1. 25 3月, 2009 27 次提交
    • S
      firewire: cdev: simplify FW_CDEV_IOC_SEND_REQUEST return value · 664d8010
      Stefan Richter 提交于
      This changes the ioctl() return value of FW_CDEV_IOC_SEND_REQUEST and of
      the as yet unreleased FW_CDEV_IOC_SEND_BROADCAST_REQUEST.  They used to
      return
      	sizeof(struct fw_cdev_send_request *) + data_length
      
      which is obviously a failed attempt to emulate the return value of
      raw1394's respective interface which uses write() instead of ioctl().
      
      However, the first summand, as size of a kernel pointer, is entirely
      meaningless to clients and the second summand is already known to
      clients.  And the result does not resemble raw1394's write() return
      code anyway.
      
      So simplify it to a constant non-negative value, i.e. 0.  The only
      dangers here would be that future client implementations check for error
      by ret != 0 instead of ret < 0 when running on top of an old kernel; or
      that current clients interpret ret = 0 or more as failure.  But both are
      hypothetical cases which don't justify to return irritating values.
      
      While we touch this code, also remove "& 0x1f" from tcode in the call of
      fw_send_request.  The tcode cannot be bigger than 0x1f at this point.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      664d8010
    • S
      firewire: cdev: fix race of ioctl_send_request with bus reset · 207fbefb
      Stefan Richter 提交于
      The bus reset handler concurrently frees client->device->node.  Use
      device->node_id instead.  This is equivalent to device->node->node_id
      while device->generation is current.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      207fbefb
    • S
      firewire: cdev: secure add_descriptor ioctl · de487da8
      Stefan Richter 提交于
      The access permissions and ownership or ACL of /dev/fw* character device
      files will typically be set based on the device type of the respective
      nodes, as obtained by firewire-core from descriptors in the device's
      configuration ROM.  An example policy is to deny write permission by
      default but grant write permission to files of AV/C video and audio
      devices and IIDC video devices.
      
      The FW_CDEV_IOC_ADD_DESCRIPTOR ioctl could be used to partly subvert
      such a policy:  Find a device file with relaxed permissions, use the
      ioctl to add a descriptor with AV/C marker to the local node's ROM, thus
      gain access to the local node's character device file.  (This is only
      possible if there are udev scripts installed which actively relax
      permissions for known device types and if there is a device of such a
      type connected.)
      
      Accessibility of the local node's device file is relevant to host
      security if the host contains two or more IEEE 1394 link layer
      controllers which are plugged into a single bus.
      
      Therefore change the ABI to deny FW_CDEV_IOC_ADD_DESCRIPTOR if the file
      belongs to a remote node.  (This change has no impact on known
      implementers of the ABI:  None of them uses the ioctl yet.)
      
      Also clarify the documentation:  The ioctl affects all local nodes, not
      just one local node.
      
      Cc: stable@kernel.org
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      de487da8
    • S
      firewire: cdev: amendment to "add ioctl to query maximum transmission speed" · c8a25900
      Stefan Richter 提交于
      The as yet unreleased FW_CDEV_IOC_GET_SPEED ioctl puts only a single
      integer into the parameter buffer.  We can use ioctl()'s return value
      instead.
      
      (Also: Some whitespace change in firewire-cdev.h.)
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      c8a25900
    • J
      firewire: implement asynchronous stream transmission · f8c2287c
      Jay Fenlason 提交于
      Allow userspace and other firewire drivers (fw-ipv4 I'm looking at
      you!) to send Asynchronous Transmit Streams as described in 7.8.3 of
      release 1.1 of the 1394 Open Host Controller Interface Specification.
      Signed-off-by: NJay Fenlason <fenlason@redhat.com>
      Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (tweaks)
      f8c2287c
    • S
      firewire: cdev: simplify a schedule_delayed_work wrapper · 81610b8f
      Stefan Richter 提交于
      The kernel API documentation says that queue_delayed_work() returns 0
      (only) if the work was already queued.  The return codes of
      schedule_delayed_work() are not documented but the same.
      
      In init_iso_resource(), the work has never been queued yet, hence we
      can assume schedule_delayed_work() to be a guaranteed success there.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      81610b8f
    • S
      firewire: cdev: add ioctls for iso resource management, amendment · 5d9cb7d2
      Stefan Richter 提交于
      Some fixes:
        - Remove stale documentation.
        - Fix a != vs. == thinko that got in the way of channel management.
        - Try bandwidth deallocation even if channel deallocation failed.
      
      A simplification:
        - fw_cdev_allocate_iso_resource.channels is now ordered like
          libdc1394's dc1394_iso_allocate_channel() channels_allowed
          argument.
      
      By the way, I looked closer at cards from NEC, TI, and VIA, and noticed
      that they all don't implement IEEE 1394a behaviour which is meant to
      deviate from IEEE 1212's notion of lock compare-swap.  This means that
      we have to do two lock transactions instead of one in many cases where
      one transaction would already succeed on a fully 1394a compliant IRM.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      5d9cb7d2
    • S
      firewire: cdev: shut down iso context before freeing the buffer · 36a755cf
      Stefan Richter 提交于
      DMA must be halted before we DMA-unmap and free the DMA buffer.  Since
      we cannot rely on the client to stop the context before it closes the
      fd, we have to reorder fw_iso_buffer_destroy vs. fw_iso_context_destroy.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      36a755cf
    • S
      firewire: cdev: replace some spin_lock_irqsave by spin_lock_irq · 3ba94986
      Stefan Richter 提交于
      All of these functions are entered with IRQs enabled.
      Hence the unconditional spin_unlock_irq can be used.
      
      Function:                  Caller context:
          dequeue_event()            client process, via read(2)
          fill_bus_reset_event()     fw-device.c update worqueue job
          release_client_resource()  client process, via ioctl(2)
          fw_device_op_release()     client process, via close(2)
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      3ba94986
    • S
      firewire: cdev: extend transaction payload size check · 5d3fd692
      Stefan Richter 提交于
      Make the size check of ioctl_send_request and
      ioctl_send_broadcast_request speed dependent.  Also change the error
      return code from -EINVAL to -EIO to distinguish this from other errors
      concerning the ioctl parameters.
      
      Another payload size limit for which we don't check here though is the
      remote node's Bus_Info_Block.max_rec.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      5d3fd692
    • S
      firewire: cdev: restrict broadcast write requests to Units Space · 1566f3dc
      Stefan Richter 提交于
      We don't want random users write to Memory Space (e.g. PCs with physical
      DMA filters down) or to core CSRs like Reset_Start.
      
      This does not protect SBP-2 target CSRs.  But properly behaving SBP-2
      targets ignore broadcast write requests to these registers, and the
      maximum damage which can happen with laxer targets is DOS.  But there
      are ways to create DOS situations anyway if there are devices with weak
      device file permissions (like audio/video devices) present at the same
      bus as an SBP-2 target.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      1566f3dc
    • J
      firewire: cdev: add ioctl for broadcast write requests · acfe8333
      Jay Fenlason, Stefan Richter 提交于
      Write transactions to the broadcast node ID are a convenient way to
      trigger functions of multiple nodes at once.  IIDC is a protocol which
      can make use of this if multiple cameras with same command_regs_base are
      connected at the same bus.
      
      Based on
          Date: Wed, 10 Sep 2008 11:32:16 -0400
          From: Jay Fenlason <fenlason@redhat.com>
          Subject: [patch] SEND_BROADCAST_REQUEST
      Changes:  ioctl_send_request() and ioctl_send_broadcast_request() now
      share code.  Broadcast speed corrected to S100.  Check for proper tcode.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      acfe8333
    • S
      firewire: cdev: add ioctl to query maximum transmission speed · 33580a3e
      Stefan Richter 提交于
      While the speed of asynchronous transactions is automatically chosen by
      the kernel, the speed of isochronous streams has to be chosen by the
      initiating client.
      
      In case of 1394a bus topologies, the maximum possible speed could be
      figured out with some effort by evaluation of the remote node's link
      speed field in the config ROM, the local node's link speed field, and
      the PHY speeds and topologic information in the local node's or IRM's
      topology map CSR.  However, this does not work in case of 1394b buses.
      
      Hence add an ioctl to export the maximum speed which the kernel already
      determined.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      33580a3e
    • S
      firewire: cdev: add ioctls for manual iso resource management · 1ec3c026
      Stefan Richter 提交于
      This adds ioctls for allocation and deallocation of a channel or/and
      bandwidth without auto-reallocation and without auto-deallocation.
      
      The benefit of these ioctls is that libraw1394-style isochronous
      resource management can be implemented without write access to the IRM's
      character device file.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      1ec3c026
    • J
      firewire: cdev: add ioctls for isochronous resource management · b1bda4cd
      Jay Fenlason, Stefan Richter 提交于
      Based on
          Date: Tue, 18 Nov 2008 11:41:27 -0500
          From: Jay Fenlason <fenlason@redhat.com>
          Subject: [Patch V4] Add ISO resource management support
      with several changes to the ABI and implementation.  Only the part of
      the ABI which enables auto-reallocation and auto-deallocation is
      included here.
      
      This implements ioctls for kernel-assisted allocation of isochronous
      channels and isochronous bandwidth.  The benefits are:
        - The client does not have to have write access to the /dev/fw* device
          corresponding to the IRM.
        - The client does not have to perform reallocation after bus resets.
        - Channel and bandwidth are deallocated by the kernel if the file is
          closed before the client deallocated the resources.  Thus resources
          are released even if the client crashes.
      
      It is anticipated that future in-kernel code (firewire-core IRM code;
      the firewire port of firedtv), will use the fw-iso.c portions of this
      code too.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      Tested-by: NDavid Moore <dcm@acm.org>
      b1bda4cd
    • S
      firewire: cdev: sort includes · be5bbd67
      Stefan Richter 提交于
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      be5bbd67
    • S
      firewire: cdev: unify names of struct types and of their instances · 97c18b7f
      Stefan Richter 提交于
      to indicate that they are specializations of struct event or of struct
      client_resource, respectively.
      
      struct response was both an event and a client_resource; it is now split
      into struct outbound_transaction_resource and ~_event in order to
      document more explicitly which types of client resources exist.
      
      struct request and struct_request_event are renamed to struct
      inbound_transaction_resource and ~_event because requests and responses
      occur in outbound and in inbound transactions.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      97c18b7f
    • S
      firewire: cdev: reference-count client instances · fb443036
      Stefan Richter 提交于
      The lifetime of struct client instances must be longer than the lifetime
      of any client resource.
      
      This fixes a possible race between fw_device_op_release and transaction
      completions.  It also prepares for new ioctls for isochronous resource
      management which will involve delayed processing of client resources.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      Reviewed-by: NDavid Moore <dcm@acm.org>
      fb443036
    • S
      firewire: cdev: use list_first_entry · a459b8ab
      Stefan Richter 提交于
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      a459b8ab
    • S
      firewire: remove line breaks before function names · 53dca511
      Stefan Richter 提交于
      type
          function_name(parameters);
      
      is nice to look at but was not used consistently.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      53dca511
    • S
      firewire: standardize a variable name · 2dbd7d7e
      Stefan Richter 提交于
      "ret" is the new "retval".
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      2dbd7d7e
    • S
      firewire: cdev: address handler input validation · 3e0b5f0d
      Stefan Richter 提交于
      Like before my commit 1415d918,
      fw_core_add_address_handler() does not align the address region now.
      Instead the caller is required to pass valid parameters.
      
      Since one of the callers of fw_core_add_address_handler() is the cdev
      userspace interface, we now check for valid input.  If the client is
      buggy, we give it a hint with -EINVAL.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      3e0b5f0d
    • J
      firewire: cdev: use an idr rather than a linked list for resources · 45ee3199
      Jay Fenlason 提交于
      The current code uses a linked list and a counter for storing
      resources and the corresponding handle numbers.  By changing to an idr
      we can be safe from counter wrap-around giving two resources the same
      handle.
      
      Furthermore, the deallocation ioctls now check whether the resource to
      be freed is of the intended type.
      Signed-off-by: NJay Fenlason <fenlason@redhat.com>
      
      Some rework by Stefan R:
        - The idr API documentation says we get an ID within 0...0x7fffffff.
          Hence we can rest assured that idr handles fit into cdev handles.
        - Fix some races.  Add a client->in_shutdown flag for this purpose.
        - Add allocation retry to add_client_resource().
        - It is possible to use idr_for_each() in fw_device_op_release().
        - Fix ioctl_send_response() regression.
        - Small style changes.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      45ee3199
    • S
      firewire: cdev: fix race of fw_device_op_release with bus reset · 97811e34
      Stefan Richter 提交于
      Unlink the client from the fw_device earlier in order to prevent bus
      reset events being added to client->event_list during shutdown.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      97811e34
    • S
      firewire: cdev: tcodes input validation · 1f3125af
      Stefan Richter 提交于
      The behaviour of fw-transaction.c::fw_send_request is ill-defined for
      any other tcodes than read/ write/ lock request tcodes.  Therefore
      prevent requests with wrong tcodes from entering the transaction layer.
      
      Maybe fw_send_request should check them itself, but I am not inclined to
      change it and fw_fill_request from void-valued functions to ones which
      return error codes and pass those up.  Besides, maybe fw_send_request is
      going to support one more tcode than ioctl_send_request in the future
      (TCODE_STREAM_DATA).
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      1f3125af
    • S
      firewire: convert client_list_lock to mutex · d67cfb96
      Stefan Richter 提交于
      So far it is only taken in non-atomic contexts.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      d67cfb96
    • J
      firewire: add a client_list_lock · cf417e54
      Jay Fenlason 提交于
      This adds a client_list_lock, which only protects the device's
      client_list, so that future versions of the driver can call code that
      takes the card->lock while holding the client_list_lock.  Adding this
      lock is much simpler than adding __ versions of all the functions that
      the future version may need.  The one ordering issue is to make sure
      code never takes the client_list_lock with card->lock held.  Since
      client_list_lock is only used in three places, that isn't hard.
      Signed-off-by: NJay Fenlason <fenlason@redhat.com>
      
      Update fill_bus_reset_event() accordingly.  Include linux/spinlock.h.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      cf417e54
  2. 16 10月, 2008 2 次提交
  3. 03 8月, 2008 1 次提交
    • D
      firewire: Preserve response data alignment bug when it is harmless · 8401d92b
      David Moore 提交于
      Recently, a bug having to do with the alignment of transaction response
      data was fixed.  However, some apps such as libdc1394 relied on the
      presence of that bug in order to function correctly.  In order to stay
      compatible with old versions of those apps, this patch preserves the bug
      in cases where it is harmless to normal operation (such as the single
      quadlet read) due to a simple duplication of data.  This guarantees
      maximum compatability for those users who are using the old app with the
      fixed kernel.
      Signed-off-by: NDavid Moore <dcm@acm.org>
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      8401d92b
  4. 20 7月, 2008 1 次提交
    • J
      firewire: queue the right number of data · f9543d0a
      JiSheng Zhang 提交于
      There will be 4 padding bytes in struct fw_cdev_event_response on some platforms
      The member:__u32 data will point to these padding bytes. While queue the
      response and data in complete_transaction in fw-cdev.c, it will queue like this:
      |response(excluding padding bytes)|4 padding bytes|4 padding bytes|data.
      It queue 4 extra bytes. That is to say it use "&response + sizeof(response)"
      while other place of kernel and userspace library use "&response + offsetof
      (typeof(response), data)". So it will lost the last 4 bytes of data. This patch
      can fix it while not changing the struct definition.
      Signed-off-by: NJiSheng Zhang <jszhang3@mail.ustc.edu.cn>
      
      This fixes responses to outbound block read requests on 64bit architectures.
      Tested on i686, x86-64, and x86-64 with i686 userland, using firecontrol and
      gscanbus.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      f9543d0a
  5. 19 6月, 2008 1 次提交
    • S
      firewire: fill_bus_reset_event needs lock protection · 5cb84067
      Stefan Richter 提交于
      Callers of fill_bus_reset_event() have to take card->lock.  Otherwise
      access to node data may oops if node removal is in progress.
      
      A lockless alternative would be
      
      -	event->local_node_id = card->local_node->node_id;
      +	tmp = fw_node_get(card->local_node);
      +	event->local_node_id = tmp->node_id;
      +	fw_node_put(tmp);
      
      and ditto with the other node pointers which fill_bus_reset_event()
      accesses.  But I went the locked route because one of the two callers
      already holds the lock.  As a bonus, we don't need the memory barrier
      anymore because device->generation and device->node_id are written in
      a card->lock protected section.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      Signed-off-by: NKristian Høgsberg <krh@redhat.com>
      5cb84067
  6. 21 5月, 2008 1 次提交
    • J
      firewire: prevent userspace from accessing shut down devices · 551f4cb9
      Jay Fenlason 提交于
      If userspace ignores the POLLERR bit from poll(), and only attempts to
      read() the device when POLLIN is set, it can still make ioctl() calls on
      a device that has been removed from the system.  The node_id and
      generation returned by GET_INFO will be outdated, but INITIATE_BUS_RESET
      would still cause a bus reset, and GET_CYCLE_TIMER will return data.
      And if you guess the correct generation to use, you can send requests to
      a different device on the bus, and get responses back.
      
      This patch prevents open, ioctl, compat_ioctl, and mmap against shutdown
      devices.
      Signed-off-by: NJay Fenlason <fenlason@redhat.com>
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      551f4cb9
  7. 18 4月, 2008 1 次提交
    • S
      firewire: reread config ROM when device reset the bus · c9755e14
      Stefan Richter 提交于
      When a device changes its configuration ROM, it announces this with a
      bus reset.  firewire-core has to check which node initiated a bus reset
      and whether any unit directories went away or were added on this node.
      
      Tested with an IOI FWB-IDE01AB which has its link-on bit set if bus
      power is available but does not respond to ROM read requests if self
      power is off.  This implements
        - recognition of the units if self power is switched on after fw-core
          gave up the initial attempt to read the config ROM,
        - shutdown of the units when self power is switched off.
      
      Also tested with a second PC running Linux/ieee1394.  When the eth1394
      driver is inserted and removed on that node, fw-core now notices the
      addition and removal of the IPv4 unit on the ieee1394 node.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      c9755e14
  8. 22 2月, 2008 1 次提交
  9. 16 2月, 2008 1 次提交
    • S
      firewire: fix "kobject_add failed for fw* with -EEXIST" · 96b19062
      Stefan Richter 提交于
      There is a race between shutdown and creation of devices:  fw-core may
      attempt to add a device with the same name of an already existing
      device.  http://bugzilla.kernel.org/show_bug.cgi?id=9828
      
      Impact of the bug:  Happens rarely (when shutdown of a device coincides
      with creation of another), forces the user to unplug and replug the new
      device to get it working.
      
      The fix is obvious:  Free the minor number *after* instead of *before*
      device_unregister().  This requires to take an additional reference of
      the fw_device as long as the IDR tree points to it.
      
      And while we are at it, we fix an additional race condition:
      fw_device_op_open() took its reference of the fw_device a little bit too
      late, hence was in danger to access an already invalid fw_device.
      Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
      96b19062
  10. 31 1月, 2008 2 次提交
  11. 17 10月, 2007 2 次提交