There will be 4 padding bytes in struct fw_cdev_event_response on some platforms
The member:__u32 data will point to these padding bytes. While queue the
response and data in complete_transaction in fw-cdev.c, it will queue like this:
|response(excluding padding bytes)|4 padding bytes|4 padding bytes|data.
It queue 4 extra bytes. That is to say it use "&response + sizeof(response)"
while other place of kernel and userspace library use "&response + offsetof
(typeof(response), data)". So it will lost the last 4 bytes of data. This patch
can fix it while not changing the struct definition.
Signed-off-by: NJiSheng Zhang <jszhang3@mail.ustc.edu.cn>

This fixes responses to outbound block read requests on 64bit architectures.
Tested on i686, x86-64, and x86-64 with i686 userland, using firecontrol and
gscanbus.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Callers of fill_bus_reset_event() have to take card->lock.  Otherwise
access to node data may oops if node removal is in progress.

A lockless alternative would be

-	event->local_node_id = card->local_node->node_id;
+	tmp = fw_node_get(card->local_node);
+	event->local_node_id = tmp->node_id;
+	fw_node_put(tmp);

and ditto with the other node pointers which fill_bus_reset_event()
accesses.  But I went the locked route because one of the two callers
already holds the lock.  As a bonus, we don't need the memory barrier
anymore because device->generation and device->node_id are written in
a card->lock protected section.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NKristian Høgsberg <krh@redhat.com>

If userspace ignores the POLLERR bit from poll(), and only attempts to
read() the device when POLLIN is set, it can still make ioctl() calls on
a device that has been removed from the system.  The node_id and
generation returned by GET_INFO will be outdated, but INITIATE_BUS_RESET
would still cause a bus reset, and GET_CYCLE_TIMER will return data.
And if you guess the correct generation to use, you can send requests to
a different device on the bus, and get responses back.

This patch prevents open, ioctl, compat_ioctl, and mmap against shutdown
devices.
Signed-off-by: NJay Fenlason <fenlason@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When a device changes its configuration ROM, it announces this with a
bus reset.  firewire-core has to check which node initiated a bus reset
and whether any unit directories went away or were added on this node.

Tested with an IOI FWB-IDE01AB which has its link-on bit set if bus
power is available but does not respond to ROM read requests if self
power is off.  This implements
  - recognition of the units if self power is switched on after fw-core
    gave up the initial attempt to read the config ROM,
  - shutdown of the units when self power is switched off.

Also tested with a second PC running Linux/ieee1394.  When the eth1394
driver is inserted and removed on that node, fw-core now notices the
addition and removal of the IPv4 unit on the ieee1394 node.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

By supplying ioctl()s in the wrong order, a userspace client was able to
trigger NULL pointer dereferences.  Furthermore, by calling
ioctl_create_iso_context more than once, new contexts could be created
without ever freeing the previously created contexts.

Thanks to Anders Blomdell for the report.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

There is a race between shutdown and creation of devices:  fw-core may
attempt to add a device with the same name of an already existing
device.  http://bugzilla.kernel.org/show_bug.cgi?id=9828

Impact of the bug:  Happens rarely (when shutdown of a device coincides
with creation of another), forces the user to unplug and replug the new
device to get it working.

The fix is obvious:  Free the minor number *after* instead of *before*
device_unregister().  This requires to take an additional reference of
the fw_device as long as the IDR tree points to it.

And while we are at it, we fix an additional race condition:
fw_device_op_open() took its reference of the fw_device a little bit too
late, hence was in danger to access an already invalid fw_device.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

fw_device.node_id and fw_device.generation are accessed without mutexes.
We have to ensure that all readers will get to see node_id updates
before generation updates.

Fixes an inability to recognize devices after "giving up on config rom",
https://bugzilla.redhat.com/show_bug.cgi?id=429950Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Reviewed by Nick Piggin <nickpiggin@yahoo.com.au>.

Verified to fix 'giving up on config rom' issues on multiple system and
drive combinations that were previously affected.
Signed-off-by: NJarod Wilson <jwilson@redhat.com>
Signed-off-by: NKristian Høgsberg <krh@redhat.com>

We have to use the fw_device.generation here, not the fw_card.generation,
because the generation must never be newer than the node ID when we emit
a transaction.  This cannot be guaranteed with fw_card.generation.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Verified in concert with subsequent memory barriers patch to fix 'giving
up on config rom' issues on multiple system and drive combinations that
were previously affected.
Signed-off-by: NJarod Wilson <jwilson@redhat.com>

Signed-off-by: NJay Fenlason <fenlason@redhat.com>

Prompted by https://bugzilla.redhat.com/show_bug.cgi?id=323411Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

This duplicates the read cycle timer feature of raw1394 (added in Linux
2.6.21) in firewire-core's userspace ABI.  The argument to the ioctl is
reordered though to ensure 32/64 bit compatibility.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NKristian Høgsberg <krh@redhat.com>

Sparse warned about it although it was apparently harmless:

drivers/firewire/fw-cdev.c:624:23: warning: symbol 'interrupt' shadows an earlier one
include/asm/hw_irq.h:29:13: originally declared here
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Use a speed probe to determine the speed over 1394b buses and of nodes
which report a link speed less than their PHY speed.

Log the effective maximum speed of newly created nodes in dmesg.

Also, read the config ROM (except bus info block) at the maximum speed
rather than S100.  This isn't a real optimization though because we
still only use quadlet read requests for the entire ROM.

The patch also adds support for S1600 and S3200, although such hardware
does not exist yet.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NKristian Høgsberg <krh@redhat.com>

This patch fixes an OOPS on cdev release for an fd where iso context
creation failed.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The struct is part of the userspace interface and can not use
bitfields.  This patch replaces the bitfields with a __u32 'control'
word and provides access macros to set the bits.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Fix this warning on x86-64

drivers/firewire/fw-cdev.c:798: warning: initialization from incompatible pointer type

by making the return code of ioctl_send_request() the same as all the
other ioctl_xxx() return codes.
Signed-off-by: NJeff Garzik <jeff@garzik.org>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Hoegsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Drop filenames from file preamble, drop editor annotations and
use standard indent style for block comments.
Signed-off-by: NKristian Hoegsberg <krh@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (fixed typo)

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Currently create context always returns 0 and the other iso
ioctls will expect user space to pass that in for subsequent ioctls.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Also, with this change, refactor ioctl dispatch code to do the
copying from and to user space as indicated by the IOC annotations.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (renamed a variable)

Generalize the way we keep track of the various resources and
assign a unique handle to each resource.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (fixed whitespace)

Make event struct layout common part include the closure and add a
union for all event types; provide a mechanism for setting the
bus reset event closure.

Shuffle struct fw_cdev_queue_iso fields around to be 64-bit safe.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NKristian Høgsberg <krh@redhat.com>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Setting these at create_context time or start_iso time doesn't matter
much, but raw1394 sets them at start_iso time so that will be easier to
emulate this way.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The dualbuffer DMA setup did not account for the iso trailer word
and thus didn't  work correctly.  With this fixed we can drop the
dual buffer fallback mode.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Without this, pending transactions will dereference freed memory
if they complete after the device file has been closed.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Drop the event list semaphore and only use the wait queue and the list
to synchronize queue access.  Break out of a poll or read whenever
the device is disconnected.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The old mechanism kept a struct cdev for each fw device, but fops->release
would reference this struct after the device got freed in some cases.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Repurpose the get_config_rom ioctl to a general get_info ioctl.
This ioctl is now used for version negotiation, and optionally
returns the config rom, and the current bus info.
Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NKristian Høgsberg <krh@redhat.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>