1 /*
2  * Core IEEE1394 transaction logic
3  *
4  * Copyright (C) 2004-2006 Kristian Hoegsberg <krh@bitplanet.net>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software Foundation,
18  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19  */
20 
21 #include <linux/bug.h>
22 #include <linux/completion.h>
23 #include <linux/device.h>
24 #include <linux/errno.h>
25 #include <linux/firewire.h>
26 #include <linux/firewire-constants.h>
27 #include <linux/fs.h>
28 #include <linux/init.h>
29 #include <linux/idr.h>
30 #include <linux/jiffies.h>
31 #include <linux/kernel.h>
32 #include <linux/list.h>
33 #include <linux/module.h>
34 #include <linux/rculist.h>
35 #include <linux/slab.h>
36 #include <linux/spinlock.h>
37 #include <linux/string.h>
38 #include <linux/timer.h>
39 #include <linux/types.h>
40 #include <linux/workqueue.h>
41 
42 #include <asm/byteorder.h>
43 
44 #include "core.h"
45 
46 #define HEADER_PRI(pri)			((pri) << 0)
47 #define HEADER_TCODE(tcode)		((tcode) << 4)
48 #define HEADER_RETRY(retry)		((retry) << 8)
49 #define HEADER_TLABEL(tlabel)		((tlabel) << 10)
50 #define HEADER_DESTINATION(destination)	((destination) << 16)
51 #define HEADER_SOURCE(source)		((source) << 16)
52 #define HEADER_RCODE(rcode)		((rcode) << 12)
53 #define HEADER_OFFSET_HIGH(offset_high)	((offset_high) << 0)
54 #define HEADER_DATA_LENGTH(length)	((length) << 16)
55 #define HEADER_EXTENDED_TCODE(tcode)	((tcode) << 0)
56 
57 #define HEADER_GET_TCODE(q)		(((q) >> 4) & 0x0f)
58 #define HEADER_GET_TLABEL(q)		(((q) >> 10) & 0x3f)
59 #define HEADER_GET_RCODE(q)		(((q) >> 12) & 0x0f)
60 #define HEADER_GET_DESTINATION(q)	(((q) >> 16) & 0xffff)
61 #define HEADER_GET_SOURCE(q)		(((q) >> 16) & 0xffff)
62 #define HEADER_GET_OFFSET_HIGH(q)	(((q) >> 0) & 0xffff)
63 #define HEADER_GET_DATA_LENGTH(q)	(((q) >> 16) & 0xffff)
64 #define HEADER_GET_EXTENDED_TCODE(q)	(((q) >> 0) & 0xffff)
65 
66 #define HEADER_DESTINATION_IS_BROADCAST(q) \
67 	(((q) & HEADER_DESTINATION(0x3f)) == HEADER_DESTINATION(0x3f))
68 
69 #define PHY_PACKET_CONFIG	0x0
70 #define PHY_PACKET_LINK_ON	0x1
71 #define PHY_PACKET_SELF_ID	0x2
72 
73 #define PHY_CONFIG_GAP_COUNT(gap_count)	(((gap_count) << 16) | (1 << 22))
74 #define PHY_CONFIG_ROOT_ID(node_id)	((((node_id) & 0x3f) << 24) | (1 << 23))
75 #define PHY_IDENTIFIER(id)		((id) << 30)
76 
77 /* returns 0 if the split timeout handler is already running */
78 static int try_cancel_split_timeout(struct fw_transaction *t)
79 {
80 	if (t->is_split_transaction)
81 		return del_timer(&t->split_timeout_timer);
82 	else
83 		return 1;
84 }
85 
86 static int close_transaction(struct fw_transaction *transaction,
87 			     struct fw_card *card, int rcode)
88 {
89 	struct fw_transaction *t;
90 	unsigned long flags;
91 
92 	spin_lock_irqsave(&card->lock, flags);
93 	list_for_each_entry(t, &card->transaction_list, link) {
94 		if (t == transaction) {
95 			if (!try_cancel_split_timeout(t)) {
96 				spin_unlock_irqrestore(&card->lock, flags);
97 				goto timed_out;
98 			}
99 			list_del_init(&t->link);
100 			card->tlabel_mask &= ~(1ULL << t->tlabel);
101 			break;
102 		}
103 	}
104 	spin_unlock_irqrestore(&card->lock, flags);
105 
106 	if (&t->link != &card->transaction_list) {
107 		t->callback(card, rcode, NULL, 0, t->callback_data);
108 		return 0;
109 	}
110 
111  timed_out:
112 	return -ENOENT;
113 }
114 
115 /*
116  * Only valid for transactions that are potentially pending (ie have
117  * been sent).
118  */
119 int fw_cancel_transaction(struct fw_card *card,
120 			  struct fw_transaction *transaction)
121 {
122 	/*
123 	 * Cancel the packet transmission if it's still queued.  That
124 	 * will call the packet transmission callback which cancels
125 	 * the transaction.
126 	 */
127 
128 	if (card->driver->cancel_packet(card, &transaction->packet) == 0)
129 		return 0;
130 
131 	/*
132 	 * If the request packet has already been sent, we need to see
133 	 * if the transaction is still pending and remove it in that case.
134 	 */
135 
136 	return close_transaction(transaction, card, RCODE_CANCELLED);
137 }
138 EXPORT_SYMBOL(fw_cancel_transaction);
139 
140 static void split_transaction_timeout_callback(unsigned long data)
141 {
142 	struct fw_transaction *t = (struct fw_transaction *)data;
143 	struct fw_card *card = t->card;
144 	unsigned long flags;
145 
146 	spin_lock_irqsave(&card->lock, flags);
147 	if (list_empty(&t->link)) {
148 		spin_unlock_irqrestore(&card->lock, flags);
149 		return;
150 	}
151 	list_del(&t->link);
152 	card->tlabel_mask &= ~(1ULL << t->tlabel);
153 	spin_unlock_irqrestore(&card->lock, flags);
154 
155 	t->callback(card, RCODE_CANCELLED, NULL, 0, t->callback_data);
156 }
157 
158 static void start_split_transaction_timeout(struct fw_transaction *t,
159 					    struct fw_card *card)
160 {
161 	unsigned long flags;
162 
163 	spin_lock_irqsave(&card->lock, flags);
164 
165 	if (list_empty(&t->link) || WARN_ON(t->is_split_transaction)) {
166 		spin_unlock_irqrestore(&card->lock, flags);
167 		return;
168 	}
169 
170 	t->is_split_transaction = true;
171 	mod_timer(&t->split_timeout_timer,
172 		  jiffies + card->split_timeout_jiffies);
173 
174 	spin_unlock_irqrestore(&card->lock, flags);
175 }
176 
177 static void transmit_complete_callback(struct fw_packet *packet,
178 				       struct fw_card *card, int status)
179 {
180 	struct fw_transaction *t =
181 	    container_of(packet, struct fw_transaction, packet);
182 
183 	switch (status) {
184 	case ACK_COMPLETE:
185 		close_transaction(t, card, RCODE_COMPLETE);
186 		break;
187 	case ACK_PENDING:
188 		start_split_transaction_timeout(t, card);
189 		break;
190 	case ACK_BUSY_X:
191 	case ACK_BUSY_A:
192 	case ACK_BUSY_B:
193 		close_transaction(t, card, RCODE_BUSY);
194 		break;
195 	case ACK_DATA_ERROR:
196 		close_transaction(t, card, RCODE_DATA_ERROR);
197 		break;
198 	case ACK_TYPE_ERROR:
199 		close_transaction(t, card, RCODE_TYPE_ERROR);
200 		break;
201 	default:
202 		/*
203 		 * In this case the ack is really a juju specific
204 		 * rcode, so just forward that to the callback.
205 		 */
206 		close_transaction(t, card, status);
207 		break;
208 	}
209 }
210 
211 static void fw_fill_request(struct fw_packet *packet, int tcode, int tlabel,
212 		int destination_id, int source_id, int generation, int speed,
213 		unsigned long long offset, void *payload, size_t length)
214 {
215 	int ext_tcode;
216 
217 	if (tcode == TCODE_STREAM_DATA) {
218 		packet->header[0] =
219 			HEADER_DATA_LENGTH(length) |
220 			destination_id |
221 			HEADER_TCODE(TCODE_STREAM_DATA);
222 		packet->header_length = 4;
223 		packet->payload = payload;
224 		packet->payload_length = length;
225 
226 		goto common;
227 	}
228 
229 	if (tcode > 0x10) {
230 		ext_tcode = tcode & ~0x10;
231 		tcode = TCODE_LOCK_REQUEST;
232 	} else
233 		ext_tcode = 0;
234 
235 	packet->header[0] =
236 		HEADER_RETRY(RETRY_X) |
237 		HEADER_TLABEL(tlabel) |
238 		HEADER_TCODE(tcode) |
239 		HEADER_DESTINATION(destination_id);
240 	packet->header[1] =
241 		HEADER_OFFSET_HIGH(offset >> 32) | HEADER_SOURCE(source_id);
242 	packet->header[2] =
243 		offset;
244 
245 	switch (tcode) {
246 	case TCODE_WRITE_QUADLET_REQUEST:
247 		packet->header[3] = *(u32 *)payload;
248 		packet->header_length = 16;
249 		packet->payload_length = 0;
250 		break;
251 
252 	case TCODE_LOCK_REQUEST:
253 	case TCODE_WRITE_BLOCK_REQUEST:
254 		packet->header[3] =
255 			HEADER_DATA_LENGTH(length) |
256 			HEADER_EXTENDED_TCODE(ext_tcode);
257 		packet->header_length = 16;
258 		packet->payload = payload;
259 		packet->payload_length = length;
260 		break;
261 
262 	case TCODE_READ_QUADLET_REQUEST:
263 		packet->header_length = 12;
264 		packet->payload_length = 0;
265 		break;
266 
267 	case TCODE_READ_BLOCK_REQUEST:
268 		packet->header[3] =
269 			HEADER_DATA_LENGTH(length) |
270 			HEADER_EXTENDED_TCODE(ext_tcode);
271 		packet->header_length = 16;
272 		packet->payload_length = 0;
273 		break;
274 
275 	default:
276 		WARN(1, "wrong tcode %d\n", tcode);
277 	}
278  common:
279 	packet->speed = speed;
280 	packet->generation = generation;
281 	packet->ack = 0;
282 	packet->payload_mapped = false;
283 }
284 
285 static int allocate_tlabel(struct fw_card *card)
286 {
287 	int tlabel;
288 
289 	tlabel = card->current_tlabel;
290 	while (card->tlabel_mask & (1ULL << tlabel)) {
291 		tlabel = (tlabel + 1) & 0x3f;
292 		if (tlabel == card->current_tlabel)
293 			return -EBUSY;
294 	}
295 
296 	card->current_tlabel = (tlabel + 1) & 0x3f;
297 	card->tlabel_mask |= 1ULL << tlabel;
298 
299 	return tlabel;
300 }
301 
302 /**
303  * fw_send_request() - submit a request packet for transmission
304  * @card:		interface to send the request at
305  * @t:			transaction instance to which the request belongs
306  * @tcode:		transaction code
307  * @destination_id:	destination node ID, consisting of bus_ID and phy_ID
308  * @generation:		bus generation in which request and response are valid
309  * @speed:		transmission speed
310  * @offset:		48bit wide offset into destination's address space
311  * @payload:		data payload for the request subaction
312  * @length:		length of the payload, in bytes
313  * @callback:		function to be called when the transaction is completed
314  * @callback_data:	data to be passed to the transaction completion callback
315  *
316  * Submit a request packet into the asynchronous request transmission queue.
317  * Can be called from atomic context.  If you prefer a blocking API, use
318  * fw_run_transaction() in a context that can sleep.
319  *
320  * In case of lock requests, specify one of the firewire-core specific %TCODE_
321  * constants instead of %TCODE_LOCK_REQUEST in @tcode.
322  *
323  * Make sure that the value in @destination_id is not older than the one in
324  * @generation.  Otherwise the request is in danger to be sent to a wrong node.
325  *
326  * In case of asynchronous stream packets i.e. %TCODE_STREAM_DATA, the caller
327  * needs to synthesize @destination_id with fw_stream_packet_destination_id().
328  * It will contain tag, channel, and sy data instead of a node ID then.
329  *
330  * The payload buffer at @data is going to be DMA-mapped except in case of
331  * @length <= 8 or of local (loopback) requests.  Hence make sure that the
332  * buffer complies with the restrictions of the streaming DMA mapping API.
333  * @payload must not be freed before the @callback is called.
334  *
335  * In case of request types without payload, @data is NULL and @length is 0.
336  *
337  * After the transaction is completed successfully or unsuccessfully, the
338  * @callback will be called.  Among its parameters is the response code which
339  * is either one of the rcodes per IEEE 1394 or, in case of internal errors,
340  * the firewire-core specific %RCODE_SEND_ERROR.  The other firewire-core
341  * specific rcodes (%RCODE_CANCELLED, %RCODE_BUSY, %RCODE_GENERATION,
342  * %RCODE_NO_ACK) denote transaction timeout, busy responder, stale request
343  * generation, or missing ACK respectively.
344  *
345  * Note some timing corner cases:  fw_send_request() may complete much earlier
346  * than when the request packet actually hits the wire.  On the other hand,
347  * transaction completion and hence execution of @callback may happen even
348  * before fw_send_request() returns.
349  */
350 void fw_send_request(struct fw_card *card, struct fw_transaction *t, int tcode,
351 		     int destination_id, int generation, int speed,
352 		     unsigned long long offset, void *payload, size_t length,
353 		     fw_transaction_callback_t callback, void *callback_data)
354 {
355 	unsigned long flags;
356 	int tlabel;
357 
358 	/*
359 	 * Allocate tlabel from the bitmap and put the transaction on
360 	 * the list while holding the card spinlock.
361 	 */
362 
363 	spin_lock_irqsave(&card->lock, flags);
364 
365 	tlabel = allocate_tlabel(card);
366 	if (tlabel < 0) {
367 		spin_unlock_irqrestore(&card->lock, flags);
368 		callback(card, RCODE_SEND_ERROR, NULL, 0, callback_data);
369 		return;
370 	}
371 
372 	t->node_id = destination_id;
373 	t->tlabel = tlabel;
374 	t->card = card;
375 	t->is_split_transaction = false;
376 	setup_timer(&t->split_timeout_timer,
377 		    split_transaction_timeout_callback, (unsigned long)t);
378 	t->callback = callback;
379 	t->callback_data = callback_data;
380 
381 	fw_fill_request(&t->packet, tcode, t->tlabel,
382 			destination_id, card->node_id, generation,
383 			speed, offset, payload, length);
384 	t->packet.callback = transmit_complete_callback;
385 
386 	list_add_tail(&t->link, &card->transaction_list);
387 
388 	spin_unlock_irqrestore(&card->lock, flags);
389 
390 	card->driver->send_request(card, &t->packet);
391 }
392 EXPORT_SYMBOL(fw_send_request);
393 
394 struct transaction_callback_data {
395 	struct completion done;
396 	void *payload;
397 	int rcode;
398 };
399 
400 static void transaction_callback(struct fw_card *card, int rcode,
401 				 void *payload, size_t length, void *data)
402 {
403 	struct transaction_callback_data *d = data;
404 
405 	if (rcode == RCODE_COMPLETE)
406 		memcpy(d->payload, payload, length);
407 	d->rcode = rcode;
408 	complete(&d->done);
409 }
410 
411 /**
412  * fw_run_transaction() - send request and sleep until transaction is completed
413  *
414  * Returns the RCODE.  See fw_send_request() for parameter documentation.
415  * Unlike fw_send_request(), @data points to the payload of the request or/and
416  * to the payload of the response.  DMA mapping restrictions apply to outbound
417  * request payloads of >= 8 bytes but not to inbound response payloads.
418  */
419 int fw_run_transaction(struct fw_card *card, int tcode, int destination_id,
420 		       int generation, int speed, unsigned long long offset,
421 		       void *payload, size_t length)
422 {
423 	struct transaction_callback_data d;
424 	struct fw_transaction t;
425 
426 	init_timer_on_stack(&t.split_timeout_timer);
427 	init_completion(&d.done);
428 	d.payload = payload;
429 	fw_send_request(card, &t, tcode, destination_id, generation, speed,
430 			offset, payload, length, transaction_callback, &d);
431 	wait_for_completion(&d.done);
432 	destroy_timer_on_stack(&t.split_timeout_timer);
433 
434 	return d.rcode;
435 }
436 EXPORT_SYMBOL(fw_run_transaction);
437 
438 static DEFINE_MUTEX(phy_config_mutex);
439 static DECLARE_COMPLETION(phy_config_done);
440 
441 static void transmit_phy_packet_callback(struct fw_packet *packet,
442 					 struct fw_card *card, int status)
443 {
444 	complete(&phy_config_done);
445 }
446 
447 static struct fw_packet phy_config_packet = {
448 	.header_length	= 12,
449 	.header[0]	= TCODE_LINK_INTERNAL << 4,
450 	.payload_length	= 0,
451 	.speed		= SCODE_100,
452 	.callback	= transmit_phy_packet_callback,
453 };
454 
455 void fw_send_phy_config(struct fw_card *card,
456 			int node_id, int generation, int gap_count)
457 {
458 	long timeout = DIV_ROUND_UP(HZ, 10);
459 	u32 data = PHY_IDENTIFIER(PHY_PACKET_CONFIG);
460 
461 	if (node_id != FW_PHY_CONFIG_NO_NODE_ID)
462 		data |= PHY_CONFIG_ROOT_ID(node_id);
463 
464 	if (gap_count == FW_PHY_CONFIG_CURRENT_GAP_COUNT) {
465 		gap_count = card->driver->read_phy_reg(card, 1);
466 		if (gap_count < 0)
467 			return;
468 
469 		gap_count &= 63;
470 		if (gap_count == 63)
471 			return;
472 	}
473 	data |= PHY_CONFIG_GAP_COUNT(gap_count);
474 
475 	mutex_lock(&phy_config_mutex);
476 
477 	phy_config_packet.header[1] = data;
478 	phy_config_packet.header[2] = ~data;
479 	phy_config_packet.generation = generation;
480 	INIT_COMPLETION(phy_config_done);
481 
482 	card->driver->send_request(card, &phy_config_packet);
483 	wait_for_completion_timeout(&phy_config_done, timeout);
484 
485 	mutex_unlock(&phy_config_mutex);
486 }
487 
488 static struct fw_address_handler *lookup_overlapping_address_handler(
489 	struct list_head *list, unsigned long long offset, size_t length)
490 {
491 	struct fw_address_handler *handler;
492 
493 	list_for_each_entry_rcu(handler, list, link) {
494 		if (handler->offset < offset + length &&
495 		    offset < handler->offset + handler->length)
496 			return handler;
497 	}
498 
499 	return NULL;
500 }
501 
502 static bool is_enclosing_handler(struct fw_address_handler *handler,
503 				 unsigned long long offset, size_t length)
504 {
505 	return handler->offset <= offset &&
506 		offset + length <= handler->offset + handler->length;
507 }
508 
509 static struct fw_address_handler *lookup_enclosing_address_handler(
510 	struct list_head *list, unsigned long long offset, size_t length)
511 {
512 	struct fw_address_handler *handler;
513 
514 	list_for_each_entry_rcu(handler, list, link) {
515 		if (is_enclosing_handler(handler, offset, length))
516 			return handler;
517 	}
518 
519 	return NULL;
520 }
521 
522 static DEFINE_SPINLOCK(address_handler_list_lock);
523 static LIST_HEAD(address_handler_list);
524 
525 const struct fw_address_region fw_high_memory_region =
526 	{ .start = 0x000100000000ULL, .end = 0xffffe0000000ULL,  };
527 EXPORT_SYMBOL(fw_high_memory_region);
528 
529 static const struct fw_address_region low_memory_region =
530 	{ .start = 0x000000000000ULL, .end = 0x000100000000ULL,  };
531 
532 #if 0
533 const struct fw_address_region fw_private_region =
534 	{ .start = 0xffffe0000000ULL, .end = 0xfffff0000000ULL,  };
535 const struct fw_address_region fw_csr_region =
536 	{ .start = CSR_REGISTER_BASE,
537 	  .end   = CSR_REGISTER_BASE | CSR_CONFIG_ROM_END,  };
538 const struct fw_address_region fw_unit_space_region =
539 	{ .start = 0xfffff0000900ULL, .end = 0x1000000000000ULL, };
540 #endif  /*  0  */
541 
542 static bool is_in_fcp_region(u64 offset, size_t length)
543 {
544 	return offset >= (CSR_REGISTER_BASE | CSR_FCP_COMMAND) &&
545 		offset + length <= (CSR_REGISTER_BASE | CSR_FCP_END);
546 }
547 
548 /**
549  * fw_core_add_address_handler() - register for incoming requests
550  * @handler:	callback
551  * @region:	region in the IEEE 1212 node space address range
552  *
553  * region->start, ->end, and handler->length have to be quadlet-aligned.
554  *
555  * When a request is received that falls within the specified address range,
556  * the specified callback is invoked.  The parameters passed to the callback
557  * give the details of the particular request.
558  *
559  * To be called in process context.
560  * Return value:  0 on success, non-zero otherwise.
561  *
562  * The start offset of the handler's address region is determined by
563  * fw_core_add_address_handler() and is returned in handler->offset.
564  *
565  * Address allocations are exclusive, except for the FCP registers.
566  */
567 int fw_core_add_address_handler(struct fw_address_handler *handler,
568 				const struct fw_address_region *region)
569 {
570 	struct fw_address_handler *other;
571 	int ret = -EBUSY;
572 
573 	if (region->start & 0xffff000000000003ULL ||
574 	    region->start >= region->end ||
575 	    region->end   > 0x0001000000000000ULL ||
576 	    handler->length & 3 ||
577 	    handler->length == 0)
578 		return -EINVAL;
579 
580 	spin_lock(&address_handler_list_lock);
581 
582 	handler->offset = region->start;
583 	while (handler->offset + handler->length <= region->end) {
584 		if (is_in_fcp_region(handler->offset, handler->length))
585 			other = NULL;
586 		else
587 			other = lookup_overlapping_address_handler
588 					(&address_handler_list,
589 					 handler->offset, handler->length);
590 		if (other != NULL) {
591 			handler->offset += other->length;
592 		} else {
593 			list_add_tail_rcu(&handler->link, &address_handler_list);
594 			ret = 0;
595 			break;
596 		}
597 	}
598 
599 	spin_unlock(&address_handler_list_lock);
600 
601 	return ret;
602 }
603 EXPORT_SYMBOL(fw_core_add_address_handler);
604 
605 /**
606  * fw_core_remove_address_handler() - unregister an address handler
607  *
608  * To be called in process context.
609  *
610  * When fw_core_remove_address_handler() returns, @handler->callback() is
611  * guaranteed to not run on any CPU anymore.
612  */
613 void fw_core_remove_address_handler(struct fw_address_handler *handler)
614 {
615 	spin_lock(&address_handler_list_lock);
616 	list_del_rcu(&handler->link);
617 	spin_unlock(&address_handler_list_lock);
618 	synchronize_rcu();
619 }
620 EXPORT_SYMBOL(fw_core_remove_address_handler);
621 
622 struct fw_request {
623 	struct fw_packet response;
624 	u32 request_header[4];
625 	int ack;
626 	u32 length;
627 	u32 data[0];
628 };
629 
630 static void free_response_callback(struct fw_packet *packet,
631 				   struct fw_card *card, int status)
632 {
633 	struct fw_request *request;
634 
635 	request = container_of(packet, struct fw_request, response);
636 	kfree(request);
637 }
638 
639 int fw_get_response_length(struct fw_request *r)
640 {
641 	int tcode, ext_tcode, data_length;
642 
643 	tcode = HEADER_GET_TCODE(r->request_header[0]);
644 
645 	switch (tcode) {
646 	case TCODE_WRITE_QUADLET_REQUEST:
647 	case TCODE_WRITE_BLOCK_REQUEST:
648 		return 0;
649 
650 	case TCODE_READ_QUADLET_REQUEST:
651 		return 4;
652 
653 	case TCODE_READ_BLOCK_REQUEST:
654 		data_length = HEADER_GET_DATA_LENGTH(r->request_header[3]);
655 		return data_length;
656 
657 	case TCODE_LOCK_REQUEST:
658 		ext_tcode = HEADER_GET_EXTENDED_TCODE(r->request_header[3]);
659 		data_length = HEADER_GET_DATA_LENGTH(r->request_header[3]);
660 		switch (ext_tcode) {
661 		case EXTCODE_FETCH_ADD:
662 		case EXTCODE_LITTLE_ADD:
663 			return data_length;
664 		default:
665 			return data_length / 2;
666 		}
667 
668 	default:
669 		WARN(1, "wrong tcode %d\n", tcode);
670 		return 0;
671 	}
672 }
673 
674 void fw_fill_response(struct fw_packet *response, u32 *request_header,
675 		      int rcode, void *payload, size_t length)
676 {
677 	int tcode, tlabel, extended_tcode, source, destination;
678 
679 	tcode          = HEADER_GET_TCODE(request_header[0]);
680 	tlabel         = HEADER_GET_TLABEL(request_header[0]);
681 	source         = HEADER_GET_DESTINATION(request_header[0]);
682 	destination    = HEADER_GET_SOURCE(request_header[1]);
683 	extended_tcode = HEADER_GET_EXTENDED_TCODE(request_header[3]);
684 
685 	response->header[0] =
686 		HEADER_RETRY(RETRY_1) |
687 		HEADER_TLABEL(tlabel) |
688 		HEADER_DESTINATION(destination);
689 	response->header[1] =
690 		HEADER_SOURCE(source) |
691 		HEADER_RCODE(rcode);
692 	response->header[2] = 0;
693 
694 	switch (tcode) {
695 	case TCODE_WRITE_QUADLET_REQUEST:
696 	case TCODE_WRITE_BLOCK_REQUEST:
697 		response->header[0] |= HEADER_TCODE(TCODE_WRITE_RESPONSE);
698 		response->header_length = 12;
699 		response->payload_length = 0;
700 		break;
701 
702 	case TCODE_READ_QUADLET_REQUEST:
703 		response->header[0] |=
704 			HEADER_TCODE(TCODE_READ_QUADLET_RESPONSE);
705 		if (payload != NULL)
706 			response->header[3] = *(u32 *)payload;
707 		else
708 			response->header[3] = 0;
709 		response->header_length = 16;
710 		response->payload_length = 0;
711 		break;
712 
713 	case TCODE_READ_BLOCK_REQUEST:
714 	case TCODE_LOCK_REQUEST:
715 		response->header[0] |= HEADER_TCODE(tcode + 2);
716 		response->header[3] =
717 			HEADER_DATA_LENGTH(length) |
718 			HEADER_EXTENDED_TCODE(extended_tcode);
719 		response->header_length = 16;
720 		response->payload = payload;
721 		response->payload_length = length;
722 		break;
723 
724 	default:
725 		WARN(1, "wrong tcode %d\n", tcode);
726 	}
727 
728 	response->payload_mapped = false;
729 }
730 EXPORT_SYMBOL(fw_fill_response);
731 
732 static u32 compute_split_timeout_timestamp(struct fw_card *card,
733 					   u32 request_timestamp)
734 {
735 	unsigned int cycles;
736 	u32 timestamp;
737 
738 	cycles = card->split_timeout_cycles;
739 	cycles += request_timestamp & 0x1fff;
740 
741 	timestamp = request_timestamp & ~0x1fff;
742 	timestamp += (cycles / 8000) << 13;
743 	timestamp |= cycles % 8000;
744 
745 	return timestamp;
746 }
747 
748 static struct fw_request *allocate_request(struct fw_card *card,
749 					   struct fw_packet *p)
750 {
751 	struct fw_request *request;
752 	u32 *data, length;
753 	int request_tcode;
754 
755 	request_tcode = HEADER_GET_TCODE(p->header[0]);
756 	switch (request_tcode) {
757 	case TCODE_WRITE_QUADLET_REQUEST:
758 		data = &p->header[3];
759 		length = 4;
760 		break;
761 
762 	case TCODE_WRITE_BLOCK_REQUEST:
763 	case TCODE_LOCK_REQUEST:
764 		data = p->payload;
765 		length = HEADER_GET_DATA_LENGTH(p->header[3]);
766 		break;
767 
768 	case TCODE_READ_QUADLET_REQUEST:
769 		data = NULL;
770 		length = 4;
771 		break;
772 
773 	case TCODE_READ_BLOCK_REQUEST:
774 		data = NULL;
775 		length = HEADER_GET_DATA_LENGTH(p->header[3]);
776 		break;
777 
778 	default:
779 		fw_notice(card, "ERROR - corrupt request received - %08x %08x %08x\n",
780 			 p->header[0], p->header[1], p->header[2]);
781 		return NULL;
782 	}
783 
784 	request = kmalloc(sizeof(*request) + length, GFP_ATOMIC);
785 	if (request == NULL)
786 		return NULL;
787 
788 	request->response.speed = p->speed;
789 	request->response.timestamp =
790 			compute_split_timeout_timestamp(card, p->timestamp);
791 	request->response.generation = p->generation;
792 	request->response.ack = 0;
793 	request->response.callback = free_response_callback;
794 	request->ack = p->ack;
795 	request->length = length;
796 	if (data)
797 		memcpy(request->data, data, length);
798 
799 	memcpy(request->request_header, p->header, sizeof(p->header));
800 
801 	return request;
802 }
803 
804 void fw_send_response(struct fw_card *card,
805 		      struct fw_request *request, int rcode)
806 {
807 	if (WARN_ONCE(!request, "invalid for FCP address handlers"))
808 		return;
809 
810 	/* unified transaction or broadcast transaction: don't respond */
811 	if (request->ack != ACK_PENDING ||
812 	    HEADER_DESTINATION_IS_BROADCAST(request->request_header[0])) {
813 		kfree(request);
814 		return;
815 	}
816 
817 	if (rcode == RCODE_COMPLETE)
818 		fw_fill_response(&request->response, request->request_header,
819 				 rcode, request->data,
820 				 fw_get_response_length(request));
821 	else
822 		fw_fill_response(&request->response, request->request_header,
823 				 rcode, NULL, 0);
824 
825 	card->driver->send_response(card, &request->response);
826 }
827 EXPORT_SYMBOL(fw_send_response);
828 
829 /**
830  * fw_get_request_speed() - returns speed at which the @request was received
831  */
832 int fw_get_request_speed(struct fw_request *request)
833 {
834 	return request->response.speed;
835 }
836 EXPORT_SYMBOL(fw_get_request_speed);
837 
838 static void handle_exclusive_region_request(struct fw_card *card,
839 					    struct fw_packet *p,
840 					    struct fw_request *request,
841 					    unsigned long long offset)
842 {
843 	struct fw_address_handler *handler;
844 	int tcode, destination, source;
845 
846 	destination = HEADER_GET_DESTINATION(p->header[0]);
847 	source      = HEADER_GET_SOURCE(p->header[1]);
848 	tcode       = HEADER_GET_TCODE(p->header[0]);
849 	if (tcode == TCODE_LOCK_REQUEST)
850 		tcode = 0x10 + HEADER_GET_EXTENDED_TCODE(p->header[3]);
851 
852 	rcu_read_lock();
853 	handler = lookup_enclosing_address_handler(&address_handler_list,
854 						   offset, request->length);
855 	if (handler)
856 		handler->address_callback(card, request,
857 					  tcode, destination, source,
858 					  p->generation, offset,
859 					  request->data, request->length,
860 					  handler->callback_data);
861 	rcu_read_unlock();
862 
863 	if (!handler)
864 		fw_send_response(card, request, RCODE_ADDRESS_ERROR);
865 }
866 
867 static void handle_fcp_region_request(struct fw_card *card,
868 				      struct fw_packet *p,
869 				      struct fw_request *request,
870 				      unsigned long long offset)
871 {
872 	struct fw_address_handler *handler;
873 	int tcode, destination, source;
874 
875 	if ((offset != (CSR_REGISTER_BASE | CSR_FCP_COMMAND) &&
876 	     offset != (CSR_REGISTER_BASE | CSR_FCP_RESPONSE)) ||
877 	    request->length > 0x200) {
878 		fw_send_response(card, request, RCODE_ADDRESS_ERROR);
879 
880 		return;
881 	}
882 
883 	tcode       = HEADER_GET_TCODE(p->header[0]);
884 	destination = HEADER_GET_DESTINATION(p->header[0]);
885 	source      = HEADER_GET_SOURCE(p->header[1]);
886 
887 	if (tcode != TCODE_WRITE_QUADLET_REQUEST &&
888 	    tcode != TCODE_WRITE_BLOCK_REQUEST) {
889 		fw_send_response(card, request, RCODE_TYPE_ERROR);
890 
891 		return;
892 	}
893 
894 	rcu_read_lock();
895 	list_for_each_entry_rcu(handler, &address_handler_list, link) {
896 		if (is_enclosing_handler(handler, offset, request->length))
897 			handler->address_callback(card, NULL, tcode,
898 						  destination, source,
899 						  p->generation, offset,
900 						  request->data,
901 						  request->length,
902 						  handler->callback_data);
903 	}
904 	rcu_read_unlock();
905 
906 	fw_send_response(card, request, RCODE_COMPLETE);
907 }
908 
909 void fw_core_handle_request(struct fw_card *card, struct fw_packet *p)
910 {
911 	struct fw_request *request;
912 	unsigned long long offset;
913 
914 	if (p->ack != ACK_PENDING && p->ack != ACK_COMPLETE)
915 		return;
916 
917 	if (TCODE_IS_LINK_INTERNAL(HEADER_GET_TCODE(p->header[0]))) {
918 		fw_cdev_handle_phy_packet(card, p);
919 		return;
920 	}
921 
922 	request = allocate_request(card, p);
923 	if (request == NULL) {
924 		/* FIXME: send statically allocated busy packet. */
925 		return;
926 	}
927 
928 	offset = ((u64)HEADER_GET_OFFSET_HIGH(p->header[1]) << 32) |
929 		p->header[2];
930 
931 	if (!is_in_fcp_region(offset, request->length))
932 		handle_exclusive_region_request(card, p, request, offset);
933 	else
934 		handle_fcp_region_request(card, p, request, offset);
935 
936 }
937 EXPORT_SYMBOL(fw_core_handle_request);
938 
939 void fw_core_handle_response(struct fw_card *card, struct fw_packet *p)
940 {
941 	struct fw_transaction *t;
942 	unsigned long flags;
943 	u32 *data;
944 	size_t data_length;
945 	int tcode, tlabel, source, rcode;
946 
947 	tcode	= HEADER_GET_TCODE(p->header[0]);
948 	tlabel	= HEADER_GET_TLABEL(p->header[0]);
949 	source	= HEADER_GET_SOURCE(p->header[1]);
950 	rcode	= HEADER_GET_RCODE(p->header[1]);
951 
952 	spin_lock_irqsave(&card->lock, flags);
953 	list_for_each_entry(t, &card->transaction_list, link) {
954 		if (t->node_id == source && t->tlabel == tlabel) {
955 			if (!try_cancel_split_timeout(t)) {
956 				spin_unlock_irqrestore(&card->lock, flags);
957 				goto timed_out;
958 			}
959 			list_del_init(&t->link);
960 			card->tlabel_mask &= ~(1ULL << t->tlabel);
961 			break;
962 		}
963 	}
964 	spin_unlock_irqrestore(&card->lock, flags);
965 
966 	if (&t->link == &card->transaction_list) {
967  timed_out:
968 		fw_notice(card, "unsolicited response (source %x, tlabel %x)\n",
969 			  source, tlabel);
970 		return;
971 	}
972 
973 	/*
974 	 * FIXME: sanity check packet, is length correct, does tcodes
975 	 * and addresses match.
976 	 */
977 
978 	switch (tcode) {
979 	case TCODE_READ_QUADLET_RESPONSE:
980 		data = (u32 *) &p->header[3];
981 		data_length = 4;
982 		break;
983 
984 	case TCODE_WRITE_RESPONSE:
985 		data = NULL;
986 		data_length = 0;
987 		break;
988 
989 	case TCODE_READ_BLOCK_RESPONSE:
990 	case TCODE_LOCK_RESPONSE:
991 		data = p->payload;
992 		data_length = HEADER_GET_DATA_LENGTH(p->header[3]);
993 		break;
994 
995 	default:
996 		/* Should never happen, this is just to shut up gcc. */
997 		data = NULL;
998 		data_length = 0;
999 		break;
1000 	}
1001 
1002 	/*
1003 	 * The response handler may be executed while the request handler
1004 	 * is still pending.  Cancel the request handler.
1005 	 */
1006 	card->driver->cancel_packet(card, &t->packet);
1007 
1008 	t->callback(card, rcode, data, data_length, t->callback_data);
1009 }
1010 EXPORT_SYMBOL(fw_core_handle_response);
1011 
1012 /**
1013  * fw_rcode_string - convert a firewire result code to an error description
1014  * @rcode: the result code
1015  */
1016 const char *fw_rcode_string(int rcode)
1017 {
1018 	static const char *const names[] = {
1019 		[RCODE_COMPLETE]       = "no error",
1020 		[RCODE_CONFLICT_ERROR] = "conflict error",
1021 		[RCODE_DATA_ERROR]     = "data error",
1022 		[RCODE_TYPE_ERROR]     = "type error",
1023 		[RCODE_ADDRESS_ERROR]  = "address error",
1024 		[RCODE_SEND_ERROR]     = "send error",
1025 		[RCODE_CANCELLED]      = "timeout",
1026 		[RCODE_BUSY]           = "busy",
1027 		[RCODE_GENERATION]     = "bus reset",
1028 		[RCODE_NO_ACK]         = "no ack",
1029 	};
1030 
1031 	if ((unsigned int)rcode < ARRAY_SIZE(names) && names[rcode])
1032 		return names[rcode];
1033 	else
1034 		return "unknown";
1035 }
1036 EXPORT_SYMBOL(fw_rcode_string);
1037 
1038 static const struct fw_address_region topology_map_region =
1039 	{ .start = CSR_REGISTER_BASE | CSR_TOPOLOGY_MAP,
1040 	  .end   = CSR_REGISTER_BASE | CSR_TOPOLOGY_MAP_END, };
1041 
1042 static void handle_topology_map(struct fw_card *card, struct fw_request *request,
1043 		int tcode, int destination, int source, int generation,
1044 		unsigned long long offset, void *payload, size_t length,
1045 		void *callback_data)
1046 {
1047 	int start;
1048 
1049 	if (!TCODE_IS_READ_REQUEST(tcode)) {
1050 		fw_send_response(card, request, RCODE_TYPE_ERROR);
1051 		return;
1052 	}
1053 
1054 	if ((offset & 3) > 0 || (length & 3) > 0) {
1055 		fw_send_response(card, request, RCODE_ADDRESS_ERROR);
1056 		return;
1057 	}
1058 
1059 	start = (offset - topology_map_region.start) / 4;
1060 	memcpy(payload, &card->topology_map[start], length);
1061 
1062 	fw_send_response(card, request, RCODE_COMPLETE);
1063 }
1064 
1065 static struct fw_address_handler topology_map = {
1066 	.length			= 0x400,
1067 	.address_callback	= handle_topology_map,
1068 };
1069 
1070 static const struct fw_address_region registers_region =
1071 	{ .start = CSR_REGISTER_BASE,
1072 	  .end   = CSR_REGISTER_BASE | CSR_CONFIG_ROM, };
1073 
1074 static void update_split_timeout(struct fw_card *card)
1075 {
1076 	unsigned int cycles;
1077 
1078 	cycles = card->split_timeout_hi * 8000 + (card->split_timeout_lo >> 19);
1079 
1080 	/* minimum per IEEE 1394, maximum which doesn't overflow OHCI */
1081 	cycles = clamp(cycles, 800u, 3u * 8000u);
1082 
1083 	card->split_timeout_cycles = cycles;
1084 	card->split_timeout_jiffies = DIV_ROUND_UP(cycles * HZ, 8000);
1085 }
1086 
1087 static void handle_registers(struct fw_card *card, struct fw_request *request,
1088 		int tcode, int destination, int source, int generation,
1089 		unsigned long long offset, void *payload, size_t length,
1090 		void *callback_data)
1091 {
1092 	int reg = offset & ~CSR_REGISTER_BASE;
1093 	__be32 *data = payload;
1094 	int rcode = RCODE_COMPLETE;
1095 	unsigned long flags;
1096 
1097 	switch (reg) {
1098 	case CSR_PRIORITY_BUDGET:
1099 		if (!card->priority_budget_implemented) {
1100 			rcode = RCODE_ADDRESS_ERROR;
1101 			break;
1102 		}
1103 		/* else fall through */
1104 
1105 	case CSR_NODE_IDS:
1106 		/*
1107 		 * per IEEE 1394-2008 8.3.22.3, not IEEE 1394.1-2004 3.2.8
1108 		 * and 9.6, but interoperable with IEEE 1394.1-2004 bridges
1109 		 */
1110 		/* fall through */
1111 
1112 	case CSR_STATE_CLEAR:
1113 	case CSR_STATE_SET:
1114 	case CSR_CYCLE_TIME:
1115 	case CSR_BUS_TIME:
1116 	case CSR_BUSY_TIMEOUT:
1117 		if (tcode == TCODE_READ_QUADLET_REQUEST)
1118 			*data = cpu_to_be32(card->driver->read_csr(card, reg));
1119 		else if (tcode == TCODE_WRITE_QUADLET_REQUEST)
1120 			card->driver->write_csr(card, reg, be32_to_cpu(*data));
1121 		else
1122 			rcode = RCODE_TYPE_ERROR;
1123 		break;
1124 
1125 	case CSR_RESET_START:
1126 		if (tcode == TCODE_WRITE_QUADLET_REQUEST)
1127 			card->driver->write_csr(card, CSR_STATE_CLEAR,
1128 						CSR_STATE_BIT_ABDICATE);
1129 		else
1130 			rcode = RCODE_TYPE_ERROR;
1131 		break;
1132 
1133 	case CSR_SPLIT_TIMEOUT_HI:
1134 		if (tcode == TCODE_READ_QUADLET_REQUEST) {
1135 			*data = cpu_to_be32(card->split_timeout_hi);
1136 		} else if (tcode == TCODE_WRITE_QUADLET_REQUEST) {
1137 			spin_lock_irqsave(&card->lock, flags);
1138 			card->split_timeout_hi = be32_to_cpu(*data) & 7;
1139 			update_split_timeout(card);
1140 			spin_unlock_irqrestore(&card->lock, flags);
1141 		} else {
1142 			rcode = RCODE_TYPE_ERROR;
1143 		}
1144 		break;
1145 
1146 	case CSR_SPLIT_TIMEOUT_LO:
1147 		if (tcode == TCODE_READ_QUADLET_REQUEST) {
1148 			*data = cpu_to_be32(card->split_timeout_lo);
1149 		} else if (tcode == TCODE_WRITE_QUADLET_REQUEST) {
1150 			spin_lock_irqsave(&card->lock, flags);
1151 			card->split_timeout_lo =
1152 					be32_to_cpu(*data) & 0xfff80000;
1153 			update_split_timeout(card);
1154 			spin_unlock_irqrestore(&card->lock, flags);
1155 		} else {
1156 			rcode = RCODE_TYPE_ERROR;
1157 		}
1158 		break;
1159 
1160 	case CSR_MAINT_UTILITY:
1161 		if (tcode == TCODE_READ_QUADLET_REQUEST)
1162 			*data = card->maint_utility_register;
1163 		else if (tcode == TCODE_WRITE_QUADLET_REQUEST)
1164 			card->maint_utility_register = *data;
1165 		else
1166 			rcode = RCODE_TYPE_ERROR;
1167 		break;
1168 
1169 	case CSR_BROADCAST_CHANNEL:
1170 		if (tcode == TCODE_READ_QUADLET_REQUEST)
1171 			*data = cpu_to_be32(card->broadcast_channel);
1172 		else if (tcode == TCODE_WRITE_QUADLET_REQUEST)
1173 			card->broadcast_channel =
1174 			    (be32_to_cpu(*data) & BROADCAST_CHANNEL_VALID) |
1175 			    BROADCAST_CHANNEL_INITIAL;
1176 		else
1177 			rcode = RCODE_TYPE_ERROR;
1178 		break;
1179 
1180 	case CSR_BUS_MANAGER_ID:
1181 	case CSR_BANDWIDTH_AVAILABLE:
1182 	case CSR_CHANNELS_AVAILABLE_HI:
1183 	case CSR_CHANNELS_AVAILABLE_LO:
1184 		/*
1185 		 * FIXME: these are handled by the OHCI hardware and
1186 		 * the stack never sees these request. If we add
1187 		 * support for a new type of controller that doesn't
1188 		 * handle this in hardware we need to deal with these
1189 		 * transactions.
1190 		 */
1191 		BUG();
1192 		break;
1193 
1194 	default:
1195 		rcode = RCODE_ADDRESS_ERROR;
1196 		break;
1197 	}
1198 
1199 	fw_send_response(card, request, rcode);
1200 }
1201 
1202 static struct fw_address_handler registers = {
1203 	.length			= 0x400,
1204 	.address_callback	= handle_registers,
1205 };
1206 
1207 static void handle_low_memory(struct fw_card *card, struct fw_request *request,
1208 		int tcode, int destination, int source, int generation,
1209 		unsigned long long offset, void *payload, size_t length,
1210 		void *callback_data)
1211 {
1212 	/*
1213 	 * This catches requests not handled by the physical DMA unit,
1214 	 * i.e., wrong transaction types or unauthorized source nodes.
1215 	 */
1216 	fw_send_response(card, request, RCODE_TYPE_ERROR);
1217 }
1218 
1219 static struct fw_address_handler low_memory = {
1220 	.length			= 0x000100000000ULL,
1221 	.address_callback	= handle_low_memory,
1222 };
1223 
1224 MODULE_AUTHOR("Kristian Hoegsberg <krh@bitplanet.net>");
1225 MODULE_DESCRIPTION("Core IEEE1394 transaction logic");
1226 MODULE_LICENSE("GPL");
1227 
1228 static const u32 vendor_textual_descriptor[] = {
1229 	/* textual descriptor leaf () */
1230 	0x00060000,
1231 	0x00000000,
1232 	0x00000000,
1233 	0x4c696e75,		/* L i n u */
1234 	0x78204669,		/* x   F i */
1235 	0x72657769,		/* r e w i */
1236 	0x72650000,		/* r e     */
1237 };
1238 
1239 static const u32 model_textual_descriptor[] = {
1240 	/* model descriptor leaf () */
1241 	0x00030000,
1242 	0x00000000,
1243 	0x00000000,
1244 	0x4a756a75,		/* J u j u */
1245 };
1246 
1247 static struct fw_descriptor vendor_id_descriptor = {
1248 	.length = ARRAY_SIZE(vendor_textual_descriptor),
1249 	.immediate = 0x03d00d1e,
1250 	.key = 0x81000000,
1251 	.data = vendor_textual_descriptor,
1252 };
1253 
1254 static struct fw_descriptor model_id_descriptor = {
1255 	.length = ARRAY_SIZE(model_textual_descriptor),
1256 	.immediate = 0x17000001,
1257 	.key = 0x81000000,
1258 	.data = model_textual_descriptor,
1259 };
1260 
1261 static int __init fw_core_init(void)
1262 {
1263 	int ret;
1264 
1265 	fw_workqueue = alloc_workqueue("firewire", WQ_MEM_RECLAIM, 0);
1266 	if (!fw_workqueue)
1267 		return -ENOMEM;
1268 
1269 	ret = bus_register(&fw_bus_type);
1270 	if (ret < 0) {
1271 		destroy_workqueue(fw_workqueue);
1272 		return ret;
1273 	}
1274 
1275 	fw_cdev_major = register_chrdev(0, "firewire", &fw_device_ops);
1276 	if (fw_cdev_major < 0) {
1277 		bus_unregister(&fw_bus_type);
1278 		destroy_workqueue(fw_workqueue);
1279 		return fw_cdev_major;
1280 	}
1281 
1282 	fw_core_add_address_handler(&topology_map, &topology_map_region);
1283 	fw_core_add_address_handler(&registers, &registers_region);
1284 	fw_core_add_address_handler(&low_memory, &low_memory_region);
1285 	fw_core_add_descriptor(&vendor_id_descriptor);
1286 	fw_core_add_descriptor(&model_id_descriptor);
1287 
1288 	return 0;
1289 }
1290 
1291 static void __exit fw_core_cleanup(void)
1292 {
1293 	unregister_chrdev(fw_cdev_major, "firewire");
1294 	bus_unregister(&fw_bus_type);
1295 	destroy_workqueue(fw_workqueue);
1296 	idr_destroy(&fw_device_idr);
1297 }
1298 
1299 module_init(fw_core_init);
1300 module_exit(fw_core_cleanup);
1301