1 /*
2  * dvb_ca.c: generic DVB functions for EN50221 CAM interfaces
3  *
4  * Copyright (C) 2004 Andrew de Quincey
5  *
6  * Parts of this file were based on sources as follows:
7  *
8  * Copyright (C) 2003 Ralph Metzler <rjkm@metzlerbros.de>
9  *
10  * based on code:
11  *
12  * Copyright (C) 1999-2002 Ralph  Metzler
13  *                       & Marcus Metzler for convergence integrated media GmbH
14  *
15  * This program is free software; you can redistribute it and/or
16  * modify it under the terms of the GNU General Public License
17  * as published by the Free Software Foundation; either version 2
18  * of the License, or (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23  * GNU General Public License for more details.
24  * To obtain the license, point your browser to
25  * http://www.gnu.org/copyleft/gpl.html
26  */
27 
28 #define pr_fmt(fmt) "dvb_ca_en50221: " fmt
29 
30 #include <linux/errno.h>
31 #include <linux/slab.h>
32 #include <linux/list.h>
33 #include <linux/module.h>
34 #include <linux/vmalloc.h>
35 #include <linux/delay.h>
36 #include <linux/spinlock.h>
37 #include <linux/sched/signal.h>
38 #include <linux/kthread.h>
39 
40 #include "dvb_ca_en50221.h"
41 #include "dvb_ringbuffer.h"
42 
43 static int dvb_ca_en50221_debug;
44 
45 module_param_named(cam_debug, dvb_ca_en50221_debug, int, 0644);
46 MODULE_PARM_DESC(cam_debug, "enable verbose debug messages");
47 
48 #define dprintk(fmt, arg...) do {					\
49 	if (dvb_ca_en50221_debug)					\
50 		printk(KERN_DEBUG pr_fmt("%s: " fmt), __func__, ##arg);\
51 } while (0)
52 
53 #define INIT_TIMEOUT_SECS 10
54 
55 #define HOST_LINK_BUF_SIZE 0x200
56 
57 #define RX_BUFFER_SIZE 65535
58 
59 #define MAX_RX_PACKETS_PER_ITERATION 10
60 
61 #define CTRLIF_DATA      0
62 #define CTRLIF_COMMAND   1
63 #define CTRLIF_STATUS    1
64 #define CTRLIF_SIZE_LOW  2
65 #define CTRLIF_SIZE_HIGH 3
66 
67 #define CMDREG_HC        1	/* Host control */
68 #define CMDREG_SW        2	/* Size write */
69 #define CMDREG_SR        4	/* Size read */
70 #define CMDREG_RS        8	/* Reset interface */
71 #define CMDREG_FRIE   0x40	/* Enable FR interrupt */
72 #define CMDREG_DAIE   0x80	/* Enable DA interrupt */
73 #define IRQEN (CMDREG_DAIE)
74 
75 #define STATUSREG_RE     1	/* read error */
76 #define STATUSREG_WE     2	/* write error */
77 #define STATUSREG_FR  0x40	/* module free */
78 #define STATUSREG_DA  0x80	/* data available */
79 
80 #define DVB_CA_SLOTSTATE_NONE           0
81 #define DVB_CA_SLOTSTATE_UNINITIALISED  1
82 #define DVB_CA_SLOTSTATE_RUNNING        2
83 #define DVB_CA_SLOTSTATE_INVALID        3
84 #define DVB_CA_SLOTSTATE_WAITREADY      4
85 #define DVB_CA_SLOTSTATE_VALIDATE       5
86 #define DVB_CA_SLOTSTATE_WAITFR         6
87 #define DVB_CA_SLOTSTATE_LINKINIT       7
88 
89 /* Information on a CA slot */
90 struct dvb_ca_slot {
91 	/* current state of the CAM */
92 	int slot_state;
93 
94 	/* mutex used for serializing access to one CI slot */
95 	struct mutex slot_lock;
96 
97 	/* Number of CAMCHANGES that have occurred since last processing */
98 	atomic_t camchange_count;
99 
100 	/* Type of last CAMCHANGE */
101 	int camchange_type;
102 
103 	/* base address of CAM config */
104 	u32 config_base;
105 
106 	/* value to write into Config Control register */
107 	u8 config_option;
108 
109 	/* if 1, the CAM supports DA IRQs */
110 	u8 da_irq_supported:1;
111 
112 	/* size of the buffer to use when talking to the CAM */
113 	int link_buf_size;
114 
115 	/* buffer for incoming packets */
116 	struct dvb_ringbuffer rx_buffer;
117 
118 	/* timer used during various states of the slot */
119 	unsigned long timeout;
120 };
121 
122 /* Private CA-interface information */
123 struct dvb_ca_private {
124 	struct kref refcount;
125 
126 	/* pointer back to the public data structure */
127 	struct dvb_ca_en50221 *pub;
128 
129 	/* the DVB device */
130 	struct dvb_device *dvbdev;
131 
132 	/* Flags describing the interface (DVB_CA_FLAG_*) */
133 	u32 flags;
134 
135 	/* number of slots supported by this CA interface */
136 	unsigned int slot_count;
137 
138 	/* information on each slot */
139 	struct dvb_ca_slot *slot_info;
140 
141 	/* wait queues for read() and write() operations */
142 	wait_queue_head_t wait_queue;
143 
144 	/* PID of the monitoring thread */
145 	struct task_struct *thread;
146 
147 	/* Flag indicating if the CA device is open */
148 	unsigned int open:1;
149 
150 	/* Flag indicating the thread should wake up now */
151 	unsigned int wakeup:1;
152 
153 	/* Delay the main thread should use */
154 	unsigned long delay;
155 
156 	/*
157 	 * Slot to start looking for data to read from in the next user-space
158 	 * read operation
159 	 */
160 	int next_read_slot;
161 
162 	/* mutex serializing ioctls */
163 	struct mutex ioctl_mutex;
164 };
165 
166 static void dvb_ca_private_free(struct dvb_ca_private *ca)
167 {
168 	unsigned int i;
169 
170 	dvb_free_device(ca->dvbdev);
171 	for (i = 0; i < ca->slot_count; i++)
172 		vfree(ca->slot_info[i].rx_buffer.data);
173 
174 	kfree(ca->slot_info);
175 	kfree(ca);
176 }
177 
178 static void dvb_ca_private_release(struct kref *ref)
179 {
180 	struct dvb_ca_private *ca;
181 
182 	ca = container_of(ref, struct dvb_ca_private, refcount);
183 	dvb_ca_private_free(ca);
184 }
185 
186 static void dvb_ca_private_get(struct dvb_ca_private *ca)
187 {
188 	kref_get(&ca->refcount);
189 }
190 
191 static void dvb_ca_private_put(struct dvb_ca_private *ca)
192 {
193 	kref_put(&ca->refcount, dvb_ca_private_release);
194 }
195 
196 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca);
197 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
198 				    u8 *ebuf, int ecount);
199 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
200 				     u8 *ebuf, int ecount);
201 
202 /**
203  * Safely find needle in haystack.
204  *
205  * @haystack: Buffer to look in.
206  * @hlen: Number of bytes in haystack.
207  * @needle: Buffer to find.
208  * @nlen: Number of bytes in needle.
209  * return: Pointer into haystack needle was found at, or NULL if not found.
210  */
211 static char *findstr(char *haystack, int hlen, char *needle, int nlen)
212 {
213 	int i;
214 
215 	if (hlen < nlen)
216 		return NULL;
217 
218 	for (i = 0; i <= hlen - nlen; i++) {
219 		if (!strncmp(haystack + i, needle, nlen))
220 			return haystack + i;
221 	}
222 
223 	return NULL;
224 }
225 
226 /* ************************************************************************** */
227 /* EN50221 physical interface functions */
228 
229 /*
230  * dvb_ca_en50221_check_camstatus - Check CAM status.
231  */
232 static int dvb_ca_en50221_check_camstatus(struct dvb_ca_private *ca, int slot)
233 {
234 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
235 	int slot_status;
236 	int cam_present_now;
237 	int cam_changed;
238 
239 	/* IRQ mode */
240 	if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
241 		return (atomic_read(&sl->camchange_count) != 0);
242 
243 	/* poll mode */
244 	slot_status = ca->pub->poll_slot_status(ca->pub, slot, ca->open);
245 
246 	cam_present_now = (slot_status & DVB_CA_EN50221_POLL_CAM_PRESENT) ? 1 : 0;
247 	cam_changed = (slot_status & DVB_CA_EN50221_POLL_CAM_CHANGED) ? 1 : 0;
248 	if (!cam_changed) {
249 		int cam_present_old = (sl->slot_state != DVB_CA_SLOTSTATE_NONE);
250 
251 		cam_changed = (cam_present_now != cam_present_old);
252 	}
253 
254 	if (cam_changed) {
255 		if (!cam_present_now)
256 			sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
257 		else
258 			sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_INSERTED;
259 		atomic_set(&sl->camchange_count, 1);
260 	} else {
261 		if ((sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) &&
262 		    (slot_status & DVB_CA_EN50221_POLL_CAM_READY)) {
263 			/* move to validate state if reset is completed */
264 			sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
265 		}
266 	}
267 
268 	return cam_changed;
269 }
270 
271 /**
272  * dvb_ca_en50221_wait_if_status - Wait for flags to become set on the STATUS
273  *	 register on a CAM interface, checking for errors and timeout.
274  *
275  * @ca: CA instance.
276  * @slot: Slot on interface.
277  * @waitfor: Flags to wait for.
278  * @timeout_hz: Timeout in milliseconds.
279  *
280  * return: 0 on success, nonzero on error.
281  */
282 static int dvb_ca_en50221_wait_if_status(struct dvb_ca_private *ca, int slot,
283 					 u8 waitfor, int timeout_hz)
284 {
285 	unsigned long timeout;
286 	unsigned long start;
287 
288 	dprintk("%s\n", __func__);
289 
290 	/* loop until timeout elapsed */
291 	start = jiffies;
292 	timeout = jiffies + timeout_hz;
293 	while (1) {
294 		int res;
295 
296 		/* read the status and check for error */
297 		res = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
298 		if (res < 0)
299 			return -EIO;
300 
301 		/* if we got the flags, it was successful! */
302 		if (res & waitfor) {
303 			dprintk("%s succeeded timeout:%lu\n",
304 				__func__, jiffies - start);
305 			return 0;
306 		}
307 
308 		/* check for timeout */
309 		if (time_after(jiffies, timeout))
310 			break;
311 
312 		/* wait for a bit */
313 		usleep_range(1000, 1100);
314 	}
315 
316 	dprintk("%s failed timeout:%lu\n", __func__, jiffies - start);
317 
318 	/* if we get here, we've timed out */
319 	return -ETIMEDOUT;
320 }
321 
322 /**
323  * dvb_ca_en50221_link_init - Initialise the link layer connection to a CAM.
324  *
325  * @ca: CA instance.
326  * @slot: Slot id.
327  *
328  * return: 0 on success, nonzero on failure.
329  */
330 static int dvb_ca_en50221_link_init(struct dvb_ca_private *ca, int slot)
331 {
332 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
333 	int ret;
334 	int buf_size;
335 	u8 buf[2];
336 
337 	dprintk("%s\n", __func__);
338 
339 	/* we'll be determining these during this function */
340 	sl->da_irq_supported = 0;
341 
342 	/*
343 	 * set the host link buffer size temporarily. it will be overwritten
344 	 * with the real negotiated size later.
345 	 */
346 	sl->link_buf_size = 2;
347 
348 	/* read the buffer size from the CAM */
349 	ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
350 					 IRQEN | CMDREG_SR);
351 	if (ret)
352 		return ret;
353 	ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_DA, HZ);
354 	if (ret)
355 		return ret;
356 	ret = dvb_ca_en50221_read_data(ca, slot, buf, 2);
357 	if (ret != 2)
358 		return -EIO;
359 	ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
360 	if (ret)
361 		return ret;
362 
363 	/*
364 	 * store it, and choose the minimum of our buffer and the CAM's buffer
365 	 * size
366 	 */
367 	buf_size = (buf[0] << 8) | buf[1];
368 	if (buf_size > HOST_LINK_BUF_SIZE)
369 		buf_size = HOST_LINK_BUF_SIZE;
370 	sl->link_buf_size = buf_size;
371 	buf[0] = buf_size >> 8;
372 	buf[1] = buf_size & 0xff;
373 	dprintk("Chosen link buffer size of %i\n", buf_size);
374 
375 	/* write the buffer size to the CAM */
376 	ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
377 					 IRQEN | CMDREG_SW);
378 	if (ret)
379 		return ret;
380 	ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_FR, HZ / 10);
381 	if (ret)
382 		return ret;
383 	ret = dvb_ca_en50221_write_data(ca, slot, buf, 2);
384 	if (ret != 2)
385 		return -EIO;
386 	ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
387 	if (ret)
388 		return ret;
389 
390 	/* success */
391 	return 0;
392 }
393 
394 /**
395  * dvb_ca_en50221_read_tuple - Read a tuple from attribute memory.
396  *
397  * @ca: CA instance.
398  * @slot: Slot id.
399  * @address: Address to read from. Updated.
400  * @tuple_type: Tuple id byte. Updated.
401  * @tuple_length: Tuple length. Updated.
402  * @tuple: Dest buffer for tuple (must be 256 bytes). Updated.
403  *
404  * return: 0 on success, nonzero on error.
405  */
406 static int dvb_ca_en50221_read_tuple(struct dvb_ca_private *ca, int slot,
407 				     int *address, int *tuple_type,
408 				     int *tuple_length, u8 *tuple)
409 {
410 	int i;
411 	int _tuple_type;
412 	int _tuple_length;
413 	int _address = *address;
414 
415 	/* grab the next tuple length and type */
416 	_tuple_type = ca->pub->read_attribute_mem(ca->pub, slot, _address);
417 	if (_tuple_type < 0)
418 		return _tuple_type;
419 	if (_tuple_type == 0xff) {
420 		dprintk("END OF CHAIN TUPLE type:0x%x\n", _tuple_type);
421 		*address += 2;
422 		*tuple_type = _tuple_type;
423 		*tuple_length = 0;
424 		return 0;
425 	}
426 	_tuple_length = ca->pub->read_attribute_mem(ca->pub, slot,
427 						    _address + 2);
428 	if (_tuple_length < 0)
429 		return _tuple_length;
430 	_address += 4;
431 
432 	dprintk("TUPLE type:0x%x length:%i\n", _tuple_type, _tuple_length);
433 
434 	/* read in the whole tuple */
435 	for (i = 0; i < _tuple_length; i++) {
436 		tuple[i] = ca->pub->read_attribute_mem(ca->pub, slot,
437 						       _address + (i * 2));
438 		dprintk("  0x%02x: 0x%02x %c\n",
439 			i, tuple[i] & 0xff,
440 			((tuple[i] > 31) && (tuple[i] < 127)) ? tuple[i] : '.');
441 	}
442 	_address += (_tuple_length * 2);
443 
444 	/* success */
445 	*tuple_type = _tuple_type;
446 	*tuple_length = _tuple_length;
447 	*address = _address;
448 	return 0;
449 }
450 
451 /**
452  * dvb_ca_en50221_parse_attributes - Parse attribute memory of a CAM module,
453  *	extracting Config register, and checking it is a DVB CAM module.
454  *
455  * @ca: CA instance.
456  * @slot: Slot id.
457  *
458  * return: 0 on success, <0 on failure.
459  */
460 static int dvb_ca_en50221_parse_attributes(struct dvb_ca_private *ca, int slot)
461 {
462 	struct dvb_ca_slot *sl;
463 	int address = 0;
464 	int tuple_length;
465 	int tuple_type;
466 	u8 tuple[257];
467 	char *dvb_str;
468 	int rasz;
469 	int status;
470 	int got_cftableentry = 0;
471 	int end_chain = 0;
472 	int i;
473 	u16 manfid = 0;
474 	u16 devid = 0;
475 
476 	/* CISTPL_DEVICE_0A */
477 	status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
478 					   &tuple_length, tuple);
479 	if (status < 0)
480 		return status;
481 	if (tuple_type != 0x1D)
482 		return -EINVAL;
483 
484 	/* CISTPL_DEVICE_0C */
485 	status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
486 					   &tuple_length, tuple);
487 	if (status < 0)
488 		return status;
489 	if (tuple_type != 0x1C)
490 		return -EINVAL;
491 
492 	/* CISTPL_VERS_1 */
493 	status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
494 					   &tuple_length, tuple);
495 	if (status < 0)
496 		return status;
497 	if (tuple_type != 0x15)
498 		return -EINVAL;
499 
500 	/* CISTPL_MANFID */
501 	status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
502 					   &tuple_length, tuple);
503 	if (status < 0)
504 		return status;
505 	if (tuple_type != 0x20)
506 		return -EINVAL;
507 	if (tuple_length != 4)
508 		return -EINVAL;
509 	manfid = (tuple[1] << 8) | tuple[0];
510 	devid = (tuple[3] << 8) | tuple[2];
511 
512 	/* CISTPL_CONFIG */
513 	status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
514 					   &tuple_length, tuple);
515 	if (status < 0)
516 		return status;
517 	if (tuple_type != 0x1A)
518 		return -EINVAL;
519 	if (tuple_length < 3)
520 		return -EINVAL;
521 
522 	/* extract the configbase */
523 	rasz = tuple[0] & 3;
524 	if (tuple_length < (3 + rasz + 14))
525 		return -EINVAL;
526 	sl = &ca->slot_info[slot];
527 	sl->config_base = 0;
528 	for (i = 0; i < rasz + 1; i++)
529 		sl->config_base |= (tuple[2 + i] << (8 * i));
530 
531 	/* check it contains the correct DVB string */
532 	dvb_str = findstr((char *)tuple, tuple_length, "DVB_CI_V", 8);
533 	if (!dvb_str)
534 		return -EINVAL;
535 	if (tuple_length < ((dvb_str - (char *)tuple) + 12))
536 		return -EINVAL;
537 
538 	/* is it a version we support? */
539 	if (strncmp(dvb_str + 8, "1.00", 4)) {
540 		pr_err("dvb_ca adapter %d: Unsupported DVB CAM module version %c%c%c%c\n",
541 		       ca->dvbdev->adapter->num, dvb_str[8], dvb_str[9],
542 		       dvb_str[10], dvb_str[11]);
543 		return -EINVAL;
544 	}
545 
546 	/* process the CFTABLE_ENTRY tuples, and any after those */
547 	while ((!end_chain) && (address < 0x1000)) {
548 		status = dvb_ca_en50221_read_tuple(ca, slot, &address,
549 						   &tuple_type, &tuple_length,
550 						   tuple);
551 		if (status < 0)
552 			return status;
553 		switch (tuple_type) {
554 		case 0x1B:	/* CISTPL_CFTABLE_ENTRY */
555 			if (tuple_length < (2 + 11 + 17))
556 				break;
557 
558 			/* if we've already parsed one, just use it */
559 			if (got_cftableentry)
560 				break;
561 
562 			/* get the config option */
563 			sl->config_option = tuple[0] & 0x3f;
564 
565 			/* OK, check it contains the correct strings */
566 			if (!findstr((char *)tuple, tuple_length,
567 				     "DVB_HOST", 8) ||
568 			    !findstr((char *)tuple, tuple_length,
569 				     "DVB_CI_MODULE", 13))
570 				break;
571 
572 			got_cftableentry = 1;
573 			break;
574 
575 		case 0x14:	/* CISTPL_NO_LINK */
576 			break;
577 
578 		case 0xFF:	/* CISTPL_END */
579 			end_chain = 1;
580 			break;
581 
582 		default:	/* Unknown tuple type - just skip this tuple */
583 			dprintk("dvb_ca: Skipping unknown tuple type:0x%x length:0x%x\n",
584 				tuple_type, tuple_length);
585 			break;
586 		}
587 	}
588 
589 	if ((address > 0x1000) || (!got_cftableentry))
590 		return -EINVAL;
591 
592 	dprintk("Valid DVB CAM detected MANID:%x DEVID:%x CONFIGBASE:0x%x CONFIGOPTION:0x%x\n",
593 		manfid, devid, sl->config_base, sl->config_option);
594 
595 	/* success! */
596 	return 0;
597 }
598 
599 /**
600  * dvb_ca_en50221_set_configoption - Set CAM's configoption correctly.
601  *
602  * @ca: CA instance.
603  * @slot: Slot containing the CAM.
604  */
605 static int dvb_ca_en50221_set_configoption(struct dvb_ca_private *ca, int slot)
606 {
607 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
608 	int configoption;
609 
610 	dprintk("%s\n", __func__);
611 
612 	/* set the config option */
613 	ca->pub->write_attribute_mem(ca->pub, slot, sl->config_base,
614 				     sl->config_option);
615 
616 	/* check it */
617 	configoption = ca->pub->read_attribute_mem(ca->pub, slot,
618 						   sl->config_base);
619 	dprintk("Set configoption 0x%x, read configoption 0x%x\n",
620 		sl->config_option, configoption & 0x3f);
621 
622 	/* fine! */
623 	return 0;
624 }
625 
626 /**
627  * dvb_ca_en50221_read_data - This function talks to an EN50221 CAM control
628  *	interface. It reads a buffer of data from the CAM. The data can either
629  *	be stored in a supplied buffer, or automatically be added to the slot's
630  *	rx_buffer.
631  *
632  * @ca: CA instance.
633  * @slot: Slot to read from.
634  * @ebuf: If non-NULL, the data will be written to this buffer. If NULL,
635  *	  the data will be added into the buffering system as a normal
636  *	  fragment.
637  * @ecount: Size of ebuf. Ignored if ebuf is NULL.
638  *
639  * return: Number of bytes read, or < 0 on error
640  */
641 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
642 				    u8 *ebuf, int ecount)
643 {
644 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
645 	int bytes_read;
646 	int status;
647 	u8 buf[HOST_LINK_BUF_SIZE];
648 	int i;
649 
650 	dprintk("%s\n", __func__);
651 
652 	/* check if we have space for a link buf in the rx_buffer */
653 	if (!ebuf) {
654 		int buf_free;
655 
656 		if (!sl->rx_buffer.data) {
657 			status = -EIO;
658 			goto exit;
659 		}
660 		buf_free = dvb_ringbuffer_free(&sl->rx_buffer);
661 
662 		if (buf_free < (sl->link_buf_size +
663 				DVB_RINGBUFFER_PKTHDRSIZE)) {
664 			status = -EAGAIN;
665 			goto exit;
666 		}
667 	}
668 
669 	if (ca->pub->read_data &&
670 	    (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT)) {
671 		if (!ebuf)
672 			status = ca->pub->read_data(ca->pub, slot, buf,
673 						    sizeof(buf));
674 		else
675 			status = ca->pub->read_data(ca->pub, slot, buf, ecount);
676 		if (status < 0)
677 			return status;
678 		bytes_read =  status;
679 		if (status == 0)
680 			goto exit;
681 	} else {
682 		/* check if there is data available */
683 		status = ca->pub->read_cam_control(ca->pub, slot,
684 						   CTRLIF_STATUS);
685 		if (status < 0)
686 			goto exit;
687 		if (!(status & STATUSREG_DA)) {
688 			/* no data */
689 			status = 0;
690 			goto exit;
691 		}
692 
693 		/* read the amount of data */
694 		status = ca->pub->read_cam_control(ca->pub, slot,
695 						   CTRLIF_SIZE_HIGH);
696 		if (status < 0)
697 			goto exit;
698 		bytes_read = status << 8;
699 		status = ca->pub->read_cam_control(ca->pub, slot,
700 						   CTRLIF_SIZE_LOW);
701 		if (status < 0)
702 			goto exit;
703 		bytes_read |= status;
704 
705 		/* check it will fit */
706 		if (!ebuf) {
707 			if (bytes_read > sl->link_buf_size) {
708 				pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the link buffer size (%i > %i)!\n",
709 				       ca->dvbdev->adapter->num, bytes_read,
710 				       sl->link_buf_size);
711 				sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
712 				status = -EIO;
713 				goto exit;
714 			}
715 			if (bytes_read < 2) {
716 				pr_err("dvb_ca adapter %d: CAM sent a buffer that was less than 2 bytes!\n",
717 				       ca->dvbdev->adapter->num);
718 				sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
719 				status = -EIO;
720 				goto exit;
721 			}
722 		} else {
723 			if (bytes_read > ecount) {
724 				pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the ecount size!\n",
725 				       ca->dvbdev->adapter->num);
726 				status = -EIO;
727 				goto exit;
728 			}
729 		}
730 
731 		/* fill the buffer */
732 		for (i = 0; i < bytes_read; i++) {
733 			/* read byte and check */
734 			status = ca->pub->read_cam_control(ca->pub, slot,
735 							   CTRLIF_DATA);
736 			if (status < 0)
737 				goto exit;
738 
739 			/* OK, store it in the buffer */
740 			buf[i] = status;
741 		}
742 
743 		/* check for read error (RE should now be 0) */
744 		status = ca->pub->read_cam_control(ca->pub, slot,
745 						   CTRLIF_STATUS);
746 		if (status < 0)
747 			goto exit;
748 		if (status & STATUSREG_RE) {
749 			sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
750 			status = -EIO;
751 			goto exit;
752 		}
753 	}
754 
755 	/*
756 	 * OK, add it to the receive buffer, or copy into external buffer if
757 	 * supplied
758 	 */
759 	if (!ebuf) {
760 		if (!sl->rx_buffer.data) {
761 			status = -EIO;
762 			goto exit;
763 		}
764 		dvb_ringbuffer_pkt_write(&sl->rx_buffer, buf, bytes_read);
765 	} else {
766 		memcpy(ebuf, buf, bytes_read);
767 	}
768 
769 	dprintk("Received CA packet for slot %i connection id 0x%x last_frag:%i size:0x%x\n", slot,
770 		buf[0], (buf[1] & 0x80) == 0, bytes_read);
771 
772 	/* wake up readers when a last_fragment is received */
773 	if ((buf[1] & 0x80) == 0x00)
774 		wake_up_interruptible(&ca->wait_queue);
775 
776 	status = bytes_read;
777 
778 exit:
779 	return status;
780 }
781 
782 /**
783  * dvb_ca_en50221_write_data - This function talks to an EN50221 CAM control
784  *				interface. It writes a buffer of data to a CAM.
785  *
786  * @ca: CA instance.
787  * @slot: Slot to write to.
788  * @buf: The data in this buffer is treated as a complete link-level packet to
789  * 	 be written.
790  * @bytes_write: Size of ebuf.
791  *
792  * return: Number of bytes written, or < 0 on error.
793  */
794 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
795 				     u8 *buf, int bytes_write)
796 {
797 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
798 	int status;
799 	int i;
800 
801 	dprintk("%s\n", __func__);
802 
803 	/* sanity check */
804 	if (bytes_write > sl->link_buf_size)
805 		return -EINVAL;
806 
807 	if (ca->pub->write_data &&
808 	    (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT))
809 		return ca->pub->write_data(ca->pub, slot, buf, bytes_write);
810 
811 	/*
812 	 * it is possible we are dealing with a single buffer implementation,
813 	 * thus if there is data available for read or if there is even a read
814 	 * already in progress, we do nothing but awake the kernel thread to
815 	 * process the data if necessary.
816 	 */
817 	status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
818 	if (status < 0)
819 		goto exitnowrite;
820 	if (status & (STATUSREG_DA | STATUSREG_RE)) {
821 		if (status & STATUSREG_DA)
822 			dvb_ca_en50221_thread_wakeup(ca);
823 
824 		status = -EAGAIN;
825 		goto exitnowrite;
826 	}
827 
828 	/* OK, set HC bit */
829 	status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
830 					    IRQEN | CMDREG_HC);
831 	if (status)
832 		goto exit;
833 
834 	/* check if interface is still free */
835 	status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
836 	if (status < 0)
837 		goto exit;
838 	if (!(status & STATUSREG_FR)) {
839 		/* it wasn't free => try again later */
840 		status = -EAGAIN;
841 		goto exit;
842 	}
843 
844 	/*
845 	 * It may need some time for the CAM to settle down, or there might
846 	 * be a race condition between the CAM, writing HC and our last
847 	 * check for DA. This happens, if the CAM asserts DA, just after
848 	 * checking DA before we are setting HC. In this case it might be
849 	 * a bug in the CAM to keep the FR bit, the lower layer/HW
850 	 * communication requires a longer timeout or the CAM needs more
851 	 * time internally. But this happens in reality!
852 	 * We need to read the status from the HW again and do the same
853 	 * we did for the previous check for DA
854 	 */
855 	status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
856 	if (status < 0)
857 		goto exit;
858 
859 	if (status & (STATUSREG_DA | STATUSREG_RE)) {
860 		if (status & STATUSREG_DA)
861 			dvb_ca_en50221_thread_wakeup(ca);
862 
863 		status = -EAGAIN;
864 		goto exit;
865 	}
866 
867 	/* send the amount of data */
868 	status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_HIGH,
869 					    bytes_write >> 8);
870 	if (status)
871 		goto exit;
872 	status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_LOW,
873 					    bytes_write & 0xff);
874 	if (status)
875 		goto exit;
876 
877 	/* send the buffer */
878 	for (i = 0; i < bytes_write; i++) {
879 		status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_DATA,
880 						    buf[i]);
881 		if (status)
882 			goto exit;
883 	}
884 
885 	/* check for write error (WE should now be 0) */
886 	status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
887 	if (status < 0)
888 		goto exit;
889 	if (status & STATUSREG_WE) {
890 		sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
891 		status = -EIO;
892 		goto exit;
893 	}
894 	status = bytes_write;
895 
896 	dprintk("Wrote CA packet for slot %i, connection id 0x%x last_frag:%i size:0x%x\n", slot,
897 		buf[0], (buf[1] & 0x80) == 0, bytes_write);
898 
899 exit:
900 	ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
901 
902 exitnowrite:
903 	return status;
904 }
905 
906 /* ************************************************************************** */
907 /* EN50221 higher level functions */
908 
909 /**
910  * dvb_ca_en50221_slot_shutdown - A CAM has been removed => shut it down.
911  *
912  * @ca: CA instance.
913  * @slot: Slot to shut down.
914  */
915 static int dvb_ca_en50221_slot_shutdown(struct dvb_ca_private *ca, int slot)
916 {
917 	dprintk("%s\n", __func__);
918 
919 	ca->pub->slot_shutdown(ca->pub, slot);
920 	ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
921 
922 	/*
923 	 * need to wake up all processes to check if they're now trying to
924 	 * write to a defunct CAM
925 	 */
926 	wake_up_interruptible(&ca->wait_queue);
927 
928 	dprintk("Slot %i shutdown\n", slot);
929 
930 	/* success */
931 	return 0;
932 }
933 
934 /**
935  * dvb_ca_en50221_camchange_irq - A CAMCHANGE IRQ has occurred.
936  *
937  * @pubca: CA instance.
938  * @slot: Slot concerned.
939  * @change_type: One of the DVB_CA_CAMCHANGE_* values.
940  */
941 void dvb_ca_en50221_camchange_irq(struct dvb_ca_en50221 *pubca, int slot,
942 				  int change_type)
943 {
944 	struct dvb_ca_private *ca = pubca->private;
945 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
946 
947 	dprintk("CAMCHANGE IRQ slot:%i change_type:%i\n", slot, change_type);
948 
949 	switch (change_type) {
950 	case DVB_CA_EN50221_CAMCHANGE_REMOVED:
951 	case DVB_CA_EN50221_CAMCHANGE_INSERTED:
952 		break;
953 
954 	default:
955 		return;
956 	}
957 
958 	sl->camchange_type = change_type;
959 	atomic_inc(&sl->camchange_count);
960 	dvb_ca_en50221_thread_wakeup(ca);
961 }
962 EXPORT_SYMBOL(dvb_ca_en50221_camchange_irq);
963 
964 /**
965  * dvb_ca_en50221_camready_irq - A CAMREADY IRQ has occurred.
966  *
967  * @pubca: CA instance.
968  * @slot: Slot concerned.
969  */
970 void dvb_ca_en50221_camready_irq(struct dvb_ca_en50221 *pubca, int slot)
971 {
972 	struct dvb_ca_private *ca = pubca->private;
973 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
974 
975 	dprintk("CAMREADY IRQ slot:%i\n", slot);
976 
977 	if (sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) {
978 		sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
979 		dvb_ca_en50221_thread_wakeup(ca);
980 	}
981 }
982 EXPORT_SYMBOL(dvb_ca_en50221_camready_irq);
983 
984 /**
985  * dvb_ca_en50221_frda_irq - An FR or DA IRQ has occurred.
986  *
987  * @pubca: CA instance.
988  * @slot: Slot concerned.
989  */
990 void dvb_ca_en50221_frda_irq(struct dvb_ca_en50221 *pubca, int slot)
991 {
992 	struct dvb_ca_private *ca = pubca->private;
993 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
994 	int flags;
995 
996 	dprintk("FR/DA IRQ slot:%i\n", slot);
997 
998 	switch (sl->slot_state) {
999 	case DVB_CA_SLOTSTATE_LINKINIT:
1000 		flags = ca->pub->read_cam_control(pubca, slot, CTRLIF_STATUS);
1001 		if (flags & STATUSREG_DA) {
1002 			dprintk("CAM supports DA IRQ\n");
1003 			sl->da_irq_supported = 1;
1004 		}
1005 		break;
1006 
1007 	case DVB_CA_SLOTSTATE_RUNNING:
1008 		if (ca->open)
1009 			dvb_ca_en50221_thread_wakeup(ca);
1010 		break;
1011 	}
1012 }
1013 EXPORT_SYMBOL(dvb_ca_en50221_frda_irq);
1014 
1015 /* ************************************************************************** */
1016 /* EN50221 thread functions */
1017 
1018 /**
1019  * Wake up the DVB CA thread
1020  *
1021  * @ca: CA instance.
1022  */
1023 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca)
1024 {
1025 	dprintk("%s\n", __func__);
1026 
1027 	ca->wakeup = 1;
1028 	mb();
1029 	wake_up_process(ca->thread);
1030 }
1031 
1032 /**
1033  * Update the delay used by the thread.
1034  *
1035  * @ca: CA instance.
1036  */
1037 static void dvb_ca_en50221_thread_update_delay(struct dvb_ca_private *ca)
1038 {
1039 	int delay;
1040 	int curdelay = 100000000;
1041 	int slot;
1042 
1043 	/*
1044 	 * Beware of too high polling frequency, because one polling
1045 	 * call might take several hundred milliseconds until timeout!
1046 	 */
1047 	for (slot = 0; slot < ca->slot_count; slot++) {
1048 		struct dvb_ca_slot *sl = &ca->slot_info[slot];
1049 
1050 		switch (sl->slot_state) {
1051 		default:
1052 		case DVB_CA_SLOTSTATE_NONE:
1053 			delay = HZ * 60;  /* 60s */
1054 			if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1055 				delay = HZ * 5;  /* 5s */
1056 			break;
1057 		case DVB_CA_SLOTSTATE_INVALID:
1058 			delay = HZ * 60;  /* 60s */
1059 			if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1060 				delay = HZ / 10;  /* 100ms */
1061 			break;
1062 
1063 		case DVB_CA_SLOTSTATE_UNINITIALISED:
1064 		case DVB_CA_SLOTSTATE_WAITREADY:
1065 		case DVB_CA_SLOTSTATE_VALIDATE:
1066 		case DVB_CA_SLOTSTATE_WAITFR:
1067 		case DVB_CA_SLOTSTATE_LINKINIT:
1068 			delay = HZ / 10;  /* 100ms */
1069 			break;
1070 
1071 		case DVB_CA_SLOTSTATE_RUNNING:
1072 			delay = HZ * 60;  /* 60s */
1073 			if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1074 				delay = HZ / 10;  /* 100ms */
1075 			if (ca->open) {
1076 				if ((!sl->da_irq_supported) ||
1077 				    (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_DA)))
1078 					delay = HZ / 10;  /* 100ms */
1079 			}
1080 			break;
1081 		}
1082 
1083 		if (delay < curdelay)
1084 			curdelay = delay;
1085 	}
1086 
1087 	ca->delay = curdelay;
1088 }
1089 
1090 /**
1091  * Poll if the CAM is gone.
1092  *
1093  * @ca: CA instance.
1094  * @slot: Slot to process.
1095  * return:: 0 .. no change
1096  *          1 .. CAM state changed
1097  */
1098 
1099 static int dvb_ca_en50221_poll_cam_gone(struct dvb_ca_private *ca, int slot)
1100 {
1101 	int changed = 0;
1102 	int status;
1103 
1104 	/*
1105 	 * we need this extra check for annoying interfaces like the
1106 	 * budget-av
1107 	 */
1108 	if ((!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)) &&
1109 	    (ca->pub->poll_slot_status)) {
1110 		status = ca->pub->poll_slot_status(ca->pub, slot, 0);
1111 		if (!(status &
1112 			DVB_CA_EN50221_POLL_CAM_PRESENT)) {
1113 			ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
1114 			dvb_ca_en50221_thread_update_delay(ca);
1115 			changed = 1;
1116 		}
1117 	}
1118 	return changed;
1119 }
1120 
1121 /**
1122  * Thread state machine for one CA slot to perform the data transfer.
1123  *
1124  * @ca: CA instance.
1125  * @slot: Slot to process.
1126  */
1127 static void dvb_ca_en50221_thread_state_machine(struct dvb_ca_private *ca,
1128 						int slot)
1129 {
1130 	struct dvb_ca_slot *sl = &ca->slot_info[slot];
1131 	int flags;
1132 	int pktcount;
1133 	void *rxbuf;
1134 
1135 	mutex_lock(&sl->slot_lock);
1136 
1137 	/* check the cam status + deal with CAMCHANGEs */
1138 	while (dvb_ca_en50221_check_camstatus(ca, slot)) {
1139 		/* clear down an old CI slot if necessary */
1140 		if (sl->slot_state != DVB_CA_SLOTSTATE_NONE)
1141 			dvb_ca_en50221_slot_shutdown(ca, slot);
1142 
1143 		/* if a CAM is NOW present, initialise it */
1144 		if (sl->camchange_type == DVB_CA_EN50221_CAMCHANGE_INSERTED)
1145 			sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1146 
1147 		/* we've handled one CAMCHANGE */
1148 		dvb_ca_en50221_thread_update_delay(ca);
1149 		atomic_dec(&sl->camchange_count);
1150 	}
1151 
1152 	/* CAM state machine */
1153 	switch (sl->slot_state) {
1154 	case DVB_CA_SLOTSTATE_NONE:
1155 	case DVB_CA_SLOTSTATE_INVALID:
1156 		/* no action needed */
1157 		break;
1158 
1159 	case DVB_CA_SLOTSTATE_UNINITIALISED:
1160 		sl->slot_state = DVB_CA_SLOTSTATE_WAITREADY;
1161 		ca->pub->slot_reset(ca->pub, slot);
1162 		sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1163 		break;
1164 
1165 	case DVB_CA_SLOTSTATE_WAITREADY:
1166 		if (time_after(jiffies, sl->timeout)) {
1167 			pr_err("dvb_ca adaptor %d: PC card did not respond :(\n",
1168 			       ca->dvbdev->adapter->num);
1169 			sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1170 			dvb_ca_en50221_thread_update_delay(ca);
1171 			break;
1172 		}
1173 		/*
1174 		 * no other action needed; will automatically change state when
1175 		 * ready
1176 		 */
1177 		break;
1178 
1179 	case DVB_CA_SLOTSTATE_VALIDATE:
1180 		if (dvb_ca_en50221_parse_attributes(ca, slot) != 0) {
1181 			if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1182 				break;
1183 
1184 			pr_err("dvb_ca adapter %d: Invalid PC card inserted :(\n",
1185 			       ca->dvbdev->adapter->num);
1186 			sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1187 			dvb_ca_en50221_thread_update_delay(ca);
1188 			break;
1189 		}
1190 		if (dvb_ca_en50221_set_configoption(ca, slot) != 0) {
1191 			pr_err("dvb_ca adapter %d: Unable to initialise CAM :(\n",
1192 			       ca->dvbdev->adapter->num);
1193 			sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1194 			dvb_ca_en50221_thread_update_delay(ca);
1195 			break;
1196 		}
1197 		if (ca->pub->write_cam_control(ca->pub, slot,
1198 					       CTRLIF_COMMAND,
1199 					       CMDREG_RS) != 0) {
1200 			pr_err("dvb_ca adapter %d: Unable to reset CAM IF\n",
1201 			       ca->dvbdev->adapter->num);
1202 			sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1203 			dvb_ca_en50221_thread_update_delay(ca);
1204 			break;
1205 		}
1206 		dprintk("DVB CAM validated successfully\n");
1207 
1208 		sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1209 		sl->slot_state = DVB_CA_SLOTSTATE_WAITFR;
1210 		ca->wakeup = 1;
1211 		break;
1212 
1213 	case DVB_CA_SLOTSTATE_WAITFR:
1214 		if (time_after(jiffies, sl->timeout)) {
1215 			pr_err("dvb_ca adapter %d: DVB CAM did not respond :(\n",
1216 			       ca->dvbdev->adapter->num);
1217 			sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1218 			dvb_ca_en50221_thread_update_delay(ca);
1219 			break;
1220 		}
1221 
1222 		flags = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
1223 		if (flags & STATUSREG_FR) {
1224 			sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
1225 			ca->wakeup = 1;
1226 		}
1227 		break;
1228 
1229 	case DVB_CA_SLOTSTATE_LINKINIT:
1230 		if (dvb_ca_en50221_link_init(ca, slot) != 0) {
1231 			if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1232 				break;
1233 
1234 			pr_err("dvb_ca adapter %d: DVB CAM link initialisation failed :(\n",
1235 			       ca->dvbdev->adapter->num);
1236 			sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1237 			dvb_ca_en50221_thread_update_delay(ca);
1238 			break;
1239 		}
1240 
1241 		if (!sl->rx_buffer.data) {
1242 			rxbuf = vmalloc(RX_BUFFER_SIZE);
1243 			if (!rxbuf) {
1244 				pr_err("dvb_ca adapter %d: Unable to allocate CAM rx buffer :(\n",
1245 				       ca->dvbdev->adapter->num);
1246 				sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1247 				dvb_ca_en50221_thread_update_delay(ca);
1248 				break;
1249 			}
1250 			dvb_ringbuffer_init(&sl->rx_buffer, rxbuf,
1251 					    RX_BUFFER_SIZE);
1252 		}
1253 
1254 		ca->pub->slot_ts_enable(ca->pub, slot);
1255 		sl->slot_state = DVB_CA_SLOTSTATE_RUNNING;
1256 		dvb_ca_en50221_thread_update_delay(ca);
1257 		pr_err("dvb_ca adapter %d: DVB CAM detected and initialised successfully\n",
1258 		       ca->dvbdev->adapter->num);
1259 		break;
1260 
1261 	case DVB_CA_SLOTSTATE_RUNNING:
1262 		if (!ca->open)
1263 			break;
1264 
1265 		/* poll slots for data */
1266 		pktcount = 0;
1267 		while (dvb_ca_en50221_read_data(ca, slot, NULL, 0) > 0) {
1268 			if (!ca->open)
1269 				break;
1270 
1271 			/*
1272 			 * if a CAMCHANGE occurred at some point, do not do any
1273 			 * more processing of this slot
1274 			 */
1275 			if (dvb_ca_en50221_check_camstatus(ca, slot)) {
1276 				/*
1277 				 * we don't want to sleep on the next iteration
1278 				 * so we can handle the cam change
1279 				 */
1280 				ca->wakeup = 1;
1281 				break;
1282 			}
1283 
1284 			/* check if we've hit our limit this time */
1285 			if (++pktcount >= MAX_RX_PACKETS_PER_ITERATION) {
1286 				/*
1287 				 * don't sleep; there is likely to be more data
1288 				 * to read
1289 				 */
1290 				ca->wakeup = 1;
1291 				break;
1292 			}
1293 		}
1294 		break;
1295 	}
1296 
1297 	mutex_unlock(&sl->slot_lock);
1298 }
1299 
1300 /*
1301  * Kernel thread which monitors CA slots for CAM changes, and performs data
1302  * transfers.
1303  */
1304 static int dvb_ca_en50221_thread(void *data)
1305 {
1306 	struct dvb_ca_private *ca = data;
1307 	int slot;
1308 
1309 	dprintk("%s\n", __func__);
1310 
1311 	/* choose the correct initial delay */
1312 	dvb_ca_en50221_thread_update_delay(ca);
1313 
1314 	/* main loop */
1315 	while (!kthread_should_stop()) {
1316 		/* sleep for a bit */
1317 		if (!ca->wakeup) {
1318 			set_current_state(TASK_INTERRUPTIBLE);
1319 			schedule_timeout(ca->delay);
1320 			if (kthread_should_stop())
1321 				return 0;
1322 		}
1323 		ca->wakeup = 0;
1324 
1325 		/* go through all the slots processing them */
1326 		for (slot = 0; slot < ca->slot_count; slot++)
1327 			dvb_ca_en50221_thread_state_machine(ca, slot);
1328 	}
1329 
1330 	return 0;
1331 }
1332 
1333 /* ************************************************************************** */
1334 /* EN50221 IO interface functions */
1335 
1336 /**
1337  * Real ioctl implementation.
1338  * NOTE: CA_SEND_MSG/CA_GET_MSG ioctls have userspace buffers passed to them.
1339  *
1340  * @file: File concerned.
1341  * @cmd: IOCTL command.
1342  * @parg: Associated argument.
1343  *
1344  * return: 0 on success, <0 on error.
1345  */
1346 static int dvb_ca_en50221_io_do_ioctl(struct file *file,
1347 				      unsigned int cmd, void *parg)
1348 {
1349 	struct dvb_device *dvbdev = file->private_data;
1350 	struct dvb_ca_private *ca = dvbdev->priv;
1351 	int err = 0;
1352 	int slot;
1353 
1354 	dprintk("%s\n", __func__);
1355 
1356 	if (mutex_lock_interruptible(&ca->ioctl_mutex))
1357 		return -ERESTARTSYS;
1358 
1359 	switch (cmd) {
1360 	case CA_RESET:
1361 		for (slot = 0; slot < ca->slot_count; slot++) {
1362 			struct dvb_ca_slot *sl = &ca->slot_info[slot];
1363 
1364 			mutex_lock(&sl->slot_lock);
1365 			if (sl->slot_state != DVB_CA_SLOTSTATE_NONE) {
1366 				dvb_ca_en50221_slot_shutdown(ca, slot);
1367 				if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
1368 					dvb_ca_en50221_camchange_irq(ca->pub,
1369 								     slot,
1370 								     DVB_CA_EN50221_CAMCHANGE_INSERTED);
1371 			}
1372 			mutex_unlock(&sl->slot_lock);
1373 		}
1374 		ca->next_read_slot = 0;
1375 		dvb_ca_en50221_thread_wakeup(ca);
1376 		break;
1377 
1378 	case CA_GET_CAP: {
1379 		struct ca_caps *caps = parg;
1380 
1381 		caps->slot_num = ca->slot_count;
1382 		caps->slot_type = CA_CI_LINK;
1383 		caps->descr_num = 0;
1384 		caps->descr_type = 0;
1385 		break;
1386 	}
1387 
1388 	case CA_GET_SLOT_INFO: {
1389 		struct ca_slot_info *info = parg;
1390 		struct dvb_ca_slot *sl;
1391 
1392 		slot = info->num;
1393 		if ((slot > ca->slot_count) || (slot < 0)) {
1394 			err = -EINVAL;
1395 			goto out_unlock;
1396 		}
1397 
1398 		info->type = CA_CI_LINK;
1399 		info->flags = 0;
1400 		sl = &ca->slot_info[slot];
1401 		if ((sl->slot_state != DVB_CA_SLOTSTATE_NONE) &&
1402 		    (sl->slot_state != DVB_CA_SLOTSTATE_INVALID)) {
1403 			info->flags = CA_CI_MODULE_PRESENT;
1404 		}
1405 		if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING)
1406 			info->flags |= CA_CI_MODULE_READY;
1407 		break;
1408 	}
1409 
1410 	default:
1411 		err = -EINVAL;
1412 		break;
1413 	}
1414 
1415 out_unlock:
1416 	mutex_unlock(&ca->ioctl_mutex);
1417 	return err;
1418 }
1419 
1420 /**
1421  * Wrapper for ioctl implementation.
1422  *
1423  * @file: File concerned.
1424  * @cmd: IOCTL command.
1425  * @arg: Associated argument.
1426  *
1427  * return: 0 on success, <0 on error.
1428  */
1429 static long dvb_ca_en50221_io_ioctl(struct file *file,
1430 				    unsigned int cmd, unsigned long arg)
1431 {
1432 	return dvb_usercopy(file, cmd, arg, dvb_ca_en50221_io_do_ioctl);
1433 }
1434 
1435 /**
1436  * Implementation of write() syscall.
1437  *
1438  * @file: File structure.
1439  * @buf: Source buffer.
1440  * @count: Size of source buffer.
1441  * @ppos: Position in file (ignored).
1442  *
1443  * return: Number of bytes read, or <0 on error.
1444  */
1445 static ssize_t dvb_ca_en50221_io_write(struct file *file,
1446 				       const char __user *buf, size_t count,
1447 				       loff_t *ppos)
1448 {
1449 	struct dvb_device *dvbdev = file->private_data;
1450 	struct dvb_ca_private *ca = dvbdev->priv;
1451 	struct dvb_ca_slot *sl;
1452 	u8 slot, connection_id;
1453 	int status;
1454 	u8 fragbuf[HOST_LINK_BUF_SIZE];
1455 	int fragpos = 0;
1456 	int fraglen;
1457 	unsigned long timeout;
1458 	int written;
1459 
1460 	dprintk("%s\n", __func__);
1461 
1462 	/*
1463 	 * Incoming packet has a 2 byte header.
1464 	 * hdr[0] = slot_id, hdr[1] = connection_id
1465 	 */
1466 	if (count < 2)
1467 		return -EINVAL;
1468 
1469 	/* extract slot & connection id */
1470 	if (copy_from_user(&slot, buf, 1))
1471 		return -EFAULT;
1472 	if (copy_from_user(&connection_id, buf + 1, 1))
1473 		return -EFAULT;
1474 	buf += 2;
1475 	count -= 2;
1476 	sl = &ca->slot_info[slot];
1477 
1478 	/* check if the slot is actually running */
1479 	if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1480 		return -EINVAL;
1481 
1482 	/* fragment the packets & store in the buffer */
1483 	while (fragpos < count) {
1484 		fraglen = sl->link_buf_size - 2;
1485 		if (fraglen < 0)
1486 			break;
1487 		if (fraglen > HOST_LINK_BUF_SIZE - 2)
1488 			fraglen = HOST_LINK_BUF_SIZE - 2;
1489 		if ((count - fragpos) < fraglen)
1490 			fraglen = count - fragpos;
1491 
1492 		fragbuf[0] = connection_id;
1493 		fragbuf[1] = ((fragpos + fraglen) < count) ? 0x80 : 0x00;
1494 		status = copy_from_user(fragbuf + 2, buf + fragpos, fraglen);
1495 		if (status) {
1496 			status = -EFAULT;
1497 			goto exit;
1498 		}
1499 
1500 		timeout = jiffies + HZ / 2;
1501 		written = 0;
1502 		while (!time_after(jiffies, timeout)) {
1503 			/*
1504 			 * check the CAM hasn't been removed/reset in the
1505 			 * meantime
1506 			 */
1507 			if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING) {
1508 				status = -EIO;
1509 				goto exit;
1510 			}
1511 
1512 			mutex_lock(&sl->slot_lock);
1513 			status = dvb_ca_en50221_write_data(ca, slot, fragbuf,
1514 							   fraglen + 2);
1515 			mutex_unlock(&sl->slot_lock);
1516 			if (status == (fraglen + 2)) {
1517 				written = 1;
1518 				break;
1519 			}
1520 			if (status != -EAGAIN)
1521 				goto exit;
1522 
1523 			usleep_range(1000, 1100);
1524 		}
1525 		if (!written) {
1526 			status = -EIO;
1527 			goto exit;
1528 		}
1529 
1530 		fragpos += fraglen;
1531 	}
1532 	status = count + 2;
1533 
1534 exit:
1535 	return status;
1536 }
1537 
1538 /*
1539  * Condition for waking up in dvb_ca_en50221_io_read_condition
1540  */
1541 static int dvb_ca_en50221_io_read_condition(struct dvb_ca_private *ca,
1542 					    int *result, int *_slot)
1543 {
1544 	int slot;
1545 	int slot_count = 0;
1546 	int idx;
1547 	size_t fraglen;
1548 	int connection_id = -1;
1549 	int found = 0;
1550 	u8 hdr[2];
1551 
1552 	slot = ca->next_read_slot;
1553 	while ((slot_count < ca->slot_count) && (!found)) {
1554 		struct dvb_ca_slot *sl = &ca->slot_info[slot];
1555 
1556 		if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1557 			goto nextslot;
1558 
1559 		if (!sl->rx_buffer.data)
1560 			return 0;
1561 
1562 		idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1563 		while (idx != -1) {
1564 			dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1565 			if (connection_id == -1)
1566 				connection_id = hdr[0];
1567 			if ((hdr[0] == connection_id) &&
1568 			    ((hdr[1] & 0x80) == 0)) {
1569 				*_slot = slot;
1570 				found = 1;
1571 				break;
1572 			}
1573 
1574 			idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx,
1575 						      &fraglen);
1576 		}
1577 
1578 nextslot:
1579 		slot = (slot + 1) % ca->slot_count;
1580 		slot_count++;
1581 	}
1582 
1583 	ca->next_read_slot = slot;
1584 	return found;
1585 }
1586 
1587 /**
1588  * Implementation of read() syscall.
1589  *
1590  * @file: File structure.
1591  * @buf: Destination buffer.
1592  * @count: Size of destination buffer.
1593  * @ppos: Position in file (ignored).
1594  *
1595  * return: Number of bytes read, or <0 on error.
1596  */
1597 static ssize_t dvb_ca_en50221_io_read(struct file *file, char __user *buf,
1598 				      size_t count, loff_t *ppos)
1599 {
1600 	struct dvb_device *dvbdev = file->private_data;
1601 	struct dvb_ca_private *ca = dvbdev->priv;
1602 	struct dvb_ca_slot *sl;
1603 	int status;
1604 	int result = 0;
1605 	u8 hdr[2];
1606 	int slot;
1607 	int connection_id = -1;
1608 	size_t idx, idx2;
1609 	int last_fragment = 0;
1610 	size_t fraglen;
1611 	int pktlen;
1612 	int dispose = 0;
1613 
1614 	dprintk("%s\n", __func__);
1615 
1616 	/*
1617 	 * Outgoing packet has a 2 byte header.
1618 	 * hdr[0] = slot_id, hdr[1] = connection_id
1619 	 */
1620 	if (count < 2)
1621 		return -EINVAL;
1622 
1623 	/* wait for some data */
1624 	status = dvb_ca_en50221_io_read_condition(ca, &result, &slot);
1625 	if (status == 0) {
1626 		/* if we're in nonblocking mode, exit immediately */
1627 		if (file->f_flags & O_NONBLOCK)
1628 			return -EWOULDBLOCK;
1629 
1630 		/* wait for some data */
1631 		status = wait_event_interruptible(ca->wait_queue,
1632 						  dvb_ca_en50221_io_read_condition
1633 						  (ca, &result, &slot));
1634 	}
1635 	if ((status < 0) || (result < 0)) {
1636 		if (result)
1637 			return result;
1638 		return status;
1639 	}
1640 
1641 	sl = &ca->slot_info[slot];
1642 	idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1643 	pktlen = 2;
1644 	do {
1645 		if (idx == -1) {
1646 			pr_err("dvb_ca adapter %d: BUG: read packet ended before last_fragment encountered\n",
1647 			       ca->dvbdev->adapter->num);
1648 			status = -EIO;
1649 			goto exit;
1650 		}
1651 
1652 		dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1653 		if (connection_id == -1)
1654 			connection_id = hdr[0];
1655 		if (hdr[0] == connection_id) {
1656 			if (pktlen < count) {
1657 				if ((pktlen + fraglen - 2) > count)
1658 					fraglen = count - pktlen;
1659 				else
1660 					fraglen -= 2;
1661 
1662 				status =
1663 				   dvb_ringbuffer_pkt_read_user(&sl->rx_buffer,
1664 								idx, 2,
1665 								buf + pktlen,
1666 								fraglen);
1667 				if (status < 0)
1668 					goto exit;
1669 
1670 				pktlen += fraglen;
1671 			}
1672 
1673 			if ((hdr[1] & 0x80) == 0)
1674 				last_fragment = 1;
1675 			dispose = 1;
1676 		}
1677 
1678 		idx2 = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx, &fraglen);
1679 		if (dispose)
1680 			dvb_ringbuffer_pkt_dispose(&sl->rx_buffer, idx);
1681 		idx = idx2;
1682 		dispose = 0;
1683 	} while (!last_fragment);
1684 
1685 	hdr[0] = slot;
1686 	hdr[1] = connection_id;
1687 	status = copy_to_user(buf, hdr, 2);
1688 	if (status) {
1689 		status = -EFAULT;
1690 		goto exit;
1691 	}
1692 	status = pktlen;
1693 
1694 exit:
1695 	return status;
1696 }
1697 
1698 /**
1699  * Implementation of file open syscall.
1700  *
1701  * @inode: Inode concerned.
1702  * @file: File concerned.
1703  *
1704  * return: 0 on success, <0 on failure.
1705  */
1706 static int dvb_ca_en50221_io_open(struct inode *inode, struct file *file)
1707 {
1708 	struct dvb_device *dvbdev = file->private_data;
1709 	struct dvb_ca_private *ca = dvbdev->priv;
1710 	int err;
1711 	int i;
1712 
1713 	dprintk("%s\n", __func__);
1714 
1715 	if (!try_module_get(ca->pub->owner))
1716 		return -EIO;
1717 
1718 	err = dvb_generic_open(inode, file);
1719 	if (err < 0) {
1720 		module_put(ca->pub->owner);
1721 		return err;
1722 	}
1723 
1724 	for (i = 0; i < ca->slot_count; i++) {
1725 		struct dvb_ca_slot *sl = &ca->slot_info[i];
1726 
1727 		if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING) {
1728 			if (!sl->rx_buffer.data) {
1729 				/*
1730 				 * it is safe to call this here without locks
1731 				 * because ca->open == 0. Data is not read in
1732 				 * this case
1733 				 */
1734 				dvb_ringbuffer_flush(&sl->rx_buffer);
1735 			}
1736 		}
1737 	}
1738 
1739 	ca->open = 1;
1740 	dvb_ca_en50221_thread_update_delay(ca);
1741 	dvb_ca_en50221_thread_wakeup(ca);
1742 
1743 	dvb_ca_private_get(ca);
1744 
1745 	return 0;
1746 }
1747 
1748 /**
1749  * Implementation of file close syscall.
1750  *
1751  * @inode: Inode concerned.
1752  * @file: File concerned.
1753  *
1754  * return: 0 on success, <0 on failure.
1755  */
1756 static int dvb_ca_en50221_io_release(struct inode *inode, struct file *file)
1757 {
1758 	struct dvb_device *dvbdev = file->private_data;
1759 	struct dvb_ca_private *ca = dvbdev->priv;
1760 	int err;
1761 
1762 	dprintk("%s\n", __func__);
1763 
1764 	/* mark the CA device as closed */
1765 	ca->open = 0;
1766 	dvb_ca_en50221_thread_update_delay(ca);
1767 
1768 	err = dvb_generic_release(inode, file);
1769 
1770 	module_put(ca->pub->owner);
1771 
1772 	dvb_ca_private_put(ca);
1773 
1774 	return err;
1775 }
1776 
1777 /**
1778  * Implementation of poll() syscall.
1779  *
1780  * @file: File concerned.
1781  * @wait: poll wait table.
1782  *
1783  * return: Standard poll mask.
1784  */
1785 static unsigned int dvb_ca_en50221_io_poll(struct file *file, poll_table *wait)
1786 {
1787 	struct dvb_device *dvbdev = file->private_data;
1788 	struct dvb_ca_private *ca = dvbdev->priv;
1789 	unsigned int mask = 0;
1790 	int slot;
1791 	int result = 0;
1792 
1793 	dprintk("%s\n", __func__);
1794 
1795 	if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1796 		mask |= POLLIN;
1797 
1798 	/* if there is something, return now */
1799 	if (mask)
1800 		return mask;
1801 
1802 	/* wait for something to happen */
1803 	poll_wait(file, &ca->wait_queue, wait);
1804 
1805 	if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1806 		mask |= POLLIN;
1807 
1808 	return mask;
1809 }
1810 
1811 static const struct file_operations dvb_ca_fops = {
1812 	.owner = THIS_MODULE,
1813 	.read = dvb_ca_en50221_io_read,
1814 	.write = dvb_ca_en50221_io_write,
1815 	.unlocked_ioctl = dvb_ca_en50221_io_ioctl,
1816 	.open = dvb_ca_en50221_io_open,
1817 	.release = dvb_ca_en50221_io_release,
1818 	.poll = dvb_ca_en50221_io_poll,
1819 	.llseek = noop_llseek,
1820 };
1821 
1822 static const struct dvb_device dvbdev_ca = {
1823 	.priv = NULL,
1824 	.users = 1,
1825 	.readers = 1,
1826 	.writers = 1,
1827 #if defined(CONFIG_MEDIA_CONTROLLER_DVB)
1828 	.name = "dvb-ca-en50221",
1829 #endif
1830 	.fops = &dvb_ca_fops,
1831 };
1832 
1833 /* ************************************************************************** */
1834 /* Initialisation/shutdown functions */
1835 
1836 /**
1837  * Initialise a new DVB CA EN50221 interface device.
1838  *
1839  * @dvb_adapter: DVB adapter to attach the new CA device to.
1840  * @pubca: The dvb_ca instance.
1841  * @flags: Flags describing the CA device (DVB_CA_FLAG_*).
1842  * @slot_count: Number of slots supported.
1843  *
1844  * return: 0 on success, nonzero on failure
1845  */
1846 int dvb_ca_en50221_init(struct dvb_adapter *dvb_adapter,
1847 			struct dvb_ca_en50221 *pubca, int flags, int slot_count)
1848 {
1849 	int ret;
1850 	struct dvb_ca_private *ca = NULL;
1851 	int i;
1852 
1853 	dprintk("%s\n", __func__);
1854 
1855 	if (slot_count < 1)
1856 		return -EINVAL;
1857 
1858 	/* initialise the system data */
1859 	ca = kzalloc(sizeof(*ca), GFP_KERNEL);
1860 	if (!ca) {
1861 		ret = -ENOMEM;
1862 		goto exit;
1863 	}
1864 	kref_init(&ca->refcount);
1865 	ca->pub = pubca;
1866 	ca->flags = flags;
1867 	ca->slot_count = slot_count;
1868 	ca->slot_info = kcalloc(slot_count, sizeof(struct dvb_ca_slot),
1869 				GFP_KERNEL);
1870 	if (!ca->slot_info) {
1871 		ret = -ENOMEM;
1872 		goto free_ca;
1873 	}
1874 	init_waitqueue_head(&ca->wait_queue);
1875 	ca->open = 0;
1876 	ca->wakeup = 0;
1877 	ca->next_read_slot = 0;
1878 	pubca->private = ca;
1879 
1880 	/* register the DVB device */
1881 	ret = dvb_register_device(dvb_adapter, &ca->dvbdev, &dvbdev_ca, ca,
1882 				  DVB_DEVICE_CA, 0);
1883 	if (ret)
1884 		goto free_slot_info;
1885 
1886 	/* now initialise each slot */
1887 	for (i = 0; i < slot_count; i++) {
1888 		struct dvb_ca_slot *sl = &ca->slot_info[i];
1889 
1890 		memset(sl, 0, sizeof(struct dvb_ca_slot));
1891 		sl->slot_state = DVB_CA_SLOTSTATE_NONE;
1892 		atomic_set(&sl->camchange_count, 0);
1893 		sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
1894 		mutex_init(&sl->slot_lock);
1895 	}
1896 
1897 	mutex_init(&ca->ioctl_mutex);
1898 
1899 	if (signal_pending(current)) {
1900 		ret = -EINTR;
1901 		goto unregister_device;
1902 	}
1903 	mb();
1904 
1905 	/* create a kthread for monitoring this CA device */
1906 	ca->thread = kthread_run(dvb_ca_en50221_thread, ca, "kdvb-ca-%i:%i",
1907 				 ca->dvbdev->adapter->num, ca->dvbdev->id);
1908 	if (IS_ERR(ca->thread)) {
1909 		ret = PTR_ERR(ca->thread);
1910 		pr_err("dvb_ca_init: failed to start kernel_thread (%d)\n",
1911 		       ret);
1912 		goto unregister_device;
1913 	}
1914 	return 0;
1915 
1916 unregister_device:
1917 	dvb_unregister_device(ca->dvbdev);
1918 free_slot_info:
1919 	kfree(ca->slot_info);
1920 free_ca:
1921 	kfree(ca);
1922 exit:
1923 	pubca->private = NULL;
1924 	return ret;
1925 }
1926 EXPORT_SYMBOL(dvb_ca_en50221_init);
1927 
1928 /**
1929  * Release a DVB CA EN50221 interface device.
1930  *
1931  * @pubca: The associated dvb_ca instance.
1932  */
1933 void dvb_ca_en50221_release(struct dvb_ca_en50221 *pubca)
1934 {
1935 	struct dvb_ca_private *ca = pubca->private;
1936 	int i;
1937 
1938 	dprintk("%s\n", __func__);
1939 
1940 	/* shutdown the thread if there was one */
1941 	kthread_stop(ca->thread);
1942 
1943 	for (i = 0; i < ca->slot_count; i++)
1944 		dvb_ca_en50221_slot_shutdown(ca, i);
1945 
1946 	dvb_remove_device(ca->dvbdev);
1947 	dvb_ca_private_put(ca);
1948 	pubca->private = NULL;
1949 }
1950 EXPORT_SYMBOL(dvb_ca_en50221_release);
1951