1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * dvb_ca.c: generic DVB functions for EN50221 CAM interfaces
4 *
5 * Copyright (C) 2004 Andrew de Quincey
6 *
7 * Parts of this file were based on sources as follows:
8 *
9 * Copyright (C) 2003 Ralph Metzler <rjkm@metzlerbros.de>
10 *
11 * based on code:
12 *
13 * Copyright (C) 1999-2002 Ralph Metzler
14 * & Marcus Metzler for convergence integrated media GmbH
15 */
16
17 #define pr_fmt(fmt) "dvb_ca_en50221: " fmt
18
19 #include <linux/errno.h>
20 #include <linux/slab.h>
21 #include <linux/list.h>
22 #include <linux/module.h>
23 #include <linux/nospec.h>
24 #include <linux/vmalloc.h>
25 #include <linux/delay.h>
26 #include <linux/spinlock.h>
27 #include <linux/sched/signal.h>
28 #include <linux/kthread.h>
29
30 #include <media/dvb_ca_en50221.h>
31 #include <media/dvb_ringbuffer.h>
32
33 static int dvb_ca_en50221_debug;
34
35 module_param_named(cam_debug, dvb_ca_en50221_debug, int, 0644);
36 MODULE_PARM_DESC(cam_debug, "enable verbose debug messages");
37
38 #define dprintk(fmt, arg...) do { \
39 if (dvb_ca_en50221_debug) \
40 printk(KERN_DEBUG pr_fmt("%s: " fmt), __func__, ##arg);\
41 } while (0)
42
43 #define INIT_TIMEOUT_SECS 10
44
45 #define HOST_LINK_BUF_SIZE 0x200
46
47 #define RX_BUFFER_SIZE 65535
48
49 #define MAX_RX_PACKETS_PER_ITERATION 10
50
51 #define CTRLIF_DATA 0
52 #define CTRLIF_COMMAND 1
53 #define CTRLIF_STATUS 1
54 #define CTRLIF_SIZE_LOW 2
55 #define CTRLIF_SIZE_HIGH 3
56
57 #define CMDREG_HC 1 /* Host control */
58 #define CMDREG_SW 2 /* Size write */
59 #define CMDREG_SR 4 /* Size read */
60 #define CMDREG_RS 8 /* Reset interface */
61 #define CMDREG_FRIE 0x40 /* Enable FR interrupt */
62 #define CMDREG_DAIE 0x80 /* Enable DA interrupt */
63 #define IRQEN (CMDREG_DAIE)
64
65 #define STATUSREG_RE 1 /* read error */
66 #define STATUSREG_WE 2 /* write error */
67 #define STATUSREG_FR 0x40 /* module free */
68 #define STATUSREG_DA 0x80 /* data available */
69
70 #define DVB_CA_SLOTSTATE_NONE 0
71 #define DVB_CA_SLOTSTATE_UNINITIALISED 1
72 #define DVB_CA_SLOTSTATE_RUNNING 2
73 #define DVB_CA_SLOTSTATE_INVALID 3
74 #define DVB_CA_SLOTSTATE_WAITREADY 4
75 #define DVB_CA_SLOTSTATE_VALIDATE 5
76 #define DVB_CA_SLOTSTATE_WAITFR 6
77 #define DVB_CA_SLOTSTATE_LINKINIT 7
78
79 /* Information on a CA slot */
80 struct dvb_ca_slot {
81 /* current state of the CAM */
82 int slot_state;
83
84 /* mutex used for serializing access to one CI slot */
85 struct mutex slot_lock;
86
87 /* Number of CAMCHANGES that have occurred since last processing */
88 atomic_t camchange_count;
89
90 /* Type of last CAMCHANGE */
91 int camchange_type;
92
93 /* base address of CAM config */
94 u32 config_base;
95
96 /* value to write into Config Control register */
97 u8 config_option;
98
99 /* if 1, the CAM supports DA IRQs */
100 u8 da_irq_supported:1;
101
102 /* size of the buffer to use when talking to the CAM */
103 int link_buf_size;
104
105 /* buffer for incoming packets */
106 struct dvb_ringbuffer rx_buffer;
107
108 /* timer used during various states of the slot */
109 unsigned long timeout;
110 };
111
112 /* Private CA-interface information */
113 struct dvb_ca_private {
114 struct kref refcount;
115
116 /* pointer back to the public data structure */
117 struct dvb_ca_en50221 *pub;
118
119 /* the DVB device */
120 struct dvb_device *dvbdev;
121
122 /* Flags describing the interface (DVB_CA_FLAG_*) */
123 u32 flags;
124
125 /* number of slots supported by this CA interface */
126 unsigned int slot_count;
127
128 /* information on each slot */
129 struct dvb_ca_slot *slot_info;
130
131 /* wait queues for read() and write() operations */
132 wait_queue_head_t wait_queue;
133
134 /* PID of the monitoring thread */
135 struct task_struct *thread;
136
137 /* Flag indicating if the CA device is open */
138 unsigned int open:1;
139
140 /* Flag indicating the thread should wake up now */
141 unsigned int wakeup:1;
142
143 /* Delay the main thread should use */
144 unsigned long delay;
145
146 /*
147 * Slot to start looking for data to read from in the next user-space
148 * read operation
149 */
150 int next_read_slot;
151
152 /* mutex serializing ioctls */
153 struct mutex ioctl_mutex;
154
155 /* A mutex used when a device is disconnected */
156 struct mutex remove_mutex;
157
158 /* Whether the device is disconnected */
159 int exit;
160 };
161
dvb_ca_private_free(struct dvb_ca_private * ca)162 static void dvb_ca_private_free(struct dvb_ca_private *ca)
163 {
164 unsigned int i;
165
166 dvb_device_put(ca->dvbdev);
167 for (i = 0; i < ca->slot_count; i++)
168 vfree(ca->slot_info[i].rx_buffer.data);
169
170 kfree(ca->slot_info);
171 kfree(ca);
172 }
173
dvb_ca_private_release(struct kref * ref)174 static void dvb_ca_private_release(struct kref *ref)
175 {
176 struct dvb_ca_private *ca;
177
178 ca = container_of(ref, struct dvb_ca_private, refcount);
179 dvb_ca_private_free(ca);
180 }
181
dvb_ca_private_get(struct dvb_ca_private * ca)182 static void dvb_ca_private_get(struct dvb_ca_private *ca)
183 {
184 kref_get(&ca->refcount);
185 }
186
dvb_ca_private_put(struct dvb_ca_private * ca)187 static void dvb_ca_private_put(struct dvb_ca_private *ca)
188 {
189 kref_put(&ca->refcount, dvb_ca_private_release);
190 }
191
192 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca);
193 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
194 u8 *ebuf, int ecount);
195 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
196 u8 *ebuf, int ecount, int size_write_flag);
197
198 /**
199 * findstr - Safely find needle in haystack.
200 *
201 * @haystack: Buffer to look in.
202 * @hlen: Number of bytes in haystack.
203 * @needle: Buffer to find.
204 * @nlen: Number of bytes in needle.
205 * return: Pointer into haystack needle was found at, or NULL if not found.
206 */
findstr(char * haystack,int hlen,char * needle,int nlen)207 static char *findstr(char *haystack, int hlen, char *needle, int nlen)
208 {
209 int i;
210
211 if (hlen < nlen)
212 return NULL;
213
214 for (i = 0; i <= hlen - nlen; i++) {
215 if (!strncmp(haystack + i, needle, nlen))
216 return haystack + i;
217 }
218
219 return NULL;
220 }
221
222 /* ************************************************************************** */
223 /* EN50221 physical interface functions */
224
225 /*
226 * dvb_ca_en50221_check_camstatus - Check CAM status.
227 */
dvb_ca_en50221_check_camstatus(struct dvb_ca_private * ca,int slot)228 static int dvb_ca_en50221_check_camstatus(struct dvb_ca_private *ca, int slot)
229 {
230 struct dvb_ca_slot *sl = &ca->slot_info[slot];
231 int slot_status;
232 int cam_present_now;
233 int cam_changed;
234
235 /* IRQ mode */
236 if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
237 return (atomic_read(&sl->camchange_count) != 0);
238
239 /* poll mode */
240 slot_status = ca->pub->poll_slot_status(ca->pub, slot, ca->open);
241
242 cam_present_now = (slot_status & DVB_CA_EN50221_POLL_CAM_PRESENT) ? 1 : 0;
243 cam_changed = (slot_status & DVB_CA_EN50221_POLL_CAM_CHANGED) ? 1 : 0;
244 if (!cam_changed) {
245 int cam_present_old = (sl->slot_state != DVB_CA_SLOTSTATE_NONE);
246
247 cam_changed = (cam_present_now != cam_present_old);
248 }
249
250 if (cam_changed) {
251 if (!cam_present_now)
252 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
253 else
254 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_INSERTED;
255 atomic_set(&sl->camchange_count, 1);
256 } else {
257 if ((sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) &&
258 (slot_status & DVB_CA_EN50221_POLL_CAM_READY)) {
259 /* move to validate state if reset is completed */
260 sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
261 }
262 }
263
264 return cam_changed;
265 }
266
267 /**
268 * dvb_ca_en50221_wait_if_status - Wait for flags to become set on the STATUS
269 * register on a CAM interface, checking for errors and timeout.
270 *
271 * @ca: CA instance.
272 * @slot: Slot on interface.
273 * @waitfor: Flags to wait for.
274 * @timeout_hz: Timeout in milliseconds.
275 *
276 * return: 0 on success, nonzero on error.
277 */
dvb_ca_en50221_wait_if_status(struct dvb_ca_private * ca,int slot,u8 waitfor,int timeout_hz)278 static int dvb_ca_en50221_wait_if_status(struct dvb_ca_private *ca, int slot,
279 u8 waitfor, int timeout_hz)
280 {
281 unsigned long timeout;
282 unsigned long start;
283
284 dprintk("%s\n", __func__);
285
286 /* loop until timeout elapsed */
287 start = jiffies;
288 timeout = jiffies + timeout_hz;
289 while (1) {
290 int res;
291
292 /* read the status and check for error */
293 res = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
294 if (res < 0)
295 return -EIO;
296
297 /* if we got the flags, it was successful! */
298 if (res & waitfor) {
299 dprintk("%s succeeded timeout:%lu\n",
300 __func__, jiffies - start);
301 return 0;
302 }
303
304 /* check for timeout */
305 if (time_after(jiffies, timeout))
306 break;
307
308 /* wait for a bit */
309 usleep_range(1000, 1100);
310 }
311
312 dprintk("%s failed timeout:%lu\n", __func__, jiffies - start);
313
314 /* if we get here, we've timed out */
315 return -ETIMEDOUT;
316 }
317
318 /**
319 * dvb_ca_en50221_link_init - Initialise the link layer connection to a CAM.
320 *
321 * @ca: CA instance.
322 * @slot: Slot id.
323 *
324 * return: 0 on success, nonzero on failure.
325 */
dvb_ca_en50221_link_init(struct dvb_ca_private * ca,int slot)326 static int dvb_ca_en50221_link_init(struct dvb_ca_private *ca, int slot)
327 {
328 struct dvb_ca_slot *sl = &ca->slot_info[slot];
329 int ret;
330 int buf_size;
331 u8 buf[2];
332
333 dprintk("%s\n", __func__);
334
335 /* we'll be determining these during this function */
336 sl->da_irq_supported = 0;
337
338 /*
339 * set the host link buffer size temporarily. it will be overwritten
340 * with the real negotiated size later.
341 */
342 sl->link_buf_size = 2;
343
344 /* read the buffer size from the CAM */
345 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
346 IRQEN | CMDREG_SR);
347 if (ret)
348 return ret;
349 ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_DA, HZ);
350 if (ret)
351 return ret;
352 ret = dvb_ca_en50221_read_data(ca, slot, buf, 2);
353 if (ret != 2)
354 return -EIO;
355 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
356 if (ret)
357 return ret;
358
359 /*
360 * store it, and choose the minimum of our buffer and the CAM's buffer
361 * size
362 */
363 buf_size = (buf[0] << 8) | buf[1];
364 if (buf_size > HOST_LINK_BUF_SIZE)
365 buf_size = HOST_LINK_BUF_SIZE;
366 sl->link_buf_size = buf_size;
367 buf[0] = buf_size >> 8;
368 buf[1] = buf_size & 0xff;
369 dprintk("Chosen link buffer size of %i\n", buf_size);
370
371 /* write the buffer size to the CAM */
372 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
373 IRQEN | CMDREG_SW);
374 if (ret)
375 return ret;
376 ret = dvb_ca_en50221_wait_if_status(ca, slot, STATUSREG_FR, HZ / 10);
377 if (ret)
378 return ret;
379 ret = dvb_ca_en50221_write_data(ca, slot, buf, 2, CMDREG_SW);
380 if (ret != 2)
381 return -EIO;
382 ret = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
383 if (ret)
384 return ret;
385
386 /* success */
387 return 0;
388 }
389
390 /**
391 * dvb_ca_en50221_read_tuple - Read a tuple from attribute memory.
392 *
393 * @ca: CA instance.
394 * @slot: Slot id.
395 * @address: Address to read from. Updated.
396 * @tuple_type: Tuple id byte. Updated.
397 * @tuple_length: Tuple length. Updated.
398 * @tuple: Dest buffer for tuple (must be 256 bytes). Updated.
399 *
400 * return: 0 on success, nonzero on error.
401 */
dvb_ca_en50221_read_tuple(struct dvb_ca_private * ca,int slot,int * address,int * tuple_type,int * tuple_length,u8 * tuple)402 static int dvb_ca_en50221_read_tuple(struct dvb_ca_private *ca, int slot,
403 int *address, int *tuple_type,
404 int *tuple_length, u8 *tuple)
405 {
406 int i;
407 int _tuple_type;
408 int _tuple_length;
409 int _address = *address;
410
411 /* grab the next tuple length and type */
412 _tuple_type = ca->pub->read_attribute_mem(ca->pub, slot, _address);
413 if (_tuple_type < 0)
414 return _tuple_type;
415 if (_tuple_type == 0xff) {
416 dprintk("END OF CHAIN TUPLE type:0x%x\n", _tuple_type);
417 *address += 2;
418 *tuple_type = _tuple_type;
419 *tuple_length = 0;
420 return 0;
421 }
422 _tuple_length = ca->pub->read_attribute_mem(ca->pub, slot,
423 _address + 2);
424 if (_tuple_length < 0)
425 return _tuple_length;
426 _address += 4;
427
428 dprintk("TUPLE type:0x%x length:%i\n", _tuple_type, _tuple_length);
429
430 /* read in the whole tuple */
431 for (i = 0; i < _tuple_length; i++) {
432 tuple[i] = ca->pub->read_attribute_mem(ca->pub, slot,
433 _address + (i * 2));
434 dprintk(" 0x%02x: 0x%02x %c\n",
435 i, tuple[i] & 0xff,
436 ((tuple[i] > 31) && (tuple[i] < 127)) ? tuple[i] : '.');
437 }
438 _address += (_tuple_length * 2);
439
440 /* success */
441 *tuple_type = _tuple_type;
442 *tuple_length = _tuple_length;
443 *address = _address;
444 return 0;
445 }
446
447 /**
448 * dvb_ca_en50221_parse_attributes - Parse attribute memory of a CAM module,
449 * extracting Config register, and checking it is a DVB CAM module.
450 *
451 * @ca: CA instance.
452 * @slot: Slot id.
453 *
454 * return: 0 on success, <0 on failure.
455 */
dvb_ca_en50221_parse_attributes(struct dvb_ca_private * ca,int slot)456 static int dvb_ca_en50221_parse_attributes(struct dvb_ca_private *ca, int slot)
457 {
458 struct dvb_ca_slot *sl;
459 int address = 0;
460 int tuple_length;
461 int tuple_type;
462 u8 tuple[257];
463 char *dvb_str;
464 int rasz;
465 int status;
466 int got_cftableentry = 0;
467 int end_chain = 0;
468 int i;
469 u16 manfid = 0;
470 u16 devid = 0;
471
472 /* CISTPL_DEVICE_0A */
473 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
474 &tuple_length, tuple);
475 if (status < 0)
476 return status;
477 if (tuple_type != 0x1D)
478 return -EINVAL;
479
480 /* CISTPL_DEVICE_0C */
481 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
482 &tuple_length, tuple);
483 if (status < 0)
484 return status;
485 if (tuple_type != 0x1C)
486 return -EINVAL;
487
488 /* CISTPL_VERS_1 */
489 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
490 &tuple_length, tuple);
491 if (status < 0)
492 return status;
493 if (tuple_type != 0x15)
494 return -EINVAL;
495
496 /* CISTPL_MANFID */
497 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
498 &tuple_length, tuple);
499 if (status < 0)
500 return status;
501 if (tuple_type != 0x20)
502 return -EINVAL;
503 if (tuple_length != 4)
504 return -EINVAL;
505 manfid = (tuple[1] << 8) | tuple[0];
506 devid = (tuple[3] << 8) | tuple[2];
507
508 /* CISTPL_CONFIG */
509 status = dvb_ca_en50221_read_tuple(ca, slot, &address, &tuple_type,
510 &tuple_length, tuple);
511 if (status < 0)
512 return status;
513 if (tuple_type != 0x1A)
514 return -EINVAL;
515 if (tuple_length < 3)
516 return -EINVAL;
517
518 /* extract the configbase */
519 rasz = tuple[0] & 3;
520 if (tuple_length < (3 + rasz + 14))
521 return -EINVAL;
522 sl = &ca->slot_info[slot];
523 sl->config_base = 0;
524 for (i = 0; i < rasz + 1; i++)
525 sl->config_base |= (tuple[2 + i] << (8 * i));
526
527 /* check it contains the correct DVB string */
528 dvb_str = findstr((char *)tuple, tuple_length, "DVB_CI_V", 8);
529 if (!dvb_str)
530 return -EINVAL;
531 if (tuple_length < ((dvb_str - (char *)tuple) + 12))
532 return -EINVAL;
533
534 /* is it a version we support? */
535 if (strncmp(dvb_str + 8, "1.00", 4)) {
536 pr_err("dvb_ca adapter %d: Unsupported DVB CAM module version %c%c%c%c\n",
537 ca->dvbdev->adapter->num, dvb_str[8], dvb_str[9],
538 dvb_str[10], dvb_str[11]);
539 return -EINVAL;
540 }
541
542 /* process the CFTABLE_ENTRY tuples, and any after those */
543 while ((!end_chain) && (address < 0x1000)) {
544 status = dvb_ca_en50221_read_tuple(ca, slot, &address,
545 &tuple_type, &tuple_length,
546 tuple);
547 if (status < 0)
548 return status;
549 switch (tuple_type) {
550 case 0x1B: /* CISTPL_CFTABLE_ENTRY */
551 if (tuple_length < (2 + 11 + 17))
552 break;
553
554 /* if we've already parsed one, just use it */
555 if (got_cftableentry)
556 break;
557
558 /* get the config option */
559 sl->config_option = tuple[0] & 0x3f;
560
561 /* OK, check it contains the correct strings */
562 if (!findstr((char *)tuple, tuple_length,
563 "DVB_HOST", 8) ||
564 !findstr((char *)tuple, tuple_length,
565 "DVB_CI_MODULE", 13))
566 break;
567
568 got_cftableentry = 1;
569 break;
570
571 case 0x14: /* CISTPL_NO_LINK */
572 break;
573
574 case 0xFF: /* CISTPL_END */
575 end_chain = 1;
576 break;
577
578 default: /* Unknown tuple type - just skip this tuple */
579 dprintk("dvb_ca: Skipping unknown tuple type:0x%x length:0x%x\n",
580 tuple_type, tuple_length);
581 break;
582 }
583 }
584
585 if ((address > 0x1000) || (!got_cftableentry))
586 return -EINVAL;
587
588 dprintk("Valid DVB CAM detected MANID:%x DEVID:%x CONFIGBASE:0x%x CONFIGOPTION:0x%x\n",
589 manfid, devid, sl->config_base, sl->config_option);
590
591 /* success! */
592 return 0;
593 }
594
595 /**
596 * dvb_ca_en50221_set_configoption - Set CAM's configoption correctly.
597 *
598 * @ca: CA instance.
599 * @slot: Slot containing the CAM.
600 */
dvb_ca_en50221_set_configoption(struct dvb_ca_private * ca,int slot)601 static int dvb_ca_en50221_set_configoption(struct dvb_ca_private *ca, int slot)
602 {
603 struct dvb_ca_slot *sl = &ca->slot_info[slot];
604 int configoption;
605
606 dprintk("%s\n", __func__);
607
608 /* set the config option */
609 ca->pub->write_attribute_mem(ca->pub, slot, sl->config_base,
610 sl->config_option);
611
612 /* check it */
613 configoption = ca->pub->read_attribute_mem(ca->pub, slot,
614 sl->config_base);
615 dprintk("Set configoption 0x%x, read configoption 0x%x\n",
616 sl->config_option, configoption & 0x3f);
617
618 /* fine! */
619 return 0;
620 }
621
622 /**
623 * dvb_ca_en50221_read_data - This function talks to an EN50221 CAM control
624 * interface. It reads a buffer of data from the CAM. The data can either
625 * be stored in a supplied buffer, or automatically be added to the slot's
626 * rx_buffer.
627 *
628 * @ca: CA instance.
629 * @slot: Slot to read from.
630 * @ebuf: If non-NULL, the data will be written to this buffer. If NULL,
631 * the data will be added into the buffering system as a normal
632 * fragment.
633 * @ecount: Size of ebuf. Ignored if ebuf is NULL.
634 *
635 * return: Number of bytes read, or < 0 on error
636 */
dvb_ca_en50221_read_data(struct dvb_ca_private * ca,int slot,u8 * ebuf,int ecount)637 static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot,
638 u8 *ebuf, int ecount)
639 {
640 struct dvb_ca_slot *sl = &ca->slot_info[slot];
641 int bytes_read;
642 int status;
643 u8 buf[HOST_LINK_BUF_SIZE];
644 int i;
645
646 dprintk("%s\n", __func__);
647
648 /* check if we have space for a link buf in the rx_buffer */
649 if (!ebuf) {
650 int buf_free;
651
652 if (!sl->rx_buffer.data) {
653 status = -EIO;
654 goto exit;
655 }
656 buf_free = dvb_ringbuffer_free(&sl->rx_buffer);
657
658 if (buf_free < (sl->link_buf_size +
659 DVB_RINGBUFFER_PKTHDRSIZE)) {
660 status = -EAGAIN;
661 goto exit;
662 }
663 }
664
665 if (ca->pub->read_data &&
666 (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT)) {
667 if (!ebuf)
668 status = ca->pub->read_data(ca->pub, slot, buf,
669 sizeof(buf));
670 else
671 status = ca->pub->read_data(ca->pub, slot, buf, ecount);
672 if (status < 0)
673 return status;
674 bytes_read = status;
675 if (status == 0)
676 goto exit;
677 } else {
678 /* check if there is data available */
679 status = ca->pub->read_cam_control(ca->pub, slot,
680 CTRLIF_STATUS);
681 if (status < 0)
682 goto exit;
683 if (!(status & STATUSREG_DA)) {
684 /* no data */
685 status = 0;
686 goto exit;
687 }
688
689 /* read the amount of data */
690 status = ca->pub->read_cam_control(ca->pub, slot,
691 CTRLIF_SIZE_HIGH);
692 if (status < 0)
693 goto exit;
694 bytes_read = status << 8;
695 status = ca->pub->read_cam_control(ca->pub, slot,
696 CTRLIF_SIZE_LOW);
697 if (status < 0)
698 goto exit;
699 bytes_read |= status;
700
701 /* check it will fit */
702 if (!ebuf) {
703 if (bytes_read > sl->link_buf_size) {
704 pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the link buffer size (%i > %i)!\n",
705 ca->dvbdev->adapter->num, bytes_read,
706 sl->link_buf_size);
707 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
708 status = -EIO;
709 goto exit;
710 }
711 if (bytes_read < 2) {
712 pr_err("dvb_ca adapter %d: CAM sent a buffer that was less than 2 bytes!\n",
713 ca->dvbdev->adapter->num);
714 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
715 status = -EIO;
716 goto exit;
717 }
718 } else {
719 if (bytes_read > ecount) {
720 pr_err("dvb_ca adapter %d: CAM tried to send a buffer larger than the ecount size!\n",
721 ca->dvbdev->adapter->num);
722 status = -EIO;
723 goto exit;
724 }
725 }
726
727 /* fill the buffer */
728 for (i = 0; i < bytes_read; i++) {
729 /* read byte and check */
730 status = ca->pub->read_cam_control(ca->pub, slot,
731 CTRLIF_DATA);
732 if (status < 0)
733 goto exit;
734
735 /* OK, store it in the buffer */
736 buf[i] = status;
737 }
738
739 /* check for read error (RE should now be 0) */
740 status = ca->pub->read_cam_control(ca->pub, slot,
741 CTRLIF_STATUS);
742 if (status < 0)
743 goto exit;
744 if (status & STATUSREG_RE) {
745 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
746 status = -EIO;
747 goto exit;
748 }
749 }
750
751 /*
752 * OK, add it to the receive buffer, or copy into external buffer if
753 * supplied
754 */
755 if (!ebuf) {
756 if (!sl->rx_buffer.data) {
757 status = -EIO;
758 goto exit;
759 }
760 dvb_ringbuffer_pkt_write(&sl->rx_buffer, buf, bytes_read);
761 } else {
762 memcpy(ebuf, buf, bytes_read);
763 }
764
765 dprintk("Received CA packet for slot %i connection id 0x%x last_frag:%i size:0x%x\n", slot,
766 buf[0], (buf[1] & 0x80) == 0, bytes_read);
767
768 /* wake up readers when a last_fragment is received */
769 if ((buf[1] & 0x80) == 0x00)
770 wake_up_interruptible(&ca->wait_queue);
771
772 status = bytes_read;
773
774 exit:
775 return status;
776 }
777
778 /**
779 * dvb_ca_en50221_write_data - This function talks to an EN50221 CAM control
780 * interface. It writes a buffer of data to a CAM.
781 *
782 * @ca: CA instance.
783 * @slot: Slot to write to.
784 * @buf: The data in this buffer is treated as a complete link-level packet to
785 * be written.
786 * @bytes_write: Size of ebuf.
787 * @size_write_flag: A flag on Command Register which says whether the link size
788 * information will be writen or not.
789 *
790 * return: Number of bytes written, or < 0 on error.
791 */
dvb_ca_en50221_write_data(struct dvb_ca_private * ca,int slot,u8 * buf,int bytes_write,int size_write_flag)792 static int dvb_ca_en50221_write_data(struct dvb_ca_private *ca, int slot,
793 u8 *buf, int bytes_write, int size_write_flag)
794 {
795 struct dvb_ca_slot *sl = &ca->slot_info[slot];
796 int status;
797 int i;
798
799 dprintk("%s\n", __func__);
800
801 /* sanity check */
802 if (bytes_write > sl->link_buf_size)
803 return -EINVAL;
804
805 if (ca->pub->write_data &&
806 (sl->slot_state != DVB_CA_SLOTSTATE_LINKINIT))
807 return ca->pub->write_data(ca->pub, slot, buf, bytes_write);
808
809 /*
810 * it is possible we are dealing with a single buffer implementation,
811 * thus if there is data available for read or if there is even a read
812 * already in progress, we do nothing but awake the kernel thread to
813 * process the data if necessary.
814 */
815 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
816 if (status < 0)
817 goto exitnowrite;
818 if (status & (STATUSREG_DA | STATUSREG_RE)) {
819 if (status & STATUSREG_DA)
820 dvb_ca_en50221_thread_wakeup(ca);
821
822 status = -EAGAIN;
823 goto exitnowrite;
824 }
825
826 /* OK, set HC bit */
827 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND,
828 IRQEN | CMDREG_HC | size_write_flag);
829 if (status)
830 goto exit;
831
832 /* check if interface is still free */
833 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
834 if (status < 0)
835 goto exit;
836 if (!(status & STATUSREG_FR)) {
837 /* it wasn't free => try again later */
838 status = -EAGAIN;
839 goto exit;
840 }
841
842 /*
843 * It may need some time for the CAM to settle down, or there might
844 * be a race condition between the CAM, writing HC and our last
845 * check for DA. This happens, if the CAM asserts DA, just after
846 * checking DA before we are setting HC. In this case it might be
847 * a bug in the CAM to keep the FR bit, the lower layer/HW
848 * communication requires a longer timeout or the CAM needs more
849 * time internally. But this happens in reality!
850 * We need to read the status from the HW again and do the same
851 * we did for the previous check for DA
852 */
853 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
854 if (status < 0)
855 goto exit;
856
857 if (status & (STATUSREG_DA | STATUSREG_RE)) {
858 if (status & STATUSREG_DA)
859 dvb_ca_en50221_thread_wakeup(ca);
860
861 status = -EAGAIN;
862 goto exit;
863 }
864
865 /* send the amount of data */
866 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_HIGH,
867 bytes_write >> 8);
868 if (status)
869 goto exit;
870 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_SIZE_LOW,
871 bytes_write & 0xff);
872 if (status)
873 goto exit;
874
875 /* send the buffer */
876 for (i = 0; i < bytes_write; i++) {
877 status = ca->pub->write_cam_control(ca->pub, slot, CTRLIF_DATA,
878 buf[i]);
879 if (status)
880 goto exit;
881 }
882
883 /* check for write error (WE should now be 0) */
884 status = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
885 if (status < 0)
886 goto exit;
887 if (status & STATUSREG_WE) {
888 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
889 status = -EIO;
890 goto exit;
891 }
892 status = bytes_write;
893
894 dprintk("Wrote CA packet for slot %i, connection id 0x%x last_frag:%i size:0x%x\n", slot,
895 buf[0], (buf[1] & 0x80) == 0, bytes_write);
896
897 exit:
898 ca->pub->write_cam_control(ca->pub, slot, CTRLIF_COMMAND, IRQEN);
899
900 exitnowrite:
901 return status;
902 }
903
904 /* ************************************************************************** */
905 /* EN50221 higher level functions */
906
907 /**
908 * dvb_ca_en50221_slot_shutdown - A CAM has been removed => shut it down.
909 *
910 * @ca: CA instance.
911 * @slot: Slot to shut down.
912 */
dvb_ca_en50221_slot_shutdown(struct dvb_ca_private * ca,int slot)913 static int dvb_ca_en50221_slot_shutdown(struct dvb_ca_private *ca, int slot)
914 {
915 dprintk("%s\n", __func__);
916
917 ca->pub->slot_shutdown(ca->pub, slot);
918 ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
919
920 /*
921 * need to wake up all processes to check if they're now trying to
922 * write to a defunct CAM
923 */
924 wake_up_interruptible(&ca->wait_queue);
925
926 dprintk("Slot %i shutdown\n", slot);
927
928 /* success */
929 return 0;
930 }
931
932 /**
933 * dvb_ca_en50221_camchange_irq - A CAMCHANGE IRQ has occurred.
934 *
935 * @pubca: CA instance.
936 * @slot: Slot concerned.
937 * @change_type: One of the DVB_CA_CAMCHANGE_* values.
938 */
dvb_ca_en50221_camchange_irq(struct dvb_ca_en50221 * pubca,int slot,int change_type)939 void dvb_ca_en50221_camchange_irq(struct dvb_ca_en50221 *pubca, int slot,
940 int change_type)
941 {
942 struct dvb_ca_private *ca = pubca->private;
943 struct dvb_ca_slot *sl = &ca->slot_info[slot];
944
945 dprintk("CAMCHANGE IRQ slot:%i change_type:%i\n", slot, change_type);
946
947 switch (change_type) {
948 case DVB_CA_EN50221_CAMCHANGE_REMOVED:
949 case DVB_CA_EN50221_CAMCHANGE_INSERTED:
950 break;
951
952 default:
953 return;
954 }
955
956 sl->camchange_type = change_type;
957 atomic_inc(&sl->camchange_count);
958 dvb_ca_en50221_thread_wakeup(ca);
959 }
960 EXPORT_SYMBOL(dvb_ca_en50221_camchange_irq);
961
962 /**
963 * dvb_ca_en50221_camready_irq - A CAMREADY IRQ has occurred.
964 *
965 * @pubca: CA instance.
966 * @slot: Slot concerned.
967 */
dvb_ca_en50221_camready_irq(struct dvb_ca_en50221 * pubca,int slot)968 void dvb_ca_en50221_camready_irq(struct dvb_ca_en50221 *pubca, int slot)
969 {
970 struct dvb_ca_private *ca = pubca->private;
971 struct dvb_ca_slot *sl = &ca->slot_info[slot];
972
973 dprintk("CAMREADY IRQ slot:%i\n", slot);
974
975 if (sl->slot_state == DVB_CA_SLOTSTATE_WAITREADY) {
976 sl->slot_state = DVB_CA_SLOTSTATE_VALIDATE;
977 dvb_ca_en50221_thread_wakeup(ca);
978 }
979 }
980 EXPORT_SYMBOL(dvb_ca_en50221_camready_irq);
981
982 /**
983 * dvb_ca_en50221_frda_irq - An FR or DA IRQ has occurred.
984 *
985 * @pubca: CA instance.
986 * @slot: Slot concerned.
987 */
dvb_ca_en50221_frda_irq(struct dvb_ca_en50221 * pubca,int slot)988 void dvb_ca_en50221_frda_irq(struct dvb_ca_en50221 *pubca, int slot)
989 {
990 struct dvb_ca_private *ca = pubca->private;
991 struct dvb_ca_slot *sl = &ca->slot_info[slot];
992 int flags;
993
994 dprintk("FR/DA IRQ slot:%i\n", slot);
995
996 switch (sl->slot_state) {
997 case DVB_CA_SLOTSTATE_LINKINIT:
998 flags = ca->pub->read_cam_control(pubca, slot, CTRLIF_STATUS);
999 if (flags & STATUSREG_DA) {
1000 dprintk("CAM supports DA IRQ\n");
1001 sl->da_irq_supported = 1;
1002 }
1003 break;
1004
1005 case DVB_CA_SLOTSTATE_RUNNING:
1006 if (ca->open)
1007 dvb_ca_en50221_thread_wakeup(ca);
1008 break;
1009 }
1010 }
1011 EXPORT_SYMBOL(dvb_ca_en50221_frda_irq);
1012
1013 /* ************************************************************************** */
1014 /* EN50221 thread functions */
1015
1016 /**
1017 * dvb_ca_en50221_thread_wakeup - Wake up the DVB CA thread
1018 *
1019 * @ca: CA instance.
1020 */
dvb_ca_en50221_thread_wakeup(struct dvb_ca_private * ca)1021 static void dvb_ca_en50221_thread_wakeup(struct dvb_ca_private *ca)
1022 {
1023 dprintk("%s\n", __func__);
1024
1025 ca->wakeup = 1;
1026 mb();
1027 wake_up_process(ca->thread);
1028 }
1029
1030 /**
1031 * dvb_ca_en50221_thread_update_delay - Update the delay used by the thread.
1032 *
1033 * @ca: CA instance.
1034 */
dvb_ca_en50221_thread_update_delay(struct dvb_ca_private * ca)1035 static void dvb_ca_en50221_thread_update_delay(struct dvb_ca_private *ca)
1036 {
1037 int delay;
1038 int curdelay = 100000000;
1039 int slot;
1040
1041 /*
1042 * Beware of too high polling frequency, because one polling
1043 * call might take several hundred milliseconds until timeout!
1044 */
1045 for (slot = 0; slot < ca->slot_count; slot++) {
1046 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1047
1048 switch (sl->slot_state) {
1049 default:
1050 case DVB_CA_SLOTSTATE_NONE:
1051 delay = HZ * 60; /* 60s */
1052 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1053 delay = HZ * 5; /* 5s */
1054 break;
1055 case DVB_CA_SLOTSTATE_INVALID:
1056 delay = HZ * 60; /* 60s */
1057 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1058 delay = HZ / 10; /* 100ms */
1059 break;
1060
1061 case DVB_CA_SLOTSTATE_UNINITIALISED:
1062 case DVB_CA_SLOTSTATE_WAITREADY:
1063 case DVB_CA_SLOTSTATE_VALIDATE:
1064 case DVB_CA_SLOTSTATE_WAITFR:
1065 case DVB_CA_SLOTSTATE_LINKINIT:
1066 delay = HZ / 10; /* 100ms */
1067 break;
1068
1069 case DVB_CA_SLOTSTATE_RUNNING:
1070 delay = HZ * 60; /* 60s */
1071 if (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE))
1072 delay = HZ / 10; /* 100ms */
1073 if (ca->open) {
1074 if ((!sl->da_irq_supported) ||
1075 (!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_DA)))
1076 delay = HZ / 10; /* 100ms */
1077 }
1078 break;
1079 }
1080
1081 if (delay < curdelay)
1082 curdelay = delay;
1083 }
1084
1085 ca->delay = curdelay;
1086 }
1087
1088 /**
1089 * dvb_ca_en50221_poll_cam_gone - Poll if the CAM is gone.
1090 *
1091 * @ca: CA instance.
1092 * @slot: Slot to process.
1093 * return:: 0 .. no change
1094 * 1 .. CAM state changed
1095 */
1096
dvb_ca_en50221_poll_cam_gone(struct dvb_ca_private * ca,int slot)1097 static int dvb_ca_en50221_poll_cam_gone(struct dvb_ca_private *ca, int slot)
1098 {
1099 int changed = 0;
1100 int status;
1101
1102 /*
1103 * we need this extra check for annoying interfaces like the
1104 * budget-av
1105 */
1106 if ((!(ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)) &&
1107 (ca->pub->poll_slot_status)) {
1108 status = ca->pub->poll_slot_status(ca->pub, slot, 0);
1109 if (!(status &
1110 DVB_CA_EN50221_POLL_CAM_PRESENT)) {
1111 ca->slot_info[slot].slot_state = DVB_CA_SLOTSTATE_NONE;
1112 dvb_ca_en50221_thread_update_delay(ca);
1113 changed = 1;
1114 }
1115 }
1116 return changed;
1117 }
1118
1119 /**
1120 * dvb_ca_en50221_thread_state_machine - Thread state machine for one CA slot
1121 * to perform the data transfer.
1122 *
1123 * @ca: CA instance.
1124 * @slot: Slot to process.
1125 */
dvb_ca_en50221_thread_state_machine(struct dvb_ca_private * ca,int slot)1126 static void dvb_ca_en50221_thread_state_machine(struct dvb_ca_private *ca,
1127 int slot)
1128 {
1129 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1130 int flags;
1131 int pktcount;
1132 void *rxbuf;
1133
1134 mutex_lock(&sl->slot_lock);
1135
1136 /* check the cam status + deal with CAMCHANGEs */
1137 while (dvb_ca_en50221_check_camstatus(ca, slot)) {
1138 /* clear down an old CI slot if necessary */
1139 if (sl->slot_state != DVB_CA_SLOTSTATE_NONE)
1140 dvb_ca_en50221_slot_shutdown(ca, slot);
1141
1142 /* if a CAM is NOW present, initialise it */
1143 if (sl->camchange_type == DVB_CA_EN50221_CAMCHANGE_INSERTED)
1144 sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1145
1146 /* we've handled one CAMCHANGE */
1147 dvb_ca_en50221_thread_update_delay(ca);
1148 atomic_dec(&sl->camchange_count);
1149 }
1150
1151 /* CAM state machine */
1152 switch (sl->slot_state) {
1153 case DVB_CA_SLOTSTATE_NONE:
1154 case DVB_CA_SLOTSTATE_INVALID:
1155 /* no action needed */
1156 break;
1157
1158 case DVB_CA_SLOTSTATE_UNINITIALISED:
1159 sl->slot_state = DVB_CA_SLOTSTATE_WAITREADY;
1160 ca->pub->slot_reset(ca->pub, slot);
1161 sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1162 break;
1163
1164 case DVB_CA_SLOTSTATE_WAITREADY:
1165 if (time_after(jiffies, sl->timeout)) {
1166 pr_err("dvb_ca adaptor %d: PC card did not respond :(\n",
1167 ca->dvbdev->adapter->num);
1168 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1169 dvb_ca_en50221_thread_update_delay(ca);
1170 break;
1171 }
1172 /*
1173 * no other action needed; will automatically change state when
1174 * ready
1175 */
1176 break;
1177
1178 case DVB_CA_SLOTSTATE_VALIDATE:
1179 if (dvb_ca_en50221_parse_attributes(ca, slot) != 0) {
1180 if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1181 break;
1182
1183 pr_err("dvb_ca adapter %d: Invalid PC card inserted :(\n",
1184 ca->dvbdev->adapter->num);
1185 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1186 dvb_ca_en50221_thread_update_delay(ca);
1187 break;
1188 }
1189 if (dvb_ca_en50221_set_configoption(ca, slot) != 0) {
1190 pr_err("dvb_ca adapter %d: Unable to initialise CAM :(\n",
1191 ca->dvbdev->adapter->num);
1192 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1193 dvb_ca_en50221_thread_update_delay(ca);
1194 break;
1195 }
1196 if (ca->pub->write_cam_control(ca->pub, slot,
1197 CTRLIF_COMMAND,
1198 CMDREG_RS) != 0) {
1199 pr_err("dvb_ca adapter %d: Unable to reset CAM IF\n",
1200 ca->dvbdev->adapter->num);
1201 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1202 dvb_ca_en50221_thread_update_delay(ca);
1203 break;
1204 }
1205 dprintk("DVB CAM validated successfully\n");
1206
1207 sl->timeout = jiffies + (INIT_TIMEOUT_SECS * HZ);
1208 sl->slot_state = DVB_CA_SLOTSTATE_WAITFR;
1209 ca->wakeup = 1;
1210 break;
1211
1212 case DVB_CA_SLOTSTATE_WAITFR:
1213 if (time_after(jiffies, sl->timeout)) {
1214 pr_err("dvb_ca adapter %d: DVB CAM did not respond :(\n",
1215 ca->dvbdev->adapter->num);
1216 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1217 dvb_ca_en50221_thread_update_delay(ca);
1218 break;
1219 }
1220
1221 flags = ca->pub->read_cam_control(ca->pub, slot, CTRLIF_STATUS);
1222 if (flags & STATUSREG_FR) {
1223 sl->slot_state = DVB_CA_SLOTSTATE_LINKINIT;
1224 ca->wakeup = 1;
1225 }
1226 break;
1227
1228 case DVB_CA_SLOTSTATE_LINKINIT:
1229 if (dvb_ca_en50221_link_init(ca, slot) != 0) {
1230 if (dvb_ca_en50221_poll_cam_gone(ca, slot))
1231 break;
1232
1233 pr_err("dvb_ca adapter %d: DVB CAM link initialisation failed :(\n",
1234 ca->dvbdev->adapter->num);
1235 sl->slot_state = DVB_CA_SLOTSTATE_UNINITIALISED;
1236 dvb_ca_en50221_thread_update_delay(ca);
1237 break;
1238 }
1239
1240 if (!sl->rx_buffer.data) {
1241 rxbuf = vmalloc(RX_BUFFER_SIZE);
1242 if (!rxbuf) {
1243 pr_err("dvb_ca adapter %d: Unable to allocate CAM rx buffer :(\n",
1244 ca->dvbdev->adapter->num);
1245 sl->slot_state = DVB_CA_SLOTSTATE_INVALID;
1246 dvb_ca_en50221_thread_update_delay(ca);
1247 break;
1248 }
1249 dvb_ringbuffer_init(&sl->rx_buffer, rxbuf,
1250 RX_BUFFER_SIZE);
1251 }
1252
1253 ca->pub->slot_ts_enable(ca->pub, slot);
1254 sl->slot_state = DVB_CA_SLOTSTATE_RUNNING;
1255 dvb_ca_en50221_thread_update_delay(ca);
1256 pr_info("dvb_ca adapter %d: DVB CAM detected and initialised successfully\n",
1257 ca->dvbdev->adapter->num);
1258 break;
1259
1260 case DVB_CA_SLOTSTATE_RUNNING:
1261 if (!ca->open)
1262 break;
1263
1264 /* poll slots for data */
1265 pktcount = 0;
1266 while (dvb_ca_en50221_read_data(ca, slot, NULL, 0) > 0) {
1267 if (!ca->open)
1268 break;
1269
1270 /*
1271 * if a CAMCHANGE occurred at some point, do not do any
1272 * more processing of this slot
1273 */
1274 if (dvb_ca_en50221_check_camstatus(ca, slot)) {
1275 /*
1276 * we don't want to sleep on the next iteration
1277 * so we can handle the cam change
1278 */
1279 ca->wakeup = 1;
1280 break;
1281 }
1282
1283 /* check if we've hit our limit this time */
1284 if (++pktcount >= MAX_RX_PACKETS_PER_ITERATION) {
1285 /*
1286 * don't sleep; there is likely to be more data
1287 * to read
1288 */
1289 ca->wakeup = 1;
1290 break;
1291 }
1292 }
1293 break;
1294 }
1295
1296 mutex_unlock(&sl->slot_lock);
1297 }
1298
1299 /*
1300 * Kernel thread which monitors CA slots for CAM changes, and performs data
1301 * transfers.
1302 */
dvb_ca_en50221_thread(void * data)1303 static int dvb_ca_en50221_thread(void *data)
1304 {
1305 struct dvb_ca_private *ca = data;
1306 int slot;
1307
1308 dprintk("%s\n", __func__);
1309
1310 /* choose the correct initial delay */
1311 dvb_ca_en50221_thread_update_delay(ca);
1312
1313 /* main loop */
1314 while (!kthread_should_stop()) {
1315 /* sleep for a bit */
1316 if (!ca->wakeup) {
1317 set_current_state(TASK_INTERRUPTIBLE);
1318 schedule_timeout(ca->delay);
1319 if (kthread_should_stop())
1320 return 0;
1321 }
1322 ca->wakeup = 0;
1323
1324 /* go through all the slots processing them */
1325 for (slot = 0; slot < ca->slot_count; slot++)
1326 dvb_ca_en50221_thread_state_machine(ca, slot);
1327 }
1328
1329 return 0;
1330 }
1331
1332 /* ************************************************************************** */
1333 /* EN50221 IO interface functions */
1334
1335 /**
1336 * dvb_ca_en50221_io_do_ioctl - Real ioctl implementation.
1337 *
1338 * @file: File concerned.
1339 * @cmd: IOCTL command.
1340 * @parg: Associated argument.
1341 *
1342 * NOTE: CA_SEND_MSG/CA_GET_MSG ioctls have userspace buffers passed to them.
1343 *
1344 * return: 0 on success, <0 on error.
1345 */
dvb_ca_en50221_io_do_ioctl(struct file * file,unsigned int cmd,void * parg)1346 static int dvb_ca_en50221_io_do_ioctl(struct file *file,
1347 unsigned int cmd, void *parg)
1348 {
1349 struct dvb_device *dvbdev = file->private_data;
1350 struct dvb_ca_private *ca = dvbdev->priv;
1351 int err = 0;
1352 int slot;
1353
1354 dprintk("%s\n", __func__);
1355
1356 if (mutex_lock_interruptible(&ca->ioctl_mutex))
1357 return -ERESTARTSYS;
1358
1359 switch (cmd) {
1360 case CA_RESET:
1361 for (slot = 0; slot < ca->slot_count; slot++) {
1362 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1363
1364 mutex_lock(&sl->slot_lock);
1365 if (sl->slot_state != DVB_CA_SLOTSTATE_NONE) {
1366 dvb_ca_en50221_slot_shutdown(ca, slot);
1367 if (ca->flags & DVB_CA_EN50221_FLAG_IRQ_CAMCHANGE)
1368 dvb_ca_en50221_camchange_irq(ca->pub,
1369 slot,
1370 DVB_CA_EN50221_CAMCHANGE_INSERTED);
1371 }
1372 mutex_unlock(&sl->slot_lock);
1373 }
1374 ca->next_read_slot = 0;
1375 dvb_ca_en50221_thread_wakeup(ca);
1376 break;
1377
1378 case CA_GET_CAP: {
1379 struct ca_caps *caps = parg;
1380
1381 caps->slot_num = ca->slot_count;
1382 caps->slot_type = CA_CI_LINK;
1383 caps->descr_num = 0;
1384 caps->descr_type = 0;
1385 break;
1386 }
1387
1388 case CA_GET_SLOT_INFO: {
1389 struct ca_slot_info *info = parg;
1390 struct dvb_ca_slot *sl;
1391
1392 slot = info->num;
1393 if ((slot >= ca->slot_count) || (slot < 0)) {
1394 err = -EINVAL;
1395 goto out_unlock;
1396 }
1397 slot = array_index_nospec(slot, ca->slot_count);
1398
1399 info->type = CA_CI_LINK;
1400 info->flags = 0;
1401 sl = &ca->slot_info[slot];
1402 if ((sl->slot_state != DVB_CA_SLOTSTATE_NONE) &&
1403 (sl->slot_state != DVB_CA_SLOTSTATE_INVALID)) {
1404 info->flags = CA_CI_MODULE_PRESENT;
1405 }
1406 if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING)
1407 info->flags |= CA_CI_MODULE_READY;
1408 break;
1409 }
1410
1411 default:
1412 err = -EINVAL;
1413 break;
1414 }
1415
1416 out_unlock:
1417 mutex_unlock(&ca->ioctl_mutex);
1418 return err;
1419 }
1420
1421 /**
1422 * dvb_ca_en50221_io_ioctl - Wrapper for ioctl implementation.
1423 *
1424 * @file: File concerned.
1425 * @cmd: IOCTL command.
1426 * @arg: Associated argument.
1427 *
1428 * return: 0 on success, <0 on error.
1429 */
dvb_ca_en50221_io_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1430 static long dvb_ca_en50221_io_ioctl(struct file *file,
1431 unsigned int cmd, unsigned long arg)
1432 {
1433 return dvb_usercopy(file, cmd, arg, dvb_ca_en50221_io_do_ioctl);
1434 }
1435
1436 /**
1437 * dvb_ca_en50221_io_write - Implementation of write() syscall.
1438 *
1439 * @file: File structure.
1440 * @buf: Source buffer.
1441 * @count: Size of source buffer.
1442 * @ppos: Position in file (ignored).
1443 *
1444 * return: Number of bytes read, or <0 on error.
1445 */
dvb_ca_en50221_io_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1446 static ssize_t dvb_ca_en50221_io_write(struct file *file,
1447 const char __user *buf, size_t count,
1448 loff_t *ppos)
1449 {
1450 struct dvb_device *dvbdev = file->private_data;
1451 struct dvb_ca_private *ca = dvbdev->priv;
1452 struct dvb_ca_slot *sl;
1453 u8 slot, connection_id;
1454 int status;
1455 u8 fragbuf[HOST_LINK_BUF_SIZE];
1456 int fragpos = 0;
1457 int fraglen;
1458 unsigned long timeout;
1459 int written;
1460
1461 dprintk("%s\n", __func__);
1462
1463 /*
1464 * Incoming packet has a 2 byte header.
1465 * hdr[0] = slot_id, hdr[1] = connection_id
1466 */
1467 if (count < 2)
1468 return -EINVAL;
1469
1470 /* extract slot & connection id */
1471 if (copy_from_user(&slot, buf, 1))
1472 return -EFAULT;
1473 if (copy_from_user(&connection_id, buf + 1, 1))
1474 return -EFAULT;
1475 buf += 2;
1476 count -= 2;
1477
1478 if (slot >= ca->slot_count)
1479 return -EINVAL;
1480 slot = array_index_nospec(slot, ca->slot_count);
1481 sl = &ca->slot_info[slot];
1482
1483 /* check if the slot is actually running */
1484 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1485 return -EINVAL;
1486
1487 /* fragment the packets & store in the buffer */
1488 while (fragpos < count) {
1489 fraglen = sl->link_buf_size - 2;
1490 if (fraglen < 0)
1491 break;
1492 if (fraglen > HOST_LINK_BUF_SIZE - 2)
1493 fraglen = HOST_LINK_BUF_SIZE - 2;
1494 if ((count - fragpos) < fraglen)
1495 fraglen = count - fragpos;
1496
1497 fragbuf[0] = connection_id;
1498 fragbuf[1] = ((fragpos + fraglen) < count) ? 0x80 : 0x00;
1499 status = copy_from_user(fragbuf + 2, buf + fragpos, fraglen);
1500 if (status) {
1501 status = -EFAULT;
1502 goto exit;
1503 }
1504
1505 timeout = jiffies + HZ / 2;
1506 written = 0;
1507 while (!time_after(jiffies, timeout)) {
1508 /*
1509 * check the CAM hasn't been removed/reset in the
1510 * meantime
1511 */
1512 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING) {
1513 status = -EIO;
1514 goto exit;
1515 }
1516
1517 mutex_lock(&sl->slot_lock);
1518 status = dvb_ca_en50221_write_data(ca, slot, fragbuf,
1519 fraglen + 2, 0);
1520 mutex_unlock(&sl->slot_lock);
1521 if (status == (fraglen + 2)) {
1522 written = 1;
1523 break;
1524 }
1525 if (status != -EAGAIN)
1526 goto exit;
1527
1528 usleep_range(1000, 1100);
1529 }
1530 if (!written) {
1531 status = -EIO;
1532 goto exit;
1533 }
1534
1535 fragpos += fraglen;
1536 }
1537 status = count + 2;
1538
1539 exit:
1540 return status;
1541 }
1542
1543 /*
1544 * Condition for waking up in dvb_ca_en50221_io_read_condition
1545 */
dvb_ca_en50221_io_read_condition(struct dvb_ca_private * ca,int * result,int * _slot)1546 static int dvb_ca_en50221_io_read_condition(struct dvb_ca_private *ca,
1547 int *result, int *_slot)
1548 {
1549 int slot;
1550 int slot_count = 0;
1551 int idx;
1552 size_t fraglen;
1553 int connection_id = -1;
1554 int found = 0;
1555 u8 hdr[2];
1556
1557 slot = ca->next_read_slot;
1558 while ((slot_count < ca->slot_count) && (!found)) {
1559 struct dvb_ca_slot *sl = &ca->slot_info[slot];
1560
1561 if (sl->slot_state != DVB_CA_SLOTSTATE_RUNNING)
1562 goto nextslot;
1563
1564 if (!sl->rx_buffer.data)
1565 return 0;
1566
1567 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1568 while (idx != -1) {
1569 dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1570 if (connection_id == -1)
1571 connection_id = hdr[0];
1572 if ((hdr[0] == connection_id) &&
1573 ((hdr[1] & 0x80) == 0)) {
1574 *_slot = slot;
1575 found = 1;
1576 break;
1577 }
1578
1579 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx,
1580 &fraglen);
1581 }
1582
1583 nextslot:
1584 slot = (slot + 1) % ca->slot_count;
1585 slot_count++;
1586 }
1587
1588 ca->next_read_slot = slot;
1589 return found;
1590 }
1591
1592 /**
1593 * dvb_ca_en50221_io_read - Implementation of read() syscall.
1594 *
1595 * @file: File structure.
1596 * @buf: Destination buffer.
1597 * @count: Size of destination buffer.
1598 * @ppos: Position in file (ignored).
1599 *
1600 * return: Number of bytes read, or <0 on error.
1601 */
dvb_ca_en50221_io_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)1602 static ssize_t dvb_ca_en50221_io_read(struct file *file, char __user *buf,
1603 size_t count, loff_t *ppos)
1604 {
1605 struct dvb_device *dvbdev = file->private_data;
1606 struct dvb_ca_private *ca = dvbdev->priv;
1607 struct dvb_ca_slot *sl;
1608 int status;
1609 int result = 0;
1610 u8 hdr[2];
1611 int slot;
1612 int connection_id = -1;
1613 size_t idx, idx2;
1614 int last_fragment = 0;
1615 size_t fraglen;
1616 int pktlen;
1617 int dispose = 0;
1618
1619 dprintk("%s\n", __func__);
1620
1621 /*
1622 * Outgoing packet has a 2 byte header.
1623 * hdr[0] = slot_id, hdr[1] = connection_id
1624 */
1625 if (count < 2)
1626 return -EINVAL;
1627
1628 /* wait for some data */
1629 status = dvb_ca_en50221_io_read_condition(ca, &result, &slot);
1630 if (status == 0) {
1631 /* if we're in nonblocking mode, exit immediately */
1632 if (file->f_flags & O_NONBLOCK)
1633 return -EWOULDBLOCK;
1634
1635 /* wait for some data */
1636 status = wait_event_interruptible(ca->wait_queue,
1637 dvb_ca_en50221_io_read_condition
1638 (ca, &result, &slot));
1639 }
1640 if ((status < 0) || (result < 0)) {
1641 if (result)
1642 return result;
1643 return status;
1644 }
1645
1646 sl = &ca->slot_info[slot];
1647 idx = dvb_ringbuffer_pkt_next(&sl->rx_buffer, -1, &fraglen);
1648 pktlen = 2;
1649 do {
1650 if (idx == -1) {
1651 pr_err("dvb_ca adapter %d: BUG: read packet ended before last_fragment encountered\n",
1652 ca->dvbdev->adapter->num);
1653 status = -EIO;
1654 goto exit;
1655 }
1656
1657 dvb_ringbuffer_pkt_read(&sl->rx_buffer, idx, 0, hdr, 2);
1658 if (connection_id == -1)
1659 connection_id = hdr[0];
1660 if (hdr[0] == connection_id) {
1661 if (pktlen < count) {
1662 if ((pktlen + fraglen - 2) > count)
1663 fraglen = count - pktlen;
1664 else
1665 fraglen -= 2;
1666
1667 status =
1668 dvb_ringbuffer_pkt_read_user(&sl->rx_buffer,
1669 idx, 2,
1670 buf + pktlen,
1671 fraglen);
1672 if (status < 0)
1673 goto exit;
1674
1675 pktlen += fraglen;
1676 }
1677
1678 if ((hdr[1] & 0x80) == 0)
1679 last_fragment = 1;
1680 dispose = 1;
1681 }
1682
1683 idx2 = dvb_ringbuffer_pkt_next(&sl->rx_buffer, idx, &fraglen);
1684 if (dispose)
1685 dvb_ringbuffer_pkt_dispose(&sl->rx_buffer, idx);
1686 idx = idx2;
1687 dispose = 0;
1688 } while (!last_fragment);
1689
1690 hdr[0] = slot;
1691 hdr[1] = connection_id;
1692 status = copy_to_user(buf, hdr, 2);
1693 if (status) {
1694 status = -EFAULT;
1695 goto exit;
1696 }
1697 status = pktlen;
1698
1699 exit:
1700 return status;
1701 }
1702
1703 /**
1704 * dvb_ca_en50221_io_open - Implementation of file open syscall.
1705 *
1706 * @inode: Inode concerned.
1707 * @file: File concerned.
1708 *
1709 * return: 0 on success, <0 on failure.
1710 */
dvb_ca_en50221_io_open(struct inode * inode,struct file * file)1711 static int dvb_ca_en50221_io_open(struct inode *inode, struct file *file)
1712 {
1713 struct dvb_device *dvbdev = file->private_data;
1714 struct dvb_ca_private *ca = dvbdev->priv;
1715 int err;
1716 int i;
1717
1718 dprintk("%s\n", __func__);
1719
1720 mutex_lock(&ca->remove_mutex);
1721
1722 if (ca->exit) {
1723 mutex_unlock(&ca->remove_mutex);
1724 return -ENODEV;
1725 }
1726
1727 if (!try_module_get(ca->pub->owner)) {
1728 mutex_unlock(&ca->remove_mutex);
1729 return -EIO;
1730 }
1731
1732 err = dvb_generic_open(inode, file);
1733 if (err < 0) {
1734 module_put(ca->pub->owner);
1735 mutex_unlock(&ca->remove_mutex);
1736 return err;
1737 }
1738
1739 for (i = 0; i < ca->slot_count; i++) {
1740 struct dvb_ca_slot *sl = &ca->slot_info[i];
1741
1742 if (sl->slot_state == DVB_CA_SLOTSTATE_RUNNING) {
1743 if (!sl->rx_buffer.data) {
1744 /*
1745 * it is safe to call this here without locks
1746 * because ca->open == 0. Data is not read in
1747 * this case
1748 */
1749 dvb_ringbuffer_flush(&sl->rx_buffer);
1750 }
1751 }
1752 }
1753
1754 ca->open = 1;
1755 dvb_ca_en50221_thread_update_delay(ca);
1756 dvb_ca_en50221_thread_wakeup(ca);
1757
1758 dvb_ca_private_get(ca);
1759
1760 mutex_unlock(&ca->remove_mutex);
1761 return 0;
1762 }
1763
1764 /**
1765 * dvb_ca_en50221_io_release - Implementation of file close syscall.
1766 *
1767 * @inode: Inode concerned.
1768 * @file: File concerned.
1769 *
1770 * return: 0 on success, <0 on failure.
1771 */
dvb_ca_en50221_io_release(struct inode * inode,struct file * file)1772 static int dvb_ca_en50221_io_release(struct inode *inode, struct file *file)
1773 {
1774 struct dvb_device *dvbdev = file->private_data;
1775 struct dvb_ca_private *ca = dvbdev->priv;
1776 int err;
1777
1778 dprintk("%s\n", __func__);
1779
1780 mutex_lock(&ca->remove_mutex);
1781
1782 /* mark the CA device as closed */
1783 ca->open = 0;
1784 dvb_ca_en50221_thread_update_delay(ca);
1785
1786 err = dvb_generic_release(inode, file);
1787
1788 module_put(ca->pub->owner);
1789
1790 dvb_ca_private_put(ca);
1791
1792 if (dvbdev->users == 1 && ca->exit == 1) {
1793 mutex_unlock(&ca->remove_mutex);
1794 wake_up(&dvbdev->wait_queue);
1795 } else {
1796 mutex_unlock(&ca->remove_mutex);
1797 }
1798
1799 return err;
1800 }
1801
1802 /**
1803 * dvb_ca_en50221_io_poll - Implementation of poll() syscall.
1804 *
1805 * @file: File concerned.
1806 * @wait: poll wait table.
1807 *
1808 * return: Standard poll mask.
1809 */
dvb_ca_en50221_io_poll(struct file * file,poll_table * wait)1810 static __poll_t dvb_ca_en50221_io_poll(struct file *file, poll_table *wait)
1811 {
1812 struct dvb_device *dvbdev = file->private_data;
1813 struct dvb_ca_private *ca = dvbdev->priv;
1814 __poll_t mask = 0;
1815 int slot;
1816 int result = 0;
1817
1818 dprintk("%s\n", __func__);
1819
1820 poll_wait(file, &ca->wait_queue, wait);
1821
1822 if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1823 mask |= EPOLLIN;
1824
1825 /* if there is something, return now */
1826 if (mask)
1827 return mask;
1828
1829 if (dvb_ca_en50221_io_read_condition(ca, &result, &slot) == 1)
1830 mask |= EPOLLIN;
1831
1832 return mask;
1833 }
1834
1835 static const struct file_operations dvb_ca_fops = {
1836 .owner = THIS_MODULE,
1837 .read = dvb_ca_en50221_io_read,
1838 .write = dvb_ca_en50221_io_write,
1839 .unlocked_ioctl = dvb_ca_en50221_io_ioctl,
1840 .open = dvb_ca_en50221_io_open,
1841 .release = dvb_ca_en50221_io_release,
1842 .poll = dvb_ca_en50221_io_poll,
1843 .llseek = noop_llseek,
1844 };
1845
1846 static const struct dvb_device dvbdev_ca = {
1847 .priv = NULL,
1848 .users = 1,
1849 .readers = 1,
1850 .writers = 1,
1851 #if defined(CONFIG_MEDIA_CONTROLLER_DVB)
1852 .name = "dvb-ca-en50221",
1853 #endif
1854 .fops = &dvb_ca_fops,
1855 };
1856
1857 /* ************************************************************************** */
1858 /* Initialisation/shutdown functions */
1859
1860 /**
1861 * dvb_ca_en50221_init - Initialise a new DVB CA EN50221 interface device.
1862 *
1863 * @dvb_adapter: DVB adapter to attach the new CA device to.
1864 * @pubca: The dvb_ca instance.
1865 * @flags: Flags describing the CA device (DVB_CA_FLAG_*).
1866 * @slot_count: Number of slots supported.
1867 *
1868 * return: 0 on success, nonzero on failure
1869 */
dvb_ca_en50221_init(struct dvb_adapter * dvb_adapter,struct dvb_ca_en50221 * pubca,int flags,int slot_count)1870 int dvb_ca_en50221_init(struct dvb_adapter *dvb_adapter,
1871 struct dvb_ca_en50221 *pubca, int flags, int slot_count)
1872 {
1873 int ret;
1874 struct dvb_ca_private *ca = NULL;
1875 int i;
1876
1877 dprintk("%s\n", __func__);
1878
1879 if (slot_count < 1)
1880 return -EINVAL;
1881
1882 /* initialise the system data */
1883 ca = kzalloc(sizeof(*ca), GFP_KERNEL);
1884 if (!ca) {
1885 ret = -ENOMEM;
1886 goto exit;
1887 }
1888 kref_init(&ca->refcount);
1889 ca->pub = pubca;
1890 ca->flags = flags;
1891 ca->slot_count = slot_count;
1892 ca->slot_info = kcalloc(slot_count, sizeof(struct dvb_ca_slot),
1893 GFP_KERNEL);
1894 if (!ca->slot_info) {
1895 ret = -ENOMEM;
1896 goto free_ca;
1897 }
1898 init_waitqueue_head(&ca->wait_queue);
1899 ca->open = 0;
1900 ca->wakeup = 0;
1901 ca->next_read_slot = 0;
1902 pubca->private = ca;
1903
1904 /* register the DVB device */
1905 ret = dvb_register_device(dvb_adapter, &ca->dvbdev, &dvbdev_ca, ca,
1906 DVB_DEVICE_CA, 0);
1907 if (ret)
1908 goto free_slot_info;
1909
1910 /* now initialise each slot */
1911 for (i = 0; i < slot_count; i++) {
1912 struct dvb_ca_slot *sl = &ca->slot_info[i];
1913
1914 memset(sl, 0, sizeof(struct dvb_ca_slot));
1915 sl->slot_state = DVB_CA_SLOTSTATE_NONE;
1916 atomic_set(&sl->camchange_count, 0);
1917 sl->camchange_type = DVB_CA_EN50221_CAMCHANGE_REMOVED;
1918 mutex_init(&sl->slot_lock);
1919 }
1920
1921 mutex_init(&ca->ioctl_mutex);
1922 mutex_init(&ca->remove_mutex);
1923
1924 if (signal_pending(current)) {
1925 ret = -EINTR;
1926 goto unregister_device;
1927 }
1928 mb();
1929
1930 /* create a kthread for monitoring this CA device */
1931 ca->thread = kthread_run(dvb_ca_en50221_thread, ca, "kdvb-ca-%i:%i",
1932 ca->dvbdev->adapter->num, ca->dvbdev->id);
1933 if (IS_ERR(ca->thread)) {
1934 ret = PTR_ERR(ca->thread);
1935 pr_err("dvb_ca_init: failed to start kernel_thread (%d)\n",
1936 ret);
1937 goto unregister_device;
1938 }
1939 return 0;
1940
1941 unregister_device:
1942 dvb_unregister_device(ca->dvbdev);
1943 free_slot_info:
1944 kfree(ca->slot_info);
1945 free_ca:
1946 kfree(ca);
1947 exit:
1948 pubca->private = NULL;
1949 return ret;
1950 }
1951 EXPORT_SYMBOL(dvb_ca_en50221_init);
1952
1953 /**
1954 * dvb_ca_en50221_release - Release a DVB CA EN50221 interface device.
1955 *
1956 * @pubca: The associated dvb_ca instance.
1957 */
dvb_ca_en50221_release(struct dvb_ca_en50221 * pubca)1958 void dvb_ca_en50221_release(struct dvb_ca_en50221 *pubca)
1959 {
1960 struct dvb_ca_private *ca = pubca->private;
1961 int i;
1962
1963 dprintk("%s\n", __func__);
1964
1965 mutex_lock(&ca->remove_mutex);
1966 ca->exit = 1;
1967 mutex_unlock(&ca->remove_mutex);
1968
1969 if (ca->dvbdev->users < 1)
1970 wait_event(ca->dvbdev->wait_queue,
1971 ca->dvbdev->users == 1);
1972
1973 /* shutdown the thread if there was one */
1974 kthread_stop(ca->thread);
1975
1976 for (i = 0; i < ca->slot_count; i++)
1977 dvb_ca_en50221_slot_shutdown(ca, i);
1978
1979 dvb_remove_device(ca->dvbdev);
1980 dvb_ca_private_put(ca);
1981 pubca->private = NULL;
1982 }
1983 EXPORT_SYMBOL(dvb_ca_en50221_release);
1984