1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  linux/drivers/block/floppy.c
4  *
5  *  Copyright (C) 1991, 1992  Linus Torvalds
6  *  Copyright (C) 1993, 1994  Alain Knaff
7  *  Copyright (C) 1998 Alan Cox
8  */
9 
10 /*
11  * 02.12.91 - Changed to static variables to indicate need for reset
12  * and recalibrate. This makes some things easier (output_byte reset
13  * checking etc), and means less interrupt jumping in case of errors,
14  * so the code is hopefully easier to understand.
15  */
16 
17 /*
18  * This file is certainly a mess. I've tried my best to get it working,
19  * but I don't like programming floppies, and I have only one anyway.
20  * Urgel. I should check for more errors, and do more graceful error
21  * recovery. Seems there are problems with several drives. I've tried to
22  * correct them. No promises.
23  */
24 
25 /*
26  * As with hd.c, all routines within this file can (and will) be called
27  * by interrupts, so extreme caution is needed. A hardware interrupt
28  * handler may not sleep, or a kernel panic will happen. Thus I cannot
29  * call "floppy-on" directly, but have to set a special timer interrupt
30  * etc.
31  */
32 
33 /*
34  * 28.02.92 - made track-buffering routines, based on the routines written
35  * by entropy@wintermute.wpi.edu (Lawrence Foard). Linus.
36  */
37 
38 /*
39  * Automatic floppy-detection and formatting written by Werner Almesberger
40  * (almesber@nessie.cs.id.ethz.ch), who also corrected some problems with
41  * the floppy-change signal detection.
42  */
43 
44 /*
45  * 1992/7/22 -- Hennus Bergman: Added better error reporting, fixed
46  * FDC data overrun bug, added some preliminary stuff for vertical
47  * recording support.
48  *
49  * 1992/9/17: Added DMA allocation & DMA functions. -- hhb.
50  *
51  * TODO: Errors are still not counted properly.
52  */
53 
54 /* 1992/9/20
55  * Modifications for ``Sector Shifting'' by Rob Hooft (hooft@chem.ruu.nl)
56  * modeled after the freeware MS-DOS program fdformat/88 V1.8 by
57  * Christoph H. Hochst\"atter.
58  * I have fixed the shift values to the ones I always use. Maybe a new
59  * ioctl() should be created to be able to modify them.
60  * There is a bug in the driver that makes it impossible to format a
61  * floppy as the first thing after bootup.
62  */
63 
64 /*
65  * 1993/4/29 -- Linus -- cleaned up the timer handling in the kernel, and
66  * this helped the floppy driver as well. Much cleaner, and still seems to
67  * work.
68  */
69 
70 /* 1994/6/24 --bbroad-- added the floppy table entries and made
71  * minor modifications to allow 2.88 floppies to be run.
72  */
73 
74 /* 1994/7/13 -- Paul Vojta -- modified the probing code to allow three or more
75  * disk types.
76  */
77 
78 /*
79  * 1994/8/8 -- Alain Knaff -- Switched to fdpatch driver: Support for bigger
80  * format bug fixes, but unfortunately some new bugs too...
81  */
82 
83 /* 1994/9/17 -- Koen Holtman -- added logging of physical floppy write
84  * errors to allow safe writing by specialized programs.
85  */
86 
87 /* 1995/4/24 -- Dan Fandrich -- added support for Commodore 1581 3.5" disks
88  * by defining bit 1 of the "stretch" parameter to mean put sectors on the
89  * opposite side of the disk, leaving the sector IDs alone (i.e. Commodore's
90  * drives are "upside-down").
91  */
92 
93 /*
94  * 1995/8/26 -- Andreas Busse -- added Mips support.
95  */
96 
97 /*
98  * 1995/10/18 -- Ralf Baechle -- Portability cleanup; move machine dependent
99  * features to asm/floppy.h.
100  */
101 
102 /*
103  * 1998/1/21 -- Richard Gooch <rgooch@atnf.csiro.au> -- devfs support
104  */
105 
106 /*
107  * 1998/05/07 -- Russell King -- More portability cleanups; moved definition of
108  * interrupt and dma channel to asm/floppy.h. Cleaned up some formatting &
109  * use of '0' for NULL.
110  */
111 
112 /*
113  * 1998/06/07 -- Alan Cox -- Merged the 2.0.34 fixes for resource allocation
114  * failures.
115  */
116 
117 /*
118  * 1998/09/20 -- David Weinehall -- Added slow-down code for buggy PS/2-drives.
119  */
120 
121 /*
122  * 1999/08/13 -- Paul Slootman -- floppy stopped working on Alpha after 24
123  * days, 6 hours, 32 minutes and 32 seconds (i.e. MAXINT jiffies; ints were
124  * being used to store jiffies, which are unsigned longs).
125  */
126 
127 /*
128  * 2000/08/28 -- Arnaldo Carvalho de Melo <acme@conectiva.com.br>
129  * - get rid of check_region
130  * - s/suser/capable/
131  */
132 
133 /*
134  * 2001/08/26 -- Paul Gortmaker - fix insmod oops on machines with no
135  * floppy controller (lingering task on list after module is gone... boom.)
136  */
137 
138 /*
139  * 2002/02/07 -- Anton Altaparmakov - Fix io ports reservation to correct range
140  * (0x3f2-0x3f5, 0x3f7). This fix is a bit of a hack but the proper fix
141  * requires many non-obvious changes in arch dependent code.
142  */
143 
144 /* 2003/07/28 -- Daniele Bellucci <bellucda@tiscali.it>.
145  * Better audit of register_blkdev.
146  */
147 
148 #undef  FLOPPY_SILENT_DCL_CLEAR
149 
150 #define REALLY_SLOW_IO
151 
152 #define DEBUGT 2
153 
154 #define DPRINT(format, args...) \
155 	pr_info("floppy%d: " format, current_drive, ##args)
156 
157 #define DCL_DEBUG		/* debug disk change line */
158 #ifdef DCL_DEBUG
159 #define debug_dcl(test, fmt, args...) \
160 	do { if ((test) & FD_DEBUG) DPRINT(fmt, ##args); } while (0)
161 #else
162 #define debug_dcl(test, fmt, args...) \
163 	do { if (0) DPRINT(fmt, ##args); } while (0)
164 #endif
165 
166 /* do print messages for unexpected interrupts */
167 static int print_unex = 1;
168 #include <linux/module.h>
169 #include <linux/sched.h>
170 #include <linux/fs.h>
171 #include <linux/kernel.h>
172 #include <linux/timer.h>
173 #include <linux/workqueue.h>
174 #include <linux/fdreg.h>
175 #include <linux/fd.h>
176 #include <linux/hdreg.h>
177 #include <linux/errno.h>
178 #include <linux/slab.h>
179 #include <linux/mm.h>
180 #include <linux/bio.h>
181 #include <linux/string.h>
182 #include <linux/jiffies.h>
183 #include <linux/fcntl.h>
184 #include <linux/delay.h>
185 #include <linux/mc146818rtc.h>	/* CMOS defines */
186 #include <linux/ioport.h>
187 #include <linux/interrupt.h>
188 #include <linux/init.h>
189 #include <linux/platform_device.h>
190 #include <linux/mod_devicetable.h>
191 #include <linux/mutex.h>
192 #include <linux/io.h>
193 #include <linux/uaccess.h>
194 #include <linux/async.h>
195 #include <linux/compat.h>
196 
197 /*
198  * PS/2 floppies have much slower step rates than regular floppies.
199  * It's been recommended that take about 1/4 of the default speed
200  * in some more extreme cases.
201  */
202 static DEFINE_MUTEX(floppy_mutex);
203 static int slow_floppy;
204 
205 #include <asm/dma.h>
206 #include <asm/irq.h>
207 
208 static int FLOPPY_IRQ = 6;
209 static int FLOPPY_DMA = 2;
210 static int can_use_virtual_dma = 2;
211 /* =======
212  * can use virtual DMA:
213  * 0 = use of virtual DMA disallowed by config
214  * 1 = use of virtual DMA prescribed by config
215  * 2 = no virtual DMA preference configured.  By default try hard DMA,
216  * but fall back on virtual DMA when not enough memory available
217  */
218 
219 static int use_virtual_dma;
220 /* =======
221  * use virtual DMA
222  * 0 using hard DMA
223  * 1 using virtual DMA
224  * This variable is set to virtual when a DMA mem problem arises, and
225  * reset back in floppy_grab_irq_and_dma.
226  * It is not safe to reset it in other circumstances, because the floppy
227  * driver may have several buffers in use at once, and we do currently not
228  * record each buffers capabilities
229  */
230 
231 static DEFINE_SPINLOCK(floppy_lock);
232 
233 static unsigned short virtual_dma_port = 0x3f0;
234 irqreturn_t floppy_interrupt(int irq, void *dev_id);
235 static int set_dor(int fdc, char mask, char data);
236 
237 #define K_64	0x10000		/* 64KB */
238 
239 /* the following is the mask of allowed drives. By default units 2 and
240  * 3 of both floppy controllers are disabled, because switching on the
241  * motor of these drives causes system hangs on some PCI computers. drive
242  * 0 is the low bit (0x1), and drive 7 is the high bit (0x80). Bits are on if
243  * a drive is allowed.
244  *
245  * NOTE: This must come before we include the arch floppy header because
246  *       some ports reference this variable from there. -DaveM
247  */
248 
249 static int allowed_drive_mask = 0x33;
250 
251 #include <asm/floppy.h>
252 
253 static int irqdma_allocated;
254 
255 #include <linux/blk-mq.h>
256 #include <linux/blkpg.h>
257 #include <linux/cdrom.h>	/* for the compatibility eject ioctl */
258 #include <linux/completion.h>
259 
260 static LIST_HEAD(floppy_reqs);
261 static struct request *current_req;
262 static int set_next_request(void);
263 
264 #ifndef fd_get_dma_residue
265 #define fd_get_dma_residue() get_dma_residue(FLOPPY_DMA)
266 #endif
267 
268 /* Dma Memory related stuff */
269 
270 #ifndef fd_dma_mem_free
271 #define fd_dma_mem_free(addr, size) free_pages(addr, get_order(size))
272 #endif
273 
274 #ifndef fd_dma_mem_alloc
275 #define fd_dma_mem_alloc(size) __get_dma_pages(GFP_KERNEL, get_order(size))
276 #endif
277 
278 #ifndef fd_cacheflush
279 #define fd_cacheflush(addr, size) /* nothing... */
280 #endif
281 
fallback_on_nodma_alloc(char ** addr,size_t l)282 static inline void fallback_on_nodma_alloc(char **addr, size_t l)
283 {
284 #ifdef FLOPPY_CAN_FALLBACK_ON_NODMA
285 	if (*addr)
286 		return;		/* we have the memory */
287 	if (can_use_virtual_dma != 2)
288 		return;		/* no fallback allowed */
289 	pr_info("DMA memory shortage. Temporarily falling back on virtual DMA\n");
290 	*addr = (char *)nodma_mem_alloc(l);
291 #else
292 	return;
293 #endif
294 }
295 
296 /* End dma memory related stuff */
297 
298 static unsigned long fake_change;
299 static bool initialized;
300 
301 #define ITYPE(x)	(((x) >> 2) & 0x1f)
302 #define TOMINOR(x)	((x & 3) | ((x & 4) << 5))
303 #define UNIT(x)		((x) & 0x03)		/* drive on fdc */
304 #define FDC(x)		(((x) & 0x04) >> 2)	/* fdc of drive */
305 	/* reverse mapping from unit and fdc to drive */
306 #define REVDRIVE(fdc, unit) ((unit) + ((fdc) << 2))
307 
308 #define PH_HEAD(floppy, head) (((((floppy)->stretch & 2) >> 1) ^ head) << 2)
309 #define STRETCH(floppy)	((floppy)->stretch & FD_STRETCH)
310 
311 /* read/write commands */
312 #define COMMAND			0
313 #define DR_SELECT		1
314 #define TRACK			2
315 #define HEAD			3
316 #define SECTOR			4
317 #define SIZECODE		5
318 #define SECT_PER_TRACK		6
319 #define GAP			7
320 #define SIZECODE2		8
321 #define NR_RW 9
322 
323 /* format commands */
324 #define F_SIZECODE		2
325 #define F_SECT_PER_TRACK	3
326 #define F_GAP			4
327 #define F_FILL			5
328 #define NR_F 6
329 
330 /*
331  * Maximum disk size (in kilobytes).
332  * This default is used whenever the current disk size is unknown.
333  * [Now it is rather a minimum]
334  */
335 #define MAX_DISK_SIZE 4		/* 3984 */
336 
337 /*
338  * globals used by 'result()'
339  */
340 static unsigned char reply_buffer[FD_RAW_REPLY_SIZE];
341 static int inr;		/* size of reply buffer, when called from interrupt */
342 #define ST0		0
343 #define ST1		1
344 #define ST2		2
345 #define ST3		0	/* result of GETSTATUS */
346 #define R_TRACK		3
347 #define R_HEAD		4
348 #define R_SECTOR	5
349 #define R_SIZECODE	6
350 
351 #define SEL_DLY		(2 * HZ / 100)
352 
353 /*
354  * this struct defines the different floppy drive types.
355  */
356 static struct {
357 	struct floppy_drive_params params;
358 	const char *name;	/* name printed while booting */
359 } default_drive_params[] = {
360 /* NOTE: the time values in jiffies should be in msec!
361  CMOS drive type
362   |     Maximum data rate supported by drive type
363   |     |   Head load time, msec
364   |     |   |   Head unload time, msec (not used)
365   |     |   |   |     Step rate interval, usec
366   |     |   |   |     |       Time needed for spinup time (jiffies)
367   |     |   |   |     |       |      Timeout for spinning down (jiffies)
368   |     |   |   |     |       |      |   Spindown offset (where disk stops)
369   |     |   |   |     |       |      |   |     Select delay
370   |     |   |   |     |       |      |   |     |     RPS
371   |     |   |   |     |       |      |   |     |     |    Max number of tracks
372   |     |   |   |     |       |      |   |     |     |    |     Interrupt timeout
373   |     |   |   |     |       |      |   |     |     |    |     |   Max nonintlv. sectors
374   |     |   |   |     |       |      |   |     |     |    |     |   | -Max Errors- flags */
375 {{0,  500, 16, 16, 8000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  80, 3*HZ, 20, {3,1,2,0,2}, 0,
376       0, { 7, 4, 8, 2, 1, 5, 3,10}, 3*HZ/2, 0 }, "unknown" },
377 
378 {{1,  300, 16, 16, 8000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  40, 3*HZ, 17, {3,1,2,0,2}, 0,
379       0, { 1, 0, 0, 0, 0, 0, 0, 0}, 3*HZ/2, 1 }, "360K PC" }, /*5 1/4 360 KB PC*/
380 
381 {{2,  500, 16, 16, 6000, 4*HZ/10, 3*HZ, 14, SEL_DLY, 6,  83, 3*HZ, 17, {3,1,2,0,2}, 0,
382       0, { 2, 5, 6,23,10,20,12, 0}, 3*HZ/2, 2 }, "1.2M" }, /*5 1/4 HD AT*/
383 
384 {{3,  250, 16, 16, 3000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  83, 3*HZ, 20, {3,1,2,0,2}, 0,
385       0, { 4,22,21,30, 3, 0, 0, 0}, 3*HZ/2, 4 }, "720k" }, /*3 1/2 DD*/
386 
387 {{4,  500, 16, 16, 4000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 20, {3,1,2,0,2}, 0,
388       0, { 7, 4,25,22,31,21,29,11}, 3*HZ/2, 7 }, "1.44M" }, /*3 1/2 HD*/
389 
390 {{5, 1000, 15,  8, 3000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 40, {3,1,2,0,2}, 0,
391       0, { 7, 8, 4,25,28,22,31,21}, 3*HZ/2, 8 }, "2.88M AMI BIOS" }, /*3 1/2 ED*/
392 
393 {{6, 1000, 15,  8, 3000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 40, {3,1,2,0,2}, 0,
394       0, { 7, 8, 4,25,28,22,31,21}, 3*HZ/2, 8 }, "2.88M" } /*3 1/2 ED*/
395 /*    |  --autodetected formats---    |      |      |
396  *    read_track                      |      |    Name printed when booting
397  *				      |     Native format
398  *	            Frequency of disk change checks */
399 };
400 
401 static struct floppy_drive_params drive_params[N_DRIVE];
402 static struct floppy_drive_struct drive_state[N_DRIVE];
403 static struct floppy_write_errors write_errors[N_DRIVE];
404 static struct timer_list motor_off_timer[N_DRIVE];
405 static struct gendisk *disks[N_DRIVE];
406 static struct blk_mq_tag_set tag_sets[N_DRIVE];
407 static struct block_device *opened_bdev[N_DRIVE];
408 static DEFINE_MUTEX(open_lock);
409 static struct floppy_raw_cmd *raw_cmd, default_raw_cmd;
410 
411 /*
412  * This struct defines the different floppy types.
413  *
414  * Bit 0 of 'stretch' tells if the tracks need to be doubled for some
415  * types (e.g. 360kB diskette in 1.2MB drive, etc.).  Bit 1 of 'stretch'
416  * tells if the disk is in Commodore 1581 format, which means side 0 sectors
417  * are located on side 1 of the disk but with a side 0 ID, and vice-versa.
418  * This is the same as the Sharp MZ-80 5.25" CP/M disk format, except that the
419  * 1581's logical side 0 is on physical side 1, whereas the Sharp's logical
420  * side 0 is on physical side 0 (but with the misnamed sector IDs).
421  * 'stretch' should probably be renamed to something more general, like
422  * 'options'.
423  *
424  * Bits 2 through 9 of 'stretch' tell the number of the first sector.
425  * The LSB (bit 2) is flipped. For most disks, the first sector
426  * is 1 (represented by 0x00<<2).  For some CP/M and music sampler
427  * disks (such as Ensoniq EPS 16plus) it is 0 (represented as 0x01<<2).
428  * For Amstrad CPC disks it is 0xC1 (represented as 0xC0<<2).
429  *
430  * Other parameters should be self-explanatory (see also setfdprm(8)).
431  */
432 /*
433 	    Size
434 	     |  Sectors per track
435 	     |  | Head
436 	     |  | |  Tracks
437 	     |  | |  | Stretch
438 	     |  | |  | |  Gap 1 size
439 	     |  | |  | |    |  Data rate, | 0x40 for perp
440 	     |  | |  | |    |    |  Spec1 (stepping rate, head unload
441 	     |  | |  | |    |    |    |    /fmt gap (gap2) */
442 static struct floppy_struct floppy_type[32] = {
443 	{    0, 0,0, 0,0,0x00,0x00,0x00,0x00,NULL    },	/*  0 no testing    */
444 	{  720, 9,2,40,0,0x2A,0x02,0xDF,0x50,"d360"  }, /*  1 360KB PC      */
445 	{ 2400,15,2,80,0,0x1B,0x00,0xDF,0x54,"h1200" },	/*  2 1.2MB AT      */
446 	{  720, 9,1,80,0,0x2A,0x02,0xDF,0x50,"D360"  },	/*  3 360KB SS 3.5" */
447 	{ 1440, 9,2,80,0,0x2A,0x02,0xDF,0x50,"D720"  },	/*  4 720KB 3.5"    */
448 	{  720, 9,2,40,1,0x23,0x01,0xDF,0x50,"h360"  },	/*  5 360KB AT      */
449 	{ 1440, 9,2,80,0,0x23,0x01,0xDF,0x50,"h720"  },	/*  6 720KB AT      */
450 	{ 2880,18,2,80,0,0x1B,0x00,0xCF,0x6C,"H1440" },	/*  7 1.44MB 3.5"   */
451 	{ 5760,36,2,80,0,0x1B,0x43,0xAF,0x54,"E2880" },	/*  8 2.88MB 3.5"   */
452 	{ 6240,39,2,80,0,0x1B,0x43,0xAF,0x28,"E3120" },	/*  9 3.12MB 3.5"   */
453 
454 	{ 2880,18,2,80,0,0x25,0x00,0xDF,0x02,"h1440" }, /* 10 1.44MB 5.25"  */
455 	{ 3360,21,2,80,0,0x1C,0x00,0xCF,0x0C,"H1680" }, /* 11 1.68MB 3.5"   */
456 	{  820,10,2,41,1,0x25,0x01,0xDF,0x2E,"h410"  },	/* 12 410KB 5.25"   */
457 	{ 1640,10,2,82,0,0x25,0x02,0xDF,0x2E,"H820"  },	/* 13 820KB 3.5"    */
458 	{ 2952,18,2,82,0,0x25,0x00,0xDF,0x02,"h1476" },	/* 14 1.48MB 5.25"  */
459 	{ 3444,21,2,82,0,0x25,0x00,0xDF,0x0C,"H1722" },	/* 15 1.72MB 3.5"   */
460 	{  840,10,2,42,1,0x25,0x01,0xDF,0x2E,"h420"  },	/* 16 420KB 5.25"   */
461 	{ 1660,10,2,83,0,0x25,0x02,0xDF,0x2E,"H830"  },	/* 17 830KB 3.5"    */
462 	{ 2988,18,2,83,0,0x25,0x00,0xDF,0x02,"h1494" },	/* 18 1.49MB 5.25"  */
463 	{ 3486,21,2,83,0,0x25,0x00,0xDF,0x0C,"H1743" }, /* 19 1.74 MB 3.5"  */
464 
465 	{ 1760,11,2,80,0,0x1C,0x09,0xCF,0x00,"h880"  }, /* 20 880KB 5.25"   */
466 	{ 2080,13,2,80,0,0x1C,0x01,0xCF,0x00,"D1040" }, /* 21 1.04MB 3.5"   */
467 	{ 2240,14,2,80,0,0x1C,0x19,0xCF,0x00,"D1120" }, /* 22 1.12MB 3.5"   */
468 	{ 3200,20,2,80,0,0x1C,0x20,0xCF,0x2C,"h1600" }, /* 23 1.6MB 5.25"   */
469 	{ 3520,22,2,80,0,0x1C,0x08,0xCF,0x2e,"H1760" }, /* 24 1.76MB 3.5"   */
470 	{ 3840,24,2,80,0,0x1C,0x20,0xCF,0x00,"H1920" }, /* 25 1.92MB 3.5"   */
471 	{ 6400,40,2,80,0,0x25,0x5B,0xCF,0x00,"E3200" }, /* 26 3.20MB 3.5"   */
472 	{ 7040,44,2,80,0,0x25,0x5B,0xCF,0x00,"E3520" }, /* 27 3.52MB 3.5"   */
473 	{ 7680,48,2,80,0,0x25,0x63,0xCF,0x00,"E3840" }, /* 28 3.84MB 3.5"   */
474 	{ 3680,23,2,80,0,0x1C,0x10,0xCF,0x00,"H1840" }, /* 29 1.84MB 3.5"   */
475 
476 	{ 1600,10,2,80,0,0x25,0x02,0xDF,0x2E,"D800"  },	/* 30 800KB 3.5"    */
477 	{ 3200,20,2,80,0,0x1C,0x00,0xCF,0x2C,"H1600" }, /* 31 1.6MB 3.5"    */
478 };
479 
480 #define SECTSIZE (_FD_SECTSIZE(*floppy))
481 
482 /* Auto-detection: Disk type used until the next media change occurs. */
483 static struct floppy_struct *current_type[N_DRIVE];
484 
485 /*
486  * User-provided type information. current_type points to
487  * the respective entry of this array.
488  */
489 static struct floppy_struct user_params[N_DRIVE];
490 
491 static sector_t floppy_sizes[256];
492 
493 static char floppy_device_name[] = "floppy";
494 
495 /*
496  * The driver is trying to determine the correct media format
497  * while probing is set. rw_interrupt() clears it after a
498  * successful access.
499  */
500 static int probing;
501 
502 /* Synchronization of FDC access. */
503 #define FD_COMMAND_NONE		-1
504 #define FD_COMMAND_ERROR	2
505 #define FD_COMMAND_OKAY		3
506 
507 static volatile int command_status = FD_COMMAND_NONE;
508 static unsigned long fdc_busy;
509 static DECLARE_WAIT_QUEUE_HEAD(fdc_wait);
510 static DECLARE_WAIT_QUEUE_HEAD(command_done);
511 
512 /* Errors during formatting are counted here. */
513 static int format_errors;
514 
515 /* Format request descriptor. */
516 static struct format_descr format_req;
517 
518 /*
519  * Rate is 0 for 500kb/s, 1 for 300kbps, 2 for 250kbps
520  * Spec1 is 0xSH, where S is stepping rate (F=1ms, E=2ms, D=3ms etc),
521  * H is head unload time (1=16ms, 2=32ms, etc)
522  */
523 
524 /*
525  * Track buffer
526  * Because these are written to by the DMA controller, they must
527  * not contain a 64k byte boundary crossing, or data will be
528  * corrupted/lost.
529  */
530 static char *floppy_track_buffer;
531 static int max_buffer_sectors;
532 
533 static int *errors;
534 typedef void (*done_f)(int);
535 static const struct cont_t {
536 	void (*interrupt)(void);
537 				/* this is called after the interrupt of the
538 				 * main command */
539 	void (*redo)(void);	/* this is called to retry the operation */
540 	void (*error)(void);	/* this is called to tally an error */
541 	done_f done;		/* this is called to say if the operation has
542 				 * succeeded/failed */
543 } *cont;
544 
545 static void floppy_ready(void);
546 static void floppy_start(void);
547 static void process_fd_request(void);
548 static void recalibrate_floppy(void);
549 static void floppy_shutdown(struct work_struct *);
550 
551 static int floppy_request_regions(int);
552 static void floppy_release_regions(int);
553 static int floppy_grab_irq_and_dma(void);
554 static void floppy_release_irq_and_dma(void);
555 
556 /*
557  * The "reset" variable should be tested whenever an interrupt is scheduled,
558  * after the commands have been sent. This is to ensure that the driver doesn't
559  * get wedged when the interrupt doesn't come because of a failed command.
560  * reset doesn't need to be tested before sending commands, because
561  * output_byte is automatically disabled when reset is set.
562  */
563 static void reset_fdc(void);
564 static int floppy_revalidate(struct gendisk *disk);
565 
566 /*
567  * These are global variables, as that's the easiest way to give
568  * information to interrupts. They are the data used for the current
569  * request.
570  */
571 #define NO_TRACK	-1
572 #define NEED_1_RECAL	-2
573 #define NEED_2_RECAL	-3
574 
575 static atomic_t usage_count = ATOMIC_INIT(0);
576 
577 /* buffer related variables */
578 static int buffer_track = -1;
579 static int buffer_drive = -1;
580 static int buffer_min = -1;
581 static int buffer_max = -1;
582 
583 /* fdc related variables, should end up in a struct */
584 static struct floppy_fdc_state fdc_state[N_FDC];
585 static int current_fdc;			/* current fdc */
586 
587 static struct workqueue_struct *floppy_wq;
588 
589 static struct floppy_struct *_floppy = floppy_type;
590 static unsigned char current_drive;
591 static long current_count_sectors;
592 static unsigned char fsector_t;	/* sector in track */
593 static unsigned char in_sector_offset;	/* offset within physical sector,
594 					 * expressed in units of 512 bytes */
595 
fdc_inb(int fdc,int reg)596 static inline unsigned char fdc_inb(int fdc, int reg)
597 {
598 	return fd_inb(fdc_state[fdc].address, reg);
599 }
600 
fdc_outb(unsigned char value,int fdc,int reg)601 static inline void fdc_outb(unsigned char value, int fdc, int reg)
602 {
603 	fd_outb(value, fdc_state[fdc].address, reg);
604 }
605 
drive_no_geom(int drive)606 static inline bool drive_no_geom(int drive)
607 {
608 	return !current_type[drive] && !ITYPE(drive_state[drive].fd_device);
609 }
610 
611 #ifndef fd_eject
fd_eject(int drive)612 static inline int fd_eject(int drive)
613 {
614 	return -EINVAL;
615 }
616 #endif
617 
618 /*
619  * Debugging
620  * =========
621  */
622 #ifdef DEBUGT
623 static long unsigned debugtimer;
624 
set_debugt(void)625 static inline void set_debugt(void)
626 {
627 	debugtimer = jiffies;
628 }
629 
debugt(const char * func,const char * msg)630 static inline void debugt(const char *func, const char *msg)
631 {
632 	if (drive_params[current_drive].flags & DEBUGT)
633 		pr_info("%s:%s dtime=%lu\n", func, msg, jiffies - debugtimer);
634 }
635 #else
set_debugt(void)636 static inline void set_debugt(void) { }
debugt(const char * func,const char * msg)637 static inline void debugt(const char *func, const char *msg) { }
638 #endif /* DEBUGT */
639 
640 
641 static DECLARE_DELAYED_WORK(fd_timeout, floppy_shutdown);
642 static const char *timeout_message;
643 
is_alive(const char * func,const char * message)644 static void is_alive(const char *func, const char *message)
645 {
646 	/* this routine checks whether the floppy driver is "alive" */
647 	if (test_bit(0, &fdc_busy) && command_status < 2 &&
648 	    !delayed_work_pending(&fd_timeout)) {
649 		DPRINT("%s: timeout handler died.  %s\n", func, message);
650 	}
651 }
652 
653 static void (*do_floppy)(void) = NULL;
654 
655 #define OLOGSIZE 20
656 
657 static void (*lasthandler)(void);
658 static unsigned long interruptjiffies;
659 static unsigned long resultjiffies;
660 static int resultsize;
661 static unsigned long lastredo;
662 
663 static struct output_log {
664 	unsigned char data;
665 	unsigned char status;
666 	unsigned long jiffies;
667 } output_log[OLOGSIZE];
668 
669 static int output_log_pos;
670 
671 #define MAXTIMEOUT -2
672 
__reschedule_timeout(int drive,const char * message)673 static void __reschedule_timeout(int drive, const char *message)
674 {
675 	unsigned long delay;
676 
677 	if (drive < 0 || drive >= N_DRIVE) {
678 		delay = 20UL * HZ;
679 		drive = 0;
680 	} else
681 		delay = drive_params[drive].timeout;
682 
683 	mod_delayed_work(floppy_wq, &fd_timeout, delay);
684 	if (drive_params[drive].flags & FD_DEBUG)
685 		DPRINT("reschedule timeout %s\n", message);
686 	timeout_message = message;
687 }
688 
reschedule_timeout(int drive,const char * message)689 static void reschedule_timeout(int drive, const char *message)
690 {
691 	unsigned long flags;
692 
693 	spin_lock_irqsave(&floppy_lock, flags);
694 	__reschedule_timeout(drive, message);
695 	spin_unlock_irqrestore(&floppy_lock, flags);
696 }
697 
698 #define INFBOUND(a, b) (a) = max_t(int, a, b)
699 #define SUPBOUND(a, b) (a) = min_t(int, a, b)
700 
701 /*
702  * Bottom half floppy driver.
703  * ==========================
704  *
705  * This part of the file contains the code talking directly to the hardware,
706  * and also the main service loop (seek-configure-spinup-command)
707  */
708 
709 /*
710  * disk change.
711  * This routine is responsible for maintaining the FD_DISK_CHANGE flag,
712  * and the last_checked date.
713  *
714  * last_checked is the date of the last check which showed 'no disk change'
715  * FD_DISK_CHANGE is set under two conditions:
716  * 1. The floppy has been changed after some i/o to that floppy already
717  *    took place.
718  * 2. No floppy disk is in the drive. This is done in order to ensure that
719  *    requests are quickly flushed in case there is no disk in the drive. It
720  *    follows that FD_DISK_CHANGE can only be cleared if there is a disk in
721  *    the drive.
722  *
723  * For 1., maxblock is observed. Maxblock is 0 if no i/o has taken place yet.
724  * For 2., FD_DISK_NEWCHANGE is watched. FD_DISK_NEWCHANGE is cleared on
725  *  each seek. If a disk is present, the disk change line should also be
726  *  cleared on each seek. Thus, if FD_DISK_NEWCHANGE is clear, but the disk
727  *  change line is set, this means either that no disk is in the drive, or
728  *  that it has been removed since the last seek.
729  *
730  * This means that we really have a third possibility too:
731  *  The floppy has been changed after the last seek.
732  */
733 
disk_change(int drive)734 static int disk_change(int drive)
735 {
736 	int fdc = FDC(drive);
737 
738 	if (time_before(jiffies, drive_state[drive].select_date + drive_params[drive].select_delay))
739 		DPRINT("WARNING disk change called early\n");
740 	if (!(fdc_state[fdc].dor & (0x10 << UNIT(drive))) ||
741 	    (fdc_state[fdc].dor & 3) != UNIT(drive) || fdc != FDC(drive)) {
742 		DPRINT("probing disk change on unselected drive\n");
743 		DPRINT("drive=%d fdc=%d dor=%x\n", drive, FDC(drive),
744 		       (unsigned int)fdc_state[fdc].dor);
745 	}
746 
747 	debug_dcl(drive_params[drive].flags,
748 		  "checking disk change line for drive %d\n", drive);
749 	debug_dcl(drive_params[drive].flags, "jiffies=%lu\n", jiffies);
750 	debug_dcl(drive_params[drive].flags, "disk change line=%x\n",
751 		  fdc_inb(fdc, FD_DIR) & 0x80);
752 	debug_dcl(drive_params[drive].flags, "flags=%lx\n",
753 		  drive_state[drive].flags);
754 
755 	if (drive_params[drive].flags & FD_BROKEN_DCL)
756 		return test_bit(FD_DISK_CHANGED_BIT,
757 				&drive_state[drive].flags);
758 	if ((fdc_inb(fdc, FD_DIR) ^ drive_params[drive].flags) & 0x80) {
759 		set_bit(FD_VERIFY_BIT, &drive_state[drive].flags);
760 					/* verify write protection */
761 
762 		if (drive_state[drive].maxblock)	/* mark it changed */
763 			set_bit(FD_DISK_CHANGED_BIT,
764 				&drive_state[drive].flags);
765 
766 		/* invalidate its geometry */
767 		if (drive_state[drive].keep_data >= 0) {
768 			if ((drive_params[drive].flags & FTD_MSG) &&
769 			    current_type[drive] != NULL)
770 				DPRINT("Disk type is undefined after disk change\n");
771 			current_type[drive] = NULL;
772 			floppy_sizes[TOMINOR(drive)] = MAX_DISK_SIZE << 1;
773 		}
774 
775 		return 1;
776 	} else {
777 		drive_state[drive].last_checked = jiffies;
778 		clear_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[drive].flags);
779 	}
780 	return 0;
781 }
782 
is_selected(int dor,int unit)783 static inline int is_selected(int dor, int unit)
784 {
785 	return ((dor & (0x10 << unit)) && (dor & 3) == unit);
786 }
787 
is_ready_state(int status)788 static bool is_ready_state(int status)
789 {
790 	int state = status & (STATUS_READY | STATUS_DIR | STATUS_DMA);
791 	return state == STATUS_READY;
792 }
793 
set_dor(int fdc,char mask,char data)794 static int set_dor(int fdc, char mask, char data)
795 {
796 	unsigned char unit;
797 	unsigned char drive;
798 	unsigned char newdor;
799 	unsigned char olddor;
800 
801 	if (fdc_state[fdc].address == -1)
802 		return -1;
803 
804 	olddor = fdc_state[fdc].dor;
805 	newdor = (olddor & mask) | data;
806 	if (newdor != olddor) {
807 		unit = olddor & 0x3;
808 		if (is_selected(olddor, unit) && !is_selected(newdor, unit)) {
809 			drive = REVDRIVE(fdc, unit);
810 			debug_dcl(drive_params[drive].flags,
811 				  "calling disk change from set_dor\n");
812 			disk_change(drive);
813 		}
814 		fdc_state[fdc].dor = newdor;
815 		fdc_outb(newdor, fdc, FD_DOR);
816 
817 		unit = newdor & 0x3;
818 		if (!is_selected(olddor, unit) && is_selected(newdor, unit)) {
819 			drive = REVDRIVE(fdc, unit);
820 			drive_state[drive].select_date = jiffies;
821 		}
822 	}
823 	return olddor;
824 }
825 
twaddle(int fdc,int drive)826 static void twaddle(int fdc, int drive)
827 {
828 	if (drive_params[drive].select_delay)
829 		return;
830 	fdc_outb(fdc_state[fdc].dor & ~(0x10 << UNIT(drive)),
831 		 fdc, FD_DOR);
832 	fdc_outb(fdc_state[fdc].dor, fdc, FD_DOR);
833 	drive_state[drive].select_date = jiffies;
834 }
835 
836 /*
837  * Reset all driver information about the specified fdc.
838  * This is needed after a reset, and after a raw command.
839  */
reset_fdc_info(int fdc,int mode)840 static void reset_fdc_info(int fdc, int mode)
841 {
842 	int drive;
843 
844 	fdc_state[fdc].spec1 = fdc_state[fdc].spec2 = -1;
845 	fdc_state[fdc].need_configure = 1;
846 	fdc_state[fdc].perp_mode = 1;
847 	fdc_state[fdc].rawcmd = 0;
848 	for (drive = 0; drive < N_DRIVE; drive++)
849 		if (FDC(drive) == fdc &&
850 		    (mode || drive_state[drive].track != NEED_1_RECAL))
851 			drive_state[drive].track = NEED_2_RECAL;
852 }
853 
854 /*
855  * selects the fdc and drive, and enables the fdc's input/dma.
856  * Both current_drive and current_fdc are changed to match the new drive.
857  */
set_fdc(int drive)858 static void set_fdc(int drive)
859 {
860 	unsigned int fdc;
861 
862 	if (drive < 0 || drive >= N_DRIVE) {
863 		pr_info("bad drive value %d\n", drive);
864 		return;
865 	}
866 
867 	fdc = FDC(drive);
868 	if (fdc >= N_FDC) {
869 		pr_info("bad fdc value\n");
870 		return;
871 	}
872 
873 	set_dor(fdc, ~0, 8);
874 #if N_FDC > 1
875 	set_dor(1 - fdc, ~8, 0);
876 #endif
877 	if (fdc_state[fdc].rawcmd == 2)
878 		reset_fdc_info(fdc, 1);
879 	if (fdc_inb(fdc, FD_STATUS) != STATUS_READY)
880 		fdc_state[fdc].reset = 1;
881 
882 	current_drive = drive;
883 	current_fdc = fdc;
884 }
885 
886 /*
887  * locks the driver.
888  * Both current_drive and current_fdc are changed to match the new drive.
889  */
lock_fdc(int drive)890 static int lock_fdc(int drive)
891 {
892 	if (WARN(atomic_read(&usage_count) == 0,
893 		 "Trying to lock fdc while usage count=0\n"))
894 		return -1;
895 
896 	if (wait_event_interruptible(fdc_wait, !test_and_set_bit(0, &fdc_busy)))
897 		return -EINTR;
898 
899 	command_status = FD_COMMAND_NONE;
900 
901 	reschedule_timeout(drive, "lock fdc");
902 	set_fdc(drive);
903 	return 0;
904 }
905 
906 /* unlocks the driver */
unlock_fdc(void)907 static void unlock_fdc(void)
908 {
909 	if (!test_bit(0, &fdc_busy))
910 		DPRINT("FDC access conflict!\n");
911 
912 	raw_cmd = NULL;
913 	command_status = FD_COMMAND_NONE;
914 	cancel_delayed_work(&fd_timeout);
915 	do_floppy = NULL;
916 	cont = NULL;
917 	clear_bit(0, &fdc_busy);
918 	wake_up(&fdc_wait);
919 }
920 
921 /* switches the motor off after a given timeout */
motor_off_callback(struct timer_list * t)922 static void motor_off_callback(struct timer_list *t)
923 {
924 	unsigned long nr = t - motor_off_timer;
925 	unsigned char mask = ~(0x10 << UNIT(nr));
926 
927 	if (WARN_ON_ONCE(nr >= N_DRIVE))
928 		return;
929 
930 	set_dor(FDC(nr), mask, 0);
931 }
932 
933 /* schedules motor off */
floppy_off(unsigned int drive)934 static void floppy_off(unsigned int drive)
935 {
936 	unsigned long volatile delta;
937 	int fdc = FDC(drive);
938 
939 	if (!(fdc_state[fdc].dor & (0x10 << UNIT(drive))))
940 		return;
941 
942 	del_timer(motor_off_timer + drive);
943 
944 	/* make spindle stop in a position which minimizes spinup time
945 	 * next time */
946 	if (drive_params[drive].rps) {
947 		delta = jiffies - drive_state[drive].first_read_date + HZ -
948 		    drive_params[drive].spindown_offset;
949 		delta = ((delta * drive_params[drive].rps) % HZ) / drive_params[drive].rps;
950 		motor_off_timer[drive].expires =
951 		    jiffies + drive_params[drive].spindown - delta;
952 	}
953 	add_timer(motor_off_timer + drive);
954 }
955 
956 /*
957  * cycle through all N_DRIVE floppy drives, for disk change testing.
958  * stopping at current drive. This is done before any long operation, to
959  * be sure to have up to date disk change information.
960  */
scandrives(void)961 static void scandrives(void)
962 {
963 	int i;
964 	int drive;
965 	int saved_drive;
966 
967 	if (drive_params[current_drive].select_delay)
968 		return;
969 
970 	saved_drive = current_drive;
971 	for (i = 0; i < N_DRIVE; i++) {
972 		drive = (saved_drive + i + 1) % N_DRIVE;
973 		if (drive_state[drive].fd_ref == 0 || drive_params[drive].select_delay != 0)
974 			continue;	/* skip closed drives */
975 		set_fdc(drive);
976 		if (!(set_dor(current_fdc, ~3, UNIT(drive) | (0x10 << UNIT(drive))) &
977 		      (0x10 << UNIT(drive))))
978 			/* switch the motor off again, if it was off to
979 			 * begin with */
980 			set_dor(current_fdc, ~(0x10 << UNIT(drive)), 0);
981 	}
982 	set_fdc(saved_drive);
983 }
984 
empty(void)985 static void empty(void)
986 {
987 }
988 
989 static void (*floppy_work_fn)(void);
990 
floppy_work_workfn(struct work_struct * work)991 static void floppy_work_workfn(struct work_struct *work)
992 {
993 	floppy_work_fn();
994 }
995 
996 static DECLARE_WORK(floppy_work, floppy_work_workfn);
997 
schedule_bh(void (* handler)(void))998 static void schedule_bh(void (*handler)(void))
999 {
1000 	WARN_ON(work_pending(&floppy_work));
1001 
1002 	floppy_work_fn = handler;
1003 	queue_work(floppy_wq, &floppy_work);
1004 }
1005 
1006 static void (*fd_timer_fn)(void) = NULL;
1007 
fd_timer_workfn(struct work_struct * work)1008 static void fd_timer_workfn(struct work_struct *work)
1009 {
1010 	fd_timer_fn();
1011 }
1012 
1013 static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn);
1014 
cancel_activity(void)1015 static void cancel_activity(void)
1016 {
1017 	do_floppy = NULL;
1018 	cancel_delayed_work_sync(&fd_timer);
1019 	cancel_work_sync(&floppy_work);
1020 }
1021 
1022 /* this function makes sure that the disk stays in the drive during the
1023  * transfer */
fd_watchdog(void)1024 static void fd_watchdog(void)
1025 {
1026 	debug_dcl(drive_params[current_drive].flags,
1027 		  "calling disk change from watchdog\n");
1028 
1029 	if (disk_change(current_drive)) {
1030 		DPRINT("disk removed during i/o\n");
1031 		cancel_activity();
1032 		cont->done(0);
1033 		reset_fdc();
1034 	} else {
1035 		cancel_delayed_work(&fd_timer);
1036 		fd_timer_fn = fd_watchdog;
1037 		queue_delayed_work(floppy_wq, &fd_timer, HZ / 10);
1038 	}
1039 }
1040 
main_command_interrupt(void)1041 static void main_command_interrupt(void)
1042 {
1043 	cancel_delayed_work(&fd_timer);
1044 	cont->interrupt();
1045 }
1046 
1047 /* waits for a delay (spinup or select) to pass */
fd_wait_for_completion(unsigned long expires,void (* function)(void))1048 static int fd_wait_for_completion(unsigned long expires,
1049 				  void (*function)(void))
1050 {
1051 	if (fdc_state[current_fdc].reset) {
1052 		reset_fdc();	/* do the reset during sleep to win time
1053 				 * if we don't need to sleep, it's a good
1054 				 * occasion anyways */
1055 		return 1;
1056 	}
1057 
1058 	if (time_before(jiffies, expires)) {
1059 		cancel_delayed_work(&fd_timer);
1060 		fd_timer_fn = function;
1061 		queue_delayed_work(floppy_wq, &fd_timer, expires - jiffies);
1062 		return 1;
1063 	}
1064 	return 0;
1065 }
1066 
setup_DMA(void)1067 static void setup_DMA(void)
1068 {
1069 	unsigned long f;
1070 
1071 	if (raw_cmd->length == 0) {
1072 		print_hex_dump(KERN_INFO, "zero dma transfer size: ",
1073 			       DUMP_PREFIX_NONE, 16, 1,
1074 			       raw_cmd->fullcmd, raw_cmd->cmd_count, false);
1075 		cont->done(0);
1076 		fdc_state[current_fdc].reset = 1;
1077 		return;
1078 	}
1079 	if (((unsigned long)raw_cmd->kernel_data) % 512) {
1080 		pr_info("non aligned address: %p\n", raw_cmd->kernel_data);
1081 		cont->done(0);
1082 		fdc_state[current_fdc].reset = 1;
1083 		return;
1084 	}
1085 	f = claim_dma_lock();
1086 	fd_disable_dma();
1087 #ifdef fd_dma_setup
1088 	if (fd_dma_setup(raw_cmd->kernel_data, raw_cmd->length,
1089 			 (raw_cmd->flags & FD_RAW_READ) ?
1090 			 DMA_MODE_READ : DMA_MODE_WRITE,
1091 			 fdc_state[current_fdc].address) < 0) {
1092 		release_dma_lock(f);
1093 		cont->done(0);
1094 		fdc_state[current_fdc].reset = 1;
1095 		return;
1096 	}
1097 	release_dma_lock(f);
1098 #else
1099 	fd_clear_dma_ff();
1100 	fd_cacheflush(raw_cmd->kernel_data, raw_cmd->length);
1101 	fd_set_dma_mode((raw_cmd->flags & FD_RAW_READ) ?
1102 			DMA_MODE_READ : DMA_MODE_WRITE);
1103 	fd_set_dma_addr(raw_cmd->kernel_data);
1104 	fd_set_dma_count(raw_cmd->length);
1105 	virtual_dma_port = fdc_state[current_fdc].address;
1106 	fd_enable_dma();
1107 	release_dma_lock(f);
1108 #endif
1109 }
1110 
1111 static void show_floppy(int fdc);
1112 
1113 /* waits until the fdc becomes ready */
wait_til_ready(int fdc)1114 static int wait_til_ready(int fdc)
1115 {
1116 	int status;
1117 	int counter;
1118 
1119 	if (fdc_state[fdc].reset)
1120 		return -1;
1121 	for (counter = 0; counter < 10000; counter++) {
1122 		status = fdc_inb(fdc, FD_STATUS);
1123 		if (status & STATUS_READY)
1124 			return status;
1125 	}
1126 	if (initialized) {
1127 		DPRINT("Getstatus times out (%x) on fdc %d\n", status, fdc);
1128 		show_floppy(fdc);
1129 	}
1130 	fdc_state[fdc].reset = 1;
1131 	return -1;
1132 }
1133 
1134 /* sends a command byte to the fdc */
output_byte(int fdc,char byte)1135 static int output_byte(int fdc, char byte)
1136 {
1137 	int status = wait_til_ready(fdc);
1138 
1139 	if (status < 0)
1140 		return -1;
1141 
1142 	if (is_ready_state(status)) {
1143 		fdc_outb(byte, fdc, FD_DATA);
1144 		output_log[output_log_pos].data = byte;
1145 		output_log[output_log_pos].status = status;
1146 		output_log[output_log_pos].jiffies = jiffies;
1147 		output_log_pos = (output_log_pos + 1) % OLOGSIZE;
1148 		return 0;
1149 	}
1150 	fdc_state[fdc].reset = 1;
1151 	if (initialized) {
1152 		DPRINT("Unable to send byte %x to FDC. Fdc=%x Status=%x\n",
1153 		       byte, fdc, status);
1154 		show_floppy(fdc);
1155 	}
1156 	return -1;
1157 }
1158 
1159 /* gets the response from the fdc */
result(int fdc)1160 static int result(int fdc)
1161 {
1162 	int i;
1163 	int status = 0;
1164 
1165 	for (i = 0; i < FD_RAW_REPLY_SIZE; i++) {
1166 		status = wait_til_ready(fdc);
1167 		if (status < 0)
1168 			break;
1169 		status &= STATUS_DIR | STATUS_READY | STATUS_BUSY | STATUS_DMA;
1170 		if ((status & ~STATUS_BUSY) == STATUS_READY) {
1171 			resultjiffies = jiffies;
1172 			resultsize = i;
1173 			return i;
1174 		}
1175 		if (status == (STATUS_DIR | STATUS_READY | STATUS_BUSY))
1176 			reply_buffer[i] = fdc_inb(fdc, FD_DATA);
1177 		else
1178 			break;
1179 	}
1180 	if (initialized) {
1181 		DPRINT("get result error. Fdc=%d Last status=%x Read bytes=%d\n",
1182 		       fdc, status, i);
1183 		show_floppy(fdc);
1184 	}
1185 	fdc_state[fdc].reset = 1;
1186 	return -1;
1187 }
1188 
1189 #define MORE_OUTPUT -2
1190 /* does the fdc need more output? */
need_more_output(int fdc)1191 static int need_more_output(int fdc)
1192 {
1193 	int status = wait_til_ready(fdc);
1194 
1195 	if (status < 0)
1196 		return -1;
1197 
1198 	if (is_ready_state(status))
1199 		return MORE_OUTPUT;
1200 
1201 	return result(fdc);
1202 }
1203 
1204 /* Set perpendicular mode as required, based on data rate, if supported.
1205  * 82077 Now tested. 1Mbps data rate only possible with 82077-1.
1206  */
perpendicular_mode(int fdc)1207 static void perpendicular_mode(int fdc)
1208 {
1209 	unsigned char perp_mode;
1210 
1211 	if (raw_cmd->rate & 0x40) {
1212 		switch (raw_cmd->rate & 3) {
1213 		case 0:
1214 			perp_mode = 2;
1215 			break;
1216 		case 3:
1217 			perp_mode = 3;
1218 			break;
1219 		default:
1220 			DPRINT("Invalid data rate for perpendicular mode!\n");
1221 			cont->done(0);
1222 			fdc_state[fdc].reset = 1;
1223 					/*
1224 					 * convenient way to return to
1225 					 * redo without too much hassle
1226 					 * (deep stack et al.)
1227 					 */
1228 			return;
1229 		}
1230 	} else
1231 		perp_mode = 0;
1232 
1233 	if (fdc_state[fdc].perp_mode == perp_mode)
1234 		return;
1235 	if (fdc_state[fdc].version >= FDC_82077_ORIG) {
1236 		output_byte(fdc, FD_PERPENDICULAR);
1237 		output_byte(fdc, perp_mode);
1238 		fdc_state[fdc].perp_mode = perp_mode;
1239 	} else if (perp_mode) {
1240 		DPRINT("perpendicular mode not supported by this FDC.\n");
1241 	}
1242 }				/* perpendicular_mode */
1243 
1244 static int fifo_depth = 0xa;
1245 static int no_fifo;
1246 
fdc_configure(int fdc)1247 static int fdc_configure(int fdc)
1248 {
1249 	/* Turn on FIFO */
1250 	output_byte(fdc, FD_CONFIGURE);
1251 	if (need_more_output(fdc) != MORE_OUTPUT)
1252 		return 0;
1253 	output_byte(fdc, 0);
1254 	output_byte(fdc, 0x10 | (no_fifo & 0x20) | (fifo_depth & 0xf));
1255 	output_byte(fdc, 0);    /* pre-compensation from track 0 upwards */
1256 	return 1;
1257 }
1258 
1259 #define NOMINAL_DTR 500
1260 
1261 /* Issue a "SPECIFY" command to set the step rate time, head unload time,
1262  * head load time, and DMA disable flag to values needed by floppy.
1263  *
1264  * The value "dtr" is the data transfer rate in Kbps.  It is needed
1265  * to account for the data rate-based scaling done by the 82072 and 82077
1266  * FDC types.  This parameter is ignored for other types of FDCs (i.e.
1267  * 8272a).
1268  *
1269  * Note that changing the data transfer rate has a (probably deleterious)
1270  * effect on the parameters subject to scaling for 82072/82077 FDCs, so
1271  * fdc_specify is called again after each data transfer rate
1272  * change.
1273  *
1274  * srt: 1000 to 16000 in microseconds
1275  * hut: 16 to 240 milliseconds
1276  * hlt: 2 to 254 milliseconds
1277  *
1278  * These values are rounded up to the next highest available delay time.
1279  */
fdc_specify(int fdc,int drive)1280 static void fdc_specify(int fdc, int drive)
1281 {
1282 	unsigned char spec1;
1283 	unsigned char spec2;
1284 	unsigned long srt;
1285 	unsigned long hlt;
1286 	unsigned long hut;
1287 	unsigned long dtr = NOMINAL_DTR;
1288 	unsigned long scale_dtr = NOMINAL_DTR;
1289 	int hlt_max_code = 0x7f;
1290 	int hut_max_code = 0xf;
1291 
1292 	if (fdc_state[fdc].need_configure &&
1293 	    fdc_state[fdc].version >= FDC_82072A) {
1294 		fdc_configure(fdc);
1295 		fdc_state[fdc].need_configure = 0;
1296 	}
1297 
1298 	switch (raw_cmd->rate & 0x03) {
1299 	case 3:
1300 		dtr = 1000;
1301 		break;
1302 	case 1:
1303 		dtr = 300;
1304 		if (fdc_state[fdc].version >= FDC_82078) {
1305 			/* chose the default rate table, not the one
1306 			 * where 1 = 2 Mbps */
1307 			output_byte(fdc, FD_DRIVESPEC);
1308 			if (need_more_output(fdc) == MORE_OUTPUT) {
1309 				output_byte(fdc, UNIT(drive));
1310 				output_byte(fdc, 0xc0);
1311 			}
1312 		}
1313 		break;
1314 	case 2:
1315 		dtr = 250;
1316 		break;
1317 	}
1318 
1319 	if (fdc_state[fdc].version >= FDC_82072) {
1320 		scale_dtr = dtr;
1321 		hlt_max_code = 0x00;	/* 0==256msec*dtr0/dtr (not linear!) */
1322 		hut_max_code = 0x0;	/* 0==256msec*dtr0/dtr (not linear!) */
1323 	}
1324 
1325 	/* Convert step rate from microseconds to milliseconds and 4 bits */
1326 	srt = 16 - DIV_ROUND_UP(drive_params[drive].srt * scale_dtr / 1000,
1327 				NOMINAL_DTR);
1328 	if (slow_floppy)
1329 		srt = srt / 4;
1330 
1331 	SUPBOUND(srt, 0xf);
1332 	INFBOUND(srt, 0);
1333 
1334 	hlt = DIV_ROUND_UP(drive_params[drive].hlt * scale_dtr / 2,
1335 			   NOMINAL_DTR);
1336 	if (hlt < 0x01)
1337 		hlt = 0x01;
1338 	else if (hlt > 0x7f)
1339 		hlt = hlt_max_code;
1340 
1341 	hut = DIV_ROUND_UP(drive_params[drive].hut * scale_dtr / 16,
1342 			   NOMINAL_DTR);
1343 	if (hut < 0x1)
1344 		hut = 0x1;
1345 	else if (hut > 0xf)
1346 		hut = hut_max_code;
1347 
1348 	spec1 = (srt << 4) | hut;
1349 	spec2 = (hlt << 1) | (use_virtual_dma & 1);
1350 
1351 	/* If these parameters did not change, just return with success */
1352 	if (fdc_state[fdc].spec1 != spec1 ||
1353 	    fdc_state[fdc].spec2 != spec2) {
1354 		/* Go ahead and set spec1 and spec2 */
1355 		output_byte(fdc, FD_SPECIFY);
1356 		output_byte(fdc, fdc_state[fdc].spec1 = spec1);
1357 		output_byte(fdc, fdc_state[fdc].spec2 = spec2);
1358 	}
1359 }				/* fdc_specify */
1360 
1361 /* Set the FDC's data transfer rate on behalf of the specified drive.
1362  * NOTE: with 82072/82077 FDCs, changing the data rate requires a reissue
1363  * of the specify command (i.e. using the fdc_specify function).
1364  */
fdc_dtr(void)1365 static int fdc_dtr(void)
1366 {
1367 	/* If data rate not already set to desired value, set it. */
1368 	if ((raw_cmd->rate & 3) == fdc_state[current_fdc].dtr)
1369 		return 0;
1370 
1371 	/* Set dtr */
1372 	fdc_outb(raw_cmd->rate & 3, current_fdc, FD_DCR);
1373 
1374 	/* TODO: some FDC/drive combinations (C&T 82C711 with TEAC 1.2MB)
1375 	 * need a stabilization period of several milliseconds to be
1376 	 * enforced after data rate changes before R/W operations.
1377 	 * Pause 5 msec to avoid trouble. (Needs to be 2 jiffies)
1378 	 */
1379 	fdc_state[current_fdc].dtr = raw_cmd->rate & 3;
1380 	return fd_wait_for_completion(jiffies + 2UL * HZ / 100, floppy_ready);
1381 }				/* fdc_dtr */
1382 
tell_sector(void)1383 static void tell_sector(void)
1384 {
1385 	pr_cont(": track %d, head %d, sector %d, size %d",
1386 		reply_buffer[R_TRACK], reply_buffer[R_HEAD],
1387 		reply_buffer[R_SECTOR],
1388 		reply_buffer[R_SIZECODE]);
1389 }				/* tell_sector */
1390 
print_errors(void)1391 static void print_errors(void)
1392 {
1393 	DPRINT("");
1394 	if (reply_buffer[ST0] & ST0_ECE) {
1395 		pr_cont("Recalibrate failed!");
1396 	} else if (reply_buffer[ST2] & ST2_CRC) {
1397 		pr_cont("data CRC error");
1398 		tell_sector();
1399 	} else if (reply_buffer[ST1] & ST1_CRC) {
1400 		pr_cont("CRC error");
1401 		tell_sector();
1402 	} else if ((reply_buffer[ST1] & (ST1_MAM | ST1_ND)) ||
1403 		   (reply_buffer[ST2] & ST2_MAM)) {
1404 		if (!probing) {
1405 			pr_cont("sector not found");
1406 			tell_sector();
1407 		} else
1408 			pr_cont("probe failed...");
1409 	} else if (reply_buffer[ST2] & ST2_WC) {	/* seek error */
1410 		pr_cont("wrong cylinder");
1411 	} else if (reply_buffer[ST2] & ST2_BC) {	/* cylinder marked as bad */
1412 		pr_cont("bad cylinder");
1413 	} else {
1414 		pr_cont("unknown error. ST[0..2] are: 0x%x 0x%x 0x%x",
1415 			reply_buffer[ST0], reply_buffer[ST1],
1416 			reply_buffer[ST2]);
1417 		tell_sector();
1418 	}
1419 	pr_cont("\n");
1420 }
1421 
1422 /*
1423  * OK, this error interpreting routine is called after a
1424  * DMA read/write has succeeded
1425  * or failed, so we check the results, and copy any buffers.
1426  * hhb: Added better error reporting.
1427  * ak: Made this into a separate routine.
1428  */
interpret_errors(void)1429 static int interpret_errors(void)
1430 {
1431 	char bad;
1432 
1433 	if (inr != 7) {
1434 		DPRINT("-- FDC reply error\n");
1435 		fdc_state[current_fdc].reset = 1;
1436 		return 1;
1437 	}
1438 
1439 	/* check IC to find cause of interrupt */
1440 	switch (reply_buffer[ST0] & ST0_INTR) {
1441 	case 0x40:		/* error occurred during command execution */
1442 		if (reply_buffer[ST1] & ST1_EOC)
1443 			return 0;	/* occurs with pseudo-DMA */
1444 		bad = 1;
1445 		if (reply_buffer[ST1] & ST1_WP) {
1446 			DPRINT("Drive is write protected\n");
1447 			clear_bit(FD_DISK_WRITABLE_BIT,
1448 				  &drive_state[current_drive].flags);
1449 			cont->done(0);
1450 			bad = 2;
1451 		} else if (reply_buffer[ST1] & ST1_ND) {
1452 			set_bit(FD_NEED_TWADDLE_BIT,
1453 				&drive_state[current_drive].flags);
1454 		} else if (reply_buffer[ST1] & ST1_OR) {
1455 			if (drive_params[current_drive].flags & FTD_MSG)
1456 				DPRINT("Over/Underrun - retrying\n");
1457 			bad = 0;
1458 		} else if (*errors >= drive_params[current_drive].max_errors.reporting) {
1459 			print_errors();
1460 		}
1461 		if (reply_buffer[ST2] & ST2_WC || reply_buffer[ST2] & ST2_BC)
1462 			/* wrong cylinder => recal */
1463 			drive_state[current_drive].track = NEED_2_RECAL;
1464 		return bad;
1465 	case 0x80:		/* invalid command given */
1466 		DPRINT("Invalid FDC command given!\n");
1467 		cont->done(0);
1468 		return 2;
1469 	case 0xc0:
1470 		DPRINT("Abnormal termination caused by polling\n");
1471 		cont->error();
1472 		return 2;
1473 	default:		/* (0) Normal command termination */
1474 		return 0;
1475 	}
1476 }
1477 
1478 /*
1479  * This routine is called when everything should be correctly set up
1480  * for the transfer (i.e. floppy motor is on, the correct floppy is
1481  * selected, and the head is sitting on the right track).
1482  */
setup_rw_floppy(void)1483 static void setup_rw_floppy(void)
1484 {
1485 	int i;
1486 	int r;
1487 	int flags;
1488 	unsigned long ready_date;
1489 	void (*function)(void);
1490 
1491 	flags = raw_cmd->flags;
1492 	if (flags & (FD_RAW_READ | FD_RAW_WRITE))
1493 		flags |= FD_RAW_INTR;
1494 
1495 	if ((flags & FD_RAW_SPIN) && !(flags & FD_RAW_NO_MOTOR)) {
1496 		ready_date = drive_state[current_drive].spinup_date + drive_params[current_drive].spinup;
1497 		/* If spinup will take a long time, rerun scandrives
1498 		 * again just before spinup completion. Beware that
1499 		 * after scandrives, we must again wait for selection.
1500 		 */
1501 		if (time_after(ready_date, jiffies + drive_params[current_drive].select_delay)) {
1502 			ready_date -= drive_params[current_drive].select_delay;
1503 			function = floppy_start;
1504 		} else
1505 			function = setup_rw_floppy;
1506 
1507 		/* wait until the floppy is spinning fast enough */
1508 		if (fd_wait_for_completion(ready_date, function))
1509 			return;
1510 	}
1511 	if ((flags & FD_RAW_READ) || (flags & FD_RAW_WRITE))
1512 		setup_DMA();
1513 
1514 	if (flags & FD_RAW_INTR)
1515 		do_floppy = main_command_interrupt;
1516 
1517 	r = 0;
1518 	for (i = 0; i < raw_cmd->cmd_count; i++)
1519 		r |= output_byte(current_fdc, raw_cmd->fullcmd[i]);
1520 
1521 	debugt(__func__, "rw_command");
1522 
1523 	if (r) {
1524 		cont->error();
1525 		reset_fdc();
1526 		return;
1527 	}
1528 
1529 	if (!(flags & FD_RAW_INTR)) {
1530 		inr = result(current_fdc);
1531 		cont->interrupt();
1532 	} else if (flags & FD_RAW_NEED_DISK)
1533 		fd_watchdog();
1534 }
1535 
1536 static int blind_seek;
1537 
1538 /*
1539  * This is the routine called after every seek (or recalibrate) interrupt
1540  * from the floppy controller.
1541  */
seek_interrupt(void)1542 static void seek_interrupt(void)
1543 {
1544 	debugt(__func__, "");
1545 	if (inr != 2 || (reply_buffer[ST0] & 0xF8) != 0x20) {
1546 		DPRINT("seek failed\n");
1547 		drive_state[current_drive].track = NEED_2_RECAL;
1548 		cont->error();
1549 		cont->redo();
1550 		return;
1551 	}
1552 	if (drive_state[current_drive].track >= 0 &&
1553 	    drive_state[current_drive].track != reply_buffer[ST1] &&
1554 	    !blind_seek) {
1555 		debug_dcl(drive_params[current_drive].flags,
1556 			  "clearing NEWCHANGE flag because of effective seek\n");
1557 		debug_dcl(drive_params[current_drive].flags, "jiffies=%lu\n",
1558 			  jiffies);
1559 		clear_bit(FD_DISK_NEWCHANGE_BIT,
1560 			  &drive_state[current_drive].flags);
1561 					/* effective seek */
1562 		drive_state[current_drive].select_date = jiffies;
1563 	}
1564 	drive_state[current_drive].track = reply_buffer[ST1];
1565 	floppy_ready();
1566 }
1567 
check_wp(int fdc,int drive)1568 static void check_wp(int fdc, int drive)
1569 {
1570 	if (test_bit(FD_VERIFY_BIT, &drive_state[drive].flags)) {
1571 					/* check write protection */
1572 		output_byte(fdc, FD_GETSTATUS);
1573 		output_byte(fdc, UNIT(drive));
1574 		if (result(fdc) != 1) {
1575 			fdc_state[fdc].reset = 1;
1576 			return;
1577 		}
1578 		clear_bit(FD_VERIFY_BIT, &drive_state[drive].flags);
1579 		clear_bit(FD_NEED_TWADDLE_BIT,
1580 			  &drive_state[drive].flags);
1581 		debug_dcl(drive_params[drive].flags,
1582 			  "checking whether disk is write protected\n");
1583 		debug_dcl(drive_params[drive].flags, "wp=%x\n",
1584 			  reply_buffer[ST3] & 0x40);
1585 		if (!(reply_buffer[ST3] & 0x40))
1586 			set_bit(FD_DISK_WRITABLE_BIT,
1587 				&drive_state[drive].flags);
1588 		else
1589 			clear_bit(FD_DISK_WRITABLE_BIT,
1590 				  &drive_state[drive].flags);
1591 	}
1592 }
1593 
seek_floppy(void)1594 static void seek_floppy(void)
1595 {
1596 	int track;
1597 
1598 	blind_seek = 0;
1599 
1600 	debug_dcl(drive_params[current_drive].flags,
1601 		  "calling disk change from %s\n", __func__);
1602 
1603 	if (!test_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[current_drive].flags) &&
1604 	    disk_change(current_drive) && (raw_cmd->flags & FD_RAW_NEED_DISK)) {
1605 		/* the media changed flag should be cleared after the seek.
1606 		 * If it isn't, this means that there is really no disk in
1607 		 * the drive.
1608 		 */
1609 		set_bit(FD_DISK_CHANGED_BIT,
1610 			&drive_state[current_drive].flags);
1611 		cont->done(0);
1612 		cont->redo();
1613 		return;
1614 	}
1615 	if (drive_state[current_drive].track <= NEED_1_RECAL) {
1616 		recalibrate_floppy();
1617 		return;
1618 	} else if (test_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[current_drive].flags) &&
1619 		   (raw_cmd->flags & FD_RAW_NEED_DISK) &&
1620 		   (drive_state[current_drive].track <= NO_TRACK || drive_state[current_drive].track == raw_cmd->track)) {
1621 		/* we seek to clear the media-changed condition. Does anybody
1622 		 * know a more elegant way, which works on all drives? */
1623 		if (raw_cmd->track)
1624 			track = raw_cmd->track - 1;
1625 		else {
1626 			if (drive_params[current_drive].flags & FD_SILENT_DCL_CLEAR) {
1627 				set_dor(current_fdc, ~(0x10 << UNIT(current_drive)), 0);
1628 				blind_seek = 1;
1629 				raw_cmd->flags |= FD_RAW_NEED_SEEK;
1630 			}
1631 			track = 1;
1632 		}
1633 	} else {
1634 		check_wp(current_fdc, current_drive);
1635 		if (raw_cmd->track != drive_state[current_drive].track &&
1636 		    (raw_cmd->flags & FD_RAW_NEED_SEEK))
1637 			track = raw_cmd->track;
1638 		else {
1639 			setup_rw_floppy();
1640 			return;
1641 		}
1642 	}
1643 
1644 	do_floppy = seek_interrupt;
1645 	output_byte(current_fdc, FD_SEEK);
1646 	output_byte(current_fdc, UNIT(current_drive));
1647 	if (output_byte(current_fdc, track) < 0) {
1648 		reset_fdc();
1649 		return;
1650 	}
1651 	debugt(__func__, "");
1652 }
1653 
recal_interrupt(void)1654 static void recal_interrupt(void)
1655 {
1656 	debugt(__func__, "");
1657 	if (inr != 2)
1658 		fdc_state[current_fdc].reset = 1;
1659 	else if (reply_buffer[ST0] & ST0_ECE) {
1660 		switch (drive_state[current_drive].track) {
1661 		case NEED_1_RECAL:
1662 			debugt(__func__, "need 1 recal");
1663 			/* after a second recalibrate, we still haven't
1664 			 * reached track 0. Probably no drive. Raise an
1665 			 * error, as failing immediately might upset
1666 			 * computers possessed by the Devil :-) */
1667 			cont->error();
1668 			cont->redo();
1669 			return;
1670 		case NEED_2_RECAL:
1671 			debugt(__func__, "need 2 recal");
1672 			/* If we already did a recalibrate,
1673 			 * and we are not at track 0, this
1674 			 * means we have moved. (The only way
1675 			 * not to move at recalibration is to
1676 			 * be already at track 0.) Clear the
1677 			 * new change flag */
1678 			debug_dcl(drive_params[current_drive].flags,
1679 				  "clearing NEWCHANGE flag because of second recalibrate\n");
1680 
1681 			clear_bit(FD_DISK_NEWCHANGE_BIT,
1682 				  &drive_state[current_drive].flags);
1683 			drive_state[current_drive].select_date = jiffies;
1684 			fallthrough;
1685 		default:
1686 			debugt(__func__, "default");
1687 			/* Recalibrate moves the head by at
1688 			 * most 80 steps. If after one
1689 			 * recalibrate we don't have reached
1690 			 * track 0, this might mean that we
1691 			 * started beyond track 80.  Try
1692 			 * again.  */
1693 			drive_state[current_drive].track = NEED_1_RECAL;
1694 			break;
1695 		}
1696 	} else
1697 		drive_state[current_drive].track = reply_buffer[ST1];
1698 	floppy_ready();
1699 }
1700 
print_result(char * message,int inr)1701 static void print_result(char *message, int inr)
1702 {
1703 	int i;
1704 
1705 	DPRINT("%s ", message);
1706 	if (inr >= 0)
1707 		for (i = 0; i < inr; i++)
1708 			pr_cont("repl[%d]=%x ", i, reply_buffer[i]);
1709 	pr_cont("\n");
1710 }
1711 
1712 /* interrupt handler. Note that this can be called externally on the Sparc */
floppy_interrupt(int irq,void * dev_id)1713 irqreturn_t floppy_interrupt(int irq, void *dev_id)
1714 {
1715 	int do_print;
1716 	unsigned long f;
1717 	void (*handler)(void) = do_floppy;
1718 
1719 	lasthandler = handler;
1720 	interruptjiffies = jiffies;
1721 
1722 	f = claim_dma_lock();
1723 	fd_disable_dma();
1724 	release_dma_lock(f);
1725 
1726 	do_floppy = NULL;
1727 	if (current_fdc >= N_FDC || fdc_state[current_fdc].address == -1) {
1728 		/* we don't even know which FDC is the culprit */
1729 		pr_info("DOR0=%x\n", fdc_state[0].dor);
1730 		pr_info("floppy interrupt on bizarre fdc %d\n", current_fdc);
1731 		pr_info("handler=%ps\n", handler);
1732 		is_alive(__func__, "bizarre fdc");
1733 		return IRQ_NONE;
1734 	}
1735 
1736 	fdc_state[current_fdc].reset = 0;
1737 	/* We have to clear the reset flag here, because apparently on boxes
1738 	 * with level triggered interrupts (PS/2, Sparc, ...), it is needed to
1739 	 * emit SENSEI's to clear the interrupt line. And fdc_state[fdc].reset
1740 	 * blocks the emission of the SENSEI's.
1741 	 * It is OK to emit floppy commands because we are in an interrupt
1742 	 * handler here, and thus we have to fear no interference of other
1743 	 * activity.
1744 	 */
1745 
1746 	do_print = !handler && print_unex && initialized;
1747 
1748 	inr = result(current_fdc);
1749 	if (do_print)
1750 		print_result("unexpected interrupt", inr);
1751 	if (inr == 0) {
1752 		int max_sensei = 4;
1753 		do {
1754 			output_byte(current_fdc, FD_SENSEI);
1755 			inr = result(current_fdc);
1756 			if (do_print)
1757 				print_result("sensei", inr);
1758 			max_sensei--;
1759 		} while ((reply_buffer[ST0] & 0x83) != UNIT(current_drive) &&
1760 			 inr == 2 && max_sensei);
1761 	}
1762 	if (!handler) {
1763 		fdc_state[current_fdc].reset = 1;
1764 		return IRQ_NONE;
1765 	}
1766 	schedule_bh(handler);
1767 	is_alive(__func__, "normal interrupt end");
1768 
1769 	/* FIXME! Was it really for us? */
1770 	return IRQ_HANDLED;
1771 }
1772 
recalibrate_floppy(void)1773 static void recalibrate_floppy(void)
1774 {
1775 	debugt(__func__, "");
1776 	do_floppy = recal_interrupt;
1777 	output_byte(current_fdc, FD_RECALIBRATE);
1778 	if (output_byte(current_fdc, UNIT(current_drive)) < 0)
1779 		reset_fdc();
1780 }
1781 
1782 /*
1783  * Must do 4 FD_SENSEIs after reset because of ``drive polling''.
1784  */
reset_interrupt(void)1785 static void reset_interrupt(void)
1786 {
1787 	debugt(__func__, "");
1788 	result(current_fdc);		/* get the status ready for set_fdc */
1789 	if (fdc_state[current_fdc].reset) {
1790 		pr_info("reset set in interrupt, calling %ps\n", cont->error);
1791 		cont->error();	/* a reset just after a reset. BAD! */
1792 	}
1793 	cont->redo();
1794 }
1795 
1796 /*
1797  * reset is done by pulling bit 2 of DOR low for a while (old FDCs),
1798  * or by setting the self clearing bit 7 of STATUS (newer FDCs).
1799  * This WILL trigger an interrupt, causing the handlers in the current
1800  * cont's ->redo() to be called via reset_interrupt().
1801  */
reset_fdc(void)1802 static void reset_fdc(void)
1803 {
1804 	unsigned long flags;
1805 
1806 	do_floppy = reset_interrupt;
1807 	fdc_state[current_fdc].reset = 0;
1808 	reset_fdc_info(current_fdc, 0);
1809 
1810 	/* Pseudo-DMA may intercept 'reset finished' interrupt.  */
1811 	/* Irrelevant for systems with true DMA (i386).          */
1812 
1813 	flags = claim_dma_lock();
1814 	fd_disable_dma();
1815 	release_dma_lock(flags);
1816 
1817 	if (fdc_state[current_fdc].version >= FDC_82072A)
1818 		fdc_outb(0x80 | (fdc_state[current_fdc].dtr & 3),
1819 			 current_fdc, FD_STATUS);
1820 	else {
1821 		fdc_outb(fdc_state[current_fdc].dor & ~0x04, current_fdc, FD_DOR);
1822 		udelay(FD_RESET_DELAY);
1823 		fdc_outb(fdc_state[current_fdc].dor, current_fdc, FD_DOR);
1824 	}
1825 }
1826 
show_floppy(int fdc)1827 static void show_floppy(int fdc)
1828 {
1829 	int i;
1830 
1831 	pr_info("\n");
1832 	pr_info("floppy driver state\n");
1833 	pr_info("-------------------\n");
1834 	pr_info("now=%lu last interrupt=%lu diff=%lu last called handler=%ps\n",
1835 		jiffies, interruptjiffies, jiffies - interruptjiffies,
1836 		lasthandler);
1837 
1838 	pr_info("timeout_message=%s\n", timeout_message);
1839 	pr_info("last output bytes:\n");
1840 	for (i = 0; i < OLOGSIZE; i++)
1841 		pr_info("%2x %2x %lu\n",
1842 			output_log[(i + output_log_pos) % OLOGSIZE].data,
1843 			output_log[(i + output_log_pos) % OLOGSIZE].status,
1844 			output_log[(i + output_log_pos) % OLOGSIZE].jiffies);
1845 	pr_info("last result at %lu\n", resultjiffies);
1846 	pr_info("last redo_fd_request at %lu\n", lastredo);
1847 	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1,
1848 		       reply_buffer, resultsize, true);
1849 
1850 	pr_info("status=%x\n", fdc_inb(fdc, FD_STATUS));
1851 	pr_info("fdc_busy=%lu\n", fdc_busy);
1852 	if (do_floppy)
1853 		pr_info("do_floppy=%ps\n", do_floppy);
1854 	if (work_pending(&floppy_work))
1855 		pr_info("floppy_work.func=%ps\n", floppy_work.func);
1856 	if (delayed_work_pending(&fd_timer))
1857 		pr_info("delayed work.function=%p expires=%ld\n",
1858 		       fd_timer.work.func,
1859 		       fd_timer.timer.expires - jiffies);
1860 	if (delayed_work_pending(&fd_timeout))
1861 		pr_info("timer_function=%p expires=%ld\n",
1862 		       fd_timeout.work.func,
1863 		       fd_timeout.timer.expires - jiffies);
1864 
1865 	pr_info("cont=%p\n", cont);
1866 	pr_info("current_req=%p\n", current_req);
1867 	pr_info("command_status=%d\n", command_status);
1868 	pr_info("\n");
1869 }
1870 
floppy_shutdown(struct work_struct * arg)1871 static void floppy_shutdown(struct work_struct *arg)
1872 {
1873 	unsigned long flags;
1874 
1875 	if (initialized)
1876 		show_floppy(current_fdc);
1877 	cancel_activity();
1878 
1879 	flags = claim_dma_lock();
1880 	fd_disable_dma();
1881 	release_dma_lock(flags);
1882 
1883 	/* avoid dma going to a random drive after shutdown */
1884 
1885 	if (initialized)
1886 		DPRINT("floppy timeout called\n");
1887 	fdc_state[current_fdc].reset = 1;
1888 	if (cont) {
1889 		cont->done(0);
1890 		cont->redo();	/* this will recall reset when needed */
1891 	} else {
1892 		pr_info("no cont in shutdown!\n");
1893 		process_fd_request();
1894 	}
1895 	is_alive(__func__, "");
1896 }
1897 
1898 /* start motor, check media-changed condition and write protection */
start_motor(void (* function)(void))1899 static int start_motor(void (*function)(void))
1900 {
1901 	int mask;
1902 	int data;
1903 
1904 	mask = 0xfc;
1905 	data = UNIT(current_drive);
1906 	if (!(raw_cmd->flags & FD_RAW_NO_MOTOR)) {
1907 		if (!(fdc_state[current_fdc].dor & (0x10 << UNIT(current_drive)))) {
1908 			set_debugt();
1909 			/* no read since this drive is running */
1910 			drive_state[current_drive].first_read_date = 0;
1911 			/* note motor start time if motor is not yet running */
1912 			drive_state[current_drive].spinup_date = jiffies;
1913 			data |= (0x10 << UNIT(current_drive));
1914 		}
1915 	} else if (fdc_state[current_fdc].dor & (0x10 << UNIT(current_drive)))
1916 		mask &= ~(0x10 << UNIT(current_drive));
1917 
1918 	/* starts motor and selects floppy */
1919 	del_timer(motor_off_timer + current_drive);
1920 	set_dor(current_fdc, mask, data);
1921 
1922 	/* wait_for_completion also schedules reset if needed. */
1923 	return fd_wait_for_completion(drive_state[current_drive].select_date + drive_params[current_drive].select_delay,
1924 				      function);
1925 }
1926 
floppy_ready(void)1927 static void floppy_ready(void)
1928 {
1929 	if (fdc_state[current_fdc].reset) {
1930 		reset_fdc();
1931 		return;
1932 	}
1933 	if (start_motor(floppy_ready))
1934 		return;
1935 	if (fdc_dtr())
1936 		return;
1937 
1938 	debug_dcl(drive_params[current_drive].flags,
1939 		  "calling disk change from floppy_ready\n");
1940 	if (!(raw_cmd->flags & FD_RAW_NO_MOTOR) &&
1941 	    disk_change(current_drive) && !drive_params[current_drive].select_delay)
1942 		twaddle(current_fdc, current_drive);	/* this clears the dcl on certain
1943 				 * drive/controller combinations */
1944 
1945 #ifdef fd_chose_dma_mode
1946 	if ((raw_cmd->flags & FD_RAW_READ) || (raw_cmd->flags & FD_RAW_WRITE)) {
1947 		unsigned long flags = claim_dma_lock();
1948 		fd_chose_dma_mode(raw_cmd->kernel_data, raw_cmd->length);
1949 		release_dma_lock(flags);
1950 	}
1951 #endif
1952 
1953 	if (raw_cmd->flags & (FD_RAW_NEED_SEEK | FD_RAW_NEED_DISK)) {
1954 		perpendicular_mode(current_fdc);
1955 		fdc_specify(current_fdc, current_drive); /* must be done here because of hut, hlt ... */
1956 		seek_floppy();
1957 	} else {
1958 		if ((raw_cmd->flags & FD_RAW_READ) ||
1959 		    (raw_cmd->flags & FD_RAW_WRITE))
1960 			fdc_specify(current_fdc, current_drive);
1961 		setup_rw_floppy();
1962 	}
1963 }
1964 
floppy_start(void)1965 static void floppy_start(void)
1966 {
1967 	reschedule_timeout(current_drive, "floppy start");
1968 
1969 	scandrives();
1970 	debug_dcl(drive_params[current_drive].flags,
1971 		  "setting NEWCHANGE in floppy_start\n");
1972 	set_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[current_drive].flags);
1973 	floppy_ready();
1974 }
1975 
1976 /*
1977  * ========================================================================
1978  * here ends the bottom half. Exported routines are:
1979  * floppy_start, floppy_off, floppy_ready, lock_fdc, unlock_fdc, set_fdc,
1980  * start_motor, reset_fdc, reset_fdc_info, interpret_errors.
1981  * Initialization also uses output_byte, result, set_dor, floppy_interrupt
1982  * and set_dor.
1983  * ========================================================================
1984  */
1985 /*
1986  * General purpose continuations.
1987  * ==============================
1988  */
1989 
do_wakeup(void)1990 static void do_wakeup(void)
1991 {
1992 	reschedule_timeout(MAXTIMEOUT, "do wakeup");
1993 	cont = NULL;
1994 	command_status += 2;
1995 	wake_up(&command_done);
1996 }
1997 
1998 static const struct cont_t wakeup_cont = {
1999 	.interrupt	= empty,
2000 	.redo		= do_wakeup,
2001 	.error		= empty,
2002 	.done		= (done_f)empty
2003 };
2004 
2005 static const struct cont_t intr_cont = {
2006 	.interrupt	= empty,
2007 	.redo		= process_fd_request,
2008 	.error		= empty,
2009 	.done		= (done_f)empty
2010 };
2011 
2012 /* schedules handler, waiting for completion. May be interrupted, will then
2013  * return -EINTR, in which case the driver will automatically be unlocked.
2014  */
wait_til_done(void (* handler)(void),bool interruptible)2015 static int wait_til_done(void (*handler)(void), bool interruptible)
2016 {
2017 	int ret;
2018 
2019 	schedule_bh(handler);
2020 
2021 	if (interruptible)
2022 		wait_event_interruptible(command_done, command_status >= 2);
2023 	else
2024 		wait_event(command_done, command_status >= 2);
2025 
2026 	if (command_status < 2) {
2027 		cancel_activity();
2028 		cont = &intr_cont;
2029 		reset_fdc();
2030 		return -EINTR;
2031 	}
2032 
2033 	if (fdc_state[current_fdc].reset)
2034 		command_status = FD_COMMAND_ERROR;
2035 	if (command_status == FD_COMMAND_OKAY)
2036 		ret = 0;
2037 	else
2038 		ret = -EIO;
2039 	command_status = FD_COMMAND_NONE;
2040 	return ret;
2041 }
2042 
generic_done(int result)2043 static void generic_done(int result)
2044 {
2045 	command_status = result;
2046 	cont = &wakeup_cont;
2047 }
2048 
generic_success(void)2049 static void generic_success(void)
2050 {
2051 	cont->done(1);
2052 }
2053 
generic_failure(void)2054 static void generic_failure(void)
2055 {
2056 	cont->done(0);
2057 }
2058 
success_and_wakeup(void)2059 static void success_and_wakeup(void)
2060 {
2061 	generic_success();
2062 	cont->redo();
2063 }
2064 
2065 /*
2066  * formatting and rw support.
2067  * ==========================
2068  */
2069 
next_valid_format(int drive)2070 static int next_valid_format(int drive)
2071 {
2072 	int probed_format;
2073 
2074 	probed_format = drive_state[drive].probed_format;
2075 	while (1) {
2076 		if (probed_format >= FD_AUTODETECT_SIZE ||
2077 		    !drive_params[drive].autodetect[probed_format]) {
2078 			drive_state[drive].probed_format = 0;
2079 			return 1;
2080 		}
2081 		if (floppy_type[drive_params[drive].autodetect[probed_format]].sect) {
2082 			drive_state[drive].probed_format = probed_format;
2083 			return 0;
2084 		}
2085 		probed_format++;
2086 	}
2087 }
2088 
bad_flp_intr(void)2089 static void bad_flp_intr(void)
2090 {
2091 	int err_count;
2092 
2093 	if (probing) {
2094 		drive_state[current_drive].probed_format++;
2095 		if (!next_valid_format(current_drive))
2096 			return;
2097 	}
2098 	err_count = ++(*errors);
2099 	INFBOUND(write_errors[current_drive].badness, err_count);
2100 	if (err_count > drive_params[current_drive].max_errors.abort)
2101 		cont->done(0);
2102 	if (err_count > drive_params[current_drive].max_errors.reset)
2103 		fdc_state[current_fdc].reset = 1;
2104 	else if (err_count > drive_params[current_drive].max_errors.recal)
2105 		drive_state[current_drive].track = NEED_2_RECAL;
2106 }
2107 
set_floppy(int drive)2108 static void set_floppy(int drive)
2109 {
2110 	int type = ITYPE(drive_state[drive].fd_device);
2111 
2112 	if (type)
2113 		_floppy = floppy_type + type;
2114 	else
2115 		_floppy = current_type[drive];
2116 }
2117 
2118 /*
2119  * formatting support.
2120  * ===================
2121  */
format_interrupt(void)2122 static void format_interrupt(void)
2123 {
2124 	switch (interpret_errors()) {
2125 	case 1:
2126 		cont->error();
2127 	case 2:
2128 		break;
2129 	case 0:
2130 		cont->done(1);
2131 	}
2132 	cont->redo();
2133 }
2134 
2135 #define FM_MODE(x, y) ((y) & ~(((x)->rate & 0x80) >> 1))
2136 #define CT(x) ((x) | 0xc0)
2137 
setup_format_params(int track)2138 static void setup_format_params(int track)
2139 {
2140 	int n;
2141 	int il;
2142 	int count;
2143 	int head_shift;
2144 	int track_shift;
2145 	struct fparm {
2146 		unsigned char track, head, sect, size;
2147 	} *here = (struct fparm *)floppy_track_buffer;
2148 
2149 	raw_cmd = &default_raw_cmd;
2150 	raw_cmd->track = track;
2151 
2152 	raw_cmd->flags = (FD_RAW_WRITE | FD_RAW_INTR | FD_RAW_SPIN |
2153 			  FD_RAW_NEED_DISK | FD_RAW_NEED_SEEK);
2154 	raw_cmd->rate = _floppy->rate & 0x43;
2155 	raw_cmd->cmd_count = NR_F;
2156 	raw_cmd->cmd[COMMAND] = FM_MODE(_floppy, FD_FORMAT);
2157 	raw_cmd->cmd[DR_SELECT] = UNIT(current_drive) + PH_HEAD(_floppy, format_req.head);
2158 	raw_cmd->cmd[F_SIZECODE] = FD_SIZECODE(_floppy);
2159 	raw_cmd->cmd[F_SECT_PER_TRACK] = _floppy->sect << 2 >> raw_cmd->cmd[F_SIZECODE];
2160 	raw_cmd->cmd[F_GAP] = _floppy->fmt_gap;
2161 	raw_cmd->cmd[F_FILL] = FD_FILL_BYTE;
2162 
2163 	raw_cmd->kernel_data = floppy_track_buffer;
2164 	raw_cmd->length = 4 * raw_cmd->cmd[F_SECT_PER_TRACK];
2165 
2166 	if (!raw_cmd->cmd[F_SECT_PER_TRACK])
2167 		return;
2168 
2169 	/* allow for about 30ms for data transport per track */
2170 	head_shift = (raw_cmd->cmd[F_SECT_PER_TRACK] + 5) / 6;
2171 
2172 	/* a ``cylinder'' is two tracks plus a little stepping time */
2173 	track_shift = 2 * head_shift + 3;
2174 
2175 	/* position of logical sector 1 on this track */
2176 	n = (track_shift * format_req.track + head_shift * format_req.head)
2177 	    % raw_cmd->cmd[F_SECT_PER_TRACK];
2178 
2179 	/* determine interleave */
2180 	il = 1;
2181 	if (_floppy->fmt_gap < 0x22)
2182 		il++;
2183 
2184 	/* initialize field */
2185 	for (count = 0; count < raw_cmd->cmd[F_SECT_PER_TRACK]; ++count) {
2186 		here[count].track = format_req.track;
2187 		here[count].head = format_req.head;
2188 		here[count].sect = 0;
2189 		here[count].size = raw_cmd->cmd[F_SIZECODE];
2190 	}
2191 	/* place logical sectors */
2192 	for (count = 1; count <= raw_cmd->cmd[F_SECT_PER_TRACK]; ++count) {
2193 		here[n].sect = count;
2194 		n = (n + il) % raw_cmd->cmd[F_SECT_PER_TRACK];
2195 		if (here[n].sect) {	/* sector busy, find next free sector */
2196 			++n;
2197 			if (n >= raw_cmd->cmd[F_SECT_PER_TRACK]) {
2198 				n -= raw_cmd->cmd[F_SECT_PER_TRACK];
2199 				while (here[n].sect)
2200 					++n;
2201 			}
2202 		}
2203 	}
2204 	if (_floppy->stretch & FD_SECTBASEMASK) {
2205 		for (count = 0; count < raw_cmd->cmd[F_SECT_PER_TRACK]; count++)
2206 			here[count].sect += FD_SECTBASE(_floppy) - 1;
2207 	}
2208 }
2209 
redo_format(void)2210 static void redo_format(void)
2211 {
2212 	buffer_track = -1;
2213 	setup_format_params(format_req.track << STRETCH(_floppy));
2214 	floppy_start();
2215 	debugt(__func__, "queue format request");
2216 }
2217 
2218 static const struct cont_t format_cont = {
2219 	.interrupt	= format_interrupt,
2220 	.redo		= redo_format,
2221 	.error		= bad_flp_intr,
2222 	.done		= generic_done
2223 };
2224 
do_format(int drive,struct format_descr * tmp_format_req)2225 static int do_format(int drive, struct format_descr *tmp_format_req)
2226 {
2227 	int ret;
2228 
2229 	if (lock_fdc(drive))
2230 		return -EINTR;
2231 
2232 	set_floppy(drive);
2233 	if (!_floppy ||
2234 	    _floppy->track > drive_params[current_drive].tracks ||
2235 	    tmp_format_req->track >= _floppy->track ||
2236 	    tmp_format_req->head >= _floppy->head ||
2237 	    (_floppy->sect << 2) % (1 << FD_SIZECODE(_floppy)) ||
2238 	    !_floppy->fmt_gap) {
2239 		process_fd_request();
2240 		return -EINVAL;
2241 	}
2242 	format_req = *tmp_format_req;
2243 	format_errors = 0;
2244 	cont = &format_cont;
2245 	errors = &format_errors;
2246 	ret = wait_til_done(redo_format, true);
2247 	if (ret == -EINTR)
2248 		return -EINTR;
2249 	process_fd_request();
2250 	return ret;
2251 }
2252 
2253 /*
2254  * Buffer read/write and support
2255  * =============================
2256  */
2257 
floppy_end_request(struct request * req,blk_status_t error)2258 static void floppy_end_request(struct request *req, blk_status_t error)
2259 {
2260 	unsigned int nr_sectors = current_count_sectors;
2261 	unsigned int drive = (unsigned long)req->rq_disk->private_data;
2262 
2263 	/* current_count_sectors can be zero if transfer failed */
2264 	if (error)
2265 		nr_sectors = blk_rq_cur_sectors(req);
2266 	if (blk_update_request(req, error, nr_sectors << 9))
2267 		return;
2268 	__blk_mq_end_request(req, error);
2269 
2270 	/* We're done with the request */
2271 	floppy_off(drive);
2272 	current_req = NULL;
2273 }
2274 
2275 /* new request_done. Can handle physical sectors which are smaller than a
2276  * logical buffer */
request_done(int uptodate)2277 static void request_done(int uptodate)
2278 {
2279 	struct request *req = current_req;
2280 	int block;
2281 	char msg[sizeof("request done ") + sizeof(int) * 3];
2282 
2283 	probing = 0;
2284 	snprintf(msg, sizeof(msg), "request done %d", uptodate);
2285 	reschedule_timeout(MAXTIMEOUT, msg);
2286 
2287 	if (!req) {
2288 		pr_info("floppy.c: no request in request_done\n");
2289 		return;
2290 	}
2291 
2292 	if (uptodate) {
2293 		/* maintain values for invalidation on geometry
2294 		 * change */
2295 		block = current_count_sectors + blk_rq_pos(req);
2296 		INFBOUND(drive_state[current_drive].maxblock, block);
2297 		if (block > _floppy->sect)
2298 			drive_state[current_drive].maxtrack = 1;
2299 
2300 		floppy_end_request(req, 0);
2301 	} else {
2302 		if (rq_data_dir(req) == WRITE) {
2303 			/* record write error information */
2304 			write_errors[current_drive].write_errors++;
2305 			if (write_errors[current_drive].write_errors == 1) {
2306 				write_errors[current_drive].first_error_sector = blk_rq_pos(req);
2307 				write_errors[current_drive].first_error_generation = drive_state[current_drive].generation;
2308 			}
2309 			write_errors[current_drive].last_error_sector = blk_rq_pos(req);
2310 			write_errors[current_drive].last_error_generation = drive_state[current_drive].generation;
2311 		}
2312 		floppy_end_request(req, BLK_STS_IOERR);
2313 	}
2314 }
2315 
2316 /* Interrupt handler evaluating the result of the r/w operation */
rw_interrupt(void)2317 static void rw_interrupt(void)
2318 {
2319 	int eoc;
2320 	int ssize;
2321 	int heads;
2322 	int nr_sectors;
2323 
2324 	if (reply_buffer[R_HEAD] >= 2) {
2325 		/* some Toshiba floppy controllers occasionnally seem to
2326 		 * return bogus interrupts after read/write operations, which
2327 		 * can be recognized by a bad head number (>= 2) */
2328 		return;
2329 	}
2330 
2331 	if (!drive_state[current_drive].first_read_date)
2332 		drive_state[current_drive].first_read_date = jiffies;
2333 
2334 	nr_sectors = 0;
2335 	ssize = DIV_ROUND_UP(1 << raw_cmd->cmd[SIZECODE], 4);
2336 
2337 	if (reply_buffer[ST1] & ST1_EOC)
2338 		eoc = 1;
2339 	else
2340 		eoc = 0;
2341 
2342 	if (raw_cmd->cmd[COMMAND] & 0x80)
2343 		heads = 2;
2344 	else
2345 		heads = 1;
2346 
2347 	nr_sectors = (((reply_buffer[R_TRACK] - raw_cmd->cmd[TRACK]) * heads +
2348 		       reply_buffer[R_HEAD] - raw_cmd->cmd[HEAD]) * raw_cmd->cmd[SECT_PER_TRACK] +
2349 		      reply_buffer[R_SECTOR] - raw_cmd->cmd[SECTOR] + eoc) << raw_cmd->cmd[SIZECODE] >> 2;
2350 
2351 	if (nr_sectors / ssize >
2352 	    DIV_ROUND_UP(in_sector_offset + current_count_sectors, ssize)) {
2353 		DPRINT("long rw: %x instead of %lx\n",
2354 		       nr_sectors, current_count_sectors);
2355 		pr_info("rs=%d s=%d\n", reply_buffer[R_SECTOR],
2356 			raw_cmd->cmd[SECTOR]);
2357 		pr_info("rh=%d h=%d\n", reply_buffer[R_HEAD],
2358 			raw_cmd->cmd[HEAD]);
2359 		pr_info("rt=%d t=%d\n", reply_buffer[R_TRACK],
2360 			raw_cmd->cmd[TRACK]);
2361 		pr_info("heads=%d eoc=%d\n", heads, eoc);
2362 		pr_info("spt=%d st=%d ss=%d\n",
2363 			raw_cmd->cmd[SECT_PER_TRACK], fsector_t, ssize);
2364 		pr_info("in_sector_offset=%d\n", in_sector_offset);
2365 	}
2366 
2367 	nr_sectors -= in_sector_offset;
2368 	INFBOUND(nr_sectors, 0);
2369 	SUPBOUND(current_count_sectors, nr_sectors);
2370 
2371 	switch (interpret_errors()) {
2372 	case 2:
2373 		cont->redo();
2374 		return;
2375 	case 1:
2376 		if (!current_count_sectors) {
2377 			cont->error();
2378 			cont->redo();
2379 			return;
2380 		}
2381 		break;
2382 	case 0:
2383 		if (!current_count_sectors) {
2384 			cont->redo();
2385 			return;
2386 		}
2387 		current_type[current_drive] = _floppy;
2388 		floppy_sizes[TOMINOR(current_drive)] = _floppy->size;
2389 		break;
2390 	}
2391 
2392 	if (probing) {
2393 		if (drive_params[current_drive].flags & FTD_MSG)
2394 			DPRINT("Auto-detected floppy type %s in fd%d\n",
2395 			       _floppy->name, current_drive);
2396 		current_type[current_drive] = _floppy;
2397 		floppy_sizes[TOMINOR(current_drive)] = _floppy->size;
2398 		probing = 0;
2399 	}
2400 
2401 	if (CT(raw_cmd->cmd[COMMAND]) != FD_READ ||
2402 	    raw_cmd->kernel_data == bio_data(current_req->bio)) {
2403 		/* transfer directly from buffer */
2404 		cont->done(1);
2405 	} else if (CT(raw_cmd->cmd[COMMAND]) == FD_READ) {
2406 		buffer_track = raw_cmd->track;
2407 		buffer_drive = current_drive;
2408 		INFBOUND(buffer_max, nr_sectors + fsector_t);
2409 	}
2410 	cont->redo();
2411 }
2412 
2413 /* Compute maximal contiguous buffer size. */
buffer_chain_size(void)2414 static int buffer_chain_size(void)
2415 {
2416 	struct bio_vec bv;
2417 	int size;
2418 	struct req_iterator iter;
2419 	char *base;
2420 
2421 	base = bio_data(current_req->bio);
2422 	size = 0;
2423 
2424 	rq_for_each_segment(bv, current_req, iter) {
2425 		if (page_address(bv.bv_page) + bv.bv_offset != base + size)
2426 			break;
2427 
2428 		size += bv.bv_len;
2429 	}
2430 
2431 	return size >> 9;
2432 }
2433 
2434 /* Compute the maximal transfer size */
transfer_size(int ssize,int max_sector,int max_size)2435 static int transfer_size(int ssize, int max_sector, int max_size)
2436 {
2437 	SUPBOUND(max_sector, fsector_t + max_size);
2438 
2439 	/* alignment */
2440 	max_sector -= (max_sector % _floppy->sect) % ssize;
2441 
2442 	/* transfer size, beginning not aligned */
2443 	current_count_sectors = max_sector - fsector_t;
2444 
2445 	return max_sector;
2446 }
2447 
2448 /*
2449  * Move data from/to the track buffer to/from the buffer cache.
2450  */
copy_buffer(int ssize,int max_sector,int max_sector_2)2451 static void copy_buffer(int ssize, int max_sector, int max_sector_2)
2452 {
2453 	int remaining;		/* number of transferred 512-byte sectors */
2454 	struct bio_vec bv;
2455 	char *buffer;
2456 	char *dma_buffer;
2457 	int size;
2458 	struct req_iterator iter;
2459 
2460 	max_sector = transfer_size(ssize,
2461 				   min(max_sector, max_sector_2),
2462 				   blk_rq_sectors(current_req));
2463 
2464 	if (current_count_sectors <= 0 && CT(raw_cmd->cmd[COMMAND]) == FD_WRITE &&
2465 	    buffer_max > fsector_t + blk_rq_sectors(current_req))
2466 		current_count_sectors = min_t(int, buffer_max - fsector_t,
2467 					      blk_rq_sectors(current_req));
2468 
2469 	remaining = current_count_sectors << 9;
2470 	if (remaining > blk_rq_bytes(current_req) && CT(raw_cmd->cmd[COMMAND]) == FD_WRITE) {
2471 		DPRINT("in copy buffer\n");
2472 		pr_info("current_count_sectors=%ld\n", current_count_sectors);
2473 		pr_info("remaining=%d\n", remaining >> 9);
2474 		pr_info("current_req->nr_sectors=%u\n",
2475 			blk_rq_sectors(current_req));
2476 		pr_info("current_req->current_nr_sectors=%u\n",
2477 			blk_rq_cur_sectors(current_req));
2478 		pr_info("max_sector=%d\n", max_sector);
2479 		pr_info("ssize=%d\n", ssize);
2480 	}
2481 
2482 	buffer_max = max(max_sector, buffer_max);
2483 
2484 	dma_buffer = floppy_track_buffer + ((fsector_t - buffer_min) << 9);
2485 
2486 	size = blk_rq_cur_bytes(current_req);
2487 
2488 	rq_for_each_segment(bv, current_req, iter) {
2489 		if (!remaining)
2490 			break;
2491 
2492 		size = bv.bv_len;
2493 		SUPBOUND(size, remaining);
2494 
2495 		buffer = page_address(bv.bv_page) + bv.bv_offset;
2496 		if (dma_buffer + size >
2497 		    floppy_track_buffer + (max_buffer_sectors << 10) ||
2498 		    dma_buffer < floppy_track_buffer) {
2499 			DPRINT("buffer overrun in copy buffer %d\n",
2500 			       (int)((floppy_track_buffer - dma_buffer) >> 9));
2501 			pr_info("fsector_t=%d buffer_min=%d\n",
2502 				fsector_t, buffer_min);
2503 			pr_info("current_count_sectors=%ld\n",
2504 				current_count_sectors);
2505 			if (CT(raw_cmd->cmd[COMMAND]) == FD_READ)
2506 				pr_info("read\n");
2507 			if (CT(raw_cmd->cmd[COMMAND]) == FD_WRITE)
2508 				pr_info("write\n");
2509 			break;
2510 		}
2511 		if (((unsigned long)buffer) % 512)
2512 			DPRINT("%p buffer not aligned\n", buffer);
2513 
2514 		if (CT(raw_cmd->cmd[COMMAND]) == FD_READ)
2515 			memcpy(buffer, dma_buffer, size);
2516 		else
2517 			memcpy(dma_buffer, buffer, size);
2518 
2519 		remaining -= size;
2520 		dma_buffer += size;
2521 	}
2522 	if (remaining) {
2523 		if (remaining > 0)
2524 			max_sector -= remaining >> 9;
2525 		DPRINT("weirdness: remaining %d\n", remaining >> 9);
2526 	}
2527 }
2528 
2529 /* work around a bug in pseudo DMA
2530  * (on some FDCs) pseudo DMA does not stop when the CPU stops
2531  * sending data.  Hence we need a different way to signal the
2532  * transfer length:  We use raw_cmd->cmd[SECT_PER_TRACK].  Unfortunately, this
2533  * does not work with MT, hence we can only transfer one head at
2534  * a time
2535  */
virtualdmabug_workaround(void)2536 static void virtualdmabug_workaround(void)
2537 {
2538 	int hard_sectors;
2539 	int end_sector;
2540 
2541 	if (CT(raw_cmd->cmd[COMMAND]) == FD_WRITE) {
2542 		raw_cmd->cmd[COMMAND] &= ~0x80;	/* switch off multiple track mode */
2543 
2544 		hard_sectors = raw_cmd->length >> (7 + raw_cmd->cmd[SIZECODE]);
2545 		end_sector = raw_cmd->cmd[SECTOR] + hard_sectors - 1;
2546 		if (end_sector > raw_cmd->cmd[SECT_PER_TRACK]) {
2547 			pr_info("too many sectors %d > %d\n",
2548 				end_sector, raw_cmd->cmd[SECT_PER_TRACK]);
2549 			return;
2550 		}
2551 		raw_cmd->cmd[SECT_PER_TRACK] = end_sector;
2552 					/* make sure raw_cmd->cmd[SECT_PER_TRACK]
2553 					 * points to end of transfer */
2554 	}
2555 }
2556 
2557 /*
2558  * Formulate a read/write request.
2559  * this routine decides where to load the data (directly to buffer, or to
2560  * tmp floppy area), how much data to load (the size of the buffer, the whole
2561  * track, or a single sector)
2562  * All floppy_track_buffer handling goes in here. If we ever add track buffer
2563  * allocation on the fly, it should be done here. No other part should need
2564  * modification.
2565  */
2566 
make_raw_rw_request(void)2567 static int make_raw_rw_request(void)
2568 {
2569 	int aligned_sector_t;
2570 	int max_sector;
2571 	int max_size;
2572 	int tracksize;
2573 	int ssize;
2574 
2575 	if (WARN(max_buffer_sectors == 0, "VFS: Block I/O scheduled on unopened device\n"))
2576 		return 0;
2577 
2578 	set_fdc((long)current_req->rq_disk->private_data);
2579 
2580 	raw_cmd = &default_raw_cmd;
2581 	raw_cmd->flags = FD_RAW_SPIN | FD_RAW_NEED_DISK | FD_RAW_NEED_SEEK;
2582 	raw_cmd->cmd_count = NR_RW;
2583 	if (rq_data_dir(current_req) == READ) {
2584 		raw_cmd->flags |= FD_RAW_READ;
2585 		raw_cmd->cmd[COMMAND] = FM_MODE(_floppy, FD_READ);
2586 	} else if (rq_data_dir(current_req) == WRITE) {
2587 		raw_cmd->flags |= FD_RAW_WRITE;
2588 		raw_cmd->cmd[COMMAND] = FM_MODE(_floppy, FD_WRITE);
2589 	} else {
2590 		DPRINT("%s: unknown command\n", __func__);
2591 		return 0;
2592 	}
2593 
2594 	max_sector = _floppy->sect * _floppy->head;
2595 
2596 	raw_cmd->cmd[TRACK] = (int)blk_rq_pos(current_req) / max_sector;
2597 	fsector_t = (int)blk_rq_pos(current_req) % max_sector;
2598 	if (_floppy->track && raw_cmd->cmd[TRACK] >= _floppy->track) {
2599 		if (blk_rq_cur_sectors(current_req) & 1) {
2600 			current_count_sectors = 1;
2601 			return 1;
2602 		} else
2603 			return 0;
2604 	}
2605 	raw_cmd->cmd[HEAD] = fsector_t / _floppy->sect;
2606 
2607 	if (((_floppy->stretch & (FD_SWAPSIDES | FD_SECTBASEMASK)) ||
2608 	     test_bit(FD_NEED_TWADDLE_BIT, &drive_state[current_drive].flags)) &&
2609 	    fsector_t < _floppy->sect)
2610 		max_sector = _floppy->sect;
2611 
2612 	/* 2M disks have phantom sectors on the first track */
2613 	if ((_floppy->rate & FD_2M) && (!raw_cmd->cmd[TRACK]) && (!raw_cmd->cmd[HEAD])) {
2614 		max_sector = 2 * _floppy->sect / 3;
2615 		if (fsector_t >= max_sector) {
2616 			current_count_sectors =
2617 			    min_t(int, _floppy->sect - fsector_t,
2618 				  blk_rq_sectors(current_req));
2619 			return 1;
2620 		}
2621 		raw_cmd->cmd[SIZECODE] = 2;
2622 	} else
2623 		raw_cmd->cmd[SIZECODE] = FD_SIZECODE(_floppy);
2624 	raw_cmd->rate = _floppy->rate & 0x43;
2625 	if ((_floppy->rate & FD_2M) &&
2626 	    (raw_cmd->cmd[TRACK] || raw_cmd->cmd[HEAD]) && raw_cmd->rate == 2)
2627 		raw_cmd->rate = 1;
2628 
2629 	if (raw_cmd->cmd[SIZECODE])
2630 		raw_cmd->cmd[SIZECODE2] = 0xff;
2631 	else
2632 		raw_cmd->cmd[SIZECODE2] = 0x80;
2633 	raw_cmd->track = raw_cmd->cmd[TRACK] << STRETCH(_floppy);
2634 	raw_cmd->cmd[DR_SELECT] = UNIT(current_drive) + PH_HEAD(_floppy, raw_cmd->cmd[HEAD]);
2635 	raw_cmd->cmd[GAP] = _floppy->gap;
2636 	ssize = DIV_ROUND_UP(1 << raw_cmd->cmd[SIZECODE], 4);
2637 	raw_cmd->cmd[SECT_PER_TRACK] = _floppy->sect << 2 >> raw_cmd->cmd[SIZECODE];
2638 	raw_cmd->cmd[SECTOR] = ((fsector_t % _floppy->sect) << 2 >> raw_cmd->cmd[SIZECODE]) +
2639 	    FD_SECTBASE(_floppy);
2640 
2641 	/* tracksize describes the size which can be filled up with sectors
2642 	 * of size ssize.
2643 	 */
2644 	tracksize = _floppy->sect - _floppy->sect % ssize;
2645 	if (tracksize < _floppy->sect) {
2646 		raw_cmd->cmd[SECT_PER_TRACK]++;
2647 		if (tracksize <= fsector_t % _floppy->sect)
2648 			raw_cmd->cmd[SECTOR]--;
2649 
2650 		/* if we are beyond tracksize, fill up using smaller sectors */
2651 		while (tracksize <= fsector_t % _floppy->sect) {
2652 			while (tracksize + ssize > _floppy->sect) {
2653 				raw_cmd->cmd[SIZECODE]--;
2654 				ssize >>= 1;
2655 			}
2656 			raw_cmd->cmd[SECTOR]++;
2657 			raw_cmd->cmd[SECT_PER_TRACK]++;
2658 			tracksize += ssize;
2659 		}
2660 		max_sector = raw_cmd->cmd[HEAD] * _floppy->sect + tracksize;
2661 	} else if (!raw_cmd->cmd[TRACK] && !raw_cmd->cmd[HEAD] && !(_floppy->rate & FD_2M) && probing) {
2662 		max_sector = _floppy->sect;
2663 	} else if (!raw_cmd->cmd[HEAD] && CT(raw_cmd->cmd[COMMAND]) == FD_WRITE) {
2664 		/* for virtual DMA bug workaround */
2665 		max_sector = _floppy->sect;
2666 	}
2667 
2668 	in_sector_offset = (fsector_t % _floppy->sect) % ssize;
2669 	aligned_sector_t = fsector_t - in_sector_offset;
2670 	max_size = blk_rq_sectors(current_req);
2671 	if ((raw_cmd->track == buffer_track) &&
2672 	    (current_drive == buffer_drive) &&
2673 	    (fsector_t >= buffer_min) && (fsector_t < buffer_max)) {
2674 		/* data already in track buffer */
2675 		if (CT(raw_cmd->cmd[COMMAND]) == FD_READ) {
2676 			copy_buffer(1, max_sector, buffer_max);
2677 			return 1;
2678 		}
2679 	} else if (in_sector_offset || blk_rq_sectors(current_req) < ssize) {
2680 		if (CT(raw_cmd->cmd[COMMAND]) == FD_WRITE) {
2681 			unsigned int sectors;
2682 
2683 			sectors = fsector_t + blk_rq_sectors(current_req);
2684 			if (sectors > ssize && sectors < ssize + ssize)
2685 				max_size = ssize + ssize;
2686 			else
2687 				max_size = ssize;
2688 		}
2689 		raw_cmd->flags &= ~FD_RAW_WRITE;
2690 		raw_cmd->flags |= FD_RAW_READ;
2691 		raw_cmd->cmd[COMMAND] = FM_MODE(_floppy, FD_READ);
2692 	} else if ((unsigned long)bio_data(current_req->bio) < MAX_DMA_ADDRESS) {
2693 		unsigned long dma_limit;
2694 		int direct, indirect;
2695 
2696 		indirect =
2697 		    transfer_size(ssize, max_sector,
2698 				  max_buffer_sectors * 2) - fsector_t;
2699 
2700 		/*
2701 		 * Do NOT use minimum() here---MAX_DMA_ADDRESS is 64 bits wide
2702 		 * on a 64 bit machine!
2703 		 */
2704 		max_size = buffer_chain_size();
2705 		dma_limit = (MAX_DMA_ADDRESS -
2706 			     ((unsigned long)bio_data(current_req->bio))) >> 9;
2707 		if ((unsigned long)max_size > dma_limit)
2708 			max_size = dma_limit;
2709 		/* 64 kb boundaries */
2710 		if (CROSS_64KB(bio_data(current_req->bio), max_size << 9))
2711 			max_size = (K_64 -
2712 				    ((unsigned long)bio_data(current_req->bio)) %
2713 				    K_64) >> 9;
2714 		direct = transfer_size(ssize, max_sector, max_size) - fsector_t;
2715 		/*
2716 		 * We try to read tracks, but if we get too many errors, we
2717 		 * go back to reading just one sector at a time.
2718 		 *
2719 		 * This means we should be able to read a sector even if there
2720 		 * are other bad sectors on this track.
2721 		 */
2722 		if (!direct ||
2723 		    (indirect * 2 > direct * 3 &&
2724 		     *errors < drive_params[current_drive].max_errors.read_track &&
2725 		     ((!probing ||
2726 		       (drive_params[current_drive].read_track & (1 << drive_state[current_drive].probed_format)))))) {
2727 			max_size = blk_rq_sectors(current_req);
2728 		} else {
2729 			raw_cmd->kernel_data = bio_data(current_req->bio);
2730 			raw_cmd->length = current_count_sectors << 9;
2731 			if (raw_cmd->length == 0) {
2732 				DPRINT("%s: zero dma transfer attempted\n", __func__);
2733 				DPRINT("indirect=%d direct=%d fsector_t=%d\n",
2734 				       indirect, direct, fsector_t);
2735 				return 0;
2736 			}
2737 			virtualdmabug_workaround();
2738 			return 2;
2739 		}
2740 	}
2741 
2742 	if (CT(raw_cmd->cmd[COMMAND]) == FD_READ)
2743 		max_size = max_sector;	/* unbounded */
2744 
2745 	/* claim buffer track if needed */
2746 	if (buffer_track != raw_cmd->track ||	/* bad track */
2747 	    buffer_drive != current_drive ||	/* bad drive */
2748 	    fsector_t > buffer_max ||
2749 	    fsector_t < buffer_min ||
2750 	    ((CT(raw_cmd->cmd[COMMAND]) == FD_READ ||
2751 	      (!in_sector_offset && blk_rq_sectors(current_req) >= ssize)) &&
2752 	     max_sector > 2 * max_buffer_sectors + buffer_min &&
2753 	     max_size + fsector_t > 2 * max_buffer_sectors + buffer_min)) {
2754 		/* not enough space */
2755 		buffer_track = -1;
2756 		buffer_drive = current_drive;
2757 		buffer_max = buffer_min = aligned_sector_t;
2758 	}
2759 	raw_cmd->kernel_data = floppy_track_buffer +
2760 		((aligned_sector_t - buffer_min) << 9);
2761 
2762 	if (CT(raw_cmd->cmd[COMMAND]) == FD_WRITE) {
2763 		/* copy write buffer to track buffer.
2764 		 * if we get here, we know that the write
2765 		 * is either aligned or the data already in the buffer
2766 		 * (buffer will be overwritten) */
2767 		if (in_sector_offset && buffer_track == -1)
2768 			DPRINT("internal error offset !=0 on write\n");
2769 		buffer_track = raw_cmd->track;
2770 		buffer_drive = current_drive;
2771 		copy_buffer(ssize, max_sector,
2772 			    2 * max_buffer_sectors + buffer_min);
2773 	} else
2774 		transfer_size(ssize, max_sector,
2775 			      2 * max_buffer_sectors + buffer_min -
2776 			      aligned_sector_t);
2777 
2778 	/* round up current_count_sectors to get dma xfer size */
2779 	raw_cmd->length = in_sector_offset + current_count_sectors;
2780 	raw_cmd->length = ((raw_cmd->length - 1) | (ssize - 1)) + 1;
2781 	raw_cmd->length <<= 9;
2782 	if ((raw_cmd->length < current_count_sectors << 9) ||
2783 	    (raw_cmd->kernel_data != bio_data(current_req->bio) &&
2784 	     CT(raw_cmd->cmd[COMMAND]) == FD_WRITE &&
2785 	     (aligned_sector_t + (raw_cmd->length >> 9) > buffer_max ||
2786 	      aligned_sector_t < buffer_min)) ||
2787 	    raw_cmd->length % (128 << raw_cmd->cmd[SIZECODE]) ||
2788 	    raw_cmd->length <= 0 || current_count_sectors <= 0) {
2789 		DPRINT("fractionary current count b=%lx s=%lx\n",
2790 		       raw_cmd->length, current_count_sectors);
2791 		if (raw_cmd->kernel_data != bio_data(current_req->bio))
2792 			pr_info("addr=%d, length=%ld\n",
2793 				(int)((raw_cmd->kernel_data -
2794 				       floppy_track_buffer) >> 9),
2795 				current_count_sectors);
2796 		pr_info("st=%d ast=%d mse=%d msi=%d\n",
2797 			fsector_t, aligned_sector_t, max_sector, max_size);
2798 		pr_info("ssize=%x SIZECODE=%d\n", ssize, raw_cmd->cmd[SIZECODE]);
2799 		pr_info("command=%x SECTOR=%d HEAD=%d, TRACK=%d\n",
2800 			raw_cmd->cmd[COMMAND], raw_cmd->cmd[SECTOR],
2801 			raw_cmd->cmd[HEAD], raw_cmd->cmd[TRACK]);
2802 		pr_info("buffer drive=%d\n", buffer_drive);
2803 		pr_info("buffer track=%d\n", buffer_track);
2804 		pr_info("buffer_min=%d\n", buffer_min);
2805 		pr_info("buffer_max=%d\n", buffer_max);
2806 		return 0;
2807 	}
2808 
2809 	if (raw_cmd->kernel_data != bio_data(current_req->bio)) {
2810 		if (raw_cmd->kernel_data < floppy_track_buffer ||
2811 		    current_count_sectors < 0 ||
2812 		    raw_cmd->length < 0 ||
2813 		    raw_cmd->kernel_data + raw_cmd->length >
2814 		    floppy_track_buffer + (max_buffer_sectors << 10)) {
2815 			DPRINT("buffer overrun in schedule dma\n");
2816 			pr_info("fsector_t=%d buffer_min=%d current_count=%ld\n",
2817 				fsector_t, buffer_min, raw_cmd->length >> 9);
2818 			pr_info("current_count_sectors=%ld\n",
2819 				current_count_sectors);
2820 			if (CT(raw_cmd->cmd[COMMAND]) == FD_READ)
2821 				pr_info("read\n");
2822 			if (CT(raw_cmd->cmd[COMMAND]) == FD_WRITE)
2823 				pr_info("write\n");
2824 			return 0;
2825 		}
2826 	} else if (raw_cmd->length > blk_rq_bytes(current_req) ||
2827 		   current_count_sectors > blk_rq_sectors(current_req)) {
2828 		DPRINT("buffer overrun in direct transfer\n");
2829 		return 0;
2830 	} else if (raw_cmd->length < current_count_sectors << 9) {
2831 		DPRINT("more sectors than bytes\n");
2832 		pr_info("bytes=%ld\n", raw_cmd->length >> 9);
2833 		pr_info("sectors=%ld\n", current_count_sectors);
2834 	}
2835 	if (raw_cmd->length == 0) {
2836 		DPRINT("zero dma transfer attempted from make_raw_request\n");
2837 		return 0;
2838 	}
2839 
2840 	virtualdmabug_workaround();
2841 	return 2;
2842 }
2843 
set_next_request(void)2844 static int set_next_request(void)
2845 {
2846 	current_req = list_first_entry_or_null(&floppy_reqs, struct request,
2847 					       queuelist);
2848 	if (current_req) {
2849 		current_req->error_count = 0;
2850 		list_del_init(&current_req->queuelist);
2851 	}
2852 	return current_req != NULL;
2853 }
2854 
2855 /* Starts or continues processing request. Will automatically unlock the
2856  * driver at end of request.
2857  */
redo_fd_request(void)2858 static void redo_fd_request(void)
2859 {
2860 	int drive;
2861 	int tmp;
2862 
2863 	lastredo = jiffies;
2864 	if (current_drive < N_DRIVE)
2865 		floppy_off(current_drive);
2866 
2867 do_request:
2868 	if (!current_req) {
2869 		int pending;
2870 
2871 		spin_lock_irq(&floppy_lock);
2872 		pending = set_next_request();
2873 		spin_unlock_irq(&floppy_lock);
2874 		if (!pending) {
2875 			do_floppy = NULL;
2876 			unlock_fdc();
2877 			return;
2878 		}
2879 	}
2880 	drive = (long)current_req->rq_disk->private_data;
2881 	set_fdc(drive);
2882 	reschedule_timeout(current_drive, "redo fd request");
2883 
2884 	set_floppy(drive);
2885 	raw_cmd = &default_raw_cmd;
2886 	raw_cmd->flags = 0;
2887 	if (start_motor(redo_fd_request))
2888 		return;
2889 
2890 	disk_change(current_drive);
2891 	if (test_bit(current_drive, &fake_change) ||
2892 	    test_bit(FD_DISK_CHANGED_BIT, &drive_state[current_drive].flags)) {
2893 		DPRINT("disk absent or changed during operation\n");
2894 		request_done(0);
2895 		goto do_request;
2896 	}
2897 	if (!_floppy) {	/* Autodetection */
2898 		if (!probing) {
2899 			drive_state[current_drive].probed_format = 0;
2900 			if (next_valid_format(current_drive)) {
2901 				DPRINT("no autodetectable formats\n");
2902 				_floppy = NULL;
2903 				request_done(0);
2904 				goto do_request;
2905 			}
2906 		}
2907 		probing = 1;
2908 		_floppy = floppy_type + drive_params[current_drive].autodetect[drive_state[current_drive].probed_format];
2909 	} else
2910 		probing = 0;
2911 	errors = &(current_req->error_count);
2912 	tmp = make_raw_rw_request();
2913 	if (tmp < 2) {
2914 		request_done(tmp);
2915 		goto do_request;
2916 	}
2917 
2918 	if (test_bit(FD_NEED_TWADDLE_BIT, &drive_state[current_drive].flags))
2919 		twaddle(current_fdc, current_drive);
2920 	schedule_bh(floppy_start);
2921 	debugt(__func__, "queue fd request");
2922 	return;
2923 }
2924 
2925 static const struct cont_t rw_cont = {
2926 	.interrupt	= rw_interrupt,
2927 	.redo		= redo_fd_request,
2928 	.error		= bad_flp_intr,
2929 	.done		= request_done
2930 };
2931 
2932 /* schedule the request and automatically unlock the driver on completion */
process_fd_request(void)2933 static void process_fd_request(void)
2934 {
2935 	cont = &rw_cont;
2936 	schedule_bh(redo_fd_request);
2937 }
2938 
floppy_queue_rq(struct blk_mq_hw_ctx * hctx,const struct blk_mq_queue_data * bd)2939 static blk_status_t floppy_queue_rq(struct blk_mq_hw_ctx *hctx,
2940 				    const struct blk_mq_queue_data *bd)
2941 {
2942 	blk_mq_start_request(bd->rq);
2943 
2944 	if (WARN(max_buffer_sectors == 0,
2945 		 "VFS: %s called on non-open device\n", __func__))
2946 		return BLK_STS_IOERR;
2947 
2948 	if (WARN(atomic_read(&usage_count) == 0,
2949 		 "warning: usage count=0, current_req=%p sect=%ld flags=%llx\n",
2950 		 current_req, (long)blk_rq_pos(current_req),
2951 		 (unsigned long long) current_req->cmd_flags))
2952 		return BLK_STS_IOERR;
2953 
2954 	if (test_and_set_bit(0, &fdc_busy)) {
2955 		/* fdc busy, this new request will be treated when the
2956 		   current one is done */
2957 		is_alive(__func__, "old request running");
2958 		return BLK_STS_RESOURCE;
2959 	}
2960 
2961 	spin_lock_irq(&floppy_lock);
2962 	list_add_tail(&bd->rq->queuelist, &floppy_reqs);
2963 	spin_unlock_irq(&floppy_lock);
2964 
2965 	command_status = FD_COMMAND_NONE;
2966 	__reschedule_timeout(MAXTIMEOUT, "fd_request");
2967 	set_fdc(0);
2968 	process_fd_request();
2969 	is_alive(__func__, "");
2970 	return BLK_STS_OK;
2971 }
2972 
2973 static const struct cont_t poll_cont = {
2974 	.interrupt	= success_and_wakeup,
2975 	.redo		= floppy_ready,
2976 	.error		= generic_failure,
2977 	.done		= generic_done
2978 };
2979 
poll_drive(bool interruptible,int flag)2980 static int poll_drive(bool interruptible, int flag)
2981 {
2982 	/* no auto-sense, just clear dcl */
2983 	raw_cmd = &default_raw_cmd;
2984 	raw_cmd->flags = flag;
2985 	raw_cmd->track = 0;
2986 	raw_cmd->cmd_count = 0;
2987 	cont = &poll_cont;
2988 	debug_dcl(drive_params[current_drive].flags,
2989 		  "setting NEWCHANGE in poll_drive\n");
2990 	set_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[current_drive].flags);
2991 
2992 	return wait_til_done(floppy_ready, interruptible);
2993 }
2994 
2995 /*
2996  * User triggered reset
2997  * ====================
2998  */
2999 
reset_intr(void)3000 static void reset_intr(void)
3001 {
3002 	pr_info("weird, reset interrupt called\n");
3003 }
3004 
3005 static const struct cont_t reset_cont = {
3006 	.interrupt	= reset_intr,
3007 	.redo		= success_and_wakeup,
3008 	.error		= generic_failure,
3009 	.done		= generic_done
3010 };
3011 
3012 /*
3013  * Resets the FDC connected to drive <drive>.
3014  * Both current_drive and current_fdc are changed to match the new drive.
3015  */
user_reset_fdc(int drive,int arg,bool interruptible)3016 static int user_reset_fdc(int drive, int arg, bool interruptible)
3017 {
3018 	int ret;
3019 
3020 	if (lock_fdc(drive))
3021 		return -EINTR;
3022 
3023 	if (arg == FD_RESET_ALWAYS)
3024 		fdc_state[current_fdc].reset = 1;
3025 	if (fdc_state[current_fdc].reset) {
3026 		/* note: reset_fdc will take care of unlocking the driver
3027 		 * on completion.
3028 		 */
3029 		cont = &reset_cont;
3030 		ret = wait_til_done(reset_fdc, interruptible);
3031 		if (ret == -EINTR)
3032 			return -EINTR;
3033 	}
3034 	process_fd_request();
3035 	return 0;
3036 }
3037 
3038 /*
3039  * Misc Ioctl's and support
3040  * ========================
3041  */
fd_copyout(void __user * param,const void * address,unsigned long size)3042 static inline int fd_copyout(void __user *param, const void *address,
3043 			     unsigned long size)
3044 {
3045 	return copy_to_user(param, address, size) ? -EFAULT : 0;
3046 }
3047 
fd_copyin(void __user * param,void * address,unsigned long size)3048 static inline int fd_copyin(void __user *param, void *address,
3049 			    unsigned long size)
3050 {
3051 	return copy_from_user(address, param, size) ? -EFAULT : 0;
3052 }
3053 
drive_name(int type,int drive)3054 static const char *drive_name(int type, int drive)
3055 {
3056 	struct floppy_struct *floppy;
3057 
3058 	if (type)
3059 		floppy = floppy_type + type;
3060 	else {
3061 		if (drive_params[drive].native_format)
3062 			floppy = floppy_type + drive_params[drive].native_format;
3063 		else
3064 			return "(null)";
3065 	}
3066 	if (floppy->name)
3067 		return floppy->name;
3068 	else
3069 		return "(null)";
3070 }
3071 
3072 /* raw commands */
raw_cmd_done(int flag)3073 static void raw_cmd_done(int flag)
3074 {
3075 	int i;
3076 
3077 	if (!flag) {
3078 		raw_cmd->flags |= FD_RAW_FAILURE;
3079 		raw_cmd->flags |= FD_RAW_HARDFAILURE;
3080 	} else {
3081 		raw_cmd->reply_count = inr;
3082 		if (raw_cmd->reply_count > FD_RAW_REPLY_SIZE)
3083 			raw_cmd->reply_count = 0;
3084 		for (i = 0; i < raw_cmd->reply_count; i++)
3085 			raw_cmd->reply[i] = reply_buffer[i];
3086 
3087 		if (raw_cmd->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
3088 			unsigned long flags;
3089 			flags = claim_dma_lock();
3090 			raw_cmd->length = fd_get_dma_residue();
3091 			release_dma_lock(flags);
3092 		}
3093 
3094 		if ((raw_cmd->flags & FD_RAW_SOFTFAILURE) &&
3095 		    (!raw_cmd->reply_count || (raw_cmd->reply[0] & 0xc0)))
3096 			raw_cmd->flags |= FD_RAW_FAILURE;
3097 
3098 		if (disk_change(current_drive))
3099 			raw_cmd->flags |= FD_RAW_DISK_CHANGE;
3100 		else
3101 			raw_cmd->flags &= ~FD_RAW_DISK_CHANGE;
3102 		if (raw_cmd->flags & FD_RAW_NO_MOTOR_AFTER)
3103 			motor_off_callback(&motor_off_timer[current_drive]);
3104 
3105 		if (raw_cmd->next &&
3106 		    (!(raw_cmd->flags & FD_RAW_FAILURE) ||
3107 		     !(raw_cmd->flags & FD_RAW_STOP_IF_FAILURE)) &&
3108 		    ((raw_cmd->flags & FD_RAW_FAILURE) ||
3109 		     !(raw_cmd->flags & FD_RAW_STOP_IF_SUCCESS))) {
3110 			raw_cmd = raw_cmd->next;
3111 			return;
3112 		}
3113 	}
3114 	generic_done(flag);
3115 }
3116 
3117 static const struct cont_t raw_cmd_cont = {
3118 	.interrupt	= success_and_wakeup,
3119 	.redo		= floppy_start,
3120 	.error		= generic_failure,
3121 	.done		= raw_cmd_done
3122 };
3123 
raw_cmd_copyout(int cmd,void __user * param,struct floppy_raw_cmd * ptr)3124 static int raw_cmd_copyout(int cmd, void __user *param,
3125 				  struct floppy_raw_cmd *ptr)
3126 {
3127 	int ret;
3128 
3129 	while (ptr) {
3130 		struct floppy_raw_cmd cmd = *ptr;
3131 		cmd.next = NULL;
3132 		cmd.kernel_data = NULL;
3133 		ret = copy_to_user(param, &cmd, sizeof(cmd));
3134 		if (ret)
3135 			return -EFAULT;
3136 		param += sizeof(struct floppy_raw_cmd);
3137 		if ((ptr->flags & FD_RAW_READ) && ptr->buffer_length) {
3138 			if (ptr->length >= 0 &&
3139 			    ptr->length <= ptr->buffer_length) {
3140 				long length = ptr->buffer_length - ptr->length;
3141 				ret = fd_copyout(ptr->data, ptr->kernel_data,
3142 						 length);
3143 				if (ret)
3144 					return ret;
3145 			}
3146 		}
3147 		ptr = ptr->next;
3148 	}
3149 
3150 	return 0;
3151 }
3152 
raw_cmd_free(struct floppy_raw_cmd ** ptr)3153 static void raw_cmd_free(struct floppy_raw_cmd **ptr)
3154 {
3155 	struct floppy_raw_cmd *next;
3156 	struct floppy_raw_cmd *this;
3157 
3158 	this = *ptr;
3159 	*ptr = NULL;
3160 	while (this) {
3161 		if (this->buffer_length) {
3162 			fd_dma_mem_free((unsigned long)this->kernel_data,
3163 					this->buffer_length);
3164 			this->buffer_length = 0;
3165 		}
3166 		next = this->next;
3167 		kfree(this);
3168 		this = next;
3169 	}
3170 }
3171 
raw_cmd_copyin(int cmd,void __user * param,struct floppy_raw_cmd ** rcmd)3172 static int raw_cmd_copyin(int cmd, void __user *param,
3173 				 struct floppy_raw_cmd **rcmd)
3174 {
3175 	struct floppy_raw_cmd *ptr;
3176 	int ret;
3177 	int i;
3178 
3179 	*rcmd = NULL;
3180 
3181 loop:
3182 	ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_KERNEL);
3183 	if (!ptr)
3184 		return -ENOMEM;
3185 	*rcmd = ptr;
3186 	ret = copy_from_user(ptr, param, sizeof(*ptr));
3187 	ptr->next = NULL;
3188 	ptr->buffer_length = 0;
3189 	ptr->kernel_data = NULL;
3190 	if (ret)
3191 		return -EFAULT;
3192 	param += sizeof(struct floppy_raw_cmd);
3193 	if (ptr->cmd_count > FD_RAW_CMD_FULLSIZE)
3194 		return -EINVAL;
3195 
3196 	for (i = 0; i < FD_RAW_REPLY_SIZE; i++)
3197 		ptr->reply[i] = 0;
3198 	ptr->resultcode = 0;
3199 
3200 	if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
3201 		if (ptr->length <= 0)
3202 			return -EINVAL;
3203 		ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length);
3204 		fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length);
3205 		if (!ptr->kernel_data)
3206 			return -ENOMEM;
3207 		ptr->buffer_length = ptr->length;
3208 	}
3209 	if (ptr->flags & FD_RAW_WRITE) {
3210 		ret = fd_copyin(ptr->data, ptr->kernel_data, ptr->length);
3211 		if (ret)
3212 			return ret;
3213 	}
3214 
3215 	if (ptr->flags & FD_RAW_MORE) {
3216 		rcmd = &(ptr->next);
3217 		ptr->rate &= 0x43;
3218 		goto loop;
3219 	}
3220 
3221 	return 0;
3222 }
3223 
raw_cmd_ioctl(int cmd,void __user * param)3224 static int raw_cmd_ioctl(int cmd, void __user *param)
3225 {
3226 	struct floppy_raw_cmd *my_raw_cmd;
3227 	int drive;
3228 	int ret2;
3229 	int ret;
3230 
3231 	if (fdc_state[current_fdc].rawcmd <= 1)
3232 		fdc_state[current_fdc].rawcmd = 1;
3233 	for (drive = 0; drive < N_DRIVE; drive++) {
3234 		if (FDC(drive) != current_fdc)
3235 			continue;
3236 		if (drive == current_drive) {
3237 			if (drive_state[drive].fd_ref > 1) {
3238 				fdc_state[current_fdc].rawcmd = 2;
3239 				break;
3240 			}
3241 		} else if (drive_state[drive].fd_ref) {
3242 			fdc_state[current_fdc].rawcmd = 2;
3243 			break;
3244 		}
3245 	}
3246 
3247 	if (fdc_state[current_fdc].reset)
3248 		return -EIO;
3249 
3250 	ret = raw_cmd_copyin(cmd, param, &my_raw_cmd);
3251 	if (ret) {
3252 		raw_cmd_free(&my_raw_cmd);
3253 		return ret;
3254 	}
3255 
3256 	raw_cmd = my_raw_cmd;
3257 	cont = &raw_cmd_cont;
3258 	ret = wait_til_done(floppy_start, true);
3259 	debug_dcl(drive_params[current_drive].flags,
3260 		  "calling disk change from raw_cmd ioctl\n");
3261 
3262 	if (ret != -EINTR && fdc_state[current_fdc].reset)
3263 		ret = -EIO;
3264 
3265 	drive_state[current_drive].track = NO_TRACK;
3266 
3267 	ret2 = raw_cmd_copyout(cmd, param, my_raw_cmd);
3268 	if (!ret)
3269 		ret = ret2;
3270 	raw_cmd_free(&my_raw_cmd);
3271 	return ret;
3272 }
3273 
invalidate_drive(struct block_device * bdev)3274 static int invalidate_drive(struct block_device *bdev)
3275 {
3276 	/* invalidate the buffer track to force a reread */
3277 	set_bit((long)bdev->bd_disk->private_data, &fake_change);
3278 	process_fd_request();
3279 	if (bdev_check_media_change(bdev))
3280 		floppy_revalidate(bdev->bd_disk);
3281 	return 0;
3282 }
3283 
set_geometry(unsigned int cmd,struct floppy_struct * g,int drive,int type,struct block_device * bdev)3284 static int set_geometry(unsigned int cmd, struct floppy_struct *g,
3285 			       int drive, int type, struct block_device *bdev)
3286 {
3287 	int cnt;
3288 
3289 	/* sanity checking for parameters. */
3290 	if ((int)g->sect <= 0 ||
3291 	    (int)g->head <= 0 ||
3292 	    /* check for overflow in max_sector */
3293 	    (int)(g->sect * g->head) <= 0 ||
3294 	    /* check for zero in raw_cmd->cmd[F_SECT_PER_TRACK] */
3295 	    (unsigned char)((g->sect << 2) >> FD_SIZECODE(g)) == 0 ||
3296 	    g->track <= 0 || g->track > drive_params[drive].tracks >> STRETCH(g) ||
3297 	    /* check if reserved bits are set */
3298 	    (g->stretch & ~(FD_STRETCH | FD_SWAPSIDES | FD_SECTBASEMASK)) != 0)
3299 		return -EINVAL;
3300 	if (type) {
3301 		if (!capable(CAP_SYS_ADMIN))
3302 			return -EPERM;
3303 		mutex_lock(&open_lock);
3304 		if (lock_fdc(drive)) {
3305 			mutex_unlock(&open_lock);
3306 			return -EINTR;
3307 		}
3308 		floppy_type[type] = *g;
3309 		floppy_type[type].name = "user format";
3310 		for (cnt = type << 2; cnt < (type << 2) + 4; cnt++)
3311 			floppy_sizes[cnt] = floppy_sizes[cnt + 0x80] =
3312 			    floppy_type[type].size + 1;
3313 		process_fd_request();
3314 		for (cnt = 0; cnt < N_DRIVE; cnt++) {
3315 			struct block_device *bdev = opened_bdev[cnt];
3316 			if (!bdev || ITYPE(drive_state[cnt].fd_device) != type)
3317 				continue;
3318 			__invalidate_device(bdev, true);
3319 		}
3320 		mutex_unlock(&open_lock);
3321 	} else {
3322 		int oldStretch;
3323 
3324 		if (lock_fdc(drive))
3325 			return -EINTR;
3326 		if (cmd != FDDEFPRM) {
3327 			/* notice a disk change immediately, else
3328 			 * we lose our settings immediately*/
3329 			if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
3330 				return -EINTR;
3331 		}
3332 		oldStretch = g->stretch;
3333 		user_params[drive] = *g;
3334 		if (buffer_drive == drive)
3335 			SUPBOUND(buffer_max, user_params[drive].sect);
3336 		current_type[drive] = &user_params[drive];
3337 		floppy_sizes[drive] = user_params[drive].size;
3338 		if (cmd == FDDEFPRM)
3339 			drive_state[current_drive].keep_data = -1;
3340 		else
3341 			drive_state[current_drive].keep_data = 1;
3342 		/* invalidation. Invalidate only when needed, i.e.
3343 		 * when there are already sectors in the buffer cache
3344 		 * whose number will change. This is useful, because
3345 		 * mtools often changes the geometry of the disk after
3346 		 * looking at the boot block */
3347 		if (drive_state[current_drive].maxblock > user_params[drive].sect ||
3348 		    drive_state[current_drive].maxtrack ||
3349 		    ((user_params[drive].sect ^ oldStretch) &
3350 		     (FD_SWAPSIDES | FD_SECTBASEMASK)))
3351 			invalidate_drive(bdev);
3352 		else
3353 			process_fd_request();
3354 	}
3355 	return 0;
3356 }
3357 
3358 /* handle obsolete ioctl's */
3359 static unsigned int ioctl_table[] = {
3360 	FDCLRPRM,
3361 	FDSETPRM,
3362 	FDDEFPRM,
3363 	FDGETPRM,
3364 	FDMSGON,
3365 	FDMSGOFF,
3366 	FDFMTBEG,
3367 	FDFMTTRK,
3368 	FDFMTEND,
3369 	FDSETEMSGTRESH,
3370 	FDFLUSH,
3371 	FDSETMAXERRS,
3372 	FDGETMAXERRS,
3373 	FDGETDRVTYP,
3374 	FDSETDRVPRM,
3375 	FDGETDRVPRM,
3376 	FDGETDRVSTAT,
3377 	FDPOLLDRVSTAT,
3378 	FDRESET,
3379 	FDGETFDCSTAT,
3380 	FDWERRORCLR,
3381 	FDWERRORGET,
3382 	FDRAWCMD,
3383 	FDEJECT,
3384 	FDTWADDLE
3385 };
3386 
normalize_ioctl(unsigned int * cmd,int * size)3387 static int normalize_ioctl(unsigned int *cmd, int *size)
3388 {
3389 	int i;
3390 
3391 	for (i = 0; i < ARRAY_SIZE(ioctl_table); i++) {
3392 		if ((*cmd & 0xffff) == (ioctl_table[i] & 0xffff)) {
3393 			*size = _IOC_SIZE(*cmd);
3394 			*cmd = ioctl_table[i];
3395 			if (*size > _IOC_SIZE(*cmd)) {
3396 				pr_info("ioctl not yet supported\n");
3397 				return -EFAULT;
3398 			}
3399 			return 0;
3400 		}
3401 	}
3402 	return -EINVAL;
3403 }
3404 
get_floppy_geometry(int drive,int type,struct floppy_struct ** g)3405 static int get_floppy_geometry(int drive, int type, struct floppy_struct **g)
3406 {
3407 	if (type)
3408 		*g = &floppy_type[type];
3409 	else {
3410 		if (lock_fdc(drive))
3411 			return -EINTR;
3412 		if (poll_drive(false, 0) == -EINTR)
3413 			return -EINTR;
3414 		process_fd_request();
3415 		*g = current_type[drive];
3416 	}
3417 	if (!*g)
3418 		return -ENODEV;
3419 	return 0;
3420 }
3421 
fd_getgeo(struct block_device * bdev,struct hd_geometry * geo)3422 static int fd_getgeo(struct block_device *bdev, struct hd_geometry *geo)
3423 {
3424 	int drive = (long)bdev->bd_disk->private_data;
3425 	int type = ITYPE(drive_state[drive].fd_device);
3426 	struct floppy_struct *g;
3427 	int ret;
3428 
3429 	ret = get_floppy_geometry(drive, type, &g);
3430 	if (ret)
3431 		return ret;
3432 
3433 	geo->heads = g->head;
3434 	geo->sectors = g->sect;
3435 	geo->cylinders = g->track;
3436 	return 0;
3437 }
3438 
valid_floppy_drive_params(const short autodetect[FD_AUTODETECT_SIZE],int native_format)3439 static bool valid_floppy_drive_params(const short autodetect[FD_AUTODETECT_SIZE],
3440 		int native_format)
3441 {
3442 	size_t floppy_type_size = ARRAY_SIZE(floppy_type);
3443 	size_t i = 0;
3444 
3445 	for (i = 0; i < FD_AUTODETECT_SIZE; ++i) {
3446 		if (autodetect[i] < 0 ||
3447 		    autodetect[i] >= floppy_type_size)
3448 			return false;
3449 	}
3450 
3451 	if (native_format < 0 || native_format >= floppy_type_size)
3452 		return false;
3453 
3454 	return true;
3455 }
3456 
fd_locked_ioctl(struct block_device * bdev,fmode_t mode,unsigned int cmd,unsigned long param)3457 static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd,
3458 		    unsigned long param)
3459 {
3460 	int drive = (long)bdev->bd_disk->private_data;
3461 	int type = ITYPE(drive_state[drive].fd_device);
3462 	int i;
3463 	int ret;
3464 	int size;
3465 	union inparam {
3466 		struct floppy_struct g;	/* geometry */
3467 		struct format_descr f;
3468 		struct floppy_max_errors max_errors;
3469 		struct floppy_drive_params dp;
3470 	} inparam;		/* parameters coming from user space */
3471 	const void *outparam;	/* parameters passed back to user space */
3472 
3473 	/* convert compatibility eject ioctls into floppy eject ioctl.
3474 	 * We do this in order to provide a means to eject floppy disks before
3475 	 * installing the new fdutils package */
3476 	if (cmd == CDROMEJECT ||	/* CD-ROM eject */
3477 	    cmd == 0x6470) {		/* SunOS floppy eject */
3478 		DPRINT("obsolete eject ioctl\n");
3479 		DPRINT("please use floppycontrol --eject\n");
3480 		cmd = FDEJECT;
3481 	}
3482 
3483 	if (!((cmd & 0xff00) == 0x0200))
3484 		return -EINVAL;
3485 
3486 	/* convert the old style command into a new style command */
3487 	ret = normalize_ioctl(&cmd, &size);
3488 	if (ret)
3489 		return ret;
3490 
3491 	/* permission checks */
3492 	if (((cmd & 0x40) && !(mode & (FMODE_WRITE | FMODE_WRITE_IOCTL))) ||
3493 	    ((cmd & 0x80) && !capable(CAP_SYS_ADMIN)))
3494 		return -EPERM;
3495 
3496 	if (WARN_ON(size < 0 || size > sizeof(inparam)))
3497 		return -EINVAL;
3498 
3499 	/* copyin */
3500 	memset(&inparam, 0, sizeof(inparam));
3501 	if (_IOC_DIR(cmd) & _IOC_WRITE) {
3502 		ret = fd_copyin((void __user *)param, &inparam, size);
3503 		if (ret)
3504 			return ret;
3505 	}
3506 
3507 	switch (cmd) {
3508 	case FDEJECT:
3509 		if (drive_state[drive].fd_ref != 1)
3510 			/* somebody else has this drive open */
3511 			return -EBUSY;
3512 		if (lock_fdc(drive))
3513 			return -EINTR;
3514 
3515 		/* do the actual eject. Fails on
3516 		 * non-Sparc architectures */
3517 		ret = fd_eject(UNIT(drive));
3518 
3519 		set_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags);
3520 		set_bit(FD_VERIFY_BIT, &drive_state[drive].flags);
3521 		process_fd_request();
3522 		return ret;
3523 	case FDCLRPRM:
3524 		if (lock_fdc(drive))
3525 			return -EINTR;
3526 		current_type[drive] = NULL;
3527 		floppy_sizes[drive] = MAX_DISK_SIZE << 1;
3528 		drive_state[drive].keep_data = 0;
3529 		return invalidate_drive(bdev);
3530 	case FDSETPRM:
3531 	case FDDEFPRM:
3532 		return set_geometry(cmd, &inparam.g, drive, type, bdev);
3533 	case FDGETPRM:
3534 		ret = get_floppy_geometry(drive, type,
3535 					  (struct floppy_struct **)&outparam);
3536 		if (ret)
3537 			return ret;
3538 		memcpy(&inparam.g, outparam,
3539 				offsetof(struct floppy_struct, name));
3540 		outparam = &inparam.g;
3541 		break;
3542 	case FDMSGON:
3543 		drive_params[drive].flags |= FTD_MSG;
3544 		return 0;
3545 	case FDMSGOFF:
3546 		drive_params[drive].flags &= ~FTD_MSG;
3547 		return 0;
3548 	case FDFMTBEG:
3549 		if (lock_fdc(drive))
3550 			return -EINTR;
3551 		if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
3552 			return -EINTR;
3553 		ret = drive_state[drive].flags;
3554 		process_fd_request();
3555 		if (ret & FD_VERIFY)
3556 			return -ENODEV;
3557 		if (!(ret & FD_DISK_WRITABLE))
3558 			return -EROFS;
3559 		return 0;
3560 	case FDFMTTRK:
3561 		if (drive_state[drive].fd_ref != 1)
3562 			return -EBUSY;
3563 		return do_format(drive, &inparam.f);
3564 	case FDFMTEND:
3565 	case FDFLUSH:
3566 		if (lock_fdc(drive))
3567 			return -EINTR;
3568 		return invalidate_drive(bdev);
3569 	case FDSETEMSGTRESH:
3570 		drive_params[drive].max_errors.reporting = (unsigned short)(param & 0x0f);
3571 		return 0;
3572 	case FDGETMAXERRS:
3573 		outparam = &drive_params[drive].max_errors;
3574 		break;
3575 	case FDSETMAXERRS:
3576 		drive_params[drive].max_errors = inparam.max_errors;
3577 		break;
3578 	case FDGETDRVTYP:
3579 		outparam = drive_name(type, drive);
3580 		SUPBOUND(size, strlen((const char *)outparam) + 1);
3581 		break;
3582 	case FDSETDRVPRM:
3583 		if (!valid_floppy_drive_params(inparam.dp.autodetect,
3584 				inparam.dp.native_format))
3585 			return -EINVAL;
3586 		drive_params[drive] = inparam.dp;
3587 		break;
3588 	case FDGETDRVPRM:
3589 		outparam = &drive_params[drive];
3590 		break;
3591 	case FDPOLLDRVSTAT:
3592 		if (lock_fdc(drive))
3593 			return -EINTR;
3594 		if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
3595 			return -EINTR;
3596 		process_fd_request();
3597 		fallthrough;
3598 	case FDGETDRVSTAT:
3599 		outparam = &drive_state[drive];
3600 		break;
3601 	case FDRESET:
3602 		return user_reset_fdc(drive, (int)param, true);
3603 	case FDGETFDCSTAT:
3604 		outparam = &fdc_state[FDC(drive)];
3605 		break;
3606 	case FDWERRORCLR:
3607 		memset(&write_errors[drive], 0, sizeof(write_errors[drive]));
3608 		return 0;
3609 	case FDWERRORGET:
3610 		outparam = &write_errors[drive];
3611 		break;
3612 	case FDRAWCMD:
3613 		if (type)
3614 			return -EINVAL;
3615 		if (lock_fdc(drive))
3616 			return -EINTR;
3617 		set_floppy(drive);
3618 		i = raw_cmd_ioctl(cmd, (void __user *)param);
3619 		if (i == -EINTR)
3620 			return -EINTR;
3621 		process_fd_request();
3622 		return i;
3623 	case FDTWADDLE:
3624 		if (lock_fdc(drive))
3625 			return -EINTR;
3626 		twaddle(current_fdc, current_drive);
3627 		process_fd_request();
3628 		return 0;
3629 	default:
3630 		return -EINVAL;
3631 	}
3632 
3633 	if (_IOC_DIR(cmd) & _IOC_READ)
3634 		return fd_copyout((void __user *)param, outparam, size);
3635 
3636 	return 0;
3637 }
3638 
fd_ioctl(struct block_device * bdev,fmode_t mode,unsigned int cmd,unsigned long param)3639 static int fd_ioctl(struct block_device *bdev, fmode_t mode,
3640 			     unsigned int cmd, unsigned long param)
3641 {
3642 	int ret;
3643 
3644 	mutex_lock(&floppy_mutex);
3645 	ret = fd_locked_ioctl(bdev, mode, cmd, param);
3646 	mutex_unlock(&floppy_mutex);
3647 
3648 	return ret;
3649 }
3650 
3651 #ifdef CONFIG_COMPAT
3652 
3653 struct compat_floppy_drive_params {
3654 	char		cmos;
3655 	compat_ulong_t	max_dtr;
3656 	compat_ulong_t	hlt;
3657 	compat_ulong_t	hut;
3658 	compat_ulong_t	srt;
3659 	compat_ulong_t	spinup;
3660 	compat_ulong_t	spindown;
3661 	unsigned char	spindown_offset;
3662 	unsigned char	select_delay;
3663 	unsigned char	rps;
3664 	unsigned char	tracks;
3665 	compat_ulong_t	timeout;
3666 	unsigned char	interleave_sect;
3667 	struct floppy_max_errors max_errors;
3668 	char		flags;
3669 	char		read_track;
3670 	short		autodetect[FD_AUTODETECT_SIZE];
3671 	compat_int_t	checkfreq;
3672 	compat_int_t	native_format;
3673 };
3674 
3675 struct compat_floppy_drive_struct {
3676 	signed char	flags;
3677 	compat_ulong_t	spinup_date;
3678 	compat_ulong_t	select_date;
3679 	compat_ulong_t	first_read_date;
3680 	short		probed_format;
3681 	short		track;
3682 	short		maxblock;
3683 	short		maxtrack;
3684 	compat_int_t	generation;
3685 	compat_int_t	keep_data;
3686 	compat_int_t	fd_ref;
3687 	compat_int_t	fd_device;
3688 	compat_int_t	last_checked;
3689 	compat_caddr_t dmabuf;
3690 	compat_int_t	bufblocks;
3691 };
3692 
3693 struct compat_floppy_fdc_state {
3694 	compat_int_t	spec1;
3695 	compat_int_t	spec2;
3696 	compat_int_t	dtr;
3697 	unsigned char	version;
3698 	unsigned char	dor;
3699 	compat_ulong_t	address;
3700 	unsigned int	rawcmd:2;
3701 	unsigned int	reset:1;
3702 	unsigned int	need_configure:1;
3703 	unsigned int	perp_mode:2;
3704 	unsigned int	has_fifo:1;
3705 	unsigned int	driver_version;
3706 	unsigned char	track[4];
3707 };
3708 
3709 struct compat_floppy_write_errors {
3710 	unsigned int	write_errors;
3711 	compat_ulong_t	first_error_sector;
3712 	compat_int_t	first_error_generation;
3713 	compat_ulong_t	last_error_sector;
3714 	compat_int_t	last_error_generation;
3715 	compat_uint_t	badness;
3716 };
3717 
3718 #define FDSETPRM32 _IOW(2, 0x42, struct compat_floppy_struct)
3719 #define FDDEFPRM32 _IOW(2, 0x43, struct compat_floppy_struct)
3720 #define FDSETDRVPRM32 _IOW(2, 0x90, struct compat_floppy_drive_params)
3721 #define FDGETDRVPRM32 _IOR(2, 0x11, struct compat_floppy_drive_params)
3722 #define FDGETDRVSTAT32 _IOR(2, 0x12, struct compat_floppy_drive_struct)
3723 #define FDPOLLDRVSTAT32 _IOR(2, 0x13, struct compat_floppy_drive_struct)
3724 #define FDGETFDCSTAT32 _IOR(2, 0x15, struct compat_floppy_fdc_state)
3725 #define FDWERRORGET32  _IOR(2, 0x17, struct compat_floppy_write_errors)
3726 
compat_set_geometry(struct block_device * bdev,fmode_t mode,unsigned int cmd,struct compat_floppy_struct __user * arg)3727 static int compat_set_geometry(struct block_device *bdev, fmode_t mode, unsigned int cmd,
3728 		    struct compat_floppy_struct __user *arg)
3729 {
3730 	struct floppy_struct v;
3731 	int drive, type;
3732 	int err;
3733 
3734 	BUILD_BUG_ON(offsetof(struct floppy_struct, name) !=
3735 		     offsetof(struct compat_floppy_struct, name));
3736 
3737 	if (!(mode & (FMODE_WRITE | FMODE_WRITE_IOCTL)))
3738 		return -EPERM;
3739 
3740 	memset(&v, 0, sizeof(struct floppy_struct));
3741 	if (copy_from_user(&v, arg, offsetof(struct floppy_struct, name)))
3742 		return -EFAULT;
3743 
3744 	mutex_lock(&floppy_mutex);
3745 	drive = (long)bdev->bd_disk->private_data;
3746 	type = ITYPE(drive_state[drive].fd_device);
3747 	err = set_geometry(cmd == FDSETPRM32 ? FDSETPRM : FDDEFPRM,
3748 			&v, drive, type, bdev);
3749 	mutex_unlock(&floppy_mutex);
3750 	return err;
3751 }
3752 
compat_get_prm(int drive,struct compat_floppy_struct __user * arg)3753 static int compat_get_prm(int drive,
3754 			  struct compat_floppy_struct __user *arg)
3755 {
3756 	struct compat_floppy_struct v;
3757 	struct floppy_struct *p;
3758 	int err;
3759 
3760 	memset(&v, 0, sizeof(v));
3761 	mutex_lock(&floppy_mutex);
3762 	err = get_floppy_geometry(drive, ITYPE(drive_state[drive].fd_device),
3763 				  &p);
3764 	if (err) {
3765 		mutex_unlock(&floppy_mutex);
3766 		return err;
3767 	}
3768 	memcpy(&v, p, offsetof(struct floppy_struct, name));
3769 	mutex_unlock(&floppy_mutex);
3770 	if (copy_to_user(arg, &v, sizeof(struct compat_floppy_struct)))
3771 		return -EFAULT;
3772 	return 0;
3773 }
3774 
compat_setdrvprm(int drive,struct compat_floppy_drive_params __user * arg)3775 static int compat_setdrvprm(int drive,
3776 			    struct compat_floppy_drive_params __user *arg)
3777 {
3778 	struct compat_floppy_drive_params v;
3779 
3780 	if (!capable(CAP_SYS_ADMIN))
3781 		return -EPERM;
3782 	if (copy_from_user(&v, arg, sizeof(struct compat_floppy_drive_params)))
3783 		return -EFAULT;
3784 	if (!valid_floppy_drive_params(v.autodetect, v.native_format))
3785 		return -EINVAL;
3786 	mutex_lock(&floppy_mutex);
3787 	drive_params[drive].cmos = v.cmos;
3788 	drive_params[drive].max_dtr = v.max_dtr;
3789 	drive_params[drive].hlt = v.hlt;
3790 	drive_params[drive].hut = v.hut;
3791 	drive_params[drive].srt = v.srt;
3792 	drive_params[drive].spinup = v.spinup;
3793 	drive_params[drive].spindown = v.spindown;
3794 	drive_params[drive].spindown_offset = v.spindown_offset;
3795 	drive_params[drive].select_delay = v.select_delay;
3796 	drive_params[drive].rps = v.rps;
3797 	drive_params[drive].tracks = v.tracks;
3798 	drive_params[drive].timeout = v.timeout;
3799 	drive_params[drive].interleave_sect = v.interleave_sect;
3800 	drive_params[drive].max_errors = v.max_errors;
3801 	drive_params[drive].flags = v.flags;
3802 	drive_params[drive].read_track = v.read_track;
3803 	memcpy(drive_params[drive].autodetect, v.autodetect,
3804 	       sizeof(v.autodetect));
3805 	drive_params[drive].checkfreq = v.checkfreq;
3806 	drive_params[drive].native_format = v.native_format;
3807 	mutex_unlock(&floppy_mutex);
3808 	return 0;
3809 }
3810 
compat_getdrvprm(int drive,struct compat_floppy_drive_params __user * arg)3811 static int compat_getdrvprm(int drive,
3812 			    struct compat_floppy_drive_params __user *arg)
3813 {
3814 	struct compat_floppy_drive_params v;
3815 
3816 	memset(&v, 0, sizeof(struct compat_floppy_drive_params));
3817 	mutex_lock(&floppy_mutex);
3818 	v.cmos = drive_params[drive].cmos;
3819 	v.max_dtr = drive_params[drive].max_dtr;
3820 	v.hlt = drive_params[drive].hlt;
3821 	v.hut = drive_params[drive].hut;
3822 	v.srt = drive_params[drive].srt;
3823 	v.spinup = drive_params[drive].spinup;
3824 	v.spindown = drive_params[drive].spindown;
3825 	v.spindown_offset = drive_params[drive].spindown_offset;
3826 	v.select_delay = drive_params[drive].select_delay;
3827 	v.rps = drive_params[drive].rps;
3828 	v.tracks = drive_params[drive].tracks;
3829 	v.timeout = drive_params[drive].timeout;
3830 	v.interleave_sect = drive_params[drive].interleave_sect;
3831 	v.max_errors = drive_params[drive].max_errors;
3832 	v.flags = drive_params[drive].flags;
3833 	v.read_track = drive_params[drive].read_track;
3834 	memcpy(v.autodetect, drive_params[drive].autodetect,
3835 	       sizeof(v.autodetect));
3836 	v.checkfreq = drive_params[drive].checkfreq;
3837 	v.native_format = drive_params[drive].native_format;
3838 	mutex_unlock(&floppy_mutex);
3839 
3840 	if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_params)))
3841 		return -EFAULT;
3842 	return 0;
3843 }
3844 
compat_getdrvstat(int drive,bool poll,struct compat_floppy_drive_struct __user * arg)3845 static int compat_getdrvstat(int drive, bool poll,
3846 			    struct compat_floppy_drive_struct __user *arg)
3847 {
3848 	struct compat_floppy_drive_struct v;
3849 
3850 	memset(&v, 0, sizeof(struct compat_floppy_drive_struct));
3851 	mutex_lock(&floppy_mutex);
3852 
3853 	if (poll) {
3854 		if (lock_fdc(drive))
3855 			goto Eintr;
3856 		if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
3857 			goto Eintr;
3858 		process_fd_request();
3859 	}
3860 	v.spinup_date = drive_state[drive].spinup_date;
3861 	v.select_date = drive_state[drive].select_date;
3862 	v.first_read_date = drive_state[drive].first_read_date;
3863 	v.probed_format = drive_state[drive].probed_format;
3864 	v.track = drive_state[drive].track;
3865 	v.maxblock = drive_state[drive].maxblock;
3866 	v.maxtrack = drive_state[drive].maxtrack;
3867 	v.generation = drive_state[drive].generation;
3868 	v.keep_data = drive_state[drive].keep_data;
3869 	v.fd_ref = drive_state[drive].fd_ref;
3870 	v.fd_device = drive_state[drive].fd_device;
3871 	v.last_checked = drive_state[drive].last_checked;
3872 	v.dmabuf = (uintptr_t) drive_state[drive].dmabuf;
3873 	v.bufblocks = drive_state[drive].bufblocks;
3874 	mutex_unlock(&floppy_mutex);
3875 
3876 	if (copy_to_user(arg, &v, sizeof(struct compat_floppy_drive_struct)))
3877 		return -EFAULT;
3878 	return 0;
3879 Eintr:
3880 	mutex_unlock(&floppy_mutex);
3881 	return -EINTR;
3882 }
3883 
compat_getfdcstat(int drive,struct compat_floppy_fdc_state __user * arg)3884 static int compat_getfdcstat(int drive,
3885 			    struct compat_floppy_fdc_state __user *arg)
3886 {
3887 	struct compat_floppy_fdc_state v32;
3888 	struct floppy_fdc_state v;
3889 
3890 	mutex_lock(&floppy_mutex);
3891 	v = fdc_state[FDC(drive)];
3892 	mutex_unlock(&floppy_mutex);
3893 
3894 	memset(&v32, 0, sizeof(struct compat_floppy_fdc_state));
3895 	v32.spec1 = v.spec1;
3896 	v32.spec2 = v.spec2;
3897 	v32.dtr = v.dtr;
3898 	v32.version = v.version;
3899 	v32.dor = v.dor;
3900 	v32.address = v.address;
3901 	v32.rawcmd = v.rawcmd;
3902 	v32.reset = v.reset;
3903 	v32.need_configure = v.need_configure;
3904 	v32.perp_mode = v.perp_mode;
3905 	v32.has_fifo = v.has_fifo;
3906 	v32.driver_version = v.driver_version;
3907 	memcpy(v32.track, v.track, 4);
3908 	if (copy_to_user(arg, &v32, sizeof(struct compat_floppy_fdc_state)))
3909 		return -EFAULT;
3910 	return 0;
3911 }
3912 
compat_werrorget(int drive,struct compat_floppy_write_errors __user * arg)3913 static int compat_werrorget(int drive,
3914 			    struct compat_floppy_write_errors __user *arg)
3915 {
3916 	struct compat_floppy_write_errors v32;
3917 	struct floppy_write_errors v;
3918 
3919 	memset(&v32, 0, sizeof(struct compat_floppy_write_errors));
3920 	mutex_lock(&floppy_mutex);
3921 	v = write_errors[drive];
3922 	mutex_unlock(&floppy_mutex);
3923 	v32.write_errors = v.write_errors;
3924 	v32.first_error_sector = v.first_error_sector;
3925 	v32.first_error_generation = v.first_error_generation;
3926 	v32.last_error_sector = v.last_error_sector;
3927 	v32.last_error_generation = v.last_error_generation;
3928 	v32.badness = v.badness;
3929 	if (copy_to_user(arg, &v32, sizeof(struct compat_floppy_write_errors)))
3930 		return -EFAULT;
3931 	return 0;
3932 }
3933 
fd_compat_ioctl(struct block_device * bdev,fmode_t mode,unsigned int cmd,unsigned long param)3934 static int fd_compat_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd,
3935 		    unsigned long param)
3936 {
3937 	int drive = (long)bdev->bd_disk->private_data;
3938 	switch (cmd) {
3939 	case CDROMEJECT: /* CD-ROM eject */
3940 	case 0x6470:	 /* SunOS floppy eject */
3941 
3942 	case FDMSGON:
3943 	case FDMSGOFF:
3944 	case FDSETEMSGTRESH:
3945 	case FDFLUSH:
3946 	case FDWERRORCLR:
3947 	case FDEJECT:
3948 	case FDCLRPRM:
3949 	case FDFMTBEG:
3950 	case FDRESET:
3951 	case FDTWADDLE:
3952 		return fd_ioctl(bdev, mode, cmd, param);
3953 	case FDSETMAXERRS:
3954 	case FDGETMAXERRS:
3955 	case FDGETDRVTYP:
3956 	case FDFMTEND:
3957 	case FDFMTTRK:
3958 	case FDRAWCMD:
3959 		return fd_ioctl(bdev, mode, cmd,
3960 				(unsigned long)compat_ptr(param));
3961 	case FDSETPRM32:
3962 	case FDDEFPRM32:
3963 		return compat_set_geometry(bdev, mode, cmd, compat_ptr(param));
3964 	case FDGETPRM32:
3965 		return compat_get_prm(drive, compat_ptr(param));
3966 	case FDSETDRVPRM32:
3967 		return compat_setdrvprm(drive, compat_ptr(param));
3968 	case FDGETDRVPRM32:
3969 		return compat_getdrvprm(drive, compat_ptr(param));
3970 	case FDPOLLDRVSTAT32:
3971 		return compat_getdrvstat(drive, true, compat_ptr(param));
3972 	case FDGETDRVSTAT32:
3973 		return compat_getdrvstat(drive, false, compat_ptr(param));
3974 	case FDGETFDCSTAT32:
3975 		return compat_getfdcstat(drive, compat_ptr(param));
3976 	case FDWERRORGET32:
3977 		return compat_werrorget(drive, compat_ptr(param));
3978 	}
3979 	return -EINVAL;
3980 }
3981 #endif
3982 
config_types(void)3983 static void __init config_types(void)
3984 {
3985 	bool has_drive = false;
3986 	int drive;
3987 
3988 	/* read drive info out of physical CMOS */
3989 	drive = 0;
3990 	if (!drive_params[drive].cmos)
3991 		drive_params[drive].cmos = FLOPPY0_TYPE;
3992 	drive = 1;
3993 	if (!drive_params[drive].cmos)
3994 		drive_params[drive].cmos = FLOPPY1_TYPE;
3995 
3996 	/* FIXME: additional physical CMOS drive detection should go here */
3997 
3998 	for (drive = 0; drive < N_DRIVE; drive++) {
3999 		unsigned int type = drive_params[drive].cmos;
4000 		struct floppy_drive_params *params;
4001 		const char *name = NULL;
4002 		char temparea[32];
4003 
4004 		if (type < ARRAY_SIZE(default_drive_params)) {
4005 			params = &default_drive_params[type].params;
4006 			if (type) {
4007 				name = default_drive_params[type].name;
4008 				allowed_drive_mask |= 1 << drive;
4009 			} else
4010 				allowed_drive_mask &= ~(1 << drive);
4011 		} else {
4012 			params = &default_drive_params[0].params;
4013 			snprintf(temparea, sizeof(temparea),
4014 				 "unknown type %d (usb?)", type);
4015 			name = temparea;
4016 		}
4017 		if (name) {
4018 			const char *prepend;
4019 			if (!has_drive) {
4020 				prepend = "";
4021 				has_drive = true;
4022 				pr_info("Floppy drive(s):");
4023 			} else {
4024 				prepend = ",";
4025 			}
4026 
4027 			pr_cont("%s fd%d is %s", prepend, drive, name);
4028 		}
4029 		drive_params[drive] = *params;
4030 	}
4031 
4032 	if (has_drive)
4033 		pr_cont("\n");
4034 }
4035 
floppy_release(struct gendisk * disk,fmode_t mode)4036 static void floppy_release(struct gendisk *disk, fmode_t mode)
4037 {
4038 	int drive = (long)disk->private_data;
4039 
4040 	mutex_lock(&floppy_mutex);
4041 	mutex_lock(&open_lock);
4042 	if (!drive_state[drive].fd_ref--) {
4043 		DPRINT("floppy_release with fd_ref == 0");
4044 		drive_state[drive].fd_ref = 0;
4045 	}
4046 	if (!drive_state[drive].fd_ref)
4047 		opened_bdev[drive] = NULL;
4048 	mutex_unlock(&open_lock);
4049 	mutex_unlock(&floppy_mutex);
4050 }
4051 
4052 /*
4053  * floppy_open check for aliasing (/dev/fd0 can be the same as
4054  * /dev/PS0 etc), and disallows simultaneous access to the same
4055  * drive with different device numbers.
4056  */
floppy_open(struct block_device * bdev,fmode_t mode)4057 static int floppy_open(struct block_device *bdev, fmode_t mode)
4058 {
4059 	int drive = (long)bdev->bd_disk->private_data;
4060 	int old_dev, new_dev;
4061 	int try;
4062 	int res = -EBUSY;
4063 	char *tmp;
4064 
4065 	mutex_lock(&floppy_mutex);
4066 	mutex_lock(&open_lock);
4067 	old_dev = drive_state[drive].fd_device;
4068 	if (opened_bdev[drive] && opened_bdev[drive] != bdev)
4069 		goto out2;
4070 
4071 	if (!drive_state[drive].fd_ref && (drive_params[drive].flags & FD_BROKEN_DCL)) {
4072 		set_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags);
4073 		set_bit(FD_VERIFY_BIT, &drive_state[drive].flags);
4074 	}
4075 
4076 	drive_state[drive].fd_ref++;
4077 
4078 	opened_bdev[drive] = bdev;
4079 
4080 	res = -ENXIO;
4081 
4082 	if (!floppy_track_buffer) {
4083 		/* if opening an ED drive, reserve a big buffer,
4084 		 * else reserve a small one */
4085 		if ((drive_params[drive].cmos == 6) || (drive_params[drive].cmos == 5))
4086 			try = 64;	/* Only 48 actually useful */
4087 		else
4088 			try = 32;	/* Only 24 actually useful */
4089 
4090 		tmp = (char *)fd_dma_mem_alloc(1024 * try);
4091 		if (!tmp && !floppy_track_buffer) {
4092 			try >>= 1;	/* buffer only one side */
4093 			INFBOUND(try, 16);
4094 			tmp = (char *)fd_dma_mem_alloc(1024 * try);
4095 		}
4096 		if (!tmp && !floppy_track_buffer)
4097 			fallback_on_nodma_alloc(&tmp, 2048 * try);
4098 		if (!tmp && !floppy_track_buffer) {
4099 			DPRINT("Unable to allocate DMA memory\n");
4100 			goto out;
4101 		}
4102 		if (floppy_track_buffer) {
4103 			if (tmp)
4104 				fd_dma_mem_free((unsigned long)tmp, try * 1024);
4105 		} else {
4106 			buffer_min = buffer_max = -1;
4107 			floppy_track_buffer = tmp;
4108 			max_buffer_sectors = try;
4109 		}
4110 	}
4111 
4112 	new_dev = MINOR(bdev->bd_dev);
4113 	drive_state[drive].fd_device = new_dev;
4114 	set_capacity(disks[drive], floppy_sizes[new_dev]);
4115 	if (old_dev != -1 && old_dev != new_dev) {
4116 		if (buffer_drive == drive)
4117 			buffer_track = -1;
4118 	}
4119 
4120 	if (fdc_state[FDC(drive)].rawcmd == 1)
4121 		fdc_state[FDC(drive)].rawcmd = 2;
4122 
4123 	if (!(mode & FMODE_NDELAY)) {
4124 		if (mode & (FMODE_READ|FMODE_WRITE)) {
4125 			drive_state[drive].last_checked = 0;
4126 			clear_bit(FD_OPEN_SHOULD_FAIL_BIT,
4127 				  &drive_state[drive].flags);
4128 			if (bdev_check_media_change(bdev))
4129 				floppy_revalidate(bdev->bd_disk);
4130 			if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags))
4131 				goto out;
4132 			if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &drive_state[drive].flags))
4133 				goto out;
4134 		}
4135 		res = -EROFS;
4136 		if ((mode & FMODE_WRITE) &&
4137 		    !test_bit(FD_DISK_WRITABLE_BIT, &drive_state[drive].flags))
4138 			goto out;
4139 	}
4140 	mutex_unlock(&open_lock);
4141 	mutex_unlock(&floppy_mutex);
4142 	return 0;
4143 out:
4144 	drive_state[drive].fd_ref--;
4145 
4146 	if (!drive_state[drive].fd_ref)
4147 		opened_bdev[drive] = NULL;
4148 out2:
4149 	mutex_unlock(&open_lock);
4150 	mutex_unlock(&floppy_mutex);
4151 	return res;
4152 }
4153 
4154 /*
4155  * Check if the disk has been changed or if a change has been faked.
4156  */
floppy_check_events(struct gendisk * disk,unsigned int clearing)4157 static unsigned int floppy_check_events(struct gendisk *disk,
4158 					unsigned int clearing)
4159 {
4160 	int drive = (long)disk->private_data;
4161 
4162 	if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags) ||
4163 	    test_bit(FD_VERIFY_BIT, &drive_state[drive].flags))
4164 		return DISK_EVENT_MEDIA_CHANGE;
4165 
4166 	if (time_after(jiffies, drive_state[drive].last_checked + drive_params[drive].checkfreq)) {
4167 		if (lock_fdc(drive))
4168 			return 0;
4169 		poll_drive(false, 0);
4170 		process_fd_request();
4171 	}
4172 
4173 	if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags) ||
4174 	    test_bit(FD_VERIFY_BIT, &drive_state[drive].flags) ||
4175 	    test_bit(drive, &fake_change) ||
4176 	    drive_no_geom(drive))
4177 		return DISK_EVENT_MEDIA_CHANGE;
4178 	return 0;
4179 }
4180 
4181 /*
4182  * This implements "read block 0" for floppy_revalidate().
4183  * Needed for format autodetection, checking whether there is
4184  * a disk in the drive, and whether that disk is writable.
4185  */
4186 
4187 struct rb0_cbdata {
4188 	int drive;
4189 	struct completion complete;
4190 };
4191 
floppy_rb0_cb(struct bio * bio)4192 static void floppy_rb0_cb(struct bio *bio)
4193 {
4194 	struct rb0_cbdata *cbdata = (struct rb0_cbdata *)bio->bi_private;
4195 	int drive = cbdata->drive;
4196 
4197 	if (bio->bi_status) {
4198 		pr_info("floppy: error %d while reading block 0\n",
4199 			bio->bi_status);
4200 		set_bit(FD_OPEN_SHOULD_FAIL_BIT, &drive_state[drive].flags);
4201 	}
4202 	complete(&cbdata->complete);
4203 }
4204 
__floppy_read_block_0(struct block_device * bdev,int drive)4205 static int __floppy_read_block_0(struct block_device *bdev, int drive)
4206 {
4207 	struct bio bio;
4208 	struct bio_vec bio_vec;
4209 	struct page *page;
4210 	struct rb0_cbdata cbdata;
4211 
4212 	page = alloc_page(GFP_NOIO);
4213 	if (!page) {
4214 		process_fd_request();
4215 		return -ENOMEM;
4216 	}
4217 
4218 	cbdata.drive = drive;
4219 
4220 	bio_init(&bio, &bio_vec, 1);
4221 	bio_set_dev(&bio, bdev);
4222 	bio_add_page(&bio, page, block_size(bdev), 0);
4223 
4224 	bio.bi_iter.bi_sector = 0;
4225 	bio.bi_flags |= (1 << BIO_QUIET);
4226 	bio.bi_private = &cbdata;
4227 	bio.bi_end_io = floppy_rb0_cb;
4228 	bio_set_op_attrs(&bio, REQ_OP_READ, 0);
4229 
4230 	init_completion(&cbdata.complete);
4231 
4232 	submit_bio(&bio);
4233 	process_fd_request();
4234 
4235 	wait_for_completion(&cbdata.complete);
4236 
4237 	__free_page(page);
4238 
4239 	return 0;
4240 }
4241 
4242 /* revalidate the floppy disk, i.e. trigger format autodetection by reading
4243  * the bootblock (block 0). "Autodetection" is also needed to check whether
4244  * there is a disk in the drive at all... Thus we also do it for fixed
4245  * geometry formats */
floppy_revalidate(struct gendisk * disk)4246 static int floppy_revalidate(struct gendisk *disk)
4247 {
4248 	int drive = (long)disk->private_data;
4249 	int cf;
4250 	int res = 0;
4251 
4252 	if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags) ||
4253 	    test_bit(FD_VERIFY_BIT, &drive_state[drive].flags) ||
4254 	    test_bit(drive, &fake_change) ||
4255 	    drive_no_geom(drive)) {
4256 		if (WARN(atomic_read(&usage_count) == 0,
4257 			 "VFS: revalidate called on non-open device.\n"))
4258 			return -EFAULT;
4259 
4260 		res = lock_fdc(drive);
4261 		if (res)
4262 			return res;
4263 		cf = (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags) ||
4264 		      test_bit(FD_VERIFY_BIT, &drive_state[drive].flags));
4265 		if (!(cf || test_bit(drive, &fake_change) || drive_no_geom(drive))) {
4266 			process_fd_request();	/*already done by another thread */
4267 			return 0;
4268 		}
4269 		drive_state[drive].maxblock = 0;
4270 		drive_state[drive].maxtrack = 0;
4271 		if (buffer_drive == drive)
4272 			buffer_track = -1;
4273 		clear_bit(drive, &fake_change);
4274 		clear_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags);
4275 		if (cf)
4276 			drive_state[drive].generation++;
4277 		if (drive_no_geom(drive)) {
4278 			/* auto-sensing */
4279 			res = __floppy_read_block_0(opened_bdev[drive], drive);
4280 		} else {
4281 			if (cf)
4282 				poll_drive(false, FD_RAW_NEED_DISK);
4283 			process_fd_request();
4284 		}
4285 	}
4286 	set_capacity(disk, floppy_sizes[drive_state[drive].fd_device]);
4287 	return res;
4288 }
4289 
4290 static const struct block_device_operations floppy_fops = {
4291 	.owner			= THIS_MODULE,
4292 	.open			= floppy_open,
4293 	.release		= floppy_release,
4294 	.ioctl			= fd_ioctl,
4295 	.getgeo			= fd_getgeo,
4296 	.check_events		= floppy_check_events,
4297 #ifdef CONFIG_COMPAT
4298 	.compat_ioctl		= fd_compat_ioctl,
4299 #endif
4300 };
4301 
4302 /*
4303  * Floppy Driver initialization
4304  * =============================
4305  */
4306 
4307 /* Determine the floppy disk controller type */
4308 /* This routine was written by David C. Niemi */
get_fdc_version(int fdc)4309 static char __init get_fdc_version(int fdc)
4310 {
4311 	int r;
4312 
4313 	output_byte(fdc, FD_DUMPREGS);	/* 82072 and better know DUMPREGS */
4314 	if (fdc_state[fdc].reset)
4315 		return FDC_NONE;
4316 	r = result(fdc);
4317 	if (r <= 0x00)
4318 		return FDC_NONE;	/* No FDC present ??? */
4319 	if ((r == 1) && (reply_buffer[0] == 0x80)) {
4320 		pr_info("FDC %d is an 8272A\n", fdc);
4321 		return FDC_8272A;	/* 8272a/765 don't know DUMPREGS */
4322 	}
4323 	if (r != 10) {
4324 		pr_info("FDC %d init: DUMPREGS: unexpected return of %d bytes.\n",
4325 			fdc, r);
4326 		return FDC_UNKNOWN;
4327 	}
4328 
4329 	if (!fdc_configure(fdc)) {
4330 		pr_info("FDC %d is an 82072\n", fdc);
4331 		return FDC_82072;	/* 82072 doesn't know CONFIGURE */
4332 	}
4333 
4334 	output_byte(fdc, FD_PERPENDICULAR);
4335 	if (need_more_output(fdc) == MORE_OUTPUT) {
4336 		output_byte(fdc, 0);
4337 	} else {
4338 		pr_info("FDC %d is an 82072A\n", fdc);
4339 		return FDC_82072A;	/* 82072A as found on Sparcs. */
4340 	}
4341 
4342 	output_byte(fdc, FD_UNLOCK);
4343 	r = result(fdc);
4344 	if ((r == 1) && (reply_buffer[0] == 0x80)) {
4345 		pr_info("FDC %d is a pre-1991 82077\n", fdc);
4346 		return FDC_82077_ORIG;	/* Pre-1991 82077, doesn't know
4347 					 * LOCK/UNLOCK */
4348 	}
4349 	if ((r != 1) || (reply_buffer[0] != 0x00)) {
4350 		pr_info("FDC %d init: UNLOCK: unexpected return of %d bytes.\n",
4351 			fdc, r);
4352 		return FDC_UNKNOWN;
4353 	}
4354 	output_byte(fdc, FD_PARTID);
4355 	r = result(fdc);
4356 	if (r != 1) {
4357 		pr_info("FDC %d init: PARTID: unexpected return of %d bytes.\n",
4358 			fdc, r);
4359 		return FDC_UNKNOWN;
4360 	}
4361 	if (reply_buffer[0] == 0x80) {
4362 		pr_info("FDC %d is a post-1991 82077\n", fdc);
4363 		return FDC_82077;	/* Revised 82077AA passes all the tests */
4364 	}
4365 	switch (reply_buffer[0] >> 5) {
4366 	case 0x0:
4367 		/* Either a 82078-1 or a 82078SL running at 5Volt */
4368 		pr_info("FDC %d is an 82078.\n", fdc);
4369 		return FDC_82078;
4370 	case 0x1:
4371 		pr_info("FDC %d is a 44pin 82078\n", fdc);
4372 		return FDC_82078;
4373 	case 0x2:
4374 		pr_info("FDC %d is a S82078B\n", fdc);
4375 		return FDC_S82078B;
4376 	case 0x3:
4377 		pr_info("FDC %d is a National Semiconductor PC87306\n", fdc);
4378 		return FDC_87306;
4379 	default:
4380 		pr_info("FDC %d init: 82078 variant with unknown PARTID=%d.\n",
4381 			fdc, reply_buffer[0] >> 5);
4382 		return FDC_82078_UNKN;
4383 	}
4384 }				/* get_fdc_version */
4385 
4386 /* lilo configuration */
4387 
floppy_set_flags(int * ints,int param,int param2)4388 static void __init floppy_set_flags(int *ints, int param, int param2)
4389 {
4390 	int i;
4391 
4392 	for (i = 0; i < ARRAY_SIZE(default_drive_params); i++) {
4393 		if (param)
4394 			default_drive_params[i].params.flags |= param2;
4395 		else
4396 			default_drive_params[i].params.flags &= ~param2;
4397 	}
4398 	DPRINT("%s flag 0x%x\n", param2 ? "Setting" : "Clearing", param);
4399 }
4400 
daring(int * ints,int param,int param2)4401 static void __init daring(int *ints, int param, int param2)
4402 {
4403 	int i;
4404 
4405 	for (i = 0; i < ARRAY_SIZE(default_drive_params); i++) {
4406 		if (param) {
4407 			default_drive_params[i].params.select_delay = 0;
4408 			default_drive_params[i].params.flags |=
4409 			    FD_SILENT_DCL_CLEAR;
4410 		} else {
4411 			default_drive_params[i].params.select_delay =
4412 			    2 * HZ / 100;
4413 			default_drive_params[i].params.flags &=
4414 			    ~FD_SILENT_DCL_CLEAR;
4415 		}
4416 	}
4417 	DPRINT("Assuming %s floppy hardware\n", param ? "standard" : "broken");
4418 }
4419 
set_cmos(int * ints,int dummy,int dummy2)4420 static void __init set_cmos(int *ints, int dummy, int dummy2)
4421 {
4422 	int current_drive = 0;
4423 
4424 	if (ints[0] != 2) {
4425 		DPRINT("wrong number of parameters for CMOS\n");
4426 		return;
4427 	}
4428 	current_drive = ints[1];
4429 	if (current_drive < 0 || current_drive >= 8) {
4430 		DPRINT("bad drive for set_cmos\n");
4431 		return;
4432 	}
4433 #if N_FDC > 1
4434 	if (current_drive >= 4 && !FDC2)
4435 		FDC2 = 0x370;
4436 #endif
4437 	drive_params[current_drive].cmos = ints[2];
4438 	DPRINT("setting CMOS code to %d\n", ints[2]);
4439 }
4440 
4441 static struct param_table {
4442 	const char *name;
4443 	void (*fn) (int *ints, int param, int param2);
4444 	int *var;
4445 	int def_param;
4446 	int param2;
4447 } config_params[] __initdata = {
4448 	{"allowed_drive_mask", NULL, &allowed_drive_mask, 0xff, 0}, /* obsolete */
4449 	{"all_drives", NULL, &allowed_drive_mask, 0xff, 0},	/* obsolete */
4450 	{"asus_pci", NULL, &allowed_drive_mask, 0x33, 0},
4451 	{"irq", NULL, &FLOPPY_IRQ, 6, 0},
4452 	{"dma", NULL, &FLOPPY_DMA, 2, 0},
4453 	{"daring", daring, NULL, 1, 0},
4454 #if N_FDC > 1
4455 	{"two_fdc", NULL, &FDC2, 0x370, 0},
4456 	{"one_fdc", NULL, &FDC2, 0, 0},
4457 #endif
4458 	{"thinkpad", floppy_set_flags, NULL, 1, FD_INVERTED_DCL},
4459 	{"broken_dcl", floppy_set_flags, NULL, 1, FD_BROKEN_DCL},
4460 	{"messages", floppy_set_flags, NULL, 1, FTD_MSG},
4461 	{"silent_dcl_clear", floppy_set_flags, NULL, 1, FD_SILENT_DCL_CLEAR},
4462 	{"debug", floppy_set_flags, NULL, 1, FD_DEBUG},
4463 	{"nodma", NULL, &can_use_virtual_dma, 1, 0},
4464 	{"omnibook", NULL, &can_use_virtual_dma, 1, 0},
4465 	{"yesdma", NULL, &can_use_virtual_dma, 0, 0},
4466 	{"fifo_depth", NULL, &fifo_depth, 0xa, 0},
4467 	{"nofifo", NULL, &no_fifo, 0x20, 0},
4468 	{"usefifo", NULL, &no_fifo, 0, 0},
4469 	{"cmos", set_cmos, NULL, 0, 0},
4470 	{"slow", NULL, &slow_floppy, 1, 0},
4471 	{"unexpected_interrupts", NULL, &print_unex, 1, 0},
4472 	{"no_unexpected_interrupts", NULL, &print_unex, 0, 0},
4473 	{"L40SX", NULL, &print_unex, 0, 0}
4474 
4475 	EXTRA_FLOPPY_PARAMS
4476 };
4477 
floppy_setup(char * str)4478 static int __init floppy_setup(char *str)
4479 {
4480 	int i;
4481 	int param;
4482 	int ints[11];
4483 
4484 	str = get_options(str, ARRAY_SIZE(ints), ints);
4485 	if (str) {
4486 		for (i = 0; i < ARRAY_SIZE(config_params); i++) {
4487 			if (strcmp(str, config_params[i].name) == 0) {
4488 				if (ints[0])
4489 					param = ints[1];
4490 				else
4491 					param = config_params[i].def_param;
4492 				if (config_params[i].fn)
4493 					config_params[i].fn(ints, param,
4494 							    config_params[i].
4495 							    param2);
4496 				if (config_params[i].var) {
4497 					DPRINT("%s=%d\n", str, param);
4498 					*config_params[i].var = param;
4499 				}
4500 				return 1;
4501 			}
4502 		}
4503 	}
4504 	if (str) {
4505 		DPRINT("unknown floppy option [%s]\n", str);
4506 
4507 		DPRINT("allowed options are:");
4508 		for (i = 0; i < ARRAY_SIZE(config_params); i++)
4509 			pr_cont(" %s", config_params[i].name);
4510 		pr_cont("\n");
4511 	} else
4512 		DPRINT("botched floppy option\n");
4513 	DPRINT("Read Documentation/admin-guide/blockdev/floppy.rst\n");
4514 	return 0;
4515 }
4516 
4517 static int have_no_fdc = -ENODEV;
4518 
floppy_cmos_show(struct device * dev,struct device_attribute * attr,char * buf)4519 static ssize_t floppy_cmos_show(struct device *dev,
4520 				struct device_attribute *attr, char *buf)
4521 {
4522 	struct platform_device *p = to_platform_device(dev);
4523 	int drive;
4524 
4525 	drive = p->id;
4526 	return sprintf(buf, "%X\n", drive_params[drive].cmos);
4527 }
4528 
4529 static DEVICE_ATTR(cmos, 0444, floppy_cmos_show, NULL);
4530 
4531 static struct attribute *floppy_dev_attrs[] = {
4532 	&dev_attr_cmos.attr,
4533 	NULL
4534 };
4535 
4536 ATTRIBUTE_GROUPS(floppy_dev);
4537 
floppy_device_release(struct device * dev)4538 static void floppy_device_release(struct device *dev)
4539 {
4540 }
4541 
floppy_resume(struct device * dev)4542 static int floppy_resume(struct device *dev)
4543 {
4544 	int fdc;
4545 	int saved_drive;
4546 
4547 	saved_drive = current_drive;
4548 	for (fdc = 0; fdc < N_FDC; fdc++)
4549 		if (fdc_state[fdc].address != -1)
4550 			user_reset_fdc(REVDRIVE(fdc, 0), FD_RESET_ALWAYS, false);
4551 	set_fdc(saved_drive);
4552 	return 0;
4553 }
4554 
4555 static const struct dev_pm_ops floppy_pm_ops = {
4556 	.resume = floppy_resume,
4557 	.restore = floppy_resume,
4558 };
4559 
4560 static struct platform_driver floppy_driver = {
4561 	.driver = {
4562 		   .name = "floppy",
4563 		   .pm = &floppy_pm_ops,
4564 	},
4565 };
4566 
4567 static const struct blk_mq_ops floppy_mq_ops = {
4568 	.queue_rq = floppy_queue_rq,
4569 };
4570 
4571 static struct platform_device floppy_device[N_DRIVE];
4572 
floppy_available(int drive)4573 static bool floppy_available(int drive)
4574 {
4575 	if (!(allowed_drive_mask & (1 << drive)))
4576 		return false;
4577 	if (fdc_state[FDC(drive)].version == FDC_NONE)
4578 		return false;
4579 	return true;
4580 }
4581 
floppy_find(dev_t dev,int * part,void * data)4582 static struct kobject *floppy_find(dev_t dev, int *part, void *data)
4583 {
4584 	int drive = (*part & 3) | ((*part & 0x80) >> 5);
4585 	if (drive >= N_DRIVE || !floppy_available(drive))
4586 		return NULL;
4587 	if (((*part >> 2) & 0x1f) >= ARRAY_SIZE(floppy_type))
4588 		return NULL;
4589 	*part = 0;
4590 	return get_disk_and_module(disks[drive]);
4591 }
4592 
do_floppy_init(void)4593 static int __init do_floppy_init(void)
4594 {
4595 	int i, unit, drive, err;
4596 
4597 	set_debugt();
4598 	interruptjiffies = resultjiffies = jiffies;
4599 
4600 #if defined(CONFIG_PPC)
4601 	if (check_legacy_ioport(FDC1))
4602 		return -ENODEV;
4603 #endif
4604 
4605 	raw_cmd = NULL;
4606 
4607 	floppy_wq = alloc_ordered_workqueue("floppy", 0);
4608 	if (!floppy_wq)
4609 		return -ENOMEM;
4610 
4611 	for (drive = 0; drive < N_DRIVE; drive++) {
4612 		disks[drive] = alloc_disk(1);
4613 		if (!disks[drive]) {
4614 			err = -ENOMEM;
4615 			goto out_put_disk;
4616 		}
4617 
4618 		disks[drive]->queue = blk_mq_init_sq_queue(&tag_sets[drive],
4619 							   &floppy_mq_ops, 2,
4620 							   BLK_MQ_F_SHOULD_MERGE);
4621 		if (IS_ERR(disks[drive]->queue)) {
4622 			err = PTR_ERR(disks[drive]->queue);
4623 			disks[drive]->queue = NULL;
4624 			goto out_put_disk;
4625 		}
4626 
4627 		blk_queue_bounce_limit(disks[drive]->queue, BLK_BOUNCE_HIGH);
4628 		blk_queue_max_hw_sectors(disks[drive]->queue, 64);
4629 		disks[drive]->major = FLOPPY_MAJOR;
4630 		disks[drive]->first_minor = TOMINOR(drive);
4631 		disks[drive]->fops = &floppy_fops;
4632 		disks[drive]->events = DISK_EVENT_MEDIA_CHANGE;
4633 		sprintf(disks[drive]->disk_name, "fd%d", drive);
4634 
4635 		timer_setup(&motor_off_timer[drive], motor_off_callback, 0);
4636 	}
4637 
4638 	err = register_blkdev(FLOPPY_MAJOR, "fd");
4639 	if (err)
4640 		goto out_put_disk;
4641 
4642 	err = platform_driver_register(&floppy_driver);
4643 	if (err)
4644 		goto out_unreg_blkdev;
4645 
4646 	blk_register_region(MKDEV(FLOPPY_MAJOR, 0), 256, THIS_MODULE,
4647 			    floppy_find, NULL, NULL);
4648 
4649 	for (i = 0; i < 256; i++)
4650 		if (ITYPE(i))
4651 			floppy_sizes[i] = floppy_type[ITYPE(i)].size;
4652 		else
4653 			floppy_sizes[i] = MAX_DISK_SIZE << 1;
4654 
4655 	reschedule_timeout(MAXTIMEOUT, "floppy init");
4656 	config_types();
4657 
4658 	for (i = 0; i < N_FDC; i++) {
4659 		memset(&fdc_state[i], 0, sizeof(*fdc_state));
4660 		fdc_state[i].dtr = -1;
4661 		fdc_state[i].dor = 0x4;
4662 #if defined(__sparc__) || defined(__mc68000__)
4663 	/*sparcs/sun3x don't have a DOR reset which we can fall back on to */
4664 #ifdef __mc68000__
4665 		if (MACH_IS_SUN3X)
4666 #endif
4667 			fdc_state[i].version = FDC_82072A;
4668 #endif
4669 	}
4670 
4671 	use_virtual_dma = can_use_virtual_dma & 1;
4672 	fdc_state[0].address = FDC1;
4673 	if (fdc_state[0].address == -1) {
4674 		cancel_delayed_work(&fd_timeout);
4675 		err = -ENODEV;
4676 		goto out_unreg_region;
4677 	}
4678 #if N_FDC > 1
4679 	fdc_state[1].address = FDC2;
4680 #endif
4681 
4682 	current_fdc = 0;	/* reset fdc in case of unexpected interrupt */
4683 	err = floppy_grab_irq_and_dma();
4684 	if (err) {
4685 		cancel_delayed_work(&fd_timeout);
4686 		err = -EBUSY;
4687 		goto out_unreg_region;
4688 	}
4689 
4690 	/* initialise drive state */
4691 	for (drive = 0; drive < N_DRIVE; drive++) {
4692 		memset(&drive_state[drive], 0, sizeof(drive_state[drive]));
4693 		memset(&write_errors[drive], 0, sizeof(write_errors[drive]));
4694 		set_bit(FD_DISK_NEWCHANGE_BIT, &drive_state[drive].flags);
4695 		set_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags);
4696 		set_bit(FD_VERIFY_BIT, &drive_state[drive].flags);
4697 		drive_state[drive].fd_device = -1;
4698 		floppy_track_buffer = NULL;
4699 		max_buffer_sectors = 0;
4700 	}
4701 	/*
4702 	 * Small 10 msec delay to let through any interrupt that
4703 	 * initialization might have triggered, to not
4704 	 * confuse detection:
4705 	 */
4706 	msleep(10);
4707 
4708 	for (i = 0; i < N_FDC; i++) {
4709 		fdc_state[i].driver_version = FD_DRIVER_VERSION;
4710 		for (unit = 0; unit < 4; unit++)
4711 			fdc_state[i].track[unit] = 0;
4712 		if (fdc_state[i].address == -1)
4713 			continue;
4714 		fdc_state[i].rawcmd = 2;
4715 		if (user_reset_fdc(REVDRIVE(i, 0), FD_RESET_ALWAYS, false)) {
4716 			/* free ioports reserved by floppy_grab_irq_and_dma() */
4717 			floppy_release_regions(i);
4718 			fdc_state[i].address = -1;
4719 			fdc_state[i].version = FDC_NONE;
4720 			continue;
4721 		}
4722 		/* Try to determine the floppy controller type */
4723 		fdc_state[i].version = get_fdc_version(i);
4724 		if (fdc_state[i].version == FDC_NONE) {
4725 			/* free ioports reserved by floppy_grab_irq_and_dma() */
4726 			floppy_release_regions(i);
4727 			fdc_state[i].address = -1;
4728 			continue;
4729 		}
4730 		if (can_use_virtual_dma == 2 &&
4731 		    fdc_state[i].version < FDC_82072A)
4732 			can_use_virtual_dma = 0;
4733 
4734 		have_no_fdc = 0;
4735 		/* Not all FDCs seem to be able to handle the version command
4736 		 * properly, so force a reset for the standard FDC clones,
4737 		 * to avoid interrupt garbage.
4738 		 */
4739 		user_reset_fdc(REVDRIVE(i, 0), FD_RESET_ALWAYS, false);
4740 	}
4741 	current_fdc = 0;
4742 	cancel_delayed_work(&fd_timeout);
4743 	current_drive = 0;
4744 	initialized = true;
4745 	if (have_no_fdc) {
4746 		DPRINT("no floppy controllers found\n");
4747 		err = have_no_fdc;
4748 		goto out_release_dma;
4749 	}
4750 
4751 	for (drive = 0; drive < N_DRIVE; drive++) {
4752 		if (!floppy_available(drive))
4753 			continue;
4754 
4755 		floppy_device[drive].name = floppy_device_name;
4756 		floppy_device[drive].id = drive;
4757 		floppy_device[drive].dev.release = floppy_device_release;
4758 		floppy_device[drive].dev.groups = floppy_dev_groups;
4759 
4760 		err = platform_device_register(&floppy_device[drive]);
4761 		if (err)
4762 			goto out_remove_drives;
4763 
4764 		/* to be cleaned up... */
4765 		disks[drive]->private_data = (void *)(long)drive;
4766 		disks[drive]->flags |= GENHD_FL_REMOVABLE;
4767 		device_add_disk(&floppy_device[drive].dev, disks[drive], NULL);
4768 	}
4769 
4770 	return 0;
4771 
4772 out_remove_drives:
4773 	while (drive--) {
4774 		if (floppy_available(drive)) {
4775 			del_gendisk(disks[drive]);
4776 			platform_device_unregister(&floppy_device[drive]);
4777 		}
4778 	}
4779 out_release_dma:
4780 	if (atomic_read(&usage_count))
4781 		floppy_release_irq_and_dma();
4782 out_unreg_region:
4783 	blk_unregister_region(MKDEV(FLOPPY_MAJOR, 0), 256);
4784 	platform_driver_unregister(&floppy_driver);
4785 out_unreg_blkdev:
4786 	unregister_blkdev(FLOPPY_MAJOR, "fd");
4787 out_put_disk:
4788 	destroy_workqueue(floppy_wq);
4789 	for (drive = 0; drive < N_DRIVE; drive++) {
4790 		if (!disks[drive])
4791 			break;
4792 		if (disks[drive]->queue) {
4793 			del_timer_sync(&motor_off_timer[drive]);
4794 			blk_cleanup_queue(disks[drive]->queue);
4795 			disks[drive]->queue = NULL;
4796 			blk_mq_free_tag_set(&tag_sets[drive]);
4797 		}
4798 		put_disk(disks[drive]);
4799 	}
4800 	return err;
4801 }
4802 
4803 #ifndef MODULE
floppy_async_init(void * data,async_cookie_t cookie)4804 static __init void floppy_async_init(void *data, async_cookie_t cookie)
4805 {
4806 	do_floppy_init();
4807 }
4808 #endif
4809 
floppy_init(void)4810 static int __init floppy_init(void)
4811 {
4812 #ifdef MODULE
4813 	return do_floppy_init();
4814 #else
4815 	/* Don't hold up the bootup by the floppy initialization */
4816 	async_schedule(floppy_async_init, NULL);
4817 	return 0;
4818 #endif
4819 }
4820 
4821 static const struct io_region {
4822 	int offset;
4823 	int size;
4824 } io_regions[] = {
4825 	{ 2, 1 },
4826 	/* address + 3 is sometimes reserved by pnp bios for motherboard */
4827 	{ 4, 2 },
4828 	/* address + 6 is reserved, and may be taken by IDE.
4829 	 * Unfortunately, Adaptec doesn't know this :-(, */
4830 	{ 7, 1 },
4831 };
4832 
floppy_release_allocated_regions(int fdc,const struct io_region * p)4833 static void floppy_release_allocated_regions(int fdc, const struct io_region *p)
4834 {
4835 	while (p != io_regions) {
4836 		p--;
4837 		release_region(fdc_state[fdc].address + p->offset, p->size);
4838 	}
4839 }
4840 
4841 #define ARRAY_END(X) (&((X)[ARRAY_SIZE(X)]))
4842 
floppy_request_regions(int fdc)4843 static int floppy_request_regions(int fdc)
4844 {
4845 	const struct io_region *p;
4846 
4847 	for (p = io_regions; p < ARRAY_END(io_regions); p++) {
4848 		if (!request_region(fdc_state[fdc].address + p->offset,
4849 				    p->size, "floppy")) {
4850 			DPRINT("Floppy io-port 0x%04lx in use\n",
4851 			       fdc_state[fdc].address + p->offset);
4852 			floppy_release_allocated_regions(fdc, p);
4853 			return -EBUSY;
4854 		}
4855 	}
4856 	return 0;
4857 }
4858 
floppy_release_regions(int fdc)4859 static void floppy_release_regions(int fdc)
4860 {
4861 	floppy_release_allocated_regions(fdc, ARRAY_END(io_regions));
4862 }
4863 
floppy_grab_irq_and_dma(void)4864 static int floppy_grab_irq_and_dma(void)
4865 {
4866 	int fdc;
4867 
4868 	if (atomic_inc_return(&usage_count) > 1)
4869 		return 0;
4870 
4871 	/*
4872 	 * We might have scheduled a free_irq(), wait it to
4873 	 * drain first:
4874 	 */
4875 	flush_workqueue(floppy_wq);
4876 
4877 	if (fd_request_irq()) {
4878 		DPRINT("Unable to grab IRQ%d for the floppy driver\n",
4879 		       FLOPPY_IRQ);
4880 		atomic_dec(&usage_count);
4881 		return -1;
4882 	}
4883 	if (fd_request_dma()) {
4884 		DPRINT("Unable to grab DMA%d for the floppy driver\n",
4885 		       FLOPPY_DMA);
4886 		if (can_use_virtual_dma & 2)
4887 			use_virtual_dma = can_use_virtual_dma = 1;
4888 		if (!(can_use_virtual_dma & 1)) {
4889 			fd_free_irq();
4890 			atomic_dec(&usage_count);
4891 			return -1;
4892 		}
4893 	}
4894 
4895 	for (fdc = 0; fdc < N_FDC; fdc++) {
4896 		if (fdc_state[fdc].address != -1) {
4897 			if (floppy_request_regions(fdc))
4898 				goto cleanup;
4899 		}
4900 	}
4901 	for (fdc = 0; fdc < N_FDC; fdc++) {
4902 		if (fdc_state[fdc].address != -1) {
4903 			reset_fdc_info(fdc, 1);
4904 			fdc_outb(fdc_state[fdc].dor, fdc, FD_DOR);
4905 		}
4906 	}
4907 
4908 	set_dor(0, ~0, 8);	/* avoid immediate interrupt */
4909 
4910 	for (fdc = 0; fdc < N_FDC; fdc++)
4911 		if (fdc_state[fdc].address != -1)
4912 			fdc_outb(fdc_state[fdc].dor, fdc, FD_DOR);
4913 	/*
4914 	 * The driver will try and free resources and relies on us
4915 	 * to know if they were allocated or not.
4916 	 */
4917 	current_fdc = 0;
4918 	irqdma_allocated = 1;
4919 	return 0;
4920 cleanup:
4921 	fd_free_irq();
4922 	fd_free_dma();
4923 	while (--fdc >= 0)
4924 		floppy_release_regions(fdc);
4925 	current_fdc = 0;
4926 	atomic_dec(&usage_count);
4927 	return -1;
4928 }
4929 
floppy_release_irq_and_dma(void)4930 static void floppy_release_irq_and_dma(void)
4931 {
4932 	int fdc;
4933 #ifndef __sparc__
4934 	int drive;
4935 #endif
4936 	long tmpsize;
4937 	unsigned long tmpaddr;
4938 
4939 	if (!atomic_dec_and_test(&usage_count))
4940 		return;
4941 
4942 	if (irqdma_allocated) {
4943 		fd_disable_dma();
4944 		fd_free_dma();
4945 		fd_free_irq();
4946 		irqdma_allocated = 0;
4947 	}
4948 	set_dor(0, ~0, 8);
4949 #if N_FDC > 1
4950 	set_dor(1, ~8, 0);
4951 #endif
4952 
4953 	if (floppy_track_buffer && max_buffer_sectors) {
4954 		tmpsize = max_buffer_sectors * 1024;
4955 		tmpaddr = (unsigned long)floppy_track_buffer;
4956 		floppy_track_buffer = NULL;
4957 		max_buffer_sectors = 0;
4958 		buffer_min = buffer_max = -1;
4959 		fd_dma_mem_free(tmpaddr, tmpsize);
4960 	}
4961 #ifndef __sparc__
4962 	for (drive = 0; drive < N_FDC * 4; drive++)
4963 		if (timer_pending(motor_off_timer + drive))
4964 			pr_info("motor off timer %d still active\n", drive);
4965 #endif
4966 
4967 	if (delayed_work_pending(&fd_timeout))
4968 		pr_info("floppy timer still active:%s\n", timeout_message);
4969 	if (delayed_work_pending(&fd_timer))
4970 		pr_info("auxiliary floppy timer still active\n");
4971 	if (work_pending(&floppy_work))
4972 		pr_info("work still pending\n");
4973 	for (fdc = 0; fdc < N_FDC; fdc++)
4974 		if (fdc_state[fdc].address != -1)
4975 			floppy_release_regions(fdc);
4976 }
4977 
4978 #ifdef MODULE
4979 
4980 static char *floppy;
4981 
parse_floppy_cfg_string(char * cfg)4982 static void __init parse_floppy_cfg_string(char *cfg)
4983 {
4984 	char *ptr;
4985 
4986 	while (*cfg) {
4987 		ptr = cfg;
4988 		while (*cfg && *cfg != ' ' && *cfg != '\t')
4989 			cfg++;
4990 		if (*cfg) {
4991 			*cfg = '\0';
4992 			cfg++;
4993 		}
4994 		if (*ptr)
4995 			floppy_setup(ptr);
4996 	}
4997 }
4998 
floppy_module_init(void)4999 static int __init floppy_module_init(void)
5000 {
5001 	if (floppy)
5002 		parse_floppy_cfg_string(floppy);
5003 	return floppy_init();
5004 }
5005 module_init(floppy_module_init);
5006 
floppy_module_exit(void)5007 static void __exit floppy_module_exit(void)
5008 {
5009 	int drive;
5010 
5011 	blk_unregister_region(MKDEV(FLOPPY_MAJOR, 0), 256);
5012 	unregister_blkdev(FLOPPY_MAJOR, "fd");
5013 	platform_driver_unregister(&floppy_driver);
5014 
5015 	destroy_workqueue(floppy_wq);
5016 
5017 	for (drive = 0; drive < N_DRIVE; drive++) {
5018 		del_timer_sync(&motor_off_timer[drive]);
5019 
5020 		if (floppy_available(drive)) {
5021 			del_gendisk(disks[drive]);
5022 			platform_device_unregister(&floppy_device[drive]);
5023 		}
5024 		blk_cleanup_queue(disks[drive]->queue);
5025 		blk_mq_free_tag_set(&tag_sets[drive]);
5026 
5027 		/*
5028 		 * These disks have not called add_disk().  Don't put down
5029 		 * queue reference in put_disk().
5030 		 */
5031 		if (!(allowed_drive_mask & (1 << drive)) ||
5032 		    fdc_state[FDC(drive)].version == FDC_NONE)
5033 			disks[drive]->queue = NULL;
5034 
5035 		put_disk(disks[drive]);
5036 	}
5037 
5038 	cancel_delayed_work_sync(&fd_timeout);
5039 	cancel_delayed_work_sync(&fd_timer);
5040 
5041 	if (atomic_read(&usage_count))
5042 		floppy_release_irq_and_dma();
5043 
5044 	/* eject disk, if any */
5045 	fd_eject(0);
5046 }
5047 
5048 module_exit(floppy_module_exit);
5049 
5050 module_param(floppy, charp, 0);
5051 module_param(FLOPPY_IRQ, int, 0);
5052 module_param(FLOPPY_DMA, int, 0);
5053 MODULE_AUTHOR("Alain L. Knaff");
5054 MODULE_SUPPORTED_DEVICE("fd");
5055 MODULE_LICENSE("GPL");
5056 
5057 /* This doesn't actually get used other than for module information */
5058 static const struct pnp_device_id floppy_pnpids[] = {
5059 	{"PNP0700", 0},
5060 	{}
5061 };
5062 
5063 MODULE_DEVICE_TABLE(pnp, floppy_pnpids);
5064 
5065 #else
5066 
5067 __setup("floppy=", floppy_setup);
5068 module_init(floppy_init)
5069 #endif
5070 
5071 MODULE_ALIAS_BLOCKDEV_MAJOR(FLOPPY_MAJOR);
5072