core-cdev.c revision 3e0b5f0d7cb5fef402517e41eebff5a0f0e65a13
1/* 2 * Char device for device raw access 3 * 4 * Copyright (C) 2005-2007 Kristian Hoegsberg <krh@bitplanet.net> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software Foundation, 18 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 */ 20 21#include <linux/module.h> 22#include <linux/kernel.h> 23#include <linux/wait.h> 24#include <linux/errno.h> 25#include <linux/device.h> 26#include <linux/vmalloc.h> 27#include <linux/mutex.h> 28#include <linux/poll.h> 29#include <linux/preempt.h> 30#include <linux/time.h> 31#include <linux/spinlock.h> 32#include <linux/delay.h> 33#include <linux/mm.h> 34#include <linux/idr.h> 35#include <linux/compat.h> 36#include <linux/firewire-cdev.h> 37#include <asm/system.h> 38#include <asm/uaccess.h> 39#include "fw-transaction.h" 40#include "fw-topology.h" 41#include "fw-device.h" 42 43struct client; 44struct client_resource; 45typedef void (*client_resource_release_fn_t)(struct client *, 46 struct client_resource *); 47struct client_resource { 48 client_resource_release_fn_t release; 49 int handle; 50}; 51 52/* 53 * dequeue_event() just kfree()'s the event, so the event has to be 54 * the first field in the struct. 55 */ 56 57struct event { 58 struct { void *data; size_t size; } v[2]; 59 struct list_head link; 60}; 61 62struct bus_reset { 63 struct event event; 64 struct fw_cdev_event_bus_reset reset; 65}; 66 67struct response { 68 struct event event; 69 struct fw_transaction transaction; 70 struct client *client; 71 struct client_resource resource; 72 struct fw_cdev_event_response response; 73}; 74 75struct iso_interrupt { 76 struct event event; 77 struct fw_cdev_event_iso_interrupt interrupt; 78}; 79 80struct client { 81 u32 version; 82 struct fw_device *device; 83 84 spinlock_t lock; 85 bool in_shutdown; 86 struct idr resource_idr; 87 struct list_head event_list; 88 wait_queue_head_t wait; 89 u64 bus_reset_closure; 90 91 struct fw_iso_context *iso_context; 92 u64 iso_closure; 93 struct fw_iso_buffer buffer; 94 unsigned long vm_start; 95 96 struct list_head link; 97}; 98 99static inline void __user * 100u64_to_uptr(__u64 value) 101{ 102 return (void __user *)(unsigned long)value; 103} 104 105static inline __u64 106uptr_to_u64(void __user *ptr) 107{ 108 return (__u64)(unsigned long)ptr; 109} 110 111static int fw_device_op_open(struct inode *inode, struct file *file) 112{ 113 struct fw_device *device; 114 struct client *client; 115 116 device = fw_device_get_by_devt(inode->i_rdev); 117 if (device == NULL) 118 return -ENODEV; 119 120 if (fw_device_is_shutdown(device)) { 121 fw_device_put(device); 122 return -ENODEV; 123 } 124 125 client = kzalloc(sizeof(*client), GFP_KERNEL); 126 if (client == NULL) { 127 fw_device_put(device); 128 return -ENOMEM; 129 } 130 131 client->device = device; 132 spin_lock_init(&client->lock); 133 idr_init(&client->resource_idr); 134 INIT_LIST_HEAD(&client->event_list); 135 init_waitqueue_head(&client->wait); 136 137 file->private_data = client; 138 139 mutex_lock(&device->client_list_mutex); 140 list_add_tail(&client->link, &device->client_list); 141 mutex_unlock(&device->client_list_mutex); 142 143 return 0; 144} 145 146static void queue_event(struct client *client, struct event *event, 147 void *data0, size_t size0, void *data1, size_t size1) 148{ 149 unsigned long flags; 150 151 event->v[0].data = data0; 152 event->v[0].size = size0; 153 event->v[1].data = data1; 154 event->v[1].size = size1; 155 156 spin_lock_irqsave(&client->lock, flags); 157 if (client->in_shutdown) 158 kfree(event); 159 else 160 list_add_tail(&event->link, &client->event_list); 161 spin_unlock_irqrestore(&client->lock, flags); 162 163 wake_up_interruptible(&client->wait); 164} 165 166static int 167dequeue_event(struct client *client, char __user *buffer, size_t count) 168{ 169 unsigned long flags; 170 struct event *event; 171 size_t size, total; 172 int i, retval; 173 174 retval = wait_event_interruptible(client->wait, 175 !list_empty(&client->event_list) || 176 fw_device_is_shutdown(client->device)); 177 if (retval < 0) 178 return retval; 179 180 if (list_empty(&client->event_list) && 181 fw_device_is_shutdown(client->device)) 182 return -ENODEV; 183 184 spin_lock_irqsave(&client->lock, flags); 185 event = container_of(client->event_list.next, struct event, link); 186 list_del(&event->link); 187 spin_unlock_irqrestore(&client->lock, flags); 188 189 total = 0; 190 for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) { 191 size = min(event->v[i].size, count - total); 192 if (copy_to_user(buffer + total, event->v[i].data, size)) { 193 retval = -EFAULT; 194 goto out; 195 } 196 total += size; 197 } 198 retval = total; 199 200 out: 201 kfree(event); 202 203 return retval; 204} 205 206static ssize_t 207fw_device_op_read(struct file *file, 208 char __user *buffer, size_t count, loff_t *offset) 209{ 210 struct client *client = file->private_data; 211 212 return dequeue_event(client, buffer, count); 213} 214 215static void 216fill_bus_reset_event(struct fw_cdev_event_bus_reset *event, 217 struct client *client) 218{ 219 struct fw_card *card = client->device->card; 220 unsigned long flags; 221 222 spin_lock_irqsave(&card->lock, flags); 223 224 event->closure = client->bus_reset_closure; 225 event->type = FW_CDEV_EVENT_BUS_RESET; 226 event->generation = client->device->generation; 227 event->node_id = client->device->node_id; 228 event->local_node_id = card->local_node->node_id; 229 event->bm_node_id = 0; /* FIXME: We don't track the BM. */ 230 event->irm_node_id = card->irm_node->node_id; 231 event->root_node_id = card->root_node->node_id; 232 233 spin_unlock_irqrestore(&card->lock, flags); 234} 235 236static void 237for_each_client(struct fw_device *device, 238 void (*callback)(struct client *client)) 239{ 240 struct client *c; 241 242 mutex_lock(&device->client_list_mutex); 243 list_for_each_entry(c, &device->client_list, link) 244 callback(c); 245 mutex_unlock(&device->client_list_mutex); 246} 247 248static void 249queue_bus_reset_event(struct client *client) 250{ 251 struct bus_reset *bus_reset; 252 253 bus_reset = kzalloc(sizeof(*bus_reset), GFP_KERNEL); 254 if (bus_reset == NULL) { 255 fw_notify("Out of memory when allocating bus reset event\n"); 256 return; 257 } 258 259 fill_bus_reset_event(&bus_reset->reset, client); 260 261 queue_event(client, &bus_reset->event, 262 &bus_reset->reset, sizeof(bus_reset->reset), NULL, 0); 263} 264 265void fw_device_cdev_update(struct fw_device *device) 266{ 267 for_each_client(device, queue_bus_reset_event); 268} 269 270static void wake_up_client(struct client *client) 271{ 272 wake_up_interruptible(&client->wait); 273} 274 275void fw_device_cdev_remove(struct fw_device *device) 276{ 277 for_each_client(device, wake_up_client); 278} 279 280static int ioctl_get_info(struct client *client, void *buffer) 281{ 282 struct fw_cdev_get_info *get_info = buffer; 283 struct fw_cdev_event_bus_reset bus_reset; 284 unsigned long ret = 0; 285 286 client->version = get_info->version; 287 get_info->version = FW_CDEV_VERSION; 288 get_info->card = client->device->card->index; 289 290 down_read(&fw_device_rwsem); 291 292 if (get_info->rom != 0) { 293 void __user *uptr = u64_to_uptr(get_info->rom); 294 size_t want = get_info->rom_length; 295 size_t have = client->device->config_rom_length * 4; 296 297 ret = copy_to_user(uptr, client->device->config_rom, 298 min(want, have)); 299 } 300 get_info->rom_length = client->device->config_rom_length * 4; 301 302 up_read(&fw_device_rwsem); 303 304 if (ret != 0) 305 return -EFAULT; 306 307 client->bus_reset_closure = get_info->bus_reset_closure; 308 if (get_info->bus_reset != 0) { 309 void __user *uptr = u64_to_uptr(get_info->bus_reset); 310 311 fill_bus_reset_event(&bus_reset, client); 312 if (copy_to_user(uptr, &bus_reset, sizeof(bus_reset))) 313 return -EFAULT; 314 } 315 316 return 0; 317} 318 319static int 320add_client_resource(struct client *client, struct client_resource *resource, 321 gfp_t gfp_mask) 322{ 323 unsigned long flags; 324 int ret; 325 326 retry: 327 if (idr_pre_get(&client->resource_idr, gfp_mask) == 0) 328 return -ENOMEM; 329 330 spin_lock_irqsave(&client->lock, flags); 331 if (client->in_shutdown) 332 ret = -ECANCELED; 333 else 334 ret = idr_get_new(&client->resource_idr, resource, 335 &resource->handle); 336 spin_unlock_irqrestore(&client->lock, flags); 337 338 if (ret == -EAGAIN) 339 goto retry; 340 341 return ret < 0 ? ret : 0; 342} 343 344static int 345release_client_resource(struct client *client, u32 handle, 346 client_resource_release_fn_t release, 347 struct client_resource **resource) 348{ 349 struct client_resource *r; 350 unsigned long flags; 351 352 spin_lock_irqsave(&client->lock, flags); 353 if (client->in_shutdown) 354 r = NULL; 355 else 356 r = idr_find(&client->resource_idr, handle); 357 if (r && r->release == release) 358 idr_remove(&client->resource_idr, handle); 359 spin_unlock_irqrestore(&client->lock, flags); 360 361 if (!(r && r->release == release)) 362 return -EINVAL; 363 364 if (resource) 365 *resource = r; 366 else 367 r->release(client, r); 368 369 return 0; 370} 371 372static void 373release_transaction(struct client *client, struct client_resource *resource) 374{ 375 struct response *response = 376 container_of(resource, struct response, resource); 377 378 fw_cancel_transaction(client->device->card, &response->transaction); 379} 380 381static void 382complete_transaction(struct fw_card *card, int rcode, 383 void *payload, size_t length, void *data) 384{ 385 struct response *response = data; 386 struct client *client = response->client; 387 unsigned long flags; 388 struct fw_cdev_event_response *r = &response->response; 389 390 if (length < r->length) 391 r->length = length; 392 if (rcode == RCODE_COMPLETE) 393 memcpy(r->data, payload, r->length); 394 395 spin_lock_irqsave(&client->lock, flags); 396 /* 397 * If called while in shutdown, the idr tree must be left untouched. 398 * The idr handle will be removed later. 399 */ 400 if (!client->in_shutdown) 401 idr_remove(&client->resource_idr, response->resource.handle); 402 spin_unlock_irqrestore(&client->lock, flags); 403 404 r->type = FW_CDEV_EVENT_RESPONSE; 405 r->rcode = rcode; 406 407 /* 408 * In the case that sizeof(*r) doesn't align with the position of the 409 * data, and the read is short, preserve an extra copy of the data 410 * to stay compatible with a pre-2.6.27 bug. Since the bug is harmless 411 * for short reads and some apps depended on it, this is both safe 412 * and prudent for compatibility. 413 */ 414 if (r->length <= sizeof(*r) - offsetof(typeof(*r), data)) 415 queue_event(client, &response->event, r, sizeof(*r), 416 r->data, r->length); 417 else 418 queue_event(client, &response->event, r, sizeof(*r) + r->length, 419 NULL, 0); 420} 421 422static int ioctl_send_request(struct client *client, void *buffer) 423{ 424 struct fw_device *device = client->device; 425 struct fw_cdev_send_request *request = buffer; 426 struct response *response; 427 int ret; 428 429 /* What is the biggest size we'll accept, really? */ 430 if (request->length > 4096) 431 return -EINVAL; 432 433 response = kmalloc(sizeof(*response) + request->length, GFP_KERNEL); 434 if (response == NULL) 435 return -ENOMEM; 436 437 response->client = client; 438 response->response.length = request->length; 439 response->response.closure = request->closure; 440 441 if (request->data && 442 copy_from_user(response->response.data, 443 u64_to_uptr(request->data), request->length)) { 444 ret = -EFAULT; 445 goto failed; 446 } 447 448 switch (request->tcode) { 449 case TCODE_WRITE_QUADLET_REQUEST: 450 case TCODE_WRITE_BLOCK_REQUEST: 451 case TCODE_READ_QUADLET_REQUEST: 452 case TCODE_READ_BLOCK_REQUEST: 453 case TCODE_LOCK_MASK_SWAP: 454 case TCODE_LOCK_COMPARE_SWAP: 455 case TCODE_LOCK_FETCH_ADD: 456 case TCODE_LOCK_LITTLE_ADD: 457 case TCODE_LOCK_BOUNDED_ADD: 458 case TCODE_LOCK_WRAP_ADD: 459 case TCODE_LOCK_VENDOR_DEPENDENT: 460 break; 461 default: 462 ret = -EINVAL; 463 goto failed; 464 } 465 466 response->resource.release = release_transaction; 467 ret = add_client_resource(client, &response->resource, GFP_KERNEL); 468 if (ret < 0) 469 goto failed; 470 471 fw_send_request(device->card, &response->transaction, 472 request->tcode & 0x1f, 473 device->node->node_id, 474 request->generation, 475 device->max_speed, 476 request->offset, 477 response->response.data, request->length, 478 complete_transaction, response); 479 480 if (request->data) 481 return sizeof(request) + request->length; 482 else 483 return sizeof(request); 484 failed: 485 kfree(response); 486 487 return ret; 488} 489 490struct address_handler { 491 struct fw_address_handler handler; 492 __u64 closure; 493 struct client *client; 494 struct client_resource resource; 495}; 496 497struct request { 498 struct fw_request *request; 499 void *data; 500 size_t length; 501 struct client_resource resource; 502}; 503 504struct request_event { 505 struct event event; 506 struct fw_cdev_event_request request; 507}; 508 509static void 510release_request(struct client *client, struct client_resource *resource) 511{ 512 struct request *request = 513 container_of(resource, struct request, resource); 514 515 fw_send_response(client->device->card, request->request, 516 RCODE_CONFLICT_ERROR); 517 kfree(request); 518} 519 520static void 521handle_request(struct fw_card *card, struct fw_request *r, 522 int tcode, int destination, int source, 523 int generation, int speed, 524 unsigned long long offset, 525 void *payload, size_t length, void *callback_data) 526{ 527 struct address_handler *handler = callback_data; 528 struct request *request; 529 struct request_event *e; 530 struct client *client = handler->client; 531 int ret; 532 533 request = kmalloc(sizeof(*request), GFP_ATOMIC); 534 e = kmalloc(sizeof(*e), GFP_ATOMIC); 535 if (request == NULL || e == NULL) 536 goto failed; 537 538 request->request = r; 539 request->data = payload; 540 request->length = length; 541 542 request->resource.release = release_request; 543 ret = add_client_resource(client, &request->resource, GFP_ATOMIC); 544 if (ret < 0) 545 goto failed; 546 547 e->request.type = FW_CDEV_EVENT_REQUEST; 548 e->request.tcode = tcode; 549 e->request.offset = offset; 550 e->request.length = length; 551 e->request.handle = request->resource.handle; 552 e->request.closure = handler->closure; 553 554 queue_event(client, &e->event, 555 &e->request, sizeof(e->request), payload, length); 556 return; 557 558 failed: 559 kfree(request); 560 kfree(e); 561 fw_send_response(card, r, RCODE_CONFLICT_ERROR); 562} 563 564static void 565release_address_handler(struct client *client, 566 struct client_resource *resource) 567{ 568 struct address_handler *handler = 569 container_of(resource, struct address_handler, resource); 570 571 fw_core_remove_address_handler(&handler->handler); 572 kfree(handler); 573} 574 575static int ioctl_allocate(struct client *client, void *buffer) 576{ 577 struct fw_cdev_allocate *request = buffer; 578 struct address_handler *handler; 579 struct fw_address_region region; 580 int ret; 581 582 handler = kmalloc(sizeof(*handler), GFP_KERNEL); 583 if (handler == NULL) 584 return -ENOMEM; 585 586 region.start = request->offset; 587 region.end = request->offset + request->length; 588 handler->handler.length = request->length; 589 handler->handler.address_callback = handle_request; 590 handler->handler.callback_data = handler; 591 handler->closure = request->closure; 592 handler->client = client; 593 594 ret = fw_core_add_address_handler(&handler->handler, ®ion); 595 if (ret < 0) { 596 kfree(handler); 597 return ret; 598 } 599 600 handler->resource.release = release_address_handler; 601 ret = add_client_resource(client, &handler->resource, GFP_KERNEL); 602 if (ret < 0) { 603 release_address_handler(client, &handler->resource); 604 return ret; 605 } 606 request->handle = handler->resource.handle; 607 608 return 0; 609} 610 611static int ioctl_deallocate(struct client *client, void *buffer) 612{ 613 struct fw_cdev_deallocate *request = buffer; 614 615 return release_client_resource(client, request->handle, 616 release_address_handler, NULL); 617} 618 619static int ioctl_send_response(struct client *client, void *buffer) 620{ 621 struct fw_cdev_send_response *request = buffer; 622 struct client_resource *resource; 623 struct request *r; 624 625 if (release_client_resource(client, request->handle, 626 release_request, &resource) < 0) 627 return -EINVAL; 628 629 r = container_of(resource, struct request, resource); 630 if (request->length < r->length) 631 r->length = request->length; 632 if (copy_from_user(r->data, u64_to_uptr(request->data), r->length)) 633 return -EFAULT; 634 635 fw_send_response(client->device->card, r->request, request->rcode); 636 kfree(r); 637 638 return 0; 639} 640 641static int ioctl_initiate_bus_reset(struct client *client, void *buffer) 642{ 643 struct fw_cdev_initiate_bus_reset *request = buffer; 644 int short_reset; 645 646 short_reset = (request->type == FW_CDEV_SHORT_RESET); 647 648 return fw_core_initiate_bus_reset(client->device->card, short_reset); 649} 650 651struct descriptor { 652 struct fw_descriptor d; 653 struct client_resource resource; 654 u32 data[0]; 655}; 656 657static void release_descriptor(struct client *client, 658 struct client_resource *resource) 659{ 660 struct descriptor *descriptor = 661 container_of(resource, struct descriptor, resource); 662 663 fw_core_remove_descriptor(&descriptor->d); 664 kfree(descriptor); 665} 666 667static int ioctl_add_descriptor(struct client *client, void *buffer) 668{ 669 struct fw_cdev_add_descriptor *request = buffer; 670 struct descriptor *descriptor; 671 int ret; 672 673 if (request->length > 256) 674 return -EINVAL; 675 676 descriptor = 677 kmalloc(sizeof(*descriptor) + request->length * 4, GFP_KERNEL); 678 if (descriptor == NULL) 679 return -ENOMEM; 680 681 if (copy_from_user(descriptor->data, 682 u64_to_uptr(request->data), request->length * 4)) { 683 ret = -EFAULT; 684 goto failed; 685 } 686 687 descriptor->d.length = request->length; 688 descriptor->d.immediate = request->immediate; 689 descriptor->d.key = request->key; 690 descriptor->d.data = descriptor->data; 691 692 ret = fw_core_add_descriptor(&descriptor->d); 693 if (ret < 0) 694 goto failed; 695 696 descriptor->resource.release = release_descriptor; 697 ret = add_client_resource(client, &descriptor->resource, GFP_KERNEL); 698 if (ret < 0) { 699 fw_core_remove_descriptor(&descriptor->d); 700 goto failed; 701 } 702 request->handle = descriptor->resource.handle; 703 704 return 0; 705 failed: 706 kfree(descriptor); 707 708 return ret; 709} 710 711static int ioctl_remove_descriptor(struct client *client, void *buffer) 712{ 713 struct fw_cdev_remove_descriptor *request = buffer; 714 715 return release_client_resource(client, request->handle, 716 release_descriptor, NULL); 717} 718 719static void 720iso_callback(struct fw_iso_context *context, u32 cycle, 721 size_t header_length, void *header, void *data) 722{ 723 struct client *client = data; 724 struct iso_interrupt *irq; 725 726 irq = kzalloc(sizeof(*irq) + header_length, GFP_ATOMIC); 727 if (irq == NULL) 728 return; 729 730 irq->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT; 731 irq->interrupt.closure = client->iso_closure; 732 irq->interrupt.cycle = cycle; 733 irq->interrupt.header_length = header_length; 734 memcpy(irq->interrupt.header, header, header_length); 735 queue_event(client, &irq->event, &irq->interrupt, 736 sizeof(irq->interrupt) + header_length, NULL, 0); 737} 738 739static int ioctl_create_iso_context(struct client *client, void *buffer) 740{ 741 struct fw_cdev_create_iso_context *request = buffer; 742 struct fw_iso_context *context; 743 744 /* We only support one context at this time. */ 745 if (client->iso_context != NULL) 746 return -EBUSY; 747 748 if (request->channel > 63) 749 return -EINVAL; 750 751 switch (request->type) { 752 case FW_ISO_CONTEXT_RECEIVE: 753 if (request->header_size < 4 || (request->header_size & 3)) 754 return -EINVAL; 755 756 break; 757 758 case FW_ISO_CONTEXT_TRANSMIT: 759 if (request->speed > SCODE_3200) 760 return -EINVAL; 761 762 break; 763 764 default: 765 return -EINVAL; 766 } 767 768 context = fw_iso_context_create(client->device->card, 769 request->type, 770 request->channel, 771 request->speed, 772 request->header_size, 773 iso_callback, client); 774 if (IS_ERR(context)) 775 return PTR_ERR(context); 776 777 client->iso_closure = request->closure; 778 client->iso_context = context; 779 780 /* We only support one context at this time. */ 781 request->handle = 0; 782 783 return 0; 784} 785 786/* Macros for decoding the iso packet control header. */ 787#define GET_PAYLOAD_LENGTH(v) ((v) & 0xffff) 788#define GET_INTERRUPT(v) (((v) >> 16) & 0x01) 789#define GET_SKIP(v) (((v) >> 17) & 0x01) 790#define GET_TAG(v) (((v) >> 18) & 0x03) 791#define GET_SY(v) (((v) >> 20) & 0x0f) 792#define GET_HEADER_LENGTH(v) (((v) >> 24) & 0xff) 793 794static int ioctl_queue_iso(struct client *client, void *buffer) 795{ 796 struct fw_cdev_queue_iso *request = buffer; 797 struct fw_cdev_iso_packet __user *p, *end, *next; 798 struct fw_iso_context *ctx = client->iso_context; 799 unsigned long payload, buffer_end, header_length; 800 u32 control; 801 int count; 802 struct { 803 struct fw_iso_packet packet; 804 u8 header[256]; 805 } u; 806 807 if (ctx == NULL || request->handle != 0) 808 return -EINVAL; 809 810 /* 811 * If the user passes a non-NULL data pointer, has mmap()'ed 812 * the iso buffer, and the pointer points inside the buffer, 813 * we setup the payload pointers accordingly. Otherwise we 814 * set them both to 0, which will still let packets with 815 * payload_length == 0 through. In other words, if no packets 816 * use the indirect payload, the iso buffer need not be mapped 817 * and the request->data pointer is ignored. 818 */ 819 820 payload = (unsigned long)request->data - client->vm_start; 821 buffer_end = client->buffer.page_count << PAGE_SHIFT; 822 if (request->data == 0 || client->buffer.pages == NULL || 823 payload >= buffer_end) { 824 payload = 0; 825 buffer_end = 0; 826 } 827 828 p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(request->packets); 829 830 if (!access_ok(VERIFY_READ, p, request->size)) 831 return -EFAULT; 832 833 end = (void __user *)p + request->size; 834 count = 0; 835 while (p < end) { 836 if (get_user(control, &p->control)) 837 return -EFAULT; 838 u.packet.payload_length = GET_PAYLOAD_LENGTH(control); 839 u.packet.interrupt = GET_INTERRUPT(control); 840 u.packet.skip = GET_SKIP(control); 841 u.packet.tag = GET_TAG(control); 842 u.packet.sy = GET_SY(control); 843 u.packet.header_length = GET_HEADER_LENGTH(control); 844 845 if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) { 846 header_length = u.packet.header_length; 847 } else { 848 /* 849 * We require that header_length is a multiple of 850 * the fixed header size, ctx->header_size. 851 */ 852 if (ctx->header_size == 0) { 853 if (u.packet.header_length > 0) 854 return -EINVAL; 855 } else if (u.packet.header_length % ctx->header_size != 0) { 856 return -EINVAL; 857 } 858 header_length = 0; 859 } 860 861 next = (struct fw_cdev_iso_packet __user *) 862 &p->header[header_length / 4]; 863 if (next > end) 864 return -EINVAL; 865 if (__copy_from_user 866 (u.packet.header, p->header, header_length)) 867 return -EFAULT; 868 if (u.packet.skip && ctx->type == FW_ISO_CONTEXT_TRANSMIT && 869 u.packet.header_length + u.packet.payload_length > 0) 870 return -EINVAL; 871 if (payload + u.packet.payload_length > buffer_end) 872 return -EINVAL; 873 874 if (fw_iso_context_queue(ctx, &u.packet, 875 &client->buffer, payload)) 876 break; 877 878 p = next; 879 payload += u.packet.payload_length; 880 count++; 881 } 882 883 request->size -= uptr_to_u64(p) - request->packets; 884 request->packets = uptr_to_u64(p); 885 request->data = client->vm_start + payload; 886 887 return count; 888} 889 890static int ioctl_start_iso(struct client *client, void *buffer) 891{ 892 struct fw_cdev_start_iso *request = buffer; 893 894 if (client->iso_context == NULL || request->handle != 0) 895 return -EINVAL; 896 897 if (client->iso_context->type == FW_ISO_CONTEXT_RECEIVE) { 898 if (request->tags == 0 || request->tags > 15) 899 return -EINVAL; 900 901 if (request->sync > 15) 902 return -EINVAL; 903 } 904 905 return fw_iso_context_start(client->iso_context, request->cycle, 906 request->sync, request->tags); 907} 908 909static int ioctl_stop_iso(struct client *client, void *buffer) 910{ 911 struct fw_cdev_stop_iso *request = buffer; 912 913 if (client->iso_context == NULL || request->handle != 0) 914 return -EINVAL; 915 916 return fw_iso_context_stop(client->iso_context); 917} 918 919static int ioctl_get_cycle_timer(struct client *client, void *buffer) 920{ 921 struct fw_cdev_get_cycle_timer *request = buffer; 922 struct fw_card *card = client->device->card; 923 unsigned long long bus_time; 924 struct timeval tv; 925 unsigned long flags; 926 927 preempt_disable(); 928 local_irq_save(flags); 929 930 bus_time = card->driver->get_bus_time(card); 931 do_gettimeofday(&tv); 932 933 local_irq_restore(flags); 934 preempt_enable(); 935 936 request->local_time = tv.tv_sec * 1000000ULL + tv.tv_usec; 937 request->cycle_timer = bus_time & 0xffffffff; 938 return 0; 939} 940 941static int (* const ioctl_handlers[])(struct client *client, void *buffer) = { 942 ioctl_get_info, 943 ioctl_send_request, 944 ioctl_allocate, 945 ioctl_deallocate, 946 ioctl_send_response, 947 ioctl_initiate_bus_reset, 948 ioctl_add_descriptor, 949 ioctl_remove_descriptor, 950 ioctl_create_iso_context, 951 ioctl_queue_iso, 952 ioctl_start_iso, 953 ioctl_stop_iso, 954 ioctl_get_cycle_timer, 955}; 956 957static int 958dispatch_ioctl(struct client *client, unsigned int cmd, void __user *arg) 959{ 960 char buffer[256]; 961 int retval; 962 963 if (_IOC_TYPE(cmd) != '#' || 964 _IOC_NR(cmd) >= ARRAY_SIZE(ioctl_handlers)) 965 return -EINVAL; 966 967 if (_IOC_DIR(cmd) & _IOC_WRITE) { 968 if (_IOC_SIZE(cmd) > sizeof(buffer) || 969 copy_from_user(buffer, arg, _IOC_SIZE(cmd))) 970 return -EFAULT; 971 } 972 973 retval = ioctl_handlers[_IOC_NR(cmd)](client, buffer); 974 if (retval < 0) 975 return retval; 976 977 if (_IOC_DIR(cmd) & _IOC_READ) { 978 if (_IOC_SIZE(cmd) > sizeof(buffer) || 979 copy_to_user(arg, buffer, _IOC_SIZE(cmd))) 980 return -EFAULT; 981 } 982 983 return retval; 984} 985 986static long 987fw_device_op_ioctl(struct file *file, 988 unsigned int cmd, unsigned long arg) 989{ 990 struct client *client = file->private_data; 991 992 if (fw_device_is_shutdown(client->device)) 993 return -ENODEV; 994 995 return dispatch_ioctl(client, cmd, (void __user *) arg); 996} 997 998#ifdef CONFIG_COMPAT 999static long 1000fw_device_op_compat_ioctl(struct file *file, 1001 unsigned int cmd, unsigned long arg) 1002{ 1003 struct client *client = file->private_data; 1004 1005 if (fw_device_is_shutdown(client->device)) 1006 return -ENODEV; 1007 1008 return dispatch_ioctl(client, cmd, compat_ptr(arg)); 1009} 1010#endif 1011 1012static int fw_device_op_mmap(struct file *file, struct vm_area_struct *vma) 1013{ 1014 struct client *client = file->private_data; 1015 enum dma_data_direction direction; 1016 unsigned long size; 1017 int page_count, retval; 1018 1019 if (fw_device_is_shutdown(client->device)) 1020 return -ENODEV; 1021 1022 /* FIXME: We could support multiple buffers, but we don't. */ 1023 if (client->buffer.pages != NULL) 1024 return -EBUSY; 1025 1026 if (!(vma->vm_flags & VM_SHARED)) 1027 return -EINVAL; 1028 1029 if (vma->vm_start & ~PAGE_MASK) 1030 return -EINVAL; 1031 1032 client->vm_start = vma->vm_start; 1033 size = vma->vm_end - vma->vm_start; 1034 page_count = size >> PAGE_SHIFT; 1035 if (size & ~PAGE_MASK) 1036 return -EINVAL; 1037 1038 if (vma->vm_flags & VM_WRITE) 1039 direction = DMA_TO_DEVICE; 1040 else 1041 direction = DMA_FROM_DEVICE; 1042 1043 retval = fw_iso_buffer_init(&client->buffer, client->device->card, 1044 page_count, direction); 1045 if (retval < 0) 1046 return retval; 1047 1048 retval = fw_iso_buffer_map(&client->buffer, vma); 1049 if (retval < 0) 1050 fw_iso_buffer_destroy(&client->buffer, client->device->card); 1051 1052 return retval; 1053} 1054 1055static int shutdown_resource(int id, void *p, void *data) 1056{ 1057 struct client_resource *r = p; 1058 struct client *client = data; 1059 1060 r->release(client, r); 1061 1062 return 0; 1063} 1064 1065static int fw_device_op_release(struct inode *inode, struct file *file) 1066{ 1067 struct client *client = file->private_data; 1068 struct event *e, *next_e; 1069 unsigned long flags; 1070 1071 mutex_lock(&client->device->client_list_mutex); 1072 list_del(&client->link); 1073 mutex_unlock(&client->device->client_list_mutex); 1074 1075 if (client->buffer.pages) 1076 fw_iso_buffer_destroy(&client->buffer, client->device->card); 1077 1078 if (client->iso_context) 1079 fw_iso_context_destroy(client->iso_context); 1080 1081 /* Freeze client->resource_idr and client->event_list */ 1082 spin_lock_irqsave(&client->lock, flags); 1083 client->in_shutdown = true; 1084 spin_unlock_irqrestore(&client->lock, flags); 1085 1086 idr_for_each(&client->resource_idr, shutdown_resource, client); 1087 idr_remove_all(&client->resource_idr); 1088 idr_destroy(&client->resource_idr); 1089 1090 list_for_each_entry_safe(e, next_e, &client->event_list, link) 1091 kfree(e); 1092 1093 /* 1094 * FIXME: client should be reference-counted. It's extremely unlikely 1095 * but there may still be transactions being completed at this point. 1096 */ 1097 fw_device_put(client->device); 1098 kfree(client); 1099 1100 return 0; 1101} 1102 1103static unsigned int fw_device_op_poll(struct file *file, poll_table * pt) 1104{ 1105 struct client *client = file->private_data; 1106 unsigned int mask = 0; 1107 1108 poll_wait(file, &client->wait, pt); 1109 1110 if (fw_device_is_shutdown(client->device)) 1111 mask |= POLLHUP | POLLERR; 1112 if (!list_empty(&client->event_list)) 1113 mask |= POLLIN | POLLRDNORM; 1114 1115 return mask; 1116} 1117 1118const struct file_operations fw_device_ops = { 1119 .owner = THIS_MODULE, 1120 .open = fw_device_op_open, 1121 .read = fw_device_op_read, 1122 .unlocked_ioctl = fw_device_op_ioctl, 1123 .poll = fw_device_op_poll, 1124 .release = fw_device_op_release, 1125 .mmap = fw_device_op_mmap, 1126 1127#ifdef CONFIG_COMPAT 1128 .compat_ioctl = fw_device_op_compat_ioctl, 1129#endif 1130}; 1131