1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * FireDTV driver (formerly known as FireSAT)
4  *
5  * Copyright (C) 2004 Andreas Monitzer <andy@monitzer.com>
6  * Copyright (C) 2008 Ben Backx <ben@bbackx.com>
7  * Copyright (C) 2008 Henrik Kurelid <henrik@kurelid.se>
8  */
9 
10 #include <linux/bug.h>
11 #include <linux/crc32.h>
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/jiffies.h>
15 #include <linux/kernel.h>
16 #include <linux/moduleparam.h>
17 #include <linux/mutex.h>
18 #include <linux/string.h>
19 #include <linux/stringify.h>
20 #include <linux/wait.h>
21 #include <linux/workqueue.h>
22 
23 #include <media/dvb_frontend.h>
24 
25 #include "firedtv.h"
26 
27 #define FCP_COMMAND_REGISTER		0xfffff0000b00ULL
28 
29 #define AVC_CTYPE_CONTROL		0x0
30 #define AVC_CTYPE_STATUS		0x1
31 #define AVC_CTYPE_NOTIFY		0x3
32 
33 #define AVC_RESPONSE_ACCEPTED		0x9
34 #define AVC_RESPONSE_STABLE		0xc
35 #define AVC_RESPONSE_CHANGED		0xd
36 #define AVC_RESPONSE_INTERIM		0xf
37 
38 #define AVC_SUBUNIT_TYPE_TUNER		(0x05 << 3)
39 #define AVC_SUBUNIT_TYPE_UNIT		(0x1f << 3)
40 
41 #define AVC_OPCODE_VENDOR		0x00
42 #define AVC_OPCODE_READ_DESCRIPTOR	0x09
43 #define AVC_OPCODE_DSIT			0xc8
44 #define AVC_OPCODE_DSD			0xcb
45 
46 #define DESCRIPTOR_TUNER_STATUS		0x80
47 #define DESCRIPTOR_SUBUNIT_IDENTIFIER	0x00
48 
49 #define SFE_VENDOR_DE_COMPANYID_0	0x00 /* OUI of Digital Everywhere */
50 #define SFE_VENDOR_DE_COMPANYID_1	0x12
51 #define SFE_VENDOR_DE_COMPANYID_2	0x87
52 
53 #define SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL 0x0a
54 #define SFE_VENDOR_OPCODE_LNB_CONTROL		0x52
55 #define SFE_VENDOR_OPCODE_TUNE_QPSK		0x58 /* for DVB-S */
56 
57 #define SFE_VENDOR_OPCODE_GET_FIRMWARE_VERSION	0x00
58 #define SFE_VENDOR_OPCODE_HOST2CA		0x56
59 #define SFE_VENDOR_OPCODE_CA2HOST		0x57
60 #define SFE_VENDOR_OPCODE_CISTATUS		0x59
61 #define SFE_VENDOR_OPCODE_TUNE_QPSK2		0x60 /* for DVB-S2 */
62 
63 #define SFE_VENDOR_TAG_CA_RESET			0x00
64 #define SFE_VENDOR_TAG_CA_APPLICATION_INFO	0x01
65 #define SFE_VENDOR_TAG_CA_PMT			0x02
66 #define SFE_VENDOR_TAG_CA_DATE_TIME		0x04
67 #define SFE_VENDOR_TAG_CA_MMI			0x05
68 #define SFE_VENDOR_TAG_CA_ENTER_MENU		0x07
69 
70 #define EN50221_LIST_MANAGEMENT_ONLY	0x03
71 #define EN50221_TAG_APP_INFO		0x9f8021
72 #define EN50221_TAG_CA_INFO		0x9f8031
73 
74 struct avc_command_frame {
75 	u8 ctype;
76 	u8 subunit;
77 	u8 opcode;
78 	u8 operand[509];
79 };
80 
81 struct avc_response_frame {
82 	u8 response;
83 	u8 subunit;
84 	u8 opcode;
85 	u8 operand[509];
86 };
87 
88 #define LAST_OPERAND (509 - 1)
89 
90 static inline void clear_operands(struct avc_command_frame *c, int from, int to)
91 {
92 	memset(&c->operand[from], 0, to - from + 1);
93 }
94 
95 static void pad_operands(struct avc_command_frame *c, int from)
96 {
97 	int to = ALIGN(from, 4);
98 
99 	if (from <= to && to <= LAST_OPERAND)
100 		clear_operands(c, from, to);
101 }
102 
103 #define AVC_DEBUG_READ_DESCRIPTOR              0x0001
104 #define AVC_DEBUG_DSIT                         0x0002
105 #define AVC_DEBUG_DSD                          0x0004
106 #define AVC_DEBUG_REGISTER_REMOTE_CONTROL      0x0008
107 #define AVC_DEBUG_LNB_CONTROL                  0x0010
108 #define AVC_DEBUG_TUNE_QPSK                    0x0020
109 #define AVC_DEBUG_TUNE_QPSK2                   0x0040
110 #define AVC_DEBUG_HOST2CA                      0x0080
111 #define AVC_DEBUG_CA2HOST                      0x0100
112 #define AVC_DEBUG_APPLICATION_PMT              0x4000
113 #define AVC_DEBUG_FCP_PAYLOADS                 0x8000
114 
115 static int avc_debug;
116 module_param_named(debug, avc_debug, int, 0644);
117 MODULE_PARM_DESC(debug, "Verbose logging (none = 0"
118 	", FCP subactions"
119 	": READ DESCRIPTOR = "		__stringify(AVC_DEBUG_READ_DESCRIPTOR)
120 	", DSIT = "			__stringify(AVC_DEBUG_DSIT)
121 	", REGISTER_REMOTE_CONTROL = "	__stringify(AVC_DEBUG_REGISTER_REMOTE_CONTROL)
122 	", LNB CONTROL = "		__stringify(AVC_DEBUG_LNB_CONTROL)
123 	", TUNE QPSK = "		__stringify(AVC_DEBUG_TUNE_QPSK)
124 	", TUNE QPSK2 = "		__stringify(AVC_DEBUG_TUNE_QPSK2)
125 	", HOST2CA = "			__stringify(AVC_DEBUG_HOST2CA)
126 	", CA2HOST = "			__stringify(AVC_DEBUG_CA2HOST)
127 	"; Application sent PMT = "	__stringify(AVC_DEBUG_APPLICATION_PMT)
128 	", FCP payloads = "		__stringify(AVC_DEBUG_FCP_PAYLOADS)
129 	", or a combination, or all = -1)");
130 
131 /*
132  * This is a workaround since there is no vendor specific command to retrieve
133  * ca_info using AVC. If this parameter is not used, ca_system_id will be
134  * filled with application_manufacturer from ca_app_info.
135  * Digital Everywhere have said that adding ca_info is on their TODO list.
136  */
137 static unsigned int num_fake_ca_system_ids;
138 static int fake_ca_system_ids[4] = { -1, -1, -1, -1 };
139 module_param_array(fake_ca_system_ids, int, &num_fake_ca_system_ids, 0644);
140 MODULE_PARM_DESC(fake_ca_system_ids, "If your CAM application manufacturer "
141 		 "does not have the same ca_system_id as your CAS, you can "
142 		 "override what ca_system_ids are presented to the "
143 		 "application by setting this field to an array of ids.");
144 
145 static const char *debug_fcp_ctype(unsigned int ctype)
146 {
147 	static const char *ctypes[] = {
148 		[0x0] = "CONTROL",		[0x1] = "STATUS",
149 		[0x2] = "SPECIFIC INQUIRY",	[0x3] = "NOTIFY",
150 		[0x4] = "GENERAL INQUIRY",	[0x8] = "NOT IMPLEMENTED",
151 		[0x9] = "ACCEPTED",		[0xa] = "REJECTED",
152 		[0xb] = "IN TRANSITION",	[0xc] = "IMPLEMENTED/STABLE",
153 		[0xd] = "CHANGED",		[0xf] = "INTERIM",
154 	};
155 	const char *ret = ctype < ARRAY_SIZE(ctypes) ? ctypes[ctype] : NULL;
156 
157 	return ret ? ret : "?";
158 }
159 
160 static const char *debug_fcp_opcode(unsigned int opcode,
161 				    const u8 *data, int length)
162 {
163 	switch (opcode) {
164 	case AVC_OPCODE_VENDOR:
165 		break;
166 	case AVC_OPCODE_READ_DESCRIPTOR:
167 		return avc_debug & AVC_DEBUG_READ_DESCRIPTOR ?
168 				"ReadDescriptor" : NULL;
169 	case AVC_OPCODE_DSIT:
170 		return avc_debug & AVC_DEBUG_DSIT ?
171 				"DirectSelectInfo.Type" : NULL;
172 	case AVC_OPCODE_DSD:
173 		return avc_debug & AVC_DEBUG_DSD ? "DirectSelectData" : NULL;
174 	default:
175 		return "Unknown";
176 	}
177 
178 	if (length < 7 ||
179 	    data[3] != SFE_VENDOR_DE_COMPANYID_0 ||
180 	    data[4] != SFE_VENDOR_DE_COMPANYID_1 ||
181 	    data[5] != SFE_VENDOR_DE_COMPANYID_2)
182 		return "Vendor/Unknown";
183 
184 	switch (data[6]) {
185 	case SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL:
186 		return avc_debug & AVC_DEBUG_REGISTER_REMOTE_CONTROL ?
187 				"RegisterRC" : NULL;
188 	case SFE_VENDOR_OPCODE_LNB_CONTROL:
189 		return avc_debug & AVC_DEBUG_LNB_CONTROL ? "LNBControl" : NULL;
190 	case SFE_VENDOR_OPCODE_TUNE_QPSK:
191 		return avc_debug & AVC_DEBUG_TUNE_QPSK ? "TuneQPSK" : NULL;
192 	case SFE_VENDOR_OPCODE_TUNE_QPSK2:
193 		return avc_debug & AVC_DEBUG_TUNE_QPSK2 ? "TuneQPSK2" : NULL;
194 	case SFE_VENDOR_OPCODE_HOST2CA:
195 		return avc_debug & AVC_DEBUG_HOST2CA ? "Host2CA" : NULL;
196 	case SFE_VENDOR_OPCODE_CA2HOST:
197 		return avc_debug & AVC_DEBUG_CA2HOST ? "CA2Host" : NULL;
198 	}
199 	return "Vendor/Unknown";
200 }
201 
202 static void debug_fcp(const u8 *data, int length)
203 {
204 	unsigned int subunit_type, subunit_id, opcode;
205 	const char *op, *prefix;
206 
207 	prefix       = data[0] > 7 ? "FCP <- " : "FCP -> ";
208 	subunit_type = data[1] >> 3;
209 	subunit_id   = data[1] & 7;
210 	opcode       = subunit_type == 0x1e || subunit_id == 5 ? ~0 : data[2];
211 	op           = debug_fcp_opcode(opcode, data, length);
212 
213 	if (op) {
214 		printk(KERN_INFO "%ssu=%x.%x l=%d: %-8s - %s\n",
215 		       prefix, subunit_type, subunit_id, length,
216 		       debug_fcp_ctype(data[0]), op);
217 		if (avc_debug & AVC_DEBUG_FCP_PAYLOADS)
218 			print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_NONE,
219 				       16, 1, data, length, false);
220 	}
221 }
222 
223 static void debug_pmt(char *msg, int length)
224 {
225 	printk(KERN_INFO "APP PMT -> l=%d\n", length);
226 	print_hex_dump(KERN_INFO, "APP PMT -> ", DUMP_PREFIX_NONE,
227 		       16, 1, msg, length, false);
228 }
229 
230 static int avc_write(struct firedtv *fdtv)
231 {
232 	int err, retry;
233 
234 	fdtv->avc_reply_received = false;
235 
236 	for (retry = 0; retry < 6; retry++) {
237 		if (unlikely(avc_debug))
238 			debug_fcp(fdtv->avc_data, fdtv->avc_data_length);
239 
240 		err = fdtv_write(fdtv, FCP_COMMAND_REGISTER,
241 				 fdtv->avc_data, fdtv->avc_data_length);
242 		if (err) {
243 			dev_err(fdtv->device, "FCP command write failed\n");
244 
245 			return err;
246 		}
247 
248 		/*
249 		 * AV/C specs say that answers should be sent within 150 ms.
250 		 * Time out after 200 ms.
251 		 */
252 		if (wait_event_timeout(fdtv->avc_wait,
253 				       fdtv->avc_reply_received,
254 				       msecs_to_jiffies(200)) != 0)
255 			return 0;
256 	}
257 	dev_err(fdtv->device, "FCP response timed out\n");
258 
259 	return -ETIMEDOUT;
260 }
261 
262 static bool is_register_rc(struct avc_response_frame *r)
263 {
264 	return r->opcode     == AVC_OPCODE_VENDOR &&
265 	       r->operand[0] == SFE_VENDOR_DE_COMPANYID_0 &&
266 	       r->operand[1] == SFE_VENDOR_DE_COMPANYID_1 &&
267 	       r->operand[2] == SFE_VENDOR_DE_COMPANYID_2 &&
268 	       r->operand[3] == SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL;
269 }
270 
271 int avc_recv(struct firedtv *fdtv, void *data, size_t length)
272 {
273 	struct avc_response_frame *r = data;
274 
275 	if (unlikely(avc_debug))
276 		debug_fcp(data, length);
277 
278 	if (length >= 8 && is_register_rc(r)) {
279 		switch (r->response) {
280 		case AVC_RESPONSE_CHANGED:
281 			fdtv_handle_rc(fdtv, r->operand[4] << 8 | r->operand[5]);
282 			schedule_work(&fdtv->remote_ctrl_work);
283 			break;
284 		case AVC_RESPONSE_INTERIM:
285 			if (is_register_rc((void *)fdtv->avc_data))
286 				goto wake;
287 			break;
288 		default:
289 			dev_info(fdtv->device,
290 				 "remote control result = %d\n", r->response);
291 		}
292 		return 0;
293 	}
294 
295 	if (fdtv->avc_reply_received) {
296 		dev_err(fdtv->device, "out-of-order AVC response, ignored\n");
297 		return -EIO;
298 	}
299 
300 	memcpy(fdtv->avc_data, data, length);
301 	fdtv->avc_data_length = length;
302 wake:
303 	fdtv->avc_reply_received = true;
304 	wake_up(&fdtv->avc_wait);
305 
306 	return 0;
307 }
308 
309 static int add_pid_filter(struct firedtv *fdtv, u8 *operand)
310 {
311 	int i, n, pos = 1;
312 
313 	for (i = 0, n = 0; i < 16; i++) {
314 		if (test_bit(i, &fdtv->channel_active)) {
315 			operand[pos++] = 0x13; /* flowfunction relay */
316 			operand[pos++] = 0x80; /* dsd_sel_spec_valid_flags -> PID */
317 			operand[pos++] = (fdtv->channel_pid[i] >> 8) & 0x1f;
318 			operand[pos++] = fdtv->channel_pid[i] & 0xff;
319 			operand[pos++] = 0x00; /* tableID */
320 			operand[pos++] = 0x00; /* filter_length */
321 			n++;
322 		}
323 	}
324 	operand[0] = n;
325 
326 	return pos;
327 }
328 
329 /*
330  * tuning command for setting the relative LNB frequency
331  * (not supported by the AVC standard)
332  */
333 static int avc_tuner_tuneqpsk(struct firedtv *fdtv,
334 			      struct dtv_frontend_properties *p)
335 {
336 	struct avc_command_frame *c = (void *)fdtv->avc_data;
337 
338 	c->opcode = AVC_OPCODE_VENDOR;
339 
340 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
341 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
342 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
343 	if (fdtv->type == FIREDTV_DVB_S2)
344 		c->operand[3] = SFE_VENDOR_OPCODE_TUNE_QPSK2;
345 	else
346 		c->operand[3] = SFE_VENDOR_OPCODE_TUNE_QPSK;
347 
348 	c->operand[4] = (p->frequency >> 24) & 0xff;
349 	c->operand[5] = (p->frequency >> 16) & 0xff;
350 	c->operand[6] = (p->frequency >> 8) & 0xff;
351 	c->operand[7] = p->frequency & 0xff;
352 
353 	c->operand[8] = ((p->symbol_rate / 1000) >> 8) & 0xff;
354 	c->operand[9] = (p->symbol_rate / 1000) & 0xff;
355 
356 	switch (p->fec_inner) {
357 	case FEC_1_2:	c->operand[10] = 0x1; break;
358 	case FEC_2_3:	c->operand[10] = 0x2; break;
359 	case FEC_3_4:	c->operand[10] = 0x3; break;
360 	case FEC_5_6:	c->operand[10] = 0x4; break;
361 	case FEC_7_8:	c->operand[10] = 0x5; break;
362 	case FEC_4_5:
363 	case FEC_8_9:
364 	case FEC_AUTO:
365 	default:	c->operand[10] = 0x0;
366 	}
367 
368 	if (fdtv->voltage == 0xff)
369 		c->operand[11] = 0xff;
370 	else if (fdtv->voltage == SEC_VOLTAGE_18) /* polarisation */
371 		c->operand[11] = 0;
372 	else
373 		c->operand[11] = 1;
374 
375 	if (fdtv->tone == 0xff)
376 		c->operand[12] = 0xff;
377 	else if (fdtv->tone == SEC_TONE_ON) /* band */
378 		c->operand[12] = 1;
379 	else
380 		c->operand[12] = 0;
381 
382 	if (fdtv->type == FIREDTV_DVB_S2) {
383 		if (fdtv->fe.dtv_property_cache.delivery_system == SYS_DVBS2) {
384 			switch (fdtv->fe.dtv_property_cache.modulation) {
385 			case QAM_16:		c->operand[13] = 0x1; break;
386 			case QPSK:		c->operand[13] = 0x2; break;
387 			case PSK_8:		c->operand[13] = 0x3; break;
388 			default:		c->operand[13] = 0x2; break;
389 			}
390 			switch (fdtv->fe.dtv_property_cache.rolloff) {
391 			case ROLLOFF_35:	c->operand[14] = 0x2; break;
392 			case ROLLOFF_20:	c->operand[14] = 0x0; break;
393 			case ROLLOFF_25:	c->operand[14] = 0x1; break;
394 			case ROLLOFF_AUTO:
395 			default:		c->operand[14] = 0x2; break;
396 			/* case ROLLOFF_NONE:	c->operand[14] = 0xff; break; */
397 			}
398 			switch (fdtv->fe.dtv_property_cache.pilot) {
399 			case PILOT_AUTO:	c->operand[15] = 0x0; break;
400 			case PILOT_OFF:		c->operand[15] = 0x0; break;
401 			case PILOT_ON:		c->operand[15] = 0x1; break;
402 			}
403 		} else {
404 			c->operand[13] = 0x1;  /* auto modulation */
405 			c->operand[14] = 0xff; /* disable rolloff */
406 			c->operand[15] = 0xff; /* disable pilot */
407 		}
408 		return 16;
409 	} else {
410 		return 13;
411 	}
412 }
413 
414 static int avc_tuner_dsd_dvb_c(struct firedtv *fdtv,
415 			       struct dtv_frontend_properties *p)
416 {
417 	struct avc_command_frame *c = (void *)fdtv->avc_data;
418 
419 	c->opcode = AVC_OPCODE_DSD;
420 
421 	c->operand[0] = 0;    /* source plug */
422 	c->operand[1] = 0xd2; /* subfunction replace */
423 	c->operand[2] = 0x20; /* system id = DVB */
424 	c->operand[3] = 0x00; /* antenna number */
425 	c->operand[4] = 0x11; /* system_specific_multiplex selection_length */
426 
427 	/* multiplex_valid_flags, high byte */
428 	c->operand[5] =   0 << 7 /* reserved */
429 			| 0 << 6 /* Polarisation */
430 			| 0 << 5 /* Orbital_Pos */
431 			| 1 << 4 /* Frequency */
432 			| 1 << 3 /* Symbol_Rate */
433 			| 0 << 2 /* FEC_outer */
434 			| (p->fec_inner  != FEC_AUTO ? 1 << 1 : 0)
435 			| (p->modulation != QAM_AUTO ? 1 << 0 : 0);
436 
437 	/* multiplex_valid_flags, low byte */
438 	c->operand[6] =   0 << 7 /* NetworkID */
439 			| 0 << 0 /* reserved */ ;
440 
441 	c->operand[7]  = 0x00;
442 	c->operand[8]  = 0x00;
443 	c->operand[9]  = 0x00;
444 	c->operand[10] = 0x00;
445 
446 	c->operand[11] = (((p->frequency / 4000) >> 16) & 0xff) | (2 << 6);
447 	c->operand[12] = ((p->frequency / 4000) >> 8) & 0xff;
448 	c->operand[13] = (p->frequency / 4000) & 0xff;
449 	c->operand[14] = ((p->symbol_rate / 1000) >> 12) & 0xff;
450 	c->operand[15] = ((p->symbol_rate / 1000) >> 4) & 0xff;
451 	c->operand[16] = ((p->symbol_rate / 1000) << 4) & 0xf0;
452 	c->operand[17] = 0x00;
453 
454 	switch (p->fec_inner) {
455 	case FEC_1_2:	c->operand[18] = 0x1; break;
456 	case FEC_2_3:	c->operand[18] = 0x2; break;
457 	case FEC_3_4:	c->operand[18] = 0x3; break;
458 	case FEC_5_6:	c->operand[18] = 0x4; break;
459 	case FEC_7_8:	c->operand[18] = 0x5; break;
460 	case FEC_8_9:	c->operand[18] = 0x6; break;
461 	case FEC_4_5:	c->operand[18] = 0x8; break;
462 	case FEC_AUTO:
463 	default:	c->operand[18] = 0x0;
464 	}
465 
466 	switch (p->modulation) {
467 	case QAM_16:	c->operand[19] = 0x08; break;
468 	case QAM_32:	c->operand[19] = 0x10; break;
469 	case QAM_64:	c->operand[19] = 0x18; break;
470 	case QAM_128:	c->operand[19] = 0x20; break;
471 	case QAM_256:	c->operand[19] = 0x28; break;
472 	case QAM_AUTO:
473 	default:	c->operand[19] = 0x00;
474 	}
475 
476 	c->operand[20] = 0x00;
477 	c->operand[21] = 0x00;
478 
479 	return 22 + add_pid_filter(fdtv, &c->operand[22]);
480 }
481 
482 static int avc_tuner_dsd_dvb_t(struct firedtv *fdtv,
483 			       struct dtv_frontend_properties *p)
484 {
485 	struct avc_command_frame *c = (void *)fdtv->avc_data;
486 
487 	c->opcode = AVC_OPCODE_DSD;
488 
489 	c->operand[0] = 0;    /* source plug */
490 	c->operand[1] = 0xd2; /* subfunction replace */
491 	c->operand[2] = 0x20; /* system id = DVB */
492 	c->operand[3] = 0x00; /* antenna number */
493 	c->operand[4] = 0x0c; /* system_specific_multiplex selection_length */
494 
495 	/* multiplex_valid_flags, high byte */
496 	c->operand[5] =
497 	      0 << 7 /* reserved */
498 	    | 1 << 6 /* CenterFrequency */
499 	    | (p->bandwidth_hz != 0        ? 1 << 5 : 0)
500 	    | (p->modulation  != QAM_AUTO              ? 1 << 4 : 0)
501 	    | (p->hierarchy != HIERARCHY_AUTO ? 1 << 3 : 0)
502 	    | (p->code_rate_HP   != FEC_AUTO              ? 1 << 2 : 0)
503 	    | (p->code_rate_LP   != FEC_AUTO              ? 1 << 1 : 0)
504 	    | (p->guard_interval != GUARD_INTERVAL_AUTO   ? 1 << 0 : 0);
505 
506 	/* multiplex_valid_flags, low byte */
507 	c->operand[6] =
508 	      0 << 7 /* NetworkID */
509 	    | (p->transmission_mode != TRANSMISSION_MODE_AUTO ? 1 << 6 : 0)
510 	    | 0 << 5 /* OtherFrequencyFlag */
511 	    | 0 << 0 /* reserved */ ;
512 
513 	c->operand[7]  = 0x0;
514 	c->operand[8]  = (p->frequency / 10) >> 24;
515 	c->operand[9]  = ((p->frequency / 10) >> 16) & 0xff;
516 	c->operand[10] = ((p->frequency / 10) >>  8) & 0xff;
517 	c->operand[11] = (p->frequency / 10) & 0xff;
518 
519 	switch (p->bandwidth_hz) {
520 	case 7000000:	c->operand[12] = 0x20; break;
521 	case 8000000:
522 	case 6000000:	/* not defined by AVC spec */
523 	case 0:
524 	default:		c->operand[12] = 0x00;
525 	}
526 
527 	switch (p->modulation) {
528 	case QAM_16:	c->operand[13] = 1 << 6; break;
529 	case QAM_64:	c->operand[13] = 2 << 6; break;
530 	case QPSK:
531 	default:	c->operand[13] = 0x00;
532 	}
533 
534 	switch (p->hierarchy) {
535 	case HIERARCHY_1:	c->operand[13] |= 1 << 3; break;
536 	case HIERARCHY_2:	c->operand[13] |= 2 << 3; break;
537 	case HIERARCHY_4:	c->operand[13] |= 3 << 3; break;
538 	case HIERARCHY_AUTO:
539 	case HIERARCHY_NONE:
540 	default:		break;
541 	}
542 
543 	switch (p->code_rate_HP) {
544 	case FEC_2_3:	c->operand[13] |= 1; break;
545 	case FEC_3_4:	c->operand[13] |= 2; break;
546 	case FEC_5_6:	c->operand[13] |= 3; break;
547 	case FEC_7_8:	c->operand[13] |= 4; break;
548 	case FEC_1_2:
549 	default:	break;
550 	}
551 
552 	switch (p->code_rate_LP) {
553 	case FEC_2_3:	c->operand[14] = 1 << 5; break;
554 	case FEC_3_4:	c->operand[14] = 2 << 5; break;
555 	case FEC_5_6:	c->operand[14] = 3 << 5; break;
556 	case FEC_7_8:	c->operand[14] = 4 << 5; break;
557 	case FEC_1_2:
558 	default:	c->operand[14] = 0x00; break;
559 	}
560 
561 	switch (p->guard_interval) {
562 	case GUARD_INTERVAL_1_16:	c->operand[14] |= 1 << 3; break;
563 	case GUARD_INTERVAL_1_8:	c->operand[14] |= 2 << 3; break;
564 	case GUARD_INTERVAL_1_4:	c->operand[14] |= 3 << 3; break;
565 	case GUARD_INTERVAL_1_32:
566 	case GUARD_INTERVAL_AUTO:
567 	default:			break;
568 	}
569 
570 	switch (p->transmission_mode) {
571 	case TRANSMISSION_MODE_8K:	c->operand[14] |= 1 << 1; break;
572 	case TRANSMISSION_MODE_2K:
573 	case TRANSMISSION_MODE_AUTO:
574 	default:			break;
575 	}
576 
577 	c->operand[15] = 0x00; /* network_ID[0] */
578 	c->operand[16] = 0x00; /* network_ID[1] */
579 
580 	return 17 + add_pid_filter(fdtv, &c->operand[17]);
581 }
582 
583 int avc_tuner_dsd(struct firedtv *fdtv,
584 		  struct dtv_frontend_properties *p)
585 {
586 	struct avc_command_frame *c = (void *)fdtv->avc_data;
587 	int pos, ret;
588 
589 	mutex_lock(&fdtv->avc_mutex);
590 
591 	c->ctype   = AVC_CTYPE_CONTROL;
592 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
593 
594 	switch (fdtv->type) {
595 	case FIREDTV_DVB_S:
596 	case FIREDTV_DVB_S2: pos = avc_tuner_tuneqpsk(fdtv, p); break;
597 	case FIREDTV_DVB_C: pos = avc_tuner_dsd_dvb_c(fdtv, p); break;
598 	case FIREDTV_DVB_T: pos = avc_tuner_dsd_dvb_t(fdtv, p); break;
599 	default:
600 		ret = -EIO;
601 		goto unlock;
602 	}
603 	pad_operands(c, pos);
604 
605 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
606 	ret = avc_write(fdtv);
607 #if 0
608 	/*
609 	 * FIXME:
610 	 * u8 *status was an out-parameter of avc_tuner_dsd, unused by caller.
611 	 * Check for AVC_RESPONSE_ACCEPTED here instead?
612 	 */
613 	if (status)
614 		*status = r->operand[2];
615 #endif
616 unlock:
617 	mutex_unlock(&fdtv->avc_mutex);
618 
619 	if (ret == 0)
620 		msleep(500);
621 
622 	return ret;
623 }
624 
625 int avc_tuner_set_pids(struct firedtv *fdtv, unsigned char pidc, u16 pid[])
626 {
627 	struct avc_command_frame *c = (void *)fdtv->avc_data;
628 	int ret, pos, k;
629 
630 	if (pidc > 16 && pidc != 0xff)
631 		return -EINVAL;
632 
633 	mutex_lock(&fdtv->avc_mutex);
634 
635 	c->ctype   = AVC_CTYPE_CONTROL;
636 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
637 	c->opcode  = AVC_OPCODE_DSD;
638 
639 	c->operand[0] = 0;	/* source plug */
640 	c->operand[1] = 0xd2;	/* subfunction replace */
641 	c->operand[2] = 0x20;	/* system id = DVB */
642 	c->operand[3] = 0x00;	/* antenna number */
643 	c->operand[4] = 0x00;	/* system_specific_multiplex selection_length */
644 	c->operand[5] = pidc;	/* Nr_of_dsd_sel_specs */
645 
646 	pos = 6;
647 	if (pidc != 0xff)
648 		for (k = 0; k < pidc; k++) {
649 			c->operand[pos++] = 0x13; /* flowfunction relay */
650 			c->operand[pos++] = 0x80; /* dsd_sel_spec_valid_flags -> PID */
651 			c->operand[pos++] = (pid[k] >> 8) & 0x1f;
652 			c->operand[pos++] = pid[k] & 0xff;
653 			c->operand[pos++] = 0x00; /* tableID */
654 			c->operand[pos++] = 0x00; /* filter_length */
655 		}
656 	pad_operands(c, pos);
657 
658 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
659 	ret = avc_write(fdtv);
660 
661 	/* FIXME: check response code? */
662 
663 	mutex_unlock(&fdtv->avc_mutex);
664 
665 	if (ret == 0)
666 		msleep(50);
667 
668 	return ret;
669 }
670 
671 int avc_tuner_get_ts(struct firedtv *fdtv)
672 {
673 	struct avc_command_frame *c = (void *)fdtv->avc_data;
674 	int ret, sl;
675 
676 	mutex_lock(&fdtv->avc_mutex);
677 
678 	c->ctype   = AVC_CTYPE_CONTROL;
679 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
680 	c->opcode  = AVC_OPCODE_DSIT;
681 
682 	sl = fdtv->type == FIREDTV_DVB_T ? 0x0c : 0x11;
683 
684 	c->operand[0] = 0;	/* source plug */
685 	c->operand[1] = 0xd2;	/* subfunction replace */
686 	c->operand[2] = 0xff;	/* status */
687 	c->operand[3] = 0x20;	/* system id = DVB */
688 	c->operand[4] = 0x00;	/* antenna number */
689 	c->operand[5] = 0x0;	/* system_specific_search_flags */
690 	c->operand[6] = sl;	/* system_specific_multiplex selection_length */
691 	/*
692 	 * operand[7]: valid_flags[0]
693 	 * operand[8]: valid_flags[1]
694 	 * operand[7 + sl]: nr_of_dsit_sel_specs (always 0)
695 	 */
696 	clear_operands(c, 7, 24);
697 
698 	fdtv->avc_data_length = fdtv->type == FIREDTV_DVB_T ? 24 : 28;
699 	ret = avc_write(fdtv);
700 
701 	/* FIXME: check response code? */
702 
703 	mutex_unlock(&fdtv->avc_mutex);
704 
705 	if (ret == 0)
706 		msleep(250);
707 
708 	return ret;
709 }
710 
711 int avc_identify_subunit(struct firedtv *fdtv)
712 {
713 	struct avc_command_frame *c = (void *)fdtv->avc_data;
714 	struct avc_response_frame *r = (void *)fdtv->avc_data;
715 	int ret;
716 
717 	mutex_lock(&fdtv->avc_mutex);
718 
719 	c->ctype   = AVC_CTYPE_CONTROL;
720 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
721 	c->opcode  = AVC_OPCODE_READ_DESCRIPTOR;
722 
723 	c->operand[0] = DESCRIPTOR_SUBUNIT_IDENTIFIER;
724 	c->operand[1] = 0xff;
725 	c->operand[2] = 0x00;
726 	c->operand[3] = 0x00; /* length highbyte */
727 	c->operand[4] = 0x08; /* length lowbyte  */
728 	c->operand[5] = 0x00; /* offset highbyte */
729 	c->operand[6] = 0x0d; /* offset lowbyte  */
730 	clear_operands(c, 7, 8); /* padding */
731 
732 	fdtv->avc_data_length = 12;
733 	ret = avc_write(fdtv);
734 	if (ret < 0)
735 		goto out;
736 
737 	if ((r->response != AVC_RESPONSE_STABLE &&
738 	     r->response != AVC_RESPONSE_ACCEPTED) ||
739 	    (r->operand[3] << 8) + r->operand[4] != 8) {
740 		dev_err(fdtv->device, "cannot read subunit identifier\n");
741 		ret = -EINVAL;
742 	}
743 out:
744 	mutex_unlock(&fdtv->avc_mutex);
745 
746 	return ret;
747 }
748 
749 #define SIZEOF_ANTENNA_INPUT_INFO 22
750 
751 int avc_tuner_status(struct firedtv *fdtv, struct firedtv_tuner_status *stat)
752 {
753 	struct avc_command_frame *c = (void *)fdtv->avc_data;
754 	struct avc_response_frame *r = (void *)fdtv->avc_data;
755 	int length, ret;
756 
757 	mutex_lock(&fdtv->avc_mutex);
758 
759 	c->ctype   = AVC_CTYPE_CONTROL;
760 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
761 	c->opcode  = AVC_OPCODE_READ_DESCRIPTOR;
762 
763 	c->operand[0] = DESCRIPTOR_TUNER_STATUS;
764 	c->operand[1] = 0xff;	/* read_result_status */
765 	/*
766 	 * operand[2]: reserved
767 	 * operand[3]: SIZEOF_ANTENNA_INPUT_INFO >> 8
768 	 * operand[4]: SIZEOF_ANTENNA_INPUT_INFO & 0xff
769 	 */
770 	clear_operands(c, 2, 31);
771 
772 	fdtv->avc_data_length = 12;
773 	ret = avc_write(fdtv);
774 	if (ret < 0)
775 		goto out;
776 
777 	if (r->response != AVC_RESPONSE_STABLE &&
778 	    r->response != AVC_RESPONSE_ACCEPTED) {
779 		dev_err(fdtv->device, "cannot read tuner status\n");
780 		ret = -EINVAL;
781 		goto out;
782 	}
783 
784 	length = r->operand[9];
785 	if (r->operand[1] != 0x10 || length != SIZEOF_ANTENNA_INPUT_INFO) {
786 		dev_err(fdtv->device, "got invalid tuner status\n");
787 		ret = -EINVAL;
788 		goto out;
789 	}
790 
791 	stat->active_system		= r->operand[10];
792 	stat->searching			= r->operand[11] >> 7 & 1;
793 	stat->moving			= r->operand[11] >> 6 & 1;
794 	stat->no_rf			= r->operand[11] >> 5 & 1;
795 	stat->input			= r->operand[12] >> 7 & 1;
796 	stat->selected_antenna		= r->operand[12] & 0x7f;
797 	stat->ber			= r->operand[13] << 24 |
798 					  r->operand[14] << 16 |
799 					  r->operand[15] << 8 |
800 					  r->operand[16];
801 	stat->signal_strength		= r->operand[17];
802 	stat->raster_frequency		= r->operand[18] >> 6 & 2;
803 	stat->rf_frequency		= (r->operand[18] & 0x3f) << 16 |
804 					  r->operand[19] << 8 |
805 					  r->operand[20];
806 	stat->man_dep_info_length	= r->operand[21];
807 	stat->front_end_error		= r->operand[22] >> 4 & 1;
808 	stat->antenna_error		= r->operand[22] >> 3 & 1;
809 	stat->front_end_power_status	= r->operand[22] >> 1 & 1;
810 	stat->power_supply		= r->operand[22] & 1;
811 	stat->carrier_noise_ratio	= r->operand[23] << 8 |
812 					  r->operand[24];
813 	stat->power_supply_voltage	= r->operand[27];
814 	stat->antenna_voltage		= r->operand[28];
815 	stat->firewire_bus_voltage	= r->operand[29];
816 	stat->ca_mmi			= r->operand[30] & 1;
817 	stat->ca_pmt_reply		= r->operand[31] >> 7 & 1;
818 	stat->ca_date_time_request	= r->operand[31] >> 6 & 1;
819 	stat->ca_application_info	= r->operand[31] >> 5 & 1;
820 	stat->ca_module_present_status	= r->operand[31] >> 4 & 1;
821 	stat->ca_dvb_flag		= r->operand[31] >> 3 & 1;
822 	stat->ca_error_flag		= r->operand[31] >> 2 & 1;
823 	stat->ca_initialization_status	= r->operand[31] >> 1 & 1;
824 out:
825 	mutex_unlock(&fdtv->avc_mutex);
826 
827 	return ret;
828 }
829 
830 int avc_lnb_control(struct firedtv *fdtv, char voltage, char burst,
831 		    char conttone, char nrdiseq,
832 		    struct dvb_diseqc_master_cmd *diseqcmd)
833 {
834 	struct avc_command_frame *c = (void *)fdtv->avc_data;
835 	struct avc_response_frame *r = (void *)fdtv->avc_data;
836 	int pos, j, k, ret;
837 
838 	mutex_lock(&fdtv->avc_mutex);
839 
840 	c->ctype   = AVC_CTYPE_CONTROL;
841 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
842 	c->opcode  = AVC_OPCODE_VENDOR;
843 
844 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
845 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
846 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
847 	c->operand[3] = SFE_VENDOR_OPCODE_LNB_CONTROL;
848 	c->operand[4] = voltage;
849 	c->operand[5] = nrdiseq;
850 
851 	pos = 6;
852 	for (j = 0; j < nrdiseq; j++) {
853 		c->operand[pos++] = diseqcmd[j].msg_len;
854 
855 		for (k = 0; k < diseqcmd[j].msg_len; k++)
856 			c->operand[pos++] = diseqcmd[j].msg[k];
857 	}
858 	c->operand[pos++] = burst;
859 	c->operand[pos++] = conttone;
860 	pad_operands(c, pos);
861 
862 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
863 	ret = avc_write(fdtv);
864 	if (ret < 0)
865 		goto out;
866 
867 	if (r->response != AVC_RESPONSE_ACCEPTED) {
868 		dev_err(fdtv->device, "LNB control failed\n");
869 		ret = -EINVAL;
870 	}
871 out:
872 	mutex_unlock(&fdtv->avc_mutex);
873 
874 	return ret;
875 }
876 
877 int avc_register_remote_control(struct firedtv *fdtv)
878 {
879 	struct avc_command_frame *c = (void *)fdtv->avc_data;
880 	int ret;
881 
882 	mutex_lock(&fdtv->avc_mutex);
883 
884 	c->ctype   = AVC_CTYPE_NOTIFY;
885 	c->subunit = AVC_SUBUNIT_TYPE_UNIT | 7;
886 	c->opcode  = AVC_OPCODE_VENDOR;
887 
888 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
889 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
890 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
891 	c->operand[3] = SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL;
892 	c->operand[4] = 0; /* padding */
893 
894 	fdtv->avc_data_length = 8;
895 	ret = avc_write(fdtv);
896 
897 	/* FIXME: check response code? */
898 
899 	mutex_unlock(&fdtv->avc_mutex);
900 
901 	return ret;
902 }
903 
904 void avc_remote_ctrl_work(struct work_struct *work)
905 {
906 	struct firedtv *fdtv =
907 			container_of(work, struct firedtv, remote_ctrl_work);
908 
909 	/* Should it be rescheduled in failure cases? */
910 	avc_register_remote_control(fdtv);
911 }
912 
913 #if 0 /* FIXME: unused */
914 int avc_tuner_host2ca(struct firedtv *fdtv)
915 {
916 	struct avc_command_frame *c = (void *)fdtv->avc_data;
917 	int ret;
918 
919 	mutex_lock(&fdtv->avc_mutex);
920 
921 	c->ctype   = AVC_CTYPE_CONTROL;
922 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
923 	c->opcode  = AVC_OPCODE_VENDOR;
924 
925 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
926 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
927 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
928 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
929 	c->operand[4] = 0; /* slot */
930 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
931 	clear_operands(c, 6, 8);
932 
933 	fdtv->avc_data_length = 12;
934 	ret = avc_write(fdtv);
935 
936 	/* FIXME: check response code? */
937 
938 	mutex_unlock(&fdtv->avc_mutex);
939 
940 	return ret;
941 }
942 #endif
943 
944 static int get_ca_object_pos(struct avc_response_frame *r)
945 {
946 	int length = 1;
947 
948 	/* Check length of length field */
949 	if (r->operand[7] & 0x80)
950 		length = (r->operand[7] & 0x7f) + 1;
951 	return length + 7;
952 }
953 
954 static int get_ca_object_length(struct avc_response_frame *r)
955 {
956 #if 0 /* FIXME: unused */
957 	int size = 0;
958 	int i;
959 
960 	if (r->operand[7] & 0x80)
961 		for (i = 0; i < (r->operand[7] & 0x7f); i++) {
962 			size <<= 8;
963 			size += r->operand[8 + i];
964 		}
965 #endif
966 	return r->operand[7];
967 }
968 
969 int avc_ca_app_info(struct firedtv *fdtv, unsigned char *app_info,
970 		    unsigned int *len)
971 {
972 	struct avc_command_frame *c = (void *)fdtv->avc_data;
973 	struct avc_response_frame *r = (void *)fdtv->avc_data;
974 	int pos, ret;
975 
976 	mutex_lock(&fdtv->avc_mutex);
977 
978 	c->ctype   = AVC_CTYPE_STATUS;
979 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
980 	c->opcode  = AVC_OPCODE_VENDOR;
981 
982 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
983 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
984 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
985 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
986 	c->operand[4] = 0; /* slot */
987 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
988 	clear_operands(c, 6, LAST_OPERAND);
989 
990 	fdtv->avc_data_length = 12;
991 	ret = avc_write(fdtv);
992 	if (ret < 0)
993 		goto out;
994 
995 	/* FIXME: check response code and validate response data */
996 
997 	pos = get_ca_object_pos(r);
998 	app_info[0] = (EN50221_TAG_APP_INFO >> 16) & 0xff;
999 	app_info[1] = (EN50221_TAG_APP_INFO >>  8) & 0xff;
1000 	app_info[2] = (EN50221_TAG_APP_INFO >>  0) & 0xff;
1001 	app_info[3] = 6 + r->operand[pos + 4];
1002 	app_info[4] = 0x01;
1003 	memcpy(&app_info[5], &r->operand[pos], 5 + r->operand[pos + 4]);
1004 	*len = app_info[3] + 4;
1005 out:
1006 	mutex_unlock(&fdtv->avc_mutex);
1007 
1008 	return ret;
1009 }
1010 
1011 int avc_ca_info(struct firedtv *fdtv, unsigned char *app_info,
1012 		unsigned int *len)
1013 {
1014 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1015 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1016 	int i, pos, ret;
1017 
1018 	mutex_lock(&fdtv->avc_mutex);
1019 
1020 	c->ctype   = AVC_CTYPE_STATUS;
1021 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1022 	c->opcode  = AVC_OPCODE_VENDOR;
1023 
1024 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1025 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1026 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1027 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1028 	c->operand[4] = 0; /* slot */
1029 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
1030 	clear_operands(c, 6, LAST_OPERAND);
1031 
1032 	fdtv->avc_data_length = 12;
1033 	ret = avc_write(fdtv);
1034 	if (ret < 0)
1035 		goto out;
1036 
1037 	/* FIXME: check response code and validate response data */
1038 
1039 	pos = get_ca_object_pos(r);
1040 	app_info[0] = (EN50221_TAG_CA_INFO >> 16) & 0xff;
1041 	app_info[1] = (EN50221_TAG_CA_INFO >>  8) & 0xff;
1042 	app_info[2] = (EN50221_TAG_CA_INFO >>  0) & 0xff;
1043 	if (num_fake_ca_system_ids == 0) {
1044 		app_info[3] = 2;
1045 		app_info[4] = r->operand[pos + 0];
1046 		app_info[5] = r->operand[pos + 1];
1047 	} else {
1048 		app_info[3] = num_fake_ca_system_ids * 2;
1049 		for (i = 0; i < num_fake_ca_system_ids; i++) {
1050 			app_info[4 + i * 2] =
1051 				(fake_ca_system_ids[i] >> 8) & 0xff;
1052 			app_info[5 + i * 2] = fake_ca_system_ids[i] & 0xff;
1053 		}
1054 	}
1055 	*len = app_info[3] + 4;
1056 out:
1057 	mutex_unlock(&fdtv->avc_mutex);
1058 
1059 	return ret;
1060 }
1061 
1062 int avc_ca_reset(struct firedtv *fdtv)
1063 {
1064 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1065 	int ret;
1066 
1067 	mutex_lock(&fdtv->avc_mutex);
1068 
1069 	c->ctype   = AVC_CTYPE_CONTROL;
1070 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1071 	c->opcode  = AVC_OPCODE_VENDOR;
1072 
1073 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1074 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1075 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1076 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1077 	c->operand[4] = 0; /* slot */
1078 	c->operand[5] = SFE_VENDOR_TAG_CA_RESET; /* ca tag */
1079 	c->operand[6] = 0; /* more/last */
1080 	c->operand[7] = 1; /* length */
1081 	c->operand[8] = 0; /* force hardware reset */
1082 
1083 	fdtv->avc_data_length = 12;
1084 	ret = avc_write(fdtv);
1085 
1086 	/* FIXME: check response code? */
1087 
1088 	mutex_unlock(&fdtv->avc_mutex);
1089 
1090 	return ret;
1091 }
1092 
1093 int avc_ca_pmt(struct firedtv *fdtv, char *msg, int length)
1094 {
1095 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1096 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1097 	int list_management;
1098 	int program_info_length;
1099 	int pmt_cmd_id;
1100 	int read_pos;
1101 	int write_pos;
1102 	int es_info_length;
1103 	int crc32_csum;
1104 	int ret;
1105 
1106 	if (unlikely(avc_debug & AVC_DEBUG_APPLICATION_PMT))
1107 		debug_pmt(msg, length);
1108 
1109 	mutex_lock(&fdtv->avc_mutex);
1110 
1111 	c->ctype   = AVC_CTYPE_CONTROL;
1112 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1113 	c->opcode  = AVC_OPCODE_VENDOR;
1114 
1115 	if (msg[0] != EN50221_LIST_MANAGEMENT_ONLY) {
1116 		dev_info(fdtv->device, "forcing list_management to ONLY\n");
1117 		msg[0] = EN50221_LIST_MANAGEMENT_ONLY;
1118 	}
1119 	/* We take the cmd_id from the programme level only! */
1120 	list_management = msg[0];
1121 	program_info_length = ((msg[4] & 0x0f) << 8) + msg[5];
1122 	if (program_info_length > 0)
1123 		program_info_length--; /* Remove pmt_cmd_id */
1124 	pmt_cmd_id = msg[6];
1125 
1126 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1127 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1128 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1129 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1130 	c->operand[4] = 0; /* slot */
1131 	c->operand[5] = SFE_VENDOR_TAG_CA_PMT; /* ca tag */
1132 	c->operand[6] = 0; /* more/last */
1133 	/* Use three bytes for length field in case length > 127 */
1134 	c->operand[10] = list_management;
1135 	c->operand[11] = 0x01; /* pmt_cmd=OK_descramble */
1136 
1137 	/* TS program map table */
1138 
1139 	c->operand[12] = 0x02; /* Table id=2 */
1140 	c->operand[13] = 0x80; /* Section syntax + length */
1141 
1142 	c->operand[15] = msg[1]; /* Program number */
1143 	c->operand[16] = msg[2];
1144 	c->operand[17] = msg[3]; /* Version number and current/next */
1145 	c->operand[18] = 0x00; /* Section number=0 */
1146 	c->operand[19] = 0x00; /* Last section number=0 */
1147 	c->operand[20] = 0x1f; /* PCR_PID=1FFF */
1148 	c->operand[21] = 0xff;
1149 	c->operand[22] = (program_info_length >> 8); /* Program info length */
1150 	c->operand[23] = (program_info_length & 0xff);
1151 
1152 	/* CA descriptors at programme level */
1153 	read_pos = 6;
1154 	write_pos = 24;
1155 	if (program_info_length > 0) {
1156 		pmt_cmd_id = msg[read_pos++];
1157 		if (pmt_cmd_id != 1 && pmt_cmd_id != 4)
1158 			dev_err(fdtv->device,
1159 				"invalid pmt_cmd_id %d\n", pmt_cmd_id);
1160 		if (program_info_length > sizeof(c->operand) - 4 - write_pos) {
1161 			ret = -EINVAL;
1162 			goto out;
1163 		}
1164 
1165 		memcpy(&c->operand[write_pos], &msg[read_pos],
1166 		       program_info_length);
1167 		read_pos += program_info_length;
1168 		write_pos += program_info_length;
1169 	}
1170 	while (read_pos + 4 < length) {
1171 		if (write_pos + 4 >= sizeof(c->operand) - 4) {
1172 			ret = -EINVAL;
1173 			goto out;
1174 		}
1175 		c->operand[write_pos++] = msg[read_pos++];
1176 		c->operand[write_pos++] = msg[read_pos++];
1177 		c->operand[write_pos++] = msg[read_pos++];
1178 		es_info_length =
1179 			((msg[read_pos] & 0x0f) << 8) + msg[read_pos + 1];
1180 		read_pos += 2;
1181 		if (es_info_length > 0)
1182 			es_info_length--; /* Remove pmt_cmd_id */
1183 		c->operand[write_pos++] = es_info_length >> 8;
1184 		c->operand[write_pos++] = es_info_length & 0xff;
1185 		if (es_info_length > 0) {
1186 			if (read_pos >= length) {
1187 				ret = -EINVAL;
1188 				goto out;
1189 			}
1190 			pmt_cmd_id = msg[read_pos++];
1191 			if (pmt_cmd_id != 1 && pmt_cmd_id != 4)
1192 				dev_err(fdtv->device, "invalid pmt_cmd_id %d at stream level\n",
1193 					pmt_cmd_id);
1194 
1195 			if (es_info_length > sizeof(c->operand) - 4 - write_pos ||
1196 			    es_info_length > length - read_pos) {
1197 				ret = -EINVAL;
1198 				goto out;
1199 			}
1200 
1201 			memcpy(&c->operand[write_pos], &msg[read_pos],
1202 			       es_info_length);
1203 			read_pos += es_info_length;
1204 			write_pos += es_info_length;
1205 		}
1206 	}
1207 	write_pos += 4; /* CRC */
1208 
1209 	c->operand[7] = 0x82;
1210 	c->operand[8] = (write_pos - 10) >> 8;
1211 	c->operand[9] = (write_pos - 10) & 0xff;
1212 	c->operand[14] = write_pos - 15;
1213 
1214 	crc32_csum = crc32_be(0, &c->operand[10], c->operand[12] - 1);
1215 	c->operand[write_pos - 4] = (crc32_csum >> 24) & 0xff;
1216 	c->operand[write_pos - 3] = (crc32_csum >> 16) & 0xff;
1217 	c->operand[write_pos - 2] = (crc32_csum >>  8) & 0xff;
1218 	c->operand[write_pos - 1] = (crc32_csum >>  0) & 0xff;
1219 	pad_operands(c, write_pos);
1220 
1221 	fdtv->avc_data_length = ALIGN(3 + write_pos, 4);
1222 	ret = avc_write(fdtv);
1223 	if (ret < 0)
1224 		goto out;
1225 
1226 	if (r->response != AVC_RESPONSE_ACCEPTED) {
1227 		dev_err(fdtv->device,
1228 			"CA PMT failed with response 0x%x\n", r->response);
1229 		ret = -EACCES;
1230 	}
1231 out:
1232 	mutex_unlock(&fdtv->avc_mutex);
1233 
1234 	return ret;
1235 }
1236 
1237 int avc_ca_get_time_date(struct firedtv *fdtv, int *interval)
1238 {
1239 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1240 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1241 	int ret;
1242 
1243 	mutex_lock(&fdtv->avc_mutex);
1244 
1245 	c->ctype   = AVC_CTYPE_STATUS;
1246 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1247 	c->opcode  = AVC_OPCODE_VENDOR;
1248 
1249 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1250 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1251 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1252 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1253 	c->operand[4] = 0; /* slot */
1254 	c->operand[5] = SFE_VENDOR_TAG_CA_DATE_TIME; /* ca tag */
1255 	clear_operands(c, 6, LAST_OPERAND);
1256 
1257 	fdtv->avc_data_length = 12;
1258 	ret = avc_write(fdtv);
1259 	if (ret < 0)
1260 		goto out;
1261 
1262 	/* FIXME: check response code and validate response data */
1263 
1264 	*interval = r->operand[get_ca_object_pos(r)];
1265 out:
1266 	mutex_unlock(&fdtv->avc_mutex);
1267 
1268 	return ret;
1269 }
1270 
1271 int avc_ca_enter_menu(struct firedtv *fdtv)
1272 {
1273 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1274 	int ret;
1275 
1276 	mutex_lock(&fdtv->avc_mutex);
1277 
1278 	c->ctype   = AVC_CTYPE_STATUS;
1279 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1280 	c->opcode  = AVC_OPCODE_VENDOR;
1281 
1282 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1283 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1284 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1285 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1286 	c->operand[4] = 0; /* slot */
1287 	c->operand[5] = SFE_VENDOR_TAG_CA_ENTER_MENU;
1288 	clear_operands(c, 6, 8);
1289 
1290 	fdtv->avc_data_length = 12;
1291 	ret = avc_write(fdtv);
1292 
1293 	/* FIXME: check response code? */
1294 
1295 	mutex_unlock(&fdtv->avc_mutex);
1296 
1297 	return ret;
1298 }
1299 
1300 int avc_ca_get_mmi(struct firedtv *fdtv, char *mmi_object, unsigned int *len)
1301 {
1302 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1303 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1304 	int ret;
1305 
1306 	mutex_lock(&fdtv->avc_mutex);
1307 
1308 	c->ctype   = AVC_CTYPE_STATUS;
1309 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1310 	c->opcode  = AVC_OPCODE_VENDOR;
1311 
1312 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1313 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1314 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1315 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1316 	c->operand[4] = 0; /* slot */
1317 	c->operand[5] = SFE_VENDOR_TAG_CA_MMI;
1318 	clear_operands(c, 6, LAST_OPERAND);
1319 
1320 	fdtv->avc_data_length = 12;
1321 	ret = avc_write(fdtv);
1322 	if (ret < 0)
1323 		goto out;
1324 
1325 	/* FIXME: check response code and validate response data */
1326 
1327 	*len = get_ca_object_length(r);
1328 	memcpy(mmi_object, &r->operand[get_ca_object_pos(r)], *len);
1329 out:
1330 	mutex_unlock(&fdtv->avc_mutex);
1331 
1332 	return ret;
1333 }
1334 
1335 #define CMP_OUTPUT_PLUG_CONTROL_REG_0	0xfffff0000904ULL
1336 
1337 static int cmp_read(struct firedtv *fdtv, u64 addr, __be32 *data)
1338 {
1339 	int ret;
1340 
1341 	ret = fdtv_read(fdtv, addr, data);
1342 	if (ret < 0)
1343 		dev_err(fdtv->device, "CMP: read I/O error\n");
1344 
1345 	return ret;
1346 }
1347 
1348 static int cmp_lock(struct firedtv *fdtv, u64 addr, __be32 data[])
1349 {
1350 	int ret;
1351 
1352 	ret = fdtv_lock(fdtv, addr, data);
1353 	if (ret < 0)
1354 		dev_err(fdtv->device, "CMP: lock I/O error\n");
1355 
1356 	return ret;
1357 }
1358 
1359 static inline u32 get_opcr(__be32 opcr, u32 mask, u32 shift)
1360 {
1361 	return (be32_to_cpu(opcr) >> shift) & mask;
1362 }
1363 
1364 static inline void set_opcr(__be32 *opcr, u32 value, u32 mask, u32 shift)
1365 {
1366 	*opcr &= ~cpu_to_be32(mask << shift);
1367 	*opcr |= cpu_to_be32((value & mask) << shift);
1368 }
1369 
1370 #define get_opcr_online(v)		get_opcr((v), 0x1, 31)
1371 #define get_opcr_p2p_connections(v)	get_opcr((v), 0x3f, 24)
1372 #define get_opcr_channel(v)		get_opcr((v), 0x3f, 16)
1373 
1374 #define set_opcr_p2p_connections(p, v)	set_opcr((p), (v), 0x3f, 24)
1375 #define set_opcr_channel(p, v)		set_opcr((p), (v), 0x3f, 16)
1376 #define set_opcr_data_rate(p, v)	set_opcr((p), (v), 0x3, 14)
1377 #define set_opcr_overhead_id(p, v)	set_opcr((p), (v), 0xf, 10)
1378 
1379 int cmp_establish_pp_connection(struct firedtv *fdtv, int plug, int channel)
1380 {
1381 	__be32 old_opcr, opcr[2];
1382 	u64 opcr_address = CMP_OUTPUT_PLUG_CONTROL_REG_0 + (plug << 2);
1383 	int attempts = 0;
1384 	int ret;
1385 
1386 	ret = cmp_read(fdtv, opcr_address, opcr);
1387 	if (ret < 0)
1388 		return ret;
1389 
1390 repeat:
1391 	if (!get_opcr_online(*opcr)) {
1392 		dev_err(fdtv->device, "CMP: output offline\n");
1393 		return -EBUSY;
1394 	}
1395 
1396 	old_opcr = *opcr;
1397 
1398 	if (get_opcr_p2p_connections(*opcr)) {
1399 		if (get_opcr_channel(*opcr) != channel) {
1400 			dev_err(fdtv->device, "CMP: cannot change channel\n");
1401 			return -EBUSY;
1402 		}
1403 		dev_info(fdtv->device, "CMP: overlaying connection\n");
1404 
1405 		/* We don't allocate isochronous resources. */
1406 	} else {
1407 		set_opcr_channel(opcr, channel);
1408 		set_opcr_data_rate(opcr, 2); /* S400 */
1409 
1410 		/* FIXME: this is for the worst case - optimize */
1411 		set_opcr_overhead_id(opcr, 0);
1412 
1413 		/* FIXME: allocate isochronous channel and bandwidth at IRM */
1414 	}
1415 
1416 	set_opcr_p2p_connections(opcr, get_opcr_p2p_connections(*opcr) + 1);
1417 
1418 	opcr[1] = *opcr;
1419 	opcr[0] = old_opcr;
1420 
1421 	ret = cmp_lock(fdtv, opcr_address, opcr);
1422 	if (ret < 0)
1423 		return ret;
1424 
1425 	if (old_opcr != *opcr) {
1426 		/*
1427 		 * FIXME: if old_opcr.P2P_Connections > 0,
1428 		 * deallocate isochronous channel and bandwidth at IRM
1429 		 */
1430 
1431 		if (++attempts < 6) /* arbitrary limit */
1432 			goto repeat;
1433 		return -EBUSY;
1434 	}
1435 
1436 	return 0;
1437 }
1438 
1439 void cmp_break_pp_connection(struct firedtv *fdtv, int plug, int channel)
1440 {
1441 	__be32 old_opcr, opcr[2];
1442 	u64 opcr_address = CMP_OUTPUT_PLUG_CONTROL_REG_0 + (plug << 2);
1443 	int attempts = 0;
1444 
1445 	if (cmp_read(fdtv, opcr_address, opcr) < 0)
1446 		return;
1447 
1448 repeat:
1449 	if (!get_opcr_online(*opcr) || !get_opcr_p2p_connections(*opcr) ||
1450 	    get_opcr_channel(*opcr) != channel) {
1451 		dev_err(fdtv->device, "CMP: no connection to break\n");
1452 		return;
1453 	}
1454 
1455 	old_opcr = *opcr;
1456 	set_opcr_p2p_connections(opcr, get_opcr_p2p_connections(*opcr) - 1);
1457 
1458 	opcr[1] = *opcr;
1459 	opcr[0] = old_opcr;
1460 
1461 	if (cmp_lock(fdtv, opcr_address, opcr) < 0)
1462 		return;
1463 
1464 	if (old_opcr != *opcr) {
1465 		/*
1466 		 * FIXME: if old_opcr.P2P_Connections == 1, i.e. we were last
1467 		 * owner, deallocate isochronous channel and bandwidth at IRM
1468 		 * if (...)
1469 		 *	fdtv->backend->dealloc_resources(fdtv, channel, bw);
1470 		 */
1471 
1472 		if (++attempts < 6) /* arbitrary limit */
1473 			goto repeat;
1474 	}
1475 }
1476