861 Commits

Author SHA1 Message Date
Clemens Ladisch
e81cbebdfc firewire: ohci: prevent iso completion callbacks after context stop
To prevent the iso packet callback from being called after
fw_iso_context_stop() has returned, make sure that the
context's tasklet has finished executing before that.

This fixes access-after-free bugs that have so far been
observed only in the upcoming snd-firewire-speakers driver,
but can theoretically also happen in the firedtv driver.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26 15:11:03 +01:00
Clemens Ladisch
5aaffc65a2 firewire: core: rename some variables
In manage_channel(), rename the variables "c" and "i" to the more
expressive "bit" and "channel".

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26 15:11:03 +01:00
Stefan Richter
8fd2af11d2 firewire: nosy: should work on Power Mac G4 PCI too
The first board generation of Power Mac G4 ("Yikes!", those with PCI
graphics) still had a PCILynx controller like their G3 predecessors,
but not the later AGP models.  (Jonathan Woithe recalls to have heard
of it, and some web sources reinforce it.)

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26 15:11:03 +01:00
Clemens Ladisch
e71084af58 firewire: core: fix card->reset_jiffies overflow
On a 32-bit machine with, e.g., HZ=1000, jiffies will overflow after
about 50 days, so if there are between 25 and 50 days between bus
resets, the card->reset_jiffies comparisons can get wrong results.

To fix this, ensure that this timestamp always uses 64 bits.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23 12:31:01 +01:00
Clemens Ladisch
dbc9880fa7 firewire: cdev: remove unneeded reference
For outbound transactions, the IDR's and the callback's references now
have exactly the same lifetime, so we do not need both of them.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23 12:31:01 +01:00
Clemens Ladisch
5a5e62da9b firewire: cdev: always wait for outbound transactions to complete
We must not use fw_cancel_transaction() because it cannot correctly
abort still-active transactions.  The only place in core-cdev where this
matters is when the file is released.  Instead of trying to abort the
transactions, we wait for them to complete normally, i.e., until all
outbound transaction resources have been removed from the IDR tree.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23 12:31:00 +01:00
Clemens Ladisch
3e204dfcaf firewire: cdev: remove unneeded idr_find() from complete_transaction()
Outbound transactions are never aborted with release_client_resource(),
so it is not necessary for complete_transaction() to check whether the
resource is still registered.  Only shutdown_resource() can abort such
an transaction, and this is already handled with the in_shutdown check.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23 12:31:00 +01:00
Clemens Ladisch
f117a3e300 firewire: ohci: log dead DMA contexts
When a DMA context goes into the dead state (and the controller thus
stops working correctly), logging this error and the controller's error
code might be helpful for debugging.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-23 12:31:00 +01:00
Linus Torvalds
a1d3f5b70d Merge branches 'fixes' and 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: core: fix unstable I/O with Canon camcorder

* 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: net: is not experimental anymore
  firewire: net: invalidate ARP entries of removed nodes
2011-01-21 13:34:39 -08:00
Stefan Richter
324719978d firewire: net: is not experimental anymore
thanks to Clemens' and Maxim's fixes to firewire-ohci and -net in the
last two kernel releases.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-21 00:36:00 +01:00
Maxim Levitsky
74a1450499 firewire: net: invalidate ARP entries of removed nodes
This makes it possible to resume communication with a node that dropped
off the bus for a brief period.  Otherwise communication will only be
possible after ARP cache entry timeouts.

Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (rebased)
2011-01-21 00:36:00 +01:00
Stefan Richter
6044565af4 firewire: core: fix unstable I/O with Canon camcorder
Regression since commit 10389536742c, "firewire: core: check for 1394a
compliant IRM, fix inaccessibility of Sony camcorder":

The camcorder Canon MV5i generates lots of bus resets when asynchronous
requests are sent to it (e.g. Config ROM read requests or FCP Command
write requests) if the camcorder is not root node.  This causes drop-
outs in videos or makes the camcorder entirely inaccessible.
https://bugzilla.redhat.com/show_bug.cgi?id=633260

Fix this by allowing any Canon device, even if it is a pre-1394a IRM
like MV5i are, to remain root node (if it is at least Cycle Master
capable).  With the FireWire controller cards that I tested, MV5i always
becomes root node when plugged in and left to its own devices.

Reported-by: Ralf Lange
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org> # 2.6.32.y and newer
2011-01-21 00:27:46 +01:00
Clemens Ladisch
1427130425 firewire: ohci: fix compilation on arches without PAGE_KERNEL_RO
PAGE_KERNEL_RO is not available on all architectures, so its use
in the new AR code broke compilation on sparc64.

Because the read-only mapping was just a debugging aid, just use
PAGE_KERNEL instead.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>

James Bottomley wrote:
> On Thu, 2011-01-13 at 08:27 +0100, Clemens Ladisch wrote:
>> firewire: ohci: fix compilation on arches without PAGE_KERNEL_RO, e.g. sparc
>>
>> PAGE_KERNEL_RO is not available on all architectures, so its use in the
>> new AR code broke compilation on sparc64.
>>
>> Because the R/O mapping is only used to catch drivers that try to write
>> to the reception buffer and not actually required for correct operation,
>> we can just use a normal PAGE_KERNEL mapping where _RO is not available.
[...]
>> +/*
>> + * For archs where PAGE_KERNEL_RO is not supported;
>> + * mapping the AR buffers readonly for the CPU is just a debugging aid.
>> + */
>> +#ifndef PAGE_KERNEL_RO
>> +#define PAGE_KERNEL_RO PAGE_KERNEL
>> +#endif
>
> This might cause interesting issues on sparc64 if it ever acquired a
> PAGE_KERNEL_RO.  Sparc64 has extern pgprot_t for it's PAGE_KERNEL types
> rather than #defines, so the #ifdef check wouldn't see this.
>
> I think either PAGE_PROT_RO becomes part of our arch API (so all
> architectures are forced to add it), or, if it's not part of the API,
> ohci isn't entitled to use it.  The latter seems simplest since you have
> no real use for write protection anyway.

Reported-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-13 15:48:29 +01:00
Clemens Ladisch
410cf2bd3d firewire: use split transaction timeout only for split transactions
Instead of starting the split transaction timeout timer when any request
is submitted, start it only when the destination's ACK_PENDING has been
received.  This prevents us from using a timeout that is too short, and,
if the controller's AT queue is emptying very slowly, from cancelling
a packet that has not yet been sent.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04 08:48:34 +01:00
Stefan Richter
693a50b511 firewire: ohci: consolidate context status flags
"firewire: ohci: restart iso DMA contexts on resume from low power mode"
added the flag struct context.active and "firewire: ohci: cache the
context run bit" added struct context.running.

These flags contain the same information; combine them.
Also, normalize whitespace in pci_resume().

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04 08:48:33 +01:00
Clemens Ladisch
386a4153a2 firewire: ohci: cache the context run bit
The DMA context run control bit is entirely controlled by software, so
it is safe to cache it.  This allows the driver to avoid doing an
additional MMIO read when queueing an AT packet.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04 08:48:33 +01:00
Stefan Richter
78dec56d6a firewire: ohci: flush AT contexts after bus reset - addendum
Add comments
  - on why bus_reset_tasklet flushes AT queues,
  - that commit 76f73ca1b291 can possibly be reverted now.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Jarod Wilson <jarod@redhat.com>
2011-01-04 08:48:33 +01:00
Clemens Ladisch
82b662dc41 firewire: ohci: flush AT contexts after bus reset for OHCI 1.2
The OHCI 1.2 (draft) specification, clause 7.2.3.3, allows and
recommends that, after a bus reset, the controller does not flush all
the packets in the AT queues.  Therefore, the driver has to do this
itself.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-03 22:34:48 +01:00
Stefan Richter
c16714704b firewire: net: set carrier state at ifup
At ifup, carrier status would be shown on even if it actually was off.
Also add an include for ethtool_ops rather than to rely on the one from
netdevice.h.

Note, we can alas not use fwnet_device_mutex to serialize access to
dev->peer_count (as I originally wanted).  This would cause a lock
inversion:
  - fwnet_probe | takes fwnet_device_mutex
      + register_netdev | takes rtnl_mutex
  - devinet_ioctl | takes rtnl_mutex
      + fwnet_open | ...must not take fwnet_device_mutex

Hence use the dev->lock spinlock for serialization.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-19 15:27:02 +01:00
Maxim Levitsky
18bb36f9fa firewire: net: add carrier detection
To make userland, e.g. NetworkManager work with firewire, we need to
detect whether cable is plugged or not.  Simple and correct way of doing
that is just counting number of peers.  No peers - no link and vice
versa.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-19 15:27:01 +01:00
Maxim Levitsky
c4d6fd40df firewire: net: ratelimit error messages
Unfortunately its easy to trigger such error messages by removing the
cable while sending streams of data over the link.

Such errors are normal, and therefore this patch stops firewire-net from
flooding the kernel log with these errors, by combining series of same
errors together.

Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com>

(Stefan R:)  Eventually we should remove this logging when firewire-net
and related firewire-ohci facilities have been stabilized.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:15 +01:00
Maxim Levitsky
dd23736e09 firewire: ohci: restart iso DMA contexts on resume from low power mode
Restore iso channels DMA so that iso channels could continue to work
after resume from RAM/disk.

Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:15 +01:00
Maxim Levitsky
8662b6b029 firewire: ohci: restore GUID on resume.
Some lousy BIOSes, e.g. my Aspire 5720 BIOS forget to restore the GUID
register on resume from RAM.

Fix that by setting it to the last value that was read from it.

Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:15 +01:00
Clemens Ladisch
ec766a7970 firewire: ohci: use common buffer for self IDs and AR descriptors
The buffers used for the selfIDs packets and the AR request and response
descriptors end up using three pages because dma_alloc_coherent()
allocates at least one page per call.  However, these data structures
would all fit into 4 KB, so we can save space by using a common buffer
for them.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:15 +01:00
Clemens Ladisch
2dd5bed593 firewire: ohci: optimize iso context checks in the interrupt handler
When the isochRx/isochTx bit is clear, we do not need to read the
corresponding iso interrupt event register.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:14 +01:00
Clemens Ladisch
5b06db166c firewire: make PHY packet header format consistent
Change the header of PHY packets to be sent to include a pseudo
transaction code.  This makes the header consistent with that of
received PHY packets, and allows at_context_queue_packet() and
log_ar_at_event() to see the packet type directly instead of having
to deduce it from the header length or even from the header contents.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:14 +01:00
Clemens Ladisch
8327b37b18 firewire: ohci: properly clear posted write errors
To remove the error information from the controller's queue and to allow
more posted writes, the driver has to read the failed posted write
address before clearing the postedWriteErr interrupt bit.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>

(Stefan R:) The spec is somewhat fuzzy about the actual requirements.
To err on the safe side, let's do these two read accesses.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:14 +01:00
Clemens Ladisch
e597e9898a firewire: ohci: flush MMIO writes in the interrupt handler
Make sure that interrupt event clear bit writes are executed before the
interrupt handler returns.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:14 +01:00
Clemens Ladisch
c088ab30eb firewire: ohci: fix AT context initialization error handling
Add proper error handling for the context_init() calls.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:13 +01:00
Clemens Ladisch
7a39d8b821 firewire: ohci: Asynchronous Reception rewrite
Move the AR DMA descriptors out of the buffer pages, and map the buffer
pages linearly into the kernel's address space.  This allows the driver
to ignore any page boundaries in the DMA data and thus to avoid any
copying around of packet payloads.

This fixes the bug where S800 packets that are so big (> 4080 bytes)
that they can be split over three pages were not handled correctly.

Due to the changed algorithm, we can now use arbitrarily many buffer
pages, which improves performance because the controller can more easily
unload its DMA FIFO.

Furthermore, using streaming DMA mappings should improve perfomance on
architectures where coherent DMA mappings are not cacheable.  Even on
other architectures, the caching behaviour should be improved slightly
because the CPU no longer writes to the buffer pages.

v2: Detect the last filled buffer page by searching the descriptor's
    residual count value fields in order (like in the old code), instead
    of going backwards through the transfer status fields; it looks as
    if some controllers do not set the latter correctly.

v3: Fix an old resume bug that would now make the handler run into
    a BUG_ON, and replace that check with more useful error handling.
    Increase the buffer size for better performance with non-TI chips.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>

Maxim Levitsky writes:
    Works almost perfectly.  I can still see RCODE_BUSY errors
    sometimes, not very often though.  64K here eliminates these errors
    completely.  This is most likely due to nouveau drivers and lowest
    perf level I use to lower card temperature.  That increases
    latencies too much I think.  Besides that the IO is just perfect.

Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-13 20:39:13 +01:00
Joe Perches
5878730be4 firewire: core: Update WARN uses
Add missing newlines.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-12 15:47:03 +01:00
Stefan Richter
60a74a6ff8 firewire: nosy: char device is not seekable
Amend .open handler accordingly and remove the .llseek handler.
.llseek = NULL means no_llseek (return error) since commit 776c163b1b93.

The only client that uses this interface is nosy-dump in linux/tools/firewire
and it knows not to seek in this char dev.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-12-12 15:47:02 +01:00
Stefan Richter
9993e0fe0f firewire: ohci: fix regression with Agere FW643 rev 06, disable MSI
Agere FW643 rev 06, listed as "11c1:5901 (rev 06) (prog-if 10 [OHCI])",
produced SBP-2 I/O errors since kernel 2.6.36.  Disabling MSI fixes it.

Since MSI work on Agere FW643-E (same vendor and device ID, but rev 07),
introduce a device revision field into firewire-ohci's quirks list so
that different quirks can be defined for older and newer revisions.

Reported-by: Jonathan Isom <jeisom@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org> # 2.6.36.y
2010-12-12 15:47:02 +01:00
Stefan Richter
af0cdf4947 firewire: ohci: fix regression with VIA VT6315, disable MSI
"VIA Technologies, Inc. VT6315 Series Firewire Controller [1106:3403]"
does not generate any interrupts if Message Signaled Interrupts were
enabled.  This is a regression since kernel 2.6.36 in which MSI support
was added to firewire-ohci.  Hence blacklist MSI on all VIA controllers.

Reported-by: Robin Cook <rcook@wyrms.net>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org> # 2.6.36.y
2010-12-12 15:47:02 +01:00
Linus Torvalds
75f5d2c9bd Merge branch 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: net: throttle TX queue before running out of tlabels
  firewire: net: replace lists by counters
  firewire: net: fix memory leaks
  firewire: net: count stats.tx_packets and stats.tx_bytes
2010-11-28 12:24:20 -08:00
Stefan Richter
b2268830f5 firewire: net: throttle TX queue before running out of tlabels
This prevents firewire-net from submitting write requests in fast
succession until failure due to all 64 transaction labels were used up
for unfinished split transactions.  The netif_stop/wake_queue API is
used for this purpose.

Without this stop/wake mechanism, datagrams were simply lost whenever
the tlabel pool was exhausted.  Plus, tlabel exhaustion by firewire-net
also prevented other unrelated outbound transactions to be initiated.

The chosen queue depth was checked by me to hit the maximum possible
throughput with an OS X peer whose receive DMA is good enough to never
reject requests due to busy inbound request FIFO.  Current Linux peers
show a mixed picture of -5%...+15% change in bandwidth; their current
bottleneck are RCODE_BUSY situations (fewer or more, depending on TX
queue depth) due to too small AR buffer in firewire-ohci.

Maxim Levitsky tested this change with similar watermarks with a Linux
peer and some pending firewire-ohci improvements that address the
RCODE_BUSY problem and confirmed that these TX queue limits are good.

Note:  This removes some netif_wake_queue from reception code paths.
They were apparently copy&paste artefacts from a nonsensical
netif_wake_queue use in the older eth1394 driver.  This belongs only
into the transmit path.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
2010-11-17 00:08:49 +01:00
Stefan Richter
48553011ce firewire: net: replace lists by counters
The current transmit code does not at all make use of
  - fwnet_device.packet_list
and only very limited use of
  - fwnet_device.broadcasted_list,
  - fwnet_device.queued_packets.
Their current function is to track whether the TX soft-IRQ finished
dealing with an skb when the AT-req tasklet takes over, and to discard
pending tx datagrams (if there are any) when the local node is removed.

The latter does actually contain a race condition bug with TX soft-IRQ
and AT-req tasklet.

Instead of these lists and the corresponding link in fwnet_packet_task,
  - a flag in fwnet_packet_task to track whether fwnet_tx is done,
  - a counter of queued datagrams in fwnet_device
do the job as well.

The above mentioned theoretic race condition is resolved by letting
fwnet_remove sleep until all datagrams were flushed.  It may sleep
almost arbitrarily long since fwnet_remove is executed in the context of
a multithreaded (concurrency managed) workqueue.

The type of max_payload is changed to u16 here to avoid waste in struct
fwnet_packet_task.  This value cannot exceed 4096 per IEEE 1394:2008
table 16-18 (or 32678 per specification of packet headers, if there is
ever going to be something else than beta mode).

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-11-17 00:08:48 +01:00
Stefan Richter
7ee11fa8d0 firewire: net: fix memory leaks
a) fwnet_transmit_packet_done used to poison ptask->pt_link by list_del.
If fwnet_send_packet checked later whether it was responsible to clean
up (in the border case that the TX soft IRQ was outpaced by the AT-req
tasklet on another CPU), it missed this because ptask->pt_link was no
longer shown as empty.

b) If fwnet_write_complete got an rcode other than RCODE_COMPLETE, we
missed to free the skb and ptask entirely.

Also, count stats.tx_dropped and stats.tx_errors when rcode != 0.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-11-17 00:08:48 +01:00
Stefan Richter
902bca00dc firewire: net: count stats.tx_packets and stats.tx_bytes
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-11-17 00:08:48 +01:00
Jeff Garzik
f281233d3e SCSI host lock push-down
Move the mid-layer's ->queuecommand() invocation from being locked
with the host lock to being unlocked to facilitate speeding up the
critical path for drivers who don't need this lock taken anyway.

The patch below presents a simple SCSI host lock push-down as an
equivalent transformation.  No locking or other behavior should change
with this patch.  All existing bugs and locking orders are preserved.

Additionally, add one parameter to queuecommand,
	struct Scsi_Host *
and remove one parameter from queuecommand,
	void (*done)(struct scsi_cmnd *)

Scsi_Host* is a convenient pointer that most host drivers need anyway,
and 'done' is redundant to struct scsi_cmnd->scsi_done.

Minimal code disturbance was attempted with this change.  Most drivers
needed only two one-line modifications for their host lock push-down.

Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Acked-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-16 13:33:23 -08:00
Linus Torvalds
f69fa76482 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: ohci: fix race when reading count in AR descriptor
  firewire: ohci: avoid reallocation of AR buffers
  firewire: ohci: fix race in AR split packet handling
  firewire: ohci: fix buffer overflow in AR split packet handling
2010-11-05 14:17:22 -07:00
Clemens Ladisch
693fa7792e firewire: ohci: fix race when reading count in AR descriptor
If the controller is storing a split packet and therefore changing
d->res_count to zero between the two reads by the driver, we end up with
an end pointer that is not at a packet boundary, and therefore overflow
the buffer when handling the split packet.

To fix this, read the field once, atomically.  The compiler usually
merges the two reads anyway, but for correctness, we have to enforce it.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-10-30 23:37:20 +02:00
Clemens Ladisch
837596a61b firewire: ohci: avoid reallocation of AR buffers
Freeing an AR buffer page just to allocate a new page immediately
afterwards is not only a pointless effort but also dangerous because
the allocation can fail, which would result in an oops later.

Split ar_context_add_page() into two functions so that we can reuse
the old page directly.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-10-30 23:37:20 +02:00
Clemens Ladisch
a1f805e5e7 firewire: ohci: fix race in AR split packet handling
When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-10-30 23:37:19 +02:00
Clemens Ladisch
85f7ffd5d2 firewire: ohci: fix buffer overflow in AR split packet handling
When the controller had to split a received asynchronous packet into two
buffers, the driver tries to reassemble it by copying both parts into
the first page.  However, if size + rest > PAGE_SIZE, i.e., if the yet
unhandled packets before the split packet, the split packet itself, and
any received packets after the split packet are together larger than one
page, then the memory after the first page would get overwritten.

To fix this, do not try to copy the data of all unhandled packets at
once, but copy the possibly needed data every time when handling
a packet.

This gets rid of most of the infamous crashes and data corruptions when
using firewire-net.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (cast PAGE_SIZE to size_t)
2010-10-30 23:37:19 +02:00
Linus Torvalds
b7d41a9fbb Merge branch 'ieee1394-removal' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'ieee1394-removal' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  ieee1394: remove the old IEEE 1394 driver stack
  ieee1394: move init_ohci1394_dma to drivers/firewire/

Fix trivial change/delete conflict: drivers/ieee1394/eth1394.c is
getting removed, but was modified by the networking merge.
2010-10-25 08:05:29 -07:00
Linus Torvalds
5f05647dd8 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1699 commits)
  bnx2/bnx2x: Unsupported Ethtool operations should return -EINVAL.
  vlan: Calling vlan_hwaccel_do_receive() is always valid.
  tproxy: use the interface primary IP address as a default value for --on-ip
  tproxy: added IPv6 support to the socket match
  cxgb3: function namespace cleanup
  tproxy: added IPv6 support to the TPROXY target
  tproxy: added IPv6 socket lookup function to nf_tproxy_core
  be2net: Changes to use only priority codes allowed by f/w
  tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled
  tproxy: added tproxy sockopt interface in the IPV6 layer
  tproxy: added udp6_lib_lookup function
  tproxy: added const specifiers to udp lookup functions
  tproxy: split off ipv6 defragmentation to a separate module
  l2tp: small cleanup
  nf_nat: restrict ICMP translation for embedded header
  can: mcp251x: fix generation of error frames
  can: mcp251x: fix endless loop in interrupt handler if CANINTF_MERRF is set
  can-raw: add msg_flags to distinguish local traffic
  9p: client code cleanup
  rds: make local functions/variables static
  ...

Fix up conflicts in net/core/dev.c, drivers/net/pcmcia/smc91c92_cs.c and
drivers/net/wireless/ath/ath9k/debug.c as per David
2010-10-23 11:47:02 -07:00
Linus Torvalds
092e0e7e52 Merge branch 'llseek' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl
* 'llseek' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl:
  vfs: make no_llseek the default
  vfs: don't use BKL in default_llseek
  llseek: automatically add .llseek fop
  libfs: use generic_file_llseek for simple_attr
  mac80211: disallow seeks in minstrel debug code
  lirc: make chardev nonseekable
  viotape: use noop_llseek
  raw: use explicit llseek file operations
  ibmasmfs: use generic_file_llseek
  spufs: use llseek in all file operations
  arm/omap: use generic_file_llseek in iommu_debug
  lkdtm: use generic_file_llseek in debugfs
  net/wireless: use generic_file_llseek in debugfs
  drm: use noop_llseek
2010-10-22 10:52:56 -07:00
David S. Miller
2198a10b50 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Conflicts:
	net/core/dev.c
2010-10-21 08:43:05 -07:00
Stefan Richter
aa0170fff3 firewire: ohci: fix TI TSB82AA2 regression since 2.6.35
Revert commit 54672386ccf36ffa21d1de8e75624af83f9b0eeb
"firewire: ohci: fix up configuration of TI chips".
It caused massive slow-down and data corruption with a TSB82AA2 based
StarTech EC1394B2 ExpressCard and FireWire 800 harddisks.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/657081
http://thread.gmane.org/gmane.linux.kernel.firewire.user/4013

The fact that some card EEPROMs do not program these enhancements may be
related to TSB81BA3 phy chip errata, if not to bugs of TSB82AA2 itself.
We could re-add these configuration steps, but only conditional on a
whitelist of cards on which these enhancements bring a proven positive
effect.

Reported-and-tested-by: Eric Shattow <lucent@gmail.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org> 2.6.35
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-10-17 14:09:12 +02:00