]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/media/dvb-core/dvb_ca_en50221.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
[mirror_ubuntu-bionic-kernel.git] / drivers / media / dvb-core / dvb_ca_en50221.c
1 /*
2 * dvb_ca.c: generic DVB functions for EN50221 CAM interfaces
3 *
4 * Copyright (C) 2004 Andrew de Quincey
5 *
6 * Parts of this file were based on sources as follows:
7 *
8 * Copyright (C) 2003 Ralph Metzler <rjkm@metzlerbros.de>
9 *
10 * based on code:
11 *
12 * Copyright (C) 1999-2002 Ralph Metzler
13 * & Marcus Metzler for convergence integrated media GmbH
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 * To obtain the license, point your browser to
25 * http://www.gnu.org/copyleft/gpl.html
26 */
27
28 #define pr_fmt(fmt) "dvb_ca_en50221: " fmt
29
30 #include <linux/errno.h>
31 #include <linux/slab.h>
32 #include <linux/list.h>
33 #include <linux/module.h>
34 #include <linux/nospec.h>
35 #include <linux/vmalloc.h>
36 #include <linux/delay.h>
37 #include <linux/spinlock.h>
38 #include <linux/sched/signal.h>
39 #include <linux/kthread.h>
40
41 #include "dvb_ca_en50221.h"
42 #include "dvb_ringbuffer.h"
43
44 static int dvb_ca_en50221_debug;
45
46 module_param_named(cam_debug, dvb_ca_en50221_debug, int, 0644);
47 MODULE_PARM_DESC(cam_debug, "enable verbose debug messages");
48
49 #define dprintk(fmt, arg...) do { \
50 if (dvb_ca_en50221_debug) \
51 printk(KERN_DEBUG pr_fmt("%s: " fmt), __func__, ##arg);\
52 } while (0)
53
54 #define INIT_TIMEOUT_SECS 10
55
56 #define HOST_LINK_BUF_SIZE 0x200
57
58 #define RX_BUFFER_SIZE 65535
59
60 #define MAX_RX_PACKETS_PER_ITERATION 10
61
62 #define CTRLIF_DATA 0
63 #define CTRLIF_COMMAND 1
64 #define CTRLIF_STATUS 1
65 #define CTRLIF_SIZE_LOW 2
66 #define CTRLIF_SIZE_HIGH 3
67
68 #define CMDREG_HC 1 /* Host control */
69 #define CMDREG_SW 2 /* Size write */
70 #define CMDREG_SR 4 /* Size read */
71 #define CMDREG_RS 8 /* Reset interface */
72 #define CMDREG_FRIE 0x40 /* Enable FR interrupt */
73 #define CMDREG_DAIE 0x80 /* Enable DA interrupt */
74 #define IRQEN (CMDREG_DAIE)
75
76 #define STATUSREG_RE 1 /* read error */
77 #define STATUSREG_WE 2 /* write error */
78 #define STATUSREG_FR 0x40 /* module free */
79 #define STATUSREG_DA 0x80 /* data available */
80
81 #define DVB_CA_SLOTSTATE_NONE 0
82 #define DVB_CA_SLOTSTATE_UNINITIALISED 1
83 #define DVB_CA_SLOTSTATE_RUNNING 2
84 #define DVB_CA_SLOTSTATE_INVALID 3
85 #define DVB_CA_SLOTSTATE_WAITREADY 4
86 #define DVB_CA_SLOTSTATE_VALIDATE 5
87 #define DVB_CA_SLOTSTATE_WAITFR 6
88 #define DVB_CA_SLOTSTATE_LINKINIT 7
89
90 /* Information on a CA slot */
91 struct dvb_ca_slot {
92 /* current state of the CAM */
93 int slot_state;
94
95 /* mutex used for serializing access to one CI slot */
96 struct mutex slot_lock;
97
98 /* Number of CAMCHANGES that have occurred since last processing */
99 atomic_t camchange_count;
100
101 /* Type of last CAMCHANGE */
102 int camchange_type;
103
104 /* base address of CAM config */
105 u32 config_base;
106
107 /* value to write into Config Control register */
108 u8 config_option;
109
110 /* if 1, the CAM supports DA IRQs */
111 u8 da_irq_supported:1;
112
113 /* size of the buffer to use when talking to the CAM */
114 int link_buf_size;
115
116 /* buffer for incoming packets */
117 struct dvb_ringbuffer rx_buffer;
118
119 /* timer used during various states of the slot */
120 unsigned long timeout;
121 };
122
123 /* Private CA-interface information */
124 struct dvb_ca_private {
125 struct kref refcount;
126
127 /* pointer back to the public data structure */
128 struct dvb_ca_en50221 *pub;
129
130 /* the DVB device */
131 struct dvb_device *dvbdev;
132
133 /* Flags describing the interface (DVB_CA_FLAG_*) */
134 u32 flags;
135
136 /* number of slots supported by this CA interface */
137 unsigned int slot_count;
138
139 /* information on each slot */
140 struct dvb_ca_slot *slot_info;
141
142 /* wait queues for read() and write() operations */
143 wait_queue_head_t wait_queue;
144
145 /* PID of the monitoring thread */
146 struct task_struct *thread;
147
148 /* Flag indicating if the CA device is open */
149 unsigned int open:1;
150
151 /* Flag indicating the thread should wake up now */
152 unsigned int wakeup:1;
153
154 /* Delay the main thread should use */
155 unsigned long delay;
156
157 /*
158 * Slot to start looking for data to read from in the next user-space
159 * read operation
160 */
161 int next_read_slot;
162
163 /* mutex serializing ioctls */
164 struct mutex ioctl_mutex;
165 };
166
167 static void dvb_ca_private_free(struct dvb_ca_private *ca)
168 {
169 unsigned int i;
170
171 dvb_free_device(ca->dvbdev);
172 for (i = 0; i < ca->slot_count; i++)
173 vfree(ca->slot_info[i].rx_buffer.data);
174
175 kfree(ca->slot_info);
176 kfree(ca);
177 }
178
179 static void dvb_ca_private_release(struct kref *ref)
180 {
181 struct dvb_ca_private *ca;
182
183 ca = container_of(ref, struct dvb_ca_private, refcount);
184 dvb_ca_private_free(ca);
185 }
186
187 static void dvb_ca_private_get(struct dvb_ca_private *ca)
188 {
189 kref_get(&ca->refcount);
190 }
191
192 static void dvb_ca_private_put(struct dvb_ca_private *ca)
193 {
194 kref_put(&ca->refcount, dvb_ca_private_release);
195 }
196
197 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca);
198 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
199 u8 *ebuf, int ecount);
200 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
201 u8 *ebuf, int ecount);
202
203 /**
204 * Safely find needle in haystack.
205 *
206 * @haystack: Buffer to look in.
207 * @hlen: Number of bytes in haystack.
208 * @needle: Buffer to find.
209 * @nlen: Number of bytes in needle.
210 * return: Pointer into haystack needle was found at, or NULL if not found.
211 */
212 static char *findstr(char *haystack, int hlen, char *needle, int nlen)
213 {
214 int i;
215
216 if (hlen < nlen)
217 return NULL;
218
219 for (i = 0; i <= hlen - nlen; i++) {
220 if (!strncmp(haystack + i, needle, nlen))
221 return haystack + i;
222 }
223
224 return NULL;
225 }
226
227 /* ************************************************************************** */
228 /* EN50221 physical interface functions */
229
230 /*
231 * dvb_ca_en50221_check_camstatus - Check CAM status.
232 */
233 static int dvb_ca_en50221_check_camstatus(struct dvb_ca_private *ca, int slot)
234 {
235 struct dvb_ca_slot *sl = &ca->slot_info[slot];
236 int slot_status;
237 int cam_present_now;
238 int cam_changed;
239
240 /* IRQ mode */
241 if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
242 return (atomic_read(&sl->camchange_count) != 0);
243
244 /* poll mode */
245 slot_status = ca->pub->poll_slot_status(ca->pub, slot, ca->open);
246
247 cam_present_now = (slot_status & DVB_CA_EN50221_POLL_CAM_PRESENT) ? 1 : 0;
248 cam_changed = (slot_status & DVB_CA_EN50221_POLL_CAM_CHANGED) ? 1 : 0;
249 if (!cam_changed) {
250 int cam_present_old = (sl->slot_state != DVB_CA_SLOTSTATE_NONE);
251
252 cam_changed = (cam_present_now != cam_present_old);
253 }
254
255 if (cam_changed) {
256 if (!cam_present_now)
257 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
258 else
259 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_INSERTED;
260 atomic_set(&sl->camchange_count, 1);
261 } else {
262 if ((sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) &&
263 (slot_status & DVB_CA_EN50221_POLL_CAM_READY)) {
264 /* move to validate state if reset is completed */
265 sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
266 }
267 }
268
269 return cam_changed;
270 }
271
272 /**
273 * dvb_ca_en50221_wait_if_status - Wait for flags to become set on the STATUS
274 * register on a CAM interface, checking for errors and timeout.
275 *
276 * @ca: CA instance.
277 * @slot: Slot on interface.
278 * @waitfor: Flags to wait for.
279 * @timeout_hz: Timeout in milliseconds.
280 *
281 * return: 0 on success, nonzero on error.
282 */
283 static int dvb_ca_en50221_wait_if_status(struct dvb_ca_private *ca, int slot,
284 u8 waitfor, int timeout_hz)
285 {
286 unsigned long timeout;
287 unsigned long start;
288
289 dprintk("%s\n", __func__);
290
291 /* loop until timeout elapsed */
292 start = jiffies;
293 timeout = jiffies + timeout_hz;
294 while (1) {
295 int res;
296
297 /* read the status and check for error */
298 res = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
299 if (res < 0)
300 return -EIO;
301
302 /* if we got the flags, it was successful! */
303 if (res & waitfor) {
304 dprintk("%s succeeded timeout:%lu\n",
305 __func__, jiffies - start);
306 return 0;
307 }
308
309 /* check for timeout */
310 if (time_after(jiffies, timeout))
311 break;
312
313 /* wait for a bit */
314 usleep_range(1000, 1100);
315 }
316
317 dprintk("%s failed timeout:%lu\n", __func__, jiffies - start);
318
319 /* if we get here, we've timed out */
320 return -ETIMEDOUT;
321 }
322
323 /**
324 * dvb_ca_en50221_link_init - Initialise the link layer connection to a CAM.
325 *
326 * @ca: CA instance.
327 * @slot: Slot id.
328 *
329 * return: 0 on success, nonzero on failure.
330 */
331 static int dvb_ca_en50221_link_init(struct dvb_ca_private *ca, int slot)
332 {
333 struct dvb_ca_slot *sl = &ca->slot_info[slot];
334 int ret;
335 int buf_size;
336 u8 buf[2];
337
338 dprintk("%s\n", __func__);
339
340 /* we'll be determining these during this function */
341 sl->da_irq_supported = 0;
342
343 /*
344 * set the host link buffer size temporarily. it will be overwritten
345 * with the real negotiated size later.
346 */
347 sl->link_buf_size = 2;
348
349 /* read the buffer size from the CAM */
350 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
351 IRQEN | CMDREG_SR);
352 if (ret)
353 return ret;
354 ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_DA, HZ);
355 if (ret)
356 return ret;
357 ret = dvb_ca_en50221_read_data(ca, slot, buf, 2);
358 if (ret != 2)
359 return -EIO;
360 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
361 if (ret)
362 return ret;
363
364 /*
365 * store it, and choose the minimum of our buffer and the CAM's buffer
366 * size
367 */
368 buf_size = (buf[0] << 8) | buf[1];
369 if (buf_size > HOST_LINK_BUF_SIZE)
370 buf_size = HOST_LINK_BUF_SIZE;
371 sl->link_buf_size = buf_size;
372 buf[0] = buf_size >> 8;
373 buf[1] = buf_size & 0xff;
374 dprintk("Chosen link buffer size of %i\n", buf_size);
375
376 /* write the buffer size to the CAM */
377 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
378 IRQEN | CMDREG_SW);
379 if (ret)
380 return ret;
381 ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_FR, HZ / 10);
382 if (ret)
383 return ret;
384 ret = dvb_ca_en50221_write_data(ca, slot, buf, 2);
385 if (ret != 2)
386 return -EIO;
387 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
388 if (ret)
389 return ret;
390
391 /* success */
392 return 0;
393 }
394
395 /**
396 * dvb_ca_en50221_read_tuple - Read a tuple from attribute memory.
397 *
398 * @ca: CA instance.
399 * @slot: Slot id.
400 * @address: Address to read from. Updated.
401 * @tuple_type: Tuple id byte. Updated.
402 * @tuple_length: Tuple length. Updated.
403 * @tuple: Dest buffer for tuple (must be 256 bytes). Updated.
404 *
405 * return: 0 on success, nonzero on error.
406 */
407 static int dvb_ca_en50221_read_tuple(struct dvb_ca_private *ca, int slot,
408 int *address, int *tuple_type,
409 int *tuple_length, u8 *tuple)
410 {
411 int i;
412 int _tuple_type;
413 int _tuple_length;
414 int _address = *address;
415
416 /* grab the next tuple length and type */
417 _tuple_type = ca->pub->read_attribute_mem(ca->pub, slot, _address);
418 if (_tuple_type < 0)
419 return _tuple_type;
420 if (_tuple_type == 0xff) {
421 dprintk("END OF CHAIN TUPLE type:0x%x\n", _tuple_type);
422 *address += 2;
423 *tuple_type = _tuple_type;
424 *tuple_length = 0;
425 return 0;
426 }
427 _tuple_length = ca->pub->read_attribute_mem(ca->pub, slot,
428 _address + 2);
429 if (_tuple_length < 0)
430 return _tuple_length;
431 _address += 4;
432
433 dprintk("TUPLE type:0x%x length:%i\n", _tuple_type, _tuple_length);
434
435 /* read in the whole tuple */
436 for (i = 0; i < _tuple_length; i++) {
437 tuple[i] = ca->pub->read_attribute_mem(ca->pub, slot,
438 _address + (i * 2));
439 dprintk(" 0x%02x: 0x%02x %c\n",
440 i, tuple[i] & 0xff,
441 ((tuple[i] > 31) && (tuple[i] < 127)) ? tuple[i] : '.');
442 }
443 _address += (_tuple_length * 2);
444
445 /* success */
446 *tuple_type = _tuple_type;
447 *tuple_length = _tuple_length;
448 *address = _address;
449 return 0;
450 }
451
452 /**
453 * dvb_ca_en50221_parse_attributes - Parse attribute memory of a CAM module,
454 * extracting Config register, and checking it is a DVB CAM module.
455 *
456 * @ca: CA instance.
457 * @slot: Slot id.
458 *
459 * return: 0 on success, <0 on failure.
460 */
461 static int dvb_ca_en50221_parse_attributes(struct dvb_ca_private *ca, int slot)
462 {
463 struct dvb_ca_slot *sl;
464 int address = 0;
465 int tuple_length;
466 int tuple_type;
467 u8 tuple[257];
468 char *dvb_str;
469 int rasz;
470 int status;
471 int got_cftableentry = 0;
472 int end_chain = 0;
473 int i;
474 u16 manfid = 0;
475 u16 devid = 0;
476
477 /* CISTPL_DEVICE_0A */
478 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
479 &tuple_length, tuple);
480 if (status < 0)
481 return status;
482 if (tuple_type != 0x1D)
483 return -EINVAL;
484
485 /* CISTPL_DEVICE_0C */
486 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
487 &tuple_length, tuple);
488 if (status < 0)
489 return status;
490 if (tuple_type != 0x1C)
491 return -EINVAL;
492
493 /* CISTPL_VERS_1 */
494 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
495 &tuple_length, tuple);
496 if (status < 0)
497 return status;
498 if (tuple_type != 0x15)
499 return -EINVAL;
500
501 /* CISTPL_MANFID */
502 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
503 &tuple_length, tuple);
504 if (status < 0)
505 return status;
506 if (tuple_type != 0x20)
507 return -EINVAL;
508 if (tuple_length != 4)
509 return -EINVAL;
510 manfid = (tuple[1] << 8) | tuple[0];
511 devid = (tuple[3] << 8) | tuple[2];
512
513 /* CISTPL_CONFIG */
514 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
515 &tuple_length, tuple);
516 if (status < 0)
517 return status;
518 if (tuple_type != 0x1A)
519 return -EINVAL;
520 if (tuple_length < 3)
521 return -EINVAL;
522
523 /* extract the configbase */
524 rasz = tuple[0] & 3;
525 if (tuple_length < (3 + rasz + 14))
526 return -EINVAL;
527 sl = &ca->slot_info[slot];
528 sl->config_base = 0;
529 for (i = 0; i < rasz + 1; i++)
530 sl->config_base |= (tuple[2 + i] << (8 * i));
531
532 /* check it contains the correct DVB string */
533 dvb_str = findstr((char *)tuple, tuple_length, "DVB_CI_V", 8);
534 if (!dvb_str)
535 return -EINVAL;
536 if (tuple_length < ((dvb_str - (char *)tuple) + 12))
537 return -EINVAL;
538
539 /* is it a version we support? */
540 if (strncmp(dvb_str + 8, "1.00", 4)) {
541 pr_err("dvb_ca adapter %d: Unsupported DVB CAM module version %c%c%c%c\n",
542 ca->dvbdev->adapter->num, dvb_str[8], dvb_str[9],
543 dvb_str[10], dvb_str[11]);
544 return -EINVAL;
545 }
546
547 /* process the CFTABLE_ENTRY tuples, and any after those */
548 while ((!end_chain) && (address < 0x1000)) {
549 status = dvb_ca_en50221_read_tuple(ca, slot, &address,
550 &tuple_type, &tuple_length,
551 tuple);
552 if (status < 0)
553 return status;
554 switch (tuple_type) {
555 case 0x1B: /* CISTPL_CFTABLE_ENTRY */
556 if (tuple_length < (2 + 11 + 17))
557 break;
558
559 /* if we've already parsed one, just use it */
560 if (got_cftableentry)
561 break;
562
563 /* get the config option */
564 sl->config_option = tuple[0] & 0x3f;
565
566 /* OK, check it contains the correct strings */
567 if (!findstr((char *)tuple, tuple_length,
568 "DVB_HOST", 8) ||
569 !findstr((char *)tuple, tuple_length,
570 "DVB_CI_MODULE", 13))
571 break;
572
573 got_cftableentry = 1;
574 break;
575
576 case 0x14: /* CISTPL_NO_LINK */
577 break;
578
579 case 0xFF: /* CISTPL_END */
580 end_chain = 1;
581 break;
582
583 default: /* Unknown tuple type - just skip this tuple */
584 dprintk("dvb_ca: Skipping unknown tuple type:0x%x length:0x%x\n",
585 tuple_type, tuple_length);
586 break;
587 }
588 }
589
590 if ((address > 0x1000) || (!got_cftableentry))
591 return -EINVAL;
592
593 dprintk("Valid DVB CAM detected MANID:%x DEVID:%x CONFIGBASE:0x%x CONFIGOPTION:0x%x\n",
594 manfid, devid, sl->config_base, sl->config_option);
595
596 /* success! */
597 return 0;
598 }
599
600 /**
601 * dvb_ca_en50221_set_configoption - Set CAM's configoption correctly.
602 *
603 * @ca: CA instance.
604 * @slot: Slot containing the CAM.
605 */
606 static int dvb_ca_en50221_set_configoption(struct dvb_ca_private *ca, int slot)
607 {
608 struct dvb_ca_slot *sl = &ca->slot_info[slot];
609 int configoption;
610
611 dprintk("%s\n", __func__);
612
613 /* set the config option */
614 ca->pub->write_attribute_mem(ca->pub, slot, sl->config_base,
615 sl->config_option);
616
617 /* check it */
618 configoption = ca->pub->read_attribute_mem(ca->pub, slot,
619 sl->config_base);
620 dprintk("Set configoption 0x%x, read configoption 0x%x\n",
621 sl->config_option, configoption & 0x3f);
622
623 /* fine! */
624 return 0;
625 }
626
627 /**
628 * dvb_ca_en50221_read_data - This function talks to an EN50221 CAM control
629 * interface. It reads a buffer of data from the CAM. The data can either
630 * be stored in a supplied buffer, or automatically be added to the slot's
631 * rx_buffer.
632 *
633 * @ca: CA instance.
634 * @slot: Slot to read from.
635 * @ebuf: If non-NULL, the data will be written to this buffer. If NULL,
636 * the data will be added into the buffering system as a normal
637 * fragment.
638 * @ecount: Size of ebuf. Ignored if ebuf is NULL.
639 *
640 * return: Number of bytes read, or < 0 on error
641 */
642 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
643 u8 *ebuf, int ecount)
644 {
645 struct dvb_ca_slot *sl = &ca->slot_info[slot];
646 int bytes_read;
647 int status;
648 u8 buf[HOST_LINK_BUF_SIZE];
649 int i;
650
651 dprintk("%s\n", __func__);
652
653 /* check if we have space for a link buf in the rx_buffer */
654 if (!ebuf) {
655 int buf_free;
656
657 if (!sl->rx_buffer.data) {
658 status = -EIO;
659 goto exit;
660 }
661 buf_free = dvb_ringbuffer_free(&sl->rx_buffer);
662
663 if (buf_free < (sl->link_buf_size +
664 DVB_RINGBUFFER_PKTHDRSIZE)) {
665 status = -EAGAIN;
666 goto exit;
667 }
668 }
669
670 if (ca->pub->read_data &&
671 (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT)) {
672 if (!ebuf)
673 status = ca->pub->read_data(ca->pub, slot, buf,
674 sizeof(buf));
675 else
676 status = ca->pub->read_data(ca->pub, slot, buf, ecount);
677 if (status < 0)
678 return status;
679 bytes_read = status;
680 if (status == 0)
681 goto exit;
682 } else {
683 /* check if there is data available */
684 status = ca->pub->read_cam_control(ca->pub, slot,
685 CTRLIF_STATUS);
686 if (status < 0)
687 goto exit;
688 if (!(status & STATUSREG_DA)) {
689 /* no data */
690 status = 0;
691 goto exit;
692 }
693
694 /* read the amount of data */
695 status = ca->pub->read_cam_control(ca->pub, slot,
696 CTRLIF_SIZE_HIGH);
697 if (status < 0)
698 goto exit;
699 bytes_read = status << 8;
700 status = ca->pub->read_cam_control(ca->pub, slot,
701 CTRLIF_SIZE_LOW);
702 if (status < 0)
703 goto exit;
704 bytes_read |= status;
705
706 /* check it will fit */
707 if (!ebuf) {
708 if (bytes_read > sl->link_buf_size) {
709 pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the link buffer size (%i > %i)!\n",
710 ca->dvbdev->adapter->num, bytes_read,
711 sl->link_buf_size);
712 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
713 status = -EIO;
714 goto exit;
715 }
716 if (bytes_read < 2) {
717 pr_err("dvb_ca adapter %d: CAM sent a buffer that was less than 2 bytes!\n",
718 ca->dvbdev->adapter->num);
719 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
720 status = -EIO;
721 goto exit;
722 }
723 } else {
724 if (bytes_read > ecount) {
725 pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the ecount size!\n",
726 ca->dvbdev->adapter->num);
727 status = -EIO;
728 goto exit;
729 }
730 }
731
732 /* fill the buffer */
733 for (i = 0; i < bytes_read; i++) {
734 /* read byte and check */
735 status = ca->pub->read_cam_control(ca->pub, slot,
736 CTRLIF_DATA);
737 if (status < 0)
738 goto exit;
739
740 /* OK, store it in the buffer */
741 buf[i] = status;
742 }
743
744 /* check for read error (RE should now be 0) */
745 status = ca->pub->read_cam_control(ca->pub, slot,
746 CTRLIF_STATUS);
747 if (status < 0)
748 goto exit;
749 if (status & STATUSREG_RE) {
750 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
751 status = -EIO;
752 goto exit;
753 }
754 }
755
756 /*
757 * OK, add it to the receive buffer, or copy into external buffer if
758 * supplied
759 */
760 if (!ebuf) {
761 if (!sl->rx_buffer.data) {
762 status = -EIO;
763 goto exit;
764 }
765 dvb_ringbuffer_pkt_write(&sl->rx_buffer, buf, bytes_read);
766 } else {
767 memcpy(ebuf, buf, bytes_read);
768 }
769
770 dprintk("Received CA packet for slot %i connection id 0x%x last_frag:%i size:0x%x\n", slot,
771 buf[0], (buf[1] & 0x80) == 0, bytes_read);
772
773 /* wake up readers when a last_fragment is received */
774 if ((buf[1] & 0x80) == 0x00)
775 wake_up_interruptible(&ca->wait_queue);
776
777 status = bytes_read;
778
779 exit:
780 return status;
781 }
782
783 /**
784 * dvb_ca_en50221_write_data - This function talks to an EN50221 CAM control
785 * interface. It writes a buffer of data to a CAM.
786 *
787 * @ca: CA instance.
788 * @slot: Slot to write to.
789 * @buf: The data in this buffer is treated as a complete link-level packet to
790 * be written.
791 * @bytes_write: Size of ebuf.
792 *
793 * return: Number of bytes written, or < 0 on error.
794 */
795 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
796 u8 *buf, int bytes_write)
797 {
798 struct dvb_ca_slot *sl = &ca->slot_info[slot];
799 int status;
800 int i;
801
802 dprintk("%s\n", __func__);
803
804 /* sanity check */
805 if (bytes_write > sl->link_buf_size)
806 return -EINVAL;
807
808 if (ca->pub->write_data &&
809 (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT))
810 return ca->pub->write_data(ca->pub, slot, buf, bytes_write);
811
812 /*
813 * it is possible we are dealing with a single buffer implementation,
814 * thus if there is data available for read or if there is even a read
815 * already in progress, we do nothing but awake the kernel thread to
816 * process the data if necessary.
817 */
818 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
819 if (status < 0)
820 goto exitnowrite;
821 if (status & (STATUSREG_DA | STATUSREG_RE)) {
822 if (status & STATUSREG_DA)
823 dvb_ca_en50221_thread_wakeup(ca);
824
825 status = -EAGAIN;
826 goto exitnowrite;
827 }
828
829 /* OK, set HC bit */
830 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
831 IRQEN | CMDREG_HC);
832 if (status)
833 goto exit;
834
835 /* check if interface is still free */
836 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
837 if (status < 0)
838 goto exit;
839 if (!(status & STATUSREG_FR)) {
840 /* it wasn't free => try again later */
841 status = -EAGAIN;
842 goto exit;
843 }
844
845 /*
846 * It may need some time for the CAM to settle down, or there might
847 * be a race condition between the CAM, writing HC and our last
848 * check for DA. This happens, if the CAM asserts DA, just after
849 * checking DA before we are setting HC. In this case it might be
850 * a bug in the CAM to keep the FR bit, the lower layer/HW
851 * communication requires a longer timeout or the CAM needs more
852 * time internally. But this happens in reality!
853 * We need to read the status from the HW again and do the same
854 * we did for the previous check for DA
855 */
856 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
857 if (status < 0)
858 goto exit;
859
860 if (status & (STATUSREG_DA | STATUSREG_RE)) {
861 if (status & STATUSREG_DA)
862 dvb_ca_en50221_thread_wakeup(ca);
863
864 status = -EAGAIN;
865 goto exit;
866 }
867
868 /* send the amount of data */
869 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_HIGH,
870 bytes_write >> 8);
871 if (status)
872 goto exit;
873 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_LOW,
874 bytes_write & 0xff);
875 if (status)
876 goto exit;
877
878 /* send the buffer */
879 for (i = 0; i < bytes_write; i++) {
880 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_DATA,
881 buf[i]);
882 if (status)
883 goto exit;
884 }
885
886 /* check for write error (WE should now be 0) */
887 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
888 if (status < 0)
889 goto exit;
890 if (status & STATUSREG_WE) {
891 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
892 status = -EIO;
893 goto exit;
894 }
895 status = bytes_write;
896
897 dprintk("Wrote CA packet for slot %i, connection id 0x%x last_frag:%i size:0x%x\n", slot,
898 buf[0], (buf[1] & 0x80) == 0, bytes_write);
899
900 exit:
901 ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
902
903 exitnowrite:
904 return status;
905 }
906
907 /* ************************************************************************** */
908 /* EN50221 higher level functions */
909
910 /**
911 * dvb_ca_en50221_slot_shutdown - A CAM has been removed => shut it down.
912 *
913 * @ca: CA instance.
914 * @slot: Slot to shut down.
915 */
916 static int dvb_ca_en50221_slot_shutdown(struct dvb_ca_private *ca, int slot)
917 {
918 dprintk("%s\n", __func__);
919
920 ca->pub->slot_shutdown(ca->pub, slot);
921 ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
922
923 /*
924 * need to wake up all processes to check if they're now trying to
925 * write to a defunct CAM
926 */
927 wake_up_interruptible(&ca->wait_queue);
928
929 dprintk("Slot %i shutdown\n", slot);
930
931 /* success */
932 return 0;
933 }
934
935 /**
936 * dvb_ca_en50221_camchange_irq - A CAMCHANGE IRQ has occurred.
937 *
938 * @pubca: CA instance.
939 * @slot: Slot concerned.
940 * @change_type: One of the DVB_CA_CAMCHANGE_* values.
941 */
942 void dvb_ca_en50221_camchange_irq(struct dvb_ca_en50221 *pubca, int slot,
943 int change_type)
944 {
945 struct dvb_ca_private *ca = pubca->private;
946 struct dvb_ca_slot *sl = &ca->slot_info[slot];
947
948 dprintk("CAMCHANGE IRQ slot:%i change_type:%i\n", slot, change_type);
949
950 switch (change_type) {
951 case DVB_CA_EN50221_CAMCHANGE_REMOVED:
952 case DVB_CA_EN50221_CAMCHANGE_INSERTED:
953 break;
954
955 default:
956 return;
957 }
958
959 sl->camchange_type = change_type;
960 atomic_inc(&sl->camchange_count);
961 dvb_ca_en50221_thread_wakeup(ca);
962 }
963 EXPORT_SYMBOL(dvb_ca_en50221_camchange_irq);
964
965 /**
966 * dvb_ca_en50221_camready_irq - A CAMREADY IRQ has occurred.
967 *
968 * @pubca: CA instance.
969 * @slot: Slot concerned.
970 */
971 void dvb_ca_en50221_camready_irq(struct dvb_ca_en50221 *pubca, int slot)
972 {
973 struct dvb_ca_private *ca = pubca->private;
974 struct dvb_ca_slot *sl = &ca->slot_info[slot];
975
976 dprintk("CAMREADY IRQ slot:%i\n", slot);
977
978 if (sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) {
979 sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
980 dvb_ca_en50221_thread_wakeup(ca);
981 }
982 }
983 EXPORT_SYMBOL(dvb_ca_en50221_camready_irq);
984
985 /**
986 * dvb_ca_en50221_frda_irq - An FR or DA IRQ has occurred.
987 *
988 * @pubca: CA instance.
989 * @slot: Slot concerned.
990 */
991 void dvb_ca_en50221_frda_irq(struct dvb_ca_en50221 *pubca, int slot)
992 {
993 struct dvb_ca_private *ca = pubca->private;
994 struct dvb_ca_slot *sl = &ca->slot_info[slot];
995 int flags;
996
997 dprintk("FR/DA IRQ slot:%i\n", slot);
998
999 switch (sl->slot_state) {
1000 case DVB_CA_SLOTSTATE_LINKINIT:
1001 flags = ca->pub->read_cam_control(pubca, slot, CTRLIF_STATUS);
1002 if (flags & STATUSREG_DA) {
1003 dprintk("CAM supports DA IRQ\n");
1004 sl->da_irq_supported = 1;
1005 }
1006 break;
1007
1008 case DVB_CA_SLOTSTATE_RUNNING:
1009 if (ca->open)
1010 dvb_ca_en50221_thread_wakeup(ca);
1011 break;
1012 }
1013 }
1014 EXPORT_SYMBOL(dvb_ca_en50221_frda_irq);
1015
1016 /* ************************************************************************** */
1017 /* EN50221 thread functions */
1018
1019 /**
1020 * Wake up the DVB CA thread
1021 *
1022 * @ca: CA instance.
1023 */
1024 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca)
1025 {
1026 dprintk("%s\n", __func__);
1027
1028 ca->wakeup = 1;
1029 mb();
1030 wake_up_process(ca->thread);
1031 }
1032
1033 /**
1034 * Update the delay used by the thread.
1035 *
1036 * @ca: CA instance.
1037 */
1038 static void dvb_ca_en50221_thread_update_delay(struct dvb_ca_private *ca)
1039 {
1040 int delay;
1041 int curdelay = 100000000;
1042 int slot;
1043
1044 /*
1045 * Beware of too high polling frequency, because one polling
1046 * call might take several hundred milliseconds until timeout!
1047 */
1048 for (slot = 0; slot < ca->slot_count; slot++) {
1049 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1050
1051 switch (sl->slot_state) {
1052 default:
1053 case DVB_CA_SLOTSTATE_NONE:
1054 delay = HZ * 60; /* 60s */
1055 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1056 delay = HZ * 5; /* 5s */
1057 break;
1058 case DVB_CA_SLOTSTATE_INVALID:
1059 delay = HZ * 60; /* 60s */
1060 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1061 delay = HZ / 10; /* 100ms */
1062 break;
1063
1064 case DVB_CA_SLOTSTATE_UNINITIALISED:
1065 case DVB_CA_SLOTSTATE_WAITREADY:
1066 case DVB_CA_SLOTSTATE_VALIDATE:
1067 case DVB_CA_SLOTSTATE_WAITFR:
1068 case DVB_CA_SLOTSTATE_LINKINIT:
1069 delay = HZ / 10; /* 100ms */
1070 break;
1071
1072 case DVB_CA_SLOTSTATE_RUNNING:
1073 delay = HZ * 60; /* 60s */
1074 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1075 delay = HZ / 10; /* 100ms */
1076 if (ca->open) {
1077 if ((!sl->da_irq_supported) ||
1078 (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_DA)))
1079 delay = HZ / 10; /* 100ms */
1080 }
1081 break;
1082 }
1083
1084 if (delay < curdelay)
1085 curdelay = delay;
1086 }
1087
1088 ca->delay = curdelay;
1089 }
1090
1091 /**
1092 * Poll if the CAM is gone.
1093 *
1094 * @ca: CA instance.
1095 * @slot: Slot to process.
1096 * return:: 0 .. no change
1097 * 1 .. CAM state changed
1098 */
1099
1100 static int dvb_ca_en50221_poll_cam_gone(struct dvb_ca_private *ca, int slot)
1101 {
1102 int changed = 0;
1103 int status;
1104
1105 /*
1106 * we need this extra check for annoying interfaces like the
1107 * budget-av
1108 */
1109 if ((!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)) &&
1110 (ca->pub->poll_slot_status)) {
1111 status = ca->pub->poll_slot_status(ca->pub, slot, 0);
1112 if (!(status &
1113 DVB_CA_EN50221_POLL_CAM_PRESENT)) {
1114 ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
1115 dvb_ca_en50221_thread_update_delay(ca);
1116 changed = 1;
1117 }
1118 }
1119 return changed;
1120 }
1121
1122 /**
1123 * Thread state machine for one CA slot to perform the data transfer.
1124 *
1125 * @ca: CA instance.
1126 * @slot: Slot to process.
1127 */
1128 static void dvb_ca_en50221_thread_state_machine(struct dvb_ca_private *ca,
1129 int slot)
1130 {
1131 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1132 int flags;
1133 int pktcount;
1134 void *rxbuf;
1135
1136 mutex_lock(&sl->slot_lock);
1137
1138 /* check the cam status + deal with CAMCHANGEs */
1139 while (dvb_ca_en50221_check_camstatus(ca, slot)) {
1140 /* clear down an old CI slot if necessary */
1141 if (sl->slot_state != DVB_CA_SLOTSTATE_NONE)
1142 dvb_ca_en50221_slot_shutdown(ca, slot);
1143
1144 /* if a CAM is NOW present, initialise it */
1145 if (sl->camchange_type == DVB_CA_EN50221_CAMCHANGE_INSERTED)
1146 sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1147
1148 /* we've handled one CAMCHANGE */
1149 dvb_ca_en50221_thread_update_delay(ca);
1150 atomic_dec(&sl->camchange_count);
1151 }
1152
1153 /* CAM state machine */
1154 switch (sl->slot_state) {
1155 case DVB_CA_SLOTSTATE_NONE:
1156 case DVB_CA_SLOTSTATE_INVALID:
1157 /* no action needed */
1158 break;
1159
1160 case DVB_CA_SLOTSTATE_UNINITIALISED:
1161 sl->slot_state = DVB_CA_SLOTSTATE_WAITREADY;
1162 ca->pub->slot_reset(ca->pub, slot);
1163 sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1164 break;
1165
1166 case DVB_CA_SLOTSTATE_WAITREADY:
1167 if (time_after(jiffies, sl->timeout)) {
1168 pr_err("dvb_ca adaptor %d: PC card did not respond :(\n",
1169 ca->dvbdev->adapter->num);
1170 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1171 dvb_ca_en50221_thread_update_delay(ca);
1172 break;
1173 }
1174 /*
1175 * no other action needed; will automatically change state when
1176 * ready
1177 */
1178 break;
1179
1180 case DVB_CA_SLOTSTATE_VALIDATE:
1181 if (dvb_ca_en50221_parse_attributes(ca, slot) != 0) {
1182 if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1183 break;
1184
1185 pr_err("dvb_ca adapter %d: Invalid PC card inserted :(\n",
1186 ca->dvbdev->adapter->num);
1187 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1188 dvb_ca_en50221_thread_update_delay(ca);
1189 break;
1190 }
1191 if (dvb_ca_en50221_set_configoption(ca, slot) != 0) {
1192 pr_err("dvb_ca adapter %d: Unable to initialise CAM :(\n",
1193 ca->dvbdev->adapter->num);
1194 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1195 dvb_ca_en50221_thread_update_delay(ca);
1196 break;
1197 }
1198 if (ca->pub->write_cam_control(ca->pub, slot,
1199 CTRLIF_COMMAND,
1200 CMDREG_RS) != 0) {
1201 pr_err("dvb_ca adapter %d: Unable to reset CAM IF\n",
1202 ca->dvbdev->adapter->num);
1203 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1204 dvb_ca_en50221_thread_update_delay(ca);
1205 break;
1206 }
1207 dprintk("DVB CAM validated successfully\n");
1208
1209 sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1210 sl->slot_state = DVB_CA_SLOTSTATE_WAITFR;
1211 ca->wakeup = 1;
1212 break;
1213
1214 case DVB_CA_SLOTSTATE_WAITFR:
1215 if (time_after(jiffies, sl->timeout)) {
1216 pr_err("dvb_ca adapter %d: DVB CAM did not respond :(\n",
1217 ca->dvbdev->adapter->num);
1218 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1219 dvb_ca_en50221_thread_update_delay(ca);
1220 break;
1221 }
1222
1223 flags = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
1224 if (flags & STATUSREG_FR) {
1225 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
1226 ca->wakeup = 1;
1227 }
1228 break;
1229
1230 case DVB_CA_SLOTSTATE_LINKINIT:
1231 if (dvb_ca_en50221_link_init(ca, slot) != 0) {
1232 if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1233 break;
1234
1235 pr_err("dvb_ca adapter %d: DVB CAM link initialisation failed :(\n",
1236 ca->dvbdev->adapter->num);
1237 sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1238 dvb_ca_en50221_thread_update_delay(ca);
1239 break;
1240 }
1241
1242 if (!sl->rx_buffer.data) {
1243 rxbuf = vmalloc(RX_BUFFER_SIZE);
1244 if (!rxbuf) {
1245 pr_err("dvb_ca adapter %d: Unable to allocate CAM rx buffer :(\n",
1246 ca->dvbdev->adapter->num);
1247 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1248 dvb_ca_en50221_thread_update_delay(ca);
1249 break;
1250 }
1251 dvb_ringbuffer_init(&sl->rx_buffer, rxbuf,
1252 RX_BUFFER_SIZE);
1253 }
1254
1255 ca->pub->slot_ts_enable(ca->pub, slot);
1256 sl->slot_state = DVB_CA_SLOTSTATE_RUNNING;
1257 dvb_ca_en50221_thread_update_delay(ca);
1258 pr_err("dvb_ca adapter %d: DVB CAM detected and initialised successfully\n",
1259 ca->dvbdev->adapter->num);
1260 break;
1261
1262 case DVB_CA_SLOTSTATE_RUNNING:
1263 if (!ca->open)
1264 break;
1265
1266 /* poll slots for data */
1267 pktcount = 0;
1268 while (dvb_ca_en50221_read_data(ca, slot, NULL, 0) > 0) {
1269 if (!ca->open)
1270 break;
1271
1272 /*
1273 * if a CAMCHANGE occurred at some point, do not do any
1274 * more processing of this slot
1275 */
1276 if (dvb_ca_en50221_check_camstatus(ca, slot)) {
1277 /*
1278 * we don't want to sleep on the next iteration
1279 * so we can handle the cam change
1280 */
1281 ca->wakeup = 1;
1282 break;
1283 }
1284
1285 /* check if we've hit our limit this time */
1286 if (++pktcount >= MAX_RX_PACKETS_PER_ITERATION) {
1287 /*
1288 * don't sleep; there is likely to be more data
1289 * to read
1290 */
1291 ca->wakeup = 1;
1292 break;
1293 }
1294 }
1295 break;
1296 }
1297
1298 mutex_unlock(&sl->slot_lock);
1299 }
1300
1301 /*
1302 * Kernel thread which monitors CA slots for CAM changes, and performs data
1303 * transfers.
1304 */
1305 static int dvb_ca_en50221_thread(void *data)
1306 {
1307 struct dvb_ca_private *ca = data;
1308 int slot;
1309
1310 dprintk("%s\n", __func__);
1311
1312 /* choose the correct initial delay */
1313 dvb_ca_en50221_thread_update_delay(ca);
1314
1315 /* main loop */
1316 while (!kthread_should_stop()) {
1317 /* sleep for a bit */
1318 if (!ca->wakeup) {
1319 set_current_state(TASK_INTERRUPTIBLE);
1320 schedule_timeout(ca->delay);
1321 if (kthread_should_stop())
1322 return 0;
1323 }
1324 ca->wakeup = 0;
1325
1326 /* go through all the slots processing them */
1327 for (slot = 0; slot < ca->slot_count; slot++)
1328 dvb_ca_en50221_thread_state_machine(ca, slot);
1329 }
1330
1331 return 0;
1332 }
1333
1334 /* ************************************************************************** */
1335 /* EN50221 IO interface functions */
1336
1337 /**
1338 * Real ioctl implementation.
1339 * NOTE: CA_SEND_MSG/CA_GET_MSG ioctls have userspace buffers passed to them.
1340 *
1341 * @file: File concerned.
1342 * @cmd: IOCTL command.
1343 * @parg: Associated argument.
1344 *
1345 * return: 0 on success, <0 on error.
1346 */
1347 static int dvb_ca_en50221_io_do_ioctl(struct file *file,
1348 unsigned int cmd, void *parg)
1349 {
1350 struct dvb_device *dvbdev = file->private_data;
1351 struct dvb_ca_private *ca = dvbdev->priv;
1352 int err = 0;
1353 int slot;
1354
1355 dprintk("%s\n", __func__);
1356
1357 if (mutex_lock_interruptible(&ca->ioctl_mutex))
1358 return -ERESTARTSYS;
1359
1360 switch (cmd) {
1361 case CA_RESET:
1362 for (slot = 0; slot < ca->slot_count; slot++) {
1363 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1364
1365 mutex_lock(&sl->slot_lock);
1366 if (sl->slot_state != DVB_CA_SLOTSTATE_NONE) {
1367 dvb_ca_en50221_slot_shutdown(ca, slot);
1368 if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
1369 dvb_ca_en50221_camchange_irq(ca->pub,
1370 slot,
1371 DVB_CA_EN50221_CAMCHANGE_INSERTED);
1372 }
1373 mutex_unlock(&sl->slot_lock);
1374 }
1375 ca->next_read_slot = 0;
1376 dvb_ca_en50221_thread_wakeup(ca);
1377 break;
1378
1379 case CA_GET_CAP: {
1380 struct ca_caps *caps = parg;
1381
1382 caps->slot_num = ca->slot_count;
1383 caps->slot_type = CA_CI_LINK;
1384 caps->descr_num = 0;
1385 caps->descr_type = 0;
1386 break;
1387 }
1388
1389 case CA_GET_SLOT_INFO: {
1390 struct ca_slot_info *info = parg;
1391 struct dvb_ca_slot *sl;
1392
1393 slot = info->num;
1394 if ((slot > ca->slot_count) || (slot < 0)) {
1395 err = -EINVAL;
1396 goto out_unlock;
1397 }
1398
1399 info->type = CA_CI_LINK;
1400 info->flags = 0;
1401 sl = &ca->slot_info[slot];
1402 if ((sl->slot_state != DVB_CA_SLOTSTATE_NONE) &&
1403 (sl->slot_state != DVB_CA_SLOTSTATE_INVALID)) {
1404 info->flags = CA_CI_MODULE_PRESENT;
1405 }
1406 if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING)
1407 info->flags |= CA_CI_MODULE_READY;
1408 break;
1409 }
1410
1411 default:
1412 err = -EINVAL;
1413 break;
1414 }
1415
1416 out_unlock:
1417 mutex_unlock(&ca->ioctl_mutex);
1418 return err;
1419 }
1420
1421 /**
1422 * Wrapper for ioctl implementation.
1423 *
1424 * @file: File concerned.
1425 * @cmd: IOCTL command.
1426 * @arg: Associated argument.
1427 *
1428 * return: 0 on success, <0 on error.
1429 */
1430 static long dvb_ca_en50221_io_ioctl(struct file *file,
1431 unsigned int cmd, unsigned long arg)
1432 {
1433 return dvb_usercopy(file, cmd, arg, dvb_ca_en50221_io_do_ioctl);
1434 }
1435
1436 /**
1437 * Implementation of write() syscall.
1438 *
1439 * @file: File structure.
1440 * @buf: Source buffer.
1441 * @count: Size of source buffer.
1442 * @ppos: Position in file (ignored).
1443 *
1444 * return: Number of bytes read, or <0 on error.
1445 */
1446 static ssize_t dvb_ca_en50221_io_write(struct file *file,
1447 const char __user *buf, size_t count,
1448 loff_t *ppos)
1449 {
1450 struct dvb_device *dvbdev = file->private_data;
1451 struct dvb_ca_private *ca = dvbdev->priv;
1452 struct dvb_ca_slot *sl;
1453 u8 slot, connection_id;
1454 int status;
1455 u8 fragbuf[HOST_LINK_BUF_SIZE];
1456 int fragpos = 0;
1457 int fraglen;
1458 unsigned long timeout;
1459 int written;
1460
1461 dprintk("%s\n", __func__);
1462
1463 /*
1464 * Incoming packet has a 2 byte header.
1465 * hdr[0] = slot_id, hdr[1] = connection_id
1466 */
1467 if (count < 2)
1468 return -EINVAL;
1469
1470 /* extract slot & connection id */
1471 if (copy_from_user(&slot, buf, 1))
1472 return -EFAULT;
1473 if (copy_from_user(&connection_id, buf + 1, 1))
1474 return -EFAULT;
1475 buf += 2;
1476 count -= 2;
1477
1478 if (slot >= ca->slot_count)
1479 return -EINVAL;
1480 slot = array_index_nospec(slot, ca->slot_count);
1481 sl = &ca->slot_info[slot];
1482
1483 /* check if the slot is actually running */
1484 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1485 return -EINVAL;
1486
1487 /* fragment the packets & store in the buffer */
1488 while (fragpos < count) {
1489 fraglen = sl->link_buf_size - 2;
1490 if (fraglen < 0)
1491 break;
1492 if (fraglen > HOST_LINK_BUF_SIZE - 2)
1493 fraglen = HOST_LINK_BUF_SIZE - 2;
1494 if ((count - fragpos) < fraglen)
1495 fraglen = count - fragpos;
1496
1497 fragbuf[0] = connection_id;
1498 fragbuf[1] = ((fragpos + fraglen) < count) ? 0x80 : 0x00;
1499 status = copy_from_user(fragbuf + 2, buf + fragpos, fraglen);
1500 if (status) {
1501 status = -EFAULT;
1502 goto exit;
1503 }
1504
1505 timeout = jiffies + HZ / 2;
1506 written = 0;
1507 while (!time_after(jiffies, timeout)) {
1508 /*
1509 * check the CAM hasn't been removed/reset in the
1510 * meantime
1511 */
1512 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING) {
1513 status = -EIO;
1514 goto exit;
1515 }
1516
1517 mutex_lock(&sl->slot_lock);
1518 status = dvb_ca_en50221_write_data(ca, slot, fragbuf,
1519 fraglen + 2);
1520 mutex_unlock(&sl->slot_lock);
1521 if (status == (fraglen + 2)) {
1522 written = 1;
1523 break;
1524 }
1525 if (status != -EAGAIN)
1526 goto exit;
1527
1528 usleep_range(1000, 1100);
1529 }
1530 if (!written) {
1531 status = -EIO;
1532 goto exit;
1533 }
1534
1535 fragpos += fraglen;
1536 }
1537 status = count + 2;
1538
1539 exit:
1540 return status;
1541 }
1542
1543 /*
1544 * Condition for waking up in dvb_ca_en50221_io_read_condition
1545 */
1546 static int dvb_ca_en50221_io_read_condition(struct dvb_ca_private *ca,
1547 int *result, int *_slot)
1548 {
1549 int slot;
1550 int slot_count = 0;
1551 int idx;
1552 size_t fraglen;
1553 int connection_id = -1;
1554 int found = 0;
1555 u8 hdr[2];
1556
1557 slot = ca->next_read_slot;
1558 while ((slot_count < ca->slot_count) && (!found)) {
1559 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1560
1561 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1562 goto nextslot;
1563
1564 if (!sl->rx_buffer.data)
1565 return 0;
1566
1567 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1568 while (idx != -1) {
1569 dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1570 if (connection_id == -1)
1571 connection_id = hdr[0];
1572 if ((hdr[0] == connection_id) &&
1573 ((hdr[1] & 0x80) == 0)) {
1574 *_slot = slot;
1575 found = 1;
1576 break;
1577 }
1578
1579 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx,
1580 &fraglen);
1581 }
1582
1583 nextslot:
1584 slot = (slot + 1) % ca->slot_count;
1585 slot_count++;
1586 }
1587
1588 ca->next_read_slot = slot;
1589 return found;
1590 }
1591
1592 /**
1593 * Implementation of read() syscall.
1594 *
1595 * @file: File structure.
1596 * @buf: Destination buffer.
1597 * @count: Size of destination buffer.
1598 * @ppos: Position in file (ignored).
1599 *
1600 * return: Number of bytes read, or <0 on error.
1601 */
1602 static ssize_t dvb_ca_en50221_io_read(struct file *file, char __user *buf,
1603 size_t count, loff_t *ppos)
1604 {
1605 struct dvb_device *dvbdev = file->private_data;
1606 struct dvb_ca_private *ca = dvbdev->priv;
1607 struct dvb_ca_slot *sl;
1608 int status;
1609 int result = 0;
1610 u8 hdr[2];
1611 int slot;
1612 int connection_id = -1;
1613 size_t idx, idx2;
1614 int last_fragment = 0;
1615 size_t fraglen;
1616 int pktlen;
1617 int dispose = 0;
1618
1619 dprintk("%s\n", __func__);
1620
1621 /*
1622 * Outgoing packet has a 2 byte header.
1623 * hdr[0] = slot_id, hdr[1] = connection_id
1624 */
1625 if (count < 2)
1626 return -EINVAL;
1627
1628 /* wait for some data */
1629 status = dvb_ca_en50221_io_read_condition(ca, &result, &slot);
1630 if (status == 0) {
1631 /* if we're in nonblocking mode, exit immediately */
1632 if (file->f_flags & O_NONBLOCK)
1633 return -EWOULDBLOCK;
1634
1635 /* wait for some data */
1636 status = wait_event_interruptible(ca->wait_queue,
1637 dvb_ca_en50221_io_read_condition
1638 (ca, &result, &slot));
1639 }
1640 if ((status < 0) || (result < 0)) {
1641 if (result)
1642 return result;
1643 return status;
1644 }
1645
1646 sl = &ca->slot_info[slot];
1647 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1648 pktlen = 2;
1649 do {
1650 if (idx == -1) {
1651 pr_err("dvb_ca adapter %d: BUG: read packet ended before last_fragment encountered\n",
1652 ca->dvbdev->adapter->num);
1653 status = -EIO;
1654 goto exit;
1655 }
1656
1657 dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1658 if (connection_id == -1)
1659 connection_id = hdr[0];
1660 if (hdr[0] == connection_id) {
1661 if (pktlen < count) {
1662 if ((pktlen + fraglen - 2) > count)
1663 fraglen = count - pktlen;
1664 else
1665 fraglen -= 2;
1666
1667 status =
1668 dvb_ringbuffer_pkt_read_user(&sl->rx_buffer,
1669 idx, 2,
1670 buf + pktlen,
1671 fraglen);
1672 if (status < 0)
1673 goto exit;
1674
1675 pktlen += fraglen;
1676 }
1677
1678 if ((hdr[1] & 0x80) == 0)
1679 last_fragment = 1;
1680 dispose = 1;
1681 }
1682
1683 idx2 = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx, &fraglen);
1684 if (dispose)
1685 dvb_ringbuffer_pkt_dispose(&sl->rx_buffer, idx);
1686 idx = idx2;
1687 dispose = 0;
1688 } while (!last_fragment);
1689
1690 hdr[0] = slot;
1691 hdr[1] = connection_id;
1692 status = copy_to_user(buf, hdr, 2);
1693 if (status) {
1694 status = -EFAULT;
1695 goto exit;
1696 }
1697 status = pktlen;
1698
1699 exit:
1700 return status;
1701 }
1702
1703 /**
1704 * Implementation of file open syscall.
1705 *
1706 * @inode: Inode concerned.
1707 * @file: File concerned.
1708 *
1709 * return: 0 on success, <0 on failure.
1710 */
1711 static int dvb_ca_en50221_io_open(struct inode *inode, struct file *file)
1712 {
1713 struct dvb_device *dvbdev = file->private_data;
1714 struct dvb_ca_private *ca = dvbdev->priv;
1715 int err;
1716 int i;
1717
1718 dprintk("%s\n", __func__);
1719
1720 if (!try_module_get(ca->pub->owner))
1721 return -EIO;
1722
1723 err = dvb_generic_open(inode, file);
1724 if (err < 0) {
1725 module_put(ca->pub->owner);
1726 return err;
1727 }
1728
1729 for (i = 0; i < ca->slot_count; i++) {
1730 struct dvb_ca_slot *sl = &ca->slot_info[i];
1731
1732 if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING) {
1733 if (!sl->rx_buffer.data) {
1734 /*
1735 * it is safe to call this here without locks
1736 * because ca->open == 0. Data is not read in
1737 * this case
1738 */
1739 dvb_ringbuffer_flush(&sl->rx_buffer);
1740 }
1741 }
1742 }
1743
1744 ca->open = 1;
1745 dvb_ca_en50221_thread_update_delay(ca);
1746 dvb_ca_en50221_thread_wakeup(ca);
1747
1748 dvb_ca_private_get(ca);
1749
1750 return 0;
1751 }
1752
1753 /**
1754 * Implementation of file close syscall.
1755 *
1756 * @inode: Inode concerned.
1757 * @file: File concerned.
1758 *
1759 * return: 0 on success, <0 on failure.
1760 */
1761 static int dvb_ca_en50221_io_release(struct inode *inode, struct file *file)
1762 {
1763 struct dvb_device *dvbdev = file->private_data;
1764 struct dvb_ca_private *ca = dvbdev->priv;
1765 int err;
1766
1767 dprintk("%s\n", __func__);
1768
1769 /* mark the CA device as closed */
1770 ca->open = 0;
1771 dvb_ca_en50221_thread_update_delay(ca);
1772
1773 err = dvb_generic_release(inode, file);
1774
1775 module_put(ca->pub->owner);
1776
1777 dvb_ca_private_put(ca);
1778
1779 return err;
1780 }
1781
1782 /**
1783 * Implementation of poll() syscall.
1784 *
1785 * @file: File concerned.
1786 * @wait: poll wait table.
1787 *
1788 * return: Standard poll mask.
1789 */
1790 static unsigned int dvb_ca_en50221_io_poll(struct file *file, poll_table *wait)
1791 {
1792 struct dvb_device *dvbdev = file->private_data;
1793 struct dvb_ca_private *ca = dvbdev->priv;
1794 unsigned int mask = 0;
1795 int slot;
1796 int result = 0;
1797
1798 dprintk("%s\n", __func__);
1799
1800 if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1801 mask |= POLLIN;
1802
1803 /* if there is something, return now */
1804 if (mask)
1805 return mask;
1806
1807 /* wait for something to happen */
1808 poll_wait(file, &ca->wait_queue, wait);
1809
1810 if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1811 mask |= POLLIN;
1812
1813 return mask;
1814 }
1815
1816 static const struct file_operations dvb_ca_fops = {
1817 .owner = THIS_MODULE,
1818 .read = dvb_ca_en50221_io_read,
1819 .write = dvb_ca_en50221_io_write,
1820 .unlocked_ioctl = dvb_ca_en50221_io_ioctl,
1821 .open = dvb_ca_en50221_io_open,
1822 .release = dvb_ca_en50221_io_release,
1823 .poll = dvb_ca_en50221_io_poll,
1824 .llseek = noop_llseek,
1825 };
1826
1827 static const struct dvb_device dvbdev_ca = {
1828 .priv = NULL,
1829 .users = 1,
1830 .readers = 1,
1831 .writers = 1,
1832 #if defined(CONFIG_MEDIA_CONTROLLER_DVB)
1833 .name = "dvb-ca-en50221",
1834 #endif
1835 .fops = &dvb_ca_fops,
1836 };
1837
1838 /* ************************************************************************** */
1839 /* Initialisation/shutdown functions */
1840
1841 /**
1842 * Initialise a new DVB CA EN50221 interface device.
1843 *
1844 * @dvb_adapter: DVB adapter to attach the new CA device to.
1845 * @pubca: The dvb_ca instance.
1846 * @flags: Flags describing the CA device (DVB_CA_FLAG_*).
1847 * @slot_count: Number of slots supported.
1848 *
1849 * return: 0 on success, nonzero on failure
1850 */
1851 int dvb_ca_en50221_init(struct dvb_adapter *dvb_adapter,
1852 struct dvb_ca_en50221 *pubca, int flags, int slot_count)
1853 {
1854 int ret;
1855 struct dvb_ca_private *ca = NULL;
1856 int i;
1857
1858 dprintk("%s\n", __func__);
1859
1860 if (slot_count < 1)
1861 return -EINVAL;
1862
1863 /* initialise the system data */
1864 ca = kzalloc(sizeof(*ca), GFP_KERNEL);
1865 if (!ca) {
1866 ret = -ENOMEM;
1867 goto exit;
1868 }
1869 kref_init(&ca->refcount);
1870 ca->pub = pubca;
1871 ca->flags = flags;
1872 ca->slot_count = slot_count;
1873 ca->slot_info = kcalloc(slot_count, sizeof(struct dvb_ca_slot),
1874 GFP_KERNEL);
1875 if (!ca->slot_info) {
1876 ret = -ENOMEM;
1877 goto free_ca;
1878 }
1879 init_waitqueue_head(&ca->wait_queue);
1880 ca->open = 0;
1881 ca->wakeup = 0;
1882 ca->next_read_slot = 0;
1883 pubca->private = ca;
1884
1885 /* register the DVB device */
1886 ret = dvb_register_device(dvb_adapter, &ca->dvbdev, &dvbdev_ca, ca,
1887 DVB_DEVICE_CA, 0);
1888 if (ret)
1889 goto free_slot_info;
1890
1891 /* now initialise each slot */
1892 for (i = 0; i < slot_count; i++) {
1893 struct dvb_ca_slot *sl = &ca->slot_info[i];
1894
1895 memset(sl, 0, sizeof(struct dvb_ca_slot));
1896 sl->slot_state = DVB_CA_SLOTSTATE_NONE;
1897 atomic_set(&sl->camchange_count, 0);
1898 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
1899 mutex_init(&sl->slot_lock);
1900 }
1901
1902 mutex_init(&ca->ioctl_mutex);
1903
1904 if (signal_pending(current)) {
1905 ret = -EINTR;
1906 goto unregister_device;
1907 }
1908 mb();
1909
1910 /* create a kthread for monitoring this CA device */
1911 ca->thread = kthread_run(dvb_ca_en50221_thread, ca, "kdvb-ca-%i:%i",
1912 ca->dvbdev->adapter->num, ca->dvbdev->id);
1913 if (IS_ERR(ca->thread)) {
1914 ret = PTR_ERR(ca->thread);
1915 pr_err("dvb_ca_init: failed to start kernel_thread (%d)\n",
1916 ret);
1917 goto unregister_device;
1918 }
1919 return 0;
1920
1921 unregister_device:
1922 dvb_unregister_device(ca->dvbdev);
1923 free_slot_info:
1924 kfree(ca->slot_info);
1925 free_ca:
1926 kfree(ca);
1927 exit:
1928 pubca->private = NULL;
1929 return ret;
1930 }
1931 EXPORT_SYMBOL(dvb_ca_en50221_init);
1932
1933 /**
1934 * Release a DVB CA EN50221 interface device.
1935 *
1936 * @pubca: The associated dvb_ca instance.
1937 */
1938 void dvb_ca_en50221_release(struct dvb_ca_en50221 *pubca)
1939 {
1940 struct dvb_ca_private *ca = pubca->private;
1941 int i;
1942
1943 dprintk("%s\n", __func__);
1944
1945 /* shutdown the thread if there was one */
1946 kthread_stop(ca->thread);
1947
1948 for (i = 0; i < ca->slot_count; i++)
1949 dvb_ca_en50221_slot_shutdown(ca, i);
1950
1951 dvb_remove_device(ca->dvbdev);
1952 dvb_ca_private_put(ca);
1953 pubca->private = NULL;
1954 }
1955 EXPORT_SYMBOL(dvb_ca_en50221_release);
ubuntu-bionic-kernel mirror