1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Device driver for the Apple Desktop Bus
4  * and the /dev/adb device on macintoshes.
5  *
6  * Copyright (C) 1996 Paul Mackerras.
7  *
8  * Modified to declare controllers as structures, added
9  * client notification of bus reset and handles PowerBook
10  * sleep, by Benjamin Herrenschmidt.
11  *
12  * To do:
13  *
14  * - /sys/bus/adb to list the devices and infos
15  * - more /dev/adb to allow userland to receive the
16  *   flow of auto-polling datas from a given device.
17  * - move bus probe to a kernel thread
18  */
19 
20 #include <linux/types.h>
21 #include <linux/errno.h>
22 #include <linux/kernel.h>
23 #include <linux/slab.h>
24 #include <linux/module.h>
25 #include <linux/fs.h>
26 #include <linux/mm.h>
27 #include <linux/sched/signal.h>
28 #include <linux/adb.h>
29 #include <linux/cuda.h>
30 #include <linux/pmu.h>
31 #include <linux/notifier.h>
32 #include <linux/wait.h>
33 #include <linux/init.h>
34 #include <linux/delay.h>
35 #include <linux/spinlock.h>
36 #include <linux/completion.h>
37 #include <linux/device.h>
38 #include <linux/kthread.h>
39 #include <linux/platform_device.h>
40 #include <linux/mutex.h>
41 
42 #include <linux/uaccess.h>
43 #ifdef CONFIG_PPC
44 #include <asm/prom.h>
45 #include <asm/machdep.h>
46 #endif
47 
48 
49 EXPORT_SYMBOL(adb_client_list);
50 
51 extern struct adb_driver via_macii_driver;
52 extern struct adb_driver via_cuda_driver;
53 extern struct adb_driver adb_iop_driver;
54 extern struct adb_driver via_pmu_driver;
55 extern struct adb_driver macio_adb_driver;
56 
57 static DEFINE_MUTEX(adb_mutex);
58 static struct adb_driver *adb_driver_list[] = {
59 #ifdef CONFIG_ADB_MACII
60 	&via_macii_driver,
61 #endif
62 #ifdef CONFIG_ADB_CUDA
63 	&via_cuda_driver,
64 #endif
65 #ifdef CONFIG_ADB_IOP
66 	&adb_iop_driver,
67 #endif
68 #ifdef CONFIG_ADB_PMU
69 	&via_pmu_driver,
70 #endif
71 #ifdef CONFIG_ADB_MACIO
72 	&macio_adb_driver,
73 #endif
74 	NULL
75 };
76 
77 static struct class *adb_dev_class;
78 
79 static struct adb_driver *adb_controller;
80 BLOCKING_NOTIFIER_HEAD(adb_client_list);
81 static int adb_got_sleep;
82 static int adb_inited;
83 static DEFINE_SEMAPHORE(adb_probe_mutex);
84 static int sleepy_trackpad;
85 static int autopoll_devs;
86 int __adb_probe_sync;
87 
88 static int adb_scan_bus(void);
89 static int do_adb_reset_bus(void);
90 static void adbdev_init(void);
91 static int try_handler_change(int, int);
92 
93 static struct adb_handler {
94 	void (*handler)(unsigned char *, int, int);
95 	int original_address;
96 	int handler_id;
97 	int busy;
98 } adb_handler[16];
99 
100 /*
101  * The adb_handler_mutex mutex protects all accesses to the original_address
102  * and handler_id fields of adb_handler[i] for all i, and changes to the
103  * handler field.
104  * Accesses to the handler field are protected by the adb_handler_lock
105  * rwlock.  It is held across all calls to any handler, so that by the
106  * time adb_unregister returns, we know that the old handler isn't being
107  * called.
108  */
109 static DEFINE_MUTEX(adb_handler_mutex);
110 static DEFINE_RWLOCK(adb_handler_lock);
111 
112 #if 0
113 static void printADBreply(struct adb_request *req)
114 {
115         int i;
116 
117         printk("adb reply (%d)", req->reply_len);
118         for(i = 0; i < req->reply_len; i++)
119                 printk(" %x", req->reply[i]);
120         printk("\n");
121 
122 }
123 #endif
124 
adb_scan_bus(void)125 static int adb_scan_bus(void)
126 {
127 	int i, highFree=0, noMovement;
128 	int devmask = 0;
129 	struct adb_request req;
130 
131 	/* assumes adb_handler[] is all zeroes at this point */
132 	for (i = 1; i < 16; i++) {
133 		/* see if there is anything at address i */
134 		adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
135                             (i << 4) | 0xf);
136 		if (req.reply_len > 1)
137 			/* one or more devices at this address */
138 			adb_handler[i].original_address = i;
139 		else if (i > highFree)
140 			highFree = i;
141 	}
142 
143 	/* Note we reset noMovement to 0 each time we move a device */
144 	for (noMovement = 1; noMovement < 2 && highFree > 0; noMovement++) {
145 		for (i = 1; i < 16; i++) {
146 			if (adb_handler[i].original_address == 0)
147 				continue;
148 			/*
149 			 * Send a "talk register 3" command to address i
150 			 * to provoke a collision if there is more than
151 			 * one device at this address.
152 			 */
153 			adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
154 				    (i << 4) | 0xf);
155 			/*
156 			 * Move the device(s) which didn't detect a
157 			 * collision to address `highFree'.  Hopefully
158 			 * this only moves one device.
159 			 */
160 			adb_request(&req, NULL, ADBREQ_SYNC, 3,
161 				    (i<< 4) | 0xb, (highFree | 0x60), 0xfe);
162 			/*
163 			 * See if anybody actually moved. This is suggested
164 			 * by HW TechNote 01:
165 			 *
166 			 * https://developer.apple.com/technotes/hw/hw_01.html
167 			 */
168 			adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
169 				    (highFree << 4) | 0xf);
170 			if (req.reply_len <= 1) continue;
171 			/*
172 			 * Test whether there are any device(s) left
173 			 * at address i.
174 			 */
175 			adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
176 				    (i << 4) | 0xf);
177 			if (req.reply_len > 1) {
178 				/*
179 				 * There are still one or more devices
180 				 * left at address i.  Register the one(s)
181 				 * we moved to `highFree', and find a new
182 				 * value for highFree.
183 				 */
184 				adb_handler[highFree].original_address =
185 					adb_handler[i].original_address;
186 				while (highFree > 0 &&
187 				       adb_handler[highFree].original_address)
188 					highFree--;
189 				if (highFree <= 0)
190 					break;
191 
192 				noMovement = 0;
193 			} else {
194 				/*
195 				 * No devices left at address i; move the
196 				 * one(s) we moved to `highFree' back to i.
197 				 */
198 				adb_request(&req, NULL, ADBREQ_SYNC, 3,
199 					    (highFree << 4) | 0xb,
200 					    (i | 0x60), 0xfe);
201 			}
202 		}
203 	}
204 
205 	/* Now fill in the handler_id field of the adb_handler entries. */
206 	for (i = 1; i < 16; i++) {
207 		if (adb_handler[i].original_address == 0)
208 			continue;
209 		adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
210 			    (i << 4) | 0xf);
211 		adb_handler[i].handler_id = req.reply[2];
212 		printk(KERN_DEBUG "adb device [%d]: %d 0x%X\n", i,
213 		       adb_handler[i].original_address,
214 		       adb_handler[i].handler_id);
215 		devmask |= 1 << i;
216 	}
217 	return devmask;
218 }
219 
220 /*
221  * This kernel task handles ADB probing. It dies once probing is
222  * completed.
223  */
224 static int
adb_probe_task(void * x)225 adb_probe_task(void *x)
226 {
227 	pr_debug("adb: starting probe task...\n");
228 	do_adb_reset_bus();
229 	pr_debug("adb: finished probe task...\n");
230 
231 	up(&adb_probe_mutex);
232 
233 	return 0;
234 }
235 
236 static void
__adb_probe_task(struct work_struct * bullshit)237 __adb_probe_task(struct work_struct *bullshit)
238 {
239 	kthread_run(adb_probe_task, NULL, "kadbprobe");
240 }
241 
242 static DECLARE_WORK(adb_reset_work, __adb_probe_task);
243 
244 int
adb_reset_bus(void)245 adb_reset_bus(void)
246 {
247 	if (__adb_probe_sync) {
248 		do_adb_reset_bus();
249 		return 0;
250 	}
251 
252 	down(&adb_probe_mutex);
253 	schedule_work(&adb_reset_work);
254 	return 0;
255 }
256 
257 #ifdef CONFIG_PM
258 /*
259  * notify clients before sleep
260  */
__adb_suspend(struct platform_device * dev,pm_message_t state)261 static int __adb_suspend(struct platform_device *dev, pm_message_t state)
262 {
263 	adb_got_sleep = 1;
264 	/* We need to get a lock on the probe thread */
265 	down(&adb_probe_mutex);
266 	/* Stop autopoll */
267 	if (adb_controller->autopoll)
268 		adb_controller->autopoll(0);
269 	blocking_notifier_call_chain(&adb_client_list, ADB_MSG_POWERDOWN, NULL);
270 
271 	return 0;
272 }
273 
adb_suspend(struct device * dev)274 static int adb_suspend(struct device *dev)
275 {
276 	return __adb_suspend(to_platform_device(dev), PMSG_SUSPEND);
277 }
278 
adb_freeze(struct device * dev)279 static int adb_freeze(struct device *dev)
280 {
281 	return __adb_suspend(to_platform_device(dev), PMSG_FREEZE);
282 }
283 
adb_poweroff(struct device * dev)284 static int adb_poweroff(struct device *dev)
285 {
286 	return __adb_suspend(to_platform_device(dev), PMSG_HIBERNATE);
287 }
288 
289 /*
290  * reset bus after sleep
291  */
__adb_resume(struct platform_device * dev)292 static int __adb_resume(struct platform_device *dev)
293 {
294 	adb_got_sleep = 0;
295 	up(&adb_probe_mutex);
296 	adb_reset_bus();
297 
298 	return 0;
299 }
300 
adb_resume(struct device * dev)301 static int adb_resume(struct device *dev)
302 {
303 	return __adb_resume(to_platform_device(dev));
304 }
305 #endif /* CONFIG_PM */
306 
adb_init(void)307 static int __init adb_init(void)
308 {
309 	struct adb_driver *driver;
310 	int i;
311 
312 #ifdef CONFIG_PPC32
313 	if (!machine_is(chrp) && !machine_is(powermac))
314 		return 0;
315 #endif
316 #ifdef CONFIG_MAC
317 	if (!MACH_IS_MAC)
318 		return 0;
319 #endif
320 
321 	/* xmon may do early-init */
322 	if (adb_inited)
323 		return 0;
324 	adb_inited = 1;
325 
326 	adb_controller = NULL;
327 
328 	i = 0;
329 	while ((driver = adb_driver_list[i++]) != NULL) {
330 		if (!driver->probe()) {
331 			adb_controller = driver;
332 			break;
333 		}
334 	}
335 	if (adb_controller != NULL && adb_controller->init &&
336 	    adb_controller->init())
337 		adb_controller = NULL;
338 	if (adb_controller == NULL) {
339 		pr_warn("Warning: no ADB interface detected\n");
340 	} else {
341 #ifdef CONFIG_PPC
342 		if (of_machine_is_compatible("AAPL,PowerBook1998") ||
343 			of_machine_is_compatible("PowerBook1,1"))
344 			sleepy_trackpad = 1;
345 #endif /* CONFIG_PPC */
346 
347 		adbdev_init();
348 		adb_reset_bus();
349 	}
350 	return 0;
351 }
352 
353 device_initcall(adb_init);
354 
355 static int
do_adb_reset_bus(void)356 do_adb_reset_bus(void)
357 {
358 	int ret;
359 
360 	if (adb_controller == NULL)
361 		return -ENXIO;
362 
363 	if (adb_controller->autopoll)
364 		adb_controller->autopoll(0);
365 
366 	blocking_notifier_call_chain(&adb_client_list,
367 		ADB_MSG_PRE_RESET, NULL);
368 
369 	if (sleepy_trackpad) {
370 		/* Let the trackpad settle down */
371 		msleep(500);
372 	}
373 
374 	mutex_lock(&adb_handler_mutex);
375 	write_lock_irq(&adb_handler_lock);
376 	memset(adb_handler, 0, sizeof(adb_handler));
377 	write_unlock_irq(&adb_handler_lock);
378 
379 	/* That one is still a bit synchronous, oh well... */
380 	if (adb_controller->reset_bus)
381 		ret = adb_controller->reset_bus();
382 	else
383 		ret = 0;
384 
385 	if (sleepy_trackpad) {
386 		/* Let the trackpad settle down */
387 		msleep(1500);
388 	}
389 
390 	if (!ret) {
391 		autopoll_devs = adb_scan_bus();
392 		if (adb_controller->autopoll)
393 			adb_controller->autopoll(autopoll_devs);
394 	}
395 	mutex_unlock(&adb_handler_mutex);
396 
397 	blocking_notifier_call_chain(&adb_client_list,
398 		ADB_MSG_POST_RESET, NULL);
399 
400 	return ret;
401 }
402 
403 void
adb_poll(void)404 adb_poll(void)
405 {
406 	if ((adb_controller == NULL)||(adb_controller->poll == NULL))
407 		return;
408 	adb_controller->poll();
409 }
410 EXPORT_SYMBOL(adb_poll);
411 
adb_sync_req_done(struct adb_request * req)412 static void adb_sync_req_done(struct adb_request *req)
413 {
414 	struct completion *comp = req->arg;
415 
416 	complete(comp);
417 }
418 
419 int
adb_request(struct adb_request * req,void (* done)(struct adb_request *),int flags,int nbytes,...)420 adb_request(struct adb_request *req, void (*done)(struct adb_request *),
421 	    int flags, int nbytes, ...)
422 {
423 	va_list list;
424 	int i;
425 	int rc;
426 	struct completion comp;
427 
428 	if ((adb_controller == NULL) || (adb_controller->send_request == NULL))
429 		return -ENXIO;
430 	if (nbytes < 1)
431 		return -EINVAL;
432 
433 	req->nbytes = nbytes+1;
434 	req->done = done;
435 	req->reply_expected = flags & ADBREQ_REPLY;
436 	req->data[0] = ADB_PACKET;
437 	va_start(list, nbytes);
438 	for (i = 0; i < nbytes; ++i)
439 		req->data[i+1] = va_arg(list, int);
440 	va_end(list);
441 
442 	if (flags & ADBREQ_NOSEND)
443 		return 0;
444 
445 	/* Synchronous requests block using an on-stack completion */
446 	if (flags & ADBREQ_SYNC) {
447 		WARN_ON(done);
448 		req->done = adb_sync_req_done;
449 		req->arg = ∁
450 		init_completion(&comp);
451 	}
452 
453 	rc = adb_controller->send_request(req, 0);
454 
455 	if ((flags & ADBREQ_SYNC) && !rc && !req->complete)
456 		wait_for_completion(&comp);
457 
458 	return rc;
459 }
460 EXPORT_SYMBOL(adb_request);
461 
462  /* Ultimately this should return the number of devices with
463     the given default id.
464     And it does it now ! Note: changed behaviour: This function
465     will now register if default_id _and_ handler_id both match
466     but handler_id can be left to 0 to match with default_id only.
467     When handler_id is set, this function will try to adjust
468     the handler_id id it doesn't match. */
469 int
adb_register(int default_id,int handler_id,struct adb_ids * ids,void (* handler)(unsigned char *,int,int))470 adb_register(int default_id, int handler_id, struct adb_ids *ids,
471 	     void (*handler)(unsigned char *, int, int))
472 {
473 	int i;
474 
475 	mutex_lock(&adb_handler_mutex);
476 	ids->nids = 0;
477 	for (i = 1; i < 16; i++) {
478 		if ((adb_handler[i].original_address == default_id) &&
479 		    (!handler_id || (handler_id == adb_handler[i].handler_id) ||
480 		    try_handler_change(i, handler_id))) {
481 			if (adb_handler[i].handler != 0) {
482 				pr_err("Two handlers for ADB device %d\n",
483 				       default_id);
484 				continue;
485 			}
486 			write_lock_irq(&adb_handler_lock);
487 			adb_handler[i].handler = handler;
488 			write_unlock_irq(&adb_handler_lock);
489 			ids->id[ids->nids++] = i;
490 		}
491 	}
492 	mutex_unlock(&adb_handler_mutex);
493 	return ids->nids;
494 }
495 EXPORT_SYMBOL(adb_register);
496 
497 int
adb_unregister(int index)498 adb_unregister(int index)
499 {
500 	int ret = -ENODEV;
501 
502 	mutex_lock(&adb_handler_mutex);
503 	write_lock_irq(&adb_handler_lock);
504 	if (adb_handler[index].handler) {
505 		while(adb_handler[index].busy) {
506 			write_unlock_irq(&adb_handler_lock);
507 			yield();
508 			write_lock_irq(&adb_handler_lock);
509 		}
510 		ret = 0;
511 		adb_handler[index].handler = NULL;
512 	}
513 	write_unlock_irq(&adb_handler_lock);
514 	mutex_unlock(&adb_handler_mutex);
515 	return ret;
516 }
517 EXPORT_SYMBOL(adb_unregister);
518 
519 void
adb_input(unsigned char * buf,int nb,int autopoll)520 adb_input(unsigned char *buf, int nb, int autopoll)
521 {
522 	int i, id;
523 	static int dump_adb_input;
524 	unsigned long flags;
525 
526 	void (*handler)(unsigned char *, int, int);
527 
528 	/* We skip keystrokes and mouse moves when the sleep process
529 	 * has been started. We stop autopoll, but this is another security
530 	 */
531 	if (adb_got_sleep)
532 		return;
533 
534 	id = buf[0] >> 4;
535 	if (dump_adb_input) {
536 		pr_info("adb packet: ");
537 		for (i = 0; i < nb; ++i)
538 			pr_cont(" %x", buf[i]);
539 		pr_cont(", id = %d\n", id);
540 	}
541 	write_lock_irqsave(&adb_handler_lock, flags);
542 	handler = adb_handler[id].handler;
543 	if (handler != NULL)
544 		adb_handler[id].busy = 1;
545 	write_unlock_irqrestore(&adb_handler_lock, flags);
546 	if (handler != NULL) {
547 		(*handler)(buf, nb, autopoll);
548 		wmb();
549 		adb_handler[id].busy = 0;
550 	}
551 
552 }
553 
554 /* Try to change handler to new_id. Will return 1 if successful. */
try_handler_change(int address,int new_id)555 static int try_handler_change(int address, int new_id)
556 {
557 	struct adb_request req;
558 
559 	if (adb_handler[address].handler_id == new_id)
560 	    return 1;
561 	adb_request(&req, NULL, ADBREQ_SYNC, 3,
562 	    ADB_WRITEREG(address, 3), address | 0x20, new_id);
563 	adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
564 	    ADB_READREG(address, 3));
565 	if (req.reply_len < 2)
566 	    return 0;
567 	if (req.reply[2] != new_id)
568 	    return 0;
569 	adb_handler[address].handler_id = req.reply[2];
570 
571 	return 1;
572 }
573 
574 int
adb_try_handler_change(int address,int new_id)575 adb_try_handler_change(int address, int new_id)
576 {
577 	int ret;
578 
579 	mutex_lock(&adb_handler_mutex);
580 	ret = try_handler_change(address, new_id);
581 	mutex_unlock(&adb_handler_mutex);
582 	if (ret)
583 		pr_debug("adb handler change: [%d] 0x%X\n", address, new_id);
584 	return ret;
585 }
586 EXPORT_SYMBOL(adb_try_handler_change);
587 
588 int
adb_get_infos(int address,int * original_address,int * handler_id)589 adb_get_infos(int address, int *original_address, int *handler_id)
590 {
591 	mutex_lock(&adb_handler_mutex);
592 	*original_address = adb_handler[address].original_address;
593 	*handler_id = adb_handler[address].handler_id;
594 	mutex_unlock(&adb_handler_mutex);
595 
596 	return (*original_address != 0);
597 }
598 
599 
600 /*
601  * /dev/adb device driver.
602  */
603 
604 #define ADB_MAJOR	56	/* major number for /dev/adb */
605 
606 struct adbdev_state {
607 	spinlock_t	lock;
608 	atomic_t	n_pending;
609 	struct adb_request *completed;
610   	wait_queue_head_t wait_queue;
611 	int		inuse;
612 };
613 
adb_write_done(struct adb_request * req)614 static void adb_write_done(struct adb_request *req)
615 {
616 	struct adbdev_state *state = (struct adbdev_state *) req->arg;
617 	unsigned long flags;
618 
619 	if (!req->complete) {
620 		req->reply_len = 0;
621 		req->complete = 1;
622 	}
623 	spin_lock_irqsave(&state->lock, flags);
624 	atomic_dec(&state->n_pending);
625 	if (!state->inuse) {
626 		kfree(req);
627 		if (atomic_read(&state->n_pending) == 0) {
628 			spin_unlock_irqrestore(&state->lock, flags);
629 			kfree(state);
630 			return;
631 		}
632 	} else {
633 		struct adb_request **ap = &state->completed;
634 		while (*ap != NULL)
635 			ap = &(*ap)->next;
636 		req->next = NULL;
637 		*ap = req;
638 		wake_up_interruptible(&state->wait_queue);
639 	}
640 	spin_unlock_irqrestore(&state->lock, flags);
641 }
642 
643 static int
do_adb_query(struct adb_request * req)644 do_adb_query(struct adb_request *req)
645 {
646 	int	ret = -EINVAL;
647 
648 	switch(req->data[1]) {
649 	case ADB_QUERY_GETDEVINFO:
650 		if (req->nbytes < 3)
651 			break;
652 		mutex_lock(&adb_handler_mutex);
653 		req->reply[0] = adb_handler[req->data[2]].original_address;
654 		req->reply[1] = adb_handler[req->data[2]].handler_id;
655 		mutex_unlock(&adb_handler_mutex);
656 		req->complete = 1;
657 		req->reply_len = 2;
658 		adb_write_done(req);
659 		ret = 0;
660 		break;
661 	}
662 	return ret;
663 }
664 
adb_open(struct inode * inode,struct file * file)665 static int adb_open(struct inode *inode, struct file *file)
666 {
667 	struct adbdev_state *state;
668 	int ret = 0;
669 
670 	mutex_lock(&adb_mutex);
671 	if (iminor(inode) > 0 || adb_controller == NULL) {
672 		ret = -ENXIO;
673 		goto out;
674 	}
675 	state = kmalloc(sizeof(struct adbdev_state), GFP_KERNEL);
676 	if (state == 0) {
677 		ret = -ENOMEM;
678 		goto out;
679 	}
680 	file->private_data = state;
681 	spin_lock_init(&state->lock);
682 	atomic_set(&state->n_pending, 0);
683 	state->completed = NULL;
684 	init_waitqueue_head(&state->wait_queue);
685 	state->inuse = 1;
686 
687 out:
688 	mutex_unlock(&adb_mutex);
689 	return ret;
690 }
691 
adb_release(struct inode * inode,struct file * file)692 static int adb_release(struct inode *inode, struct file *file)
693 {
694 	struct adbdev_state *state = file->private_data;
695 	unsigned long flags;
696 
697 	mutex_lock(&adb_mutex);
698 	if (state) {
699 		file->private_data = NULL;
700 		spin_lock_irqsave(&state->lock, flags);
701 		if (atomic_read(&state->n_pending) == 0
702 		    && state->completed == NULL) {
703 			spin_unlock_irqrestore(&state->lock, flags);
704 			kfree(state);
705 		} else {
706 			state->inuse = 0;
707 			spin_unlock_irqrestore(&state->lock, flags);
708 		}
709 	}
710 	mutex_unlock(&adb_mutex);
711 	return 0;
712 }
713 
adb_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)714 static ssize_t adb_read(struct file *file, char __user *buf,
715 			size_t count, loff_t *ppos)
716 {
717 	int ret = 0;
718 	struct adbdev_state *state = file->private_data;
719 	struct adb_request *req;
720 	DECLARE_WAITQUEUE(wait, current);
721 	unsigned long flags;
722 
723 	if (count < 2)
724 		return -EINVAL;
725 	if (count > sizeof(req->reply))
726 		count = sizeof(req->reply);
727 
728 	req = NULL;
729 	spin_lock_irqsave(&state->lock, flags);
730 	add_wait_queue(&state->wait_queue, &wait);
731 	set_current_state(TASK_INTERRUPTIBLE);
732 
733 	for (;;) {
734 		req = state->completed;
735 		if (req != NULL)
736 			state->completed = req->next;
737 		else if (atomic_read(&state->n_pending) == 0)
738 			ret = -EIO;
739 		if (req != NULL || ret != 0)
740 			break;
741 
742 		if (file->f_flags & O_NONBLOCK) {
743 			ret = -EAGAIN;
744 			break;
745 		}
746 		if (signal_pending(current)) {
747 			ret = -ERESTARTSYS;
748 			break;
749 		}
750 		spin_unlock_irqrestore(&state->lock, flags);
751 		schedule();
752 		spin_lock_irqsave(&state->lock, flags);
753 	}
754 
755 	set_current_state(TASK_RUNNING);
756 	remove_wait_queue(&state->wait_queue, &wait);
757 	spin_unlock_irqrestore(&state->lock, flags);
758 
759 	if (ret)
760 		return ret;
761 
762 	ret = req->reply_len;
763 	if (ret > count)
764 		ret = count;
765 	if (ret > 0 && copy_to_user(buf, req->reply, ret))
766 		ret = -EFAULT;
767 
768 	kfree(req);
769 	return ret;
770 }
771 
adb_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)772 static ssize_t adb_write(struct file *file, const char __user *buf,
773 			 size_t count, loff_t *ppos)
774 {
775 	int ret/*, i*/;
776 	struct adbdev_state *state = file->private_data;
777 	struct adb_request *req;
778 
779 	if (count < 2 || count > sizeof(req->data))
780 		return -EINVAL;
781 	if (adb_controller == NULL)
782 		return -ENXIO;
783 
784 	req = kmalloc(sizeof(struct adb_request),
785 					     GFP_KERNEL);
786 	if (req == NULL)
787 		return -ENOMEM;
788 
789 	req->nbytes = count;
790 	req->done = adb_write_done;
791 	req->arg = (void *) state;
792 	req->complete = 0;
793 
794 	ret = -EFAULT;
795 	if (copy_from_user(req->data, buf, count))
796 		goto out;
797 
798 	atomic_inc(&state->n_pending);
799 
800 	/* If a probe is in progress or we are sleeping, wait for it to complete */
801 	down(&adb_probe_mutex);
802 
803 	/* Queries are special requests sent to the ADB driver itself */
804 	if (req->data[0] == ADB_QUERY) {
805 		if (count > 1)
806 			ret = do_adb_query(req);
807 		else
808 			ret = -EINVAL;
809 		up(&adb_probe_mutex);
810 	}
811 	/* Special case for ADB_BUSRESET request, all others are sent to
812 	   the controller */
813 	else if ((req->data[0] == ADB_PACKET) && (count > 1)
814 		&& (req->data[1] == ADB_BUSRESET)) {
815 		ret = do_adb_reset_bus();
816 		up(&adb_probe_mutex);
817 		atomic_dec(&state->n_pending);
818 		if (ret == 0)
819 			ret = count;
820 		goto out;
821 	} else {
822 		req->reply_expected = ((req->data[1] & 0xc) == 0xc);
823 		if (adb_controller && adb_controller->send_request)
824 			ret = adb_controller->send_request(req, 0);
825 		else
826 			ret = -ENXIO;
827 		up(&adb_probe_mutex);
828 	}
829 
830 	if (ret != 0) {
831 		atomic_dec(&state->n_pending);
832 		goto out;
833 	}
834 	return count;
835 
836 out:
837 	kfree(req);
838 	return ret;
839 }
840 
841 static const struct file_operations adb_fops = {
842 	.owner		= THIS_MODULE,
843 	.llseek		= no_llseek,
844 	.read		= adb_read,
845 	.write		= adb_write,
846 	.open		= adb_open,
847 	.release	= adb_release,
848 };
849 
850 #ifdef CONFIG_PM
851 static const struct dev_pm_ops adb_dev_pm_ops = {
852 	.suspend = adb_suspend,
853 	.resume = adb_resume,
854 	/* Hibernate hooks */
855 	.freeze = adb_freeze,
856 	.thaw = adb_resume,
857 	.poweroff = adb_poweroff,
858 	.restore = adb_resume,
859 };
860 #endif
861 
862 static struct platform_driver adb_pfdrv = {
863 	.driver = {
864 		.name = "adb",
865 #ifdef CONFIG_PM
866 		.pm = &adb_dev_pm_ops,
867 #endif
868 	},
869 };
870 
871 static struct platform_device adb_pfdev = {
872 	.name = "adb",
873 };
874 
875 static int __init
adb_dummy_probe(struct platform_device * dev)876 adb_dummy_probe(struct platform_device *dev)
877 {
878 	if (dev == &adb_pfdev)
879 		return 0;
880 	return -ENODEV;
881 }
882 
883 static void __init
adbdev_init(void)884 adbdev_init(void)
885 {
886 	if (register_chrdev(ADB_MAJOR, "adb", &adb_fops)) {
887 		pr_err("adb: unable to get major %d\n", ADB_MAJOR);
888 		return;
889 	}
890 
891 	adb_dev_class = class_create(THIS_MODULE, "adb");
892 	if (IS_ERR(adb_dev_class))
893 		return;
894 	device_create(adb_dev_class, NULL, MKDEV(ADB_MAJOR, 0), NULL, "adb");
895 
896 	platform_device_register(&adb_pfdev);
897 	platform_driver_probe(&adb_pfdrv, adb_dummy_probe);
898 }
899