projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] pSeries hvsi char driver null pointer deref
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / char / hvsi.c
CommitLineData
1da177e4
LT		 1/*
2 * Copyright (C) 2004 Hollis Blanchard <hollisb@us.ibm.com>, IBM
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19/* Host Virtual Serial Interface (HVSI) is a protocol between the hosted OS
20 * and the service processor on IBM pSeries servers. On these servers, there
21 * are no serial ports under the OS's control, and sometimes there is no other
22 * console available either. However, the service processor has two standard
23 * serial ports, so this over-complicated protocol allows the OS to control
24 * those ports by proxy.
25 *
26 * Besides data, the procotol supports the reading/writing of the serial
27 * port's DTR line, and the reading of the CD line. This is to allow the OS to
28 * control a modem attached to the service processor's serial port. Note that
29 * the OS cannot change the speed of the port through this protocol.
30 */
31
32#undef DEBUG
33
34#include <linux/console.h>
35#include <linux/ctype.h>
36#include <linux/delay.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/module.h>
40#include <linux/major.h>
41#include <linux/kernel.h>
42#include <linux/sched.h>
43#include <linux/spinlock.h>
44#include <linux/sysrq.h>
45#include <linux/tty.h>
46#include <linux/tty_flip.h>
47#include <asm/hvcall.h>
48#include <asm/hvconsole.h>
49#include <asm/prom.h>
50#include <asm/uaccess.h>
51#include <asm/vio.h>
52#include <asm/param.h>
53
54#define HVSI_MAJOR 229
55#define HVSI_MINOR 128
56#define MAX_NR_HVSI_CONSOLES 4
57
58#define HVSI_TIMEOUT (5*HZ)
59#define HVSI_VERSION 1
60#define HVSI_MAX_PACKET 256
61#define HVSI_MAX_READ 16
62#define HVSI_MAX_OUTGOING_DATA 12
63#define N_OUTBUF 12
64
65/*
66 * we pass data via two 8-byte registers, so we would like our char arrays
67 * properly aligned for those loads.
68 */
69#define __ALIGNED__ __attribute__((__aligned__(sizeof(long))))
70
71struct hvsi_struct {
72 struct work_struct writer;
73 struct work_struct handshaker;
74 wait_queue_head_t emptyq; /* woken when outbuf is emptied */
75 wait_queue_head_t stateq; /* woken when HVSI state changes */
76 spinlock_t lock;
77 int index;
78 struct tty_struct *tty;
79 unsigned int count;
80 uint8_t throttle_buf[128];
81 uint8_t outbuf[N_OUTBUF]; /* to implement write_room and chars_in_buffer */
82 /* inbuf is for packet reassembly. leave a little room for leftovers. */
83 uint8_t inbuf[HVSI_MAX_PACKET + HVSI_MAX_READ];
84 uint8_t *inbuf_end;
85 int n_throttle;
86 int n_outbuf;
87 uint32_t vtermno;
88 uint32_t virq;
89 atomic_t seqno; /* HVSI packet sequence number */
90 uint16_t mctrl;
91 uint8_t state; /* HVSI protocol state */
92 uint8_t flags;
93#ifdef CONFIG_MAGIC_SYSRQ
94 uint8_t sysrq;
95#endif /* CONFIG_MAGIC_SYSRQ */
96};
97static struct hvsi_struct hvsi_ports[MAX_NR_HVSI_CONSOLES];
98
99static struct tty_driver *hvsi_driver;
100static int hvsi_count;
101static int (*hvsi_wait)(struct hvsi_struct *hp, int state);
102
103enum HVSI_PROTOCOL_STATE {
104 HVSI_CLOSED,
105 HVSI_WAIT_FOR_VER_RESPONSE,
106 HVSI_WAIT_FOR_VER_QUERY,
107 HVSI_OPEN,
108 HVSI_WAIT_FOR_MCTRL_RESPONSE,
109 HVSI_FSP_DIED,
110};
111#define HVSI_CONSOLE 0x1
112
113#define VS_DATA_PACKET_HEADER 0xff
114#define VS_CONTROL_PACKET_HEADER 0xfe
115#define VS_QUERY_PACKET_HEADER 0xfd
116#define VS_QUERY_RESPONSE_PACKET_HEADER 0xfc
117
118/* control verbs */
119#define VSV_SET_MODEM_CTL 1 /* to service processor only */
120#define VSV_MODEM_CTL_UPDATE 2 /* from service processor only */
121#define VSV_CLOSE_PROTOCOL 3
122
123/* query verbs */
124#define VSV_SEND_VERSION_NUMBER 1
125#define VSV_SEND_MODEM_CTL_STATUS 2
126
127/* yes, these masks are not consecutive. */
128#define HVSI_TSDTR 0x01
129#define HVSI_TSCD 0x20
130
131struct hvsi_header {
132 uint8_t type;
133 uint8_t len;
134 uint16_t seqno;
135} __attribute__((packed));
136
137struct hvsi_data {
138 uint8_t type;
139 uint8_t len;
140 uint16_t seqno;
141 uint8_t data[HVSI_MAX_OUTGOING_DATA];
142} __attribute__((packed));
143
144struct hvsi_control {
145 uint8_t type;
146 uint8_t len;
147 uint16_t seqno;
148 uint16_t verb;
149 /* optional depending on verb: */
150 uint32_t word;
151 uint32_t mask;
152} __attribute__((packed));
153
154struct hvsi_query {
155 uint8_t type;
156 uint8_t len;
157 uint16_t seqno;
158 uint16_t verb;
159} __attribute__((packed));
160
161struct hvsi_query_response {
162 uint8_t type;
163 uint8_t len;
164 uint16_t seqno;
165 uint16_t verb;
166 uint16_t query_seqno;
167 union {
168 uint8_t version;
169 uint32_t mctrl_word;
170 } u;
171} __attribute__((packed));
172
173
174
175static inline int is_console(struct hvsi_struct *hp)
176{
177 return hp->flags & HVSI_CONSOLE;
178}
179
180static inline int is_open(struct hvsi_struct *hp)
181{
182 /* if we're waiting for an mctrl then we're already open */
183 return (hp->state == HVSI_OPEN)
184 || (hp->state == HVSI_WAIT_FOR_MCTRL_RESPONSE);
185}
186
187static inline void print_state(struct hvsi_struct *hp)
188{
189#ifdef DEBUG
190 static const char *state_names[] = {
191 "HVSI_CLOSED",
192 "HVSI_WAIT_FOR_VER_RESPONSE",
193 "HVSI_WAIT_FOR_VER_QUERY",
194 "HVSI_OPEN",
195 "HVSI_WAIT_FOR_MCTRL_RESPONSE",
196 "HVSI_FSP_DIED",
197 };
198 const char *name = state_names[hp->state];
199
fe971071 200 if (hp->state > ARRAY_SIZE(state_names))
1da177e4
LT		 201 name = "UNKNOWN";
202
203 pr_debug("hvsi%i: state = %s\n", hp->index, name);
204#endif /* DEBUG */
205}
206
207static inline void __set_state(struct hvsi_struct *hp, int state)
208{
209 hp->state = state;
210 print_state(hp);
211 wake_up_all(&hp->stateq);
212}
213
214static inline void set_state(struct hvsi_struct *hp, int state)
215{
216 unsigned long flags;
217
218 spin_lock_irqsave(&hp->lock, flags);
219 __set_state(hp, state);
220 spin_unlock_irqrestore(&hp->lock, flags);
221}
222
223static inline int len_packet(const uint8_t *packet)
224{
225 return (int)((struct hvsi_header *)packet)->len;
226}
227
228static inline int is_header(const uint8_t *packet)
229{
230 struct hvsi_header *header = (struct hvsi_header *)packet;
231 return header->type >= VS_QUERY_RESPONSE_PACKET_HEADER;
232}
233
234static inline int got_packet(const struct hvsi_struct *hp, uint8_t *packet)
235{
236 if (hp->inbuf_end < packet + sizeof(struct hvsi_header))
237 return 0; /* don't even have the packet header */
238
239 if (hp->inbuf_end < (packet + len_packet(packet)))
240 return 0; /* don't have the rest of the packet */
241
242 return 1;
243}
244
245/* shift remaining bytes in packetbuf down */
246static void compact_inbuf(struct hvsi_struct *hp, uint8_t *read_to)
247{
248 int remaining = (int)(hp->inbuf_end - read_to);
249
250 pr_debug("%s: %i chars remain\n", __FUNCTION__, remaining);
251
252 if (read_to != hp->inbuf)
253 memmove(hp->inbuf, read_to, remaining);
254
255 hp->inbuf_end = hp->inbuf + remaining;
256}
257
258#ifdef DEBUG
259#define dbg_dump_packet(packet) dump_packet(packet)
260#define dbg_dump_hex(data, len) dump_hex(data, len)
261#else
262#define dbg_dump_packet(packet) do { } while (0)
263#define dbg_dump_hex(data, len) do { } while (0)
264#endif
265
266static void dump_hex(const uint8_t *data, int len)
267{
268 int i;
269
270 printk(" ");
271 for (i=0; i < len; i++)
272 printk("%.2x", data[i]);
273
274 printk("\n ");
275 for (i=0; i < len; i++) {
276 if (isprint(data[i]))
277 printk("%c", data[i]);
278 else
279 printk(".");
280 }
281 printk("\n");
282}
283
284static void dump_packet(uint8_t *packet)
285{
286 struct hvsi_header *header = (struct hvsi_header *)packet;
287
288 printk("type 0x%x, len %i, seqno %i:\n", header->type, header->len,
289 header->seqno);
290
291 dump_hex(packet, header->len);
292}
293
1da177e4
LT		 294static int hvsi_read(struct hvsi_struct *hp, char *buf, int count)
295{
296 unsigned long got;
297
88de0be0
MM		 298 got = hvc_get_chars(hp->vtermno, buf, count);
299
300 return got;
1da177e4
LT		 301}
302
303static void hvsi_recv_control(struct hvsi_struct *hp, uint8_t *packet,
304 struct tty_struct **to_hangup, struct hvsi_struct **to_handshake)
305{
306 struct hvsi_control *header = (struct hvsi_control *)packet;
307
308 switch (header->verb) {
309 case VSV_MODEM_CTL_UPDATE:
310 if ((header->word & HVSI_TSCD) == 0) {
311 /* CD went away; no more connection */
312 pr_debug("hvsi%i: CD dropped\n", hp->index);
313 hp->mctrl &= TIOCM_CD;
229395c9
LV		 314 /* If userland hasn't done an open(2) yet, hp->tty is NULL. */
315 if (hp->tty && !(hp->tty->flags & CLOCAL))
1da177e4
LT		 316 *to_hangup = hp->tty;
317 }
318 break;
319 case VSV_CLOSE_PROTOCOL:
320 pr_debug("hvsi%i: service processor came back\n", hp->index);
321 if (hp->state != HVSI_CLOSED) {
322 *to_handshake = hp;
323 }
324 break;
325 default:
326 printk(KERN_WARNING "hvsi%i: unknown HVSI control packet: ",
327 hp->index);
328 dump_packet(packet);
329 break;
330 }
331}
332
333static void hvsi_recv_response(struct hvsi_struct *hp, uint8_t *packet)
334{
335 struct hvsi_query_response *resp = (struct hvsi_query_response *)packet;
336
337 switch (hp->state) {
338 case HVSI_WAIT_FOR_VER_RESPONSE:
339 __set_state(hp, HVSI_WAIT_FOR_VER_QUERY);
340 break;
341 case HVSI_WAIT_FOR_MCTRL_RESPONSE:
342 hp->mctrl = 0;
343 if (resp->u.mctrl_word & HVSI_TSDTR)
344 hp->mctrl |= TIOCM_DTR;
345 if (resp->u.mctrl_word & HVSI_TSCD)
346 hp->mctrl |= TIOCM_CD;
347 __set_state(hp, HVSI_OPEN);
348 break;
349 default:
350 printk(KERN_ERR "hvsi%i: unexpected query response: ", hp->index);
351 dump_packet(packet);
352 break;
353 }
354}
355
356/* respond to service processor's version query */
357static int hvsi_version_respond(struct hvsi_struct *hp, uint16_t query_seqno)
358{
359 struct hvsi_query_response packet __ALIGNED__;
360 int wrote;
361
362 packet.type = VS_QUERY_RESPONSE_PACKET_HEADER;
363 packet.len = sizeof(struct hvsi_query_response);
364 packet.seqno = atomic_inc_return(&hp->seqno);
365 packet.verb = VSV_SEND_VERSION_NUMBER;
366 packet.u.version = HVSI_VERSION;
367 packet.query_seqno = query_seqno+1;
368
369 pr_debug("%s: sending %i bytes\n", __FUNCTION__, packet.len);
370 dbg_dump_hex((uint8_t*)&packet, packet.len);
371
372 wrote = hvc_put_chars(hp->vtermno, (char *)&packet, packet.len);
373 if (wrote != packet.len) {
374 printk(KERN_ERR "hvsi%i: couldn't send query response!\n",
375 hp->index);
376 return -EIO;
377 }
378
379 return 0;
380}
381
382static void hvsi_recv_query(struct hvsi_struct *hp, uint8_t *packet)
383{
384 struct hvsi_query *query = (struct hvsi_query *)packet;
385
386 switch (hp->state) {
387 case HVSI_WAIT_FOR_VER_QUERY:
388 hvsi_version_respond(hp, query->seqno);
389 __set_state(hp, HVSI_OPEN);
390 break;
391 default:
392 printk(KERN_ERR "hvsi%i: unexpected query: ", hp->index);
393 dump_packet(packet);
394 break;
395 }
396}
397
398static void hvsi_insert_chars(struct hvsi_struct *hp, const char *buf, int len)
399{
400 int i;
401
402 for (i=0; i < len; i++) {
403 char c = buf[i];
404#ifdef CONFIG_MAGIC_SYSRQ
405 if (c == '\0') {
406 hp->sysrq = 1;
407 continue;
408 } else if (hp->sysrq) {
409 handle_sysrq(c, NULL, hp->tty);
410 hp->sysrq = 0;
411 continue;
412 }
413#endif /* CONFIG_MAGIC_SYSRQ */
414 tty_insert_flip_char(hp->tty, c, 0);
415 }
416}
417
418/*
419 * We could get 252 bytes of data at once here. But the tty layer only
420 * throttles us at TTY_THRESHOLD_THROTTLE (128) bytes, so we could overflow
421 * it. Accordingly we won't send more than 128 bytes at a time to the flip
422 * buffer, which will give the tty buffer a chance to throttle us. Should the
423 * value of TTY_THRESHOLD_THROTTLE change in n_tty.c, this code should be
424 * revisited.
425 */
426#define TTY_THRESHOLD_THROTTLE 128
427static struct tty_struct *hvsi_recv_data(struct hvsi_struct *hp,
428 const uint8_t *packet)
429{
430 const struct hvsi_header *header = (const struct hvsi_header *)packet;
431 const uint8_t *data = packet + sizeof(struct hvsi_header);
432 int datalen = header->len - sizeof(struct hvsi_header);
433 int overflow = datalen - TTY_THRESHOLD_THROTTLE;
434
435 pr_debug("queueing %i chars '%.*s'\n", datalen, datalen, data);
436
437 if (datalen == 0)
438 return NULL;
439
440 if (overflow > 0) {
441 pr_debug("%s: got >TTY_THRESHOLD_THROTTLE bytes\n", __FUNCTION__);
442 datalen = TTY_THRESHOLD_THROTTLE;
443 }
444
445 hvsi_insert_chars(hp, data, datalen);
446
447 if (overflow > 0) {
448 /*
449 * we still have more data to deliver, so we need to save off the
450 * overflow and send it later
451 */
452 pr_debug("%s: deferring overflow\n", __FUNCTION__);
453 memcpy(hp->throttle_buf, data + TTY_THRESHOLD_THROTTLE, overflow);
454 hp->n_throttle = overflow;
455 }
456
457 return hp->tty;
458}
459
460/*
461 * Returns true/false indicating data successfully read from hypervisor.
462 * Used both to get packets for tty connections and to advance the state
463 * machine during console handshaking (in which case tty = NULL and we ignore
464 * incoming data).
465 */
466static int hvsi_load_chunk(struct hvsi_struct *hp, struct tty_struct **flip,
467 struct tty_struct **hangup, struct hvsi_struct **handshake)
468{
469 uint8_t *packet = hp->inbuf;
470 int chunklen;
471
472 *flip = NULL;
473 *hangup = NULL;
474 *handshake = NULL;
475
476 chunklen = hvsi_read(hp, hp->inbuf_end, HVSI_MAX_READ);
477 if (chunklen == 0) {
478 pr_debug("%s: 0-length read\n", __FUNCTION__);
479 return 0;
480 }
481
482 pr_debug("%s: got %i bytes\n", __FUNCTION__, chunklen);
483 dbg_dump_hex(hp->inbuf_end, chunklen);
484
485 hp->inbuf_end += chunklen;
486
487 /* handle all completed packets */
488 while ((packet < hp->inbuf_end) && got_packet(hp, packet)) {
489 struct hvsi_header *header = (struct hvsi_header *)packet;
490
491 if (!is_header(packet)) {
492 printk(KERN_ERR "hvsi%i: got malformed packet\n", hp->index);
493 /* skip bytes until we find a header or run out of data */
494 while ((packet < hp->inbuf_end) && (!is_header(packet)))
495 packet++;
496 continue;
497 }
498
499 pr_debug("%s: handling %i-byte packet\n", __FUNCTION__,
500 len_packet(packet));
501 dbg_dump_packet(packet);
502
503 switch (header->type) {
504 case VS_DATA_PACKET_HEADER:
505 if (!is_open(hp))
506 break;
507 if (hp->tty == NULL)
508 break; /* no tty buffer to put data in */
509 *flip = hvsi_recv_data(hp, packet);
510 break;
511 case VS_CONTROL_PACKET_HEADER:
512 hvsi_recv_control(hp, packet, hangup, handshake);
513 break;
514 case VS_QUERY_RESPONSE_PACKET_HEADER:
515 hvsi_recv_response(hp, packet);
516 break;
517 case VS_QUERY_PACKET_HEADER:
518 hvsi_recv_query(hp, packet);
519 break;
520 default:
521 printk(KERN_ERR "hvsi%i: unknown HVSI packet type 0x%x\n",
522 hp->index, header->type);
523 dump_packet(packet);
524 break;
525 }
526
527 packet += len_packet(packet);
528
529 if (*hangup || *handshake) {
530 pr_debug("%s: hangup or handshake\n", __FUNCTION__);
531 /*
532 * we need to send the hangup now before receiving any more data.
533 * If we get "data, hangup, data", we can't deliver the second
534 * data before the hangup.
535 */
536 break;
537 }
538 }
539
540 compact_inbuf(hp, packet);
541
542 return 1;
543}
544
545static void hvsi_send_overflow(struct hvsi_struct *hp)
546{
547 pr_debug("%s: delivering %i bytes overflow\n", __FUNCTION__,
548 hp->n_throttle);
549
550 hvsi_insert_chars(hp, hp->throttle_buf, hp->n_throttle);
551 hp->n_throttle = 0;
552}
553
554/*
555 * must get all pending data because we only get an irq on empty->non-empty
556 * transition
557 */
558static irqreturn_t hvsi_interrupt(int irq, void *arg, struct pt_regs *regs)
559{
560 struct hvsi_struct *hp = (struct hvsi_struct *)arg;
561 struct tty_struct *flip;
562 struct tty_struct *hangup;
563 struct hvsi_struct *handshake;
564 unsigned long flags;
565 int again = 1;
566
567 pr_debug("%s\n", __FUNCTION__);
568
569 while (again) {
570 spin_lock_irqsave(&hp->lock, flags);
571 again = hvsi_load_chunk(hp, &flip, &hangup, &handshake);
572 spin_unlock_irqrestore(&hp->lock, flags);
573
574 /*
575 * we have to call tty_flip_buffer_push() and tty_hangup() outside our
576 * spinlock. But we also have to keep going until we've read all the
577 * available data.
578 */
579
580 if (flip) {
581 /* there was data put in the tty flip buffer */
582 tty_flip_buffer_push(flip);
583 flip = NULL;
584 }
585
586 if (hangup) {
587 tty_hangup(hangup);
588 }
589
590 if (handshake) {
591 pr_debug("hvsi%i: attempting re-handshake\n", handshake->index);
592 schedule_work(&handshake->handshaker);
593 }
594 }
595
596 spin_lock_irqsave(&hp->lock, flags);
597 if (hp->tty && hp->n_throttle
598 && (!test_bit(TTY_THROTTLED, &hp->tty->flags))) {
599 /* we weren't hung up and we weren't throttled, so we can deliver the
600 * rest now */
601 flip = hp->tty;
602 hvsi_send_overflow(hp);
603 }
604 spin_unlock_irqrestore(&hp->lock, flags);
605
606 if (flip) {
607 tty_flip_buffer_push(flip);
608 }
609
610 return IRQ_HANDLED;
611}
612
613/* for boot console, before the irq handler is running */
614static int __init poll_for_state(struct hvsi_struct *hp, int state)
615{
616 unsigned long end_jiffies = jiffies + HVSI_TIMEOUT;
617
618 for (;;) {
619 hvsi_interrupt(hp->virq, (void *)hp, NULL); /* get pending data */
620
621 if (hp->state == state)
622 return 0;
623
624 mdelay(5);
625 if (time_after(jiffies, end_jiffies))
626 return -EIO;
627 }
628}
629
630/* wait for irq handler to change our state */
631static int wait_for_state(struct hvsi_struct *hp, int state)
632{
633 int ret = 0;
634
635 if (!wait_event_timeout(hp->stateq, (hp->state == state), HVSI_TIMEOUT))
636 ret = -EIO;
637
638 return ret;
639}
640
641static int hvsi_query(struct hvsi_struct *hp, uint16_t verb)
642{
643 struct hvsi_query packet __ALIGNED__;
644 int wrote;
645
646 packet.type = VS_QUERY_PACKET_HEADER;
647 packet.len = sizeof(struct hvsi_query);
648 packet.seqno = atomic_inc_return(&hp->seqno);
649 packet.verb = verb;
650
651 pr_debug("%s: sending %i bytes\n", __FUNCTION__, packet.len);
652 dbg_dump_hex((uint8_t*)&packet, packet.len);
653
654 wrote = hvc_put_chars(hp->vtermno, (char *)&packet, packet.len);
655 if (wrote != packet.len) {
656 printk(KERN_ERR "hvsi%i: couldn't send query (%i)!\n", hp->index,
657 wrote);
658 return -EIO;
659 }
660
661 return 0;
662}
663
664static int hvsi_get_mctrl(struct hvsi_struct *hp)
665{
666 int ret;
667
668 set_state(hp, HVSI_WAIT_FOR_MCTRL_RESPONSE);
669 hvsi_query(hp, VSV_SEND_MODEM_CTL_STATUS);
670
671 ret = hvsi_wait(hp, HVSI_OPEN);
672 if (ret < 0) {
673 printk(KERN_ERR "hvsi%i: didn't get modem flags\n", hp->index);
674 set_state(hp, HVSI_OPEN);
675 return ret;
676 }
677
678 pr_debug("%s: mctrl 0x%x\n", __FUNCTION__, hp->mctrl);
679
680 return 0;
681}
682
683/* note that we can only set DTR */
684static int hvsi_set_mctrl(struct hvsi_struct *hp, uint16_t mctrl)
685{
686 struct hvsi_control packet __ALIGNED__;
687 int wrote;
688
689 packet.type = VS_CONTROL_PACKET_HEADER,
690 packet.seqno = atomic_inc_return(&hp->seqno);
691 packet.len = sizeof(struct hvsi_control);
692 packet.verb = VSV_SET_MODEM_CTL;
693 packet.mask = HVSI_TSDTR;
694
695 if (mctrl & TIOCM_DTR)
696 packet.word = HVSI_TSDTR;
697
698 pr_debug("%s: sending %i bytes\n", __FUNCTION__, packet.len);
699 dbg_dump_hex((uint8_t*)&packet, packet.len);
700
701 wrote = hvc_put_chars(hp->vtermno, (char *)&packet, packet.len);
702 if (wrote != packet.len) {
703 printk(KERN_ERR "hvsi%i: couldn't set DTR!\n", hp->index);
704 return -EIO;
705 }
706
707 return 0;
708}
709
710static void hvsi_drain_input(struct hvsi_struct *hp)
711{
712 uint8_t buf[HVSI_MAX_READ] __ALIGNED__;
713 unsigned long end_jiffies = jiffies + HVSI_TIMEOUT;
714
715 while (time_before(end_jiffies, jiffies))
716 if (0 == hvsi_read(hp, buf, HVSI_MAX_READ))
717 break;
718}
719
720static int hvsi_handshake(struct hvsi_struct *hp)
721{
722 int ret;
723
724 /*
725 * We could have a CLOSE or other data waiting for us before we even try
726 * to open; try to throw it all away so we don't get confused. (CLOSE
727 * is the first message sent up the pipe when the FSP comes online. We
728 * need to distinguish between "it came up a while ago and we're the first
729 * user" and "it was just reset before it saw our handshake packet".)
730 */
731 hvsi_drain_input(hp);
732
733 set_state(hp, HVSI_WAIT_FOR_VER_RESPONSE);
734 ret = hvsi_query(hp, VSV_SEND_VERSION_NUMBER);
735 if (ret < 0) {
736 printk(KERN_ERR "hvsi%i: couldn't send version query\n", hp->index);
737 return ret;
738 }
739
740 ret = hvsi_wait(hp, HVSI_OPEN);
741 if (ret < 0)
742 return ret;
743
744 return 0;
745}
746
747static void hvsi_handshaker(void *arg)
748{
749 struct hvsi_struct *hp = (struct hvsi_struct *)arg;
750
751 if (hvsi_handshake(hp) >= 0)
752 return;
753
754 printk(KERN_ERR "hvsi%i: re-handshaking failed\n", hp->index);
755 if (is_console(hp)) {
756 /*
757 * ttys will re-attempt the handshake via hvsi_open, but
758 * the console will not.
759 */
760 printk(KERN_ERR "hvsi%i: lost console!\n", hp->index);
761 }
762}
763
764static int hvsi_put_chars(struct hvsi_struct *hp, const char *buf, int count)
765{
766 struct hvsi_data packet __ALIGNED__;
767 int ret;
768
769 BUG_ON(count > HVSI_MAX_OUTGOING_DATA);
770
771 packet.type = VS_DATA_PACKET_HEADER;
772 packet.seqno = atomic_inc_return(&hp->seqno);
773 packet.len = count + sizeof(struct hvsi_header);
774 memcpy(&packet.data, buf, count);
775
776 ret = hvc_put_chars(hp->vtermno, (char *)&packet, packet.len);
777 if (ret == packet.len) {
778 /* return the number of chars written, not the packet length */
779 return count;
780 }
781 return ret; /* return any errors */
782}
783
784static void hvsi_close_protocol(struct hvsi_struct *hp)
785{
786 struct hvsi_control packet __ALIGNED__;
787
788 packet.type = VS_CONTROL_PACKET_HEADER;
789 packet.seqno = atomic_inc_return(&hp->seqno);
790 packet.len = 6;
791 packet.verb = VSV_CLOSE_PROTOCOL;
792
793 pr_debug("%s: sending %i bytes\n", __FUNCTION__, packet.len);
794 dbg_dump_hex((uint8_t*)&packet, packet.len);
795
796 hvc_put_chars(hp->vtermno, (char *)&packet, packet.len);
797}
798
799static int hvsi_open(struct tty_struct *tty, struct file *filp)
800{
801 struct hvsi_struct *hp;
802 unsigned long flags;
803 int line = tty->index;
804 int ret;
805
806 pr_debug("%s\n", __FUNCTION__);
807
808 if (line < 0 || line >= hvsi_count)
809 return -ENODEV;
810 hp = &hvsi_ports[line];
811
812 tty->driver_data = hp;
813 tty->low_latency = 1; /* avoid throttle/tty_flip_buffer_push race */
814
815 mb();
816 if (hp->state == HVSI_FSP_DIED)
817 return -EIO;
818
819 spin_lock_irqsave(&hp->lock, flags);
820 hp->tty = tty;
821 hp->count++;
822 atomic_set(&hp->seqno, 0);
823 h_vio_signal(hp->vtermno, VIO_IRQ_ENABLE);
824 spin_unlock_irqrestore(&hp->lock, flags);
825
826 if (is_console(hp))
827 return 0; /* this has already been handshaked as the console */
828
829 ret = hvsi_handshake(hp);
830 if (ret < 0) {
831 printk(KERN_ERR "%s: HVSI handshaking failed\n", tty->name);
832 return ret;
833 }
834
835 ret = hvsi_get_mctrl(hp);
836 if (ret < 0) {
837 printk(KERN_ERR "%s: couldn't get initial modem flags\n", tty->name);
838 return ret;
839 }
840
841 ret = hvsi_set_mctrl(hp, hp->mctrl | TIOCM_DTR);
842 if (ret < 0) {
843 printk(KERN_ERR "%s: couldn't set DTR\n", tty->name);
844 return ret;
845 }
846
847 return 0;
848}
849
850/* wait for hvsi_write_worker to empty hp->outbuf */
851static void hvsi_flush_output(struct hvsi_struct *hp)
852{
853 wait_event_timeout(hp->emptyq, (hp->n_outbuf <= 0), HVSI_TIMEOUT);
854
855 /* 'writer' could still be pending if it didn't see n_outbuf = 0 yet */
856 cancel_delayed_work(&hp->writer);
857 flush_scheduled_work();
858
859 /*
860 * it's also possible that our timeout expired and hvsi_write_worker
861 * didn't manage to push outbuf. poof.
862 */
863 hp->n_outbuf = 0;
864}
865
866static void hvsi_close(struct tty_struct *tty, struct file *filp)
867{
868 struct hvsi_struct *hp = tty->driver_data;
869 unsigned long flags;
870
871 pr_debug("%s\n", __FUNCTION__);
872
873 if (tty_hung_up_p(filp))
874 return;
875
876 spin_lock_irqsave(&hp->lock, flags);
877
878 if (--hp->count == 0) {
879 hp->tty = NULL;
880 hp->inbuf_end = hp->inbuf; /* discard remaining partial packets */
881
882 /* only close down connection if it is not the console */
883 if (!is_console(hp)) {
884 h_vio_signal(hp->vtermno, VIO_IRQ_DISABLE); /* no more irqs */
885 __set_state(hp, HVSI_CLOSED);
886 /*
887 * any data delivered to the tty layer after this will be
888 * discarded (except for XON/XOFF)
889 */
890 tty->closing = 1;
891
892 spin_unlock_irqrestore(&hp->lock, flags);
893
894 /* let any existing irq handlers finish. no more will start. */
895 synchronize_irq(hp->virq);
896
897 /* hvsi_write_worker will re-schedule until outbuf is empty. */
898 hvsi_flush_output(hp);
899
900 /* tell FSP to stop sending data */
901 hvsi_close_protocol(hp);
902
903 /*
904 * drain anything FSP is still in the middle of sending, and let
905 * hvsi_handshake drain the rest on the next open.
906 */
907 hvsi_drain_input(hp);
908
909 spin_lock_irqsave(&hp->lock, flags);
910 }
911 } else if (hp->count < 0)
912 printk(KERN_ERR "hvsi_close %lu: oops, count is %d\n",
913 hp - hvsi_ports, hp->count);
914
915 spin_unlock_irqrestore(&hp->lock, flags);
916}
917
918static void hvsi_hangup(struct tty_struct *tty)
919{
920 struct hvsi_struct *hp = tty->driver_data;
921 unsigned long flags;
922
923 pr_debug("%s\n", __FUNCTION__);
924
925 spin_lock_irqsave(&hp->lock, flags);
926
927 hp->count = 0;
928 hp->n_outbuf = 0;
929 hp->tty = NULL;
930
931 spin_unlock_irqrestore(&hp->lock, flags);
932}
933
934/* called with hp->lock held */
935static void hvsi_push(struct hvsi_struct *hp)
936{
937 int n;
938
939 if (hp->n_outbuf <= 0)
940 return;
941
942 n = hvsi_put_chars(hp, hp->outbuf, hp->n_outbuf);
943 if (n > 0) {
944 /* success */
945 pr_debug("%s: wrote %i chars\n", __FUNCTION__, n);
946 hp->n_outbuf = 0;
947 } else if (n == -EIO) {
948 __set_state(hp, HVSI_FSP_DIED);
949 printk(KERN_ERR "hvsi%i: service processor died\n", hp->index);
950 }
951}
952
953/* hvsi_write_worker will keep rescheduling itself until outbuf is empty */
954static void hvsi_write_worker(void *arg)
955{
956 struct hvsi_struct *hp = (struct hvsi_struct *)arg;
957 unsigned long flags;
958#ifdef DEBUG
959 static long start_j = 0;
960
961 if (start_j == 0)
962 start_j = jiffies;
963#endif /* DEBUG */
964
965 spin_lock_irqsave(&hp->lock, flags);
966
967 pr_debug("%s: %i chars in buffer\n", __FUNCTION__, hp->n_outbuf);
968
969 if (!is_open(hp)) {
970 /*
971 * We could have a non-open connection if the service processor died
972 * while we were busily scheduling ourselves. In that case, it could
973 * be minutes before the service processor comes back, so only try
974 * again once a second.
975 */
976 schedule_delayed_work(&hp->writer, HZ);
977 goto out;
978 }
979
980 hvsi_push(hp);
981 if (hp->n_outbuf > 0)
982 schedule_delayed_work(&hp->writer, 10);
983 else {
984#ifdef DEBUG
985 pr_debug("%s: outbuf emptied after %li jiffies\n", __FUNCTION__,
986 jiffies - start_j);
987 start_j = 0;
988#endif /* DEBUG */
989 wake_up_all(&hp->emptyq);
990 if (test_bit(TTY_DO_WRITE_WAKEUP, &hp->tty->flags)
991 && hp->tty->ldisc.write_wakeup)
992 hp->tty->ldisc.write_wakeup(hp->tty);
993 wake_up_interruptible(&hp->tty->write_wait);
994 }
995
996out:
997 spin_unlock_irqrestore(&hp->lock, flags);
998}
999
1000static int hvsi_write_room(struct tty_struct *tty)
1001{
1002 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1003
1004 return N_OUTBUF - hp->n_outbuf;
1005}
1006
1007static int hvsi_chars_in_buffer(struct tty_struct *tty)
1008{
1009 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1010
1011 return hp->n_outbuf;
1012}
1013
1014static int hvsi_write(struct tty_struct *tty,
1015 const unsigned char *buf, int count)
1016{
1017 struct hvsi_struct *hp = tty->driver_data;
1018 const char *source = buf;
1019 unsigned long flags;
1020 int total = 0;
1021 int origcount = count;
1022
1023 spin_lock_irqsave(&hp->lock, flags);
1024
1025 pr_debug("%s: %i chars in buffer\n", __FUNCTION__, hp->n_outbuf);
1026
1027 if (!is_open(hp)) {
1028 /* we're either closing or not yet open; don't accept data */
1029 pr_debug("%s: not open\n", __FUNCTION__);
1030 goto out;
1031 }
1032
1033 /*
1034 * when the hypervisor buffer (16K) fills, data will stay in hp->outbuf
1035 * and hvsi_write_worker will be scheduled. subsequent hvsi_write() calls
1036 * will see there is no room in outbuf and return.
1037 */
1038 while ((count > 0) && (hvsi_write_room(hp->tty) > 0)) {
1039 int chunksize = min(count, hvsi_write_room(hp->tty));
1040
1041 BUG_ON(hp->n_outbuf < 0);
1042 memcpy(hp->outbuf + hp->n_outbuf, source, chunksize);
1043 hp->n_outbuf += chunksize;
1044
1045 total += chunksize;
1046 source += chunksize;
1047 count -= chunksize;
1048 hvsi_push(hp);
1049 }
1050
1051 if (hp->n_outbuf > 0) {
1052 /*
1053 * we weren't able to write it all to the hypervisor.
1054 * schedule another push attempt.
1055 */
1056 schedule_delayed_work(&hp->writer, 10);
1057 }
1058
1059out:
1060 spin_unlock_irqrestore(&hp->lock, flags);
1061
1062 if (total != origcount)
1063 pr_debug("%s: wanted %i, only wrote %i\n", __FUNCTION__, origcount,
1064 total);
1065
1066 return total;
1067}
1068
1069/*
1070 * I have never seen throttle or unthrottle called, so this little throttle
1071 * buffering scheme may or may not work.
1072 */
1073static void hvsi_throttle(struct tty_struct *tty)
1074{
1075 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1076
1077 pr_debug("%s\n", __FUNCTION__);
1078
1079 h_vio_signal(hp->vtermno, VIO_IRQ_DISABLE);
1080}
1081
1082static void hvsi_unthrottle(struct tty_struct *tty)
1083{
1084 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1085 unsigned long flags;
1086 int shouldflip = 0;
1087
1088 pr_debug("%s\n", __FUNCTION__);
1089
1090 spin_lock_irqsave(&hp->lock, flags);
1091 if (hp->n_throttle) {
1092 hvsi_send_overflow(hp);
1093 shouldflip = 1;
1094 }
1095 spin_unlock_irqrestore(&hp->lock, flags);
1096
1097 if (shouldflip)
1098 tty_flip_buffer_push(hp->tty);
1099
1100 h_vio_signal(hp->vtermno, VIO_IRQ_ENABLE);
1101}
1102
1103static int hvsi_tiocmget(struct tty_struct *tty, struct file *file)
1104{
1105 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1106
1107 hvsi_get_mctrl(hp);
1108 return hp->mctrl;
1109}
1110
1111static int hvsi_tiocmset(struct tty_struct *tty, struct file *file,
1112 unsigned int set, unsigned int clear)
1113{
1114 struct hvsi_struct *hp = (struct hvsi_struct *)tty->driver_data;
1115 unsigned long flags;
1116 uint16_t new_mctrl;
1117
1118 /* we can only alter DTR */
1119 clear &= TIOCM_DTR;
1120 set &= TIOCM_DTR;
1121
1122 spin_lock_irqsave(&hp->lock, flags);
1123
1124 new_mctrl = (hp->mctrl & ~clear) | set;
1125
1126 if (hp->mctrl != new_mctrl) {
1127 hvsi_set_mctrl(hp, new_mctrl);
1128 hp->mctrl = new_mctrl;
1129 }
1130 spin_unlock_irqrestore(&hp->lock, flags);
1131
1132 return 0;
1133}
1134
1135
1136static struct tty_operations hvsi_ops = {
1137 .open = hvsi_open,
1138 .close = hvsi_close,
1139 .write = hvsi_write,
1140 .hangup = hvsi_hangup,
1141 .write_room = hvsi_write_room,
1142 .chars_in_buffer = hvsi_chars_in_buffer,
1143 .throttle = hvsi_throttle,
1144 .unthrottle = hvsi_unthrottle,
1145 .tiocmget = hvsi_tiocmget,
1146 .tiocmset = hvsi_tiocmset,
1147};
1148
1149static int __init hvsi_init(void)
1150{
1151 int i;
1152
1153 hvsi_driver = alloc_tty_driver(hvsi_count);
1154 if (!hvsi_driver)
1155 return -ENOMEM;
1156
1157 hvsi_driver->owner = THIS_MODULE;
1da177e4
LT		 1158 hvsi_driver->driver_name = "hvsi";
1159 hvsi_driver->name = "hvsi";
1160 hvsi_driver->major = HVSI_MAJOR;
1161 hvsi_driver->minor_start = HVSI_MINOR;
1162 hvsi_driver->type = TTY_DRIVER_TYPE_SYSTEM;
1163 hvsi_driver->init_termios = tty_std_termios;
1164 hvsi_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
1165 hvsi_driver->flags = TTY_DRIVER_REAL_RAW;
1166 tty_set_operations(hvsi_driver, &hvsi_ops);
1167
1168 for (i=0; i < hvsi_count; i++) {
1169 struct hvsi_struct *hp = &hvsi_ports[i];
1170 int ret = 1;
1171
0f2ed4c6 1172 ret = request_irq(hp->virq, hvsi_interrupt, IRQF_DISABLED, "hvsi", hp);
1da177e4
LT		 1173 if (ret)
1174 printk(KERN_ERR "HVSI: couldn't reserve irq 0x%x (error %i)\n",
1175 hp->virq, ret);
1176 }
1177 hvsi_wait = wait_for_state; /* irqs active now */
1178
1179 if (tty_register_driver(hvsi_driver))
1180 panic("Couldn't register hvsi console driver\n");
1181
8b6a7b2e 1182 printk(KERN_DEBUG "HVSI: registered %i devices\n", hvsi_count);
1da177e4
LT		 1183
1184 return 0;
1185}
1186device_initcall(hvsi_init);
1187
1188/***** console (not tty) code: *****/
1189
1190static void hvsi_console_print(struct console *console, const char *buf,
1191 unsigned int count)
1192{
1193 struct hvsi_struct *hp = &hvsi_ports[console->index];
1194 char c[HVSI_MAX_OUTGOING_DATA] __ALIGNED__;
1195 unsigned int i = 0, n = 0;
1196 int ret, donecr = 0;
1197
1198 mb();
1199 if (!is_open(hp))
1200 return;
1201
1202 /*
1203 * ugh, we have to translate LF -> CRLF ourselves, in place.
1204 * copied from hvc_console.c:
1205 */
1206 while (count > 0 || i > 0) {
1207 if (count > 0 && i < sizeof(c)) {
1208 if (buf[n] == '\n' && !donecr) {
1209 c[i++] = '\r';
1210 donecr = 1;
1211 } else {
1212 c[i++] = buf[n++];
1213 donecr = 0;
1214 --count;
1215 }
1216 } else {
1217 ret = hvsi_put_chars(hp, c, i);
1218 if (ret < 0)
1219 i = 0;
1220 i -= ret;
1221 }
1222 }
1223}
1224
1225static struct tty_driver *hvsi_console_device(struct console *console,
1226 int *index)
1227{
1228 *index = console->index;
1229 return hvsi_driver;
1230}
1231
1232static int __init hvsi_console_setup(struct console *console, char *options)
1233{
1234 struct hvsi_struct *hp = &hvsi_ports[console->index];
1235 int ret;
1236
1237 if (console->index < 0 || console->index >= hvsi_count)
1238 return -1;
1239
1240 /* give the FSP a chance to change the baud rate when we re-open */
1241 hvsi_close_protocol(hp);
1242
1243 ret = hvsi_handshake(hp);
1244 if (ret < 0)
1245 return ret;
1246
1247 ret = hvsi_get_mctrl(hp);
1248 if (ret < 0)
1249 return ret;
1250
1251 ret = hvsi_set_mctrl(hp, hp->mctrl | TIOCM_DTR);
1252 if (ret < 0)
1253 return ret;
1254
1255 hp->flags |= HVSI_CONSOLE;
1256
1257 return 0;
1258}
1259
1260static struct console hvsi_con_driver = {
1261 .name = "hvsi",
1262 .write = hvsi_console_print,
1263 .device = hvsi_console_device,
1264 .setup = hvsi_console_setup,
1265 .flags = CON_PRINTBUFFER,
1266 .index = -1,
1267};
1268
1269static int __init hvsi_console_init(void)
1270{
1271 struct device_node *vty;
1272
1273 hvsi_wait = poll_for_state; /* no irqs yet; must poll */
1274
1275 /* search device tree for vty nodes */
1276 for (vty = of_find_compatible_node(NULL, "serial", "hvterm-protocol");
1277 vty != NULL;
1278 vty = of_find_compatible_node(vty, "serial", "hvterm-protocol")) {
1279 struct hvsi_struct *hp;
1280 uint32_t *vtermno;
1281 uint32_t *irq;
1282
1283 vtermno = (uint32_t *)get_property(vty, "reg", NULL);
1284 irq = (uint32_t *)get_property(vty, "interrupts", NULL);
1285 if (!vtermno || !irq)
1286 continue;
1287
1288 if (hvsi_count >= MAX_NR_HVSI_CONSOLES) {
1289 of_node_put(vty);
1290 break;
1291 }
1292
1293 hp = &hvsi_ports[hvsi_count];
1294 INIT_WORK(&hp->writer, hvsi_write_worker, hp);
1295 INIT_WORK(&hp->handshaker, hvsi_handshaker, hp);
1296 init_waitqueue_head(&hp->emptyq);
1297 init_waitqueue_head(&hp->stateq);
1298 spin_lock_init(&hp->lock);
1299 hp->index = hvsi_count;
1300 hp->inbuf_end = hp->inbuf;
1301 hp->state = HVSI_CLOSED;
1302 hp->vtermno = *vtermno;
6e99e458 1303 hp->virq = irq_create_mapping(NULL, irq[0]);
1da177e4
LT		 1304 if (hp->virq == NO_IRQ) {
1305 printk(KERN_ERR "%s: couldn't create irq mapping for 0x%x\n",
0ebfff14 1306 __FUNCTION__, irq[0]);
1da177e4 1307 continue;
0ebfff14 1308 }
1da177e4
LT		 1309
1310 hvsi_count++;
1311 }
1312
1313 if (hvsi_count)
1314 register_console(&hvsi_con_driver);
1315 return 0;
1316}
1317console_initcall(hvsi_console_init);
kernel source for telekom puls (alcatel/mediatek)