1 /*
2  * Copyright (c) 2010 QLogic Corporation. All rights reserved.
3  * Copyright (c) 2006, 2007, 2008, 2009 QLogic Corporation. All rights reserved.
4  * Copyright (c) 2003, 2004, 2005, 2006 PathScale, Inc. All rights reserved.
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *      - Redistributions of source code must retain the above
17  *        copyright notice, this list of conditions and the following
18  *        disclaimer.
19  *
20  *      - Redistributions in binary form must reproduce the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer in the documentation and/or other materials
23  *        provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  */
34 
35 /*
36  * This file contains support for diagnostic functions.  It is accessed by
37  * opening the qib_diag device, normally minor number 129.  Diagnostic use
38  * of the QLogic_IB chip may render the chip or board unusable until the
39  * driver is unloaded, or in some cases, until the system is rebooted.
40  *
41  * Accesses to the chip through this interface are not similar to going
42  * through the /sys/bus/pci resource mmap interface.
43  */
44 
45 #include <linux/io.h>
46 #include <linux/pci.h>
47 #include <linux/poll.h>
48 #include <linux/vmalloc.h>
49 #include <linux/fs.h>
50 #include <linux/uaccess.h>
51 
52 #include "qib.h"
53 #include "qib_common.h"
54 
55 /*
56  * Each client that opens the diag device must read then write
57  * offset 0, to prevent lossage from random cat or od. diag_state
58  * sequences this "handshake".
59  */
60 enum diag_state { UNUSED = 0, OPENED, INIT, READY };
61 
62 /* State for an individual client. PID so children cannot abuse handshake */
63 static struct qib_diag_client {
64 	struct qib_diag_client *next;
65 	struct qib_devdata *dd;
66 	pid_t pid;
67 	enum diag_state state;
68 } *client_pool;
69 
70 /*
71  * Get a client struct. Recycled if possible, else kmalloc.
72  * Must be called with qib_mutex held
73  */
get_client(struct qib_devdata * dd)74 static struct qib_diag_client *get_client(struct qib_devdata *dd)
75 {
76 	struct qib_diag_client *dc;
77 
78 	dc = client_pool;
79 	if (dc)
80 		/* got from pool remove it and use */
81 		client_pool = dc->next;
82 	else
83 		/* None in pool, alloc and init */
84 		dc = kmalloc(sizeof *dc, GFP_KERNEL);
85 
86 	if (dc) {
87 		dc->next = NULL;
88 		dc->dd = dd;
89 		dc->pid = current->pid;
90 		dc->state = OPENED;
91 	}
92 	return dc;
93 }
94 
95 /*
96  * Return to pool. Must be called with qib_mutex held
97  */
return_client(struct qib_diag_client * dc)98 static void return_client(struct qib_diag_client *dc)
99 {
100 	struct qib_devdata *dd = dc->dd;
101 	struct qib_diag_client *tdc, *rdc;
102 
103 	rdc = NULL;
104 	if (dc == dd->diag_client) {
105 		dd->diag_client = dc->next;
106 		rdc = dc;
107 	} else {
108 		tdc = dc->dd->diag_client;
109 		while (tdc) {
110 			if (dc == tdc->next) {
111 				tdc->next = dc->next;
112 				rdc = dc;
113 				break;
114 			}
115 			tdc = tdc->next;
116 		}
117 	}
118 	if (rdc) {
119 		rdc->state = UNUSED;
120 		rdc->dd = NULL;
121 		rdc->pid = 0;
122 		rdc->next = client_pool;
123 		client_pool = rdc;
124 	}
125 }
126 
127 static int qib_diag_open(struct inode *in, struct file *fp);
128 static int qib_diag_release(struct inode *in, struct file *fp);
129 static ssize_t qib_diag_read(struct file *fp, char __user *data,
130 			     size_t count, loff_t *off);
131 static ssize_t qib_diag_write(struct file *fp, const char __user *data,
132 			      size_t count, loff_t *off);
133 
134 static const struct file_operations diag_file_ops = {
135 	.owner = THIS_MODULE,
136 	.write = qib_diag_write,
137 	.read = qib_diag_read,
138 	.open = qib_diag_open,
139 	.release = qib_diag_release,
140 	.llseek = default_llseek,
141 };
142 
143 static atomic_t diagpkt_count = ATOMIC_INIT(0);
144 static struct cdev *diagpkt_cdev;
145 static struct device *diagpkt_device;
146 
147 static ssize_t qib_diagpkt_write(struct file *fp, const char __user *data,
148 				 size_t count, loff_t *off);
149 
150 static const struct file_operations diagpkt_file_ops = {
151 	.owner = THIS_MODULE,
152 	.write = qib_diagpkt_write,
153 	.llseek = noop_llseek,
154 };
155 
qib_diag_add(struct qib_devdata * dd)156 int qib_diag_add(struct qib_devdata *dd)
157 {
158 	char name[16];
159 	int ret = 0;
160 
161 	if (atomic_inc_return(&diagpkt_count) == 1) {
162 		ret = qib_cdev_init(QIB_DIAGPKT_MINOR, "ipath_diagpkt",
163 				    &diagpkt_file_ops, &diagpkt_cdev,
164 				    &diagpkt_device);
165 		if (ret)
166 			goto done;
167 	}
168 
169 	snprintf(name, sizeof(name), "ipath_diag%d", dd->unit);
170 	ret = qib_cdev_init(QIB_DIAG_MINOR_BASE + dd->unit, name,
171 			    &diag_file_ops, &dd->diag_cdev,
172 			    &dd->diag_device);
173 done:
174 	return ret;
175 }
176 
177 static void qib_unregister_observers(struct qib_devdata *dd);
178 
qib_diag_remove(struct qib_devdata * dd)179 void qib_diag_remove(struct qib_devdata *dd)
180 {
181 	struct qib_diag_client *dc;
182 
183 	if (atomic_dec_and_test(&diagpkt_count))
184 		qib_cdev_cleanup(&diagpkt_cdev, &diagpkt_device);
185 
186 	qib_cdev_cleanup(&dd->diag_cdev, &dd->diag_device);
187 
188 	/*
189 	 * Return all diag_clients of this device. There should be none,
190 	 * as we are "guaranteed" that no clients are still open
191 	 */
192 	while (dd->diag_client)
193 		return_client(dd->diag_client);
194 
195 	/* Now clean up all unused client structs */
196 	while (client_pool) {
197 		dc = client_pool;
198 		client_pool = dc->next;
199 		kfree(dc);
200 	}
201 	/* Clean up observer list */
202 	qib_unregister_observers(dd);
203 }
204 
205 /* qib_remap_ioaddr32 - remap an offset into chip address space to __iomem *
206  *
207  * @dd: the qlogic_ib device
208  * @offs: the offset in chip-space
209  * @cntp: Pointer to max (byte) count for transfer starting at offset
210  * This returns a u32 __iomem * so it can be used for both 64 and 32-bit
211  * mapping. It is needed because with the use of PAT for control of
212  * write-combining, the logically contiguous address-space of the chip
213  * may be split into virtually non-contiguous spaces, with different
214  * attributes, which are them mapped to contiguous physical space
215  * based from the first BAR.
216  *
217  * The code below makes the same assumptions as were made in
218  * init_chip_wc_pat() (qib_init.c), copied here:
219  * Assumes chip address space looks like:
220  *		- kregs + sregs + cregs + uregs (in any order)
221  *		- piobufs (2K and 4K bufs in either order)
222  *	or:
223  *		- kregs + sregs + cregs (in any order)
224  *		- piobufs (2K and 4K bufs in either order)
225  *		- uregs
226  *
227  * If cntp is non-NULL, returns how many bytes from offset can be accessed
228  * Returns 0 if the offset is not mapped.
229  */
qib_remap_ioaddr32(struct qib_devdata * dd,u32 offset,u32 * cntp)230 static u32 __iomem *qib_remap_ioaddr32(struct qib_devdata *dd, u32 offset,
231 				       u32 *cntp)
232 {
233 	u32 kreglen;
234 	u32 snd_bottom, snd_lim = 0;
235 	u32 __iomem *krb32 = (u32 __iomem *)dd->kregbase;
236 	u32 __iomem *map = NULL;
237 	u32 cnt = 0;
238 	u32 tot4k, offs4k;
239 
240 	/* First, simplest case, offset is within the first map. */
241 	kreglen = (dd->kregend - dd->kregbase) * sizeof(u64);
242 	if (offset < kreglen) {
243 		map = krb32 + (offset / sizeof(u32));
244 		cnt = kreglen - offset;
245 		goto mapped;
246 	}
247 
248 	/*
249 	 * Next check for user regs, the next most common case,
250 	 * and a cheap check because if they are not in the first map
251 	 * they are last in chip.
252 	 */
253 	if (dd->userbase) {
254 		/* If user regs mapped, they are after send, so set limit. */
255 		u32 ulim = (dd->cfgctxts * dd->ureg_align) + dd->uregbase;
256 		if (!dd->piovl15base)
257 			snd_lim = dd->uregbase;
258 		krb32 = (u32 __iomem *)dd->userbase;
259 		if (offset >= dd->uregbase && offset < ulim) {
260 			map = krb32 + (offset - dd->uregbase) / sizeof(u32);
261 			cnt = ulim - offset;
262 			goto mapped;
263 		}
264 	}
265 
266 	/*
267 	 * Lastly, check for offset within Send Buffers.
268 	 * This is gnarly because struct devdata is deliberately vague
269 	 * about things like 7322 VL15 buffers, and we are not in
270 	 * chip-specific code here, so should not make many assumptions.
271 	 * The one we _do_ make is that the only chip that has more sndbufs
272 	 * than we admit is the 7322, and it has userregs above that, so
273 	 * we know the snd_lim.
274 	 */
275 	/* Assume 2K buffers are first. */
276 	snd_bottom = dd->pio2k_bufbase;
277 	if (snd_lim == 0) {
278 		u32 tot2k = dd->piobcnt2k * ALIGN(dd->piosize2k, dd->palign);
279 		snd_lim = snd_bottom + tot2k;
280 	}
281 	/* If 4k buffers exist, account for them by bumping
282 	 * appropriate limit.
283 	 */
284 	tot4k = dd->piobcnt4k * dd->align4k;
285 	offs4k = dd->piobufbase >> 32;
286 	if (dd->piobcnt4k) {
287 		if (snd_bottom > offs4k)
288 			snd_bottom = offs4k;
289 		else {
290 			/* 4k above 2k. Bump snd_lim, if needed*/
291 			if (!dd->userbase || dd->piovl15base)
292 				snd_lim = offs4k + tot4k;
293 		}
294 	}
295 	/*
296 	 * Judgement call: can we ignore the space between SendBuffs and
297 	 * UserRegs, where we would like to see vl15 buffs, but not more?
298 	 */
299 	if (offset >= snd_bottom && offset < snd_lim) {
300 		offset -= snd_bottom;
301 		map = (u32 __iomem *)dd->piobase + (offset / sizeof(u32));
302 		cnt = snd_lim - offset;
303 	}
304 
305 	if (!map && offs4k && dd->piovl15base) {
306 		snd_lim = offs4k + tot4k + 2 * dd->align4k;
307 		if (offset >= (offs4k + tot4k) && offset < snd_lim) {
308 			map = (u32 __iomem *)dd->piovl15base +
309 				((offset - (offs4k + tot4k)) / sizeof(u32));
310 			cnt = snd_lim - offset;
311 		}
312 	}
313 
314 mapped:
315 	if (cntp)
316 		*cntp = cnt;
317 	return map;
318 }
319 
320 /*
321  * qib_read_umem64 - read a 64-bit quantity from the chip into user space
322  * @dd: the qlogic_ib device
323  * @uaddr: the location to store the data in user memory
324  * @regoffs: the offset from BAR0 (_NOT_ full pointer, anymore)
325  * @count: number of bytes to copy (multiple of 32 bits)
326  *
327  * This function also localizes all chip memory accesses.
328  * The copy should be written such that we read full cacheline packets
329  * from the chip.  This is usually used for a single qword
330  *
331  * NOTE:  This assumes the chip address is 64-bit aligned.
332  */
qib_read_umem64(struct qib_devdata * dd,void __user * uaddr,u32 regoffs,size_t count)333 static int qib_read_umem64(struct qib_devdata *dd, void __user *uaddr,
334 			   u32 regoffs, size_t count)
335 {
336 	const u64 __iomem *reg_addr;
337 	const u64 __iomem *reg_end;
338 	u32 limit;
339 	int ret;
340 
341 	reg_addr = (const u64 __iomem *)qib_remap_ioaddr32(dd, regoffs, &limit);
342 	if (reg_addr == NULL || limit == 0 || !(dd->flags & QIB_PRESENT)) {
343 		ret = -EINVAL;
344 		goto bail;
345 	}
346 	if (count >= limit)
347 		count = limit;
348 	reg_end = reg_addr + (count / sizeof(u64));
349 
350 	/* not very efficient, but it works for now */
351 	while (reg_addr < reg_end) {
352 		u64 data = readq(reg_addr);
353 
354 		if (copy_to_user(uaddr, &data, sizeof(u64))) {
355 			ret = -EFAULT;
356 			goto bail;
357 		}
358 		reg_addr++;
359 		uaddr += sizeof(u64);
360 	}
361 	ret = 0;
362 bail:
363 	return ret;
364 }
365 
366 /*
367  * qib_write_umem64 - write a 64-bit quantity to the chip from user space
368  * @dd: the qlogic_ib device
369  * @regoffs: the offset from BAR0 (_NOT_ full pointer, anymore)
370  * @uaddr: the source of the data in user memory
371  * @count: the number of bytes to copy (multiple of 32 bits)
372  *
373  * This is usually used for a single qword
374  * NOTE:  This assumes the chip address is 64-bit aligned.
375  */
376 
qib_write_umem64(struct qib_devdata * dd,u32 regoffs,const void __user * uaddr,size_t count)377 static int qib_write_umem64(struct qib_devdata *dd, u32 regoffs,
378 			    const void __user *uaddr, size_t count)
379 {
380 	u64 __iomem *reg_addr;
381 	const u64 __iomem *reg_end;
382 	u32 limit;
383 	int ret;
384 
385 	reg_addr = (u64 __iomem *)qib_remap_ioaddr32(dd, regoffs, &limit);
386 	if (reg_addr == NULL || limit == 0 || !(dd->flags & QIB_PRESENT)) {
387 		ret = -EINVAL;
388 		goto bail;
389 	}
390 	if (count >= limit)
391 		count = limit;
392 	reg_end = reg_addr + (count / sizeof(u64));
393 
394 	/* not very efficient, but it works for now */
395 	while (reg_addr < reg_end) {
396 		u64 data;
397 		if (copy_from_user(&data, uaddr, sizeof(data))) {
398 			ret = -EFAULT;
399 			goto bail;
400 		}
401 		writeq(data, reg_addr);
402 
403 		reg_addr++;
404 		uaddr += sizeof(u64);
405 	}
406 	ret = 0;
407 bail:
408 	return ret;
409 }
410 
411 /*
412  * qib_read_umem32 - read a 32-bit quantity from the chip into user space
413  * @dd: the qlogic_ib device
414  * @uaddr: the location to store the data in user memory
415  * @regoffs: the offset from BAR0 (_NOT_ full pointer, anymore)
416  * @count: number of bytes to copy
417  *
418  * read 32 bit values, not 64 bit; for memories that only
419  * support 32 bit reads; usually a single dword.
420  */
qib_read_umem32(struct qib_devdata * dd,void __user * uaddr,u32 regoffs,size_t count)421 static int qib_read_umem32(struct qib_devdata *dd, void __user *uaddr,
422 			   u32 regoffs, size_t count)
423 {
424 	const u32 __iomem *reg_addr;
425 	const u32 __iomem *reg_end;
426 	u32 limit;
427 	int ret;
428 
429 	reg_addr = qib_remap_ioaddr32(dd, regoffs, &limit);
430 	if (reg_addr == NULL || limit == 0 || !(dd->flags & QIB_PRESENT)) {
431 		ret = -EINVAL;
432 		goto bail;
433 	}
434 	if (count >= limit)
435 		count = limit;
436 	reg_end = reg_addr + (count / sizeof(u32));
437 
438 	/* not very efficient, but it works for now */
439 	while (reg_addr < reg_end) {
440 		u32 data = readl(reg_addr);
441 
442 		if (copy_to_user(uaddr, &data, sizeof(data))) {
443 			ret = -EFAULT;
444 			goto bail;
445 		}
446 
447 		reg_addr++;
448 		uaddr += sizeof(u32);
449 
450 	}
451 	ret = 0;
452 bail:
453 	return ret;
454 }
455 
456 /*
457  * qib_write_umem32 - write a 32-bit quantity to the chip from user space
458  * @dd: the qlogic_ib device
459  * @regoffs: the offset from BAR0 (_NOT_ full pointer, anymore)
460  * @uaddr: the source of the data in user memory
461  * @count: number of bytes to copy
462  *
463  * write 32 bit values, not 64 bit; for memories that only
464  * support 32 bit write; usually a single dword.
465  */
466 
qib_write_umem32(struct qib_devdata * dd,u32 regoffs,const void __user * uaddr,size_t count)467 static int qib_write_umem32(struct qib_devdata *dd, u32 regoffs,
468 			    const void __user *uaddr, size_t count)
469 {
470 	u32 __iomem *reg_addr;
471 	const u32 __iomem *reg_end;
472 	u32 limit;
473 	int ret;
474 
475 	reg_addr = qib_remap_ioaddr32(dd, regoffs, &limit);
476 	if (reg_addr == NULL || limit == 0 || !(dd->flags & QIB_PRESENT)) {
477 		ret = -EINVAL;
478 		goto bail;
479 	}
480 	if (count >= limit)
481 		count = limit;
482 	reg_end = reg_addr + (count / sizeof(u32));
483 
484 	while (reg_addr < reg_end) {
485 		u32 data;
486 
487 		if (copy_from_user(&data, uaddr, sizeof(data))) {
488 			ret = -EFAULT;
489 			goto bail;
490 		}
491 		writel(data, reg_addr);
492 
493 		reg_addr++;
494 		uaddr += sizeof(u32);
495 	}
496 	ret = 0;
497 bail:
498 	return ret;
499 }
500 
qib_diag_open(struct inode * in,struct file * fp)501 static int qib_diag_open(struct inode *in, struct file *fp)
502 {
503 	int unit = iminor(in) - QIB_DIAG_MINOR_BASE;
504 	struct qib_devdata *dd;
505 	struct qib_diag_client *dc;
506 	int ret;
507 
508 	mutex_lock(&qib_mutex);
509 
510 	dd = qib_lookup(unit);
511 
512 	if (dd == NULL || !(dd->flags & QIB_PRESENT) ||
513 	    !dd->kregbase) {
514 		ret = -ENODEV;
515 		goto bail;
516 	}
517 
518 	dc = get_client(dd);
519 	if (!dc) {
520 		ret = -ENOMEM;
521 		goto bail;
522 	}
523 	dc->next = dd->diag_client;
524 	dd->diag_client = dc;
525 	fp->private_data = dc;
526 	ret = 0;
527 bail:
528 	mutex_unlock(&qib_mutex);
529 
530 	return ret;
531 }
532 
533 /**
534  * qib_diagpkt_write - write an IB packet
535  * @fp: the diag data device file pointer
536  * @data: qib_diag_pkt structure saying where to get the packet
537  * @count: size of data to write
538  * @off: unused by this code
539  */
qib_diagpkt_write(struct file * fp,const char __user * data,size_t count,loff_t * off)540 static ssize_t qib_diagpkt_write(struct file *fp,
541 				 const char __user *data,
542 				 size_t count, loff_t *off)
543 {
544 	u32 __iomem *piobuf;
545 	u32 plen, clen, pbufn;
546 	struct qib_diag_xpkt dp;
547 	u32 *tmpbuf = NULL;
548 	struct qib_devdata *dd;
549 	struct qib_pportdata *ppd;
550 	ssize_t ret = 0;
551 
552 	if (count != sizeof(dp)) {
553 		ret = -EINVAL;
554 		goto bail;
555 	}
556 	if (copy_from_user(&dp, data, sizeof(dp))) {
557 		ret = -EFAULT;
558 		goto bail;
559 	}
560 
561 	dd = qib_lookup(dp.unit);
562 	if (!dd || !(dd->flags & QIB_PRESENT) || !dd->kregbase) {
563 		ret = -ENODEV;
564 		goto bail;
565 	}
566 	if (!(dd->flags & QIB_INITTED)) {
567 		/* no hardware, freeze, etc. */
568 		ret = -ENODEV;
569 		goto bail;
570 	}
571 
572 	if (dp.version != _DIAG_XPKT_VERS) {
573 		qib_dev_err(dd, "Invalid version %u for diagpkt_write\n",
574 			    dp.version);
575 		ret = -EINVAL;
576 		goto bail;
577 	}
578 	/* send count must be an exact number of dwords */
579 	if (dp.len & 3) {
580 		ret = -EINVAL;
581 		goto bail;
582 	}
583 	if (!dp.port || dp.port > dd->num_pports) {
584 		ret = -EINVAL;
585 		goto bail;
586 	}
587 	ppd = &dd->pport[dp.port - 1];
588 
589 	/* need total length before first word written */
590 	/* +1 word is for the qword padding */
591 	plen = sizeof(u32) + dp.len;
592 	clen = dp.len >> 2;
593 
594 	if ((plen + 4) > ppd->ibmaxlen) {
595 		ret = -EINVAL;
596 		goto bail;      /* before writing pbc */
597 	}
598 	tmpbuf = vmalloc(plen);
599 	if (!tmpbuf) {
600 		qib_devinfo(dd->pcidev, "Unable to allocate tmp buffer, "
601 			 "failing\n");
602 		ret = -ENOMEM;
603 		goto bail;
604 	}
605 
606 	if (copy_from_user(tmpbuf,
607 			   (const void __user *) (unsigned long) dp.data,
608 			   dp.len)) {
609 		ret = -EFAULT;
610 		goto bail;
611 	}
612 
613 	plen >>= 2;             /* in dwords */
614 
615 	if (dp.pbc_wd == 0)
616 		dp.pbc_wd = plen;
617 
618 	piobuf = dd->f_getsendbuf(ppd, dp.pbc_wd, &pbufn);
619 	if (!piobuf) {
620 		ret = -EBUSY;
621 		goto bail;
622 	}
623 	/* disarm it just to be extra sure */
624 	dd->f_sendctrl(dd->pport, QIB_SENDCTRL_DISARM_BUF(pbufn));
625 
626 	/* disable header check on pbufn for this packet */
627 	dd->f_txchk_change(dd, pbufn, 1, TXCHK_CHG_TYPE_DIS1, NULL);
628 
629 	writeq(dp.pbc_wd, piobuf);
630 	/*
631 	 * Copy all but the trigger word, then flush, so it's written
632 	 * to chip before trigger word, then write trigger word, then
633 	 * flush again, so packet is sent.
634 	 */
635 	if (dd->flags & QIB_PIO_FLUSH_WC) {
636 		qib_flush_wc();
637 		qib_pio_copy(piobuf + 2, tmpbuf, clen - 1);
638 		qib_flush_wc();
639 		__raw_writel(tmpbuf[clen - 1], piobuf + clen + 1);
640 	} else
641 		qib_pio_copy(piobuf + 2, tmpbuf, clen);
642 
643 	if (dd->flags & QIB_USE_SPCL_TRIG) {
644 		u32 spcl_off = (pbufn >= dd->piobcnt2k) ? 2047 : 1023;
645 
646 		qib_flush_wc();
647 		__raw_writel(0xaebecede, piobuf + spcl_off);
648 	}
649 
650 	/*
651 	 * Ensure buffer is written to the chip, then re-enable
652 	 * header checks (if supported by chip).  The txchk
653 	 * code will ensure seen by chip before returning.
654 	 */
655 	qib_flush_wc();
656 	qib_sendbuf_done(dd, pbufn);
657 	dd->f_txchk_change(dd, pbufn, 1, TXCHK_CHG_TYPE_ENAB1, NULL);
658 
659 	ret = sizeof(dp);
660 
661 bail:
662 	vfree(tmpbuf);
663 	return ret;
664 }
665 
qib_diag_release(struct inode * in,struct file * fp)666 static int qib_diag_release(struct inode *in, struct file *fp)
667 {
668 	mutex_lock(&qib_mutex);
669 	return_client(fp->private_data);
670 	fp->private_data = NULL;
671 	mutex_unlock(&qib_mutex);
672 	return 0;
673 }
674 
675 /*
676  * Chip-specific code calls to register its interest in
677  * a specific range.
678  */
679 struct diag_observer_list_elt {
680 	struct diag_observer_list_elt *next;
681 	const struct diag_observer *op;
682 };
683 
qib_register_observer(struct qib_devdata * dd,const struct diag_observer * op)684 int qib_register_observer(struct qib_devdata *dd,
685 			  const struct diag_observer *op)
686 {
687 	struct diag_observer_list_elt *olp;
688 	int ret = -EINVAL;
689 
690 	if (!dd || !op)
691 		goto bail;
692 	ret = -ENOMEM;
693 	olp = vmalloc(sizeof *olp);
694 	if (!olp) {
695 		printk(KERN_ERR QIB_DRV_NAME ": vmalloc for observer failed\n");
696 		goto bail;
697 	}
698 	if (olp) {
699 		unsigned long flags;
700 
701 		spin_lock_irqsave(&dd->qib_diag_trans_lock, flags);
702 		olp->op = op;
703 		olp->next = dd->diag_observer_list;
704 		dd->diag_observer_list = olp;
705 		spin_unlock_irqrestore(&dd->qib_diag_trans_lock, flags);
706 		ret = 0;
707 	}
708 bail:
709 	return ret;
710 }
711 
712 /* Remove all registered observers when device is closed */
qib_unregister_observers(struct qib_devdata * dd)713 static void qib_unregister_observers(struct qib_devdata *dd)
714 {
715 	struct diag_observer_list_elt *olp;
716 	unsigned long flags;
717 
718 	spin_lock_irqsave(&dd->qib_diag_trans_lock, flags);
719 	olp = dd->diag_observer_list;
720 	while (olp) {
721 		/* Pop one observer, let go of lock */
722 		dd->diag_observer_list = olp->next;
723 		spin_unlock_irqrestore(&dd->qib_diag_trans_lock, flags);
724 		vfree(olp);
725 		/* try again. */
726 		spin_lock_irqsave(&dd->qib_diag_trans_lock, flags);
727 		olp = dd->diag_observer_list;
728 	}
729 	spin_unlock_irqrestore(&dd->qib_diag_trans_lock, flags);
730 }
731 
732 /*
733  * Find the observer, if any, for the specified address. Initial implementation
734  * is simple stack of observers. This must be called with diag transaction
735  * lock held.
736  */
diag_get_observer(struct qib_devdata * dd,u32 addr)737 static const struct diag_observer *diag_get_observer(struct qib_devdata *dd,
738 						     u32 addr)
739 {
740 	struct diag_observer_list_elt *olp;
741 	const struct diag_observer *op = NULL;
742 
743 	olp = dd->diag_observer_list;
744 	while (olp) {
745 		op = olp->op;
746 		if (addr >= op->bottom && addr <= op->top)
747 			break;
748 		olp = olp->next;
749 	}
750 	if (!olp)
751 		op = NULL;
752 
753 	return op;
754 }
755 
qib_diag_read(struct file * fp,char __user * data,size_t count,loff_t * off)756 static ssize_t qib_diag_read(struct file *fp, char __user *data,
757 			     size_t count, loff_t *off)
758 {
759 	struct qib_diag_client *dc = fp->private_data;
760 	struct qib_devdata *dd = dc->dd;
761 	void __iomem *kreg_base;
762 	ssize_t ret;
763 
764 	if (dc->pid != current->pid) {
765 		ret = -EPERM;
766 		goto bail;
767 	}
768 
769 	kreg_base = dd->kregbase;
770 
771 	if (count == 0)
772 		ret = 0;
773 	else if ((count % 4) || (*off % 4))
774 		/* address or length is not 32-bit aligned, hence invalid */
775 		ret = -EINVAL;
776 	else if (dc->state < READY && (*off || count != 8))
777 		ret = -EINVAL;  /* prevent cat /dev/qib_diag* */
778 	else {
779 		unsigned long flags;
780 		u64 data64 = 0;
781 		int use_32;
782 		const struct diag_observer *op;
783 
784 		use_32 = (count % 8) || (*off % 8);
785 		ret = -1;
786 		spin_lock_irqsave(&dd->qib_diag_trans_lock, flags);
787 		/*
788 		 * Check for observer on this address range.
789 		 * we only support a single 32 or 64-bit read
790 		 * via observer, currently.
791 		 */
792 		op = diag_get_observer(dd, *off);
793 		if (op) {
794 			u32 offset = *off;
795 			ret = op->hook(dd, op, offset, &data64, 0, use_32);
796 		}
797 		/*
798 		 * We need to release lock before any copy_to_user(),
799 		 * whether implicit in qib_read_umem* or explicit below.
800 		 */
801 		spin_unlock_irqrestore(&dd->qib_diag_trans_lock, flags);
802 		if (!op) {
803 			if (use_32)
804 				/*
805 				 * Address or length is not 64-bit aligned;
806 				 * do 32-bit rd
807 				 */
808 				ret = qib_read_umem32(dd, data, (u32) *off,
809 						      count);
810 			else
811 				ret = qib_read_umem64(dd, data, (u32) *off,
812 						      count);
813 		} else if (ret == count) {
814 			/* Below finishes case where observer existed */
815 			ret = copy_to_user(data, &data64, use_32 ?
816 					   sizeof(u32) : sizeof(u64));
817 			if (ret)
818 				ret = -EFAULT;
819 		}
820 	}
821 
822 	if (ret >= 0) {
823 		*off += count;
824 		ret = count;
825 		if (dc->state == OPENED)
826 			dc->state = INIT;
827 	}
828 bail:
829 	return ret;
830 }
831 
qib_diag_write(struct file * fp,const char __user * data,size_t count,loff_t * off)832 static ssize_t qib_diag_write(struct file *fp, const char __user *data,
833 			      size_t count, loff_t *off)
834 {
835 	struct qib_diag_client *dc = fp->private_data;
836 	struct qib_devdata *dd = dc->dd;
837 	void __iomem *kreg_base;
838 	ssize_t ret;
839 
840 	if (dc->pid != current->pid) {
841 		ret = -EPERM;
842 		goto bail;
843 	}
844 
845 	kreg_base = dd->kregbase;
846 
847 	if (count == 0)
848 		ret = 0;
849 	else if ((count % 4) || (*off % 4))
850 		/* address or length is not 32-bit aligned, hence invalid */
851 		ret = -EINVAL;
852 	else if (dc->state < READY &&
853 		((*off || count != 8) || dc->state != INIT))
854 		/* No writes except second-step of init seq */
855 		ret = -EINVAL;  /* before any other write allowed */
856 	else {
857 		unsigned long flags;
858 		const struct diag_observer *op = NULL;
859 		int use_32 =  (count % 8) || (*off % 8);
860 
861 		/*
862 		 * Check for observer on this address range.
863 		 * We only support a single 32 or 64-bit write
864 		 * via observer, currently. This helps, because
865 		 * we would otherwise have to jump through hoops
866 		 * to make "diag transaction" meaningful when we
867 		 * cannot do a copy_from_user while holding the lock.
868 		 */
869 		if (count == 4 || count == 8) {
870 			u64 data64;
871 			u32 offset = *off;
872 			ret = copy_from_user(&data64, data, count);
873 			if (ret) {
874 				ret = -EFAULT;
875 				goto bail;
876 			}
877 			spin_lock_irqsave(&dd->qib_diag_trans_lock, flags);
878 			op = diag_get_observer(dd, *off);
879 			if (op)
880 				ret = op->hook(dd, op, offset, &data64, ~0Ull,
881 					       use_32);
882 			spin_unlock_irqrestore(&dd->qib_diag_trans_lock, flags);
883 		}
884 
885 		if (!op) {
886 			if (use_32)
887 				/*
888 				 * Address or length is not 64-bit aligned;
889 				 * do 32-bit write
890 				 */
891 				ret = qib_write_umem32(dd, (u32) *off, data,
892 						       count);
893 			else
894 				ret = qib_write_umem64(dd, (u32) *off, data,
895 						       count);
896 		}
897 	}
898 
899 	if (ret >= 0) {
900 		*off += count;
901 		ret = count;
902 		if (dc->state == INIT)
903 			dc->state = READY; /* all read/write OK now */
904 	}
905 bail:
906 	return ret;
907 }
908