projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ide: fix races in handling of user-space SET XFER commands
[deliverable/linux.git] / drivers / ide / ide-iops.c
1 /*
2 * Copyright (C) 2000-2002 Andre Hedrick <andre@linux-ide.org>
3 * Copyright (C) 2003 Red Hat
4 *
5 */
6
7 #include <linux/module.h>
8 #include <linux/types.h>
9 #include <linux/string.h>
10 #include <linux/kernel.h>
11 #include <linux/timer.h>
12 #include <linux/mm.h>
13 #include <linux/interrupt.h>
14 #include <linux/major.h>
15 #include <linux/errno.h>
16 #include <linux/genhd.h>
17 #include <linux/blkpg.h>
18 #include <linux/slab.h>
19 #include <linux/pci.h>
20 #include <linux/delay.h>
21 #include <linux/ide.h>
22 #include <linux/bitops.h>
23 #include <linux/nmi.h>
24
25 #include <asm/byteorder.h>
26 #include <asm/irq.h>
27 #include <asm/uaccess.h>
28 #include <asm/io.h>
29
30 void SELECT_MASK(ide_drive_t *drive, int mask)
31 {
32 const struct ide_port_ops *port_ops = drive->hwif->port_ops;
33
34 if (port_ops && port_ops->maskproc)
35 port_ops->maskproc(drive, mask);
36 }
37
38 u8 ide_read_error(ide_drive_t *drive)
39 {
40 struct ide_taskfile tf;
41
42 drive->hwif->tp_ops->tf_read(drive, &tf, IDE_VALID_ERROR);
43
44 return tf.error;
45 }
46 EXPORT_SYMBOL_GPL(ide_read_error);
47
48 void ide_fix_driveid(u16 *id)
49 {
50 #ifndef __LITTLE_ENDIAN
51 # ifdef __BIG_ENDIAN
52 int i;
53
54 for (i = 0; i < 256; i++)
55 id[i] = __le16_to_cpu(id[i]);
56 # else
57 # error "Please fix <asm/byteorder.h>"
58 # endif
59 #endif
60 }
61
62 /*
63 * ide_fixstring() cleans up and (optionally) byte-swaps a text string,
64 * removing leading/trailing blanks and compressing internal blanks.
65 * It is primarily used to tidy up the model name/number fields as
66 * returned by the ATA_CMD_ID_ATA[PI] commands.
67 */
68
69 void ide_fixstring(u8 *s, const int bytecount, const int byteswap)
70 {
71 u8 *p, *end = &s[bytecount & ~1]; /* bytecount must be even */
72
73 if (byteswap) {
74 /* convert from big-endian to host byte order */
75 for (p = s ; p != end ; p += 2)
76 be16_to_cpus((u16 *) p);
77 }
78
79 /* strip leading blanks */
80 p = s;
81 while (s != end && *s == ' ')
82 ++s;
83 /* compress internal blanks and strip trailing blanks */
84 while (s != end && *s) {
85 if (*s++ != ' ' || (s != end && *s && *s != ' '))
86 *p++ = *(s-1);
87 }
88 /* wipe out trailing garbage */
89 while (p != end)
90 *p++ = '\0';
91 }
92 EXPORT_SYMBOL(ide_fixstring);
93
94 /*
95 * This routine busy-waits for the drive status to be not "busy".
96 * It then checks the status for all of the "good" bits and none
97 * of the "bad" bits, and if all is okay it returns 0. All other
98 * cases return error -- caller may then invoke ide_error().
99 *
100 * This routine should get fixed to not hog the cpu during extra long waits..
101 * That could be done by busy-waiting for the first jiffy or two, and then
102 * setting a timer to wake up at half second intervals thereafter,
103 * until timeout is achieved, before timing out.
104 */
105 int __ide_wait_stat(ide_drive_t *drive, u8 good, u8 bad,
106 unsigned long timeout, u8 *rstat)
107 {
108 ide_hwif_t *hwif = drive->hwif;
109 const struct ide_tp_ops *tp_ops = hwif->tp_ops;
110 unsigned long flags;
111 int i;
112 u8 stat;
113
114 udelay(1); /* spec allows drive 400ns to assert "BUSY" */
115 stat = tp_ops->read_status(hwif);
116
117 if (stat & ATA_BUSY) {
118 local_save_flags(flags);
119 local_irq_enable_in_hardirq();
120 timeout += jiffies;
121 while ((stat = tp_ops->read_status(hwif)) & ATA_BUSY) {
122 if (time_after(jiffies, timeout)) {
123 /*
124 * One last read after the timeout in case
125 * heavy interrupt load made us not make any
126 * progress during the timeout..
127 */
128 stat = tp_ops->read_status(hwif);
129 if ((stat & ATA_BUSY) == 0)
130 break;
131
132 local_irq_restore(flags);
133 *rstat = stat;
134 return -EBUSY;
135 }
136 }
137 local_irq_restore(flags);
138 }
139 /*
140 * Allow status to settle, then read it again.
141 * A few rare drives vastly violate the 400ns spec here,
142 * so we'll wait up to 10usec for a "good" status
143 * rather than expensively fail things immediately.
144 * This fix courtesy of Matthew Faupel & Niccolo Rigacci.
145 */
146 for (i = 0; i < 10; i++) {
147 udelay(1);
148 stat = tp_ops->read_status(hwif);
149
150 if (OK_STAT(stat, good, bad)) {
151 *rstat = stat;
152 return 0;
153 }
154 }
155 *rstat = stat;
156 return -EFAULT;
157 }
158
159 /*
160 * In case of error returns error value after doing "*startstop = ide_error()".
161 * The caller should return the updated value of "startstop" in this case,
162 * "startstop" is unchanged when the function returns 0.
163 */
164 int ide_wait_stat(ide_startstop_t *startstop, ide_drive_t *drive, u8 good,
165 u8 bad, unsigned long timeout)
166 {
167 int err;
168 u8 stat;
169
170 /* bail early if we've exceeded max_failures */
171 if (drive->max_failures && (drive->failures > drive->max_failures)) {
172 *startstop = ide_stopped;
173 return 1;
174 }
175
176 err = __ide_wait_stat(drive, good, bad, timeout, &stat);
177
178 if (err) {
179 char *s = (err == -EBUSY) ? "status timeout" : "status error";
180 *startstop = ide_error(drive, s, stat);
181 }
182
183 return err;
184 }
185 EXPORT_SYMBOL(ide_wait_stat);
186
187 /**
188 * ide_in_drive_list - look for drive in black/white list
189 * @id: drive identifier
190 * @table: list to inspect
191 *
192 * Look for a drive in the blacklist and the whitelist tables
193 * Returns 1 if the drive is found in the table.
194 */
195
196 int ide_in_drive_list(u16 *id, const struct drive_list_entry *table)
197 {
198 for ( ; table->id_model; table++)
199 if ((!strcmp(table->id_model, (char *)&id[ATA_ID_PROD])) &&
200 (!table->id_firmware ||
201 strstr((char *)&id[ATA_ID_FW_REV], table->id_firmware)))
202 return 1;
203 return 0;
204 }
205 EXPORT_SYMBOL_GPL(ide_in_drive_list);
206
207 /*
208 * Early UDMA66 devices don't set bit14 to 1, only bit13 is valid.
209 * Some optical devices with the buggy firmwares have the same problem.
210 */
211 static const struct drive_list_entry ivb_list[] = {
212 { "QUANTUM FIREBALLlct10 05" , "A03.0900" },
213 { "QUANTUM FIREBALLlct20 30" , "APL.0900" },
214 { "TSSTcorp CDDVDW SH-S202J" , "SB00" },
215 { "TSSTcorp CDDVDW SH-S202J" , "SB01" },
216 { "TSSTcorp CDDVDW SH-S202N" , "SB00" },
217 { "TSSTcorp CDDVDW SH-S202N" , "SB01" },
218 { "TSSTcorp CDDVDW SH-S202H" , "SB00" },
219 { "TSSTcorp CDDVDW SH-S202H" , "SB01" },
220 { "SAMSUNG SP0822N" , "WA100-10" },
221 { NULL , NULL }
222 };
223
224 /*
225 * All hosts that use the 80c ribbon must use!
226 * The name is derived from upper byte of word 93 and the 80c ribbon.
227 */
228 u8 eighty_ninty_three(ide_drive_t *drive)
229 {
230 ide_hwif_t *hwif = drive->hwif;
231 u16 *id = drive->id;
232 int ivb = ide_in_drive_list(id, ivb_list);
233
234 if (hwif->cbl == ATA_CBL_PATA40_SHORT)
235 return 1;
236
237 if (ivb)
238 printk(KERN_DEBUG "%s: skipping word 93 validity check\n",
239 drive->name);
240
241 if (ata_id_is_sata(id) && !ivb)
242 return 1;
243
244 if (hwif->cbl != ATA_CBL_PATA80 && !ivb)
245 goto no_80w;
246
247 /*
248 * FIXME:
249 * - change master/slave IDENTIFY order
250 * - force bit13 (80c cable present) check also for !ivb devices
251 * (unless the slave device is pre-ATA3)
252 */
253 if (id[ATA_ID_HW_CONFIG] & 0x4000)
254 return 1;
255
256 if (ivb) {
257 const char *model = (char *)&id[ATA_ID_PROD];
258
259 if (strstr(model, "TSSTcorp CDDVDW SH-S202")) {
260 /*
261 * These ATAPI devices always report 80c cable
262 * so we have to depend on the host in this case.
263 */
264 if (hwif->cbl == ATA_CBL_PATA80)
265 return 1;
266 } else {
267 /* Depend on the device side cable detection. */
268 if (id[ATA_ID_HW_CONFIG] & 0x2000)
269 return 1;
270 }
271 }
272 no_80w:
273 if (drive->dev_flags & IDE_DFLAG_UDMA33_WARNED)
274 return 0;
275
276 printk(KERN_WARNING "%s: %s side 80-wire cable detection failed, "
277 "limiting max speed to UDMA33\n",
278 drive->name,
279 hwif->cbl == ATA_CBL_PATA80 ? "drive" : "host");
280
281 drive->dev_flags |= IDE_DFLAG_UDMA33_WARNED;
282
283 return 0;
284 }
285
286 static const char *nien_quirk_list[] = {
287 "QUANTUM FIREBALLlct08 08",
288 "QUANTUM FIREBALLP KA6.4",
289 "QUANTUM FIREBALLP KA9.1",
290 "QUANTUM FIREBALLP KX13.6",
291 "QUANTUM FIREBALLP KX20.5",
292 "QUANTUM FIREBALLP KX27.3",
293 "QUANTUM FIREBALLP LM20.4",
294 "QUANTUM FIREBALLP LM20.5",
295 NULL
296 };
297
298 void ide_check_nien_quirk_list(ide_drive_t *drive)
299 {
300 const char **list, *m = (char *)&drive->id[ATA_ID_PROD];
301
302 for (list = nien_quirk_list; *list != NULL; list++)
303 if (strstr(m, *list) != NULL) {
304 drive->dev_flags |= IDE_DFLAG_NIEN_QUIRK;
305 return;
306 }
307 }
308
309 int ide_driveid_update(ide_drive_t *drive)
310 {
311 u16 *id;
312 int rc;
313
314 id = kmalloc(SECTOR_SIZE, GFP_ATOMIC);
315 if (id == NULL)
316 return 0;
317
318 SELECT_MASK(drive, 1);
319 rc = ide_dev_read_id(drive, ATA_CMD_ID_ATA, id, 1);
320 SELECT_MASK(drive, 0);
321
322 if (rc)
323 goto out_err;
324
325 drive->id[ATA_ID_UDMA_MODES] = id[ATA_ID_UDMA_MODES];
326 drive->id[ATA_ID_MWDMA_MODES] = id[ATA_ID_MWDMA_MODES];
327 drive->id[ATA_ID_SWDMA_MODES] = id[ATA_ID_SWDMA_MODES];
328 drive->id[ATA_ID_CFA_MODES] = id[ATA_ID_CFA_MODES];
329 /* anything more ? */
330
331 kfree(id);
332
333 return 1;
334 out_err:
335 if (rc == 2)
336 printk(KERN_ERR "%s: %s: bad status\n", drive->name, __func__);
337 kfree(id);
338 return 0;
339 }
340
341 int ide_config_drive_speed(ide_drive_t *drive, u8 speed)
342 {
343 ide_hwif_t *hwif = drive->hwif;
344 const struct ide_tp_ops *tp_ops = hwif->tp_ops;
345 struct ide_taskfile tf;
346 u16 *id = drive->id, i;
347 int error = 0;
348 u8 stat;
349
350 #ifdef CONFIG_BLK_DEV_IDEDMA
351 if (hwif->dma_ops) /* check if host supports DMA */
352 hwif->dma_ops->dma_host_set(drive, 0);
353 #endif
354
355 /* Skip setting PIO flow-control modes on pre-EIDE drives */
356 if ((speed & 0xf8) == XFER_PIO_0 && ata_id_has_iordy(drive->id) == 0)
357 goto skip;
358
359 /*
360 * Don't use ide_wait_cmd here - it will
361 * attempt to set_geometry and recalibrate,
362 * but for some reason these don't work at
363 * this point (lost interrupt).
364 */
365
366 udelay(1);
367 tp_ops->dev_select(drive);
368 SELECT_MASK(drive, 1);
369 udelay(1);
370 tp_ops->write_devctl(hwif, ATA_NIEN | ATA_DEVCTL_OBS);
371
372 memset(&tf, 0, sizeof(tf));
373 tf.feature = SETFEATURES_XFER;
374 tf.nsect = speed;
375
376 tp_ops->tf_load(drive, &tf, IDE_VALID_FEATURE | IDE_VALID_NSECT);
377
378 tp_ops->exec_command(hwif, ATA_CMD_SET_FEATURES);
379
380 if (drive->dev_flags & IDE_DFLAG_NIEN_QUIRK)
381 tp_ops->write_devctl(hwif, ATA_DEVCTL_OBS);
382
383 error = __ide_wait_stat(drive, drive->ready_stat,
384 ATA_BUSY | ATA_DRQ | ATA_ERR,
385 WAIT_CMD, &stat);
386
387 SELECT_MASK(drive, 0);
388
389 if (error) {
390 (void) ide_dump_status(drive, "set_drive_speed_status", stat);
391 return error;
392 }
393
394 if (speed >= XFER_SW_DMA_0) {
395 id[ATA_ID_UDMA_MODES] &= ~0xFF00;
396 id[ATA_ID_MWDMA_MODES] &= ~0x0700;
397 id[ATA_ID_SWDMA_MODES] &= ~0x0700;
398 if (ata_id_is_cfa(id))
399 id[ATA_ID_CFA_MODES] &= ~0x0E00;
400 } else if (ata_id_is_cfa(id))
401 id[ATA_ID_CFA_MODES] &= ~0x01C0;
402
403 skip:
404 #ifdef CONFIG_BLK_DEV_IDEDMA
405 if (speed >= XFER_SW_DMA_0 && (drive->dev_flags & IDE_DFLAG_USING_DMA))
406 hwif->dma_ops->dma_host_set(drive, 1);
407 else if (hwif->dma_ops) /* check if host supports DMA */
408 ide_dma_off_quietly(drive);
409 #endif
410
411 if (speed >= XFER_UDMA_0) {
412 i = 1 << (speed - XFER_UDMA_0);
413 id[ATA_ID_UDMA_MODES] |= (i << 8 | i);
414 } else if (ata_id_is_cfa(id) && speed >= XFER_MW_DMA_3) {
415 i = speed - XFER_MW_DMA_2;
416 id[ATA_ID_CFA_MODES] |= i << 9;
417 } else if (speed >= XFER_MW_DMA_0) {
418 i = 1 << (speed - XFER_MW_DMA_0);
419 id[ATA_ID_MWDMA_MODES] |= (i << 8 | i);
420 } else if (speed >= XFER_SW_DMA_0) {
421 i = 1 << (speed - XFER_SW_DMA_0);
422 id[ATA_ID_SWDMA_MODES] |= (i << 8 | i);
423 } else if (ata_id_is_cfa(id) && speed >= XFER_PIO_5) {
424 i = speed - XFER_PIO_4;
425 id[ATA_ID_CFA_MODES] |= i << 6;
426 }
427
428 if (!drive->init_speed)
429 drive->init_speed = speed;
430 drive->current_speed = speed;
431 return error;
432 }
433
434 /*
435 * This should get invoked any time we exit the driver to
436 * wait for an interrupt response from a drive. handler() points
437 * at the appropriate code to handle the next interrupt, and a
438 * timer is started to prevent us from waiting forever in case
439 * something goes wrong (see the ide_timer_expiry() handler later on).
440 *
441 * See also ide_execute_command
442 */
443 void __ide_set_handler(ide_drive_t *drive, ide_handler_t *handler,
444 unsigned int timeout)
445 {
446 ide_hwif_t *hwif = drive->hwif;
447
448 BUG_ON(hwif->handler);
449 hwif->handler = handler;
450 hwif->timer.expires = jiffies + timeout;
451 hwif->req_gen_timer = hwif->req_gen;
452 add_timer(&hwif->timer);
453 }
454
455 void ide_set_handler(ide_drive_t *drive, ide_handler_t *handler,
456 unsigned int timeout)
457 {
458 ide_hwif_t *hwif = drive->hwif;
459 unsigned long flags;
460
461 spin_lock_irqsave(&hwif->lock, flags);
462 __ide_set_handler(drive, handler, timeout);
463 spin_unlock_irqrestore(&hwif->lock, flags);
464 }
465 EXPORT_SYMBOL(ide_set_handler);
466
467 /**
468 * ide_execute_command - execute an IDE command
469 * @drive: IDE drive to issue the command against
470 * @cmd: command
471 * @handler: handler for next phase
472 * @timeout: timeout for command
473 *
474 * Helper function to issue an IDE command. This handles the
475 * atomicity requirements, command timing and ensures that the
476 * handler and IRQ setup do not race. All IDE command kick off
477 * should go via this function or do equivalent locking.
478 */
479
480 void ide_execute_command(ide_drive_t *drive, struct ide_cmd *cmd,
481 ide_handler_t *handler, unsigned timeout)
482 {
483 ide_hwif_t *hwif = drive->hwif;
484 unsigned long flags;
485
486 spin_lock_irqsave(&hwif->lock, flags);
487 if ((cmd->protocol != ATAPI_PROT_DMA &&
488 cmd->protocol != ATAPI_PROT_PIO) ||
489 (drive->atapi_flags & IDE_AFLAG_DRQ_INTERRUPT))
490 __ide_set_handler(drive, handler, timeout);
491 hwif->tp_ops->exec_command(hwif, cmd->tf.command);
492 /*
493 * Drive takes 400nS to respond, we must avoid the IRQ being
494 * serviced before that.
495 *
496 * FIXME: we could skip this delay with care on non shared devices
497 */
498 ndelay(400);
499 spin_unlock_irqrestore(&hwif->lock, flags);
500 }
501
502 /*
503 * ide_wait_not_busy() waits for the currently selected device on the hwif
504 * to report a non-busy status, see comments in ide_probe_port().
505 */
506 int ide_wait_not_busy(ide_hwif_t *hwif, unsigned long timeout)
507 {
508 u8 stat = 0;
509
510 while (timeout--) {
511 /*
512 * Turn this into a schedule() sleep once I'm sure
513 * about locking issues (2.5 work ?).
514 */
515 mdelay(1);
516 stat = hwif->tp_ops->read_status(hwif);
517 if ((stat & ATA_BUSY) == 0)
518 return 0;
519 /*
520 * Assume a value of 0xff means nothing is connected to
521 * the interface and it doesn't implement the pull-down
522 * resistor on D7.
523 */
524 if (stat == 0xff)
525 return -ENODEV;
526 touch_softlockup_watchdog();
527 touch_nmi_watchdog();
528 }
529 return -EBUSY;
530 }
Linux kernel - Deliverables
This page took 0.042293 seconds and 5 git commands to generate.