Merge branch 'for-4.5/for-jens' of git://git.kernel.org/pub/scm/linux/kernel/git...
[muen/linux.git] / drivers / block / floppy.c
1 /*
2  *  linux/drivers/block/floppy.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  *  Copyright (C) 1993, 1994  Alain Knaff
6  *  Copyright (C) 1998 Alan Cox
7  */
8
9 /*
10  * 02.12.91 - Changed to static variables to indicate need for reset
11  * and recalibrate. This makes some things easier (output_byte reset
12  * checking etc), and means less interrupt jumping in case of errors,
13  * so the code is hopefully easier to understand.
14  */
15
16 /*
17  * This file is certainly a mess. I've tried my best to get it working,
18  * but I don't like programming floppies, and I have only one anyway.
19  * Urgel. I should check for more errors, and do more graceful error
20  * recovery. Seems there are problems with several drives. I've tried to
21  * correct them. No promises.
22  */
23
24 /*
25  * As with hd.c, all routines within this file can (and will) be called
26  * by interrupts, so extreme caution is needed. A hardware interrupt
27  * handler may not sleep, or a kernel panic will happen. Thus I cannot
28  * call "floppy-on" directly, but have to set a special timer interrupt
29  * etc.
30  */
31
32 /*
33  * 28.02.92 - made track-buffering routines, based on the routines written
34  * by entropy@wintermute.wpi.edu (Lawrence Foard). Linus.
35  */
36
37 /*
38  * Automatic floppy-detection and formatting written by Werner Almesberger
39  * (almesber@nessie.cs.id.ethz.ch), who also corrected some problems with
40  * the floppy-change signal detection.
41  */
42
43 /*
44  * 1992/7/22 -- Hennus Bergman: Added better error reporting, fixed
45  * FDC data overrun bug, added some preliminary stuff for vertical
46  * recording support.
47  *
48  * 1992/9/17: Added DMA allocation & DMA functions. -- hhb.
49  *
50  * TODO: Errors are still not counted properly.
51  */
52
53 /* 1992/9/20
54  * Modifications for ``Sector Shifting'' by Rob Hooft (hooft@chem.ruu.nl)
55  * modeled after the freeware MS-DOS program fdformat/88 V1.8 by
56  * Christoph H. Hochst\"atter.
57  * I have fixed the shift values to the ones I always use. Maybe a new
58  * ioctl() should be created to be able to modify them.
59  * There is a bug in the driver that makes it impossible to format a
60  * floppy as the first thing after bootup.
61  */
62
63 /*
64  * 1993/4/29 -- Linus -- cleaned up the timer handling in the kernel, and
65  * this helped the floppy driver as well. Much cleaner, and still seems to
66  * work.
67  */
68
69 /* 1994/6/24 --bbroad-- added the floppy table entries and made
70  * minor modifications to allow 2.88 floppies to be run.
71  */
72
73 /* 1994/7/13 -- Paul Vojta -- modified the probing code to allow three or more
74  * disk types.
75  */
76
77 /*
78  * 1994/8/8 -- Alain Knaff -- Switched to fdpatch driver: Support for bigger
79  * format bug fixes, but unfortunately some new bugs too...
80  */
81
82 /* 1994/9/17 -- Koen Holtman -- added logging of physical floppy write
83  * errors to allow safe writing by specialized programs.
84  */
85
86 /* 1995/4/24 -- Dan Fandrich -- added support for Commodore 1581 3.5" disks
87  * by defining bit 1 of the "stretch" parameter to mean put sectors on the
88  * opposite side of the disk, leaving the sector IDs alone (i.e. Commodore's
89  * drives are "upside-down").
90  */
91
92 /*
93  * 1995/8/26 -- Andreas Busse -- added Mips support.
94  */
95
96 /*
97  * 1995/10/18 -- Ralf Baechle -- Portability cleanup; move machine dependent
98  * features to asm/floppy.h.
99  */
100
101 /*
102  * 1998/1/21 -- Richard Gooch <rgooch@atnf.csiro.au> -- devfs support
103  */
104
105 /*
106  * 1998/05/07 -- Russell King -- More portability cleanups; moved definition of
107  * interrupt and dma channel to asm/floppy.h. Cleaned up some formatting &
108  * use of '0' for NULL.
109  */
110
111 /*
112  * 1998/06/07 -- Alan Cox -- Merged the 2.0.34 fixes for resource allocation
113  * failures.
114  */
115
116 /*
117  * 1998/09/20 -- David Weinehall -- Added slow-down code for buggy PS/2-drives.
118  */
119
120 /*
121  * 1999/08/13 -- Paul Slootman -- floppy stopped working on Alpha after 24
122  * days, 6 hours, 32 minutes and 32 seconds (i.e. MAXINT jiffies; ints were
123  * being used to store jiffies, which are unsigned longs).
124  */
125
126 /*
127  * 2000/08/28 -- Arnaldo Carvalho de Melo <acme@conectiva.com.br>
128  * - get rid of check_region
129  * - s/suser/capable/
130  */
131
132 /*
133  * 2001/08/26 -- Paul Gortmaker - fix insmod oops on machines with no
134  * floppy controller (lingering task on list after module is gone... boom.)
135  */
136
137 /*
138  * 2002/02/07 -- Anton Altaparmakov - Fix io ports reservation to correct range
139  * (0x3f2-0x3f5, 0x3f7). This fix is a bit of a hack but the proper fix
140  * requires many non-obvious changes in arch dependent code.
141  */
142
143 /* 2003/07/28 -- Daniele Bellucci <bellucda@tiscali.it>.
144  * Better audit of register_blkdev.
145  */
146
147 #undef  FLOPPY_SILENT_DCL_CLEAR
148
149 #define REALLY_SLOW_IO
150
151 #define DEBUGT 2
152
153 #define DPRINT(format, args...) \
154         pr_info("floppy%d: " format, current_drive, ##args)
155
156 #define DCL_DEBUG               /* debug disk change line */
157 #ifdef DCL_DEBUG
158 #define debug_dcl(test, fmt, args...) \
159         do { if ((test) & FD_DEBUG) DPRINT(fmt, ##args); } while (0)
160 #else
161 #define debug_dcl(test, fmt, args...) \
162         do { if (0) DPRINT(fmt, ##args); } while (0)
163 #endif
164
165 /* do print messages for unexpected interrupts */
166 static int print_unex = 1;
167 #include <linux/module.h>
168 #include <linux/sched.h>
169 #include <linux/fs.h>
170 #include <linux/kernel.h>
171 #include <linux/timer.h>
172 #include <linux/workqueue.h>
173 #define FDPATCHES
174 #include <linux/fdreg.h>
175 #include <linux/fd.h>
176 #include <linux/hdreg.h>
177 #include <linux/errno.h>
178 #include <linux/slab.h>
179 #include <linux/mm.h>
180 #include <linux/bio.h>
181 #include <linux/string.h>
182 #include <linux/jiffies.h>
183 #include <linux/fcntl.h>
184 #include <linux/delay.h>
185 #include <linux/mc146818rtc.h>  /* CMOS defines */
186 #include <linux/ioport.h>
187 #include <linux/interrupt.h>
188 #include <linux/init.h>
189 #include <linux/platform_device.h>
190 #include <linux/mod_devicetable.h>
191 #include <linux/mutex.h>
192 #include <linux/io.h>
193 #include <linux/uaccess.h>
194 #include <linux/async.h>
195
196 /*
197  * PS/2 floppies have much slower step rates than regular floppies.
198  * It's been recommended that take about 1/4 of the default speed
199  * in some more extreme cases.
200  */
201 static DEFINE_MUTEX(floppy_mutex);
202 static int slow_floppy;
203
204 #include <asm/dma.h>
205 #include <asm/irq.h>
206
207 static int FLOPPY_IRQ = 6;
208 static int FLOPPY_DMA = 2;
209 static int can_use_virtual_dma = 2;
210 /* =======
211  * can use virtual DMA:
212  * 0 = use of virtual DMA disallowed by config
213  * 1 = use of virtual DMA prescribed by config
214  * 2 = no virtual DMA preference configured.  By default try hard DMA,
215  * but fall back on virtual DMA when not enough memory available
216  */
217
218 static int use_virtual_dma;
219 /* =======
220  * use virtual DMA
221  * 0 using hard DMA
222  * 1 using virtual DMA
223  * This variable is set to virtual when a DMA mem problem arises, and
224  * reset back in floppy_grab_irq_and_dma.
225  * It is not safe to reset it in other circumstances, because the floppy
226  * driver may have several buffers in use at once, and we do currently not
227  * record each buffers capabilities
228  */
229
230 static DEFINE_SPINLOCK(floppy_lock);
231
232 static unsigned short virtual_dma_port = 0x3f0;
233 irqreturn_t floppy_interrupt(int irq, void *dev_id);
234 static int set_dor(int fdc, char mask, char data);
235
236 #define K_64    0x10000         /* 64KB */
237
238 /* the following is the mask of allowed drives. By default units 2 and
239  * 3 of both floppy controllers are disabled, because switching on the
240  * motor of these drives causes system hangs on some PCI computers. drive
241  * 0 is the low bit (0x1), and drive 7 is the high bit (0x80). Bits are on if
242  * a drive is allowed.
243  *
244  * NOTE: This must come before we include the arch floppy header because
245  *       some ports reference this variable from there. -DaveM
246  */
247
248 static int allowed_drive_mask = 0x33;
249
250 #include <asm/floppy.h>
251
252 static int irqdma_allocated;
253
254 #include <linux/blkdev.h>
255 #include <linux/blkpg.h>
256 #include <linux/cdrom.h>        /* for the compatibility eject ioctl */
257 #include <linux/completion.h>
258
259 static struct request *current_req;
260 static void do_fd_request(struct request_queue *q);
261 static int set_next_request(void);
262
263 #ifndef fd_get_dma_residue
264 #define fd_get_dma_residue() get_dma_residue(FLOPPY_DMA)
265 #endif
266
267 /* Dma Memory related stuff */
268
269 #ifndef fd_dma_mem_free
270 #define fd_dma_mem_free(addr, size) free_pages(addr, get_order(size))
271 #endif
272
273 #ifndef fd_dma_mem_alloc
274 #define fd_dma_mem_alloc(size) __get_dma_pages(GFP_KERNEL, get_order(size))
275 #endif
276
277 static inline void fallback_on_nodma_alloc(char **addr, size_t l)
278 {
279 #ifdef FLOPPY_CAN_FALLBACK_ON_NODMA
280         if (*addr)
281                 return;         /* we have the memory */
282         if (can_use_virtual_dma != 2)
283                 return;         /* no fallback allowed */
284         pr_info("DMA memory shortage. Temporarily falling back on virtual DMA\n");
285         *addr = (char *)nodma_mem_alloc(l);
286 #else
287         return;
288 #endif
289 }
290
291 /* End dma memory related stuff */
292
293 static unsigned long fake_change;
294 static bool initialized;
295
296 #define ITYPE(x)        (((x) >> 2) & 0x1f)
297 #define TOMINOR(x)      ((x & 3) | ((x & 4) << 5))
298 #define UNIT(x)         ((x) & 0x03)            /* drive on fdc */
299 #define FDC(x)          (((x) & 0x04) >> 2)     /* fdc of drive */
300         /* reverse mapping from unit and fdc to drive */
301 #define REVDRIVE(fdc, unit) ((unit) + ((fdc) << 2))
302
303 #define DP      (&drive_params[current_drive])
304 #define DRS     (&drive_state[current_drive])
305 #define DRWE    (&write_errors[current_drive])
306 #define FDCS    (&fdc_state[fdc])
307
308 #define UDP     (&drive_params[drive])
309 #define UDRS    (&drive_state[drive])
310 #define UDRWE   (&write_errors[drive])
311 #define UFDCS   (&fdc_state[FDC(drive)])
312
313 #define PH_HEAD(floppy, head) (((((floppy)->stretch & 2) >> 1) ^ head) << 2)
314 #define STRETCH(floppy) ((floppy)->stretch & FD_STRETCH)
315
316 /* read/write */
317 #define COMMAND         (raw_cmd->cmd[0])
318 #define DR_SELECT       (raw_cmd->cmd[1])
319 #define TRACK           (raw_cmd->cmd[2])
320 #define HEAD            (raw_cmd->cmd[3])
321 #define SECTOR          (raw_cmd->cmd[4])
322 #define SIZECODE        (raw_cmd->cmd[5])
323 #define SECT_PER_TRACK  (raw_cmd->cmd[6])
324 #define GAP             (raw_cmd->cmd[7])
325 #define SIZECODE2       (raw_cmd->cmd[8])
326 #define NR_RW 9
327
328 /* format */
329 #define F_SIZECODE      (raw_cmd->cmd[2])
330 #define F_SECT_PER_TRACK (raw_cmd->cmd[3])
331 #define F_GAP           (raw_cmd->cmd[4])
332 #define F_FILL          (raw_cmd->cmd[5])
333 #define NR_F 6
334
335 /*
336  * Maximum disk size (in kilobytes).
337  * This default is used whenever the current disk size is unknown.
338  * [Now it is rather a minimum]
339  */
340 #define MAX_DISK_SIZE 4         /* 3984 */
341
342 /*
343  * globals used by 'result()'
344  */
345 #define MAX_REPLIES 16
346 static unsigned char reply_buffer[MAX_REPLIES];
347 static int inr;         /* size of reply buffer, when called from interrupt */
348 #define ST0             (reply_buffer[0])
349 #define ST1             (reply_buffer[1])
350 #define ST2             (reply_buffer[2])
351 #define ST3             (reply_buffer[0])       /* result of GETSTATUS */
352 #define R_TRACK         (reply_buffer[3])
353 #define R_HEAD          (reply_buffer[4])
354 #define R_SECTOR        (reply_buffer[5])
355 #define R_SIZECODE      (reply_buffer[6])
356
357 #define SEL_DLY         (2 * HZ / 100)
358
359 /*
360  * this struct defines the different floppy drive types.
361  */
362 static struct {
363         struct floppy_drive_params params;
364         const char *name;       /* name printed while booting */
365 } default_drive_params[] = {
366 /* NOTE: the time values in jiffies should be in msec!
367  CMOS drive type
368   |     Maximum data rate supported by drive type
369   |     |   Head load time, msec
370   |     |   |   Head unload time, msec (not used)
371   |     |   |   |     Step rate interval, usec
372   |     |   |   |     |       Time needed for spinup time (jiffies)
373   |     |   |   |     |       |      Timeout for spinning down (jiffies)
374   |     |   |   |     |       |      |   Spindown offset (where disk stops)
375   |     |   |   |     |       |      |   |     Select delay
376   |     |   |   |     |       |      |   |     |     RPS
377   |     |   |   |     |       |      |   |     |     |    Max number of tracks
378   |     |   |   |     |       |      |   |     |     |    |     Interrupt timeout
379   |     |   |   |     |       |      |   |     |     |    |     |   Max nonintlv. sectors
380   |     |   |   |     |       |      |   |     |     |    |     |   | -Max Errors- flags */
381 {{0,  500, 16, 16, 8000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  80, 3*HZ, 20, {3,1,2,0,2}, 0,
382       0, { 7, 4, 8, 2, 1, 5, 3,10}, 3*HZ/2, 0 }, "unknown" },
383
384 {{1,  300, 16, 16, 8000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  40, 3*HZ, 17, {3,1,2,0,2}, 0,
385       0, { 1, 0, 0, 0, 0, 0, 0, 0}, 3*HZ/2, 1 }, "360K PC" }, /*5 1/4 360 KB PC*/
386
387 {{2,  500, 16, 16, 6000, 4*HZ/10, 3*HZ, 14, SEL_DLY, 6,  83, 3*HZ, 17, {3,1,2,0,2}, 0,
388       0, { 2, 5, 6,23,10,20,12, 0}, 3*HZ/2, 2 }, "1.2M" }, /*5 1/4 HD AT*/
389
390 {{3,  250, 16, 16, 3000,    1*HZ, 3*HZ,  0, SEL_DLY, 5,  83, 3*HZ, 20, {3,1,2,0,2}, 0,
391       0, { 4,22,21,30, 3, 0, 0, 0}, 3*HZ/2, 4 }, "720k" }, /*3 1/2 DD*/
392
393 {{4,  500, 16, 16, 4000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 20, {3,1,2,0,2}, 0,
394       0, { 7, 4,25,22,31,21,29,11}, 3*HZ/2, 7 }, "1.44M" }, /*3 1/2 HD*/
395
396 {{5, 1000, 15,  8, 3000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 40, {3,1,2,0,2}, 0,
397       0, { 7, 8, 4,25,28,22,31,21}, 3*HZ/2, 8 }, "2.88M AMI BIOS" }, /*3 1/2 ED*/
398
399 {{6, 1000, 15,  8, 3000, 4*HZ/10, 3*HZ, 10, SEL_DLY, 5,  83, 3*HZ, 40, {3,1,2,0,2}, 0,
400       0, { 7, 8, 4,25,28,22,31,21}, 3*HZ/2, 8 }, "2.88M" } /*3 1/2 ED*/
401 /*    |  --autodetected formats---    |      |      |
402  *    read_track                      |      |    Name printed when booting
403  *                                    |     Native format
404  *                  Frequency of disk change checks */
405 };
406
407 static struct floppy_drive_params drive_params[N_DRIVE];
408 static struct floppy_drive_struct drive_state[N_DRIVE];
409 static struct floppy_write_errors write_errors[N_DRIVE];
410 static struct timer_list motor_off_timer[N_DRIVE];
411 static struct gendisk *disks[N_DRIVE];
412 static struct block_device *opened_bdev[N_DRIVE];
413 static DEFINE_MUTEX(open_lock);
414 static struct floppy_raw_cmd *raw_cmd, default_raw_cmd;
415 static int fdc_queue;
416
417 /*
418  * This struct defines the different floppy types.
419  *
420  * Bit 0 of 'stretch' tells if the tracks need to be doubled for some
421  * types (e.g. 360kB diskette in 1.2MB drive, etc.).  Bit 1 of 'stretch'
422  * tells if the disk is in Commodore 1581 format, which means side 0 sectors
423  * are located on side 1 of the disk but with a side 0 ID, and vice-versa.
424  * This is the same as the Sharp MZ-80 5.25" CP/M disk format, except that the
425  * 1581's logical side 0 is on physical side 1, whereas the Sharp's logical
426  * side 0 is on physical side 0 (but with the misnamed sector IDs).
427  * 'stretch' should probably be renamed to something more general, like
428  * 'options'.
429  *
430  * Bits 2 through 9 of 'stretch' tell the number of the first sector.
431  * The LSB (bit 2) is flipped. For most disks, the first sector
432  * is 1 (represented by 0x00<<2).  For some CP/M and music sampler
433  * disks (such as Ensoniq EPS 16plus) it is 0 (represented as 0x01<<2).
434  * For Amstrad CPC disks it is 0xC1 (represented as 0xC0<<2).
435  *
436  * Other parameters should be self-explanatory (see also setfdprm(8)).
437  */
438 /*
439             Size
440              |  Sectors per track
441              |  | Head
442              |  | |  Tracks
443              |  | |  | Stretch
444              |  | |  | |  Gap 1 size
445              |  | |  | |    |  Data rate, | 0x40 for perp
446              |  | |  | |    |    |  Spec1 (stepping rate, head unload
447              |  | |  | |    |    |    |    /fmt gap (gap2) */
448 static struct floppy_struct floppy_type[32] = {
449         {    0, 0,0, 0,0,0x00,0x00,0x00,0x00,NULL    }, /*  0 no testing    */
450         {  720, 9,2,40,0,0x2A,0x02,0xDF,0x50,"d360"  }, /*  1 360KB PC      */
451         { 2400,15,2,80,0,0x1B,0x00,0xDF,0x54,"h1200" }, /*  2 1.2MB AT      */
452         {  720, 9,1,80,0,0x2A,0x02,0xDF,0x50,"D360"  }, /*  3 360KB SS 3.5" */
453         { 1440, 9,2,80,0,0x2A,0x02,0xDF,0x50,"D720"  }, /*  4 720KB 3.5"    */
454         {  720, 9,2,40,1,0x23,0x01,0xDF,0x50,"h360"  }, /*  5 360KB AT      */
455         { 1440, 9,2,80,0,0x23,0x01,0xDF,0x50,"h720"  }, /*  6 720KB AT      */
456         { 2880,18,2,80,0,0x1B,0x00,0xCF,0x6C,"H1440" }, /*  7 1.44MB 3.5"   */
457         { 5760,36,2,80,0,0x1B,0x43,0xAF,0x54,"E2880" }, /*  8 2.88MB 3.5"   */
458         { 6240,39,2,80,0,0x1B,0x43,0xAF,0x28,"E3120" }, /*  9 3.12MB 3.5"   */
459
460         { 2880,18,2,80,0,0x25,0x00,0xDF,0x02,"h1440" }, /* 10 1.44MB 5.25"  */
461         { 3360,21,2,80,0,0x1C,0x00,0xCF,0x0C,"H1680" }, /* 11 1.68MB 3.5"   */
462         {  820,10,2,41,1,0x25,0x01,0xDF,0x2E,"h410"  }, /* 12 410KB 5.25"   */
463         { 1640,10,2,82,0,0x25,0x02,0xDF,0x2E,"H820"  }, /* 13 820KB 3.5"    */
464         { 2952,18,2,82,0,0x25,0x00,0xDF,0x02,"h1476" }, /* 14 1.48MB 5.25"  */
465         { 3444,21,2,82,0,0x25,0x00,0xDF,0x0C,"H1722" }, /* 15 1.72MB 3.5"   */
466         {  840,10,2,42,1,0x25,0x01,0xDF,0x2E,"h420"  }, /* 16 420KB 5.25"   */
467         { 1660,10,2,83,0,0x25,0x02,0xDF,0x2E,"H830"  }, /* 17 830KB 3.5"    */
468         { 2988,18,2,83,0,0x25,0x00,0xDF,0x02,"h1494" }, /* 18 1.49MB 5.25"  */
469         { 3486,21,2,83,0,0x25,0x00,0xDF,0x0C,"H1743" }, /* 19 1.74 MB 3.5"  */
470
471         { 1760,11,2,80,0,0x1C,0x09,0xCF,0x00,"h880"  }, /* 20 880KB 5.25"   */
472         { 2080,13,2,80,0,0x1C,0x01,0xCF,0x00,"D1040" }, /* 21 1.04MB 3.5"   */
473         { 2240,14,2,80,0,0x1C,0x19,0xCF,0x00,"D1120" }, /* 22 1.12MB 3.5"   */
474         { 3200,20,2,80,0,0x1C,0x20,0xCF,0x2C,"h1600" }, /* 23 1.6MB 5.25"   */
475         { 3520,22,2,80,0,0x1C,0x08,0xCF,0x2e,"H1760" }, /* 24 1.76MB 3.5"   */
476         { 3840,24,2,80,0,0x1C,0x20,0xCF,0x00,"H1920" }, /* 25 1.92MB 3.5"   */
477         { 6400,40,2,80,0,0x25,0x5B,0xCF,0x00,"E3200" }, /* 26 3.20MB 3.5"   */
478         { 7040,44,2,80,0,0x25,0x5B,0xCF,0x00,"E3520" }, /* 27 3.52MB 3.5"   */
479         { 7680,48,2,80,0,0x25,0x63,0xCF,0x00,"E3840" }, /* 28 3.84MB 3.5"   */
480         { 3680,23,2,80,0,0x1C,0x10,0xCF,0x00,"H1840" }, /* 29 1.84MB 3.5"   */
481
482         { 1600,10,2,80,0,0x25,0x02,0xDF,0x2E,"D800"  }, /* 30 800KB 3.5"    */
483         { 3200,20,2,80,0,0x1C,0x00,0xCF,0x2C,"H1600" }, /* 31 1.6MB 3.5"    */
484 };
485
486 #define SECTSIZE (_FD_SECTSIZE(*floppy))
487
488 /* Auto-detection: Disk type used until the next media change occurs. */
489 static struct floppy_struct *current_type[N_DRIVE];
490
491 /*
492  * User-provided type information. current_type points to
493  * the respective entry of this array.
494  */
495 static struct floppy_struct user_params[N_DRIVE];
496
497 static sector_t floppy_sizes[256];
498
499 static char floppy_device_name[] = "floppy";
500
501 /*
502  * The driver is trying to determine the correct media format
503  * while probing is set. rw_interrupt() clears it after a
504  * successful access.
505  */
506 static int probing;
507
508 /* Synchronization of FDC access. */
509 #define FD_COMMAND_NONE         -1
510 #define FD_COMMAND_ERROR        2
511 #define FD_COMMAND_OKAY         3
512
513 static volatile int command_status = FD_COMMAND_NONE;
514 static unsigned long fdc_busy;
515 static DECLARE_WAIT_QUEUE_HEAD(fdc_wait);
516 static DECLARE_WAIT_QUEUE_HEAD(command_done);
517
518 /* Errors during formatting are counted here. */
519 static int format_errors;
520
521 /* Format request descriptor. */
522 static struct format_descr format_req;
523
524 /*
525  * Rate is 0 for 500kb/s, 1 for 300kbps, 2 for 250kbps
526  * Spec1 is 0xSH, where S is stepping rate (F=1ms, E=2ms, D=3ms etc),
527  * H is head unload time (1=16ms, 2=32ms, etc)
528  */
529
530 /*
531  * Track buffer
532  * Because these are written to by the DMA controller, they must
533  * not contain a 64k byte boundary crossing, or data will be
534  * corrupted/lost.
535  */
536 static char *floppy_track_buffer;
537 static int max_buffer_sectors;
538
539 static int *errors;
540 typedef void (*done_f)(int);
541 static const struct cont_t {
542         void (*interrupt)(void);
543                                 /* this is called after the interrupt of the
544                                  * main command */
545         void (*redo)(void);     /* this is called to retry the operation */
546         void (*error)(void);    /* this is called to tally an error */
547         done_f done;            /* this is called to say if the operation has
548                                  * succeeded/failed */
549 } *cont;
550
551 static void floppy_ready(void);
552 static void floppy_start(void);
553 static void process_fd_request(void);
554 static void recalibrate_floppy(void);
555 static void floppy_shutdown(struct work_struct *);
556
557 static int floppy_request_regions(int);
558 static void floppy_release_regions(int);
559 static int floppy_grab_irq_and_dma(void);
560 static void floppy_release_irq_and_dma(void);
561
562 /*
563  * The "reset" variable should be tested whenever an interrupt is scheduled,
564  * after the commands have been sent. This is to ensure that the driver doesn't
565  * get wedged when the interrupt doesn't come because of a failed command.
566  * reset doesn't need to be tested before sending commands, because
567  * output_byte is automatically disabled when reset is set.
568  */
569 static void reset_fdc(void);
570
571 /*
572  * These are global variables, as that's the easiest way to give
573  * information to interrupts. They are the data used for the current
574  * request.
575  */
576 #define NO_TRACK        -1
577 #define NEED_1_RECAL    -2
578 #define NEED_2_RECAL    -3
579
580 static atomic_t usage_count = ATOMIC_INIT(0);
581
582 /* buffer related variables */
583 static int buffer_track = -1;
584 static int buffer_drive = -1;
585 static int buffer_min = -1;
586 static int buffer_max = -1;
587
588 /* fdc related variables, should end up in a struct */
589 static struct floppy_fdc_state fdc_state[N_FDC];
590 static int fdc;                 /* current fdc */
591
592 static struct workqueue_struct *floppy_wq;
593
594 static struct floppy_struct *_floppy = floppy_type;
595 static unsigned char current_drive;
596 static long current_count_sectors;
597 static unsigned char fsector_t; /* sector in track */
598 static unsigned char in_sector_offset;  /* offset within physical sector,
599                                          * expressed in units of 512 bytes */
600
601 static inline bool drive_no_geom(int drive)
602 {
603         return !current_type[drive] && !ITYPE(UDRS->fd_device);
604 }
605
606 #ifndef fd_eject
607 static inline int fd_eject(int drive)
608 {
609         return -EINVAL;
610 }
611 #endif
612
613 /*
614  * Debugging
615  * =========
616  */
617 #ifdef DEBUGT
618 static long unsigned debugtimer;
619
620 static inline void set_debugt(void)
621 {
622         debugtimer = jiffies;
623 }
624
625 static inline void debugt(const char *func, const char *msg)
626 {
627         if (DP->flags & DEBUGT)
628                 pr_info("%s:%s dtime=%lu\n", func, msg, jiffies - debugtimer);
629 }
630 #else
631 static inline void set_debugt(void) { }
632 static inline void debugt(const char *func, const char *msg) { }
633 #endif /* DEBUGT */
634
635
636 static DECLARE_DELAYED_WORK(fd_timeout, floppy_shutdown);
637 static const char *timeout_message;
638
639 static void is_alive(const char *func, const char *message)
640 {
641         /* this routine checks whether the floppy driver is "alive" */
642         if (test_bit(0, &fdc_busy) && command_status < 2 &&
643             !delayed_work_pending(&fd_timeout)) {
644                 DPRINT("%s: timeout handler died.  %s\n", func, message);
645         }
646 }
647
648 static void (*do_floppy)(void) = NULL;
649
650 #define OLOGSIZE 20
651
652 static void (*lasthandler)(void);
653 static unsigned long interruptjiffies;
654 static unsigned long resultjiffies;
655 static int resultsize;
656 static unsigned long lastredo;
657
658 static struct output_log {
659         unsigned char data;
660         unsigned char status;
661         unsigned long jiffies;
662 } output_log[OLOGSIZE];
663
664 static int output_log_pos;
665
666 #define current_reqD -1
667 #define MAXTIMEOUT -2
668
669 static void __reschedule_timeout(int drive, const char *message)
670 {
671         unsigned long delay;
672
673         if (drive == current_reqD)
674                 drive = current_drive;
675
676         if (drive < 0 || drive >= N_DRIVE) {
677                 delay = 20UL * HZ;
678                 drive = 0;
679         } else
680                 delay = UDP->timeout;
681
682         mod_delayed_work(floppy_wq, &fd_timeout, delay);
683         if (UDP->flags & FD_DEBUG)
684                 DPRINT("reschedule timeout %s\n", message);
685         timeout_message = message;
686 }
687
688 static void reschedule_timeout(int drive, const char *message)
689 {
690         unsigned long flags;
691
692         spin_lock_irqsave(&floppy_lock, flags);
693         __reschedule_timeout(drive, message);
694         spin_unlock_irqrestore(&floppy_lock, flags);
695 }
696
697 #define INFBOUND(a, b) (a) = max_t(int, a, b)
698 #define SUPBOUND(a, b) (a) = min_t(int, a, b)
699
700 /*
701  * Bottom half floppy driver.
702  * ==========================
703  *
704  * This part of the file contains the code talking directly to the hardware,
705  * and also the main service loop (seek-configure-spinup-command)
706  */
707
708 /*
709  * disk change.
710  * This routine is responsible for maintaining the FD_DISK_CHANGE flag,
711  * and the last_checked date.
712  *
713  * last_checked is the date of the last check which showed 'no disk change'
714  * FD_DISK_CHANGE is set under two conditions:
715  * 1. The floppy has been changed after some i/o to that floppy already
716  *    took place.
717  * 2. No floppy disk is in the drive. This is done in order to ensure that
718  *    requests are quickly flushed in case there is no disk in the drive. It
719  *    follows that FD_DISK_CHANGE can only be cleared if there is a disk in
720  *    the drive.
721  *
722  * For 1., maxblock is observed. Maxblock is 0 if no i/o has taken place yet.
723  * For 2., FD_DISK_NEWCHANGE is watched. FD_DISK_NEWCHANGE is cleared on
724  *  each seek. If a disk is present, the disk change line should also be
725  *  cleared on each seek. Thus, if FD_DISK_NEWCHANGE is clear, but the disk
726  *  change line is set, this means either that no disk is in the drive, or
727  *  that it has been removed since the last seek.
728  *
729  * This means that we really have a third possibility too:
730  *  The floppy has been changed after the last seek.
731  */
732
733 static int disk_change(int drive)
734 {
735         int fdc = FDC(drive);
736
737         if (time_before(jiffies, UDRS->select_date + UDP->select_delay))
738                 DPRINT("WARNING disk change called early\n");
739         if (!(FDCS->dor & (0x10 << UNIT(drive))) ||
740             (FDCS->dor & 3) != UNIT(drive) || fdc != FDC(drive)) {
741                 DPRINT("probing disk change on unselected drive\n");
742                 DPRINT("drive=%d fdc=%d dor=%x\n", drive, FDC(drive),
743                        (unsigned int)FDCS->dor);
744         }
745
746         debug_dcl(UDP->flags,
747                   "checking disk change line for drive %d\n", drive);
748         debug_dcl(UDP->flags, "jiffies=%lu\n", jiffies);
749         debug_dcl(UDP->flags, "disk change line=%x\n", fd_inb(FD_DIR) & 0x80);
750         debug_dcl(UDP->flags, "flags=%lx\n", UDRS->flags);
751
752         if (UDP->flags & FD_BROKEN_DCL)
753                 return test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags);
754         if ((fd_inb(FD_DIR) ^ UDP->flags) & 0x80) {
755                 set_bit(FD_VERIFY_BIT, &UDRS->flags);
756                                         /* verify write protection */
757
758                 if (UDRS->maxblock)     /* mark it changed */
759                         set_bit(FD_DISK_CHANGED_BIT, &UDRS->flags);
760
761                 /* invalidate its geometry */
762                 if (UDRS->keep_data >= 0) {
763                         if ((UDP->flags & FTD_MSG) &&
764                             current_type[drive] != NULL)
765                                 DPRINT("Disk type is undefined after disk change\n");
766                         current_type[drive] = NULL;
767                         floppy_sizes[TOMINOR(drive)] = MAX_DISK_SIZE << 1;
768                 }
769
770                 return 1;
771         } else {
772                 UDRS->last_checked = jiffies;
773                 clear_bit(FD_DISK_NEWCHANGE_BIT, &UDRS->flags);
774         }
775         return 0;
776 }
777
778 static inline int is_selected(int dor, int unit)
779 {
780         return ((dor & (0x10 << unit)) && (dor & 3) == unit);
781 }
782
783 static bool is_ready_state(int status)
784 {
785         int state = status & (STATUS_READY | STATUS_DIR | STATUS_DMA);
786         return state == STATUS_READY;
787 }
788
789 static int set_dor(int fdc, char mask, char data)
790 {
791         unsigned char unit;
792         unsigned char drive;
793         unsigned char newdor;
794         unsigned char olddor;
795
796         if (FDCS->address == -1)
797                 return -1;
798
799         olddor = FDCS->dor;
800         newdor = (olddor & mask) | data;
801         if (newdor != olddor) {
802                 unit = olddor & 0x3;
803                 if (is_selected(olddor, unit) && !is_selected(newdor, unit)) {
804                         drive = REVDRIVE(fdc, unit);
805                         debug_dcl(UDP->flags,
806                                   "calling disk change from set_dor\n");
807                         disk_change(drive);
808                 }
809                 FDCS->dor = newdor;
810                 fd_outb(newdor, FD_DOR);
811
812                 unit = newdor & 0x3;
813                 if (!is_selected(olddor, unit) && is_selected(newdor, unit)) {
814                         drive = REVDRIVE(fdc, unit);
815                         UDRS->select_date = jiffies;
816                 }
817         }
818         return olddor;
819 }
820
821 static void twaddle(void)
822 {
823         if (DP->select_delay)
824                 return;
825         fd_outb(FDCS->dor & ~(0x10 << UNIT(current_drive)), FD_DOR);
826         fd_outb(FDCS->dor, FD_DOR);
827         DRS->select_date = jiffies;
828 }
829
830 /*
831  * Reset all driver information about the current fdc.
832  * This is needed after a reset, and after a raw command.
833  */
834 static void reset_fdc_info(int mode)
835 {
836         int drive;
837
838         FDCS->spec1 = FDCS->spec2 = -1;
839         FDCS->need_configure = 1;
840         FDCS->perp_mode = 1;
841         FDCS->rawcmd = 0;
842         for (drive = 0; drive < N_DRIVE; drive++)
843                 if (FDC(drive) == fdc && (mode || UDRS->track != NEED_1_RECAL))
844                         UDRS->track = NEED_2_RECAL;
845 }
846
847 /* selects the fdc and drive, and enables the fdc's input/dma. */
848 static void set_fdc(int drive)
849 {
850         if (drive >= 0 && drive < N_DRIVE) {
851                 fdc = FDC(drive);
852                 current_drive = drive;
853         }
854         if (fdc != 1 && fdc != 0) {
855                 pr_info("bad fdc value\n");
856                 return;
857         }
858         set_dor(fdc, ~0, 8);
859 #if N_FDC > 1
860         set_dor(1 - fdc, ~8, 0);
861 #endif
862         if (FDCS->rawcmd == 2)
863                 reset_fdc_info(1);
864         if (fd_inb(FD_STATUS) != STATUS_READY)
865                 FDCS->reset = 1;
866 }
867
868 /* locks the driver */
869 static int lock_fdc(int drive)
870 {
871         if (WARN(atomic_read(&usage_count) == 0,
872                  "Trying to lock fdc while usage count=0\n"))
873                 return -1;
874
875         if (wait_event_interruptible(fdc_wait, !test_and_set_bit(0, &fdc_busy)))
876                 return -EINTR;
877
878         command_status = FD_COMMAND_NONE;
879
880         reschedule_timeout(drive, "lock fdc");
881         set_fdc(drive);
882         return 0;
883 }
884
885 /* unlocks the driver */
886 static void unlock_fdc(void)
887 {
888         if (!test_bit(0, &fdc_busy))
889                 DPRINT("FDC access conflict!\n");
890
891         raw_cmd = NULL;
892         command_status = FD_COMMAND_NONE;
893         cancel_delayed_work(&fd_timeout);
894         do_floppy = NULL;
895         cont = NULL;
896         clear_bit(0, &fdc_busy);
897         wake_up(&fdc_wait);
898 }
899
900 /* switches the motor off after a given timeout */
901 static void motor_off_callback(unsigned long nr)
902 {
903         unsigned char mask = ~(0x10 << UNIT(nr));
904
905         set_dor(FDC(nr), mask, 0);
906 }
907
908 /* schedules motor off */
909 static void floppy_off(unsigned int drive)
910 {
911         unsigned long volatile delta;
912         int fdc = FDC(drive);
913
914         if (!(FDCS->dor & (0x10 << UNIT(drive))))
915                 return;
916
917         del_timer(motor_off_timer + drive);
918
919         /* make spindle stop in a position which minimizes spinup time
920          * next time */
921         if (UDP->rps) {
922                 delta = jiffies - UDRS->first_read_date + HZ -
923                     UDP->spindown_offset;
924                 delta = ((delta * UDP->rps) % HZ) / UDP->rps;
925                 motor_off_timer[drive].expires =
926                     jiffies + UDP->spindown - delta;
927         }
928         add_timer(motor_off_timer + drive);
929 }
930
931 /*
932  * cycle through all N_DRIVE floppy drives, for disk change testing.
933  * stopping at current drive. This is done before any long operation, to
934  * be sure to have up to date disk change information.
935  */
936 static void scandrives(void)
937 {
938         int i;
939         int drive;
940         int saved_drive;
941
942         if (DP->select_delay)
943                 return;
944
945         saved_drive = current_drive;
946         for (i = 0; i < N_DRIVE; i++) {
947                 drive = (saved_drive + i + 1) % N_DRIVE;
948                 if (UDRS->fd_ref == 0 || UDP->select_delay != 0)
949                         continue;       /* skip closed drives */
950                 set_fdc(drive);
951                 if (!(set_dor(fdc, ~3, UNIT(drive) | (0x10 << UNIT(drive))) &
952                       (0x10 << UNIT(drive))))
953                         /* switch the motor off again, if it was off to
954                          * begin with */
955                         set_dor(fdc, ~(0x10 << UNIT(drive)), 0);
956         }
957         set_fdc(saved_drive);
958 }
959
960 static void empty(void)
961 {
962 }
963
964 static void (*floppy_work_fn)(void);
965
966 static void floppy_work_workfn(struct work_struct *work)
967 {
968         floppy_work_fn();
969 }
970
971 static DECLARE_WORK(floppy_work, floppy_work_workfn);
972
973 static void schedule_bh(void (*handler)(void))
974 {
975         WARN_ON(work_pending(&floppy_work));
976
977         floppy_work_fn = handler;
978         queue_work(floppy_wq, &floppy_work);
979 }
980
981 static void (*fd_timer_fn)(void) = NULL;
982
983 static void fd_timer_workfn(struct work_struct *work)
984 {
985         fd_timer_fn();
986 }
987
988 static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn);
989
990 static void cancel_activity(void)
991 {
992         do_floppy = NULL;
993         cancel_delayed_work_sync(&fd_timer);
994         cancel_work_sync(&floppy_work);
995 }
996
997 /* this function makes sure that the disk stays in the drive during the
998  * transfer */
999 static void fd_watchdog(void)
1000 {
1001         debug_dcl(DP->flags, "calling disk change from watchdog\n");
1002
1003         if (disk_change(current_drive)) {
1004                 DPRINT("disk removed during i/o\n");
1005                 cancel_activity();
1006                 cont->done(0);
1007                 reset_fdc();
1008         } else {
1009                 cancel_delayed_work(&fd_timer);
1010                 fd_timer_fn = fd_watchdog;
1011                 queue_delayed_work(floppy_wq, &fd_timer, HZ / 10);
1012         }
1013 }
1014
1015 static void main_command_interrupt(void)
1016 {
1017         cancel_delayed_work(&fd_timer);
1018         cont->interrupt();
1019 }
1020
1021 /* waits for a delay (spinup or select) to pass */
1022 static int fd_wait_for_completion(unsigned long expires,
1023                                   void (*function)(void))
1024 {
1025         if (FDCS->reset) {
1026                 reset_fdc();    /* do the reset during sleep to win time
1027                                  * if we don't need to sleep, it's a good
1028                                  * occasion anyways */
1029                 return 1;
1030         }
1031
1032         if (time_before(jiffies, expires)) {
1033                 cancel_delayed_work(&fd_timer);
1034                 fd_timer_fn = function;
1035                 queue_delayed_work(floppy_wq, &fd_timer, expires - jiffies);
1036                 return 1;
1037         }
1038         return 0;
1039 }
1040
1041 static void setup_DMA(void)
1042 {
1043         unsigned long f;
1044
1045         if (raw_cmd->length == 0) {
1046                 int i;
1047
1048                 pr_info("zero dma transfer size:");
1049                 for (i = 0; i < raw_cmd->cmd_count; i++)
1050                         pr_cont("%x,", raw_cmd->cmd[i]);
1051                 pr_cont("\n");
1052                 cont->done(0);
1053                 FDCS->reset = 1;
1054                 return;
1055         }
1056         if (((unsigned long)raw_cmd->kernel_data) % 512) {
1057                 pr_info("non aligned address: %p\n", raw_cmd->kernel_data);
1058                 cont->done(0);
1059                 FDCS->reset = 1;
1060                 return;
1061         }
1062         f = claim_dma_lock();
1063         fd_disable_dma();
1064 #ifdef fd_dma_setup
1065         if (fd_dma_setup(raw_cmd->kernel_data, raw_cmd->length,
1066                          (raw_cmd->flags & FD_RAW_READ) ?
1067                          DMA_MODE_READ : DMA_MODE_WRITE, FDCS->address) < 0) {
1068                 release_dma_lock(f);
1069                 cont->done(0);
1070                 FDCS->reset = 1;
1071                 return;
1072         }
1073         release_dma_lock(f);
1074 #else
1075         fd_clear_dma_ff();
1076         fd_cacheflush(raw_cmd->kernel_data, raw_cmd->length);
1077         fd_set_dma_mode((raw_cmd->flags & FD_RAW_READ) ?
1078                         DMA_MODE_READ : DMA_MODE_WRITE);
1079         fd_set_dma_addr(raw_cmd->kernel_data);
1080         fd_set_dma_count(raw_cmd->length);
1081         virtual_dma_port = FDCS->address;
1082         fd_enable_dma();
1083         release_dma_lock(f);
1084 #endif
1085 }
1086
1087 static void show_floppy(void);
1088
1089 /* waits until the fdc becomes ready */
1090 static int wait_til_ready(void)
1091 {
1092         int status;
1093         int counter;
1094
1095         if (FDCS->reset)
1096                 return -1;
1097         for (counter = 0; counter < 10000; counter++) {
1098                 status = fd_inb(FD_STATUS);
1099                 if (status & STATUS_READY)
1100                         return status;
1101         }
1102         if (initialized) {
1103                 DPRINT("Getstatus times out (%x) on fdc %d\n", status, fdc);
1104                 show_floppy();
1105         }
1106         FDCS->reset = 1;
1107         return -1;
1108 }
1109
1110 /* sends a command byte to the fdc */
1111 static int output_byte(char byte)
1112 {
1113         int status = wait_til_ready();
1114
1115         if (status < 0)
1116                 return -1;
1117
1118         if (is_ready_state(status)) {
1119                 fd_outb(byte, FD_DATA);
1120                 output_log[output_log_pos].data = byte;
1121                 output_log[output_log_pos].status = status;
1122                 output_log[output_log_pos].jiffies = jiffies;
1123                 output_log_pos = (output_log_pos + 1) % OLOGSIZE;
1124                 return 0;
1125         }
1126         FDCS->reset = 1;
1127         if (initialized) {
1128                 DPRINT("Unable to send byte %x to FDC. Fdc=%x Status=%x\n",
1129                        byte, fdc, status);
1130                 show_floppy();
1131         }
1132         return -1;
1133 }
1134
1135 /* gets the response from the fdc */
1136 static int result(void)
1137 {
1138         int i;
1139         int status = 0;
1140
1141         for (i = 0; i < MAX_REPLIES; i++) {
1142                 status = wait_til_ready();
1143                 if (status < 0)
1144                         break;
1145                 status &= STATUS_DIR | STATUS_READY | STATUS_BUSY | STATUS_DMA;
1146                 if ((status & ~STATUS_BUSY) == STATUS_READY) {
1147                         resultjiffies = jiffies;
1148                         resultsize = i;
1149                         return i;
1150                 }
1151                 if (status == (STATUS_DIR | STATUS_READY | STATUS_BUSY))
1152                         reply_buffer[i] = fd_inb(FD_DATA);
1153                 else
1154                         break;
1155         }
1156         if (initialized) {
1157                 DPRINT("get result error. Fdc=%d Last status=%x Read bytes=%d\n",
1158                        fdc, status, i);
1159                 show_floppy();
1160         }
1161         FDCS->reset = 1;
1162         return -1;
1163 }
1164
1165 #define MORE_OUTPUT -2
1166 /* does the fdc need more output? */
1167 static int need_more_output(void)
1168 {
1169         int status = wait_til_ready();
1170
1171         if (status < 0)
1172                 return -1;
1173
1174         if (is_ready_state(status))
1175                 return MORE_OUTPUT;
1176
1177         return result();
1178 }
1179
1180 /* Set perpendicular mode as required, based on data rate, if supported.
1181  * 82077 Now tested. 1Mbps data rate only possible with 82077-1.
1182  */
1183 static void perpendicular_mode(void)
1184 {
1185         unsigned char perp_mode;
1186
1187         if (raw_cmd->rate & 0x40) {
1188                 switch (raw_cmd->rate & 3) {
1189                 case 0:
1190                         perp_mode = 2;
1191                         break;
1192                 case 3:
1193                         perp_mode = 3;
1194                         break;
1195                 default:
1196                         DPRINT("Invalid data rate for perpendicular mode!\n");
1197                         cont->done(0);
1198                         FDCS->reset = 1;
1199                                         /*
1200                                          * convenient way to return to
1201                                          * redo without too much hassle
1202                                          * (deep stack et al.)
1203                                          */
1204                         return;
1205                 }
1206         } else
1207                 perp_mode = 0;
1208
1209         if (FDCS->perp_mode == perp_mode)
1210                 return;
1211         if (FDCS->version >= FDC_82077_ORIG) {
1212                 output_byte(FD_PERPENDICULAR);
1213                 output_byte(perp_mode);
1214                 FDCS->perp_mode = perp_mode;
1215         } else if (perp_mode) {
1216                 DPRINT("perpendicular mode not supported by this FDC.\n");
1217         }
1218 }                               /* perpendicular_mode */
1219
1220 static int fifo_depth = 0xa;
1221 static int no_fifo;
1222
1223 static int fdc_configure(void)
1224 {
1225         /* Turn on FIFO */
1226         output_byte(FD_CONFIGURE);
1227         if (need_more_output() != MORE_OUTPUT)
1228                 return 0;
1229         output_byte(0);
1230         output_byte(0x10 | (no_fifo & 0x20) | (fifo_depth & 0xf));
1231         output_byte(0);         /* pre-compensation from track
1232                                    0 upwards */
1233         return 1;
1234 }
1235
1236 #define NOMINAL_DTR 500
1237
1238 /* Issue a "SPECIFY" command to set the step rate time, head unload time,
1239  * head load time, and DMA disable flag to values needed by floppy.
1240  *
1241  * The value "dtr" is the data transfer rate in Kbps.  It is needed
1242  * to account for the data rate-based scaling done by the 82072 and 82077
1243  * FDC types.  This parameter is ignored for other types of FDCs (i.e.
1244  * 8272a).
1245  *
1246  * Note that changing the data transfer rate has a (probably deleterious)
1247  * effect on the parameters subject to scaling for 82072/82077 FDCs, so
1248  * fdc_specify is called again after each data transfer rate
1249  * change.
1250  *
1251  * srt: 1000 to 16000 in microseconds
1252  * hut: 16 to 240 milliseconds
1253  * hlt: 2 to 254 milliseconds
1254  *
1255  * These values are rounded up to the next highest available delay time.
1256  */
1257 static void fdc_specify(void)
1258 {
1259         unsigned char spec1;
1260         unsigned char spec2;
1261         unsigned long srt;
1262         unsigned long hlt;
1263         unsigned long hut;
1264         unsigned long dtr = NOMINAL_DTR;
1265         unsigned long scale_dtr = NOMINAL_DTR;
1266         int hlt_max_code = 0x7f;
1267         int hut_max_code = 0xf;
1268
1269         if (FDCS->need_configure && FDCS->version >= FDC_82072A) {
1270                 fdc_configure();
1271                 FDCS->need_configure = 0;
1272         }
1273
1274         switch (raw_cmd->rate & 0x03) {
1275         case 3:
1276                 dtr = 1000;
1277                 break;
1278         case 1:
1279                 dtr = 300;
1280                 if (FDCS->version >= FDC_82078) {
1281                         /* chose the default rate table, not the one
1282                          * where 1 = 2 Mbps */
1283                         output_byte(FD_DRIVESPEC);
1284                         if (need_more_output() == MORE_OUTPUT) {
1285                                 output_byte(UNIT(current_drive));
1286                                 output_byte(0xc0);
1287                         }
1288                 }
1289                 break;
1290         case 2:
1291                 dtr = 250;
1292                 break;
1293         }
1294
1295         if (FDCS->version >= FDC_82072) {
1296                 scale_dtr = dtr;
1297                 hlt_max_code = 0x00;    /* 0==256msec*dtr0/dtr (not linear!) */
1298                 hut_max_code = 0x0;     /* 0==256msec*dtr0/dtr (not linear!) */
1299         }
1300
1301         /* Convert step rate from microseconds to milliseconds and 4 bits */
1302         srt = 16 - DIV_ROUND_UP(DP->srt * scale_dtr / 1000, NOMINAL_DTR);
1303         if (slow_floppy)
1304                 srt = srt / 4;
1305
1306         SUPBOUND(srt, 0xf);
1307         INFBOUND(srt, 0);
1308
1309         hlt = DIV_ROUND_UP(DP->hlt * scale_dtr / 2, NOMINAL_DTR);
1310         if (hlt < 0x01)
1311                 hlt = 0x01;
1312         else if (hlt > 0x7f)
1313                 hlt = hlt_max_code;
1314
1315         hut = DIV_ROUND_UP(DP->hut * scale_dtr / 16, NOMINAL_DTR);
1316         if (hut < 0x1)
1317                 hut = 0x1;
1318         else if (hut > 0xf)
1319                 hut = hut_max_code;
1320
1321         spec1 = (srt << 4) | hut;
1322         spec2 = (hlt << 1) | (use_virtual_dma & 1);
1323
1324         /* If these parameters did not change, just return with success */
1325         if (FDCS->spec1 != spec1 || FDCS->spec2 != spec2) {
1326                 /* Go ahead and set spec1 and spec2 */
1327                 output_byte(FD_SPECIFY);
1328                 output_byte(FDCS->spec1 = spec1);
1329                 output_byte(FDCS->spec2 = spec2);
1330         }
1331 }                               /* fdc_specify */
1332
1333 /* Set the FDC's data transfer rate on behalf of the specified drive.
1334  * NOTE: with 82072/82077 FDCs, changing the data rate requires a reissue
1335  * of the specify command (i.e. using the fdc_specify function).
1336  */
1337 static int fdc_dtr(void)
1338 {
1339         /* If data rate not already set to desired value, set it. */
1340         if ((raw_cmd->rate & 3) == FDCS->dtr)
1341                 return 0;
1342
1343         /* Set dtr */
1344         fd_outb(raw_cmd->rate & 3, FD_DCR);
1345
1346         /* TODO: some FDC/drive combinations (C&T 82C711 with TEAC 1.2MB)
1347          * need a stabilization period of several milliseconds to be
1348          * enforced after data rate changes before R/W operations.
1349          * Pause 5 msec to avoid trouble. (Needs to be 2 jiffies)
1350          */
1351         FDCS->dtr = raw_cmd->rate & 3;
1352         return fd_wait_for_completion(jiffies + 2UL * HZ / 100, floppy_ready);
1353 }                               /* fdc_dtr */
1354
1355 static void tell_sector(void)
1356 {
1357         pr_cont(": track %d, head %d, sector %d, size %d",
1358                 R_TRACK, R_HEAD, R_SECTOR, R_SIZECODE);
1359 }                               /* tell_sector */
1360
1361 static void print_errors(void)
1362 {
1363         DPRINT("");
1364         if (ST0 & ST0_ECE) {
1365                 pr_cont("Recalibrate failed!");
1366         } else if (ST2 & ST2_CRC) {
1367                 pr_cont("data CRC error");
1368                 tell_sector();
1369         } else if (ST1 & ST1_CRC) {
1370                 pr_cont("CRC error");
1371                 tell_sector();
1372         } else if ((ST1 & (ST1_MAM | ST1_ND)) ||
1373                    (ST2 & ST2_MAM)) {
1374                 if (!probing) {
1375                         pr_cont("sector not found");
1376                         tell_sector();
1377                 } else
1378                         pr_cont("probe failed...");
1379         } else if (ST2 & ST2_WC) {      /* seek error */
1380                 pr_cont("wrong cylinder");
1381         } else if (ST2 & ST2_BC) {      /* cylinder marked as bad */
1382                 pr_cont("bad cylinder");
1383         } else {
1384                 pr_cont("unknown error. ST[0..2] are: 0x%x 0x%x 0x%x",
1385                         ST0, ST1, ST2);
1386                 tell_sector();
1387         }
1388         pr_cont("\n");
1389 }
1390
1391 /*
1392  * OK, this error interpreting routine is called after a
1393  * DMA read/write has succeeded
1394  * or failed, so we check the results, and copy any buffers.
1395  * hhb: Added better error reporting.
1396  * ak: Made this into a separate routine.
1397  */
1398 static int interpret_errors(void)
1399 {
1400         char bad;
1401
1402         if (inr != 7) {
1403                 DPRINT("-- FDC reply error\n");
1404                 FDCS->reset = 1;
1405                 return 1;
1406         }
1407
1408         /* check IC to find cause of interrupt */
1409         switch (ST0 & ST0_INTR) {
1410         case 0x40:              /* error occurred during command execution */
1411                 if (ST1 & ST1_EOC)
1412                         return 0;       /* occurs with pseudo-DMA */
1413                 bad = 1;
1414                 if (ST1 & ST1_WP) {
1415                         DPRINT("Drive is write protected\n");
1416                         clear_bit(FD_DISK_WRITABLE_BIT, &DRS->flags);
1417                         cont->done(0);
1418                         bad = 2;
1419                 } else if (ST1 & ST1_ND) {
1420                         set_bit(FD_NEED_TWADDLE_BIT, &DRS->flags);
1421                 } else if (ST1 & ST1_OR) {
1422                         if (DP->flags & FTD_MSG)
1423                                 DPRINT("Over/Underrun - retrying\n");
1424                         bad = 0;
1425                 } else if (*errors >= DP->max_errors.reporting) {
1426                         print_errors();
1427                 }
1428                 if (ST2 & ST2_WC || ST2 & ST2_BC)
1429                         /* wrong cylinder => recal */
1430                         DRS->track = NEED_2_RECAL;
1431                 return bad;
1432         case 0x80:              /* invalid command given */
1433                 DPRINT("Invalid FDC command given!\n");
1434                 cont->done(0);
1435                 return 2;
1436         case 0xc0:
1437                 DPRINT("Abnormal termination caused by polling\n");
1438                 cont->error();
1439                 return 2;
1440         default:                /* (0) Normal command termination */
1441                 return 0;
1442         }
1443 }
1444
1445 /*
1446  * This routine is called when everything should be correctly set up
1447  * for the transfer (i.e. floppy motor is on, the correct floppy is
1448  * selected, and the head is sitting on the right track).
1449  */
1450 static void setup_rw_floppy(void)
1451 {
1452         int i;
1453         int r;
1454         int flags;
1455         int dflags;
1456         unsigned long ready_date;
1457         void (*function)(void);
1458
1459         flags = raw_cmd->flags;
1460         if (flags & (FD_RAW_READ | FD_RAW_WRITE))
1461                 flags |= FD_RAW_INTR;
1462
1463         if ((flags & FD_RAW_SPIN) && !(flags & FD_RAW_NO_MOTOR)) {
1464                 ready_date = DRS->spinup_date + DP->spinup;
1465                 /* If spinup will take a long time, rerun scandrives
1466                  * again just before spinup completion. Beware that
1467                  * after scandrives, we must again wait for selection.
1468                  */
1469                 if (time_after(ready_date, jiffies + DP->select_delay)) {
1470                         ready_date -= DP->select_delay;
1471                         function = floppy_start;
1472                 } else
1473                         function = setup_rw_floppy;
1474
1475                 /* wait until the floppy is spinning fast enough */
1476                 if (fd_wait_for_completion(ready_date, function))
1477                         return;
1478         }
1479         dflags = DRS->flags;
1480
1481         if ((flags & FD_RAW_READ) || (flags & FD_RAW_WRITE))
1482                 setup_DMA();
1483
1484         if (flags & FD_RAW_INTR)
1485                 do_floppy = main_command_interrupt;
1486
1487         r = 0;
1488         for (i = 0; i < raw_cmd->cmd_count; i++)
1489                 r |= output_byte(raw_cmd->cmd[i]);
1490
1491         debugt(__func__, "rw_command");
1492
1493         if (r) {
1494                 cont->error();
1495                 reset_fdc();
1496                 return;
1497         }
1498
1499         if (!(flags & FD_RAW_INTR)) {
1500                 inr = result();
1501                 cont->interrupt();
1502         } else if (flags & FD_RAW_NEED_DISK)
1503                 fd_watchdog();
1504 }
1505
1506 static int blind_seek;
1507
1508 /*
1509  * This is the routine called after every seek (or recalibrate) interrupt
1510  * from the floppy controller.
1511  */
1512 static void seek_interrupt(void)
1513 {
1514         debugt(__func__, "");
1515         if (inr != 2 || (ST0 & 0xF8) != 0x20) {
1516                 DPRINT("seek failed\n");
1517                 DRS->track = NEED_2_RECAL;
1518                 cont->error();
1519                 cont->redo();
1520                 return;
1521         }
1522         if (DRS->track >= 0 && DRS->track != ST1 && !blind_seek) {
1523                 debug_dcl(DP->flags,
1524                           "clearing NEWCHANGE flag because of effective seek\n");
1525                 debug_dcl(DP->flags, "jiffies=%lu\n", jiffies);
1526                 clear_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags);
1527                                         /* effective seek */
1528                 DRS->select_date = jiffies;
1529         }
1530         DRS->track = ST1;
1531         floppy_ready();
1532 }
1533
1534 static void check_wp(void)
1535 {
1536         if (test_bit(FD_VERIFY_BIT, &DRS->flags)) {
1537                                         /* check write protection */
1538                 output_byte(FD_GETSTATUS);
1539                 output_byte(UNIT(current_drive));
1540                 if (result() != 1) {
1541                         FDCS->reset = 1;
1542                         return;
1543                 }
1544                 clear_bit(FD_VERIFY_BIT, &DRS->flags);
1545                 clear_bit(FD_NEED_TWADDLE_BIT, &DRS->flags);
1546                 debug_dcl(DP->flags,
1547                           "checking whether disk is write protected\n");
1548                 debug_dcl(DP->flags, "wp=%x\n", ST3 & 0x40);
1549                 if (!(ST3 & 0x40))
1550                         set_bit(FD_DISK_WRITABLE_BIT, &DRS->flags);
1551                 else
1552                         clear_bit(FD_DISK_WRITABLE_BIT, &DRS->flags);
1553         }
1554 }
1555
1556 static void seek_floppy(void)
1557 {
1558         int track;
1559
1560         blind_seek = 0;
1561
1562         debug_dcl(DP->flags, "calling disk change from %s\n", __func__);
1563
1564         if (!test_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags) &&
1565             disk_change(current_drive) && (raw_cmd->flags & FD_RAW_NEED_DISK)) {
1566                 /* the media changed flag should be cleared after the seek.
1567                  * If it isn't, this means that there is really no disk in
1568                  * the drive.
1569                  */
1570                 set_bit(FD_DISK_CHANGED_BIT, &DRS->flags);
1571                 cont->done(0);
1572                 cont->redo();
1573                 return;
1574         }
1575         if (DRS->track <= NEED_1_RECAL) {
1576                 recalibrate_floppy();
1577                 return;
1578         } else if (test_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags) &&
1579                    (raw_cmd->flags & FD_RAW_NEED_DISK) &&
1580                    (DRS->track <= NO_TRACK || DRS->track == raw_cmd->track)) {
1581                 /* we seek to clear the media-changed condition. Does anybody
1582                  * know a more elegant way, which works on all drives? */
1583                 if (raw_cmd->track)
1584                         track = raw_cmd->track - 1;
1585                 else {
1586                         if (DP->flags & FD_SILENT_DCL_CLEAR) {
1587                                 set_dor(fdc, ~(0x10 << UNIT(current_drive)), 0);
1588                                 blind_seek = 1;
1589                                 raw_cmd->flags |= FD_RAW_NEED_SEEK;
1590                         }
1591                         track = 1;
1592                 }
1593         } else {
1594                 check_wp();
1595                 if (raw_cmd->track != DRS->track &&
1596                     (raw_cmd->flags & FD_RAW_NEED_SEEK))
1597                         track = raw_cmd->track;
1598                 else {
1599                         setup_rw_floppy();
1600                         return;
1601                 }
1602         }
1603
1604         do_floppy = seek_interrupt;
1605         output_byte(FD_SEEK);
1606         output_byte(UNIT(current_drive));
1607         if (output_byte(track) < 0) {
1608                 reset_fdc();
1609                 return;
1610         }
1611         debugt(__func__, "");
1612 }
1613
1614 static void recal_interrupt(void)
1615 {
1616         debugt(__func__, "");
1617         if (inr != 2)
1618                 FDCS->reset = 1;
1619         else if (ST0 & ST0_ECE) {
1620                 switch (DRS->track) {
1621                 case NEED_1_RECAL:
1622                         debugt(__func__, "need 1 recal");
1623                         /* after a second recalibrate, we still haven't
1624                          * reached track 0. Probably no drive. Raise an
1625                          * error, as failing immediately might upset
1626                          * computers possessed by the Devil :-) */
1627                         cont->error();
1628                         cont->redo();
1629                         return;
1630                 case NEED_2_RECAL:
1631                         debugt(__func__, "need 2 recal");
1632                         /* If we already did a recalibrate,
1633                          * and we are not at track 0, this
1634                          * means we have moved. (The only way
1635                          * not to move at recalibration is to
1636                          * be already at track 0.) Clear the
1637                          * new change flag */
1638                         debug_dcl(DP->flags,
1639                                   "clearing NEWCHANGE flag because of second recalibrate\n");
1640
1641                         clear_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags);
1642                         DRS->select_date = jiffies;
1643                         /* fall through */
1644                 default:
1645                         debugt(__func__, "default");
1646                         /* Recalibrate moves the head by at
1647                          * most 80 steps. If after one
1648                          * recalibrate we don't have reached
1649                          * track 0, this might mean that we
1650                          * started beyond track 80.  Try
1651                          * again.  */
1652                         DRS->track = NEED_1_RECAL;
1653                         break;
1654                 }
1655         } else
1656                 DRS->track = ST1;
1657         floppy_ready();
1658 }
1659
1660 static void print_result(char *message, int inr)
1661 {
1662         int i;
1663
1664         DPRINT("%s ", message);
1665         if (inr >= 0)
1666                 for (i = 0; i < inr; i++)
1667                         pr_cont("repl[%d]=%x ", i, reply_buffer[i]);
1668         pr_cont("\n");
1669 }
1670
1671 /* interrupt handler. Note that this can be called externally on the Sparc */
1672 irqreturn_t floppy_interrupt(int irq, void *dev_id)
1673 {
1674         int do_print;
1675         unsigned long f;
1676         void (*handler)(void) = do_floppy;
1677
1678         lasthandler = handler;
1679         interruptjiffies = jiffies;
1680
1681         f = claim_dma_lock();
1682         fd_disable_dma();
1683         release_dma_lock(f);
1684
1685         do_floppy = NULL;
1686         if (fdc >= N_FDC || FDCS->address == -1) {
1687                 /* we don't even know which FDC is the culprit */
1688                 pr_info("DOR0=%x\n", fdc_state[0].dor);
1689                 pr_info("floppy interrupt on bizarre fdc %d\n", fdc);
1690                 pr_info("handler=%pf\n", handler);
1691                 is_alive(__func__, "bizarre fdc");
1692                 return IRQ_NONE;
1693         }
1694
1695         FDCS->reset = 0;
1696         /* We have to clear the reset flag here, because apparently on boxes
1697          * with level triggered interrupts (PS/2, Sparc, ...), it is needed to
1698          * emit SENSEI's to clear the interrupt line. And FDCS->reset blocks the
1699          * emission of the SENSEI's.
1700          * It is OK to emit floppy commands because we are in an interrupt
1701          * handler here, and thus we have to fear no interference of other
1702          * activity.
1703          */
1704
1705         do_print = !handler && print_unex && initialized;
1706
1707         inr = result();
1708         if (do_print)
1709                 print_result("unexpected interrupt", inr);
1710         if (inr == 0) {
1711                 int max_sensei = 4;
1712                 do {
1713                         output_byte(FD_SENSEI);
1714                         inr = result();
1715                         if (do_print)
1716                                 print_result("sensei", inr);
1717                         max_sensei--;
1718                 } while ((ST0 & 0x83) != UNIT(current_drive) &&
1719                          inr == 2 && max_sensei);
1720         }
1721         if (!handler) {
1722                 FDCS->reset = 1;
1723                 return IRQ_NONE;
1724         }
1725         schedule_bh(handler);
1726         is_alive(__func__, "normal interrupt end");
1727
1728         /* FIXME! Was it really for us? */
1729         return IRQ_HANDLED;
1730 }
1731
1732 static void recalibrate_floppy(void)
1733 {
1734         debugt(__func__, "");
1735         do_floppy = recal_interrupt;
1736         output_byte(FD_RECALIBRATE);
1737         if (output_byte(UNIT(current_drive)) < 0)
1738                 reset_fdc();
1739 }
1740
1741 /*
1742  * Must do 4 FD_SENSEIs after reset because of ``drive polling''.
1743  */
1744 static void reset_interrupt(void)
1745 {
1746         debugt(__func__, "");
1747         result();               /* get the status ready for set_fdc */
1748         if (FDCS->reset) {
1749                 pr_info("reset set in interrupt, calling %pf\n", cont->error);
1750                 cont->error();  /* a reset just after a reset. BAD! */
1751         }
1752         cont->redo();
1753 }
1754
1755 /*
1756  * reset is done by pulling bit 2 of DOR low for a while (old FDCs),
1757  * or by setting the self clearing bit 7 of STATUS (newer FDCs)
1758  */
1759 static void reset_fdc(void)
1760 {
1761         unsigned long flags;
1762
1763         do_floppy = reset_interrupt;
1764         FDCS->reset = 0;
1765         reset_fdc_info(0);
1766
1767         /* Pseudo-DMA may intercept 'reset finished' interrupt.  */
1768         /* Irrelevant for systems with true DMA (i386).          */
1769
1770         flags = claim_dma_lock();
1771         fd_disable_dma();
1772         release_dma_lock(flags);
1773
1774         if (FDCS->version >= FDC_82072A)
1775                 fd_outb(0x80 | (FDCS->dtr & 3), FD_STATUS);
1776         else {
1777                 fd_outb(FDCS->dor & ~0x04, FD_DOR);
1778                 udelay(FD_RESET_DELAY);
1779                 fd_outb(FDCS->dor, FD_DOR);
1780         }
1781 }
1782
1783 static void show_floppy(void)
1784 {
1785         int i;
1786
1787         pr_info("\n");
1788         pr_info("floppy driver state\n");
1789         pr_info("-------------------\n");
1790         pr_info("now=%lu last interrupt=%lu diff=%lu last called handler=%pf\n",
1791                 jiffies, interruptjiffies, jiffies - interruptjiffies,
1792                 lasthandler);
1793
1794         pr_info("timeout_message=%s\n", timeout_message);
1795         pr_info("last output bytes:\n");
1796         for (i = 0; i < OLOGSIZE; i++)
1797                 pr_info("%2x %2x %lu\n",
1798                         output_log[(i + output_log_pos) % OLOGSIZE].data,
1799                         output_log[(i + output_log_pos) % OLOGSIZE].status,
1800                         output_log[(i + output_log_pos) % OLOGSIZE].jiffies);
1801         pr_info("last result at %lu\n", resultjiffies);
1802         pr_info("last redo_fd_request at %lu\n", lastredo);
1803         print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1,
1804                        reply_buffer, resultsize, true);
1805
1806         pr_info("status=%x\n", fd_inb(FD_STATUS));
1807         pr_info("fdc_busy=%lu\n", fdc_busy);
1808         if (do_floppy)
1809                 pr_info("do_floppy=%pf\n", do_floppy);
1810         if (work_pending(&floppy_work))
1811                 pr_info("floppy_work.func=%pf\n", floppy_work.func);
1812         if (delayed_work_pending(&fd_timer))
1813                 pr_info("delayed work.function=%p expires=%ld\n",
1814                        fd_timer.work.func,
1815                        fd_timer.timer.expires - jiffies);
1816         if (delayed_work_pending(&fd_timeout))
1817                 pr_info("timer_function=%p expires=%ld\n",
1818                        fd_timeout.work.func,
1819                        fd_timeout.timer.expires - jiffies);
1820
1821         pr_info("cont=%p\n", cont);
1822         pr_info("current_req=%p\n", current_req);
1823         pr_info("command_status=%d\n", command_status);
1824         pr_info("\n");
1825 }
1826
1827 static void floppy_shutdown(struct work_struct *arg)
1828 {
1829         unsigned long flags;
1830
1831         if (initialized)
1832                 show_floppy();
1833         cancel_activity();
1834
1835         flags = claim_dma_lock();
1836         fd_disable_dma();
1837         release_dma_lock(flags);
1838
1839         /* avoid dma going to a random drive after shutdown */
1840
1841         if (initialized)
1842                 DPRINT("floppy timeout called\n");
1843         FDCS->reset = 1;
1844         if (cont) {
1845                 cont->done(0);
1846                 cont->redo();   /* this will recall reset when needed */
1847         } else {
1848                 pr_info("no cont in shutdown!\n");
1849                 process_fd_request();
1850         }
1851         is_alive(__func__, "");
1852 }
1853
1854 /* start motor, check media-changed condition and write protection */
1855 static int start_motor(void (*function)(void))
1856 {
1857         int mask;
1858         int data;
1859
1860         mask = 0xfc;
1861         data = UNIT(current_drive);
1862         if (!(raw_cmd->flags & FD_RAW_NO_MOTOR)) {
1863                 if (!(FDCS->dor & (0x10 << UNIT(current_drive)))) {
1864                         set_debugt();
1865                         /* no read since this drive is running */
1866                         DRS->first_read_date = 0;
1867                         /* note motor start time if motor is not yet running */
1868                         DRS->spinup_date = jiffies;
1869                         data |= (0x10 << UNIT(current_drive));
1870                 }
1871         } else if (FDCS->dor & (0x10 << UNIT(current_drive)))
1872                 mask &= ~(0x10 << UNIT(current_drive));
1873
1874         /* starts motor and selects floppy */
1875         del_timer(motor_off_timer + current_drive);
1876         set_dor(fdc, mask, data);
1877
1878         /* wait_for_completion also schedules reset if needed. */
1879         return fd_wait_for_completion(DRS->select_date + DP->select_delay,
1880                                       function);
1881 }
1882
1883 static void floppy_ready(void)
1884 {
1885         if (FDCS->reset) {
1886                 reset_fdc();
1887                 return;
1888         }
1889         if (start_motor(floppy_ready))
1890                 return;
1891         if (fdc_dtr())
1892                 return;
1893
1894         debug_dcl(DP->flags, "calling disk change from floppy_ready\n");
1895         if (!(raw_cmd->flags & FD_RAW_NO_MOTOR) &&
1896             disk_change(current_drive) && !DP->select_delay)
1897                 twaddle();      /* this clears the dcl on certain
1898                                  * drive/controller combinations */
1899
1900 #ifdef fd_chose_dma_mode
1901         if ((raw_cmd->flags & FD_RAW_READ) || (raw_cmd->flags & FD_RAW_WRITE)) {
1902                 unsigned long flags = claim_dma_lock();
1903                 fd_chose_dma_mode(raw_cmd->kernel_data, raw_cmd->length);
1904                 release_dma_lock(flags);
1905         }
1906 #endif
1907
1908         if (raw_cmd->flags & (FD_RAW_NEED_SEEK | FD_RAW_NEED_DISK)) {
1909                 perpendicular_mode();
1910                 fdc_specify();  /* must be done here because of hut, hlt ... */
1911                 seek_floppy();
1912         } else {
1913                 if ((raw_cmd->flags & FD_RAW_READ) ||
1914                     (raw_cmd->flags & FD_RAW_WRITE))
1915                         fdc_specify();
1916                 setup_rw_floppy();
1917         }
1918 }
1919
1920 static void floppy_start(void)
1921 {
1922         reschedule_timeout(current_reqD, "floppy start");
1923
1924         scandrives();
1925         debug_dcl(DP->flags, "setting NEWCHANGE in floppy_start\n");
1926         set_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags);
1927         floppy_ready();
1928 }
1929
1930 /*
1931  * ========================================================================
1932  * here ends the bottom half. Exported routines are:
1933  * floppy_start, floppy_off, floppy_ready, lock_fdc, unlock_fdc, set_fdc,
1934  * start_motor, reset_fdc, reset_fdc_info, interpret_errors.
1935  * Initialization also uses output_byte, result, set_dor, floppy_interrupt
1936  * and set_dor.
1937  * ========================================================================
1938  */
1939 /*
1940  * General purpose continuations.
1941  * ==============================
1942  */
1943
1944 static void do_wakeup(void)
1945 {
1946         reschedule_timeout(MAXTIMEOUT, "do wakeup");
1947         cont = NULL;
1948         command_status += 2;
1949         wake_up(&command_done);
1950 }
1951
1952 static const struct cont_t wakeup_cont = {
1953         .interrupt      = empty,
1954         .redo           = do_wakeup,
1955         .error          = empty,
1956         .done           = (done_f)empty
1957 };
1958
1959 static const struct cont_t intr_cont = {
1960         .interrupt      = empty,
1961         .redo           = process_fd_request,
1962         .error          = empty,
1963         .done           = (done_f)empty
1964 };
1965
1966 static int wait_til_done(void (*handler)(void), bool interruptible)
1967 {
1968         int ret;
1969
1970         schedule_bh(handler);
1971
1972         if (interruptible)
1973                 wait_event_interruptible(command_done, command_status >= 2);
1974         else
1975                 wait_event(command_done, command_status >= 2);
1976
1977         if (command_status < 2) {
1978                 cancel_activity();
1979                 cont = &intr_cont;
1980                 reset_fdc();
1981                 return -EINTR;
1982         }
1983
1984         if (FDCS->reset)
1985                 command_status = FD_COMMAND_ERROR;
1986         if (command_status == FD_COMMAND_OKAY)
1987                 ret = 0;
1988         else
1989                 ret = -EIO;
1990         command_status = FD_COMMAND_NONE;
1991         return ret;
1992 }
1993
1994 static void generic_done(int result)
1995 {
1996         command_status = result;
1997         cont = &wakeup_cont;
1998 }
1999
2000 static void generic_success(void)
2001 {
2002         cont->done(1);
2003 }
2004
2005 static void generic_failure(void)
2006 {
2007         cont->done(0);
2008 }
2009
2010 static void success_and_wakeup(void)
2011 {
2012         generic_success();
2013         cont->redo();
2014 }
2015
2016 /*
2017  * formatting and rw support.
2018  * ==========================
2019  */
2020
2021 static int next_valid_format(void)
2022 {
2023         int probed_format;
2024
2025         probed_format = DRS->probed_format;
2026         while (1) {
2027                 if (probed_format >= 8 || !DP->autodetect[probed_format]) {
2028                         DRS->probed_format = 0;
2029                         return 1;
2030                 }
2031                 if (floppy_type[DP->autodetect[probed_format]].sect) {
2032                         DRS->probed_format = probed_format;
2033                         return 0;
2034                 }
2035                 probed_format++;
2036         }
2037 }
2038
2039 static void bad_flp_intr(void)
2040 {
2041         int err_count;
2042
2043         if (probing) {
2044                 DRS->probed_format++;
2045                 if (!next_valid_format())
2046                         return;
2047         }
2048         err_count = ++(*errors);
2049         INFBOUND(DRWE->badness, err_count);
2050         if (err_count > DP->max_errors.abort)
2051                 cont->done(0);
2052         if (err_count > DP->max_errors.reset)
2053                 FDCS->reset = 1;
2054         else if (err_count > DP->max_errors.recal)
2055                 DRS->track = NEED_2_RECAL;
2056 }
2057
2058 static void set_floppy(int drive)
2059 {
2060         int type = ITYPE(UDRS->fd_device);
2061
2062         if (type)
2063                 _floppy = floppy_type + type;
2064         else
2065                 _floppy = current_type[drive];
2066 }
2067
2068 /*
2069  * formatting support.
2070  * ===================
2071  */
2072 static void format_interrupt(void)
2073 {
2074         switch (interpret_errors()) {
2075         case 1:
2076                 cont->error();
2077         case 2:
2078                 break;
2079         case 0:
2080                 cont->done(1);
2081         }
2082         cont->redo();
2083 }
2084
2085 #define FM_MODE(x, y) ((y) & ~(((x)->rate & 0x80) >> 1))
2086 #define CT(x) ((x) | 0xc0)
2087
2088 static void setup_format_params(int track)
2089 {
2090         int n;
2091         int il;
2092         int count;
2093         int head_shift;
2094         int track_shift;
2095         struct fparm {
2096                 unsigned char track, head, sect, size;
2097         } *here = (struct fparm *)floppy_track_buffer;
2098
2099         raw_cmd = &default_raw_cmd;
2100         raw_cmd->track = track;
2101
2102         raw_cmd->flags = (FD_RAW_WRITE | FD_RAW_INTR | FD_RAW_SPIN |
2103                           FD_RAW_NEED_DISK | FD_RAW_NEED_SEEK);
2104         raw_cmd->rate = _floppy->rate & 0x43;
2105         raw_cmd->cmd_count = NR_F;
2106         COMMAND = FM_MODE(_floppy, FD_FORMAT);
2107         DR_SELECT = UNIT(current_drive) + PH_HEAD(_floppy, format_req.head);
2108         F_SIZECODE = FD_SIZECODE(_floppy);
2109         F_SECT_PER_TRACK = _floppy->sect << 2 >> F_SIZECODE;
2110         F_GAP = _floppy->fmt_gap;
2111         F_FILL = FD_FILL_BYTE;
2112
2113         raw_cmd->kernel_data = floppy_track_buffer;
2114         raw_cmd->length = 4 * F_SECT_PER_TRACK;
2115
2116         /* allow for about 30ms for data transport per track */
2117         head_shift = (F_SECT_PER_TRACK + 5) / 6;
2118
2119         /* a ``cylinder'' is two tracks plus a little stepping time */
2120         track_shift = 2 * head_shift + 3;
2121
2122         /* position of logical sector 1 on this track */
2123         n = (track_shift * format_req.track + head_shift * format_req.head)
2124             % F_SECT_PER_TRACK;
2125
2126         /* determine interleave */
2127         il = 1;
2128         if (_floppy->fmt_gap < 0x22)
2129                 il++;
2130
2131         /* initialize field */
2132         for (count = 0; count < F_SECT_PER_TRACK; ++count) {
2133                 here[count].track = format_req.track;
2134                 here[count].head = format_req.head;
2135                 here[count].sect = 0;
2136                 here[count].size = F_SIZECODE;
2137         }
2138         /* place logical sectors */
2139         for (count = 1; count <= F_SECT_PER_TRACK; ++count) {
2140                 here[n].sect = count;
2141                 n = (n + il) % F_SECT_PER_TRACK;
2142                 if (here[n].sect) {     /* sector busy, find next free sector */
2143                         ++n;
2144                         if (n >= F_SECT_PER_TRACK) {
2145                                 n -= F_SECT_PER_TRACK;
2146                                 while (here[n].sect)
2147                                         ++n;
2148                         }
2149                 }
2150         }
2151         if (_floppy->stretch & FD_SECTBASEMASK) {
2152                 for (count = 0; count < F_SECT_PER_TRACK; count++)
2153                         here[count].sect += FD_SECTBASE(_floppy) - 1;
2154         }
2155 }
2156
2157 static void redo_format(void)
2158 {
2159         buffer_track = -1;
2160         setup_format_params(format_req.track << STRETCH(_floppy));
2161         floppy_start();
2162         debugt(__func__, "queue format request");
2163 }
2164
2165 static const struct cont_t format_cont = {
2166         .interrupt      = format_interrupt,
2167         .redo           = redo_format,
2168         .error          = bad_flp_intr,
2169         .done           = generic_done
2170 };
2171
2172 static int do_format(int drive, struct format_descr *tmp_format_req)
2173 {
2174         int ret;
2175
2176         if (lock_fdc(drive))
2177                 return -EINTR;
2178
2179         set_floppy(drive);
2180         if (!_floppy ||
2181             _floppy->track > DP->tracks ||
2182             tmp_format_req->track >= _floppy->track ||
2183             tmp_format_req->head >= _floppy->head ||
2184             (_floppy->sect << 2) % (1 << FD_SIZECODE(_floppy)) ||
2185             !_floppy->fmt_gap) {
2186                 process_fd_request();
2187                 return -EINVAL;
2188         }
2189         format_req = *tmp_format_req;
2190         format_errors = 0;
2191         cont = &format_cont;
2192         errors = &format_errors;
2193         ret = wait_til_done(redo_format, true);
2194         if (ret == -EINTR)
2195                 return -EINTR;
2196         process_fd_request();
2197         return ret;
2198 }
2199
2200 /*
2201  * Buffer read/write and support
2202  * =============================
2203  */
2204
2205 static void floppy_end_request(struct request *req, int error)
2206 {
2207         unsigned int nr_sectors = current_count_sectors;
2208         unsigned int drive = (unsigned long)req->rq_disk->private_data;
2209
2210         /* current_count_sectors can be zero if transfer failed */
2211         if (error)
2212                 nr_sectors = blk_rq_cur_sectors(req);
2213         if (__blk_end_request(req, error, nr_sectors << 9))
2214                 return;
2215
2216         /* We're done with the request */
2217         floppy_off(drive);
2218         current_req = NULL;
2219 }
2220
2221 /* new request_done. Can handle physical sectors which are smaller than a
2222  * logical buffer */
2223 static void request_done(int uptodate)
2224 {
2225         struct request *req = current_req;
2226         struct request_queue *q;
2227         unsigned long flags;
2228         int block;
2229         char msg[sizeof("request done ") + sizeof(int) * 3];
2230
2231         probing = 0;
2232         snprintf(msg, sizeof(msg), "request done %d", uptodate);
2233         reschedule_timeout(MAXTIMEOUT, msg);
2234
2235         if (!req) {
2236                 pr_info("floppy.c: no request in request_done\n");
2237                 return;
2238         }
2239
2240         q = req->q;
2241
2242         if (uptodate) {
2243                 /* maintain values for invalidation on geometry
2244                  * change */
2245                 block = current_count_sectors + blk_rq_pos(req);
2246                 INFBOUND(DRS->maxblock, block);
2247                 if (block > _floppy->sect)
2248                         DRS->maxtrack = 1;
2249
2250                 /* unlock chained buffers */
2251                 spin_lock_irqsave(q->queue_lock, flags);
2252                 floppy_end_request(req, 0);
2253                 spin_unlock_irqrestore(q->queue_lock, flags);
2254         } else {
2255                 if (rq_data_dir(req) == WRITE) {
2256                         /* record write error information */
2257                         DRWE->write_errors++;
2258                         if (DRWE->write_errors == 1) {
2259                                 DRWE->first_error_sector = blk_rq_pos(req);
2260                                 DRWE->first_error_generation = DRS->generation;
2261                         }
2262                         DRWE->last_error_sector = blk_rq_pos(req);
2263                         DRWE->last_error_generation = DRS->generation;
2264                 }
2265                 spin_lock_irqsave(q->queue_lock, flags);
2266                 floppy_end_request(req, -EIO);
2267                 spin_unlock_irqrestore(q->queue_lock, flags);
2268         }
2269 }
2270
2271 /* Interrupt handler evaluating the result of the r/w operation */
2272 static void rw_interrupt(void)
2273 {
2274         int eoc;
2275         int ssize;
2276         int heads;
2277         int nr_sectors;
2278
2279         if (R_HEAD >= 2) {
2280                 /* some Toshiba floppy controllers occasionnally seem to
2281                  * return bogus interrupts after read/write operations, which
2282                  * can be recognized by a bad head number (>= 2) */
2283                 return;
2284         }
2285
2286         if (!DRS->first_read_date)
2287                 DRS->first_read_date = jiffies;
2288
2289         nr_sectors = 0;
2290         ssize = DIV_ROUND_UP(1 << SIZECODE, 4);
2291
2292         if (ST1 & ST1_EOC)
2293                 eoc = 1;
2294         else
2295                 eoc = 0;
2296
2297         if (COMMAND & 0x80)
2298                 heads = 2;
2299         else
2300                 heads = 1;
2301
2302         nr_sectors = (((R_TRACK - TRACK) * heads +
2303                        R_HEAD - HEAD) * SECT_PER_TRACK +
2304                       R_SECTOR - SECTOR + eoc) << SIZECODE >> 2;
2305
2306         if (nr_sectors / ssize >
2307             DIV_ROUND_UP(in_sector_offset + current_count_sectors, ssize)) {
2308                 DPRINT("long rw: %x instead of %lx\n",
2309                        nr_sectors, current_count_sectors);
2310                 pr_info("rs=%d s=%d\n", R_SECTOR, SECTOR);
2311                 pr_info("rh=%d h=%d\n", R_HEAD, HEAD);
2312                 pr_info("rt=%d t=%d\n", R_TRACK, TRACK);
2313                 pr_info("heads=%d eoc=%d\n", heads, eoc);
2314                 pr_info("spt=%d st=%d ss=%d\n",
2315                         SECT_PER_TRACK, fsector_t, ssize);
2316                 pr_info("in_sector_offset=%d\n", in_sector_offset);
2317         }
2318
2319         nr_sectors -= in_sector_offset;
2320         INFBOUND(nr_sectors, 0);
2321         SUPBOUND(current_count_sectors, nr_sectors);
2322
2323         switch (interpret_errors()) {
2324         case 2:
2325                 cont->redo();
2326                 return;
2327         case 1:
2328                 if (!current_count_sectors) {
2329                         cont->error();
2330                         cont->redo();
2331                         return;
2332                 }
2333                 break;
2334         case 0:
2335                 if (!current_count_sectors) {
2336                         cont->redo();
2337                         return;
2338                 }
2339                 current_type[current_drive] = _floppy;
2340                 floppy_sizes[TOMINOR(current_drive)] = _floppy->size;
2341                 break;
2342         }
2343
2344         if (probing) {
2345                 if (DP->flags & FTD_MSG)
2346                         DPRINT("Auto-detected floppy type %s in fd%d\n",
2347                                _floppy->name, current_drive);
2348                 current_type[current_drive] = _floppy;
2349                 floppy_sizes[TOMINOR(current_drive)] = _floppy->size;
2350                 probing = 0;
2351         }
2352
2353         if (CT(COMMAND) != FD_READ ||
2354             raw_cmd->kernel_data == bio_data(current_req->bio)) {
2355                 /* transfer directly from buffer */
2356                 cont->done(1);
2357         } else if (CT(COMMAND) == FD_READ) {
2358                 buffer_track = raw_cmd->track;
2359                 buffer_drive = current_drive;
2360                 INFBOUND(buffer_max, nr_sectors + fsector_t);
2361         }
2362         cont->redo();
2363 }
2364
2365 /* Compute maximal contiguous buffer size. */
2366 static int buffer_chain_size(void)
2367 {
2368         struct bio_vec bv;
2369         int size;
2370         struct req_iterator iter;
2371         char *base;
2372
2373         base = bio_data(current_req->bio);
2374         size = 0;
2375
2376         rq_for_each_segment(bv, current_req, iter) {
2377                 if (page_address(bv.bv_page) + bv.bv_offset != base + size)
2378                         break;
2379
2380                 size += bv.bv_len;
2381         }
2382
2383         return size >> 9;
2384 }
2385
2386 /* Compute the maximal transfer size */
2387 static int transfer_size(int ssize, int max_sector, int max_size)
2388 {
2389         SUPBOUND(max_sector, fsector_t + max_size);
2390
2391         /* alignment */
2392         max_sector -= (max_sector % _floppy->sect) % ssize;
2393
2394         /* transfer size, beginning not aligned */
2395         current_count_sectors = max_sector - fsector_t;
2396
2397         return max_sector;
2398 }
2399
2400 /*
2401  * Move data from/to the track buffer to/from the buffer cache.
2402  */
2403 static void copy_buffer(int ssize, int max_sector, int max_sector_2)
2404 {
2405         int remaining;          /* number of transferred 512-byte sectors */
2406         struct bio_vec bv;
2407         char *buffer;
2408         char *dma_buffer;
2409         int size;
2410         struct req_iterator iter;
2411
2412         max_sector = transfer_size(ssize,
2413                                    min(max_sector, max_sector_2),
2414                                    blk_rq_sectors(current_req));
2415
2416         if (current_count_sectors <= 0 && CT(COMMAND) == FD_WRITE &&
2417             buffer_max > fsector_t + blk_rq_sectors(current_req))
2418                 current_count_sectors = min_t(int, buffer_max - fsector_t,
2419                                               blk_rq_sectors(current_req));
2420
2421         remaining = current_count_sectors << 9;
2422         if (remaining > blk_rq_bytes(current_req) && CT(COMMAND) == FD_WRITE) {
2423                 DPRINT("in copy buffer\n");
2424                 pr_info("current_count_sectors=%ld\n", current_count_sectors);
2425                 pr_info("remaining=%d\n", remaining >> 9);
2426                 pr_info("current_req->nr_sectors=%u\n",
2427                         blk_rq_sectors(current_req));
2428                 pr_info("current_req->current_nr_sectors=%u\n",
2429                         blk_rq_cur_sectors(current_req));
2430                 pr_info("max_sector=%d\n", max_sector);
2431                 pr_info("ssize=%d\n", ssize);
2432         }
2433
2434         buffer_max = max(max_sector, buffer_max);
2435
2436         dma_buffer = floppy_track_buffer + ((fsector_t - buffer_min) << 9);
2437
2438         size = blk_rq_cur_bytes(current_req);
2439
2440         rq_for_each_segment(bv, current_req, iter) {
2441                 if (!remaining)
2442                         break;
2443
2444                 size = bv.bv_len;
2445                 SUPBOUND(size, remaining);
2446
2447                 buffer = page_address(bv.bv_page) + bv.bv_offset;
2448                 if (dma_buffer + size >
2449                     floppy_track_buffer + (max_buffer_sectors << 10) ||
2450                     dma_buffer < floppy_track_buffer) {
2451                         DPRINT("buffer overrun in copy buffer %d\n",
2452                                (int)((floppy_track_buffer - dma_buffer) >> 9));
2453                         pr_info("fsector_t=%d buffer_min=%d\n",
2454                                 fsector_t, buffer_min);
2455                         pr_info("current_count_sectors=%ld\n",
2456                                 current_count_sectors);
2457                         if (CT(COMMAND) == FD_READ)
2458                                 pr_info("read\n");
2459                         if (CT(COMMAND) == FD_WRITE)
2460                                 pr_info("write\n");
2461                         break;
2462                 }
2463                 if (((unsigned long)buffer) % 512)
2464                         DPRINT("%p buffer not aligned\n", buffer);
2465
2466                 if (CT(COMMAND) == FD_READ)
2467                         memcpy(buffer, dma_buffer, size);
2468                 else
2469                         memcpy(dma_buffer, buffer, size);
2470
2471                 remaining -= size;
2472                 dma_buffer += size;
2473         }
2474         if (remaining) {
2475                 if (remaining > 0)
2476                         max_sector -= remaining >> 9;
2477                 DPRINT("weirdness: remaining %d\n", remaining >> 9);
2478         }
2479 }
2480
2481 /* work around a bug in pseudo DMA
2482  * (on some FDCs) pseudo DMA does not stop when the CPU stops
2483  * sending data.  Hence we need a different way to signal the
2484  * transfer length:  We use SECT_PER_TRACK.  Unfortunately, this
2485  * does not work with MT, hence we can only transfer one head at
2486  * a time
2487  */
2488 static void virtualdmabug_workaround(void)
2489 {
2490         int hard_sectors;
2491         int end_sector;
2492
2493         if (CT(COMMAND) == FD_WRITE) {
2494                 COMMAND &= ~0x80;       /* switch off multiple track mode */
2495
2496                 hard_sectors = raw_cmd->length >> (7 + SIZECODE);
2497                 end_sector = SECTOR + hard_sectors - 1;
2498                 if (end_sector > SECT_PER_TRACK) {
2499                         pr_info("too many sectors %d > %d\n",
2500                                 end_sector, SECT_PER_TRACK);
2501                         return;
2502                 }
2503                 SECT_PER_TRACK = end_sector;
2504                                         /* make sure SECT_PER_TRACK
2505                                          * points to end of transfer */
2506         }
2507 }
2508
2509 /*
2510  * Formulate a read/write request.
2511  * this routine decides where to load the data (directly to buffer, or to
2512  * tmp floppy area), how much data to load (the size of the buffer, the whole
2513  * track, or a single sector)
2514  * All floppy_track_buffer handling goes in here. If we ever add track buffer
2515  * allocation on the fly, it should be done here. No other part should need
2516  * modification.
2517  */
2518
2519 static int make_raw_rw_request(void)
2520 {
2521         int aligned_sector_t;
2522         int max_sector;
2523         int max_size;
2524         int tracksize;
2525         int ssize;
2526
2527         if (WARN(max_buffer_sectors == 0, "VFS: Block I/O scheduled on unopened device\n"))
2528                 return 0;
2529
2530         set_fdc((long)current_req->rq_disk->private_data);
2531
2532         raw_cmd = &default_raw_cmd;
2533         raw_cmd->flags = FD_RAW_SPIN | FD_RAW_NEED_DISK | FD_RAW_NEED_SEEK;
2534         raw_cmd->cmd_count = NR_RW;
2535         if (rq_data_dir(current_req) == READ) {
2536                 raw_cmd->flags |= FD_RAW_READ;
2537                 COMMAND = FM_MODE(_floppy, FD_READ);
2538         } else if (rq_data_dir(current_req) == WRITE) {
2539                 raw_cmd->flags |= FD_RAW_WRITE;
2540                 COMMAND = FM_MODE(_floppy, FD_WRITE);
2541         } else {
2542                 DPRINT("%s: unknown command\n", __func__);
2543                 return 0;
2544         }
2545
2546         max_sector = _floppy->sect * _floppy->head;
2547
2548         TRACK = (int)blk_rq_pos(current_req) / max_sector;
2549         fsector_t = (int)blk_rq_pos(current_req) % max_sector;
2550         if (_floppy->track && TRACK >= _floppy->track) {
2551                 if (blk_rq_cur_sectors(current_req) & 1) {
2552                         current_count_sectors = 1;
2553                         return 1;
2554                 } else
2555                         return 0;
2556         }
2557         HEAD = fsector_t / _floppy->sect;
2558
2559         if (((_floppy->stretch & (FD_SWAPSIDES | FD_SECTBASEMASK)) ||
2560              test_bit(FD_NEED_TWADDLE_BIT, &DRS->flags)) &&
2561             fsector_t < _floppy->sect)
2562                 max_sector = _floppy->sect;
2563
2564         /* 2M disks have phantom sectors on the first track */
2565         if ((_floppy->rate & FD_2M) && (!TRACK) && (!HEAD)) {
2566                 max_sector = 2 * _floppy->sect / 3;
2567                 if (fsector_t >= max_sector) {
2568                         current_count_sectors =
2569                             min_t(int, _floppy->sect - fsector_t,
2570                                   blk_rq_sectors(current_req));
2571                         return 1;
2572                 }
2573                 SIZECODE = 2;
2574         } else
2575                 SIZECODE = FD_SIZECODE(_floppy);
2576         raw_cmd->rate = _floppy->rate & 0x43;
2577         if ((_floppy->rate & FD_2M) && (TRACK || HEAD) && raw_cmd->rate == 2)
2578                 raw_cmd->rate = 1;
2579
2580         if (SIZECODE)
2581                 SIZECODE2 = 0xff;
2582         else
2583                 SIZECODE2 = 0x80;
2584         raw_cmd->track = TRACK << STRETCH(_floppy);
2585         DR_SELECT = UNIT(current_drive) + PH_HEAD(_floppy, HEAD);
2586         GAP = _floppy->gap;
2587         ssize = DIV_ROUND_UP(1 << SIZECODE, 4);
2588         SECT_PER_TRACK = _floppy->sect << 2 >> SIZECODE;
2589         SECTOR = ((fsector_t % _floppy->sect) << 2 >> SIZECODE) +
2590             FD_SECTBASE(_floppy);
2591
2592         /* tracksize describes the size which can be filled up with sectors
2593          * of size ssize.
2594          */
2595         tracksize = _floppy->sect - _floppy->sect % ssize;
2596         if (tracksize < _floppy->sect) {
2597                 SECT_PER_TRACK++;
2598                 if (tracksize <= fsector_t % _floppy->sect)
2599                         SECTOR--;
2600
2601                 /* if we are beyond tracksize, fill up using smaller sectors */
2602                 while (tracksize <= fsector_t % _floppy->sect) {
2603                         while (tracksize + ssize > _floppy->sect) {
2604                                 SIZECODE--;
2605                                 ssize >>= 1;
2606                         }
2607                         SECTOR++;
2608                         SECT_PER_TRACK++;
2609                         tracksize += ssize;
2610                 }
2611                 max_sector = HEAD * _floppy->sect + tracksize;
2612         } else if (!TRACK && !HEAD && !(_floppy->rate & FD_2M) && probing) {
2613                 max_sector = _floppy->sect;
2614         } else if (!HEAD && CT(COMMAND) == FD_WRITE) {
2615                 /* for virtual DMA bug workaround */
2616                 max_sector = _floppy->sect;
2617         }
2618
2619         in_sector_offset = (fsector_t % _floppy->sect) % ssize;
2620         aligned_sector_t = fsector_t - in_sector_offset;
2621         max_size = blk_rq_sectors(current_req);
2622         if ((raw_cmd->track == buffer_track) &&
2623             (current_drive == buffer_drive) &&
2624             (fsector_t >= buffer_min) && (fsector_t < buffer_max)) {
2625                 /* data already in track buffer */
2626                 if (CT(COMMAND) == FD_READ) {
2627                         copy_buffer(1, max_sector, buffer_max);
2628                         return 1;
2629                 }
2630         } else if (in_sector_offset || blk_rq_sectors(current_req) < ssize) {
2631                 if (CT(COMMAND) == FD_WRITE) {
2632                         unsigned int sectors;
2633
2634                         sectors = fsector_t + blk_rq_sectors(current_req);
2635                         if (sectors > ssize && sectors < ssize + ssize)
2636                                 max_size = ssize + ssize;
2637                         else
2638                                 max_size = ssize;
2639                 }
2640                 raw_cmd->flags &= ~FD_RAW_WRITE;
2641                 raw_cmd->flags |= FD_RAW_READ;
2642                 COMMAND = FM_MODE(_floppy, FD_READ);
2643         } else if ((unsigned long)bio_data(current_req->bio) < MAX_DMA_ADDRESS) {
2644                 unsigned long dma_limit;
2645                 int direct, indirect;
2646
2647                 indirect =
2648                     transfer_size(ssize, max_sector,
2649                                   max_buffer_sectors * 2) - fsector_t;
2650
2651                 /*
2652                  * Do NOT use minimum() here---MAX_DMA_ADDRESS is 64 bits wide
2653                  * on a 64 bit machine!
2654                  */
2655                 max_size = buffer_chain_size();
2656                 dma_limit = (MAX_DMA_ADDRESS -
2657                              ((unsigned long)bio_data(current_req->bio))) >> 9;
2658                 if ((unsigned long)max_size > dma_limit)
2659                         max_size = dma_limit;
2660                 /* 64 kb boundaries */
2661                 if (CROSS_64KB(bio_data(current_req->bio), max_size << 9))
2662                         max_size = (K_64 -
2663                                     ((unsigned long)bio_data(current_req->bio)) %
2664                                     K_64) >> 9;
2665                 direct = transfer_size(ssize, max_sector, max_size) - fsector_t;
2666                 /*
2667                  * We try to read tracks, but if we get too many errors, we
2668                  * go back to reading just one sector at a time.
2669                  *
2670                  * This means we should be able to read a sector even if there
2671                  * are other bad sectors on this track.
2672                  */
2673                 if (!direct ||
2674                     (indirect * 2 > direct * 3 &&
2675                      *errors < DP->max_errors.read_track &&
2676                      ((!probing ||
2677                        (DP->read_track & (1 << DRS->probed_format)))))) {
2678                         max_size = blk_rq_sectors(current_req);
2679                 } else {
2680                         raw_cmd->kernel_data = bio_data(current_req->bio);
2681                         raw_cmd->length = current_count_sectors << 9;
2682                         if (raw_cmd->length == 0) {
2683                                 DPRINT("%s: zero dma transfer attempted\n", __func__);
2684                                 DPRINT("indirect=%d direct=%d fsector_t=%d\n",
2685                                        indirect, direct, fsector_t);
2686                                 return 0;
2687                         }
2688                         virtualdmabug_workaround();
2689                         return 2;
2690                 }
2691         }
2692
2693         if (CT(COMMAND) == FD_READ)
2694                 max_size = max_sector;  /* unbounded */
2695
2696         /* claim buffer track if needed */
2697         if (buffer_track != raw_cmd->track ||   /* bad track */
2698             buffer_drive != current_drive ||    /* bad drive */
2699             fsector_t > buffer_max ||
2700             fsector_t < buffer_min ||
2701             ((CT(COMMAND) == FD_READ ||
2702               (!in_sector_offset && blk_rq_sectors(current_req) >= ssize)) &&
2703              max_sector > 2 * max_buffer_sectors + buffer_min &&
2704              max_size + fsector_t > 2 * max_buffer_sectors + buffer_min)) {
2705                 /* not enough space */
2706                 buffer_track = -1;
2707                 buffer_drive = current_drive;
2708                 buffer_max = buffer_min = aligned_sector_t;
2709         }
2710         raw_cmd->kernel_data = floppy_track_buffer +
2711                 ((aligned_sector_t - buffer_min) << 9);
2712
2713         if (CT(COMMAND) == FD_WRITE) {
2714                 /* copy write buffer to track buffer.
2715                  * if we get here, we know that the write
2716                  * is either aligned or the data already in the buffer
2717                  * (buffer will be overwritten) */
2718                 if (in_sector_offset && buffer_track == -1)
2719                         DPRINT("internal error offset !=0 on write\n");
2720                 buffer_track = raw_cmd->track;
2721                 buffer_drive = current_drive;
2722                 copy_buffer(ssize, max_sector,
2723                             2 * max_buffer_sectors + buffer_min);
2724         } else
2725                 transfer_size(ssize, max_sector,
2726                               2 * max_buffer_sectors + buffer_min -
2727                               aligned_sector_t);
2728
2729         /* round up current_count_sectors to get dma xfer size */
2730         raw_cmd->length = in_sector_offset + current_count_sectors;
2731         raw_cmd->length = ((raw_cmd->length - 1) | (ssize - 1)) + 1;
2732         raw_cmd->length <<= 9;
2733         if ((raw_cmd->length < current_count_sectors << 9) ||
2734             (raw_cmd->kernel_data != bio_data(current_req->bio) &&
2735              CT(COMMAND) == FD_WRITE &&
2736              (aligned_sector_t + (raw_cmd->length >> 9) > buffer_max ||
2737               aligned_sector_t < buffer_min)) ||
2738             raw_cmd->length % (128 << SIZECODE) ||
2739             raw_cmd->length <= 0 || current_count_sectors <= 0) {
2740                 DPRINT("fractionary current count b=%lx s=%lx\n",
2741                        raw_cmd->length, current_count_sectors);
2742                 if (raw_cmd->kernel_data != bio_data(current_req->bio))
2743                         pr_info("addr=%d, length=%ld\n",
2744                                 (int)((raw_cmd->kernel_data -
2745                                        floppy_track_buffer) >> 9),
2746                                 current_count_sectors);
2747                 pr_info("st=%d ast=%d mse=%d msi=%d\n",
2748                         fsector_t, aligned_sector_t, max_sector, max_size);
2749                 pr_info("ssize=%x SIZECODE=%d\n", ssize, SIZECODE);
2750                 pr_info("command=%x SECTOR=%d HEAD=%d, TRACK=%d\n",
2751                         COMMAND, SECTOR, HEAD, TRACK);
2752                 pr_info("buffer drive=%d\n", buffer_drive);
2753                 pr_info("buffer track=%d\n", buffer_track);
2754                 pr_info("buffer_min=%d\n", buffer_min);
2755                 pr_info("buffer_max=%d\n", buffer_max);
2756                 return 0;
2757         }
2758
2759         if (raw_cmd->kernel_data != bio_data(current_req->bio)) {
2760                 if (raw_cmd->kernel_data < floppy_track_buffer ||
2761                     current_count_sectors < 0 ||
2762                     raw_cmd->length < 0 ||
2763                     raw_cmd->kernel_data + raw_cmd->length >
2764                     floppy_track_buffer + (max_buffer_sectors << 10)) {
2765                         DPRINT("buffer overrun in schedule dma\n");
2766                         pr_info("fsector_t=%d buffer_min=%d current_count=%ld\n",
2767                                 fsector_t, buffer_min, raw_cmd->length >> 9);
2768                         pr_info("current_count_sectors=%ld\n",
2769                                 current_count_sectors);
2770                         if (CT(COMMAND) == FD_READ)
2771                                 pr_info("read\n");
2772                         if (CT(COMMAND) == FD_WRITE)
2773                                 pr_info("write\n");
2774                         return 0;
2775                 }
2776         } else if (raw_cmd->length > blk_rq_bytes(current_req) ||
2777                    current_count_sectors > blk_rq_sectors(current_req)) {
2778                 DPRINT("buffer overrun in direct transfer\n");
2779                 return 0;
2780         } else if (raw_cmd->length < current_count_sectors << 9) {
2781                 DPRINT("more sectors than bytes\n");
2782                 pr_info("bytes=%ld\n", raw_cmd->length >> 9);
2783                 pr_info("sectors=%ld\n", current_count_sectors);
2784         }
2785         if (raw_cmd->length == 0) {
2786                 DPRINT("zero dma transfer attempted from make_raw_request\n");
2787                 return 0;
2788         }
2789
2790         virtualdmabug_workaround();
2791         return 2;
2792 }
2793
2794 /*
2795  * Round-robin between our available drives, doing one request from each
2796  */
2797 static int set_next_request(void)
2798 {
2799         struct request_queue *q;
2800         int old_pos = fdc_queue;
2801
2802         do {
2803                 q = disks[fdc_queue]->queue;
2804                 if (++fdc_queue == N_DRIVE)
2805                         fdc_queue = 0;
2806                 if (q) {
2807                         current_req = blk_fetch_request(q);
2808                         if (current_req)
2809                                 break;
2810                 }
2811         } while (fdc_queue != old_pos);
2812
2813         return current_req != NULL;
2814 }
2815
2816 static void redo_fd_request(void)
2817 {
2818         int drive;
2819         int tmp;
2820
2821         lastredo = jiffies;
2822         if (current_drive < N_DRIVE)
2823                 floppy_off(current_drive);
2824
2825 do_request:
2826         if (!current_req) {
2827                 int pending;
2828
2829                 spin_lock_irq(&floppy_lock);
2830                 pending = set_next_request();
2831                 spin_unlock_irq(&floppy_lock);
2832                 if (!pending) {
2833                         do_floppy = NULL;
2834                         unlock_fdc();
2835                         return;
2836                 }
2837         }
2838         drive = (long)current_req->rq_disk->private_data;
2839         set_fdc(drive);
2840         reschedule_timeout(current_reqD, "redo fd request");
2841
2842         set_floppy(drive);
2843         raw_cmd = &default_raw_cmd;
2844         raw_cmd->flags = 0;
2845         if (start_motor(redo_fd_request))
2846                 return;
2847
2848         disk_change(current_drive);
2849         if (test_bit(current_drive, &fake_change) ||
2850             test_bit(FD_DISK_CHANGED_BIT, &DRS->flags)) {
2851                 DPRINT("disk absent or changed during operation\n");
2852                 request_done(0);
2853                 goto do_request;
2854         }
2855         if (!_floppy) { /* Autodetection */
2856                 if (!probing) {
2857                         DRS->probed_format = 0;
2858                         if (next_valid_format()) {
2859                                 DPRINT("no autodetectable formats\n");
2860                                 _floppy = NULL;
2861                                 request_done(0);
2862                                 goto do_request;
2863                         }
2864                 }
2865                 probing = 1;
2866                 _floppy = floppy_type + DP->autodetect[DRS->probed_format];
2867         } else
2868                 probing = 0;
2869         errors = &(current_req->errors);
2870         tmp = make_raw_rw_request();
2871         if (tmp < 2) {
2872                 request_done(tmp);
2873                 goto do_request;
2874         }
2875
2876         if (test_bit(FD_NEED_TWADDLE_BIT, &DRS->flags))
2877                 twaddle();
2878         schedule_bh(floppy_start);
2879         debugt(__func__, "queue fd request");
2880         return;
2881 }
2882
2883 static const struct cont_t rw_cont = {
2884         .interrupt      = rw_interrupt,
2885         .redo           = redo_fd_request,
2886         .error          = bad_flp_intr,
2887         .done           = request_done
2888 };
2889
2890 static void process_fd_request(void)
2891 {
2892         cont = &rw_cont;
2893         schedule_bh(redo_fd_request);
2894 }
2895
2896 static void do_fd_request(struct request_queue *q)
2897 {
2898         if (WARN(max_buffer_sectors == 0,
2899                  "VFS: %s called on non-open device\n", __func__))
2900                 return;
2901
2902         if (WARN(atomic_read(&usage_count) == 0,
2903                  "warning: usage count=0, current_req=%p sect=%ld type=%x flags=%llx\n",
2904                  current_req, (long)blk_rq_pos(current_req), current_req->cmd_type,
2905                  (unsigned long long) current_req->cmd_flags))
2906                 return;
2907
2908         if (test_and_set_bit(0, &fdc_busy)) {
2909                 /* fdc busy, this new request will be treated when the
2910                    current one is done */
2911                 is_alive(__func__, "old request running");
2912                 return;
2913         }
2914         command_status = FD_COMMAND_NONE;
2915         __reschedule_timeout(MAXTIMEOUT, "fd_request");
2916         set_fdc(0);
2917         process_fd_request();
2918         is_alive(__func__, "");
2919 }
2920
2921 static const struct cont_t poll_cont = {
2922         .interrupt      = success_and_wakeup,
2923         .redo           = floppy_ready,
2924         .error          = generic_failure,
2925         .done           = generic_done
2926 };
2927
2928 static int poll_drive(bool interruptible, int flag)
2929 {
2930         /* no auto-sense, just clear dcl */
2931         raw_cmd = &default_raw_cmd;
2932         raw_cmd->flags = flag;
2933         raw_cmd->track = 0;
2934         raw_cmd->cmd_count = 0;
2935         cont = &poll_cont;
2936         debug_dcl(DP->flags, "setting NEWCHANGE in poll_drive\n");
2937         set_bit(FD_DISK_NEWCHANGE_BIT, &DRS->flags);
2938
2939         return wait_til_done(floppy_ready, interruptible);
2940 }
2941
2942 /*
2943  * User triggered reset
2944  * ====================
2945  */
2946
2947 static void reset_intr(void)
2948 {
2949         pr_info("weird, reset interrupt called\n");
2950 }
2951
2952 static const struct cont_t reset_cont = {
2953         .interrupt      = reset_intr,
2954         .redo           = success_and_wakeup,
2955         .error          = generic_failure,
2956         .done           = generic_done
2957 };
2958
2959 static int user_reset_fdc(int drive, int arg, bool interruptible)
2960 {
2961         int ret;
2962
2963         if (lock_fdc(drive))
2964                 return -EINTR;
2965
2966         if (arg == FD_RESET_ALWAYS)
2967                 FDCS->reset = 1;
2968         if (FDCS->reset) {
2969                 cont = &reset_cont;
2970                 ret = wait_til_done(reset_fdc, interruptible);
2971                 if (ret == -EINTR)
2972                         return -EINTR;
2973         }
2974         process_fd_request();
2975         return 0;
2976 }
2977
2978 /*
2979  * Misc Ioctl's and support
2980  * ========================
2981  */
2982 static inline int fd_copyout(void __user *param, const void *address,
2983                              unsigned long size)
2984 {
2985         return copy_to_user(param, address, size) ? -EFAULT : 0;
2986 }
2987
2988 static inline int fd_copyin(void __user *param, void *address,
2989                             unsigned long size)
2990 {
2991         return copy_from_user(address, param, size) ? -EFAULT : 0;
2992 }
2993
2994 static const char *drive_name(int type, int drive)
2995 {
2996         struct floppy_struct *floppy;
2997
2998         if (type)
2999                 floppy = floppy_type + type;
3000         else {
3001                 if (UDP->native_format)
3002                         floppy = floppy_type + UDP->native_format;
3003                 else
3004                         return "(null)";
3005         }
3006         if (floppy->name)
3007                 return floppy->name;
3008         else
3009                 return "(null)";
3010 }
3011
3012 /* raw commands */
3013 static void raw_cmd_done(int flag)
3014 {
3015         int i;
3016
3017         if (!flag) {
3018                 raw_cmd->flags |= FD_RAW_FAILURE;
3019                 raw_cmd->flags |= FD_RAW_HARDFAILURE;
3020         } else {
3021                 raw_cmd->reply_count = inr;
3022                 if (raw_cmd->reply_count > MAX_REPLIES)
3023                         raw_cmd->reply_count = 0;
3024                 for (i = 0; i < raw_cmd->reply_count; i++)
3025                         raw_cmd->reply[i] = reply_buffer[i];
3026
3027                 if (raw_cmd->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
3028                         unsigned long flags;
3029                         flags = claim_dma_lock();
3030                         raw_cmd->length = fd_get_dma_residue();
3031                         release_dma_lock(flags);
3032                 }
3033
3034                 if ((raw_cmd->flags & FD_RAW_SOFTFAILURE) &&
3035                     (!raw_cmd->reply_count || (raw_cmd->reply[0] & 0xc0)))
3036                         raw_cmd->flags |= FD_RAW_FAILURE;
3037
3038                 if (disk_change(current_drive))
3039                         raw_cmd->flags |= FD_RAW_DISK_CHANGE;
3040                 else
3041                         raw_cmd->flags &= ~FD_RAW_DISK_CHANGE;
3042                 if (raw_cmd->flags & FD_RAW_NO_MOTOR_AFTER)
3043                         motor_off_callback(current_drive);
3044
3045                 if (raw_cmd->next &&
3046                     (!(raw_cmd->flags & FD_RAW_FAILURE) ||
3047                      !(raw_cmd->flags & FD_RAW_STOP_IF_FAILURE)) &&
3048                     ((raw_cmd->flags & FD_RAW_FAILURE) ||
3049                      !(raw_cmd->flags & FD_RAW_STOP_IF_SUCCESS))) {
3050                         raw_cmd = raw_cmd->next;
3051                         return;
3052                 }
3053         }
3054         generic_done(flag);
3055 }
3056
3057 static const struct cont_t raw_cmd_cont = {
3058         .interrupt      = success_and_wakeup,
3059         .redo           = floppy_start,
3060         .error          = generic_failure,
3061         .done           = raw_cmd_done
3062 };
3063
3064 static int raw_cmd_copyout(int cmd, void __user *param,
3065                                   struct floppy_raw_cmd *ptr)
3066 {
3067         int ret;
3068
3069         while (ptr) {
3070                 struct floppy_raw_cmd cmd = *ptr;
3071                 cmd.next = NULL;
3072                 cmd.kernel_data = NULL;
3073                 ret = copy_to_user(param, &cmd, sizeof(cmd));
3074                 if (ret)
3075                         return -EFAULT;
3076                 param += sizeof(struct floppy_raw_cmd);
3077                 if ((ptr->flags & FD_RAW_READ) && ptr->buffer_length) {
3078                         if (ptr->length >= 0 &&
3079                             ptr->length <= ptr->buffer_length) {
3080                                 long length = ptr->buffer_length - ptr->length;
3081                                 ret = fd_copyout(ptr->data, ptr->kernel_data,
3082                                                  length);
3083                                 if (ret)
3084                                         return ret;
3085                         }
3086                 }
3087                 ptr = ptr->next;
3088         }
3089
3090         return 0;
3091 }
3092
3093 static void raw_cmd_free(struct floppy_raw_cmd **ptr)
3094 {
3095         struct floppy_raw_cmd *next;
3096         struct floppy_raw_cmd *this;
3097
3098         this = *ptr;
3099         *ptr = NULL;
3100         while (this) {
3101                 if (this->buffer_length) {
3102                         fd_dma_mem_free((unsigned long)this->kernel_data,
3103                                         this->buffer_length);
3104                         this->buffer_length = 0;
3105                 }
3106                 next = this->next;
3107                 kfree(this);
3108                 this = next;
3109         }
3110 }
3111
3112 static int raw_cmd_copyin(int cmd, void __user *param,
3113                                  struct floppy_raw_cmd **rcmd)
3114 {
3115         struct floppy_raw_cmd *ptr;
3116         int ret;
3117         int i;
3118
3119         *rcmd = NULL;
3120
3121 loop:
3122         ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_USER);
3123         if (!ptr)
3124                 return -ENOMEM;
3125         *rcmd = ptr;
3126         ret = copy_from_user(ptr, param, sizeof(*ptr));
3127         ptr->next = NULL;
3128         ptr->buffer_length = 0;
3129         ptr->kernel_data = NULL;
3130         if (ret)
3131                 return -EFAULT;
3132         param += sizeof(struct floppy_raw_cmd);
3133         if (ptr->cmd_count > 33)
3134                         /* the command may now also take up the space
3135                          * initially intended for the reply & the
3136                          * reply count. Needed for long 82078 commands
3137                          * such as RESTORE, which takes ... 17 command
3138                          * bytes. Murphy's law #137: When you reserve
3139                          * 16 bytes for a structure, you'll one day
3140                          * discover that you really need 17...
3141                          */
3142                 return -EINVAL;
3143
3144         for (i = 0; i < 16; i++)
3145                 ptr->reply[i] = 0;
3146         ptr->resultcode = 0;
3147
3148         if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) {
3149                 if (ptr->length <= 0)
3150                         return -EINVAL;
3151                 ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length);
3152                 fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length);
3153                 if (!ptr->kernel_data)
3154                         return -ENOMEM;
3155                 ptr->buffer_length = ptr->length;
3156         }
3157         if (ptr->flags & FD_RAW_WRITE) {
3158                 ret = fd_copyin(ptr->data, ptr->kernel_data, ptr->length);
3159                 if (ret)
3160                         return ret;
3161         }
3162
3163         if (ptr->flags & FD_RAW_MORE) {
3164                 rcmd = &(ptr->next);
3165                 ptr->rate &= 0x43;
3166                 goto loop;
3167         }
3168
3169         return 0;
3170 }
3171
3172 static int raw_cmd_ioctl(int cmd, void __user *param)
3173 {
3174         struct floppy_raw_cmd *my_raw_cmd;
3175         int drive;
3176         int ret2;
3177         int ret;
3178
3179         if (FDCS->rawcmd <= 1)
3180                 FDCS->rawcmd = 1;
3181         for (drive = 0; drive < N_DRIVE; drive++) {
3182                 if (FDC(drive) != fdc)
3183                         continue;
3184                 if (drive == current_drive) {
3185                         if (UDRS->fd_ref > 1) {
3186                                 FDCS->rawcmd = 2;
3187                                 break;
3188                         }
3189                 } else if (UDRS->fd_ref) {
3190                         FDCS->rawcmd = 2;
3191                         break;
3192                 }
3193         }
3194
3195         if (FDCS->reset)
3196                 return -EIO;
3197
3198         ret = raw_cmd_copyin(cmd, param, &my_raw_cmd);
3199         if (ret) {
3200                 raw_cmd_free(&my_raw_cmd);
3201                 return ret;
3202         }
3203
3204         raw_cmd = my_raw_cmd;
3205         cont = &raw_cmd_cont;
3206         ret = wait_til_done(floppy_start, true);
3207         debug_dcl(DP->flags, "calling disk change from raw_cmd ioctl\n");
3208
3209         if (ret != -EINTR && FDCS->reset)
3210                 ret = -EIO;
3211
3212         DRS->track = NO_TRACK;
3213
3214         ret2 = raw_cmd_copyout(cmd, param, my_raw_cmd);
3215         if (!ret)
3216                 ret = ret2;
3217         raw_cmd_free(&my_raw_cmd);
3218         return ret;
3219 }
3220
3221 static int invalidate_drive(struct block_device *bdev)
3222 {
3223         /* invalidate the buffer track to force a reread */
3224         set_bit((long)bdev->bd_disk->private_data, &fake_change);
3225         process_fd_request();
3226         check_disk_change(bdev);
3227         return 0;
3228 }
3229
3230 static int set_geometry(unsigned int cmd, struct floppy_struct *g,
3231                                int drive, int type, struct block_device *bdev)
3232 {
3233         int cnt;
3234
3235         /* sanity checking for parameters. */
3236         if (g->sect <= 0 ||
3237             g->head <= 0 ||
3238             g->track <= 0 || g->track > UDP->tracks >> STRETCH(g) ||
3239             /* check if reserved bits are set */
3240             (g->stretch & ~(FD_STRETCH | FD_SWAPSIDES | FD_SECTBASEMASK)) != 0)
3241                 return -EINVAL;
3242         if (type) {
3243                 if (!capable(CAP_SYS_ADMIN))
3244                         return -EPERM;
3245                 mutex_lock(&open_lock);
3246                 if (lock_fdc(drive)) {
3247                         mutex_unlock(&open_lock);
3248                         return -EINTR;
3249                 }
3250                 floppy_type[type] = *g;
3251                 floppy_type[type].name = "user format";
3252                 for (cnt = type << 2; cnt < (type << 2) + 4; cnt++)
3253                         floppy_sizes[cnt] = floppy_sizes[cnt + 0x80] =
3254                             floppy_type[type].size + 1;
3255                 process_fd_request();
3256                 for (cnt = 0; cnt < N_DRIVE; cnt++) {
3257                         struct block_device *bdev = opened_bdev[cnt];
3258                         if (!bdev || ITYPE(drive_state[cnt].fd_device) != type)
3259                                 continue;
3260                         __invalidate_device(bdev, true);
3261                 }
3262                 mutex_unlock(&open_lock);
3263         } else {
3264                 int oldStretch;
3265
3266                 if (lock_fdc(drive))
3267                         return -EINTR;
3268                 if (cmd != FDDEFPRM) {
3269                         /* notice a disk change immediately, else
3270                          * we lose our settings immediately*/
3271                         if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
3272                                 return -EINTR;
3273                 }
3274                 oldStretch = g->stretch;
3275                 user_params[drive] = *g;
3276                 if (buffer_drive == drive)
3277                         SUPBOUND(buffer_max, user_params[drive].sect);
3278                 current_type[drive] = &user_params[drive];
3279                 floppy_sizes[drive] = user_params[drive].size;
3280                 if (cmd == FDDEFPRM)
3281                         DRS->keep_data = -1;
3282                 else
3283                         DRS->keep_data = 1;
3284                 /* invalidation. Invalidate only when needed, i.e.
3285                  * when there are already sectors in the buffer cache
3286                  * whose number will change. This is useful, because
3287                  * mtools often changes the geometry of the disk after
3288                  * looking at the boot block */
3289                 if (DRS->maxblock > user_params[drive].sect ||
3290                     DRS->maxtrack ||
3291                     ((user_params[drive].sect ^ oldStretch) &
3292                      (FD_SWAPSIDES | FD_SECTBASEMASK)))
3293                         invalidate_drive(bdev);
3294                 else
3295                         process_fd_request();
3296         }
3297         return 0;
3298 }
3299
3300 /* handle obsolete ioctl's */
3301 static unsigned int ioctl_table[] = {
3302         FDCLRPRM,
3303         FDSETPRM,
3304         FDDEFPRM,
3305         FDGETPRM,
3306         FDMSGON,
3307         FDMSGOFF,
3308         FDFMTBEG,
3309         FDFMTTRK,
3310         FDFMTEND,
3311         FDSETEMSGTRESH,
3312         FDFLUSH,
3313         FDSETMAXERRS,
3314         FDGETMAXERRS,
3315         FDGETDRVTYP,
3316         FDSETDRVPRM,
3317         FDGETDRVPRM,
3318         FDGETDRVSTAT,
3319         FDPOLLDRVSTAT,
3320         FDRESET,
3321         FDGETFDCSTAT,
3322         FDWERRORCLR,
3323         FDWERRORGET,
3324         FDRAWCMD,
3325         FDEJECT,
3326         FDTWADDLE
3327 };
3328
3329 static int normalize_ioctl(unsigned int *cmd, int *size)
3330 {
3331         int i;
3332
3333         for (i = 0; i < ARRAY_SIZE(ioctl_table); i++) {
3334                 if ((*cmd & 0xffff) == (ioctl_table[i] & 0xffff)) {
3335                         *size = _IOC_SIZE(*cmd);
3336                         *cmd = ioctl_table[i];
3337                         if (*size > _IOC_SIZE(*cmd)) {
3338                                 pr_info("ioctl not yet supported\n");
3339                                 return -EFAULT;
3340                         }
3341                         return 0;
3342                 }
3343         }
3344         return -EINVAL;
3345 }
3346
3347 static int get_floppy_geometry(int drive, int type, struct floppy_struct **g)
3348 {
3349         if (type)
3350                 *g = &floppy_type[type];
3351         else {
3352                 if (lock_fdc(drive))
3353                         return -EINTR;
3354                 if (poll_drive(false, 0) == -EINTR)
3355                         return -EINTR;
3356                 process_fd_request();
3357                 *g = current_type[drive];
3358         }
3359         if (!*g)
3360                 return -ENODEV;
3361         return 0;
3362 }
3363
3364 static int fd_getgeo(struct block_device *bdev, struct hd_geometry *geo)
3365 {
3366         int drive = (long)bdev->bd_disk->private_data;
3367         int type = ITYPE(drive_state[drive].fd_device);
3368         struct floppy_struct *g;
3369         int ret;
3370
3371         ret = get_floppy_geometry(drive, type, &g);
3372         if (ret)
3373                 return ret;
3374
3375         geo->heads = g->head;
3376         geo->sectors = g->sect;
3377         geo->cylinders = g->track;
3378         return 0;
3379 }
3380
3381 static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd,
3382                     unsigned long param)
3383 {
3384         int drive = (long)bdev->bd_disk->private_data;
3385         int type = ITYPE(UDRS->fd_device);
3386         int i;
3387         int ret;
3388         int size;
3389         union inparam {
3390                 struct floppy_struct g; /* geometry */
3391                 struct format_descr f;
3392                 struct floppy_max_errors max_errors;
3393                 struct floppy_drive_params dp;
3394         } inparam;              /* parameters coming from user space */
3395         const void *outparam;   /* parameters passed back to user space */
3396
3397         /* convert compatibility eject ioctls into floppy eject ioctl.
3398          * We do this in order to provide a means to eject floppy disks before
3399          * installing the new fdutils package */
3400         if (cmd == CDROMEJECT ||        /* CD-ROM eject */
3401             cmd == 0x6470) {            /* SunOS floppy eject */
3402                 DPRINT("obsolete eject ioctl\n");
3403                 DPRINT("please use floppycontrol --eject\n");
3404                 cmd = FDEJECT;
3405         }
3406
3407         if (!((cmd & 0xff00) == 0x0200))
3408                 return -EINVAL;
3409
3410         /* convert the old style command into a new style command */
3411         ret = normalize_ioctl(&cmd, &size);
3412         if (ret)
3413                 return ret;
3414
3415         /* permission checks */
3416         if (((cmd & 0x40) && !(mode & (FMODE_WRITE | FMODE_WRITE_IOCTL))) ||
3417             ((cmd & 0x80) && !capable(CAP_SYS_ADMIN)))
3418                 return -EPERM;
3419
3420         if (WARN_ON(size < 0 || size > sizeof(inparam)))
3421                 return -EINVAL;
3422
3423         /* copyin */