]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Char device for device raw access | |
3 | * | |
4 | * Copyright (C) 2005-2007 Kristian Hoegsberg <krh@bitplanet.net> | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published by | |
8 | * the Free Software Foundation; either version 2 of the License, or | |
9 | * (at your option) any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, write to the Free Software Foundation, | |
18 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
19 | */ | |
20 | ||
21 | #include <linux/module.h> | |
22 | #include <linux/kernel.h> | |
23 | #include <linux/wait.h> | |
24 | #include <linux/errno.h> | |
25 | #include <linux/device.h> | |
26 | #include <linux/vmalloc.h> | |
27 | #include <linux/mutex.h> | |
28 | #include <linux/poll.h> | |
29 | #include <linux/preempt.h> | |
30 | #include <linux/time.h> | |
31 | #include <linux/spinlock.h> | |
32 | #include <linux/delay.h> | |
33 | #include <linux/mm.h> | |
34 | #include <linux/idr.h> | |
35 | #include <linux/compat.h> | |
36 | #include <linux/firewire-cdev.h> | |
37 | #include <asm/system.h> | |
38 | #include <asm/uaccess.h> | |
39 | #include "fw-transaction.h" | |
40 | #include "fw-topology.h" | |
41 | #include "fw-device.h" | |
42 | ||
43 | struct client; | |
44 | struct client_resource; | |
45 | typedef void (*client_resource_release_fn_t)(struct client *, | |
46 | struct client_resource *); | |
47 | struct client_resource { | |
48 | client_resource_release_fn_t release; | |
49 | int handle; | |
50 | }; | |
51 | ||
52 | /* | |
53 | * dequeue_event() just kfree()'s the event, so the event has to be | |
54 | * the first field in the struct. | |
55 | */ | |
56 | ||
57 | struct event { | |
58 | struct { void *data; size_t size; } v[2]; | |
59 | struct list_head link; | |
60 | }; | |
61 | ||
62 | struct bus_reset { | |
63 | struct event event; | |
64 | struct fw_cdev_event_bus_reset reset; | |
65 | }; | |
66 | ||
67 | struct response { | |
68 | struct event event; | |
69 | struct fw_transaction transaction; | |
70 | struct client *client; | |
71 | struct client_resource resource; | |
72 | struct fw_cdev_event_response response; | |
73 | }; | |
74 | ||
75 | struct iso_interrupt { | |
76 | struct event event; | |
77 | struct fw_cdev_event_iso_interrupt interrupt; | |
78 | }; | |
79 | ||
80 | struct client { | |
81 | u32 version; | |
82 | struct fw_device *device; | |
83 | ||
84 | spinlock_t lock; | |
85 | bool in_shutdown; | |
86 | struct idr resource_idr; | |
87 | struct list_head event_list; | |
88 | wait_queue_head_t wait; | |
89 | u64 bus_reset_closure; | |
90 | ||
91 | struct fw_iso_context *iso_context; | |
92 | u64 iso_closure; | |
93 | struct fw_iso_buffer buffer; | |
94 | unsigned long vm_start; | |
95 | ||
96 | struct list_head link; | |
97 | }; | |
98 | ||
99 | static inline void __user *u64_to_uptr(__u64 value) | |
100 | { | |
101 | return (void __user *)(unsigned long)value; | |
102 | } | |
103 | ||
104 | static inline __u64 uptr_to_u64(void __user *ptr) | |
105 | { | |
106 | return (__u64)(unsigned long)ptr; | |
107 | } | |
108 | ||
109 | static int fw_device_op_open(struct inode *inode, struct file *file) | |
110 | { | |
111 | struct fw_device *device; | |
112 | struct client *client; | |
113 | ||
114 | device = fw_device_get_by_devt(inode->i_rdev); | |
115 | if (device == NULL) | |
116 | return -ENODEV; | |
117 | ||
118 | if (fw_device_is_shutdown(device)) { | |
119 | fw_device_put(device); | |
120 | return -ENODEV; | |
121 | } | |
122 | ||
123 | client = kzalloc(sizeof(*client), GFP_KERNEL); | |
124 | if (client == NULL) { | |
125 | fw_device_put(device); | |
126 | return -ENOMEM; | |
127 | } | |
128 | ||
129 | client->device = device; | |
130 | spin_lock_init(&client->lock); | |
131 | idr_init(&client->resource_idr); | |
132 | INIT_LIST_HEAD(&client->event_list); | |
133 | init_waitqueue_head(&client->wait); | |
134 | ||
135 | file->private_data = client; | |
136 | ||
137 | mutex_lock(&device->client_list_mutex); | |
138 | list_add_tail(&client->link, &device->client_list); | |
139 | mutex_unlock(&device->client_list_mutex); | |
140 | ||
141 | return 0; | |
142 | } | |
143 | ||
144 | static void queue_event(struct client *client, struct event *event, | |
145 | void *data0, size_t size0, void *data1, size_t size1) | |
146 | { | |
147 | unsigned long flags; | |
148 | ||
149 | event->v[0].data = data0; | |
150 | event->v[0].size = size0; | |
151 | event->v[1].data = data1; | |
152 | event->v[1].size = size1; | |
153 | ||
154 | spin_lock_irqsave(&client->lock, flags); | |
155 | if (client->in_shutdown) | |
156 | kfree(event); | |
157 | else | |
158 | list_add_tail(&event->link, &client->event_list); | |
159 | spin_unlock_irqrestore(&client->lock, flags); | |
160 | ||
161 | wake_up_interruptible(&client->wait); | |
162 | } | |
163 | ||
164 | static int dequeue_event(struct client *client, | |
165 | char __user *buffer, size_t count) | |
166 | { | |
167 | unsigned long flags; | |
168 | struct event *event; | |
169 | size_t size, total; | |
170 | int i, ret; | |
171 | ||
172 | ret = wait_event_interruptible(client->wait, | |
173 | !list_empty(&client->event_list) || | |
174 | fw_device_is_shutdown(client->device)); | |
175 | if (ret < 0) | |
176 | return ret; | |
177 | ||
178 | if (list_empty(&client->event_list) && | |
179 | fw_device_is_shutdown(client->device)) | |
180 | return -ENODEV; | |
181 | ||
182 | spin_lock_irqsave(&client->lock, flags); | |
183 | event = list_first_entry(&client->event_list, struct event, link); | |
184 | list_del(&event->link); | |
185 | spin_unlock_irqrestore(&client->lock, flags); | |
186 | ||
187 | total = 0; | |
188 | for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) { | |
189 | size = min(event->v[i].size, count - total); | |
190 | if (copy_to_user(buffer + total, event->v[i].data, size)) { | |
191 | ret = -EFAULT; | |
192 | goto out; | |
193 | } | |
194 | total += size; | |
195 | } | |
196 | ret = total; | |
197 | ||
198 | out: | |
199 | kfree(event); | |
200 | ||
201 | return ret; | |
202 | } | |
203 | ||
204 | static ssize_t fw_device_op_read(struct file *file, char __user *buffer, | |
205 | size_t count, loff_t *offset) | |
206 | { | |
207 | struct client *client = file->private_data; | |
208 | ||
209 | return dequeue_event(client, buffer, count); | |
210 | } | |
211 | ||
212 | static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event, | |
213 | struct client *client) | |
214 | { | |
215 | struct fw_card *card = client->device->card; | |
216 | unsigned long flags; | |
217 | ||
218 | spin_lock_irqsave(&card->lock, flags); | |
219 | ||
220 | event->closure = client->bus_reset_closure; | |
221 | event->type = FW_CDEV_EVENT_BUS_RESET; | |
222 | event->generation = client->device->generation; | |
223 | event->node_id = client->device->node_id; | |
224 | event->local_node_id = card->local_node->node_id; | |
225 | event->bm_node_id = 0; /* FIXME: We don't track the BM. */ | |
226 | event->irm_node_id = card->irm_node->node_id; | |
227 | event->root_node_id = card->root_node->node_id; | |
228 | ||
229 | spin_unlock_irqrestore(&card->lock, flags); | |
230 | } | |
231 | ||
232 | static void for_each_client(struct fw_device *device, | |
233 | void (*callback)(struct client *client)) | |
234 | { | |
235 | struct client *c; | |
236 | ||
237 | mutex_lock(&device->client_list_mutex); | |
238 | list_for_each_entry(c, &device->client_list, link) | |
239 | callback(c); | |
240 | mutex_unlock(&device->client_list_mutex); | |
241 | } | |
242 | ||
243 | static void queue_bus_reset_event(struct client *client) | |
244 | { | |
245 | struct bus_reset *bus_reset; | |
246 | ||
247 | bus_reset = kzalloc(sizeof(*bus_reset), GFP_KERNEL); | |
248 | if (bus_reset == NULL) { | |
249 | fw_notify("Out of memory when allocating bus reset event\n"); | |
250 | return; | |
251 | } | |
252 | ||
253 | fill_bus_reset_event(&bus_reset->reset, client); | |
254 | ||
255 | queue_event(client, &bus_reset->event, | |
256 | &bus_reset->reset, sizeof(bus_reset->reset), NULL, 0); | |
257 | } | |
258 | ||
259 | void fw_device_cdev_update(struct fw_device *device) | |
260 | { | |
261 | for_each_client(device, queue_bus_reset_event); | |
262 | } | |
263 | ||
264 | static void wake_up_client(struct client *client) | |
265 | { | |
266 | wake_up_interruptible(&client->wait); | |
267 | } | |
268 | ||
269 | void fw_device_cdev_remove(struct fw_device *device) | |
270 | { | |
271 | for_each_client(device, wake_up_client); | |
272 | } | |
273 | ||
274 | static int ioctl_get_info(struct client *client, void *buffer) | |
275 | { | |
276 | struct fw_cdev_get_info *get_info = buffer; | |
277 | struct fw_cdev_event_bus_reset bus_reset; | |
278 | unsigned long ret = 0; | |
279 | ||
280 | client->version = get_info->version; | |
281 | get_info->version = FW_CDEV_VERSION; | |
282 | get_info->card = client->device->card->index; | |
283 | ||
284 | down_read(&fw_device_rwsem); | |
285 | ||
286 | if (get_info->rom != 0) { | |
287 | void __user *uptr = u64_to_uptr(get_info->rom); | |
288 | size_t want = get_info->rom_length; | |
289 | size_t have = client->device->config_rom_length * 4; | |
290 | ||
291 | ret = copy_to_user(uptr, client->device->config_rom, | |
292 | min(want, have)); | |
293 | } | |
294 | get_info->rom_length = client->device->config_rom_length * 4; | |
295 | ||
296 | up_read(&fw_device_rwsem); | |
297 | ||
298 | if (ret != 0) | |
299 | return -EFAULT; | |
300 | ||
301 | client->bus_reset_closure = get_info->bus_reset_closure; | |
302 | if (get_info->bus_reset != 0) { | |
303 | void __user *uptr = u64_to_uptr(get_info->bus_reset); | |
304 | ||
305 | fill_bus_reset_event(&bus_reset, client); | |
306 | if (copy_to_user(uptr, &bus_reset, sizeof(bus_reset))) | |
307 | return -EFAULT; | |
308 | } | |
309 | ||
310 | return 0; | |
311 | } | |
312 | ||
313 | static int add_client_resource(struct client *client, | |
314 | struct client_resource *resource, gfp_t gfp_mask) | |
315 | { | |
316 | unsigned long flags; | |
317 | int ret; | |
318 | ||
319 | retry: | |
320 | if (idr_pre_get(&client->resource_idr, gfp_mask) == 0) | |
321 | return -ENOMEM; | |
322 | ||
323 | spin_lock_irqsave(&client->lock, flags); | |
324 | if (client->in_shutdown) | |
325 | ret = -ECANCELED; | |
326 | else | |
327 | ret = idr_get_new(&client->resource_idr, resource, | |
328 | &resource->handle); | |
329 | spin_unlock_irqrestore(&client->lock, flags); | |
330 | ||
331 | if (ret == -EAGAIN) | |
332 | goto retry; | |
333 | ||
334 | return ret < 0 ? ret : 0; | |
335 | } | |
336 | ||
337 | static int release_client_resource(struct client *client, u32 handle, | |
338 | client_resource_release_fn_t release, | |
339 | struct client_resource **resource) | |
340 | { | |
341 | struct client_resource *r; | |
342 | unsigned long flags; | |
343 | ||
344 | spin_lock_irqsave(&client->lock, flags); | |
345 | if (client->in_shutdown) | |
346 | r = NULL; | |
347 | else | |
348 | r = idr_find(&client->resource_idr, handle); | |
349 | if (r && r->release == release) | |
350 | idr_remove(&client->resource_idr, handle); | |
351 | spin_unlock_irqrestore(&client->lock, flags); | |
352 | ||
353 | if (!(r && r->release == release)) | |
354 | return -EINVAL; | |
355 | ||
356 | if (resource) | |
357 | *resource = r; | |
358 | else | |
359 | r->release(client, r); | |
360 | ||
361 | return 0; | |
362 | } | |
363 | ||
364 | static void release_transaction(struct client *client, | |
365 | struct client_resource *resource) | |
366 | { | |
367 | struct response *response = | |
368 | container_of(resource, struct response, resource); | |
369 | ||
370 | fw_cancel_transaction(client->device->card, &response->transaction); | |
371 | } | |
372 | ||
373 | static void complete_transaction(struct fw_card *card, int rcode, | |
374 | void *payload, size_t length, void *data) | |
375 | { | |
376 | struct response *response = data; | |
377 | struct client *client = response->client; | |
378 | unsigned long flags; | |
379 | struct fw_cdev_event_response *r = &response->response; | |
380 | ||
381 | if (length < r->length) | |
382 | r->length = length; | |
383 | if (rcode == RCODE_COMPLETE) | |
384 | memcpy(r->data, payload, r->length); | |
385 | ||
386 | spin_lock_irqsave(&client->lock, flags); | |
387 | /* | |
388 | * If called while in shutdown, the idr tree must be left untouched. | |
389 | * The idr handle will be removed later. | |
390 | */ | |
391 | if (!client->in_shutdown) | |
392 | idr_remove(&client->resource_idr, response->resource.handle); | |
393 | spin_unlock_irqrestore(&client->lock, flags); | |
394 | ||
395 | r->type = FW_CDEV_EVENT_RESPONSE; | |
396 | r->rcode = rcode; | |
397 | ||
398 | /* | |
399 | * In the case that sizeof(*r) doesn't align with the position of the | |
400 | * data, and the read is short, preserve an extra copy of the data | |
401 | * to stay compatible with a pre-2.6.27 bug. Since the bug is harmless | |
402 | * for short reads and some apps depended on it, this is both safe | |
403 | * and prudent for compatibility. | |
404 | */ | |
405 | if (r->length <= sizeof(*r) - offsetof(typeof(*r), data)) | |
406 | queue_event(client, &response->event, r, sizeof(*r), | |
407 | r->data, r->length); | |
408 | else | |
409 | queue_event(client, &response->event, r, sizeof(*r) + r->length, | |
410 | NULL, 0); | |
411 | } | |
412 | ||
413 | static int ioctl_send_request(struct client *client, void *buffer) | |
414 | { | |
415 | struct fw_device *device = client->device; | |
416 | struct fw_cdev_send_request *request = buffer; | |
417 | struct response *response; | |
418 | int ret; | |
419 | ||
420 | /* What is the biggest size we'll accept, really? */ | |
421 | if (request->length > 4096) | |
422 | return -EINVAL; | |
423 | ||
424 | response = kmalloc(sizeof(*response) + request->length, GFP_KERNEL); | |
425 | if (response == NULL) | |
426 | return -ENOMEM; | |
427 | ||
428 | response->client = client; | |
429 | response->response.length = request->length; | |
430 | response->response.closure = request->closure; | |
431 | ||
432 | if (request->data && | |
433 | copy_from_user(response->response.data, | |
434 | u64_to_uptr(request->data), request->length)) { | |
435 | ret = -EFAULT; | |
436 | goto failed; | |
437 | } | |
438 | ||
439 | switch (request->tcode) { | |
440 | case TCODE_WRITE_QUADLET_REQUEST: | |
441 | case TCODE_WRITE_BLOCK_REQUEST: | |
442 | case TCODE_READ_QUADLET_REQUEST: | |
443 | case TCODE_READ_BLOCK_REQUEST: | |
444 | case TCODE_LOCK_MASK_SWAP: | |
445 | case TCODE_LOCK_COMPARE_SWAP: | |
446 | case TCODE_LOCK_FETCH_ADD: | |
447 | case TCODE_LOCK_LITTLE_ADD: | |
448 | case TCODE_LOCK_BOUNDED_ADD: | |
449 | case TCODE_LOCK_WRAP_ADD: | |
450 | case TCODE_LOCK_VENDOR_DEPENDENT: | |
451 | break; | |
452 | default: | |
453 | ret = -EINVAL; | |
454 | goto failed; | |
455 | } | |
456 | ||
457 | response->resource.release = release_transaction; | |
458 | ret = add_client_resource(client, &response->resource, GFP_KERNEL); | |
459 | if (ret < 0) | |
460 | goto failed; | |
461 | ||
462 | fw_send_request(device->card, &response->transaction, | |
463 | request->tcode & 0x1f, | |
464 | device->node->node_id, | |
465 | request->generation, | |
466 | device->max_speed, | |
467 | request->offset, | |
468 | response->response.data, request->length, | |
469 | complete_transaction, response); | |
470 | ||
471 | if (request->data) | |
472 | return sizeof(request) + request->length; | |
473 | else | |
474 | return sizeof(request); | |
475 | failed: | |
476 | kfree(response); | |
477 | ||
478 | return ret; | |
479 | } | |
480 | ||
481 | struct address_handler { | |
482 | struct fw_address_handler handler; | |
483 | __u64 closure; | |
484 | struct client *client; | |
485 | struct client_resource resource; | |
486 | }; | |
487 | ||
488 | struct request { | |
489 | struct fw_request *request; | |
490 | void *data; | |
491 | size_t length; | |
492 | struct client_resource resource; | |
493 | }; | |
494 | ||
495 | struct request_event { | |
496 | struct event event; | |
497 | struct fw_cdev_event_request request; | |
498 | }; | |
499 | ||
500 | static void release_request(struct client *client, | |
501 | struct client_resource *resource) | |
502 | { | |
503 | struct request *request = | |
504 | container_of(resource, struct request, resource); | |
505 | ||
506 | fw_send_response(client->device->card, request->request, | |
507 | RCODE_CONFLICT_ERROR); | |
508 | kfree(request); | |
509 | } | |
510 | ||
511 | static void handle_request(struct fw_card *card, struct fw_request *r, | |
512 | int tcode, int destination, int source, | |
513 | int generation, int speed, | |
514 | unsigned long long offset, | |
515 | void *payload, size_t length, void *callback_data) | |
516 | { | |
517 | struct address_handler *handler = callback_data; | |
518 | struct request *request; | |
519 | struct request_event *e; | |
520 | struct client *client = handler->client; | |
521 | int ret; | |
522 | ||
523 | request = kmalloc(sizeof(*request), GFP_ATOMIC); | |
524 | e = kmalloc(sizeof(*e), GFP_ATOMIC); | |
525 | if (request == NULL || e == NULL) | |
526 | goto failed; | |
527 | ||
528 | request->request = r; | |
529 | request->data = payload; | |
530 | request->length = length; | |
531 | ||
532 | request->resource.release = release_request; | |
533 | ret = add_client_resource(client, &request->resource, GFP_ATOMIC); | |
534 | if (ret < 0) | |
535 | goto failed; | |
536 | ||
537 | e->request.type = FW_CDEV_EVENT_REQUEST; | |
538 | e->request.tcode = tcode; | |
539 | e->request.offset = offset; | |
540 | e->request.length = length; | |
541 | e->request.handle = request->resource.handle; | |
542 | e->request.closure = handler->closure; | |
543 | ||
544 | queue_event(client, &e->event, | |
545 | &e->request, sizeof(e->request), payload, length); | |
546 | return; | |
547 | ||
548 | failed: | |
549 | kfree(request); | |
550 | kfree(e); | |
551 | fw_send_response(card, r, RCODE_CONFLICT_ERROR); | |
552 | } | |
553 | ||
554 | static void release_address_handler(struct client *client, | |
555 | struct client_resource *resource) | |
556 | { | |
557 | struct address_handler *handler = | |
558 | container_of(resource, struct address_handler, resource); | |
559 | ||
560 | fw_core_remove_address_handler(&handler->handler); | |
561 | kfree(handler); | |
562 | } | |
563 | ||
564 | static int ioctl_allocate(struct client *client, void *buffer) | |
565 | { | |
566 | struct fw_cdev_allocate *request = buffer; | |
567 | struct address_handler *handler; | |
568 | struct fw_address_region region; | |
569 | int ret; | |
570 | ||
571 | handler = kmalloc(sizeof(*handler), GFP_KERNEL); | |
572 | if (handler == NULL) | |
573 | return -ENOMEM; | |
574 | ||
575 | region.start = request->offset; | |
576 | region.end = request->offset + request->length; | |
577 | handler->handler.length = request->length; | |
578 | handler->handler.address_callback = handle_request; | |
579 | handler->handler.callback_data = handler; | |
580 | handler->closure = request->closure; | |
581 | handler->client = client; | |
582 | ||
583 | ret = fw_core_add_address_handler(&handler->handler, ®ion); | |
584 | if (ret < 0) { | |
585 | kfree(handler); | |
586 | return ret; | |
587 | } | |
588 | ||
589 | handler->resource.release = release_address_handler; | |
590 | ret = add_client_resource(client, &handler->resource, GFP_KERNEL); | |
591 | if (ret < 0) { | |
592 | release_address_handler(client, &handler->resource); | |
593 | return ret; | |
594 | } | |
595 | request->handle = handler->resource.handle; | |
596 | ||
597 | return 0; | |
598 | } | |
599 | ||
600 | static int ioctl_deallocate(struct client *client, void *buffer) | |
601 | { | |
602 | struct fw_cdev_deallocate *request = buffer; | |
603 | ||
604 | return release_client_resource(client, request->handle, | |
605 | release_address_handler, NULL); | |
606 | } | |
607 | ||
608 | static int ioctl_send_response(struct client *client, void *buffer) | |
609 | { | |
610 | struct fw_cdev_send_response *request = buffer; | |
611 | struct client_resource *resource; | |
612 | struct request *r; | |
613 | ||
614 | if (release_client_resource(client, request->handle, | |
615 | release_request, &resource) < 0) | |
616 | return -EINVAL; | |
617 | ||
618 | r = container_of(resource, struct request, resource); | |
619 | if (request->length < r->length) | |
620 | r->length = request->length; | |
621 | if (copy_from_user(r->data, u64_to_uptr(request->data), r->length)) | |
622 | return -EFAULT; | |
623 | ||
624 | fw_send_response(client->device->card, r->request, request->rcode); | |
625 | kfree(r); | |
626 | ||
627 | return 0; | |
628 | } | |
629 | ||
630 | static int ioctl_initiate_bus_reset(struct client *client, void *buffer) | |
631 | { | |
632 | struct fw_cdev_initiate_bus_reset *request = buffer; | |
633 | int short_reset; | |
634 | ||
635 | short_reset = (request->type == FW_CDEV_SHORT_RESET); | |
636 | ||
637 | return fw_core_initiate_bus_reset(client->device->card, short_reset); | |
638 | } | |
639 | ||
640 | struct descriptor { | |
641 | struct fw_descriptor d; | |
642 | struct client_resource resource; | |
643 | u32 data[0]; | |
644 | }; | |
645 | ||
646 | static void release_descriptor(struct client *client, | |
647 | struct client_resource *resource) | |
648 | { | |
649 | struct descriptor *descriptor = | |
650 | container_of(resource, struct descriptor, resource); | |
651 | ||
652 | fw_core_remove_descriptor(&descriptor->d); | |
653 | kfree(descriptor); | |
654 | } | |
655 | ||
656 | static int ioctl_add_descriptor(struct client *client, void *buffer) | |
657 | { | |
658 | struct fw_cdev_add_descriptor *request = buffer; | |
659 | struct descriptor *descriptor; | |
660 | int ret; | |
661 | ||
662 | if (request->length > 256) | |
663 | return -EINVAL; | |
664 | ||
665 | descriptor = | |
666 | kmalloc(sizeof(*descriptor) + request->length * 4, GFP_KERNEL); | |
667 | if (descriptor == NULL) | |
668 | return -ENOMEM; | |
669 | ||
670 | if (copy_from_user(descriptor->data, | |
671 | u64_to_uptr(request->data), request->length * 4)) { | |
672 | ret = -EFAULT; | |
673 | goto failed; | |
674 | } | |
675 | ||
676 | descriptor->d.length = request->length; | |
677 | descriptor->d.immediate = request->immediate; | |
678 | descriptor->d.key = request->key; | |
679 | descriptor->d.data = descriptor->data; | |
680 | ||
681 | ret = fw_core_add_descriptor(&descriptor->d); | |
682 | if (ret < 0) | |
683 | goto failed; | |
684 | ||
685 | descriptor->resource.release = release_descriptor; | |
686 | ret = add_client_resource(client, &descriptor->resource, GFP_KERNEL); | |
687 | if (ret < 0) { | |
688 | fw_core_remove_descriptor(&descriptor->d); | |
689 | goto failed; | |
690 | } | |
691 | request->handle = descriptor->resource.handle; | |
692 | ||
693 | return 0; | |
694 | failed: | |
695 | kfree(descriptor); | |
696 | ||
697 | return ret; | |
698 | } | |
699 | ||
700 | static int ioctl_remove_descriptor(struct client *client, void *buffer) | |
701 | { | |
702 | struct fw_cdev_remove_descriptor *request = buffer; | |
703 | ||
704 | return release_client_resource(client, request->handle, | |
705 | release_descriptor, NULL); | |
706 | } | |
707 | ||
708 | static void iso_callback(struct fw_iso_context *context, u32 cycle, | |
709 | size_t header_length, void *header, void *data) | |
710 | { | |
711 | struct client *client = data; | |
712 | struct iso_interrupt *irq; | |
713 | ||
714 | irq = kzalloc(sizeof(*irq) + header_length, GFP_ATOMIC); | |
715 | if (irq == NULL) | |
716 | return; | |
717 | ||
718 | irq->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT; | |
719 | irq->interrupt.closure = client->iso_closure; | |
720 | irq->interrupt.cycle = cycle; | |
721 | irq->interrupt.header_length = header_length; | |
722 | memcpy(irq->interrupt.header, header, header_length); | |
723 | queue_event(client, &irq->event, &irq->interrupt, | |
724 | sizeof(irq->interrupt) + header_length, NULL, 0); | |
725 | } | |
726 | ||
727 | static int ioctl_create_iso_context(struct client *client, void *buffer) | |
728 | { | |
729 | struct fw_cdev_create_iso_context *request = buffer; | |
730 | struct fw_iso_context *context; | |
731 | ||
732 | /* We only support one context at this time. */ | |
733 | if (client->iso_context != NULL) | |
734 | return -EBUSY; | |
735 | ||
736 | if (request->channel > 63) | |
737 | return -EINVAL; | |
738 | ||
739 | switch (request->type) { | |
740 | case FW_ISO_CONTEXT_RECEIVE: | |
741 | if (request->header_size < 4 || (request->header_size & 3)) | |
742 | return -EINVAL; | |
743 | ||
744 | break; | |
745 | ||
746 | case FW_ISO_CONTEXT_TRANSMIT: | |
747 | if (request->speed > SCODE_3200) | |
748 | return -EINVAL; | |
749 | ||
750 | break; | |
751 | ||
752 | default: | |
753 | return -EINVAL; | |
754 | } | |
755 | ||
756 | context = fw_iso_context_create(client->device->card, | |
757 | request->type, | |
758 | request->channel, | |
759 | request->speed, | |
760 | request->header_size, | |
761 | iso_callback, client); | |
762 | if (IS_ERR(context)) | |
763 | return PTR_ERR(context); | |
764 | ||
765 | client->iso_closure = request->closure; | |
766 | client->iso_context = context; | |
767 | ||
768 | /* We only support one context at this time. */ | |
769 | request->handle = 0; | |
770 | ||
771 | return 0; | |
772 | } | |
773 | ||
774 | /* Macros for decoding the iso packet control header. */ | |
775 | #define GET_PAYLOAD_LENGTH(v) ((v) & 0xffff) | |
776 | #define GET_INTERRUPT(v) (((v) >> 16) & 0x01) | |
777 | #define GET_SKIP(v) (((v) >> 17) & 0x01) | |
778 | #define GET_TAG(v) (((v) >> 18) & 0x03) | |
779 | #define GET_SY(v) (((v) >> 20) & 0x0f) | |
780 | #define GET_HEADER_LENGTH(v) (((v) >> 24) & 0xff) | |
781 | ||
782 | static int ioctl_queue_iso(struct client *client, void *buffer) | |
783 | { | |
784 | struct fw_cdev_queue_iso *request = buffer; | |
785 | struct fw_cdev_iso_packet __user *p, *end, *next; | |
786 | struct fw_iso_context *ctx = client->iso_context; | |
787 | unsigned long payload, buffer_end, header_length; | |
788 | u32 control; | |
789 | int count; | |
790 | struct { | |
791 | struct fw_iso_packet packet; | |
792 | u8 header[256]; | |
793 | } u; | |
794 | ||
795 | if (ctx == NULL || request->handle != 0) | |
796 | return -EINVAL; | |
797 | ||
798 | /* | |
799 | * If the user passes a non-NULL data pointer, has mmap()'ed | |
800 | * the iso buffer, and the pointer points inside the buffer, | |
801 | * we setup the payload pointers accordingly. Otherwise we | |
802 | * set them both to 0, which will still let packets with | |
803 | * payload_length == 0 through. In other words, if no packets | |
804 | * use the indirect payload, the iso buffer need not be mapped | |
805 | * and the request->data pointer is ignored. | |
806 | */ | |
807 | ||
808 | payload = (unsigned long)request->data - client->vm_start; | |
809 | buffer_end = client->buffer.page_count << PAGE_SHIFT; | |
810 | if (request->data == 0 || client->buffer.pages == NULL || | |
811 | payload >= buffer_end) { | |
812 | payload = 0; | |
813 | buffer_end = 0; | |
814 | } | |
815 | ||
816 | p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(request->packets); | |
817 | ||
818 | if (!access_ok(VERIFY_READ, p, request->size)) | |
819 | return -EFAULT; | |
820 | ||
821 | end = (void __user *)p + request->size; | |
822 | count = 0; | |
823 | while (p < end) { | |
824 | if (get_user(control, &p->control)) | |
825 | return -EFAULT; | |
826 | u.packet.payload_length = GET_PAYLOAD_LENGTH(control); | |
827 | u.packet.interrupt = GET_INTERRUPT(control); | |
828 | u.packet.skip = GET_SKIP(control); | |
829 | u.packet.tag = GET_TAG(control); | |
830 | u.packet.sy = GET_SY(control); | |
831 | u.packet.header_length = GET_HEADER_LENGTH(control); | |
832 | ||
833 | if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) { | |
834 | header_length = u.packet.header_length; | |
835 | } else { | |
836 | /* | |
837 | * We require that header_length is a multiple of | |
838 | * the fixed header size, ctx->header_size. | |
839 | */ | |
840 | if (ctx->header_size == 0) { | |
841 | if (u.packet.header_length > 0) | |
842 | return -EINVAL; | |
843 | } else if (u.packet.header_length % ctx->header_size != 0) { | |
844 | return -EINVAL; | |
845 | } | |
846 | header_length = 0; | |
847 | } | |
848 | ||
849 | next = (struct fw_cdev_iso_packet __user *) | |
850 | &p->header[header_length / 4]; | |
851 | if (next > end) | |
852 | return -EINVAL; | |
853 | if (__copy_from_user | |
854 | (u.packet.header, p->header, header_length)) | |
855 | return -EFAULT; | |
856 | if (u.packet.skip && ctx->type == FW_ISO_CONTEXT_TRANSMIT && | |
857 | u.packet.header_length + u.packet.payload_length > 0) | |
858 | return -EINVAL; | |
859 | if (payload + u.packet.payload_length > buffer_end) | |
860 | return -EINVAL; | |
861 | ||
862 | if (fw_iso_context_queue(ctx, &u.packet, | |
863 | &client->buffer, payload)) | |
864 | break; | |
865 | ||
866 | p = next; | |
867 | payload += u.packet.payload_length; | |
868 | count++; | |
869 | } | |
870 | ||
871 | request->size -= uptr_to_u64(p) - request->packets; | |
872 | request->packets = uptr_to_u64(p); | |
873 | request->data = client->vm_start + payload; | |
874 | ||
875 | return count; | |
876 | } | |
877 | ||
878 | static int ioctl_start_iso(struct client *client, void *buffer) | |
879 | { | |
880 | struct fw_cdev_start_iso *request = buffer; | |
881 | ||
882 | if (client->iso_context == NULL || request->handle != 0) | |
883 | return -EINVAL; | |
884 | ||
885 | if (client->iso_context->type == FW_ISO_CONTEXT_RECEIVE) { | |
886 | if (request->tags == 0 || request->tags > 15) | |
887 | return -EINVAL; | |
888 | ||
889 | if (request->sync > 15) | |
890 | return -EINVAL; | |
891 | } | |
892 | ||
893 | return fw_iso_context_start(client->iso_context, request->cycle, | |
894 | request->sync, request->tags); | |
895 | } | |
896 | ||
897 | static int ioctl_stop_iso(struct client *client, void *buffer) | |
898 | { | |
899 | struct fw_cdev_stop_iso *request = buffer; | |
900 | ||
901 | if (client->iso_context == NULL || request->handle != 0) | |
902 | return -EINVAL; | |
903 | ||
904 | return fw_iso_context_stop(client->iso_context); | |
905 | } | |
906 | ||
907 | static int ioctl_get_cycle_timer(struct client *client, void *buffer) | |
908 | { | |
909 | struct fw_cdev_get_cycle_timer *request = buffer; | |
910 | struct fw_card *card = client->device->card; | |
911 | unsigned long long bus_time; | |
912 | struct timeval tv; | |
913 | unsigned long flags; | |
914 | ||
915 | preempt_disable(); | |
916 | local_irq_save(flags); | |
917 | ||
918 | bus_time = card->driver->get_bus_time(card); | |
919 | do_gettimeofday(&tv); | |
920 | ||
921 | local_irq_restore(flags); | |
922 | preempt_enable(); | |
923 | ||
924 | request->local_time = tv.tv_sec * 1000000ULL + tv.tv_usec; | |
925 | request->cycle_timer = bus_time & 0xffffffff; | |
926 | return 0; | |
927 | } | |
928 | ||
929 | static int (* const ioctl_handlers[])(struct client *client, void *buffer) = { | |
930 | ioctl_get_info, | |
931 | ioctl_send_request, | |
932 | ioctl_allocate, | |
933 | ioctl_deallocate, | |
934 | ioctl_send_response, | |
935 | ioctl_initiate_bus_reset, | |
936 | ioctl_add_descriptor, | |
937 | ioctl_remove_descriptor, | |
938 | ioctl_create_iso_context, | |
939 | ioctl_queue_iso, | |
940 | ioctl_start_iso, | |
941 | ioctl_stop_iso, | |
942 | ioctl_get_cycle_timer, | |
943 | }; | |
944 | ||
945 | static int dispatch_ioctl(struct client *client, | |
946 | unsigned int cmd, void __user *arg) | |
947 | { | |
948 | char buffer[256]; | |
949 | int ret; | |
950 | ||
951 | if (_IOC_TYPE(cmd) != '#' || | |
952 | _IOC_NR(cmd) >= ARRAY_SIZE(ioctl_handlers)) | |
953 | return -EINVAL; | |
954 | ||
955 | if (_IOC_DIR(cmd) & _IOC_WRITE) { | |
956 | if (_IOC_SIZE(cmd) > sizeof(buffer) || | |
957 | copy_from_user(buffer, arg, _IOC_SIZE(cmd))) | |
958 | return -EFAULT; | |
959 | } | |
960 | ||
961 | ret = ioctl_handlers[_IOC_NR(cmd)](client, buffer); | |
962 | if (ret < 0) | |
963 | return ret; | |
964 | ||
965 | if (_IOC_DIR(cmd) & _IOC_READ) { | |
966 | if (_IOC_SIZE(cmd) > sizeof(buffer) || | |
967 | copy_to_user(arg, buffer, _IOC_SIZE(cmd))) | |
968 | return -EFAULT; | |
969 | } | |
970 | ||
971 | return ret; | |
972 | } | |
973 | ||
974 | static long fw_device_op_ioctl(struct file *file, | |
975 | unsigned int cmd, unsigned long arg) | |
976 | { | |
977 | struct client *client = file->private_data; | |
978 | ||
979 | if (fw_device_is_shutdown(client->device)) | |
980 | return -ENODEV; | |
981 | ||
982 | return dispatch_ioctl(client, cmd, (void __user *) arg); | |
983 | } | |
984 | ||
985 | #ifdef CONFIG_COMPAT | |
986 | static long fw_device_op_compat_ioctl(struct file *file, | |
987 | unsigned int cmd, unsigned long arg) | |
988 | { | |
989 | struct client *client = file->private_data; | |
990 | ||
991 | if (fw_device_is_shutdown(client->device)) | |
992 | return -ENODEV; | |
993 | ||
994 | return dispatch_ioctl(client, cmd, compat_ptr(arg)); | |
995 | } | |
996 | #endif | |
997 | ||
998 | static int fw_device_op_mmap(struct file *file, struct vm_area_struct *vma) | |
999 | { | |
1000 | struct client *client = file->private_data; | |
1001 | enum dma_data_direction direction; | |
1002 | unsigned long size; | |
1003 | int page_count, ret; | |
1004 | ||
1005 | if (fw_device_is_shutdown(client->device)) | |
1006 | return -ENODEV; | |
1007 | ||
1008 | /* FIXME: We could support multiple buffers, but we don't. */ | |
1009 | if (client->buffer.pages != NULL) | |
1010 | return -EBUSY; | |
1011 | ||
1012 | if (!(vma->vm_flags & VM_SHARED)) | |
1013 | return -EINVAL; | |
1014 | ||
1015 | if (vma->vm_start & ~PAGE_MASK) | |
1016 | return -EINVAL; | |
1017 | ||
1018 | client->vm_start = vma->vm_start; | |
1019 | size = vma->vm_end - vma->vm_start; | |
1020 | page_count = size >> PAGE_SHIFT; | |
1021 | if (size & ~PAGE_MASK) | |
1022 | return -EINVAL; | |
1023 | ||
1024 | if (vma->vm_flags & VM_WRITE) | |
1025 | direction = DMA_TO_DEVICE; | |
1026 | else | |
1027 | direction = DMA_FROM_DEVICE; | |
1028 | ||
1029 | ret = fw_iso_buffer_init(&client->buffer, client->device->card, | |
1030 | page_count, direction); | |
1031 | if (ret < 0) | |
1032 | return ret; | |
1033 | ||
1034 | ret = fw_iso_buffer_map(&client->buffer, vma); | |
1035 | if (ret < 0) | |
1036 | fw_iso_buffer_destroy(&client->buffer, client->device->card); | |
1037 | ||
1038 | return ret; | |
1039 | } | |
1040 | ||
1041 | static int shutdown_resource(int id, void *p, void *data) | |
1042 | { | |
1043 | struct client_resource *r = p; | |
1044 | struct client *client = data; | |
1045 | ||
1046 | r->release(client, r); | |
1047 | ||
1048 | return 0; | |
1049 | } | |
1050 | ||
1051 | static int fw_device_op_release(struct inode *inode, struct file *file) | |
1052 | { | |
1053 | struct client *client = file->private_data; | |
1054 | struct event *e, *next_e; | |
1055 | unsigned long flags; | |
1056 | ||
1057 | mutex_lock(&client->device->client_list_mutex); | |
1058 | list_del(&client->link); | |
1059 | mutex_unlock(&client->device->client_list_mutex); | |
1060 | ||
1061 | if (client->buffer.pages) | |
1062 | fw_iso_buffer_destroy(&client->buffer, client->device->card); | |
1063 | ||
1064 | if (client->iso_context) | |
1065 | fw_iso_context_destroy(client->iso_context); | |
1066 | ||
1067 | /* Freeze client->resource_idr and client->event_list */ | |
1068 | spin_lock_irqsave(&client->lock, flags); | |
1069 | client->in_shutdown = true; | |
1070 | spin_unlock_irqrestore(&client->lock, flags); | |
1071 | ||
1072 | idr_for_each(&client->resource_idr, shutdown_resource, client); | |
1073 | idr_remove_all(&client->resource_idr); | |
1074 | idr_destroy(&client->resource_idr); | |
1075 | ||
1076 | list_for_each_entry_safe(e, next_e, &client->event_list, link) | |
1077 | kfree(e); | |
1078 | ||
1079 | /* | |
1080 | * FIXME: client should be reference-counted. It's extremely unlikely | |
1081 | * but there may still be transactions being completed at this point. | |
1082 | */ | |
1083 | fw_device_put(client->device); | |
1084 | kfree(client); | |
1085 | ||
1086 | return 0; | |
1087 | } | |
1088 | ||
1089 | static unsigned int fw_device_op_poll(struct file *file, poll_table * pt) | |
1090 | { | |
1091 | struct client *client = file->private_data; | |
1092 | unsigned int mask = 0; | |
1093 | ||
1094 | poll_wait(file, &client->wait, pt); | |
1095 | ||
1096 | if (fw_device_is_shutdown(client->device)) | |
1097 | mask |= POLLHUP | POLLERR; | |
1098 | if (!list_empty(&client->event_list)) | |
1099 | mask |= POLLIN | POLLRDNORM; | |
1100 | ||
1101 | return mask; | |
1102 | } | |
1103 | ||
1104 | const struct file_operations fw_device_ops = { | |
1105 | .owner = THIS_MODULE, | |
1106 | .open = fw_device_op_open, | |
1107 | .read = fw_device_op_read, | |
1108 | .unlocked_ioctl = fw_device_op_ioctl, | |
1109 | .poll = fw_device_op_poll, | |
1110 | .release = fw_device_op_release, | |
1111 | .mmap = fw_device_op_mmap, | |
1112 | ||
1113 | #ifdef CONFIG_COMPAT | |
1114 | .compat_ioctl = fw_device_op_compat_ioctl, | |
1115 | #endif | |
1116 | }; |