *hi;
1294         struct file_info *fi = NULL;
1295         struct list_head *entry;
1296         struct arm_addr *arm_addr = NULL;
1297         struct arm_request *arm_req = NULL;
1298         struct arm_response *arm_resp = NULL;
1299         int found = 0, size = 0, rcode = -1;
1300         quadlet_t old, new;
1301         struct arm_request_response *arm_req_resp = NULL;
1302
1303         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1304             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1305                 DBGMSG("arm_lock  called by node: %X "
1306                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1307                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1308                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1309                        be32_to_cpu(data));
1310         } else {
1311                 DBGMSG("arm_lock  called by node: %X "
1312                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1313                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1314                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1315                        be32_to_cpu(data), be32_to_cpu(arg));
1316         }
1317         spin_lock_irqsave(&host_info_lock, irqflags);
1318         hi = find_host_info(host);      /* search address-entry */
1319         if (hi != NULL) {
1320                 list_for_each_entry(fi, &hi->file_info_list, list) {
1321                         entry = fi->addr_list.next;
1322                         while (entry != &(fi->addr_list)) {
1323                                 arm_addr =
1324                                     list_entry(entry, struct arm_addr,
1325                                                addr_list);
1326                                 if (((arm_addr->start) <= (addr))
1327                                     && ((arm_addr->end) >=
1328                                         (addr + sizeof(*store)))) {
1329                                         found = 1;
1330                                         break;
1331                                 }
1332                                 entry = entry->next;
1333                         }
1334                         if (found) {
1335                                 break;
1336                         }
1337                 }
1338         }
1339         rcode = -1;
1340         if (!found) {
1341                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1342                        " -> rcode_address_error\n");
1343                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1344                 return (RCODE_ADDRESS_ERROR);
1345         } else {
1346                 DBGMSG("arm_lock addr_entry FOUND");
1347         }
1348         if (rcode == -1) {
1349                 if (arm_addr->access_rights & ARM_LOCK) {
1350                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1351                                 memcpy(&old,
1352                                        (arm_addr->addr_space_buffer) + (addr -
1353                                                                         (arm_addr->
1354                                                                          start)),
1355                                        sizeof(old));
1356                                 switch (ext_tcode) {
1357                                 case (EXTCODE_MASK_SWAP):
1358                                         new = data | (old & ~arg);
1359                                         break;
1360                                 case (EXTCODE_COMPARE_SWAP):
1361                                         if (old == arg) {
1362                                                 new = data;
1363                                         } else {
1364                                                 new = old;
1365                                         }
1366                                         break;
1367                                 case (EXTCODE_FETCH_ADD):
1368                                         new =
1369                                             cpu_to_be32(be32_to_cpu(data) +
1370                                                         be32_to_cpu(old));
1371                                         break;
1372                                 case (EXTCODE_LITTLE_ADD):
1373                                         new =
1374                                             cpu_to_le32(le32_to_cpu(data) +
1375                                                         le32_to_cpu(old));
1376                                         break;
1377                                 case (EXTCODE_BOUNDED_ADD):
1378                                         if (old != arg) {
1379                                                 new =
1380                                                     cpu_to_be32(be32_to_cpu
1381                                                                 (data) +
1382                                                                 be32_to_cpu
1383                                                                 (old));
1384                                         } else {
1385                                                 new = old;
1386                                         }
1387                                         break;
1388                                 case (EXTCODE_WRAP_ADD):
1389                                         if (old != arg) {
1390                                                 new =
1391                                                     cpu_to_be32(be32_to_cpu
1392                                                                 (data) +
1393                                                                 be32_to_cpu
1394                                                                 (old));
1395                                         } else {
1396                                                 new = data;
1397                                         }
1398                                         break;
1399                                 default:
1400                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1401                                         printk(KERN_ERR
1402                                                "raw1394: arm_lock FAILED "
1403                                                "ext_tcode not allowed -> rcode_type_error\n");
1404                                         break;
1405                                 }       /*switch */
1406                                 if (rcode == -1) {
1407                                         DBGMSG("arm_lock -> (rcode_complete)");
1408                                         rcode = RCODE_COMPLETE;
1409                                         memcpy(store, &old, sizeof(*store));
1410                                         memcpy((arm_addr->addr_space_buffer) +
1411                                                (addr - (arm_addr->start)),
1412                                                &new, sizeof(*store));
1413                                 }
1414                         }
1415                 } else {
1416                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1417                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1418                 }
1419         }
1420         if (arm_addr->notification_options & ARM_LOCK) {
1421                 byte_t *buf1, *buf2;
1422                 DBGMSG("arm_lock -> entering notification-section");
1423                 req = __alloc_pending_request(GFP_ATOMIC);
1424                 if (!req) {
1425                         DBGMSG("arm_lock -> rcode_conflict_error");
1426                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1427                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1428                                                            The request may be retried */
1429                 }
1430                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1431                 req->data = kmalloc(size, GFP_ATOMIC);
1432                 if (!(req->data)) {
1433                         free_pending_request(req);
1434                         DBGMSG("arm_lock -> rcode_conflict_error");
1435                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1436                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1437                                                            The request may be retried */
1438                 }
1439                 req->free_data = 1;
1440                 arm_req_resp = (struct arm_request_response *)(req->data);
1441                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1442                                                  (sizeof
1443                                                   (struct
1444                                                    arm_request_response)));
1445                 arm_resp =
1446                     (struct arm_response *)((byte_t *) (arm_req) +
1447                                             (sizeof(struct arm_request)));
1448                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1449                 buf2 = buf1 + 2 * sizeof(*store);
1450                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1451                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1452                         arm_req->buffer_length = sizeof(*store);
1453                         memcpy(buf1, &data, sizeof(*store));
1454
1455                 } else {
1456                         arm_req->buffer_length = 2 * sizeof(*store);
1457                         memcpy(buf1, &arg, sizeof(*store));
1458                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1459                 }
1460                 if (rcode == RCODE_COMPLETE) {
1461                         arm_resp->buffer_length = sizeof(*store);
1462                         memcpy(buf2, &old, sizeof(*store));
1463                 } else {
1464                         arm_resp->buffer_length = 0;
1465                 }
1466                 req->file_info = fi;
1467                 req->req.type = RAW1394_REQ_ARM;
1468                 req->req.generation = get_hpsb_generation(host);
1469                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1470                                  (ARM_LOCK & 0xFF));
1471                 req->req.tag = arm_addr->arm_tag;
1472                 req->req.recvb = arm_addr->recvb;
1473                 req->req.length = size;
1474                 arm_req->generation = req->req.generation;
1475                 arm_req->extended_transaction_code = ext_tcode;
1476                 arm_req->destination_offset = addr;
1477                 arm_req->source_nodeid = nodeid;
1478                 arm_req->destination_nodeid = host->node_id;
1479                 arm_req->tlabel = (flags >> 10) & 0x3f;
1480                 arm_req->tcode = (flags >> 4) & 0x0f;
1481                 arm_resp->response_code = rcode;
1482                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1483                                                 sizeof(struct
1484                                                        arm_request_response));
1485                 arm_req_resp->response =
1486                     int2ptr((arm_addr->recvb) +
1487                             sizeof(struct arm_request_response) +
1488                             sizeof(struct arm_request));
1489                 arm_req->buffer =
1490                     int2ptr((arm_addr->recvb) +
1491                             sizeof(struct arm_request_response) +
1492                             sizeof(struct arm_request) +
1493                             sizeof(struct arm_response));
1494                 arm_resp->buffer =
1495                     int2ptr((arm_addr->recvb) +
1496                             sizeof(struct arm_request_response) +
1497                             sizeof(struct arm_request) +
1498                             sizeof(struct arm_response) + 2 * sizeof(*store));
1499                 queue_complete_req(req);
1500         }
1501         spin_unlock_irqrestore(&host_info_lock, irqflags);
1502         return (rcode);
1503 }
1504
1505 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1506                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1507                       u16 flags)
1508 {
1509         unsigned long irqflags;
1510         struct pending_request *req;
1511         struct host_info *hi;
1512         struct file_info *fi = NULL;
1513         struct list_head *entry;
1514         struct arm_addr *arm_addr = NULL;
1515         struct arm_request *arm_req = NULL;
1516         struct arm_response *arm_resp = NULL;
1517         int found = 0, size = 0, rcode = -1;
1518         octlet_t old, new;
1519         struct arm_request_response *arm_req_resp = NULL;
1520
1521         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1522             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1523                 DBGMSG("arm_lock64 called by node: %X "
1524                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1525                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1526                        (u32) (addr & 0xFFFFFFFF),
1527                        ext_tcode & 0xFF,
1528                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1529                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1530         } else {
1531                 DBGMSG("arm_lock64 called by node: %X "
1532                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1533                        "%8.8X %8.8X ",
1534                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1535                        (u32) (addr & 0xFFFFFFFF),
1536                        ext_tcode & 0xFF,
1537                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1538                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1539                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1540                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1541         }
1542         spin_lock_irqsave(&host_info_lock, irqflags);
1543         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1544         if (hi != NULL) {
1545                 list_for_each_entry(fi, &hi->file_info_list, list) {
1546                         entry = fi->addr_list.next;
1547                         while (entry != &(fi->addr_list)) {
1548                                 arm_addr =
1549                                     list_entry(entry, struct arm_addr,
1550                                                addr_list);
1551                                 if (((arm_addr->start) <= (addr))
1552                                     && ((arm_addr->end) >=
1553                                         (addr + sizeof(*store)))) {
1554                                         found = 1;
1555                                         break;
1556                                 }
1557                                 entry = entry->next;
1558                         }
1559                         if (found) {
1560                                 break;
1561                         }
1562                 }
1563         }
1564         rcode = -1;
1565         if (!found) {
1566                 printk(KERN_ERR
1567                        "raw1394: arm_lock64 FAILED addr_entry not found"
1568                        " -> rcode_address_error\n");
1569                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1570                 return (RCODE_ADDRESS_ERROR);
1571         } else {
1572                 DBGMSG("arm_lock64 addr_entry FOUND");
1573         }
1574         if (rcode == -1) {
1575                 if (arm_addr->access_rights & ARM_LOCK) {
1576                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1577                                 memcpy(&old,
1578                                        (arm_addr->addr_space_buffer) + (addr -
1579                                                                         (arm_addr->
1580                                                                          start)),
1581                                        sizeof(old));
1582                                 switch (ext_tcode) {
1583                                 case (EXTCODE_MASK_SWAP):
1584                                         new = data | (old & ~arg);
1585                                         break;
1586                                 case (EXTCODE_COMPARE_SWAP):
1587                                         if (old == arg) {
1588                                                 new = data;
1589                                         } else {
1590                                                 new = old;
1591                                         }
1592                                         break;
1593                                 case (EXTCODE_FETCH_ADD):
1594                                         new =
1595                                             cpu_to_be64(be64_to_cpu(data) +
1596                                                         be64_to_cpu(old));
1597                                         break;
1598                                 case (EXTCODE_LITTLE_ADD):
1599                                         new =
1600                                             cpu_to_le64(le64_to_cpu(data) +
1601                                                         le64_to_cpu(old));
1602                                         break;
1603                                 case (EXTCODE_BOUNDED_ADD):
1604                                         if (old != arg) {
1605                                                 new =
1606                                                     cpu_to_be64(be64_to_cpu
1607                                                                 (data) +
1608                                                                 be64_to_cpu
1609                                                                 (old));
1610                                         } else {
1611                                                 new = old;
1612                                         }
1613                                         break;
1614                                 case (EXTCODE_WRAP_ADD):
1615                                         if (old != arg) {
1616                                                 new =
1617                                                     cpu_to_be64(be64_to_cpu
1618                                                                 (data) +
1619                                                                 be64_to_cpu
1620                                                                 (old));
1621                                         } else {
1622                                                 new = data;
1623                                         }
1624                                         break;
1625                                 default:
1626                                         printk(KERN_ERR
1627                                                "raw1394: arm_lock64 FAILED "
1628                                                "ext_tcode not allowed -> rcode_type_error\n");
1629                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1630                                         break;
1631                                 }       /*switch */
1632                                 if (rcode == -1) {
1633                                         DBGMSG
1634                                             ("arm_lock64 -> (rcode_complete)");
1635                                         rcode = RCODE_COMPLETE;
1636                                         memcpy(store, &old, sizeof(*store));
1637                                         memcpy((arm_addr->addr_space_buffer) +
1638                                                (addr - (arm_addr->start)),
1639                                                &new, sizeof(*store));
1640                                 }
1641                         }
1642                 } else {
1643                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1644                         DBGMSG
1645                             ("arm_lock64 -> rcode_type_error (access denied)");
1646                 }
1647         }
1648         if (arm_addr->notification_options & ARM_LOCK) {
1649                 byte_t *buf1, *buf2;
1650                 DBGMSG("arm_lock64 -> entering notification-section");
1651                 req = __alloc_pending_request(GFP_ATOMIC);
1652                 if (!req) {
1653                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1654                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1655                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1656                                                            The request may be retried */
1657                 }
1658                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1659                 req->data = kmalloc(size, GFP_ATOMIC);
1660                 if (!(req->data)) {
1661                         free_pending_request(req);
1662                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1663                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1664                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1665                                                            The request may be retried */
1666                 }
1667                 req->free_data = 1;
1668                 arm_req_resp = (struct arm_request_response *)(req->data);
1669                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1670                                                  (sizeof
1671                                                   (struct
1672                                                    arm_request_response)));
1673                 arm_resp =
1674                     (struct arm_response *)((byte_t *) (arm_req) +
1675                                             (sizeof(struct arm_request)));
1676                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1677                 buf2 = buf1 + 2 * sizeof(*store);
1678                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1679                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1680                         arm_req->buffer_length = sizeof(*store);
1681                         memcpy(buf1, &data, sizeof(*store));
1682
1683                 } else {
1684                         arm_req->buffer_length = 2 * sizeof(*store);
1685                         memcpy(buf1, &arg, sizeof(*store));
1686                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1687                 }
1688                 if (rcode == RCODE_COMPLETE) {
1689                         arm_resp->buffer_length = sizeof(*store);
1690                         memcpy(buf2, &old, sizeof(*store));
1691                 } else {
1692                         arm_resp->buffer_length = 0;
1693                 }
1694                 req->file_info = fi;
1695                 req->req.type = RAW1394_REQ_ARM;
1696                 req->req.generation = get_hpsb_generation(host);
1697                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1698                                  (ARM_LOCK & 0xFF));
1699                 req->req.tag = arm_addr->arm_tag;
1700                 req->req.recvb = arm_addr->recvb;
1701                 req->req.length = size;
1702                 arm_req->generation = req->req.generation;
1703                 arm_req->extended_transaction_code = ext_tcode;
1704                 arm_req->destination_offset = addr;
1705                 arm_req->source_nodeid = nodeid;
1706                 arm_req->destination_nodeid = host->node_id;
1707                 arm_req->tlabel = (flags >> 10) & 0x3f;
1708                 arm_req->tcode = (flags >> 4) & 0x0f;
1709                 arm_resp->response_code = rcode;
1710                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1711                                                 sizeof(struct
1712                                                        arm_request_response));
1713                 arm_req_resp->response =
1714                     int2ptr((arm_addr->recvb) +
1715                             sizeof(struct arm_request_response) +
1716                             sizeof(struct arm_request));
1717                 arm_req->buffer =
1718                     int2ptr((arm_addr->recvb) +
1719                             sizeof(struct arm_request_response) +
1720                             sizeof(struct arm_request) +
1721                             sizeof(struct arm_response));
1722                 arm_resp->buffer =
1723                     int2ptr((arm_addr->recvb) +
1724                             sizeof(struct arm_request_response) +
1725                             sizeof(struct arm_request) +
1726                             sizeof(struct arm_response) + 2 * sizeof(*store));
1727                 queue_complete_req(req);
1728         }
1729         spin_unlock_irqrestore(&host_info_lock, irqflags);
1730         return (rcode);
1731 }
1732
1733 static int arm_register(struct file_info *fi, struct pending_request *req)
1734 {
1735         int retval;
1736         struct arm_addr *addr;
1737         struct host_info *hi;
1738         struct file_info *fi_hlp = NULL;
1739         struct list_head *entry;
1740         struct arm_addr *arm_addr = NULL;
1741         int same_host, another_host;
1742         unsigned long flags;
1743
1744         DBGMSG("arm_register called "
1745                "addr(Offset): %8.8x %8.8x length: %u "
1746                "rights: %2.2X notify: %2.2X "
1747                "max_blk_len: %4.4X",
1748                (u32) ((req->req.address >> 32) & 0xFFFF),
1749                (u32) (req->req.address & 0xFFFFFFFF),
1750                req->req.length, ((req->req.misc >> 8) & 0xFF),
1751                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1752         /* check addressrange */
1753         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1754             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1755              0)) {
1756                 req->req.length = 0;
1757                 return (-EINVAL);
1758         }
1759         /* addr-list-entry for fileinfo */
1760         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1761         if (!addr) {
1762                 req->req.length = 0;
1763                 return (-ENOMEM);
1764         }
1765         /* allocation of addr_space_buffer */
1766         addr->addr_space_buffer = vmalloc(req->req.length);
1767         if (!(addr->addr_space_buffer)) {
1768                 kfree(addr);
1769                 req->req.length = 0;
1770                 return (-ENOMEM);
1771         }
1772         /* initialization of addr_space_buffer */
1773         if ((req->req.sendb) == (unsigned long)NULL) {
1774                 /* init: set 0 */
1775                 memset(addr->addr_space_buffer, 0, req->req.length);
1776         } else {
1777                 /* init: user -> kernel */
1778                 if (copy_from_user
1779                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1780                      req->req.length)) {
1781                         vfree(addr->addr_space_buffer);
1782                         kfree(addr);
1783                         return (-EFAULT);
1784                 }
1785         }
1786         INIT_LIST_HEAD(&addr->addr_list);
1787         addr->arm_tag = req->req.tag;
1788         addr->start = req->req.address;
1789         addr->end = req->req.address + req->req.length;
1790         addr->access_rights = (u8) (req->req.misc & 0x0F);
1791         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1792         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1793         addr->access_rights |= addr->client_transactions;
1794         addr->notification_options |= addr->client_transactions;
1795         addr->recvb = req->req.recvb;
1796         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1797
1798         spin_lock_irqsave(&host_info_lock, flags);
1799         hi = find_host_info(fi->host);
1800         same_host = 0;
1801         another_host = 0;
1802         /* same host with address-entry containing same addressrange ? */
1803         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1804                 entry = fi_hlp->addr_list.next;
1805                 while (entry != &(fi_hlp->addr_list)) {
1806                         arm_addr =
1807                             list_entry(entry, struct arm_addr, addr_list);
1808                         if ((arm_addr->start == addr->start)
1809                             && (arm_addr->end == addr->end)) {
1810                                 DBGMSG("same host ownes same "
1811                                        "addressrange -> EALREADY");
1812                                 same_host = 1;
1813                                 break;
1814                         }
1815                         entry = entry->next;
1816                 }
1817                 if (same_host) {
1818                         break;
1819                 }
1820         }
1821         if (same_host) {
1822                 /* addressrange occupied by same host */
1823                 spin_unlock_irqrestore(&host_info_lock, flags);
1824                 vfree(addr->addr_space_buffer);
1825                 kfree(addr);
1826                 return (-EALREADY);
1827         }
1828         /* another host with valid address-entry containing same addressrange */
1829         list_for_each_entry(hi, &host_info_list, list) {
1830                 if (hi->host != fi->host) {
1831                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1832                                 entry = fi_hlp->addr_list.next;
1833                                 while (entry != &(fi_hlp->addr_list)) {
1834                                         arm_addr =
1835                                             list_entry(entry, struct arm_addr,
1836                                                        addr_list);
1837                                         if ((arm_addr->start == addr->start)
1838                                             && (arm_addr->end == addr->end)) {
1839                                                 DBGMSG
1840                                                     ("another host ownes same "
1841                                                      "addressrange");
1842                                                 another_host = 1;
1843                                                 break;
1844                                         }
1845                                         entry = entry->next;
1846                                 }
1847                                 if (another_host) {
1848                                         break;
1849                                 }
1850                         }
1851                 }
1852         }
1853         spin_unlock_irqrestore(&host_info_lock, flags);
1854
1855         if (another_host) {
1856                 DBGMSG("another hosts entry is valid -> SUCCESS");
1857                 if (copy_to_user(int2ptr(req->req.recvb),
1858                                  &addr->start, sizeof(u64))) {
1859                         printk(KERN_ERR "raw1394: arm_register failed "
1860                                " address-range-entry is invalid -> EFAULT !!!\n");
1861                         vfree(addr->addr_space_buffer);
1862                         kfree(addr);
1863                         return (-EFAULT);
1864                 }
1865                 free_pending_request(req);      /* immediate success or fail */
1866                 /* INSERT ENTRY */
1867                 spin_lock_irqsave(&host_info_lock, flags);
1868                 list_add_tail(&addr->addr_list, &fi->addr_list);
1869                 spin_unlock_irqrestore(&host_info_lock, flags);
1870                 return sizeof(struct raw1394_request);
1871         }
1872         retval =
1873             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1874                                     req->req.address,
1875                                     req->req.address + req->req.length);
1876         if (retval) {
1877                 /* INSERT ENTRY */
1878                 spin_lock_irqsave(&host_info_lock, flags);
1879                 list_add_tail(&addr->addr_list, &fi->addr_list);
1880                 spin_unlock_irqrestore(&host_info_lock, flags);
1881         } else {
1882                 DBGMSG("arm_register failed errno: %d \n", retval);
1883                 vfree(addr->addr_space_buffer);
1884                 kfree(addr);
1885                 return (-EALREADY);
1886         }
1887         free_pending_request(req);      /* immediate success or fail */
1888         return sizeof(struct raw1394_request);
1889 }
1890
1891 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1892 {
1893         int found = 0;
1894         int retval = 0;
1895         struct list_head *entry;
1896         struct arm_addr *addr = NULL;
1897         struct host_info *hi;
1898         struct file_info *fi_hlp = NULL;
1899         struct arm_addr *arm_addr = NULL;
1900         int another_host;
1901         unsigned long flags;
1902
1903         DBGMSG("arm_Unregister called addr(Offset): "
1904                "%8.8x %8.8x",
1905                (u32) ((req->req.address >> 32) & 0xFFFF),
1906                (u32) (req->req.address & 0xFFFFFFFF));
1907         spin_lock_irqsave(&host_info_lock, flags);
1908         /* get addr */
1909         entry = fi->addr_list.next;
1910         while (entry != &(fi->addr_list)) {
1911                 addr = list_entry(entry, struct arm_addr, addr_list);
1912                 if (addr->start == req->req.address) {
1913                         found = 1;
1914                         break;
1915                 }
1916                 entry = entry->next;
1917         }
1918         if (!found) {
1919                 DBGMSG("arm_Unregister addr not found");
1920                 spin_unlock_irqrestore(&host_info_lock, flags);
1921                 return (-EINVAL);
1922         }
1923         DBGMSG("arm_Unregister addr found");
1924         another_host = 0;
1925         /* another host with valid address-entry containing
1926            same addressrange */
1927         list_for_each_entry(hi, &host_info_list, list) {
1928                 if (hi->host != fi->host) {
1929                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1930                                 entry = fi_hlp->addr_list.next;
1931                                 while (entry != &(fi_hlp->addr_list)) {
1932                                         arm_addr = list_entry(entry,
1933                                                               struct arm_addr,
1934                                                               addr_list);
1935                                         if (arm_addr->start == addr->start) {
1936                                                 DBGMSG("another host ownes "
1937                                                        "same addressrange");
1938                                                 another_host = 1;
1939                                                 break;
1940                                         }
1941                                         entry = entry->next;
1942                                 }
1943                                 if (another_host) {
1944                                         break;
1945                                 }
1946                         }
1947                 }
1948         }
1949         if (another_host) {
1950                 DBGMSG("delete entry from list -> success");
1951                 list_del(&addr->addr_list);
1952                 spin_unlock_irqrestore(&host_info_lock, flags);
1953                 vfree(addr->addr_space_buffer);
1954                 kfree(addr);
1955                 free_pending_request(req);      /* immediate success or fail */
1956                 return sizeof(struct raw1394_request);
1957         }
1958         retval =
1959             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1960                                       addr->start);
1961         if (!retval) {
1962                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1963                 spin_unlock_irqrestore(&host_info_lock, flags);
1964                 return (-EINVAL);
1965         }
1966         DBGMSG("delete entry from list -> success");
1967         list_del(&addr->addr_list);
1968         spin_unlock_irqrestore(&host_info_lock, flags);
1969         vfree(addr->addr_space_buffer);
1970         kfree(addr);
1971         free_pending_request(req);      /* immediate success or fail */
1972         return sizeof(struct raw1394_request);
1973 }
1974
1975 /* Copy data from ARM buffer(s) to user buffer. */
1976 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1977 {
1978         struct arm_addr *arm_addr = NULL;
1979         unsigned long flags;
1980         unsigned long offset;
1981
1982         struct list_head *entry;
1983
1984         DBGMSG("arm_get_buf "
1985                "addr(Offset): %04X %08X length: %u",
1986                (u32) ((req->req.address >> 32) & 0xFFFF),
1987                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1988
1989         spin_lock_irqsave(&host_info_lock, flags);
1990         entry = fi->addr_list.next;
1991         while (entry != &(fi->addr_list)) {
1992                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1993                 if ((arm_addr->start <= req->req.address) &&
1994                     (arm_addr->end > req->req.address)) {
1995                         if (req->req.address + req->req.length <= arm_addr->end) {
1996                                 offset = req->req.address - arm_addr->start;
1997                                 spin_unlock_irqrestore(&host_info_lock, flags);
1998
1999                                 DBGMSG
2000                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
2001                                      (u32) req->req.recvb,
2002                                      arm_addr->addr_space_buffer + offset,
2003                                      (u32) req->req.length);
2004                                 if (copy_to_user
2005                                     (int2ptr(req->req.recvb),
2006                                      arm_addr->addr_space_buffer + offset,
2007                                      req->req.length))
2008                                         return (-EFAULT);
2009
2010                                 /* We have to free the request, because we
2011                                  * queue no response, and therefore nobody
2012                                  * will free it. */
2013                                 free_pending_request(req);
2014                                 return sizeof(struct raw1394_request);
2015                         } else {
2016                                 DBGMSG("arm_get_buf request exceeded mapping");
2017                                 spin_unlock_irqrestore(&host_info_lock, flags);
2018                                 return (-EINVAL);
2019                         }
2020                 }
2021                 entry = entry->next;
2022         }
2023         spin_unlock_irqrestore(&host_info_lock, flags);
2024         return (-EINVAL);
2025 }
2026
2027 /* Copy data from user buffer to ARM buffer(s). */
2028 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2029 {
2030         struct arm_addr *arm_addr = NULL;
2031         unsigned long flags;
2032         unsigned long offset;
2033
2034         struct list_head *entry;
2035
2036         DBGMSG("arm_set_buf "
2037                "addr(Offset): %04X %08X length: %u",
2038                (u32) ((req->req.address >> 32) & 0xFFFF),
2039                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2040
2041         spin_lock_irqsave(&host_info_lock, flags);
2042         entry = fi->addr_list.next;
2043         while (entry != &(fi->addr_list)) {
2044                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2045                 if ((arm_addr->start <= req->req.address) &&
2046                     (arm_addr->end > req->req.address)) {
2047                         if (req->req.address + req->req.length <= arm_addr->end) {
2048                                 offset = req->req.address - arm_addr->start;
2049                                 spin_unlock_irqrestore(&host_info_lock, flags);
2050
2051                                 DBGMSG
2052                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
2053                                      arm_addr->addr_space_buffer + offset,
2054                                      (u32) req->req.sendb,
2055                                      (u32) req->req.length);
2056                                 if (copy_from_user
2057                                     (arm_addr->addr_space_buffer + offset,
2058                                      int2ptr(req->req.sendb),
2059                                      req->req.length))
2060                                         return (-EFAULT);
2061
2062                                 /* We have to free the request, because we
2063                                  * queue no response, and therefore nobody
2064                                  * will free it. */
2065                                 free_pending_request(req);
2066                                 return sizeof(struct raw1394_request);
2067                         } else {
2068                                 DBGMSG("arm_set_buf request exceeded mapping");
2069                                 spin_unlock_irqrestore(&host_info_lock, flags);
2070                                 return (-EINVAL);
2071                         }
2072                 }
2073                 entry = entry->next;
2074         }
2075         spin_unlock_irqrestore(&host_info_lock, flags);
2076         return (-EINVAL);
2077 }
2078
2079 static int reset_notification(struct file_info *fi, struct pending_request *req)
2080 {
2081         DBGMSG("reset_notification called - switch %s ",
2082                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2083         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2084             (req->req.misc == RAW1394_NOTIFY_ON)) {
2085                 fi->notification = (u8) req->req.misc;
2086                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2087                 return sizeof(struct raw1394_request);
2088         }
2089         /* error EINVAL (22) invalid argument */
2090         return (-EINVAL);
2091 }
2092
2093 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2094 {
2095         struct hpsb_packet *packet = NULL;
2096         int retval = 0;
2097         quadlet_t data;
2098         unsigned long flags;
2099
2100         data = be32_to_cpu((u32) req->req.sendb);
2101         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2102         packet = hpsb_make_phypacket(fi->host, data);
2103         if (!packet)
2104                 return -ENOMEM;
2105         req->req.length = 0;
2106         req->packet = packet;
2107         hpsb_set_packet_complete_task(packet,
2108                                       (void (*)(void *))queue_complete_cb, req);
2109         spin_lock_irqsave(&fi->reqlists_lock, flags);
2110         list_add_tail(&req->list, &fi->req_pending);
2111         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2112         packet->generation = req->req.generation;
2113         retval = hpsb_send_packet(packet);
2114         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2115         if (retval < 0) {
2116                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2117                 req->req.length = 0;
2118                 queue_complete_req(req);
2119         }
2120         return sizeof(struct raw1394_request);
2121 }
2122
2123 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2124 {
2125         int ret = sizeof(struct raw1394_request);
2126         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2127         int status;
2128
2129         if (!data)
2130                 return -ENOMEM;
2131
2132         status =
2133             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2134                          data, req->req.length);
2135         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2136                 ret = -EFAULT;
2137         if (copy_to_user
2138             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2139              sizeof(fi->host->csr.rom->cache_head->len)))
2140                 ret = -EFAULT;
2141         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2142                          sizeof(fi->host->csr.generation)))
2143                 ret = -EFAULT;
2144         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2145                 ret = -EFAULT;
2146         kfree(data);
2147         if (ret >= 0) {
2148                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2149         }
2150         return ret;
2151 }
2152
2153 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2154 {
2155         int ret = sizeof(struct raw1394_request);
2156         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2157         if (!data)
2158                 return -ENOMEM;
2159         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2160                 ret = -EFAULT;
2161         } else {
2162                 int status = hpsb_update_config_rom(fi->host,
2163                                                     data, req->req.length,
2164                                                     (unsigned char)req->req.
2165                                                     misc);
2166                 if (copy_to_user
2167                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2168                         ret = -ENOMEM;
2169         }
2170         kfree(data);
2171         if (ret >= 0) {
2172                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2173                 fi->cfgrom_upd = 1;
2174         }
2175         return ret;
2176 }
2177
2178 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2179 {
2180         struct csr1212_keyval *kv;
2181         struct csr1212_csr_rom_cache *cache;
2182         struct csr1212_dentry *dentry;
2183         u32 dr;
2184         int ret = 0;
2185
2186         if (req->req.misc == ~0) {
2187                 if (req->req.length == 0)
2188                         return -EINVAL;
2189
2190                 /* Find an unused slot */
2191                 for (dr = 0;
2192                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2193                      dr++) ;
2194
2195                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2196                         return -ENOMEM;
2197
2198                 fi->csr1212_dirs[dr] =
2199                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2200                 if (!fi->csr1212_dirs[dr])
2201                         return -ENOMEM;
2202         } else {
2203                 dr = req->req.misc;
2204                 if (!fi->csr1212_dirs[dr])
2205                         return -EINVAL;
2206
2207                 /* Delete old stuff */
2208                 for (dentry =
2209                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2210                      dentry; dentry = dentry->next) {
2211                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2212                                                              root_kv,
2213                                                              dentry->kv);
2214                 }
2215
2216                 if (req->req.length == 0) {
2217                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2218                         fi->csr1212_dirs[dr] = NULL;
2219
2220                         hpsb_update_config_rom_image(fi->host);
2221                         free_pending_request(req);
2222                         return sizeof(struct raw1394_request);
2223                 }
2224         }
2225
2226         cache = csr1212_rom_cache_malloc(0, req->req.length);
2227         if (!cache) {
2228                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2229                 fi->csr1212_dirs[dr] = NULL;
2230                 return -ENOMEM;
2231         }
2232
2233         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2234         if (!cache->filled_head) {
2235                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2236                 fi->csr1212_dirs[dr] = NULL;
2237                 CSR1212_FREE(cache);
2238                 return -ENOMEM;
2239         }
2240         cache->filled_tail = cache->filled_head;
2241
2242         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2243                            req->req.length)) {
2244                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2245                 fi->csr1212_dirs[dr] = NULL;
2246                 ret = -EFAULT;
2247         } else {
2248                 cache->len = req->req.length;
2249                 cache->filled_head->offset_start = 0;
2250                 cache->filled_head->offset_end = cache->size - 1;
2251
2252                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2253
2254                 ret = CSR1212_SUCCESS;
2255                 /* parse all the items */
2256                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2257                      kv = kv->next) {
2258                         ret = csr1212_parse_keyval(kv, cache);
2259                 }
2260
2261                 /* attach top level items to the root directory */
2262                 for (dentry =
2263                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2264                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2265                         ret =
2266                             csr1212_attach_keyval_to_directory(fi->host->csr.
2267                                                                rom->root_kv,
2268                                                                dentry->kv);
2269                 }
2270
2271                 if (ret == CSR1212_SUCCESS) {
2272                         ret = hpsb_update_config_rom_image(fi->host);
2273
2274                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2275                                                      &dr, sizeof(dr))) {
2276                                 ret = -ENOMEM;
2277                         }
2278                 }
2279         }
2280         kfree(cache->filled_head);
2281         CSR1212_FREE(cache);
2282
2283         if (ret >= 0) {
2284                 /* we have to free the request, because we queue no response,
2285                  * and therefore nobody will free it */
2286                 free_pending_request(req);
2287                 return sizeof(struct raw1394_request);
2288         } else {
2289                 for (dentry =
2290                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2291                      dentry; dentry = dentry->next) {
2292                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2293                                                              root_kv,
2294                                                              dentry->kv);
2295                 }
2296                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2297                 fi->csr1212_dirs[dr] = NULL;
2298                 return ret;
2299         }
2300 }
2301
2302 static int state_connected(struct file_info *fi, struct pending_request *req)
2303 {
2304         int node = req->req.address >> 48;
2305
2306         req->req.error = RAW1394_ERROR_NONE;
2307
2308         switch (req->req.type) {
2309
2310         case RAW1394_REQ_ECHO:
2311                 queue_complete_req(req);
2312                 return sizeof(struct raw1394_request);
2313
2314         case RAW1394_REQ_ISO_SEND:
2315                 print_old_iso_deprecation();
2316                 return handle_iso_send(fi, req, node);
2317
2318         case RAW1394_REQ_ARM_REGISTER:
2319                 return arm_register(fi, req);
2320
2321         case RAW1394_REQ_ARM_UNREGISTER:
2322                 return arm_unregister(fi, req);
2323
2324         case RAW1394_REQ_ARM_SET_BUF:
2325                 return arm_set_buf(fi, req);
2326
2327         case RAW1394_REQ_ARM_GET_BUF:
2328                 return arm_get_buf(fi, req);
2329
2330         case RAW1394_REQ_RESET_NOTIFY:
2331                 return reset_notification(fi, req);
2332
2333         case RAW1394_REQ_ISO_LISTEN:
2334                 print_old_iso_deprecation();
2335                 handle_iso_listen(fi, req);
2336                 return sizeof(struct raw1394_request);
2337
2338         case RAW1394_REQ_FCP_LISTEN:
2339                 handle_fcp_listen(fi, req);
2340                 return sizeof(struct raw1394_request);
2341
2342         case RAW1394_REQ_RESET_BUS:
2343                 if (req->req.misc == RAW1394_LONG_RESET) {
2344                         DBGMSG("busreset called (type: LONG)");
2345                         hpsb_reset_bus(fi->host, LONG_RESET);
2346                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2347                         return sizeof(struct raw1394_request);
2348                 }
2349                 if (req->req.misc == RAW1394_SHORT_RESET) {
2350                         DBGMSG("busreset called (type: SHORT)");
2351                         hpsb_reset_bus(fi->host, SHORT_RESET);
2352                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2353                         return sizeof(struct raw1394_request);
2354                 }
2355                 /* error EINVAL (22) invalid argument */
2356                 return (-EINVAL);
2357         case RAW1394_REQ_GET_ROM:
2358                 return get_config_rom(fi, req);
2359
2360         case RAW1394_REQ_UPDATE_ROM:
2361                 return update_config_rom(fi, req);
2362
2363         case RAW1394_REQ_MODIFY_ROM:
2364                 return modify_config_rom(fi, req);
2365         }
2366
2367         if (req->req.generation != get_hpsb_generation(fi->host)) {
2368                 req->req.error = RAW1394_ERROR_GENERATION;
2369                 req->req.generation = get_hpsb_generation(fi->host);
2370                 req->req.length = 0;
2371                 queue_complete_req(req);
2372                 return sizeof(struct raw1394_request);
2373         }
2374
2375         switch (req->req.type) {
2376         case RAW1394_REQ_PHYPACKET:
2377                 return write_phypacket(fi, req);
2378         case RAW1394_REQ_ASYNC_SEND:
2379                 return handle_async_send(fi, req);
2380         }
2381
2382         if (req->req.length == 0) {
2383                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2384                 queue_complete_req(req);
2385                 return sizeof(struct raw1394_request);
2386         }
2387
2388         return handle_async_request(fi, req, node);
2389 }
2390
2391 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2392                              size_t count, loff_t * offset_is_ignored)
2393 {
2394         struct file_info *fi = (struct file_info *)file->private_data;
2395         struct pending_request *req;
2396         ssize_t retval = 0;
2397
2398 #ifdef CONFIG_COMPAT
2399         if (count == sizeof(struct compat_raw1394_req) &&
2400             sizeof(struct compat_raw1394_req) !=
2401                         sizeof(struct raw1394_request)) {
2402                 buffer = raw1394_compat_write(buffer);
2403                 if (IS_ERR(buffer))
2404                         return PTR_ERR(buffer);
2405         } else
2406 #endif
2407         if (count != sizeof(struct raw1394_request)) {
2408                 return -EINVAL;
2409         }
2410
2411         req = alloc_pending_request();
2412         if (req == NULL) {
2413                 return -ENOMEM;
2414         }
2415         req->file_info = fi;
2416
2417         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2418                 free_pending_request(req);
2419                 return -EFAULT;
2420         }
2421
2422         switch (fi->state) {
2423         case opened:
2424                 retval = state_opened(fi, req);
2425                 break;
2426
2427         case initialized:
2428                 retval = state_initialized(fi, req);
2429                 break;
2430
2431         case connected:
2432                 retval = state_connected(fi, req);
2433                 break;
2434         }
2435
2436         if (retval < 0) {
2437                 free_pending_request(req);
2438         }
2439
2440         return retval;
2441 }
2442
2443 /* rawiso operations */
2444
2445 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2446  * completion queue (reqlists_lock must be taken) */
2447 static inline int __rawiso_event_in_queue(struct file_info *fi)
2448 {
2449         struct pending_request *req;
2450
2451         list_for_each_entry(req, &fi->req_complete, list)
2452             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2453                 return 1;
2454
2455         return 0;
2456 }
2457
2458 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2459 static void queue_rawiso_event(struct file_info *fi)
2460 {
2461         unsigned long flags;
2462
2463         spin_lock_irqsave(&fi->reqlists_lock, flags);
2464
2465         /* only one ISO activity event may be in the queue */
2466         if (!__rawiso_event_in_queue(fi)) {
2467                 struct pending_request *req =
2468                     __alloc_pending_request(GFP_ATOMIC);
2469
2470                 if (req) {
2471                         req->file_info = fi;
2472                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2473                         req->req.generation = get_hpsb_generation(fi->host);
2474                         __queue_complete_req(req);
2475                 } else {
2476                         /* on allocation failure, signal an overflow */
2477                         if (fi->iso_handle) {
2478                                 atomic_inc(&fi->iso_handle->overflows);
2479                         }
2480                 }
2481         }
2482         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2483 }
2484
2485 static void rawiso_activity_cb(struct hpsb_iso *iso)
2486 {
2487         unsigned long flags;
2488         struct host_info *hi;
2489         struct file_info *fi;
2490
2491         spin_lock_irqsave(&host_info_lock, flags);
2492         hi = find_host_info(iso->host);
2493
2494         if (hi != NULL) {
2495                 list_for_each_entry(fi, &hi->file_info_list, list) {
2496                         if (fi->iso_handle == iso)
2497                                 queue_rawiso_event(fi);
2498                 }
2499         }
2500
2501         spin_unlock_irqrestore(&host_info_lock, flags);
2502 }
2503
2504 /* helper function - gather all the kernel iso status bits for returning to user-space */
2505 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2506                                     struct raw1394_iso_status *stat)
2507 {
2508         stat->config.data_buf_size = iso->buf_size;
2509         stat->config.buf_packets = iso->buf_packets;
2510         stat->config.channel = iso->channel;
2511         stat->config.speed = iso->speed;
2512         stat->config.irq_interval = iso->irq_interval;
2513         stat->n_packets = hpsb_iso_n_ready(iso);
2514         stat->overflows = atomic_read(&iso->overflows);
2515         stat->xmit_cycle = iso->xmit_cycle;
2516 }
2517
2518 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2519 {
2520         struct raw1394_iso_status stat;
2521
2522         if (!fi->host)
2523                 return -EINVAL;
2524
2525         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2526                 return -EFAULT;
2527
2528         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2529                                             stat.config.data_buf_size,
2530                                             stat.config.buf_packets,
2531                                             stat.config.channel,
2532                                             stat.config.speed,
2533                                             stat.config.irq_interval,
2534                                             rawiso_activity_cb);
2535         if (!fi->iso_handle)
2536                 return -ENOMEM;
2537
2538         fi->iso_state = RAW1394_ISO_XMIT;
2539
2540         raw1394_iso_fill_status(fi->iso_handle, &stat);
2541         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2542                 return -EFAULT;
2543
2544         /* queue an event to get things started */
2545         rawiso_activity_cb(fi->iso_handle);
2546
2547         return 0;
2548 }
2549
2550 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2551 {
2552         struct raw1394_iso_status stat;
2553
2554         if (!fi->host)
2555                 return -EINVAL;
2556
2557         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2558                 return -EFAULT;
2559
2560         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2561                                             stat.config.data_buf_size,
2562                                             stat.config.buf_packets,
2563                                             stat.config.channel,
2564                                             stat.config.dma_mode,
2565                                             stat.config.irq_interval,
2566                                             rawiso_activity_cb);
2567         if (!fi->iso_handle)
2568                 return -ENOMEM;
2569
2570         fi->iso_state = RAW1394_ISO_RECV;
2571
2572         raw1394_iso_fill_status(fi->iso_handle, &stat);
2573         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2574                 return -EFAULT;
2575         return 0;
2576 }
2577
2578 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2579 {
2580         struct raw1394_iso_status stat;
2581         struct hpsb_iso *iso = fi->iso_handle;
2582
2583         raw1394_iso_fill_status(fi->iso_handle, &stat);
2584         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2585                 return -EFAULT;
2586
2587         /* reset overflow counter */
2588         atomic_set(&iso->overflows, 0);
2589
2590         return 0;
2591 }
2592
2593 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2594 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2595 {
2596         struct raw1394_iso_packets upackets;
2597         unsigned int packet = fi->iso_handle->first_packet;
2598         int i;
2599
2600         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2601                 return -EFAULT;
2602
2603         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2604                 return -EINVAL;
2605
2606         /* ensure user-supplied buffer is accessible and big enough */
2607         if (!access_ok(VERIFY_WRITE, upackets.infos,
2608                        upackets.n_packets *
2609                        sizeof(struct raw1394_iso_packet_info)))
2610                 return -EFAULT;
2611
2612         /* copy the packet_infos out */
2613         for (i = 0; i < upackets.n_packets; i++) {
2614                 if (__copy_to_user(&upackets.infos[i],
2615                                    &fi->iso_handle->infos[packet],
2616                                    sizeof(struct raw1394_iso_packet_info)))
2617                         return -EFAULT;
2618
2619                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2620         }
2621
2622         return 0;
2623 }
2624
2625 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2626 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2627 {
2628         struct raw1394_iso_packets upackets;
2629         int i, rv;
2630
2631         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2632                 return -EFAULT;
2633
2634         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2635                 return -EINVAL;
2636
2637         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2638                 return -EAGAIN;
2639
2640         /* ensure user-supplied buffer is accessible and big enough */
2641         if (!access_ok(VERIFY_READ, upackets.infos,
2642                        upackets.n_packets *
2643                        sizeof(struct raw1394_iso_packet_info)))
2644                 return -EFAULT;
2645
2646         /* copy the infos structs in and queue the packets */
2647         for (i = 0; i < upackets.n_packets; i++) {
2648                 struct raw1394_iso_packet_info info;
2649
2650                 if (__copy_from_user(&info, &upackets.infos[i],
2651                                      sizeof(struct raw1394_iso_packet_info)))
2652                         return -EFAULT;
2653
2654                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2655                                                 info.len, info.tag, info.sy);
2656                 if (rv)
2657                         return rv;
2658         }
2659
2660         return 0;
2661 }
2662
2663 static void raw1394_iso_shutdown(struct file_info *fi)
2664 {
2665         if (fi->iso_handle)
2666                 hpsb_iso_shutdown(fi->iso_handle);
2667
2668         fi->iso_handle = NULL;
2669         fi->iso_state = RAW1394_ISO_INACTIVE;
2670 }
2671
2672 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2673 {
2674         struct raw1394_cycle_timer ct;
2675         int err;
2676
2677         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2678         if (!err)
2679                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2680                         err = -EFAULT;
2681         return err;
2682 }
2683
2684 /* mmap the rawiso xmit/recv buffer */
2685 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2686 {
2687         struct file_info *fi = file->private_data;
2688
2689         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2690                 return -EINVAL;
2691
2692         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2693 }
2694
2695 /* ioctl is only used for rawiso operations */
2696 static int raw1394_ioctl(struct inode *inode, struct file *file,
2697                          unsigned int cmd, unsigned long arg)
2698 {
2699         struct file_info *fi = file->private_data;
2700         void __user *argp = (void __user *)arg;
2701
2702         switch (fi->iso_state) {
2703         case RAW1394_ISO_INACTIVE:
2704                 switch (cmd) {
2705                 case RAW1394_IOC_ISO_XMIT_INIT:
2706                         return raw1394_iso_xmit_init(fi, argp);
2707                 case RAW1394_IOC_ISO_RECV_INIT:
2708                         return raw1394_iso_recv_init(fi, argp);
2709                 default:
2710                         break;
2711                 }
2712                 break;
2713         case RAW1394_ISO_RECV:
2714                 switch (cmd) {
2715                 case RAW1394_IOC_ISO_RECV_START:{
2716                                 /* copy args from user-space */
2717                                 int args[3];
2718                                 if (copy_from_user
2719                                     (&args[0], argp, sizeof(args)))
2720                                         return -EFAULT;
2721                                 return hpsb_iso_recv_start(fi->iso_handle,
2722                                                            args[0], args[1],
2723                                                            args[2]);
2724                         }
2725                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2726                         hpsb_iso_stop(fi->iso_handle);
2727                         return 0;
2728                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2729                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2730                                                             arg);
2731                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2732                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2733                                                               arg);
2734                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2735                                 /* copy the u64 from user-space */
2736                                 u64 mask;
2737                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2738                                         return -EFAULT;
2739                                 return hpsb_iso_recv_set_channel_mask(fi->
2740                                                                       iso_handle,
2741                                                                       mask);
2742                         }
2743                 case RAW1394_IOC_ISO_GET_STATUS:
2744                         return raw1394_iso_get_status(fi, argp);
2745                 case RAW1394_IOC_ISO_RECV_PACKETS:
2746                         return raw1394_iso_recv_packets(fi, argp);
2747                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2748                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2749                                                              arg);
2750                 case RAW1394_IOC_ISO_RECV_FLUSH:
2751                         return hpsb_iso_recv_flush(fi->iso_handle);
2752                 case RAW1394_IOC_ISO_SHUTDOWN:
2753                         raw1394_iso_shutdown(fi);
2754                         return 0;
2755                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2756                         queue_rawiso_event(fi);
2757                         return 0;
2758                 }
2759                 break;
2760         case RAW1394_ISO_XMIT:
2761                 switch (cmd) {
2762                 case RAW1394_IOC_ISO_XMIT_START:{
2763                                 /* copy two ints from user-space */
2764                                 int args[2];
2765                                 if (copy_from_user
2766                                     (&args[0], argp, sizeof(args)))
2767                                         return -EFAULT;
2768                                 return hpsb_iso_xmit_start(fi->iso_handle,
2769                                                            args[0], args[1]);
2770                         }
2771                 case RAW1394_IOC_ISO_XMIT_SYNC:
2772                         return hpsb_iso_xmit_sync(fi->iso_handle);
2773                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2774                         hpsb_iso_stop(fi->iso_handle);
2775                         return 0;
2776                 case RAW1394_IOC_ISO_GET_STATUS:
2777                         return raw1394_iso_get_status(fi, argp);
2778                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2779                         return raw1394_iso_send_packets(fi, argp);
2780                 case RAW1394_IOC_ISO_SHUTDOWN:
2781                         raw1394_iso_shutdown(fi);
2782                         return 0;
2783                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2784                         queue_rawiso_event(fi);
2785                         return 0;
2786                 }
2787                 break;
2788         default:
2789                 break;
2790         }
2791
2792         /* state-independent commands */
2793         switch(cmd) {
2794         case RAW1394_IOC_GET_CYCLE_TIMER:
2795                 return raw1394_read_cycle_timer(fi, argp);
2796         default:
2797                 break;
2798         }
2799
2800         return -EINVAL;
2801 }
2802
2803 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2804 {
2805         struct file_info *fi = file->private_data;
2806         unsigned int mask = POLLOUT | POLLWRNORM;
2807         unsigned long flags;
2808
2809         poll_wait(file, &fi->wait_complete, pt);
2810
2811         spin_lock_irqsave(&fi->reqlists_lock, flags);
2812         if (!list_empty(&fi->req_complete)) {
2813                 mask |= POLLIN | POLLRDNORM;
2814         }
2815         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2816
2817         return mask;
2818 }
2819
2820 static int raw1394_open(struct inode *inode, struct file *file)
2821 {
2822         struct file_info *fi;
2823
2824         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2825         if (!fi)