xref: /openbmc/linux/drivers/media/firewire/firedtv-avc.c (revision e65e175b07bef5974045cc42238de99057669ca7)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * FireDTV driver (formerly known as FireSAT)
4  *
5  * Copyright (C) 2004 Andreas Monitzer <andy@monitzer.com>
6  * Copyright (C) 2008 Ben Backx <ben@bbackx.com>
7  * Copyright (C) 2008 Henrik Kurelid <henrik@kurelid.se>
8  */
9 
10 #include <linux/bug.h>
11 #include <linux/crc32.h>
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/jiffies.h>
15 #include <linux/kernel.h>
16 #include <linux/moduleparam.h>
17 #include <linux/mutex.h>
18 #include <linux/string.h>
19 #include <linux/stringify.h>
20 #include <linux/wait.h>
21 #include <linux/workqueue.h>
22 
23 #include <media/dvb_frontend.h>
24 
25 #include "firedtv.h"
26 
27 #define FCP_COMMAND_REGISTER		0xfffff0000b00ULL
28 
29 #define AVC_CTYPE_CONTROL		0x0
30 #define AVC_CTYPE_STATUS		0x1
31 #define AVC_CTYPE_NOTIFY		0x3
32 
33 #define AVC_RESPONSE_ACCEPTED		0x9
34 #define AVC_RESPONSE_STABLE		0xc
35 #define AVC_RESPONSE_CHANGED		0xd
36 #define AVC_RESPONSE_INTERIM		0xf
37 
38 #define AVC_SUBUNIT_TYPE_TUNER		(0x05 << 3)
39 #define AVC_SUBUNIT_TYPE_UNIT		(0x1f << 3)
40 
41 #define AVC_OPCODE_VENDOR		0x00
42 #define AVC_OPCODE_READ_DESCRIPTOR	0x09
43 #define AVC_OPCODE_DSIT			0xc8
44 #define AVC_OPCODE_DSD			0xcb
45 
46 #define DESCRIPTOR_TUNER_STATUS		0x80
47 #define DESCRIPTOR_SUBUNIT_IDENTIFIER	0x00
48 
49 #define SFE_VENDOR_DE_COMPANYID_0	0x00 /* OUI of Digital Everywhere */
50 #define SFE_VENDOR_DE_COMPANYID_1	0x12
51 #define SFE_VENDOR_DE_COMPANYID_2	0x87
52 
53 #define SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL 0x0a
54 #define SFE_VENDOR_OPCODE_LNB_CONTROL		0x52
55 #define SFE_VENDOR_OPCODE_TUNE_QPSK		0x58 /* for DVB-S */
56 
57 #define SFE_VENDOR_OPCODE_GET_FIRMWARE_VERSION	0x00
58 #define SFE_VENDOR_OPCODE_HOST2CA		0x56
59 #define SFE_VENDOR_OPCODE_CA2HOST		0x57
60 #define SFE_VENDOR_OPCODE_CISTATUS		0x59
61 #define SFE_VENDOR_OPCODE_TUNE_QPSK2		0x60 /* for DVB-S2 */
62 
63 #define SFE_VENDOR_TAG_CA_RESET			0x00
64 #define SFE_VENDOR_TAG_CA_APPLICATION_INFO	0x01
65 #define SFE_VENDOR_TAG_CA_PMT			0x02
66 #define SFE_VENDOR_TAG_CA_DATE_TIME		0x04
67 #define SFE_VENDOR_TAG_CA_MMI			0x05
68 #define SFE_VENDOR_TAG_CA_ENTER_MENU		0x07
69 
70 #define EN50221_LIST_MANAGEMENT_ONLY	0x03
71 #define EN50221_TAG_APP_INFO		0x9f8021
72 #define EN50221_TAG_CA_INFO		0x9f8031
73 
74 struct avc_command_frame {
75 	u8 ctype;
76 	u8 subunit;
77 	u8 opcode;
78 	u8 operand[509];
79 };
80 
81 struct avc_response_frame {
82 	u8 response;
83 	u8 subunit;
84 	u8 opcode;
85 	u8 operand[509];
86 };
87 
88 #define LAST_OPERAND (509 - 1)
89 
90 static inline void clear_operands(struct avc_command_frame *c, int from, int to)
91 {
92 	memset(&c->operand[from], 0, to - from + 1);
93 }
94 
95 static void pad_operands(struct avc_command_frame *c, int from)
96 {
97 	int to = ALIGN(from, 4);
98 
99 	if (from <= to && to <= LAST_OPERAND)
100 		clear_operands(c, from, to);
101 }
102 
103 #define AVC_DEBUG_READ_DESCRIPTOR              0x0001
104 #define AVC_DEBUG_DSIT                         0x0002
105 #define AVC_DEBUG_DSD                          0x0004
106 #define AVC_DEBUG_REGISTER_REMOTE_CONTROL      0x0008
107 #define AVC_DEBUG_LNB_CONTROL                  0x0010
108 #define AVC_DEBUG_TUNE_QPSK                    0x0020
109 #define AVC_DEBUG_TUNE_QPSK2                   0x0040
110 #define AVC_DEBUG_HOST2CA                      0x0080
111 #define AVC_DEBUG_CA2HOST                      0x0100
112 #define AVC_DEBUG_APPLICATION_PMT              0x4000
113 #define AVC_DEBUG_FCP_PAYLOADS                 0x8000
114 
115 static int avc_debug;
116 module_param_named(debug, avc_debug, int, 0644);
117 MODULE_PARM_DESC(debug, "Verbose logging (none = 0"
118 	", FCP subactions"
119 	": READ DESCRIPTOR = "		__stringify(AVC_DEBUG_READ_DESCRIPTOR)
120 	", DSIT = "			__stringify(AVC_DEBUG_DSIT)
121 	", REGISTER_REMOTE_CONTROL = "	__stringify(AVC_DEBUG_REGISTER_REMOTE_CONTROL)
122 	", LNB CONTROL = "		__stringify(AVC_DEBUG_LNB_CONTROL)
123 	", TUNE QPSK = "		__stringify(AVC_DEBUG_TUNE_QPSK)
124 	", TUNE QPSK2 = "		__stringify(AVC_DEBUG_TUNE_QPSK2)
125 	", HOST2CA = "			__stringify(AVC_DEBUG_HOST2CA)
126 	", CA2HOST = "			__stringify(AVC_DEBUG_CA2HOST)
127 	"; Application sent PMT = "	__stringify(AVC_DEBUG_APPLICATION_PMT)
128 	", FCP payloads = "		__stringify(AVC_DEBUG_FCP_PAYLOADS)
129 	", or a combination, or all = -1)");
130 
131 /*
132  * This is a workaround since there is no vendor specific command to retrieve
133  * ca_info using AVC. If this parameter is not used, ca_system_id will be
134  * filled with application_manufacturer from ca_app_info.
135  * Digital Everywhere have said that adding ca_info is on their TODO list.
136  */
137 static unsigned int num_fake_ca_system_ids;
138 static int fake_ca_system_ids[4] = { -1, -1, -1, -1 };
139 module_param_array(fake_ca_system_ids, int, &num_fake_ca_system_ids, 0644);
140 MODULE_PARM_DESC(fake_ca_system_ids, "If your CAM application manufacturer "
141 		 "does not have the same ca_system_id as your CAS, you can "
142 		 "override what ca_system_ids are presented to the "
143 		 "application by setting this field to an array of ids.");
144 
145 static const char *debug_fcp_ctype(unsigned int ctype)
146 {
147 	static const char *ctypes[] = {
148 		[0x0] = "CONTROL",		[0x1] = "STATUS",
149 		[0x2] = "SPECIFIC INQUIRY",	[0x3] = "NOTIFY",
150 		[0x4] = "GENERAL INQUIRY",	[0x8] = "NOT IMPLEMENTED",
151 		[0x9] = "ACCEPTED",		[0xa] = "REJECTED",
152 		[0xb] = "IN TRANSITION",	[0xc] = "IMPLEMENTED/STABLE",
153 		[0xd] = "CHANGED",		[0xf] = "INTERIM",
154 	};
155 	const char *ret = ctype < ARRAY_SIZE(ctypes) ? ctypes[ctype] : NULL;
156 
157 	return ret ? ret : "?";
158 }
159 
160 static const char *debug_fcp_opcode(unsigned int opcode,
161 				    const u8 *data, int length)
162 {
163 	switch (opcode) {
164 	case AVC_OPCODE_VENDOR:
165 		break;
166 	case AVC_OPCODE_READ_DESCRIPTOR:
167 		return avc_debug & AVC_DEBUG_READ_DESCRIPTOR ?
168 				"ReadDescriptor" : NULL;
169 	case AVC_OPCODE_DSIT:
170 		return avc_debug & AVC_DEBUG_DSIT ?
171 				"DirectSelectInfo.Type" : NULL;
172 	case AVC_OPCODE_DSD:
173 		return avc_debug & AVC_DEBUG_DSD ? "DirectSelectData" : NULL;
174 	default:
175 		return "Unknown";
176 	}
177 
178 	if (length < 7 ||
179 	    data[3] != SFE_VENDOR_DE_COMPANYID_0 ||
180 	    data[4] != SFE_VENDOR_DE_COMPANYID_1 ||
181 	    data[5] != SFE_VENDOR_DE_COMPANYID_2)
182 		return "Vendor/Unknown";
183 
184 	switch (data[6]) {
185 	case SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL:
186 		return avc_debug & AVC_DEBUG_REGISTER_REMOTE_CONTROL ?
187 				"RegisterRC" : NULL;
188 	case SFE_VENDOR_OPCODE_LNB_CONTROL:
189 		return avc_debug & AVC_DEBUG_LNB_CONTROL ? "LNBControl" : NULL;
190 	case SFE_VENDOR_OPCODE_TUNE_QPSK:
191 		return avc_debug & AVC_DEBUG_TUNE_QPSK ? "TuneQPSK" : NULL;
192 	case SFE_VENDOR_OPCODE_TUNE_QPSK2:
193 		return avc_debug & AVC_DEBUG_TUNE_QPSK2 ? "TuneQPSK2" : NULL;
194 	case SFE_VENDOR_OPCODE_HOST2CA:
195 		return avc_debug & AVC_DEBUG_HOST2CA ? "Host2CA" : NULL;
196 	case SFE_VENDOR_OPCODE_CA2HOST:
197 		return avc_debug & AVC_DEBUG_CA2HOST ? "CA2Host" : NULL;
198 	}
199 	return "Vendor/Unknown";
200 }
201 
202 static void debug_fcp(const u8 *data, int length)
203 {
204 	unsigned int subunit_type, subunit_id, opcode;
205 	const char *op, *prefix;
206 
207 	prefix       = data[0] > 7 ? "FCP <- " : "FCP -> ";
208 	subunit_type = data[1] >> 3;
209 	subunit_id   = data[1] & 7;
210 	opcode       = subunit_type == 0x1e || subunit_id == 5 ? ~0 : data[2];
211 	op           = debug_fcp_opcode(opcode, data, length);
212 
213 	if (op) {
214 		printk(KERN_INFO "%ssu=%x.%x l=%d: %-8s - %s\n",
215 		       prefix, subunit_type, subunit_id, length,
216 		       debug_fcp_ctype(data[0]), op);
217 		if (avc_debug & AVC_DEBUG_FCP_PAYLOADS)
218 			print_hex_dump(KERN_INFO, prefix, DUMP_PREFIX_NONE,
219 				       16, 1, data, length, false);
220 	}
221 }
222 
223 static void debug_pmt(char *msg, int length)
224 {
225 	printk(KERN_INFO "APP PMT -> l=%d\n", length);
226 	print_hex_dump(KERN_INFO, "APP PMT -> ", DUMP_PREFIX_NONE,
227 		       16, 1, msg, length, false);
228 }
229 
230 static int avc_write(struct firedtv *fdtv)
231 {
232 	int err, retry;
233 
234 	fdtv->avc_reply_received = false;
235 
236 	for (retry = 0; retry < 6; retry++) {
237 		if (unlikely(avc_debug))
238 			debug_fcp(fdtv->avc_data, fdtv->avc_data_length);
239 
240 		err = fdtv_write(fdtv, FCP_COMMAND_REGISTER,
241 				 fdtv->avc_data, fdtv->avc_data_length);
242 		if (err) {
243 			dev_err(fdtv->device, "FCP command write failed\n");
244 
245 			return err;
246 		}
247 
248 		/*
249 		 * AV/C specs say that answers should be sent within 150 ms.
250 		 * Time out after 200 ms.
251 		 */
252 		if (wait_event_timeout(fdtv->avc_wait,
253 				       fdtv->avc_reply_received,
254 				       msecs_to_jiffies(200)) != 0)
255 			return 0;
256 	}
257 	dev_err(fdtv->device, "FCP response timed out\n");
258 
259 	return -ETIMEDOUT;
260 }
261 
262 static bool is_register_rc(struct avc_response_frame *r)
263 {
264 	return r->opcode     == AVC_OPCODE_VENDOR &&
265 	       r->operand[0] == SFE_VENDOR_DE_COMPANYID_0 &&
266 	       r->operand[1] == SFE_VENDOR_DE_COMPANYID_1 &&
267 	       r->operand[2] == SFE_VENDOR_DE_COMPANYID_2 &&
268 	       r->operand[3] == SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL;
269 }
270 
271 int avc_recv(struct firedtv *fdtv, void *data, size_t length)
272 {
273 	struct avc_response_frame *r = data;
274 
275 	if (unlikely(avc_debug))
276 		debug_fcp(data, length);
277 
278 	if (length >= 8 && is_register_rc(r)) {
279 		switch (r->response) {
280 		case AVC_RESPONSE_CHANGED:
281 			fdtv_handle_rc(fdtv, r->operand[4] << 8 | r->operand[5]);
282 			schedule_work(&fdtv->remote_ctrl_work);
283 			break;
284 		case AVC_RESPONSE_INTERIM:
285 			if (is_register_rc((void *)fdtv->avc_data))
286 				goto wake;
287 			break;
288 		default:
289 			dev_info(fdtv->device,
290 				 "remote control result = %d\n", r->response);
291 		}
292 		return 0;
293 	}
294 
295 	if (fdtv->avc_reply_received) {
296 		dev_err(fdtv->device, "out-of-order AVC response, ignored\n");
297 		return -EIO;
298 	}
299 
300 	memcpy(fdtv->avc_data, data, length);
301 	fdtv->avc_data_length = length;
302 wake:
303 	fdtv->avc_reply_received = true;
304 	wake_up(&fdtv->avc_wait);
305 
306 	return 0;
307 }
308 
309 static int add_pid_filter(struct firedtv *fdtv, u8 *operand)
310 {
311 	int i, n, pos = 1;
312 
313 	for (i = 0, n = 0; i < 16; i++) {
314 		if (test_bit(i, &fdtv->channel_active)) {
315 			operand[pos++] = 0x13; /* flowfunction relay */
316 			operand[pos++] = 0x80; /* dsd_sel_spec_valid_flags -> PID */
317 			operand[pos++] = (fdtv->channel_pid[i] >> 8) & 0x1f;
318 			operand[pos++] = fdtv->channel_pid[i] & 0xff;
319 			operand[pos++] = 0x00; /* tableID */
320 			operand[pos++] = 0x00; /* filter_length */
321 			n++;
322 		}
323 	}
324 	operand[0] = n;
325 
326 	return pos;
327 }
328 
329 /*
330  * tuning command for setting the relative LNB frequency
331  * (not supported by the AVC standard)
332  */
333 static int avc_tuner_tuneqpsk(struct firedtv *fdtv,
334 			      struct dtv_frontend_properties *p)
335 {
336 	struct avc_command_frame *c = (void *)fdtv->avc_data;
337 
338 	c->opcode = AVC_OPCODE_VENDOR;
339 
340 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
341 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
342 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
343 	if (fdtv->type == FIREDTV_DVB_S2)
344 		c->operand[3] = SFE_VENDOR_OPCODE_TUNE_QPSK2;
345 	else
346 		c->operand[3] = SFE_VENDOR_OPCODE_TUNE_QPSK;
347 
348 	c->operand[4] = (p->frequency >> 24) & 0xff;
349 	c->operand[5] = (p->frequency >> 16) & 0xff;
350 	c->operand[6] = (p->frequency >> 8) & 0xff;
351 	c->operand[7] = p->frequency & 0xff;
352 
353 	c->operand[8] = ((p->symbol_rate / 1000) >> 8) & 0xff;
354 	c->operand[9] = (p->symbol_rate / 1000) & 0xff;
355 
356 	switch (p->fec_inner) {
357 	case FEC_1_2:	c->operand[10] = 0x1; break;
358 	case FEC_2_3:	c->operand[10] = 0x2; break;
359 	case FEC_3_4:	c->operand[10] = 0x3; break;
360 	case FEC_5_6:	c->operand[10] = 0x4; break;
361 	case FEC_7_8:	c->operand[10] = 0x5; break;
362 	case FEC_4_5:
363 	case FEC_8_9:
364 	case FEC_AUTO:
365 	default:	c->operand[10] = 0x0;
366 	}
367 
368 	if (fdtv->voltage == 0xff)
369 		c->operand[11] = 0xff;
370 	else if (fdtv->voltage == SEC_VOLTAGE_18) /* polarisation */
371 		c->operand[11] = 0;
372 	else
373 		c->operand[11] = 1;
374 
375 	if (fdtv->tone == 0xff)
376 		c->operand[12] = 0xff;
377 	else if (fdtv->tone == SEC_TONE_ON) /* band */
378 		c->operand[12] = 1;
379 	else
380 		c->operand[12] = 0;
381 
382 	if (fdtv->type == FIREDTV_DVB_S2) {
383 		if (fdtv->fe.dtv_property_cache.delivery_system == SYS_DVBS2) {
384 			switch (fdtv->fe.dtv_property_cache.modulation) {
385 			case QAM_16:		c->operand[13] = 0x1; break;
386 			case QPSK:		c->operand[13] = 0x2; break;
387 			case PSK_8:		c->operand[13] = 0x3; break;
388 			default:		c->operand[13] = 0x2; break;
389 			}
390 			switch (fdtv->fe.dtv_property_cache.rolloff) {
391 			case ROLLOFF_35:	c->operand[14] = 0x2; break;
392 			case ROLLOFF_20:	c->operand[14] = 0x0; break;
393 			case ROLLOFF_25:	c->operand[14] = 0x1; break;
394 			case ROLLOFF_AUTO:
395 			default:		c->operand[14] = 0x2; break;
396 			/* case ROLLOFF_NONE:	c->operand[14] = 0xff; break; */
397 			}
398 			switch (fdtv->fe.dtv_property_cache.pilot) {
399 			case PILOT_AUTO:	c->operand[15] = 0x0; break;
400 			case PILOT_OFF:		c->operand[15] = 0x0; break;
401 			case PILOT_ON:		c->operand[15] = 0x1; break;
402 			}
403 		} else {
404 			c->operand[13] = 0x1;  /* auto modulation */
405 			c->operand[14] = 0xff; /* disable rolloff */
406 			c->operand[15] = 0xff; /* disable pilot */
407 		}
408 		return 16;
409 	} else {
410 		return 13;
411 	}
412 }
413 
414 static int avc_tuner_dsd_dvb_c(struct firedtv *fdtv,
415 			       struct dtv_frontend_properties *p)
416 {
417 	struct avc_command_frame *c = (void *)fdtv->avc_data;
418 
419 	c->opcode = AVC_OPCODE_DSD;
420 
421 	c->operand[0] = 0;    /* source plug */
422 	c->operand[1] = 0xd2; /* subfunction replace */
423 	c->operand[2] = 0x20; /* system id = DVB */
424 	c->operand[3] = 0x00; /* antenna number */
425 	c->operand[4] = 0x11; /* system_specific_multiplex selection_length */
426 
427 	/* multiplex_valid_flags, high byte */
428 	c->operand[5] =   0 << 7 /* reserved */
429 			| 0 << 6 /* Polarisation */
430 			| 0 << 5 /* Orbital_Pos */
431 			| 1 << 4 /* Frequency */
432 			| 1 << 3 /* Symbol_Rate */
433 			| 0 << 2 /* FEC_outer */
434 			| (p->fec_inner  != FEC_AUTO ? 1 << 1 : 0)
435 			| (p->modulation != QAM_AUTO ? 1 << 0 : 0);
436 
437 	/* multiplex_valid_flags, low byte */
438 	c->operand[6] =   0 << 7 /* NetworkID */
439 			| 0 << 0 /* reserved */ ;
440 
441 	c->operand[7]  = 0x00;
442 	c->operand[8]  = 0x00;
443 	c->operand[9]  = 0x00;
444 	c->operand[10] = 0x00;
445 
446 	c->operand[11] = (((p->frequency / 4000) >> 16) & 0xff) | (2 << 6);
447 	c->operand[12] = ((p->frequency / 4000) >> 8) & 0xff;
448 	c->operand[13] = (p->frequency / 4000) & 0xff;
449 	c->operand[14] = ((p->symbol_rate / 1000) >> 12) & 0xff;
450 	c->operand[15] = ((p->symbol_rate / 1000) >> 4) & 0xff;
451 	c->operand[16] = ((p->symbol_rate / 1000) << 4) & 0xf0;
452 	c->operand[17] = 0x00;
453 
454 	switch (p->fec_inner) {
455 	case FEC_1_2:	c->operand[18] = 0x1; break;
456 	case FEC_2_3:	c->operand[18] = 0x2; break;
457 	case FEC_3_4:	c->operand[18] = 0x3; break;
458 	case FEC_5_6:	c->operand[18] = 0x4; break;
459 	case FEC_7_8:	c->operand[18] = 0x5; break;
460 	case FEC_8_9:	c->operand[18] = 0x6; break;
461 	case FEC_4_5:	c->operand[18] = 0x8; break;
462 	case FEC_AUTO:
463 	default:	c->operand[18] = 0x0;
464 	}
465 
466 	switch (p->modulation) {
467 	case QAM_16:	c->operand[19] = 0x08; break;
468 	case QAM_32:	c->operand[19] = 0x10; break;
469 	case QAM_64:	c->operand[19] = 0x18; break;
470 	case QAM_128:	c->operand[19] = 0x20; break;
471 	case QAM_256:	c->operand[19] = 0x28; break;
472 	case QAM_AUTO:
473 	default:	c->operand[19] = 0x00;
474 	}
475 
476 	c->operand[20] = 0x00;
477 	c->operand[21] = 0x00;
478 
479 	return 22 + add_pid_filter(fdtv, &c->operand[22]);
480 }
481 
482 static int avc_tuner_dsd_dvb_t(struct firedtv *fdtv,
483 			       struct dtv_frontend_properties *p)
484 {
485 	struct avc_command_frame *c = (void *)fdtv->avc_data;
486 
487 	c->opcode = AVC_OPCODE_DSD;
488 
489 	c->operand[0] = 0;    /* source plug */
490 	c->operand[1] = 0xd2; /* subfunction replace */
491 	c->operand[2] = 0x20; /* system id = DVB */
492 	c->operand[3] = 0x00; /* antenna number */
493 	c->operand[4] = 0x0c; /* system_specific_multiplex selection_length */
494 
495 	/* multiplex_valid_flags, high byte */
496 	c->operand[5] =
497 	      0 << 7 /* reserved */
498 	    | 1 << 6 /* CenterFrequency */
499 	    | (p->bandwidth_hz != 0        ? 1 << 5 : 0)
500 	    | (p->modulation  != QAM_AUTO              ? 1 << 4 : 0)
501 	    | (p->hierarchy != HIERARCHY_AUTO ? 1 << 3 : 0)
502 	    | (p->code_rate_HP   != FEC_AUTO              ? 1 << 2 : 0)
503 	    | (p->code_rate_LP   != FEC_AUTO              ? 1 << 1 : 0)
504 	    | (p->guard_interval != GUARD_INTERVAL_AUTO   ? 1 << 0 : 0);
505 
506 	/* multiplex_valid_flags, low byte */
507 	c->operand[6] =
508 	      0 << 7 /* NetworkID */
509 	    | (p->transmission_mode != TRANSMISSION_MODE_AUTO ? 1 << 6 : 0)
510 	    | 0 << 5 /* OtherFrequencyFlag */
511 	    | 0 << 0 /* reserved */ ;
512 
513 	c->operand[7]  = 0x0;
514 	c->operand[8]  = (p->frequency / 10) >> 24;
515 	c->operand[9]  = ((p->frequency / 10) >> 16) & 0xff;
516 	c->operand[10] = ((p->frequency / 10) >>  8) & 0xff;
517 	c->operand[11] = (p->frequency / 10) & 0xff;
518 
519 	switch (p->bandwidth_hz) {
520 	case 7000000:	c->operand[12] = 0x20; break;
521 	case 8000000:
522 	case 6000000:	/* not defined by AVC spec */
523 	case 0:
524 	default:		c->operand[12] = 0x00;
525 	}
526 
527 	switch (p->modulation) {
528 	case QAM_16:	c->operand[13] = 1 << 6; break;
529 	case QAM_64:	c->operand[13] = 2 << 6; break;
530 	case QPSK:
531 	default:	c->operand[13] = 0x00;
532 	}
533 
534 	switch (p->hierarchy) {
535 	case HIERARCHY_1:	c->operand[13] |= 1 << 3; break;
536 	case HIERARCHY_2:	c->operand[13] |= 2 << 3; break;
537 	case HIERARCHY_4:	c->operand[13] |= 3 << 3; break;
538 	case HIERARCHY_AUTO:
539 	case HIERARCHY_NONE:
540 	default:		break;
541 	}
542 
543 	switch (p->code_rate_HP) {
544 	case FEC_2_3:	c->operand[13] |= 1; break;
545 	case FEC_3_4:	c->operand[13] |= 2; break;
546 	case FEC_5_6:	c->operand[13] |= 3; break;
547 	case FEC_7_8:	c->operand[13] |= 4; break;
548 	case FEC_1_2:
549 	default:	break;
550 	}
551 
552 	switch (p->code_rate_LP) {
553 	case FEC_2_3:	c->operand[14] = 1 << 5; break;
554 	case FEC_3_4:	c->operand[14] = 2 << 5; break;
555 	case FEC_5_6:	c->operand[14] = 3 << 5; break;
556 	case FEC_7_8:	c->operand[14] = 4 << 5; break;
557 	case FEC_1_2:
558 	default:	c->operand[14] = 0x00; break;
559 	}
560 
561 	switch (p->guard_interval) {
562 	case GUARD_INTERVAL_1_16:	c->operand[14] |= 1 << 3; break;
563 	case GUARD_INTERVAL_1_8:	c->operand[14] |= 2 << 3; break;
564 	case GUARD_INTERVAL_1_4:	c->operand[14] |= 3 << 3; break;
565 	case GUARD_INTERVAL_1_32:
566 	case GUARD_INTERVAL_AUTO:
567 	default:			break;
568 	}
569 
570 	switch (p->transmission_mode) {
571 	case TRANSMISSION_MODE_8K:	c->operand[14] |= 1 << 1; break;
572 	case TRANSMISSION_MODE_2K:
573 	case TRANSMISSION_MODE_AUTO:
574 	default:			break;
575 	}
576 
577 	c->operand[15] = 0x00; /* network_ID[0] */
578 	c->operand[16] = 0x00; /* network_ID[1] */
579 
580 	return 17 + add_pid_filter(fdtv, &c->operand[17]);
581 }
582 
583 int avc_tuner_dsd(struct firedtv *fdtv,
584 		  struct dtv_frontend_properties *p)
585 {
586 	struct avc_command_frame *c = (void *)fdtv->avc_data;
587 	int pos, ret;
588 
589 	mutex_lock(&fdtv->avc_mutex);
590 
591 	c->ctype   = AVC_CTYPE_CONTROL;
592 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
593 
594 	switch (fdtv->type) {
595 	case FIREDTV_DVB_S:
596 	case FIREDTV_DVB_S2: pos = avc_tuner_tuneqpsk(fdtv, p); break;
597 	case FIREDTV_DVB_C: pos = avc_tuner_dsd_dvb_c(fdtv, p); break;
598 	case FIREDTV_DVB_T: pos = avc_tuner_dsd_dvb_t(fdtv, p); break;
599 	default:
600 		BUG();
601 	}
602 	pad_operands(c, pos);
603 
604 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
605 	ret = avc_write(fdtv);
606 #if 0
607 	/*
608 	 * FIXME:
609 	 * u8 *status was an out-parameter of avc_tuner_dsd, unused by caller.
610 	 * Check for AVC_RESPONSE_ACCEPTED here instead?
611 	 */
612 	if (status)
613 		*status = r->operand[2];
614 #endif
615 	mutex_unlock(&fdtv->avc_mutex);
616 
617 	if (ret == 0)
618 		msleep(500);
619 
620 	return ret;
621 }
622 
623 int avc_tuner_set_pids(struct firedtv *fdtv, unsigned char pidc, u16 pid[])
624 {
625 	struct avc_command_frame *c = (void *)fdtv->avc_data;
626 	int ret, pos, k;
627 
628 	if (pidc > 16 && pidc != 0xff)
629 		return -EINVAL;
630 
631 	mutex_lock(&fdtv->avc_mutex);
632 
633 	c->ctype   = AVC_CTYPE_CONTROL;
634 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
635 	c->opcode  = AVC_OPCODE_DSD;
636 
637 	c->operand[0] = 0;	/* source plug */
638 	c->operand[1] = 0xd2;	/* subfunction replace */
639 	c->operand[2] = 0x20;	/* system id = DVB */
640 	c->operand[3] = 0x00;	/* antenna number */
641 	c->operand[4] = 0x00;	/* system_specific_multiplex selection_length */
642 	c->operand[5] = pidc;	/* Nr_of_dsd_sel_specs */
643 
644 	pos = 6;
645 	if (pidc != 0xff)
646 		for (k = 0; k < pidc; k++) {
647 			c->operand[pos++] = 0x13; /* flowfunction relay */
648 			c->operand[pos++] = 0x80; /* dsd_sel_spec_valid_flags -> PID */
649 			c->operand[pos++] = (pid[k] >> 8) & 0x1f;
650 			c->operand[pos++] = pid[k] & 0xff;
651 			c->operand[pos++] = 0x00; /* tableID */
652 			c->operand[pos++] = 0x00; /* filter_length */
653 		}
654 	pad_operands(c, pos);
655 
656 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
657 	ret = avc_write(fdtv);
658 
659 	/* FIXME: check response code? */
660 
661 	mutex_unlock(&fdtv->avc_mutex);
662 
663 	if (ret == 0)
664 		msleep(50);
665 
666 	return ret;
667 }
668 
669 int avc_tuner_get_ts(struct firedtv *fdtv)
670 {
671 	struct avc_command_frame *c = (void *)fdtv->avc_data;
672 	int ret, sl;
673 
674 	mutex_lock(&fdtv->avc_mutex);
675 
676 	c->ctype   = AVC_CTYPE_CONTROL;
677 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
678 	c->opcode  = AVC_OPCODE_DSIT;
679 
680 	sl = fdtv->type == FIREDTV_DVB_T ? 0x0c : 0x11;
681 
682 	c->operand[0] = 0;	/* source plug */
683 	c->operand[1] = 0xd2;	/* subfunction replace */
684 	c->operand[2] = 0xff;	/* status */
685 	c->operand[3] = 0x20;	/* system id = DVB */
686 	c->operand[4] = 0x00;	/* antenna number */
687 	c->operand[5] = 0x0;	/* system_specific_search_flags */
688 	c->operand[6] = sl;	/* system_specific_multiplex selection_length */
689 	/*
690 	 * operand[7]: valid_flags[0]
691 	 * operand[8]: valid_flags[1]
692 	 * operand[7 + sl]: nr_of_dsit_sel_specs (always 0)
693 	 */
694 	clear_operands(c, 7, 24);
695 
696 	fdtv->avc_data_length = fdtv->type == FIREDTV_DVB_T ? 24 : 28;
697 	ret = avc_write(fdtv);
698 
699 	/* FIXME: check response code? */
700 
701 	mutex_unlock(&fdtv->avc_mutex);
702 
703 	if (ret == 0)
704 		msleep(250);
705 
706 	return ret;
707 }
708 
709 int avc_identify_subunit(struct firedtv *fdtv)
710 {
711 	struct avc_command_frame *c = (void *)fdtv->avc_data;
712 	struct avc_response_frame *r = (void *)fdtv->avc_data;
713 	int ret;
714 
715 	mutex_lock(&fdtv->avc_mutex);
716 
717 	c->ctype   = AVC_CTYPE_CONTROL;
718 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
719 	c->opcode  = AVC_OPCODE_READ_DESCRIPTOR;
720 
721 	c->operand[0] = DESCRIPTOR_SUBUNIT_IDENTIFIER;
722 	c->operand[1] = 0xff;
723 	c->operand[2] = 0x00;
724 	c->operand[3] = 0x00; /* length highbyte */
725 	c->operand[4] = 0x08; /* length lowbyte  */
726 	c->operand[5] = 0x00; /* offset highbyte */
727 	c->operand[6] = 0x0d; /* offset lowbyte  */
728 	clear_operands(c, 7, 8); /* padding */
729 
730 	fdtv->avc_data_length = 12;
731 	ret = avc_write(fdtv);
732 	if (ret < 0)
733 		goto out;
734 
735 	if ((r->response != AVC_RESPONSE_STABLE &&
736 	     r->response != AVC_RESPONSE_ACCEPTED) ||
737 	    (r->operand[3] << 8) + r->operand[4] != 8) {
738 		dev_err(fdtv->device, "cannot read subunit identifier\n");
739 		ret = -EINVAL;
740 	}
741 out:
742 	mutex_unlock(&fdtv->avc_mutex);
743 
744 	return ret;
745 }
746 
747 #define SIZEOF_ANTENNA_INPUT_INFO 22
748 
749 int avc_tuner_status(struct firedtv *fdtv, struct firedtv_tuner_status *stat)
750 {
751 	struct avc_command_frame *c = (void *)fdtv->avc_data;
752 	struct avc_response_frame *r = (void *)fdtv->avc_data;
753 	int length, ret;
754 
755 	mutex_lock(&fdtv->avc_mutex);
756 
757 	c->ctype   = AVC_CTYPE_CONTROL;
758 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
759 	c->opcode  = AVC_OPCODE_READ_DESCRIPTOR;
760 
761 	c->operand[0] = DESCRIPTOR_TUNER_STATUS;
762 	c->operand[1] = 0xff;	/* read_result_status */
763 	/*
764 	 * operand[2]: reserved
765 	 * operand[3]: SIZEOF_ANTENNA_INPUT_INFO >> 8
766 	 * operand[4]: SIZEOF_ANTENNA_INPUT_INFO & 0xff
767 	 */
768 	clear_operands(c, 2, 31);
769 
770 	fdtv->avc_data_length = 12;
771 	ret = avc_write(fdtv);
772 	if (ret < 0)
773 		goto out;
774 
775 	if (r->response != AVC_RESPONSE_STABLE &&
776 	    r->response != AVC_RESPONSE_ACCEPTED) {
777 		dev_err(fdtv->device, "cannot read tuner status\n");
778 		ret = -EINVAL;
779 		goto out;
780 	}
781 
782 	length = r->operand[9];
783 	if (r->operand[1] != 0x10 || length != SIZEOF_ANTENNA_INPUT_INFO) {
784 		dev_err(fdtv->device, "got invalid tuner status\n");
785 		ret = -EINVAL;
786 		goto out;
787 	}
788 
789 	stat->active_system		= r->operand[10];
790 	stat->searching			= r->operand[11] >> 7 & 1;
791 	stat->moving			= r->operand[11] >> 6 & 1;
792 	stat->no_rf			= r->operand[11] >> 5 & 1;
793 	stat->input			= r->operand[12] >> 7 & 1;
794 	stat->selected_antenna		= r->operand[12] & 0x7f;
795 	stat->ber			= r->operand[13] << 24 |
796 					  r->operand[14] << 16 |
797 					  r->operand[15] << 8 |
798 					  r->operand[16];
799 	stat->signal_strength		= r->operand[17];
800 	stat->raster_frequency		= r->operand[18] >> 6 & 2;
801 	stat->rf_frequency		= (r->operand[18] & 0x3f) << 16 |
802 					  r->operand[19] << 8 |
803 					  r->operand[20];
804 	stat->man_dep_info_length	= r->operand[21];
805 	stat->front_end_error		= r->operand[22] >> 4 & 1;
806 	stat->antenna_error		= r->operand[22] >> 3 & 1;
807 	stat->front_end_power_status	= r->operand[22] >> 1 & 1;
808 	stat->power_supply		= r->operand[22] & 1;
809 	stat->carrier_noise_ratio	= r->operand[23] << 8 |
810 					  r->operand[24];
811 	stat->power_supply_voltage	= r->operand[27];
812 	stat->antenna_voltage		= r->operand[28];
813 	stat->firewire_bus_voltage	= r->operand[29];
814 	stat->ca_mmi			= r->operand[30] & 1;
815 	stat->ca_pmt_reply		= r->operand[31] >> 7 & 1;
816 	stat->ca_date_time_request	= r->operand[31] >> 6 & 1;
817 	stat->ca_application_info	= r->operand[31] >> 5 & 1;
818 	stat->ca_module_present_status	= r->operand[31] >> 4 & 1;
819 	stat->ca_dvb_flag		= r->operand[31] >> 3 & 1;
820 	stat->ca_error_flag		= r->operand[31] >> 2 & 1;
821 	stat->ca_initialization_status	= r->operand[31] >> 1 & 1;
822 out:
823 	mutex_unlock(&fdtv->avc_mutex);
824 
825 	return ret;
826 }
827 
828 int avc_lnb_control(struct firedtv *fdtv, char voltage, char burst,
829 		    char conttone, char nrdiseq,
830 		    struct dvb_diseqc_master_cmd *diseqcmd)
831 {
832 	struct avc_command_frame *c = (void *)fdtv->avc_data;
833 	struct avc_response_frame *r = (void *)fdtv->avc_data;
834 	int pos, j, k, ret;
835 
836 	mutex_lock(&fdtv->avc_mutex);
837 
838 	c->ctype   = AVC_CTYPE_CONTROL;
839 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
840 	c->opcode  = AVC_OPCODE_VENDOR;
841 
842 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
843 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
844 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
845 	c->operand[3] = SFE_VENDOR_OPCODE_LNB_CONTROL;
846 	c->operand[4] = voltage;
847 	c->operand[5] = nrdiseq;
848 
849 	pos = 6;
850 	for (j = 0; j < nrdiseq; j++) {
851 		c->operand[pos++] = diseqcmd[j].msg_len;
852 
853 		for (k = 0; k < diseqcmd[j].msg_len; k++)
854 			c->operand[pos++] = diseqcmd[j].msg[k];
855 	}
856 	c->operand[pos++] = burst;
857 	c->operand[pos++] = conttone;
858 	pad_operands(c, pos);
859 
860 	fdtv->avc_data_length = ALIGN(3 + pos, 4);
861 	ret = avc_write(fdtv);
862 	if (ret < 0)
863 		goto out;
864 
865 	if (r->response != AVC_RESPONSE_ACCEPTED) {
866 		dev_err(fdtv->device, "LNB control failed\n");
867 		ret = -EINVAL;
868 	}
869 out:
870 	mutex_unlock(&fdtv->avc_mutex);
871 
872 	return ret;
873 }
874 
875 int avc_register_remote_control(struct firedtv *fdtv)
876 {
877 	struct avc_command_frame *c = (void *)fdtv->avc_data;
878 	int ret;
879 
880 	mutex_lock(&fdtv->avc_mutex);
881 
882 	c->ctype   = AVC_CTYPE_NOTIFY;
883 	c->subunit = AVC_SUBUNIT_TYPE_UNIT | 7;
884 	c->opcode  = AVC_OPCODE_VENDOR;
885 
886 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
887 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
888 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
889 	c->operand[3] = SFE_VENDOR_OPCODE_REGISTER_REMOTE_CONTROL;
890 	c->operand[4] = 0; /* padding */
891 
892 	fdtv->avc_data_length = 8;
893 	ret = avc_write(fdtv);
894 
895 	/* FIXME: check response code? */
896 
897 	mutex_unlock(&fdtv->avc_mutex);
898 
899 	return ret;
900 }
901 
902 void avc_remote_ctrl_work(struct work_struct *work)
903 {
904 	struct firedtv *fdtv =
905 			container_of(work, struct firedtv, remote_ctrl_work);
906 
907 	/* Should it be rescheduled in failure cases? */
908 	avc_register_remote_control(fdtv);
909 }
910 
911 #if 0 /* FIXME: unused */
912 int avc_tuner_host2ca(struct firedtv *fdtv)
913 {
914 	struct avc_command_frame *c = (void *)fdtv->avc_data;
915 	int ret;
916 
917 	mutex_lock(&fdtv->avc_mutex);
918 
919 	c->ctype   = AVC_CTYPE_CONTROL;
920 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
921 	c->opcode  = AVC_OPCODE_VENDOR;
922 
923 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
924 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
925 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
926 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
927 	c->operand[4] = 0; /* slot */
928 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
929 	clear_operands(c, 6, 8);
930 
931 	fdtv->avc_data_length = 12;
932 	ret = avc_write(fdtv);
933 
934 	/* FIXME: check response code? */
935 
936 	mutex_unlock(&fdtv->avc_mutex);
937 
938 	return ret;
939 }
940 #endif
941 
942 static int get_ca_object_pos(struct avc_response_frame *r)
943 {
944 	int length = 1;
945 
946 	/* Check length of length field */
947 	if (r->operand[7] & 0x80)
948 		length = (r->operand[7] & 0x7f) + 1;
949 	return length + 7;
950 }
951 
952 static int get_ca_object_length(struct avc_response_frame *r)
953 {
954 #if 0 /* FIXME: unused */
955 	int size = 0;
956 	int i;
957 
958 	if (r->operand[7] & 0x80)
959 		for (i = 0; i < (r->operand[7] & 0x7f); i++) {
960 			size <<= 8;
961 			size += r->operand[8 + i];
962 		}
963 #endif
964 	return r->operand[7];
965 }
966 
967 int avc_ca_app_info(struct firedtv *fdtv, unsigned char *app_info,
968 		    unsigned int *len)
969 {
970 	struct avc_command_frame *c = (void *)fdtv->avc_data;
971 	struct avc_response_frame *r = (void *)fdtv->avc_data;
972 	int pos, ret;
973 
974 	mutex_lock(&fdtv->avc_mutex);
975 
976 	c->ctype   = AVC_CTYPE_STATUS;
977 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
978 	c->opcode  = AVC_OPCODE_VENDOR;
979 
980 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
981 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
982 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
983 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
984 	c->operand[4] = 0; /* slot */
985 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
986 	clear_operands(c, 6, LAST_OPERAND);
987 
988 	fdtv->avc_data_length = 12;
989 	ret = avc_write(fdtv);
990 	if (ret < 0)
991 		goto out;
992 
993 	/* FIXME: check response code and validate response data */
994 
995 	pos = get_ca_object_pos(r);
996 	app_info[0] = (EN50221_TAG_APP_INFO >> 16) & 0xff;
997 	app_info[1] = (EN50221_TAG_APP_INFO >>  8) & 0xff;
998 	app_info[2] = (EN50221_TAG_APP_INFO >>  0) & 0xff;
999 	app_info[3] = 6 + r->operand[pos + 4];
1000 	app_info[4] = 0x01;
1001 	memcpy(&app_info[5], &r->operand[pos], 5 + r->operand[pos + 4]);
1002 	*len = app_info[3] + 4;
1003 out:
1004 	mutex_unlock(&fdtv->avc_mutex);
1005 
1006 	return ret;
1007 }
1008 
1009 int avc_ca_info(struct firedtv *fdtv, unsigned char *app_info,
1010 		unsigned int *len)
1011 {
1012 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1013 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1014 	int i, pos, ret;
1015 
1016 	mutex_lock(&fdtv->avc_mutex);
1017 
1018 	c->ctype   = AVC_CTYPE_STATUS;
1019 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1020 	c->opcode  = AVC_OPCODE_VENDOR;
1021 
1022 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1023 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1024 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1025 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1026 	c->operand[4] = 0; /* slot */
1027 	c->operand[5] = SFE_VENDOR_TAG_CA_APPLICATION_INFO; /* ca tag */
1028 	clear_operands(c, 6, LAST_OPERAND);
1029 
1030 	fdtv->avc_data_length = 12;
1031 	ret = avc_write(fdtv);
1032 	if (ret < 0)
1033 		goto out;
1034 
1035 	/* FIXME: check response code and validate response data */
1036 
1037 	pos = get_ca_object_pos(r);
1038 	app_info[0] = (EN50221_TAG_CA_INFO >> 16) & 0xff;
1039 	app_info[1] = (EN50221_TAG_CA_INFO >>  8) & 0xff;
1040 	app_info[2] = (EN50221_TAG_CA_INFO >>  0) & 0xff;
1041 	if (num_fake_ca_system_ids == 0) {
1042 		app_info[3] = 2;
1043 		app_info[4] = r->operand[pos + 0];
1044 		app_info[5] = r->operand[pos + 1];
1045 	} else {
1046 		app_info[3] = num_fake_ca_system_ids * 2;
1047 		for (i = 0; i < num_fake_ca_system_ids; i++) {
1048 			app_info[4 + i * 2] =
1049 				(fake_ca_system_ids[i] >> 8) & 0xff;
1050 			app_info[5 + i * 2] = fake_ca_system_ids[i] & 0xff;
1051 		}
1052 	}
1053 	*len = app_info[3] + 4;
1054 out:
1055 	mutex_unlock(&fdtv->avc_mutex);
1056 
1057 	return ret;
1058 }
1059 
1060 int avc_ca_reset(struct firedtv *fdtv)
1061 {
1062 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1063 	int ret;
1064 
1065 	mutex_lock(&fdtv->avc_mutex);
1066 
1067 	c->ctype   = AVC_CTYPE_CONTROL;
1068 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1069 	c->opcode  = AVC_OPCODE_VENDOR;
1070 
1071 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1072 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1073 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1074 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1075 	c->operand[4] = 0; /* slot */
1076 	c->operand[5] = SFE_VENDOR_TAG_CA_RESET; /* ca tag */
1077 	c->operand[6] = 0; /* more/last */
1078 	c->operand[7] = 1; /* length */
1079 	c->operand[8] = 0; /* force hardware reset */
1080 
1081 	fdtv->avc_data_length = 12;
1082 	ret = avc_write(fdtv);
1083 
1084 	/* FIXME: check response code? */
1085 
1086 	mutex_unlock(&fdtv->avc_mutex);
1087 
1088 	return ret;
1089 }
1090 
1091 int avc_ca_pmt(struct firedtv *fdtv, char *msg, int length)
1092 {
1093 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1094 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1095 	int list_management;
1096 	int program_info_length;
1097 	int pmt_cmd_id;
1098 	int read_pos;
1099 	int write_pos;
1100 	int es_info_length;
1101 	int crc32_csum;
1102 	int ret;
1103 
1104 	if (unlikely(avc_debug & AVC_DEBUG_APPLICATION_PMT))
1105 		debug_pmt(msg, length);
1106 
1107 	mutex_lock(&fdtv->avc_mutex);
1108 
1109 	c->ctype   = AVC_CTYPE_CONTROL;
1110 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1111 	c->opcode  = AVC_OPCODE_VENDOR;
1112 
1113 	if (msg[0] != EN50221_LIST_MANAGEMENT_ONLY) {
1114 		dev_info(fdtv->device, "forcing list_management to ONLY\n");
1115 		msg[0] = EN50221_LIST_MANAGEMENT_ONLY;
1116 	}
1117 	/* We take the cmd_id from the programme level only! */
1118 	list_management = msg[0];
1119 	program_info_length = ((msg[4] & 0x0f) << 8) + msg[5];
1120 	if (program_info_length > 0)
1121 		program_info_length--; /* Remove pmt_cmd_id */
1122 	pmt_cmd_id = msg[6];
1123 
1124 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1125 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1126 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1127 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1128 	c->operand[4] = 0; /* slot */
1129 	c->operand[5] = SFE_VENDOR_TAG_CA_PMT; /* ca tag */
1130 	c->operand[6] = 0; /* more/last */
1131 	/* Use three bytes for length field in case length > 127 */
1132 	c->operand[10] = list_management;
1133 	c->operand[11] = 0x01; /* pmt_cmd=OK_descramble */
1134 
1135 	/* TS program map table */
1136 
1137 	c->operand[12] = 0x02; /* Table id=2 */
1138 	c->operand[13] = 0x80; /* Section syntax + length */
1139 
1140 	c->operand[15] = msg[1]; /* Program number */
1141 	c->operand[16] = msg[2];
1142 	c->operand[17] = msg[3]; /* Version number and current/next */
1143 	c->operand[18] = 0x00; /* Section number=0 */
1144 	c->operand[19] = 0x00; /* Last section number=0 */
1145 	c->operand[20] = 0x1f; /* PCR_PID=1FFF */
1146 	c->operand[21] = 0xff;
1147 	c->operand[22] = (program_info_length >> 8); /* Program info length */
1148 	c->operand[23] = (program_info_length & 0xff);
1149 
1150 	/* CA descriptors at programme level */
1151 	read_pos = 6;
1152 	write_pos = 24;
1153 	if (program_info_length > 0) {
1154 		pmt_cmd_id = msg[read_pos++];
1155 		if (pmt_cmd_id != 1 && pmt_cmd_id != 4)
1156 			dev_err(fdtv->device,
1157 				"invalid pmt_cmd_id %d\n", pmt_cmd_id);
1158 		if (program_info_length > sizeof(c->operand) - 4 - write_pos) {
1159 			ret = -EINVAL;
1160 			goto out;
1161 		}
1162 
1163 		memcpy(&c->operand[write_pos], &msg[read_pos],
1164 		       program_info_length);
1165 		read_pos += program_info_length;
1166 		write_pos += program_info_length;
1167 	}
1168 	while (read_pos + 4 < length) {
1169 		if (write_pos + 4 >= sizeof(c->operand) - 4) {
1170 			ret = -EINVAL;
1171 			goto out;
1172 		}
1173 		c->operand[write_pos++] = msg[read_pos++];
1174 		c->operand[write_pos++] = msg[read_pos++];
1175 		c->operand[write_pos++] = msg[read_pos++];
1176 		es_info_length =
1177 			((msg[read_pos] & 0x0f) << 8) + msg[read_pos + 1];
1178 		read_pos += 2;
1179 		if (es_info_length > 0)
1180 			es_info_length--; /* Remove pmt_cmd_id */
1181 		c->operand[write_pos++] = es_info_length >> 8;
1182 		c->operand[write_pos++] = es_info_length & 0xff;
1183 		if (es_info_length > 0) {
1184 			if (read_pos >= length) {
1185 				ret = -EINVAL;
1186 				goto out;
1187 			}
1188 			pmt_cmd_id = msg[read_pos++];
1189 			if (pmt_cmd_id != 1 && pmt_cmd_id != 4)
1190 				dev_err(fdtv->device, "invalid pmt_cmd_id %d at stream level\n",
1191 					pmt_cmd_id);
1192 
1193 			if (es_info_length > sizeof(c->operand) - 4 - write_pos ||
1194 			    es_info_length > length - read_pos) {
1195 				ret = -EINVAL;
1196 				goto out;
1197 			}
1198 
1199 			memcpy(&c->operand[write_pos], &msg[read_pos],
1200 			       es_info_length);
1201 			read_pos += es_info_length;
1202 			write_pos += es_info_length;
1203 		}
1204 	}
1205 	write_pos += 4; /* CRC */
1206 
1207 	c->operand[7] = 0x82;
1208 	c->operand[8] = (write_pos - 10) >> 8;
1209 	c->operand[9] = (write_pos - 10) & 0xff;
1210 	c->operand[14] = write_pos - 15;
1211 
1212 	crc32_csum = crc32_be(0, &c->operand[10], c->operand[12] - 1);
1213 	c->operand[write_pos - 4] = (crc32_csum >> 24) & 0xff;
1214 	c->operand[write_pos - 3] = (crc32_csum >> 16) & 0xff;
1215 	c->operand[write_pos - 2] = (crc32_csum >>  8) & 0xff;
1216 	c->operand[write_pos - 1] = (crc32_csum >>  0) & 0xff;
1217 	pad_operands(c, write_pos);
1218 
1219 	fdtv->avc_data_length = ALIGN(3 + write_pos, 4);
1220 	ret = avc_write(fdtv);
1221 	if (ret < 0)
1222 		goto out;
1223 
1224 	if (r->response != AVC_RESPONSE_ACCEPTED) {
1225 		dev_err(fdtv->device,
1226 			"CA PMT failed with response 0x%x\n", r->response);
1227 		ret = -EACCES;
1228 	}
1229 out:
1230 	mutex_unlock(&fdtv->avc_mutex);
1231 
1232 	return ret;
1233 }
1234 
1235 int avc_ca_get_time_date(struct firedtv *fdtv, int *interval)
1236 {
1237 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1238 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1239 	int ret;
1240 
1241 	mutex_lock(&fdtv->avc_mutex);
1242 
1243 	c->ctype   = AVC_CTYPE_STATUS;
1244 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1245 	c->opcode  = AVC_OPCODE_VENDOR;
1246 
1247 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1248 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1249 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1250 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1251 	c->operand[4] = 0; /* slot */
1252 	c->operand[5] = SFE_VENDOR_TAG_CA_DATE_TIME; /* ca tag */
1253 	clear_operands(c, 6, LAST_OPERAND);
1254 
1255 	fdtv->avc_data_length = 12;
1256 	ret = avc_write(fdtv);
1257 	if (ret < 0)
1258 		goto out;
1259 
1260 	/* FIXME: check response code and validate response data */
1261 
1262 	*interval = r->operand[get_ca_object_pos(r)];
1263 out:
1264 	mutex_unlock(&fdtv->avc_mutex);
1265 
1266 	return ret;
1267 }
1268 
1269 int avc_ca_enter_menu(struct firedtv *fdtv)
1270 {
1271 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1272 	int ret;
1273 
1274 	mutex_lock(&fdtv->avc_mutex);
1275 
1276 	c->ctype   = AVC_CTYPE_STATUS;
1277 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1278 	c->opcode  = AVC_OPCODE_VENDOR;
1279 
1280 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1281 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1282 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1283 	c->operand[3] = SFE_VENDOR_OPCODE_HOST2CA;
1284 	c->operand[4] = 0; /* slot */
1285 	c->operand[5] = SFE_VENDOR_TAG_CA_ENTER_MENU;
1286 	clear_operands(c, 6, 8);
1287 
1288 	fdtv->avc_data_length = 12;
1289 	ret = avc_write(fdtv);
1290 
1291 	/* FIXME: check response code? */
1292 
1293 	mutex_unlock(&fdtv->avc_mutex);
1294 
1295 	return ret;
1296 }
1297 
1298 int avc_ca_get_mmi(struct firedtv *fdtv, char *mmi_object, unsigned int *len)
1299 {
1300 	struct avc_command_frame *c = (void *)fdtv->avc_data;
1301 	struct avc_response_frame *r = (void *)fdtv->avc_data;
1302 	int ret;
1303 
1304 	mutex_lock(&fdtv->avc_mutex);
1305 
1306 	c->ctype   = AVC_CTYPE_STATUS;
1307 	c->subunit = AVC_SUBUNIT_TYPE_TUNER | fdtv->subunit;
1308 	c->opcode  = AVC_OPCODE_VENDOR;
1309 
1310 	c->operand[0] = SFE_VENDOR_DE_COMPANYID_0;
1311 	c->operand[1] = SFE_VENDOR_DE_COMPANYID_1;
1312 	c->operand[2] = SFE_VENDOR_DE_COMPANYID_2;
1313 	c->operand[3] = SFE_VENDOR_OPCODE_CA2HOST;
1314 	c->operand[4] = 0; /* slot */
1315 	c->operand[5] = SFE_VENDOR_TAG_CA_MMI;
1316 	clear_operands(c, 6, LAST_OPERAND);
1317 
1318 	fdtv->avc_data_length = 12;
1319 	ret = avc_write(fdtv);
1320 	if (ret < 0)
1321 		goto out;
1322 
1323 	/* FIXME: check response code and validate response data */
1324 
1325 	*len = get_ca_object_length(r);
1326 	memcpy(mmi_object, &r->operand[get_ca_object_pos(r)], *len);
1327 out:
1328 	mutex_unlock(&fdtv->avc_mutex);
1329 
1330 	return ret;
1331 }
1332 
1333 #define CMP_OUTPUT_PLUG_CONTROL_REG_0	0xfffff0000904ULL
1334 
1335 static int cmp_read(struct firedtv *fdtv, u64 addr, __be32 *data)
1336 {
1337 	int ret;
1338 
1339 	ret = fdtv_read(fdtv, addr, data);
1340 	if (ret < 0)
1341 		dev_err(fdtv->device, "CMP: read I/O error\n");
1342 
1343 	return ret;
1344 }
1345 
1346 static int cmp_lock(struct firedtv *fdtv, u64 addr, __be32 data[])
1347 {
1348 	int ret;
1349 
1350 	ret = fdtv_lock(fdtv, addr, data);
1351 	if (ret < 0)
1352 		dev_err(fdtv->device, "CMP: lock I/O error\n");
1353 
1354 	return ret;
1355 }
1356 
1357 static inline u32 get_opcr(__be32 opcr, u32 mask, u32 shift)
1358 {
1359 	return (be32_to_cpu(opcr) >> shift) & mask;
1360 }
1361 
1362 static inline void set_opcr(__be32 *opcr, u32 value, u32 mask, u32 shift)
1363 {
1364 	*opcr &= ~cpu_to_be32(mask << shift);
1365 	*opcr |= cpu_to_be32((value & mask) << shift);
1366 }
1367 
1368 #define get_opcr_online(v)		get_opcr((v), 0x1, 31)
1369 #define get_opcr_p2p_connections(v)	get_opcr((v), 0x3f, 24)
1370 #define get_opcr_channel(v)		get_opcr((v), 0x3f, 16)
1371 
1372 #define set_opcr_p2p_connections(p, v)	set_opcr((p), (v), 0x3f, 24)
1373 #define set_opcr_channel(p, v)		set_opcr((p), (v), 0x3f, 16)
1374 #define set_opcr_data_rate(p, v)	set_opcr((p), (v), 0x3, 14)
1375 #define set_opcr_overhead_id(p, v)	set_opcr((p), (v), 0xf, 10)
1376 
1377 int cmp_establish_pp_connection(struct firedtv *fdtv, int plug, int channel)
1378 {
1379 	__be32 old_opcr, opcr[2];
1380 	u64 opcr_address = CMP_OUTPUT_PLUG_CONTROL_REG_0 + (plug << 2);
1381 	int attempts = 0;
1382 	int ret;
1383 
1384 	ret = cmp_read(fdtv, opcr_address, opcr);
1385 	if (ret < 0)
1386 		return ret;
1387 
1388 repeat:
1389 	if (!get_opcr_online(*opcr)) {
1390 		dev_err(fdtv->device, "CMP: output offline\n");
1391 		return -EBUSY;
1392 	}
1393 
1394 	old_opcr = *opcr;
1395 
1396 	if (get_opcr_p2p_connections(*opcr)) {
1397 		if (get_opcr_channel(*opcr) != channel) {
1398 			dev_err(fdtv->device, "CMP: cannot change channel\n");
1399 			return -EBUSY;
1400 		}
1401 		dev_info(fdtv->device, "CMP: overlaying connection\n");
1402 
1403 		/* We don't allocate isochronous resources. */
1404 	} else {
1405 		set_opcr_channel(opcr, channel);
1406 		set_opcr_data_rate(opcr, 2); /* S400 */
1407 
1408 		/* FIXME: this is for the worst case - optimize */
1409 		set_opcr_overhead_id(opcr, 0);
1410 
1411 		/* FIXME: allocate isochronous channel and bandwidth at IRM */
1412 	}
1413 
1414 	set_opcr_p2p_connections(opcr, get_opcr_p2p_connections(*opcr) + 1);
1415 
1416 	opcr[1] = *opcr;
1417 	opcr[0] = old_opcr;
1418 
1419 	ret = cmp_lock(fdtv, opcr_address, opcr);
1420 	if (ret < 0)
1421 		return ret;
1422 
1423 	if (old_opcr != *opcr) {
1424 		/*
1425 		 * FIXME: if old_opcr.P2P_Connections > 0,
1426 		 * deallocate isochronous channel and bandwidth at IRM
1427 		 */
1428 
1429 		if (++attempts < 6) /* arbitrary limit */
1430 			goto repeat;
1431 		return -EBUSY;
1432 	}
1433 
1434 	return 0;
1435 }
1436 
1437 void cmp_break_pp_connection(struct firedtv *fdtv, int plug, int channel)
1438 {
1439 	__be32 old_opcr, opcr[2];
1440 	u64 opcr_address = CMP_OUTPUT_PLUG_CONTROL_REG_0 + (plug << 2);
1441 	int attempts = 0;
1442 
1443 	if (cmp_read(fdtv, opcr_address, opcr) < 0)
1444 		return;
1445 
1446 repeat:
1447 	if (!get_opcr_online(*opcr) || !get_opcr_p2p_connections(*opcr) ||
1448 	    get_opcr_channel(*opcr) != channel) {
1449 		dev_err(fdtv->device, "CMP: no connection to break\n");
1450 		return;
1451 	}
1452 
1453 	old_opcr = *opcr;
1454 	set_opcr_p2p_connections(opcr, get_opcr_p2p_connections(*opcr) - 1);
1455 
1456 	opcr[1] = *opcr;
1457 	opcr[0] = old_opcr;
1458 
1459 	if (cmp_lock(fdtv, opcr_address, opcr) < 0)
1460 		return;
1461 
1462 	if (old_opcr != *opcr) {
1463 		/*
1464 		 * FIXME: if old_opcr.P2P_Connections == 1, i.e. we were last
1465 		 * owner, deallocate isochronous channel and bandwidth at IRM
1466 		 * if (...)
1467 		 *	fdtv->backend->dealloc_resources(fdtv, channel, bw);
1468 		 */
1469 
1470 		if (++attempts < 6) /* arbitrary limit */
1471 			goto repeat;
1472 	}
1473 }
1474