[deliverable/linux.git] / drivers / firewire / fw-device-cdev.c

/*						-*- c-basic-offset: 8 -*-
 *
 * fw-device-cdev.c - Char device for device raw access
 *
 * Copyright (C) 2005-2006  Kristian Hoegsberg <krh@bitplanet.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/wait.h>
#include <linux/errno.h>
#include <linux/device.h>
#include <linux/vmalloc.h>
#include <linux/poll.h>
#include <linux/delay.h>
#include <linux/mm.h>
#include <linux/compat.h>
#include <asm/uaccess.h>
#include "fw-transaction.h"
#include "fw-topology.h"
#include "fw-device.h"
#include "fw-device-cdev.h"

/*
 * todo
 *
 * - bus resets sends a new packet with new generation and node id
 *
 */

/* dequeue_event() just kfree()'s the event, so the event has to be
 * the first field in the struct. */

struct event {
	struct { void *data; size_t size; } v[2];
	struct list_head link;
};

struct response {
	struct event event;
	struct fw_transaction transaction;
	struct client *client;
	struct fw_cdev_event_response response;
};

struct iso_interrupt {
	struct event event;
	struct fw_cdev_event_iso_interrupt interrupt;
};

struct client {
	struct fw_device *device;
	spinlock_t lock;
	struct list_head handler_list;
	struct list_head request_list;
	u32 request_serial;
	struct list_head event_list;
	struct semaphore event_list_sem;
	wait_queue_head_t wait;

	struct fw_iso_context *iso_context;
	struct fw_iso_buffer buffer;
	unsigned long vm_start;
};

static inline void __user *
u64_to_uptr(__u64 value)
{
	return (void __user *)(unsigned long)value;
}

static inline __u64
uptr_to_u64(void __user *ptr)
{
	return (__u64)(unsigned long)ptr;
}

static int fw_device_op_open(struct inode *inode, struct file *file)
{
	struct fw_device *device;
	struct client *client;

	device = container_of(inode->i_cdev, struct fw_device, cdev);

	client = kzalloc(sizeof *client, GFP_KERNEL);
	if (client == NULL)
		return -ENOMEM;

	client->device = fw_device_get(device);
	INIT_LIST_HEAD(&client->event_list);
	sema_init(&client->event_list_sem, 0);
	INIT_LIST_HEAD(&client->handler_list);
	INIT_LIST_HEAD(&client->request_list);
	spin_lock_init(&client->lock);
	init_waitqueue_head(&client->wait);

	file->private_data = client;

	return 0;
}

static void queue_event(struct client *client, struct event *event,
			void *data0, size_t size0, void *data1, size_t size1)
{
	unsigned long flags;

	event->v[0].data = data0;
	event->v[0].size = size0;
	event->v[1].data = data1;
	event->v[1].size = size1;

	spin_lock_irqsave(&client->lock, flags);

	list_add_tail(&event->link, &client->event_list);

	up(&client->event_list_sem);
	wake_up_interruptible(&client->wait);

	spin_unlock_irqrestore(&client->lock, flags);
}

static int dequeue_event(struct client *client, char __user *buffer, size_t count)
{
	unsigned long flags;
	struct event *event;
	size_t size, total;
	int i, retval = -EFAULT;

	if (down_interruptible(&client->event_list_sem) < 0)
		return -EINTR;

	spin_lock_irqsave(&client->lock, flags);

	event = container_of(client->event_list.next, struct event, link);
	list_del(&event->link);

	spin_unlock_irqrestore(&client->lock, flags);

	if (buffer == NULL)
		goto out;

	total = 0;
	for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) {
		size = min(event->v[i].size, count - total);
		if (copy_to_user(buffer + total, event->v[i].data, size))
			goto out;
		total += size;
	}
	retval = total;

 out:
	kfree(event);

	return retval;
}

static ssize_t
fw_device_op_read(struct file *file,
		  char __user *buffer, size_t count, loff_t *offset)
{
	struct client *client = file->private_data;

	return dequeue_event(client, buffer, count);
}

static int ioctl_config_rom(struct client *client, void __user *arg)
{
	struct fw_cdev_get_config_rom rom;

	rom.length = client->device->config_rom_length;
	memcpy(rom.data, client->device->config_rom, rom.length * 4);
	if (copy_to_user(arg, &rom,
			 (char *)&rom.data[rom.length] - (char *)&rom))
		return -EFAULT;

	return 0;
}

static void
complete_transaction(struct fw_card *card, int rcode,
		     void *payload, size_t length, void *data)
{
	struct response *response = data;
	struct client *client = response->client;

	if (length < response->response.length)
		response->response.length = length;
	if (rcode == RCODE_COMPLETE)
		memcpy(response->response.data, payload,
		       response->response.length);

	response->response.type   = FW_CDEV_EVENT_RESPONSE;
	response->response.rcode  = rcode;
	queue_event(client, &response->event,
		    &response->response, sizeof response->response,
		    response->response.data, response->response.length);
}

static ssize_t ioctl_send_request(struct client *client, void __user *arg)
{
	struct fw_device *device = client->device;
	struct fw_cdev_send_request request;
	struct response *response;

	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	/* What is the biggest size we'll accept, really? */
	if (request.length > 4096)
		return -EINVAL;

	response = kmalloc(sizeof *response + request.length, GFP_KERNEL);
	if (response == NULL)
		return -ENOMEM;

	response->client = client;
	response->response.length = request.length;
	response->response.closure = request.closure;

	if (request.data &&
	    copy_from_user(response->response.data,
			   u64_to_uptr(request.data), request.length)) {
		kfree(response);
		return -EFAULT;
	}

	fw_send_request(device->card, &response->transaction,
			request.tcode,
			device->node->node_id,
			device->card->generation,
			device->node->max_speed,
			request.offset,
			response->response.data, request.length,
			complete_transaction, response);

	if (request.data)
		return sizeof request + request.length;
	else
		return sizeof request;
}

struct address_handler {
	struct fw_address_handler handler;
	__u64 closure;
	struct client *client;
	struct list_head link;
};

struct request {
	struct fw_request *request;
	void *data;
	size_t length;
	u32 serial;
	struct list_head link;
};

struct request_event {
	struct event event;
	struct fw_cdev_event_request request;
};

static void
handle_request(struct fw_card *card, struct fw_request *r,
	       int tcode, int destination, int source,
	       int generation, int speed,
	       unsigned long long offset,
	       void *payload, size_t length, void *callback_data)
{
	struct address_handler *handler = callback_data;
	struct request *request;
	struct request_event *e;
	unsigned long flags;
	struct client *client = handler->client;

	request = kmalloc(sizeof *request, GFP_ATOMIC);
	e = kmalloc(sizeof *e, GFP_ATOMIC);
	if (request == NULL || e == NULL) {
		kfree(request);
		kfree(e);
		fw_send_response(card, r, RCODE_CONFLICT_ERROR);
		return;
	}

	request->request = r;
	request->data    = payload;
	request->length  = length;

	spin_lock_irqsave(&client->lock, flags);
	request->serial = client->request_serial++;
	list_add_tail(&request->link, &client->request_list);
	spin_unlock_irqrestore(&client->lock, flags);

	e->request.type    = FW_CDEV_EVENT_REQUEST;
	e->request.tcode   = tcode;
	e->request.offset  = offset;
	e->request.length  = length;
	e->request.serial  = request->serial;
	e->request.closure = handler->closure;

	queue_event(client, &e->event,
		    &e->request, sizeof e->request, payload, length);
}

static int ioctl_allocate(struct client *client, void __user *arg)
{
	struct fw_cdev_allocate request;
	struct address_handler *handler;
	unsigned long flags;
	struct fw_address_region region;

	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	handler = kmalloc(sizeof *handler, GFP_KERNEL);
	if (handler == NULL)
		return -ENOMEM;

	region.start = request.offset;
	region.end = request.offset + request.length;
	handler->handler.length = request.length;
	handler->handler.address_callback = handle_request;
	handler->handler.callback_data = handler;
	handler->closure = request.closure;
	handler->client = client;

	if (fw_core_add_address_handler(&handler->handler, &region) < 0) {
		kfree(handler);
		return -EBUSY;
	}

	spin_lock_irqsave(&client->lock, flags);
	list_add_tail(&handler->link, &client->handler_list);
	spin_unlock_irqrestore(&client->lock, flags);

	return 0;
}

static int ioctl_send_response(struct client *client, void __user *arg)
{
	struct fw_cdev_send_response request;
	struct request *r;
	unsigned long flags;

	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	spin_lock_irqsave(&client->lock, flags);
	list_for_each_entry(r, &client->request_list, link) {
		if (r->serial == request.serial) {
			list_del(&r->link);
			break;
		}
	}
	spin_unlock_irqrestore(&client->lock, flags);

	if (&r->link == &client->request_list)
		return -EINVAL;

	if (request.length < r->length)
		r->length = request.length;
	if (copy_from_user(r->data, u64_to_uptr(request.data), r->length))
		return -EFAULT;

	fw_send_response(client->device->card, r->request, request.rcode);

	kfree(r);

	return 0;
}

static void
iso_callback(struct fw_iso_context *context, u32 cycle,
	     size_t header_length, void *header, void *data)
{
	struct client *client = data;
	struct iso_interrupt *interrupt;

	interrupt = kzalloc(sizeof *interrupt + header_length, GFP_ATOMIC);
	if (interrupt == NULL)
		return;

	interrupt->interrupt.type      = FW_CDEV_EVENT_ISO_INTERRUPT;
	interrupt->interrupt.closure   = 0;
	interrupt->interrupt.cycle     = cycle;
	interrupt->interrupt.header_length = header_length;
	memcpy(interrupt->interrupt.header, header, header_length);
	queue_event(client, &interrupt->event,
		    &interrupt->interrupt,
		    sizeof interrupt->interrupt + header_length, NULL, 0);
}

static int ioctl_create_iso_context(struct client *client, void __user *arg)
{
	struct fw_cdev_create_iso_context request;

	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	if (request.type > FW_ISO_CONTEXT_RECEIVE)
		return -EINVAL;

	client->iso_context = fw_iso_context_create(client->device->card,
						    request.type,
						    request.header_size,
						    iso_callback, client);
	if (IS_ERR(client->iso_context))
		return PTR_ERR(client->iso_context);

	return 0;
}

static int ioctl_queue_iso(struct client *client, void __user *arg)
{
	struct fw_cdev_queue_iso request;
	struct fw_cdev_iso_packet __user *p, *end, *next;
	struct fw_iso_context *ctx = client->iso_context;
	unsigned long payload, payload_end, header_length;
	int count;
	struct {
		struct fw_iso_packet packet;
		u8 header[256];
	} u;

	if (ctx == NULL)
		return -EINVAL;
	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	/* If the user passes a non-NULL data pointer, has mmap()'ed
	 * the iso buffer, and the pointer points inside the buffer,
	 * we setup the payload pointers accordingly.  Otherwise we
	 * set them both to 0, which will still let packets with
	 * payload_length == 0 through.  In other words, if no packets
	 * use the indirect payload, the iso buffer need not be mapped
	 * and the request.data pointer is ignored.*/

	payload = (unsigned long)request.data - client->vm_start;
	payload_end = payload + (client->buffer.page_count << PAGE_SHIFT);
	if (request.data == 0 || client->buffer.pages == NULL ||
	    payload >= payload_end) {
		payload = 0;
		payload_end = 0;
	}

	if (!access_ok(VERIFY_READ, request.packets, request.size))
		return -EFAULT;

	p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(request.packets);
	end = (void __user *)p + request.size;
	count = 0;
	while (p < end) {
		if (__copy_from_user(&u.packet, p, sizeof *p))
			return -EFAULT;

		if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) {
			header_length = u.packet.header_length;
		} else {
			/* We require that header_length is a multiple of
			 * the fixed header size, ctx->header_size */
			if (ctx->header_size == 0) {
				if (u.packet.header_length > 0)
					return -EINVAL;
			} else if (u.packet.header_length % ctx->header_size != 0) {
				return -EINVAL;
			}
			header_length = 0;
		}

		next = (struct fw_cdev_iso_packet __user *)
			&p->header[header_length / 4];
		if (next > end)
			return -EINVAL;
		if (__copy_from_user
		    (u.packet.header, p->header, header_length))
			return -EFAULT;
		if (u.packet.skip &&
		    u.packet.header_length + u.packet.payload_length > 0)
			return -EINVAL;
		if (payload + u.packet.payload_length > payload_end)
			return -EINVAL;

		if (fw_iso_context_queue(ctx, &u.packet,
					 &client->buffer, payload))
			break;

		p = next;
		payload += u.packet.payload_length;
		count++;
	}

	request.size    -= uptr_to_u64(p) - request.packets;
	request.packets  = uptr_to_u64(p);
	request.data     = client->vm_start + payload;

	if (copy_to_user(arg, &request, sizeof request))
		return -EFAULT;

	return count;
}

static int ioctl_start_iso(struct client *client, void __user *arg)
{
	struct fw_cdev_start_iso request;

	if (copy_from_user(&request, arg, sizeof request))
		return -EFAULT;

	return fw_iso_context_start(client->iso_context, request.channel,
				    request.speed, request.cycle);
}

static int ioctl_stop_iso(struct client *client, void __user *arg)
{
	return fw_iso_context_stop(client->iso_context);
}

static int
dispatch_ioctl(struct client *client, unsigned int cmd, void __user *arg)
{
	switch (cmd) {
	case FW_CDEV_IOC_GET_CONFIG_ROM:
		return ioctl_config_rom(client, arg);
	case FW_CDEV_IOC_SEND_REQUEST:
		return ioctl_send_request(client, arg);
	case FW_CDEV_IOC_ALLOCATE:
		return ioctl_allocate(client, arg);
	case FW_CDEV_IOC_SEND_RESPONSE:
		return ioctl_send_response(client, arg);
	case FW_CDEV_IOC_CREATE_ISO_CONTEXT:
		return ioctl_create_iso_context(client, arg);
	case FW_CDEV_IOC_QUEUE_ISO:
		return ioctl_queue_iso(client, arg);
	case FW_CDEV_IOC_START_ISO:
		return ioctl_start_iso(client, arg);
	case FW_CDEV_IOC_STOP_ISO:
		return ioctl_stop_iso(client, arg);
	default:
		return -EINVAL;
	}
}

static long
fw_device_op_ioctl(struct file *file,
		   unsigned int cmd, unsigned long arg)
{
	struct client *client = file->private_data;

	return dispatch_ioctl(client, cmd, (void __user *) arg);
}

#ifdef CONFIG_COMPAT
static long
fw_device_op_compat_ioctl(struct file *file,
			  unsigned int cmd, unsigned long arg)
{
	struct client *client = file->private_data;

	return dispatch_ioctl(client, cmd, compat_ptr(arg));
}
#endif

static int fw_device_op_mmap(struct file *file, struct vm_area_struct *vma)
{
	struct client *client = file->private_data;
	enum dma_data_direction direction;
	unsigned long size;
	int page_count, retval;

	/* FIXME: We could support multiple buffers, but we don't. */
	if (client->buffer.pages != NULL)
		return -EBUSY;

	if (!(vma->vm_flags & VM_SHARED))
		return -EINVAL;

	if (vma->vm_start & ~PAGE_MASK)
		return -EINVAL;

	client->vm_start = vma->vm_start;
	size = vma->vm_end - vma->vm_start;
	page_count = size >> PAGE_SHIFT;
	if (size & ~PAGE_MASK)
		return -EINVAL;

	if (vma->vm_flags & VM_WRITE)
		direction = DMA_TO_DEVICE;
	else
		direction = DMA_FROM_DEVICE;

	retval = fw_iso_buffer_init(&client->buffer, client->device->card,
				    page_count, direction);
	if (retval < 0)
		return retval;

	retval = fw_iso_buffer_map(&client->buffer, vma);
	if (retval < 0)
		fw_iso_buffer_destroy(&client->buffer, client->device->card);

	return retval;
}

static int fw_device_op_release(struct inode *inode, struct file *file)
{
	struct client *client = file->private_data;
	struct address_handler *h, *next;
	struct request *r, *next_r;

	if (client->buffer.pages)
		fw_iso_buffer_destroy(&client->buffer, client->device->card);

	if (client->iso_context)
		fw_iso_context_destroy(client->iso_context);

	list_for_each_entry_safe(h, next, &client->handler_list, link) {
		fw_core_remove_address_handler(&h->handler);
		kfree(h);
	}

	list_for_each_entry_safe(r, next_r, &client->request_list, link) {
		fw_send_response(client->device->card, r->request,
				 RCODE_CONFLICT_ERROR);
		kfree(r);
	}

	/* TODO: wait for all transactions to finish so
	 * complete_transaction doesn't try to queue up responses
	 * after we free client. */
	while (!list_empty(&client->event_list))
		dequeue_event(client, NULL, 0);

	fw_device_put(client->device);
	kfree(client);

	return 0;
}

static unsigned int fw_device_op_poll(struct file *file, poll_table * pt)
{
	struct client *client = file->private_data;

	poll_wait(file, &client->wait, pt);

	if (!list_empty(&client->event_list))
		return POLLIN | POLLRDNORM;
	else
		return 0;
}

const struct file_operations fw_device_ops = {
	.owner		= THIS_MODULE,
	.open		= fw_device_op_open,
	.read		= fw_device_op_read,
	.unlocked_ioctl	= fw_device_op_ioctl,
	.poll		= fw_device_op_poll,
	.release	= fw_device_op_release,
	.mmap		= fw_device_op_mmap,

#ifdef CONFIG_COMPAT
	.compat_ioctl	= fw_device_op_compat_ioctl,
#endif
};
Commit	Line	Data
19a15b93 KH	1	/* -- c-basic-offset: 8 --
	2	*
	3	* fw-device-cdev.c - Char device for device raw access
	4	*
	5	* Copyright (C) 2005-2006 Kristian Hoegsberg <krh@bitplanet.net>
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation; either version 2 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program; if not, write to the Free Software Foundation,
	19	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	20	*/
	21
	22	#include <linux/module.h>
	23	#include <linux/kernel.h>
	24	#include <linux/wait.h>
	25	#include <linux/errno.h>
	26	#include <linux/device.h>
	27	#include <linux/vmalloc.h>
	28	#include <linux/poll.h>
	29	#include <linux/delay.h>
	30	#include <linux/mm.h>
	31	#include <linux/compat.h>
	32	#include <asm/uaccess.h>
	33	#include "fw-transaction.h"
	34	#include "fw-topology.h"
	35	#include "fw-device.h"
	36	#include "fw-device-cdev.h"
	37
	38	/*
	39	* todo
	40	*
	41	* - bus resets sends a new packet with new generation and node id
	42	*
	43	*/
	44
	45	/* dequeue_event() just kfree()'s the event, so the event has to be
	46	* the first field in the struct. */
	47
	48	struct event {
	49	struct { void *data; size_t size; } v[2];
	50	struct list_head link;
	51	};
	52
	53	struct response {
	54	struct event event;
	55	struct fw_transaction transaction;
	56	struct client *client;
	57	struct fw_cdev_event_response response;
	58	};
	59
	60	struct iso_interrupt {
	61	struct event event;
	62	struct fw_cdev_event_iso_interrupt interrupt;
	63	};
	64
65	struct client {
66	struct fw_device *device;
67	spinlock_t lock;
68	struct list_head handler_list;
69	struct list_head request_list;
70	u32 request_serial;
71	struct list_head event_list;
72	struct semaphore event_list_sem;
73	wait_queue_head_t wait;
9aad8125	74
19a15b93	75	struct fw_iso_context *iso_context;
9aad8125 KH	76	struct fw_iso_buffer buffer;
9aad8125 KH	77	unsigned long vm_start;
19a15b93 KH	78	};
	79
	80	static inline void __user *
	81	u64_to_uptr(__u64 value)
	82	{
	83	return (void __user *)(unsigned long)value;
	84	}
	85
	86	static inline __u64
	87	uptr_to_u64(void __user *ptr)
	88	{
	89	return (__u64)(unsigned long)ptr;
	90	}
	91
	92	static int fw_device_op_open(struct inode inode, struct file file)
	93	{
	94	struct fw_device *device;
	95	struct client *client;
	96
	97	device = container_of(inode->i_cdev, struct fw_device, cdev);
	98
	99	client = kzalloc(sizeof *client, GFP_KERNEL);
	100	if (client == NULL)
	101	return -ENOMEM;
	102
	103	client->device = fw_device_get(device);
	104	INIT_LIST_HEAD(&client->event_list);
	105	sema_init(&client->event_list_sem, 0);
	106	INIT_LIST_HEAD(&client->handler_list);
	107	INIT_LIST_HEAD(&client->request_list);
	108	spin_lock_init(&client->lock);
	109	init_waitqueue_head(&client->wait);
	110
	111	file->private_data = client;
	112
	113	return 0;
	114	}
	115
	116	static void queue_event(struct client client, struct event event,
	117	void data0, size_t size0, void data1, size_t size1)
	118	{
	119	unsigned long flags;
	120
	121	event->v[0].data = data0;
	122	event->v[0].size = size0;
	123	event->v[1].data = data1;
	124	event->v[1].size = size1;
	125
	126	spin_lock_irqsave(&client->lock, flags);
	127
	128	list_add_tail(&event->link, &client->event_list);
	129
	130	up(&client->event_list_sem);
	131	wake_up_interruptible(&client->wait);
	132
	133	spin_unlock_irqrestore(&client->lock, flags);
	134	}
	135
	136	static int dequeue_event(struct client client, char __user buffer, size_t count)
	137	{
	138	unsigned long flags;
	139	struct event *event;
	140	size_t size, total;
	141	int i, retval = -EFAULT;
142
143	if (down_interruptible(&client->event_list_sem) < 0)
144	return -EINTR;
145
146	spin_lock_irqsave(&client->lock, flags);
147
148	event = container_of(client->event_list.next, struct event, link);
149	list_del(&event->link);
150
151	spin_unlock_irqrestore(&client->lock, flags);
152
153	if (buffer == NULL)
154	goto out;
155
156	total = 0;
157	for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) {
158	size = min(event->v[i].size, count - total);
159	if (copy_to_user(buffer + total, event->v[i].data, size))
160	goto out;
161	total += size;
162	}
163	retval = total;
164
165	out:
166	kfree(event);
167
168	return retval;
169	}
170
171	static ssize_t
172	fw_device_op_read(struct file *file,
173	char __user buffer, size_t count, loff_t offset)
174	{
175	struct client *client = file->private_data;
176
177	return dequeue_event(client, buffer, count);
178	}
179
180	static int ioctl_config_rom(struct client client, void __user arg)
181	{
182	struct fw_cdev_get_config_rom rom;
183
184	rom.length = client->device->config_rom_length;
185	memcpy(rom.data, client->device->config_rom, rom.length * 4);
186	if (copy_to_user(arg, &rom,
187	(char )&rom.data[rom.length] - (char )&rom))
188	return -EFAULT;
189
190	return 0;
191	}
192
193	static void
194	complete_transaction(struct fw_card *card, int rcode,
195	void payload, size_t length, void data)
196	{
197	struct response *response = data;
198	struct client *client = response->client;
199
200	if (length < response->response.length)
201	response->response.length = length;
202	if (rcode == RCODE_COMPLETE)
203	memcpy(response->response.data, payload,
204	response->response.length);
205
206	response->response.type = FW_CDEV_EVENT_RESPONSE;
207	response->response.rcode = rcode;
208	queue_event(client, &response->event,
209	&response->response, sizeof response->response,
210	response->response.data, response->response.length);
211	}
212
213	static ssize_t ioctl_send_request(struct client client, void __user arg)
214	{
215	struct fw_device *device = client->device;
216	struct fw_cdev_send_request request;
217	struct response *response;
218
219	if (copy_from_user(&request, arg, sizeof request))
220	return -EFAULT;
221
222	/* What is the biggest size we'll accept, really? */
223	if (request.length > 4096)
224	return -EINVAL;
225
226	response = kmalloc(sizeof *response + request.length, GFP_KERNEL);
227	if (response == NULL)
228	return -ENOMEM;
229
230	response->client = client;
231	response->response.length = request.length;
232	response->response.closure = request.closure;
233
234	if (request.data &&
235	copy_from_user(response->response.data,
236	u64_to_uptr(request.data), request.length)) {
237	kfree(response);
238	return -EFAULT;
239	}
240
241	fw_send_request(device->card, &response->transaction,
242	request.tcode,
907293d7	243	device->node->node_id,
19a15b93 KH	244	device->card->generation,
	245	device->node->max_speed,
	246	request.offset,
	247	response->response.data, request.length,
	248	complete_transaction, response);
	249
	250	if (request.data)
	251	return sizeof request + request.length;
	252	else
	253	return sizeof request;
	254	}
	255
	256	struct address_handler {
	257	struct fw_address_handler handler;
	258	__u64 closure;
	259	struct client *client;
	260	struct list_head link;
	261	};
	262
	263	struct request {
	264	struct fw_request *request;
	265	void *data;
	266	size_t length;
	267	u32 serial;
	268	struct list_head link;
	269	};
	270
	271	struct request_event {
	272	struct event event;
	273	struct fw_cdev_event_request request;
	274	};
	275
	276	static void
	277	handle_request(struct fw_card card, struct fw_request r,
	278	int tcode, int destination, int source,
	279	int generation, int speed,
	280	unsigned long long offset,
	281	void payload, size_t length, void callback_data)
	282	{
	283	struct address_handler *handler = callback_data;
	284	struct request *request;
	285	struct request_event *e;
	286	unsigned long flags;
	287	struct client *client = handler->client;
	288
	289	request = kmalloc(sizeof *request, GFP_ATOMIC);
	290	e = kmalloc(sizeof *e, GFP_ATOMIC);
	291	if (request == NULL \|\| e == NULL) {
	292	kfree(request);
	293	kfree(e);
	294	fw_send_response(card, r, RCODE_CONFLICT_ERROR);
	295	return;
	296	}
	297
	298	request->request = r;
	299	request->data = payload;
	300	request->length = length;
	301
	302	spin_lock_irqsave(&client->lock, flags);
	303	request->serial = client->request_serial++;
	304	list_add_tail(&request->link, &client->request_list);
	305	spin_unlock_irqrestore(&client->lock, flags);
	306
	307	e->request.type = FW_CDEV_EVENT_REQUEST;
308	e->request.tcode = tcode;
309	e->request.offset = offset;
310	e->request.length = length;
311	e->request.serial = request->serial;
312	e->request.closure = handler->closure;
313
314	queue_event(client, &e->event,
315	&e->request, sizeof e->request, payload, length);
316	}
317
318	static int ioctl_allocate(struct client client, void __user arg)
319	{
320	struct fw_cdev_allocate request;
321	struct address_handler *handler;
322	unsigned long flags;
323	struct fw_address_region region;
324
325	if (copy_from_user(&request, arg, sizeof request))
326	return -EFAULT;
327
328	handler = kmalloc(sizeof *handler, GFP_KERNEL);
329	if (handler == NULL)
330	return -ENOMEM;
331
332	region.start = request.offset;
333	region.end = request.offset + request.length;
334	handler->handler.length = request.length;
335	handler->handler.address_callback = handle_request;
336	handler->handler.callback_data = handler;
337	handler->closure = request.closure;
338	handler->client = client;
339
340	if (fw_core_add_address_handler(&handler->handler, &region) < 0) {
341	kfree(handler);
342	return -EBUSY;
343	}
344
345	spin_lock_irqsave(&client->lock, flags);
346	list_add_tail(&handler->link, &client->handler_list);
347	spin_unlock_irqrestore(&client->lock, flags);
348
349	return 0;
350	}
351
352	static int ioctl_send_response(struct client client, void __user arg)
353	{
354	struct fw_cdev_send_response request;
355	struct request *r;
356	unsigned long flags;
357
358	if (copy_from_user(&request, arg, sizeof request))
359	return -EFAULT;
360
361	spin_lock_irqsave(&client->lock, flags);
362	list_for_each_entry(r, &client->request_list, link) {
363	if (r->serial == request.serial) {
364	list_del(&r->link);
365	break;
366	}
367	}
368	spin_unlock_irqrestore(&client->lock, flags);
369
370	if (&r->link == &client->request_list)
371	return -EINVAL;
372
373	if (request.length < r->length)
374	r->length = request.length;
375	if (copy_from_user(r->data, u64_to_uptr(request.data), r->length))
376	return -EFAULT;
377
378	fw_send_response(client->device->card, r->request, request.rcode);
379
380	kfree(r);
381
382	return 0;
383	}
384
385	static void
9b32d5f3 KH	386	iso_callback(struct fw_iso_context *context, u32 cycle,
9b32d5f3 KH	387	size_t header_length, void header, void data)
19a15b93 KH	388	{
	389	struct client *client = data;
	390	struct iso_interrupt *interrupt;
	391
9b32d5f3	392	interrupt = kzalloc(sizeof *interrupt + header_length, GFP_ATOMIC);
19a15b93 KH	393	if (interrupt == NULL)
	394	return;
	395
	396	interrupt->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT;
	397	interrupt->interrupt.closure = 0;
	398	interrupt->interrupt.cycle = cycle;
9b32d5f3 KH	399	interrupt->interrupt.header_length = header_length;
9b32d5f3 KH	400	memcpy(interrupt->interrupt.header, header, header_length);
19a15b93	401	queue_event(client, &interrupt->event,
9b32d5f3 KH	402	&interrupt->interrupt,
9b32d5f3 KH	403	sizeof interrupt->interrupt + header_length, NULL, 0);
19a15b93 KH	404	}
	405
	406	static int ioctl_create_iso_context(struct client client, void __user arg)
	407	{
	408	struct fw_cdev_create_iso_context request;
	409
	410	if (copy_from_user(&request, arg, sizeof request))
	411	return -EFAULT;
	412
295e3feb KH	413	if (request.type > FW_ISO_CONTEXT_RECEIVE)
	414	return -EINVAL;
	415
19a15b93	416	client->iso_context = fw_iso_context_create(client->device->card,
295e3feb KH	417	request.type,
295e3feb KH	418	request.header_size,
19a15b93 KH	419	iso_callback, client);
	420	if (IS_ERR(client->iso_context))
	421	return PTR_ERR(client->iso_context);
	422
	423	return 0;
	424	}
	425
	426	static int ioctl_queue_iso(struct client client, void __user arg)
	427	{
	428	struct fw_cdev_queue_iso request;
	429	struct fw_cdev_iso_packet __user p, end, *next;
9b32d5f3	430	struct fw_iso_context *ctx = client->iso_context;
295e3feb	431	unsigned long payload, payload_end, header_length;
19a15b93 KH	432	int count;
	433	struct {
	434	struct fw_iso_packet packet;
	435	u8 header[256];
	436	} u;
	437
9b32d5f3	438	if (ctx == NULL)
19a15b93 KH	439	return -EINVAL;
	440	if (copy_from_user(&request, arg, sizeof request))
	441	return -EFAULT;
	442
	443	/* If the user passes a non-NULL data pointer, has mmap()'ed
	444	* the iso buffer, and the pointer points inside the buffer,
	445	* we setup the payload pointers accordingly. Otherwise we
9aad8125	446	* set them both to 0, which will still let packets with
19a15b93 KH	447	* payload_length == 0 through. In other words, if no packets
	448	* use the indirect payload, the iso buffer need not be mapped
	449	* and the request.data pointer is ignored.*/
	450
9aad8125 KH	451	payload = (unsigned long)request.data - client->vm_start;
	452	payload_end = payload + (client->buffer.page_count << PAGE_SHIFT);
	453	if (request.data == 0 \|\| client->buffer.pages == NULL \|\|
	454	payload >= payload_end) {
	455	payload = 0;
	456	payload_end = 0;
19a15b93 KH	457	}
	458
	459	if (!access_ok(VERIFY_READ, request.packets, request.size))
	460	return -EFAULT;
	461
	462	p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(request.packets);
	463	end = (void __user *)p + request.size;
	464	count = 0;
	465	while (p < end) {
	466	if (__copy_from_user(&u.packet, p, sizeof *p))
	467	return -EFAULT;
295e3feb	468
9b32d5f3	469	if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) {
295e3feb KH	470	header_length = u.packet.header_length;
	471	} else {
	472	/* We require that header_length is a multiple of
	473	* the fixed header size, ctx->header_size */
9b32d5f3 KH	474	if (ctx->header_size == 0) {
	475	if (u.packet.header_length > 0)
	476	return -EINVAL;
	477	} else if (u.packet.header_length % ctx->header_size != 0) {
295e3feb	478	return -EINVAL;
9b32d5f3	479	}
295e3feb KH	480	header_length = 0;
	481	}
	482
19a15b93	483	next = (struct fw_cdev_iso_packet __user *)
295e3feb	484	&p->header[header_length / 4];
19a15b93 KH	485	if (next > end)
	486	return -EINVAL;
	487	if (__copy_from_user
295e3feb	488	(u.packet.header, p->header, header_length))
19a15b93 KH	489	return -EFAULT;
	490	if (u.packet.skip &&
	491	u.packet.header_length + u.packet.payload_length > 0)
	492	return -EINVAL;
	493	if (payload + u.packet.payload_length > payload_end)
	494	return -EINVAL;
	495
9b32d5f3 KH	496	if (fw_iso_context_queue(ctx, &u.packet,
9b32d5f3 KH	497	&client->buffer, payload))
19a15b93 KH	498	break;
	499
	500	p = next;
	501	payload += u.packet.payload_length;
	502	count++;
	503	}
	504
	505	request.size -= uptr_to_u64(p) - request.packets;
	506	request.packets = uptr_to_u64(p);
9aad8125	507	request.data = client->vm_start + payload;
19a15b93 KH	508
	509	if (copy_to_user(arg, &request, sizeof request))
	510	return -EFAULT;
	511
	512	return count;
	513	}
	514
69cdb726	515	static int ioctl_start_iso(struct client client, void __user arg)
19a15b93	516	{
69cdb726	517	struct fw_cdev_start_iso request;
19a15b93 KH	518
	519	if (copy_from_user(&request, arg, sizeof request))
	520	return -EFAULT;
	521
69cdb726 KH	522	return fw_iso_context_start(client->iso_context, request.channel,
69cdb726 KH	523	request.speed, request.cycle);
19a15b93 KH	524	}
19a15b93 KH	525
b8295668 KH	526	static int ioctl_stop_iso(struct client client, void __user arg)
	527	{
	528	return fw_iso_context_stop(client->iso_context);
	529	}
	530
19a15b93 KH	531	static int
	532	dispatch_ioctl(struct client client, unsigned int cmd, void __user arg)
	533	{
	534	switch (cmd) {
	535	case FW_CDEV_IOC_GET_CONFIG_ROM:
	536	return ioctl_config_rom(client, arg);
	537	case FW_CDEV_IOC_SEND_REQUEST:
	538	return ioctl_send_request(client, arg);
	539	case FW_CDEV_IOC_ALLOCATE:
	540	return ioctl_allocate(client, arg);
	541	case FW_CDEV_IOC_SEND_RESPONSE:
	542	return ioctl_send_response(client, arg);
	543	case FW_CDEV_IOC_CREATE_ISO_CONTEXT:
	544	return ioctl_create_iso_context(client, arg);
	545	case FW_CDEV_IOC_QUEUE_ISO:
	546	return ioctl_queue_iso(client, arg);
69cdb726 KH	547	case FW_CDEV_IOC_START_ISO:
69cdb726 KH	548	return ioctl_start_iso(client, arg);
b8295668 KH	549	case FW_CDEV_IOC_STOP_ISO:
b8295668 KH	550	return ioctl_stop_iso(client, arg);
19a15b93 KH	551	default:
	552	return -EINVAL;
	553	}
	554	}
	555
	556	static long
	557	fw_device_op_ioctl(struct file *file,
	558	unsigned int cmd, unsigned long arg)
	559	{
	560	struct client *client = file->private_data;
	561
	562	return dispatch_ioctl(client, cmd, (void __user *) arg);
	563	}
	564
	565	#ifdef CONFIG_COMPAT
	566	static long
	567	fw_device_op_compat_ioctl(struct file *file,
	568	unsigned int cmd, unsigned long arg)
	569	{
	570	struct client *client = file->private_data;
	571
	572	return dispatch_ioctl(client, cmd, compat_ptr(arg));
	573	}
	574	#endif
	575
	576	static int fw_device_op_mmap(struct file file, struct vm_area_struct vma)
	577	{
	578	struct client *client = file->private_data;
9aad8125 KH	579	enum dma_data_direction direction;
	580	unsigned long size;
	581	int page_count, retval;
	582
	583	/* FIXME: We could support multiple buffers, but we don't. */
	584	if (client->buffer.pages != NULL)
	585	return -EBUSY;
	586
	587	if (!(vma->vm_flags & VM_SHARED))
	588	return -EINVAL;
19a15b93	589
9aad8125	590	if (vma->vm_start & ~PAGE_MASK)
19a15b93 KH	591	return -EINVAL;
	592
	593	client->vm_start = vma->vm_start;
9aad8125 KH	594	size = vma->vm_end - vma->vm_start;
	595	page_count = size >> PAGE_SHIFT;
	596	if (size & ~PAGE_MASK)
	597	return -EINVAL;
	598
	599	if (vma->vm_flags & VM_WRITE)
	600	direction = DMA_TO_DEVICE;
	601	else
	602	direction = DMA_FROM_DEVICE;
	603
	604	retval = fw_iso_buffer_init(&client->buffer, client->device->card,
	605	page_count, direction);
	606	if (retval < 0)
	607	return retval;
19a15b93	608
9aad8125 KH	609	retval = fw_iso_buffer_map(&client->buffer, vma);
	610	if (retval < 0)
	611	fw_iso_buffer_destroy(&client->buffer, client->device->card);
	612
	613	return retval;
19a15b93 KH	614	}
	615
	616	static int fw_device_op_release(struct inode inode, struct file file)
	617	{
	618	struct client *client = file->private_data;
	619	struct address_handler h, next;
	620	struct request r, next_r;
	621
9aad8125 KH	622	if (client->buffer.pages)
	623	fw_iso_buffer_destroy(&client->buffer, client->device->card);
	624
19a15b93 KH	625	if (client->iso_context)
	626	fw_iso_context_destroy(client->iso_context);
	627
	628	list_for_each_entry_safe(h, next, &client->handler_list, link) {
	629	fw_core_remove_address_handler(&h->handler);
	630	kfree(h);
	631	}
	632
	633	list_for_each_entry_safe(r, next_r, &client->request_list, link) {
	634	fw_send_response(client->device->card, r->request,
	635	RCODE_CONFLICT_ERROR);
	636	kfree(r);
	637	}
	638
	639	/* TODO: wait for all transactions to finish so
	640	* complete_transaction doesn't try to queue up responses
	641	* after we free client. */
	642	while (!list_empty(&client->event_list))
	643	dequeue_event(client, NULL, 0);
	644
	645	fw_device_put(client->device);
	646	kfree(client);
	647
	648	return 0;
	649	}
	650
	651	static unsigned int fw_device_op_poll(struct file file, poll_table pt)
	652	{
	653	struct client *client = file->private_data;
	654
	655	poll_wait(file, &client->wait, pt);
	656
	657	if (!list_empty(&client->event_list))
	658	return POLLIN \| POLLRDNORM;
	659	else
	660	return 0;
	661	}
	662
21ebcd12	663	const struct file_operations fw_device_ops = {
19a15b93 KH	664	.owner = THIS_MODULE,
	665	.open = fw_device_op_open,
	666	.read = fw_device_op_read,
	667	.unlocked_ioctl = fw_device_op_ioctl,
	668	.poll = fw_device_op_poll,
	669	.release = fw_device_op_release,
	670	.mmap = fw_device_op_mmap,
	671
	672	#ifdef CONFIG_COMPAT
5af4e5ea	673	.compat_ioctl = fw_device_op_compat_ioctl,
19a15b93 KH	674	#endif
19a15b93 KH	675	};