1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/compat.h>
22#include <linux/delay.h>
23#include <linux/device.h>
24#include <linux/errno.h>
25#include <linux/firewire.h>
26#include <linux/firewire-cdev.h>
27#include <linux/idr.h>
28#include <linux/jiffies.h>
29#include <linux/kernel.h>
30#include <linux/kref.h>
31#include <linux/mm.h>
32#include <linux/module.h>
33#include <linux/mutex.h>
34#include <linux/poll.h>
35#include <linux/preempt.h>
36#include <linux/sched.h>
37#include <linux/spinlock.h>
38#include <linux/time.h>
39#include <linux/uaccess.h>
40#include <linux/vmalloc.h>
41#include <linux/wait.h>
42#include <linux/workqueue.h>
43
44#include <asm/system.h>
45
46#include "core.h"
47
48struct client {
49 u32 version;
50 struct fw_device *device;
51
52 spinlock_t lock;
53 bool in_shutdown;
54 struct idr resource_idr;
55 struct list_head event_list;
56 wait_queue_head_t wait;
57 u64 bus_reset_closure;
58
59 struct fw_iso_context *iso_context;
60 u64 iso_closure;
61 struct fw_iso_buffer buffer;
62 unsigned long vm_start;
63
64 struct list_head link;
65 struct kref kref;
66};
67
68static inline void client_get(struct client *client)
69{
70 kref_get(&client->kref);
71}
72
73static void client_release(struct kref *kref)
74{
75 struct client *client = container_of(kref, struct client, kref);
76
77 fw_device_put(client->device);
78 kfree(client);
79}
80
81static void client_put(struct client *client)
82{
83 kref_put(&client->kref, client_release);
84}
85
86struct client_resource;
87typedef void (*client_resource_release_fn_t)(struct client *,
88 struct client_resource *);
89struct client_resource {
90 client_resource_release_fn_t release;
91 int handle;
92};
93
94struct address_handler_resource {
95 struct client_resource resource;
96 struct fw_address_handler handler;
97 __u64 closure;
98 struct client *client;
99};
100
101struct outbound_transaction_resource {
102 struct client_resource resource;
103 struct fw_transaction transaction;
104};
105
106struct inbound_transaction_resource {
107 struct client_resource resource;
108 struct fw_request *request;
109 void *data;
110 size_t length;
111};
112
113struct descriptor_resource {
114 struct client_resource resource;
115 struct fw_descriptor descriptor;
116 u32 data[0];
117};
118
119struct iso_resource {
120 struct client_resource resource;
121 struct client *client;
122
123 struct delayed_work work;
124 enum {ISO_RES_ALLOC, ISO_RES_REALLOC, ISO_RES_DEALLOC,
125 ISO_RES_ALLOC_ONCE, ISO_RES_DEALLOC_ONCE,} todo;
126 int generation;
127 u64 channels;
128 s32 bandwidth;
129 __be32 transaction_data[2];
130 struct iso_resource_event *e_alloc, *e_dealloc;
131};
132
133static void schedule_iso_resource(struct iso_resource *);
134static void release_iso_resource(struct client *, struct client_resource *);
135
136
137
138
139
140struct event {
141 struct { void *data; size_t size; } v[2];
142 struct list_head link;
143};
144
145struct bus_reset_event {
146 struct event event;
147 struct fw_cdev_event_bus_reset reset;
148};
149
150struct outbound_transaction_event {
151 struct event event;
152 struct client *client;
153 struct outbound_transaction_resource r;
154 struct fw_cdev_event_response response;
155};
156
157struct inbound_transaction_event {
158 struct event event;
159 struct fw_cdev_event_request request;
160};
161
162struct iso_interrupt_event {
163 struct event event;
164 struct fw_cdev_event_iso_interrupt interrupt;
165};
166
167struct iso_resource_event {
168 struct event event;
169 struct fw_cdev_event_iso_resource resource;
170};
171
172static inline void __user *u64_to_uptr(__u64 value)
173{
174 return (void __user *)(unsigned long)value;
175}
176
177static inline __u64 uptr_to_u64(void __user *ptr)
178{
179 return (__u64)(unsigned long)ptr;
180}
181
182static int fw_device_op_open(struct inode *inode, struct file *file)
183{
184 struct fw_device *device;
185 struct client *client;
186
187 device = fw_device_get_by_devt(inode->i_rdev);
188 if (device == NULL)
189 return -ENODEV;
190
191 if (fw_device_is_shutdown(device)) {
192 fw_device_put(device);
193 return -ENODEV;
194 }
195
196 client = kzalloc(sizeof(*client), GFP_KERNEL);
197 if (client == NULL) {
198 fw_device_put(device);
199 return -ENOMEM;
200 }
201
202 client->device = device;
203 spin_lock_init(&client->lock);
204 idr_init(&client->resource_idr);
205 INIT_LIST_HEAD(&client->event_list);
206 init_waitqueue_head(&client->wait);
207 kref_init(&client->kref);
208
209 file->private_data = client;
210
211 mutex_lock(&device->client_list_mutex);
212 list_add_tail(&client->link, &device->client_list);
213 mutex_unlock(&device->client_list_mutex);
214
215 return 0;
216}
217
218static void queue_event(struct client *client, struct event *event,
219 void *data0, size_t size0, void *data1, size_t size1)
220{
221 unsigned long flags;
222
223 event->v[0].data = data0;
224 event->v[0].size = size0;
225 event->v[1].data = data1;
226 event->v[1].size = size1;
227
228 spin_lock_irqsave(&client->lock, flags);
229 if (client->in_shutdown)
230 kfree(event);
231 else
232 list_add_tail(&event->link, &client->event_list);
233 spin_unlock_irqrestore(&client->lock, flags);
234
235 wake_up_interruptible(&client->wait);
236}
237
238static int dequeue_event(struct client *client,
239 char __user *buffer, size_t count)
240{
241 struct event *event;
242 size_t size, total;
243 int i, ret;
244
245 ret = wait_event_interruptible(client->wait,
246 !list_empty(&client->event_list) ||
247 fw_device_is_shutdown(client->device));
248 if (ret < 0)
249 return ret;
250
251 if (list_empty(&client->event_list) &&
252 fw_device_is_shutdown(client->device))
253 return -ENODEV;
254
255 spin_lock_irq(&client->lock);
256 event = list_first_entry(&client->event_list, struct event, link);
257 list_del(&event->link);
258 spin_unlock_irq(&client->lock);
259
260 total = 0;
261 for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) {
262 size = min(event->v[i].size, count - total);
263 if (copy_to_user(buffer + total, event->v[i].data, size)) {
264 ret = -EFAULT;
265 goto out;
266 }
267 total += size;
268 }
269 ret = total;
270
271 out:
272 kfree(event);
273
274 return ret;
275}
276
277static ssize_t fw_device_op_read(struct file *file, char __user *buffer,
278 size_t count, loff_t *offset)
279{
280 struct client *client = file->private_data;
281
282 return dequeue_event(client, buffer, count);
283}
284
285static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
286 struct client *client)
287{
288 struct fw_card *card = client->device->card;
289
290 spin_lock_irq(&card->lock);
291
292 event->closure = client->bus_reset_closure;
293 event->type = FW_CDEV_EVENT_BUS_RESET;
294 event->generation = client->device->generation;
295 event->node_id = client->device->node_id;
296 event->local_node_id = card->local_node->node_id;
297 event->bm_node_id = 0;
298 event->irm_node_id = card->irm_node->node_id;
299 event->root_node_id = card->root_node->node_id;
300
301 spin_unlock_irq(&card->lock);
302}
303
304static void for_each_client(struct fw_device *device,
305 void (*callback)(struct client *client))
306{
307 struct client *c;
308
309 mutex_lock(&device->client_list_mutex);
310 list_for_each_entry(c, &device->client_list, link)
311 callback(c);
312 mutex_unlock(&device->client_list_mutex);
313}
314
315static int schedule_reallocations(int id, void *p, void *data)
316{
317 struct client_resource *r = p;
318
319 if (r->release == release_iso_resource)
320 schedule_iso_resource(container_of(r,
321 struct iso_resource, resource));
322 return 0;
323}
324
325static void queue_bus_reset_event(struct client *client)
326{
327 struct bus_reset_event *e;
328
329 e = kzalloc(sizeof(*e), GFP_KERNEL);
330 if (e == NULL) {
331 fw_notify("Out of memory when allocating bus reset event\n");
332 return;
333 }
334
335 fill_bus_reset_event(&e->reset, client);
336
337 queue_event(client, &e->event,
338 &e->reset, sizeof(e->reset), NULL, 0);
339
340 spin_lock_irq(&client->lock);
341 idr_for_each(&client->resource_idr, schedule_reallocations, client);
342 spin_unlock_irq(&client->lock);
343}
344
345void fw_device_cdev_update(struct fw_device *device)
346{
347 for_each_client(device, queue_bus_reset_event);
348}
349
350static void wake_up_client(struct client *client)
351{
352 wake_up_interruptible(&client->wait);
353}
354
355void fw_device_cdev_remove(struct fw_device *device)
356{
357 for_each_client(device, wake_up_client);
358}
359
360static int ioctl_get_info(struct client *client, void *buffer)
361{
362 struct fw_cdev_get_info *get_info = buffer;
363 struct fw_cdev_event_bus_reset bus_reset;
364 unsigned long ret = 0;
365
366 client->version = get_info->version;
367 get_info->version = FW_CDEV_VERSION;
368 get_info->card = client->device->card->index;
369
370 down_read(&fw_device_rwsem);
371
372 if (get_info->rom != 0) {
373 void __user *uptr = u64_to_uptr(get_info->rom);
374 size_t want = get_info->rom_length;
375 size_t have = client->device->config_rom_length * 4;
376
377 ret = copy_to_user(uptr, client->device->config_rom,
378 min(want, have));
379 }
380 get_info->rom_length = client->device->config_rom_length * 4;
381
382 up_read(&fw_device_rwsem);
383
384 if (ret != 0)
385 return -EFAULT;
386
387 client->bus_reset_closure = get_info->bus_reset_closure;
388 if (get_info->bus_reset != 0) {
389 void __user *uptr = u64_to_uptr(get_info->bus_reset);
390
391 fill_bus_reset_event(&bus_reset, client);
392 if (copy_to_user(uptr, &bus_reset, sizeof(bus_reset)))
393 return -EFAULT;
394 }
395
396 return 0;
397}
398
399static int add_client_resource(struct client *client,
400 struct client_resource *resource, gfp_t gfp_mask)
401{
402 unsigned long flags;
403 int ret;
404
405 retry:
406 if (idr_pre_get(&client->resource_idr, gfp_mask) == 0)
407 return -ENOMEM;
408
409 spin_lock_irqsave(&client->lock, flags);
410 if (client->in_shutdown)
411 ret = -ECANCELED;
412 else
413 ret = idr_get_new(&client->resource_idr, resource,
414 &resource->handle);
415 if (ret >= 0) {
416 client_get(client);
417 if (resource->release == release_iso_resource)
418 schedule_iso_resource(container_of(resource,
419 struct iso_resource, resource));
420 }
421 spin_unlock_irqrestore(&client->lock, flags);
422
423 if (ret == -EAGAIN)
424 goto retry;
425
426 return ret < 0 ? ret : 0;
427}
428
429static int release_client_resource(struct client *client, u32 handle,
430 client_resource_release_fn_t release,
431 struct client_resource **resource)
432{
433 struct client_resource *r;
434
435 spin_lock_irq(&client->lock);
436 if (client->in_shutdown)
437 r = NULL;
438 else
439 r = idr_find(&client->resource_idr, handle);
440 if (r && r->release == release)
441 idr_remove(&client->resource_idr, handle);
442 spin_unlock_irq(&client->lock);
443
444 if (!(r && r->release == release))
445 return -EINVAL;
446
447 if (resource)
448 *resource = r;
449 else
450 r->release(client, r);
451
452 client_put(client);
453
454 return 0;
455}
456
457static void release_transaction(struct client *client,
458 struct client_resource *resource)
459{
460 struct outbound_transaction_resource *r = container_of(resource,
461 struct outbound_transaction_resource, resource);
462
463 fw_cancel_transaction(client->device->card, &r->transaction);
464}
465
466static void complete_transaction(struct fw_card *card, int rcode,
467 void *payload, size_t length, void *data)
468{
469 struct outbound_transaction_event *e = data;
470 struct fw_cdev_event_response *rsp = &e->response;
471 struct client *client = e->client;
472 unsigned long flags;
473
474 if (length < rsp->length)
475 rsp->length = length;
476 if (rcode == RCODE_COMPLETE)
477 memcpy(rsp->data, payload, rsp->length);
478
479 spin_lock_irqsave(&client->lock, flags);
480
481
482
483
484
485
486
487
488
489
490 if (!client->in_shutdown &&
491 idr_find(&client->resource_idr, e->r.resource.handle)) {
492 idr_remove(&client->resource_idr, e->r.resource.handle);
493
494 client_put(client);
495 }
496 spin_unlock_irqrestore(&client->lock, flags);
497
498 rsp->type = FW_CDEV_EVENT_RESPONSE;
499 rsp->rcode = rcode;
500
501
502
503
504
505
506
507
508 if (rsp->length <= sizeof(*rsp) - offsetof(typeof(*rsp), data))
509 queue_event(client, &e->event, rsp, sizeof(*rsp),
510 rsp->data, rsp->length);
511 else
512 queue_event(client, &e->event, rsp, sizeof(*rsp) + rsp->length,
513 NULL, 0);
514
515
516 client_put(client);
517}
518
519static int init_request(struct client *client,
520 struct fw_cdev_send_request *request,
521 int destination_id, int speed)
522{
523 struct outbound_transaction_event *e;
524 int ret;
525
526 if (request->tcode != TCODE_STREAM_DATA &&
527 (request->length > 4096 || request->length > 512 << speed))
528 return -EIO;
529
530 e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
531 if (e == NULL)
532 return -ENOMEM;
533
534 e->client = client;
535 e->response.length = request->length;
536 e->response.closure = request->closure;
537
538 if (request->data &&
539 copy_from_user(e->response.data,
540 u64_to_uptr(request->data), request->length)) {
541 ret = -EFAULT;
542 goto failed;
543 }
544
545 e->r.resource.release = release_transaction;
546 ret = add_client_resource(client, &e->r.resource, GFP_KERNEL);
547 if (ret < 0)
548 goto failed;
549
550
551 client_get(client);
552
553 fw_send_request(client->device->card, &e->r.transaction,
554 request->tcode, destination_id, request->generation,
555 speed, request->offset, e->response.data,
556 request->length, complete_transaction, e);
557 return 0;
558
559 failed:
560 kfree(e);
561
562 return ret;
563}
564
565static int ioctl_send_request(struct client *client, void *buffer)
566{
567 struct fw_cdev_send_request *request = buffer;
568
569 switch (request->tcode) {
570 case TCODE_WRITE_QUADLET_REQUEST:
571 case TCODE_WRITE_BLOCK_REQUEST:
572 case TCODE_READ_QUADLET_REQUEST:
573 case TCODE_READ_BLOCK_REQUEST:
574 case TCODE_LOCK_MASK_SWAP:
575 case TCODE_LOCK_COMPARE_SWAP:
576 case TCODE_LOCK_FETCH_ADD:
577 case TCODE_LOCK_LITTLE_ADD:
578 case TCODE_LOCK_BOUNDED_ADD:
579 case TCODE_LOCK_WRAP_ADD:
580 case TCODE_LOCK_VENDOR_DEPENDENT:
581 break;
582 default:
583 return -EINVAL;
584 }
585
586 return init_request(client, request, client->device->node_id,
587 client->device->max_speed);
588}
589
590static void release_request(struct client *client,
591 struct client_resource *resource)
592{
593 struct inbound_transaction_resource *r = container_of(resource,
594 struct inbound_transaction_resource, resource);
595
596 fw_send_response(client->device->card, r->request,
597 RCODE_CONFLICT_ERROR);
598 kfree(r);
599}
600
601static void handle_request(struct fw_card *card, struct fw_request *request,
602 int tcode, int destination, int source,
603 int generation, int speed,
604 unsigned long long offset,
605 void *payload, size_t length, void *callback_data)
606{
607 struct address_handler_resource *handler = callback_data;
608 struct inbound_transaction_resource *r;
609 struct inbound_transaction_event *e;
610 int ret;
611
612 r = kmalloc(sizeof(*r), GFP_ATOMIC);
613 e = kmalloc(sizeof(*e), GFP_ATOMIC);
614 if (r == NULL || e == NULL)
615 goto failed;
616
617 r->request = request;
618 r->data = payload;
619 r->length = length;
620
621 r->resource.release = release_request;
622 ret = add_client_resource(handler->client, &r->resource, GFP_ATOMIC);
623 if (ret < 0)
624 goto failed;
625
626 e->request.type = FW_CDEV_EVENT_REQUEST;
627 e->request.tcode = tcode;
628 e->request.offset = offset;
629 e->request.length = length;
630 e->request.handle = r->resource.handle;
631 e->request.closure = handler->closure;
632
633 queue_event(handler->client, &e->event,
634 &e->request, sizeof(e->request), payload, length);
635 return;
636
637 failed:
638 kfree(r);
639 kfree(e);
640 fw_send_response(card, request, RCODE_CONFLICT_ERROR);
641}
642
643static void release_address_handler(struct client *client,
644 struct client_resource *resource)
645{
646 struct address_handler_resource *r =
647 container_of(resource, struct address_handler_resource, resource);
648
649 fw_core_remove_address_handler(&r->handler);
650 kfree(r);
651}
652
653static int ioctl_allocate(struct client *client, void *buffer)
654{
655 struct fw_cdev_allocate *request = buffer;
656 struct address_handler_resource *r;
657 struct fw_address_region region;
658 int ret;
659
660 r = kmalloc(sizeof(*r), GFP_KERNEL);
661 if (r == NULL)
662 return -ENOMEM;
663
664 region.start = request->offset;
665 region.end = request->offset + request->length;
666 r->handler.length = request->length;
667 r->handler.address_callback = handle_request;
668 r->handler.callback_data = r;
669 r->closure = request->closure;
670 r->client = client;
671
672 ret = fw_core_add_address_handler(&r->handler, ®ion);
673 if (ret < 0) {
674 kfree(r);
675 return ret;
676 }
677
678 r->resource.release = release_address_handler;
679 ret = add_client_resource(client, &r->resource, GFP_KERNEL);
680 if (ret < 0) {
681 release_address_handler(client, &r->resource);
682 return ret;
683 }
684 request->handle = r->resource.handle;
685
686 return 0;
687}
688
689static int ioctl_deallocate(struct client *client, void *buffer)
690{
691 struct fw_cdev_deallocate *request = buffer;
692
693 return release_client_resource(client, request->handle,
694 release_address_handler, NULL);
695}
696
697static int ioctl_send_response(struct client *client, void *buffer)
698{
699 struct fw_cdev_send_response *request = buffer;
700 struct client_resource *resource;
701 struct inbound_transaction_resource *r;
702
703 if (release_client_resource(client, request->handle,
704 release_request, &resource) < 0)
705 return -EINVAL;
706
707 r = container_of(resource, struct inbound_transaction_resource,
708 resource);
709 if (request->length < r->length)
710 r->length = request->length;
711 if (copy_from_user(r->data, u64_to_uptr(request->data), r->length))
712 return -EFAULT;
713
714 fw_send_response(client->device->card, r->request, request->rcode);
715 kfree(r);
716
717 return 0;
718}
719
720static int ioctl_initiate_bus_reset(struct client *client, void *buffer)
721{
722 struct fw_cdev_initiate_bus_reset *request = buffer;
723 int short_reset;
724
725 short_reset = (request->type == FW_CDEV_SHORT_RESET);
726
727 return fw_core_initiate_bus_reset(client->device->card, short_reset);
728}
729
730static void release_descriptor(struct client *client,
731 struct client_resource *resource)
732{
733 struct descriptor_resource *r =
734 container_of(resource, struct descriptor_resource, resource);
735
736 fw_core_remove_descriptor(&r->descriptor);
737 kfree(r);
738}
739
740static int ioctl_add_descriptor(struct client *client, void *buffer)
741{
742 struct fw_cdev_add_descriptor *request = buffer;
743 struct descriptor_resource *r;
744 int ret;
745
746
747 if (!client->device->is_local)
748 return -ENOSYS;
749
750 if (request->length > 256)
751 return -EINVAL;
752
753 r = kmalloc(sizeof(*r) + request->length * 4, GFP_KERNEL);
754 if (r == NULL)
755 return -ENOMEM;
756
757 if (copy_from_user(r->data,
758 u64_to_uptr(request->data), request->length * 4)) {
759 ret = -EFAULT;
760 goto failed;
761 }
762
763 r->descriptor.length = request->length;
764 r->descriptor.immediate = request->immediate;
765 r->descriptor.key = request->key;
766 r->descriptor.data = r->data;
767
768 ret = fw_core_add_descriptor(&r->descriptor);
769 if (ret < 0)
770 goto failed;
771
772 r->resource.release = release_descriptor;
773 ret = add_client_resource(client, &r->resource, GFP_KERNEL);
774 if (ret < 0) {
775 fw_core_remove_descriptor(&r->descriptor);
776 goto failed;
777 }
778 request->handle = r->resource.handle;
779
780 return 0;
781 failed:
782 kfree(r);
783
784 return ret;
785}
786
787static int ioctl_remove_descriptor(struct client *client, void *buffer)
788{
789 struct fw_cdev_remove_descriptor *request = buffer;
790
791 return release_client_resource(client, request->handle,
792 release_descriptor, NULL);
793}
794
795static void iso_callback(struct fw_iso_context *context, u32 cycle,
796 size_t header_length, void *header, void *data)
797{
798 struct client *client = data;
799 struct iso_interrupt_event *e;
800
801 e = kzalloc(sizeof(*e) + header_length, GFP_ATOMIC);
802 if (e == NULL)
803 return;
804
805 e->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT;
806 e->interrupt.closure = client->iso_closure;
807 e->interrupt.cycle = cycle;
808 e->interrupt.header_length = header_length;
809 memcpy(e->interrupt.header, header, header_length);
810 queue_event(client, &e->event, &e->interrupt,
811 sizeof(e->interrupt) + header_length, NULL, 0);
812}
813
814static int ioctl_create_iso_context(struct client *client, void *buffer)
815{
816 struct fw_cdev_create_iso_context *request = buffer;
817 struct fw_iso_context *context;
818
819
820 if (client->iso_context != NULL)
821 return -EBUSY;
822
823 if (request->channel > 63)
824 return -EINVAL;
825
826 switch (request->type) {
827 case FW_ISO_CONTEXT_RECEIVE:
828 if (request->header_size < 4 || (request->header_size & 3))
829 return -EINVAL;
830
831 break;
832
833 case FW_ISO_CONTEXT_TRANSMIT:
834 if (request->speed > SCODE_3200)
835 return -EINVAL;
836
837 break;
838
839 default:
840 return -EINVAL;
841 }
842
843 context = fw_iso_context_create(client->device->card,
844 request->type,
845 request->channel,
846 request->speed,
847 request->header_size,
848 iso_callback, client);
849 if (IS_ERR(context))
850 return PTR_ERR(context);
851
852 client->iso_closure = request->closure;
853 client->iso_context = context;
854
855
856 request->handle = 0;
857
858 return 0;
859}
860
861
862#define GET_PAYLOAD_LENGTH(v) ((v) & 0xffff)
863#define GET_INTERRUPT(v) (((v) >> 16) & 0x01)
864#define GET_SKIP(v) (((v) >> 17) & 0x01)
865#define GET_TAG(v) (((v) >> 18) & 0x03)
866#define GET_SY(v) (((v) >> 20) & 0x0f)
867#define GET_HEADER_LENGTH(v) (((v) >> 24) & 0xff)
868
869static int ioctl_queue_iso(struct client *client, void *buffer)
870{
871 struct fw_cdev_queue_iso *request = buffer;
872 struct fw_cdev_iso_packet __user *p, *end, *next;
873 struct fw_iso_context *ctx = client->iso_context;
874 unsigned long payload, buffer_end, header_length;
875 u32 control;
876 int count;
877 struct {
878 struct fw_iso_packet packet;
879 u8 header[256];
880 } u;
881
882 if (ctx == NULL || request->handle != 0)
883 return -EINVAL;
884
885
886
887
888
889
890
891
892
893
894
895 payload = (unsigned long)request->data - client->vm_start;
896 buffer_end = client->buffer.page_count << PAGE_SHIFT;
897 if (request->data == 0 || client->buffer.pages == NULL ||
898 payload >= buffer_end) {
899 payload = 0;
900 buffer_end = 0;
901 }
902
903 p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(request->packets);
904
905 if (!access_ok(VERIFY_READ, p, request->size))
906 return -EFAULT;
907
908 end = (void __user *)p + request->size;
909 count = 0;
910 while (p < end) {
911 if (get_user(control, &p->control))
912 return -EFAULT;
913 u.packet.payload_length = GET_PAYLOAD_LENGTH(control);
914 u.packet.interrupt = GET_INTERRUPT(control);
915 u.packet.skip = GET_SKIP(control);
916 u.packet.tag = GET_TAG(control);
917 u.packet.sy = GET_SY(control);
918 u.packet.header_length = GET_HEADER_LENGTH(control);
919
920 if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) {
921 header_length = u.packet.header_length;
922 } else {
923
924
925
926
927 if (ctx->header_size == 0) {
928 if (u.packet.header_length > 0)
929 return -EINVAL;
930 } else if (u.packet.header_length % ctx->header_size != 0) {
931 return -EINVAL;
932 }
933 header_length = 0;
934 }
935
936 next = (struct fw_cdev_iso_packet __user *)
937 &p->header[header_length / 4];
938 if (next > end)
939 return -EINVAL;
940 if (__copy_from_user
941 (u.packet.header, p->header, header_length))
942 return -EFAULT;
943 if (u.packet.skip && ctx->type == FW_ISO_CONTEXT_TRANSMIT &&
944 u.packet.header_length + u.packet.payload_length > 0)
945 return -EINVAL;
946 if (payload + u.packet.payload_length > buffer_end)
947 return -EINVAL;
948
949 if (fw_iso_context_queue(ctx, &u.packet,
950 &client->buffer, payload))
951 break;
952
953 p = next;
954 payload += u.packet.payload_length;
955 count++;
956 }
957
958 request->size -= uptr_to_u64(p) - request->packets;
959 request->packets = uptr_to_u64(p);
960 request->data = client->vm_start + payload;
961
962 return count;
963}
964
965static int ioctl_start_iso(struct client *client, void *buffer)
966{
967 struct fw_cdev_start_iso *request = buffer;
968
969 if (client->iso_context == NULL || request->handle != 0)
970 return -EINVAL;
971
972 if (client->iso_context->type == FW_ISO_CONTEXT_RECEIVE) {
973 if (request->tags == 0 || request->tags > 15)
974 return -EINVAL;
975
976 if (request->sync > 15)
977 return -EINVAL;
978 }
979
980 return fw_iso_context_start(client->iso_context, request->cycle,
981 request->sync, request->tags);
982}
983
984static int ioctl_stop_iso(struct client *client, void *buffer)
985{
986 struct fw_cdev_stop_iso *request = buffer;
987
988 if (client->iso_context == NULL || request->handle != 0)
989 return -EINVAL;
990
991 return fw_iso_context_stop(client->iso_context);
992}
993
994static int ioctl_get_cycle_timer(struct client *client, void *buffer)
995{
996 struct fw_cdev_get_cycle_timer *request = buffer;
997 struct fw_card *card = client->device->card;
998 unsigned long long bus_time;
999 struct timeval tv;
1000 unsigned long flags;
1001
1002 preempt_disable();
1003 local_irq_save(flags);
1004
1005 bus_time = card->driver->get_bus_time(card);
1006 do_gettimeofday(&tv);
1007
1008 local_irq_restore(flags);
1009 preempt_enable();
1010
1011 request->local_time = tv.tv_sec * 1000000ULL + tv.tv_usec;
1012 request->cycle_timer = bus_time & 0xffffffff;
1013 return 0;
1014}
1015
1016static void iso_resource_work(struct work_struct *work)
1017{
1018 struct iso_resource_event *e;
1019 struct iso_resource *r =
1020 container_of(work, struct iso_resource, work.work);
1021 struct client *client = r->client;
1022 int generation, channel, bandwidth, todo;
1023 bool skip, free, success;
1024
1025 spin_lock_irq(&client->lock);
1026 generation = client->device->generation;
1027 todo = r->todo;
1028
1029 if (todo == ISO_RES_ALLOC &&
1030 time_is_after_jiffies(client->device->card->reset_jiffies + HZ)) {
1031 if (schedule_delayed_work(&r->work, DIV_ROUND_UP(HZ, 3)))
1032 client_get(client);
1033 skip = true;
1034 } else {
1035
1036 skip = todo == ISO_RES_REALLOC &&
1037 r->generation == generation;
1038 }
1039 free = todo == ISO_RES_DEALLOC ||
1040 todo == ISO_RES_ALLOC_ONCE ||
1041 todo == ISO_RES_DEALLOC_ONCE;
1042 r->generation = generation;
1043 spin_unlock_irq(&client->lock);
1044
1045 if (skip)
1046 goto out;
1047
1048 bandwidth = r->bandwidth;
1049
1050 fw_iso_resource_manage(client->device->card, generation,
1051 r->channels, &channel, &bandwidth,
1052 todo == ISO_RES_ALLOC ||
1053 todo == ISO_RES_REALLOC ||
1054 todo == ISO_RES_ALLOC_ONCE,
1055 r->transaction_data);
1056
1057
1058
1059
1060
1061 if (channel == -EAGAIN &&
1062 (todo == ISO_RES_ALLOC || todo == ISO_RES_REALLOC))
1063 goto out;
1064
1065 success = channel >= 0 || bandwidth > 0;
1066
1067 spin_lock_irq(&client->lock);
1068
1069
1070
1071
1072 if (r->todo == ISO_RES_ALLOC)
1073 r->todo = ISO_RES_REALLOC;
1074
1075
1076
1077
1078 if (r->todo == ISO_RES_REALLOC && !success &&
1079 !client->in_shutdown &&
1080 idr_find(&client->resource_idr, r->resource.handle)) {
1081 idr_remove(&client->resource_idr, r->resource.handle);
1082 client_put(client);
1083 free = true;
1084 }
1085 spin_unlock_irq(&client->lock);
1086
1087 if (todo == ISO_RES_ALLOC && channel >= 0)
1088 r->channels = 1ULL << channel;
1089
1090 if (todo == ISO_RES_REALLOC && success)
1091 goto out;
1092
1093 if (todo == ISO_RES_ALLOC || todo == ISO_RES_ALLOC_ONCE) {
1094 e = r->e_alloc;
1095 r->e_alloc = NULL;
1096 } else {
1097 e = r->e_dealloc;
1098 r->e_dealloc = NULL;
1099 }
1100 e->resource.handle = r->resource.handle;
1101 e->resource.channel = channel;
1102 e->resource.bandwidth = bandwidth;
1103
1104 queue_event(client, &e->event,
1105 &e->resource, sizeof(e->resource), NULL, 0);
1106
1107 if (free) {
1108 cancel_delayed_work(&r->work);
1109 kfree(r->e_alloc);
1110 kfree(r->e_dealloc);
1111 kfree(r);
1112 }
1113 out:
1114 client_put(client);
1115}
1116
1117static void schedule_iso_resource(struct iso_resource *r)
1118{
1119 client_get(r->client);
1120 if (!schedule_delayed_work(&r->work, 0))
1121 client_put(r->client);
1122}
1123
1124static void release_iso_resource(struct client *client,
1125 struct client_resource *resource)
1126{
1127 struct iso_resource *r =
1128 container_of(resource, struct iso_resource, resource);
1129
1130 spin_lock_irq(&client->lock);
1131 r->todo = ISO_RES_DEALLOC;
1132 schedule_iso_resource(r);
1133 spin_unlock_irq(&client->lock);
1134}
1135
1136static int init_iso_resource(struct client *client,
1137 struct fw_cdev_allocate_iso_resource *request, int todo)
1138{
1139 struct iso_resource_event *e1, *e2;
1140 struct iso_resource *r;
1141 int ret;
1142
1143 if ((request->channels == 0 && request->bandwidth == 0) ||
1144 request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL ||
1145 request->bandwidth < 0)
1146 return -EINVAL;
1147
1148 r = kmalloc(sizeof(*r), GFP_KERNEL);
1149 e1 = kmalloc(sizeof(*e1), GFP_KERNEL);
1150 e2 = kmalloc(sizeof(*e2), GFP_KERNEL);
1151 if (r == NULL || e1 == NULL || e2 == NULL) {
1152 ret = -ENOMEM;
1153 goto fail;
1154 }
1155
1156 INIT_DELAYED_WORK(&r->work, iso_resource_work);
1157 r->client = client;
1158 r->todo = todo;
1159 r->generation = -1;
1160 r->channels = request->channels;
1161 r->bandwidth = request->bandwidth;
1162 r->e_alloc = e1;
1163 r->e_dealloc = e2;
1164
1165 e1->resource.closure = request->closure;
1166 e1->resource.type = FW_CDEV_EVENT_ISO_RESOURCE_ALLOCATED;
1167 e2->resource.closure = request->closure;
1168 e2->resource.type = FW_CDEV_EVENT_ISO_RESOURCE_DEALLOCATED;
1169
1170 if (todo == ISO_RES_ALLOC) {
1171 r->resource.release = release_iso_resource;
1172 ret = add_client_resource(client, &r->resource, GFP_KERNEL);
1173 if (ret < 0)
1174 goto fail;
1175 } else {
1176 r->resource.release = NULL;
1177 r->resource.handle = -1;
1178 schedule_iso_resource(r);
1179 }
1180 request->handle = r->resource.handle;
1181
1182 return 0;
1183 fail:
1184 kfree(r);
1185 kfree(e1);
1186 kfree(e2);
1187
1188 return ret;
1189}
1190
1191static int ioctl_allocate_iso_resource(struct client *client, void *buffer)
1192{
1193 struct fw_cdev_allocate_iso_resource *request = buffer;
1194
1195 return init_iso_resource(client, request, ISO_RES_ALLOC);
1196}
1197
1198static int ioctl_deallocate_iso_resource(struct client *client, void *buffer)
1199{
1200 struct fw_cdev_deallocate *request = buffer;
1201
1202 return release_client_resource(client, request->handle,
1203 release_iso_resource, NULL);
1204}
1205
1206static int ioctl_allocate_iso_resource_once(struct client *client, void *buffer)
1207{
1208 struct fw_cdev_allocate_iso_resource *request = buffer;
1209
1210 return init_iso_resource(client, request, ISO_RES_ALLOC_ONCE);
1211}
1212
1213static int ioctl_deallocate_iso_resource_once(struct client *client, void *buffer)
1214{
1215 struct fw_cdev_allocate_iso_resource *request = buffer;
1216
1217 return init_iso_resource(client, request, ISO_RES_DEALLOC_ONCE);
1218}
1219
1220
1221
1222
1223
1224
1225static int ioctl_get_speed(struct client *client, void *buffer)
1226{
1227 return client->device->max_speed;
1228}
1229
1230static int ioctl_send_broadcast_request(struct client *client, void *buffer)
1231{
1232 struct fw_cdev_send_request *request = buffer;
1233
1234 switch (request->tcode) {
1235 case TCODE_WRITE_QUADLET_REQUEST:
1236 case TCODE_WRITE_BLOCK_REQUEST:
1237 break;
1238 default:
1239 return -EINVAL;
1240 }
1241
1242
1243 if (request->offset < CSR_REGISTER_BASE + CSR_CONFIG_ROM_END)
1244 return -EACCES;
1245
1246 return init_request(client, request, LOCAL_BUS | 0x3f, SCODE_100);
1247}
1248
1249static int ioctl_send_stream_packet(struct client *client, void *buffer)
1250{
1251 struct fw_cdev_send_stream_packet *p = buffer;
1252 struct fw_cdev_send_request request;
1253 int dest;
1254
1255 if (p->speed > client->device->card->link_speed ||
1256 p->length > 1024 << p->speed)
1257 return -EIO;
1258
1259 if (p->tag > 3 || p->channel > 63 || p->sy > 15)
1260 return -EINVAL;
1261
1262 dest = fw_stream_packet_destination_id(p->tag, p->channel, p->sy);
1263 request.tcode = TCODE_STREAM_DATA;
1264 request.length = p->length;
1265 request.closure = p->closure;
1266 request.data = p->data;
1267 request.generation = p->generation;
1268
1269 return init_request(client, &request, dest, p->speed);
1270}
1271
1272static int (* const ioctl_handlers[])(struct client *client, void *buffer) = {
1273 ioctl_get_info,
1274 ioctl_send_request,
1275 ioctl_allocate,
1276 ioctl_deallocate,
1277 ioctl_send_response,
1278 ioctl_initiate_bus_reset,
1279 ioctl_add_descriptor,
1280 ioctl_remove_descriptor,
1281 ioctl_create_iso_context,
1282 ioctl_queue_iso,
1283 ioctl_start_iso,
1284 ioctl_stop_iso,
1285 ioctl_get_cycle_timer,
1286 ioctl_allocate_iso_resource,
1287 ioctl_deallocate_iso_resource,
1288 ioctl_allocate_iso_resource_once,
1289 ioctl_deallocate_iso_resource_once,
1290 ioctl_get_speed,
1291 ioctl_send_broadcast_request,
1292 ioctl_send_stream_packet,
1293};
1294
1295static int dispatch_ioctl(struct client *client,
1296 unsigned int cmd, void __user *arg)
1297{
1298 char buffer[256];
1299 int ret;
1300
1301 if (_IOC_TYPE(cmd) != '#' ||
1302 _IOC_NR(cmd) >= ARRAY_SIZE(ioctl_handlers))
1303 return -EINVAL;
1304
1305 if (_IOC_DIR(cmd) & _IOC_WRITE) {
1306 if (_IOC_SIZE(cmd) > sizeof(buffer) ||
1307 copy_from_user(buffer, arg, _IOC_SIZE(cmd)))
1308 return -EFAULT;
1309 }
1310
1311 ret = ioctl_handlers[_IOC_NR(cmd)](client, buffer);
1312 if (ret < 0)
1313 return ret;
1314
1315 if (_IOC_DIR(cmd) & _IOC_READ) {
1316 if (_IOC_SIZE(cmd) > sizeof(buffer) ||
1317 copy_to_user(arg, buffer, _IOC_SIZE(cmd)))
1318 return -EFAULT;
1319 }
1320
1321 return ret;
1322}
1323
1324static long fw_device_op_ioctl(struct file *file,
1325 unsigned int cmd, unsigned long arg)
1326{
1327 struct client *client = file->private_data;
1328
1329 if (fw_device_is_shutdown(client->device))
1330 return -ENODEV;
1331
1332 return dispatch_ioctl(client, cmd, (void __user *) arg);
1333}
1334
1335#ifdef CONFIG_COMPAT
1336static long fw_device_op_compat_ioctl(struct file *file,
1337 unsigned int cmd, unsigned long arg)
1338{
1339 struct client *client = file->private_data;
1340
1341 if (fw_device_is_shutdown(client->device))
1342 return -ENODEV;
1343
1344 return dispatch_ioctl(client, cmd, compat_ptr(arg));
1345}
1346#endif
1347
1348static int fw_device_op_mmap(struct file *file, struct vm_area_struct *vma)
1349{
1350 struct client *client = file->private_data;
1351 enum dma_data_direction direction;
1352 unsigned long size;
1353 int page_count, ret;
1354
1355 if (fw_device_is_shutdown(client->device))
1356 return -ENODEV;
1357
1358
1359 if (client->buffer.pages != NULL)
1360 return -EBUSY;
1361
1362 if (!(vma->vm_flags & VM_SHARED))
1363 return -EINVAL;
1364
1365 if (vma->vm_start & ~PAGE_MASK)
1366 return -EINVAL;
1367
1368 client->vm_start = vma->vm_start;
1369 size = vma->vm_end - vma->vm_start;
1370 page_count = size >> PAGE_SHIFT;
1371 if (size & ~PAGE_MASK)
1372 return -EINVAL;
1373
1374 if (vma->vm_flags & VM_WRITE)
1375 direction = DMA_TO_DEVICE;
1376 else
1377 direction = DMA_FROM_DEVICE;
1378
1379 ret = fw_iso_buffer_init(&client->buffer, client->device->card,
1380 page_count, direction);
1381 if (ret < 0)
1382 return ret;
1383
1384 ret = fw_iso_buffer_map(&client->buffer, vma);
1385 if (ret < 0)
1386 fw_iso_buffer_destroy(&client->buffer, client->device->card);
1387
1388 return ret;
1389}
1390
1391static int shutdown_resource(int id, void *p, void *data)
1392{
1393 struct client_resource *r = p;
1394 struct client *client = data;
1395
1396 r->release(client, r);
1397 client_put(client);
1398
1399 return 0;
1400}
1401
1402static int fw_device_op_release(struct inode *inode, struct file *file)
1403{
1404 struct client *client = file->private_data;
1405 struct event *e, *next_e;
1406
1407 mutex_lock(&client->device->client_list_mutex);
1408 list_del(&client->link);
1409 mutex_unlock(&client->device->client_list_mutex);
1410
1411 if (client->iso_context)
1412 fw_iso_context_destroy(client->iso_context);
1413
1414 if (client->buffer.pages)
1415 fw_iso_buffer_destroy(&client->buffer, client->device->card);
1416
1417
1418 spin_lock_irq(&client->lock);
1419 client->in_shutdown = true;
1420 spin_unlock_irq(&client->lock);
1421
1422 idr_for_each(&client->resource_idr, shutdown_resource, client);
1423 idr_remove_all(&client->resource_idr);
1424 idr_destroy(&client->resource_idr);
1425
1426 list_for_each_entry_safe(e, next_e, &client->event_list, link)
1427 kfree(e);
1428
1429 client_put(client);
1430
1431 return 0;
1432}
1433
1434static unsigned int fw_device_op_poll(struct file *file, poll_table * pt)
1435{
1436 struct client *client = file->private_data;
1437 unsigned int mask = 0;
1438
1439 poll_wait(file, &client->wait, pt);
1440
1441 if (fw_device_is_shutdown(client->device))
1442 mask |= POLLHUP | POLLERR;
1443 if (!list_empty(&client->event_list))
1444 mask |= POLLIN | POLLRDNORM;
1445
1446 return mask;
1447}
1448
1449const struct file_operations fw_device_ops = {
1450 .owner = THIS_MODULE,
1451 .open = fw_device_op_open,
1452 .read = fw_device_op_read,
1453 .unlocked_ioctl = fw_device_op_ioctl,
1454 .poll = fw_device_op_poll,
1455 .release = fw_device_op_release,
1456 .mmap = fw_device_op_mmap,
1457
1458#ifdef CONFIG_COMPAT
1459 .compat_ioctl = fw_device_op_compat_ioctl,
1460#endif
1461};
1462
