Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

If the controller is storing a split packet and therefore changing
d->res_count to zero between the two reads by the driver, we end up with
an end pointer that is not at a packet boundary, and therefore overflow
the buffer when handling the split packet.

To fix this, read the field once, atomically.  The compiler usually
merges the two reads anyway, but for correctness, we have to enforce it.
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Tested-by: NMaxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Freeing an AR buffer page just to allocate a new page immediately
afterwards is not only a pointless effort but also dangerous because
the allocation can fail, which would result in an oops later.

Split ar_context_add_page() into two functions so that we can reuse
the old page directly.
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Tested-by: NMaxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: NMaxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When the controller had to split a received asynchronous packet into two
buffers, the driver tries to reassemble it by copying both parts into
the first page.  However, if size + rest > PAGE_SIZE, i.e., if the yet
unhandled packets before the split packet, the split packet itself, and
any received packets after the split packet are together larger than one
page, then the memory after the first page would get overwritten.

To fix this, do not try to copy the data of all unhandled packets at
once, but copy the possibly needed data every time when handling
a packet.

This gets rid of most of the infamous crashes and data corruptions when
using firewire-net.
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: NMaxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (cast PAGE_SIZE to size_t)

Revert commit 54672386
"firewire: ohci: fix up configuration of TI chips".
It caused massive slow-down and data corruption with a TSB82AA2 based
StarTech EC1394B2 ExpressCard and FireWire 800 harddisks.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/657081
http://thread.gmane.org/gmane.linux.kernel.firewire.user/4013

The fact that some card EEPROMs do not program these enhancements may be
related to TSB81BA3 phy chip errata, if not to bugs of TSB82AA2 itself.
We could re-add these configuration steps, but only conditional on a
whitelist of cards on which these enhancements bring a proven positive
effect.
Reported-and-tested-by: NEric Shattow <lucent@gmail.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org> 2.6.35
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

All file_operations should get a .llseek operation so we can make
nonseekable_open the default for future file operations without a
.llseek pointer.

The three cases that we can automatically detect are no_llseek, seq_lseek
and default_llseek. For cases where we can we can automatically prove that
the file offset is always ignored, we use noop_llseek, which maintains
the current behavior of not returning an error from a seek.

New drivers should normally not use noop_llseek but instead use no_llseek
and call nonseekable_open at open time.  Existing drivers can be converted
to do the same when the maintainer knows for certain that no user code
relies on calling seek on the device file.

The generated code is often incorrectly indented and right now contains
comments that clarify for each added line why a specific variant was
chosen. In the version that gets submitted upstream, the comments will
be gone and I will manually fix the indentation, because there does not
seem to be a way to do that using coccinelle.

Some amount of new code is currently sitting in linux-next that should get
the same modifications, which I will do at the end of the merge window.

Many thanks to Julia Lawall for helping me learn to write a semantic
patch that does all this.

===== begin semantic patch =====
// This adds an llseek= method to all file operations,
// as a preparation for making no_llseek the default.
//
// The rules are
// - use no_llseek explicitly if we do nonseekable_open
// - use seq_lseek for sequential files
// - use default_llseek if we know we access f_pos
// - use noop_llseek if we know we don't access f_pos,
//   but we still want to allow users to call lseek
//
@ open1 exists @
identifier nested_open;
@@
nested_open(...)
{
<+...
nonseekable_open(...)
...+>
}

@ open exists@
identifier open_f;
identifier i, f;
identifier open1.nested_open;
@@
int open_f(struct inode *i, struct file *f)
{
<+...
(
nonseekable_open(...)
|
nested_open(...)
)
...+>
}

@ read disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
<+...
(
   *off = E
|
   *off += E
|
   func(..., off, ...)
|
   E = *off
)
...+>
}

@ read_no_fpos disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
... when != off
}

@ write @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
<+...
(
  *off = E
|
  *off += E
|
  func(..., off, ...)
|
  E = *off
)
...+>
}

@ write_no_fpos @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
... when != off
}

@ fops0 @
identifier fops;
@@
struct file_operations fops = {
 ...
};

@ has_llseek depends on fops0 @
identifier fops0.fops;
identifier llseek_f;
@@
struct file_operations fops = {
...
 .llseek = llseek_f,
...
};

@ has_read depends on fops0 @
identifier fops0.fops;
identifier read_f;
@@
struct file_operations fops = {
...
 .read = read_f,
...
};

@ has_write depends on fops0 @
identifier fops0.fops;
identifier write_f;
@@
struct file_operations fops = {
...
 .write = write_f,
...
};

@ has_open depends on fops0 @
identifier fops0.fops;
identifier open_f;
@@
struct file_operations fops = {
...
 .open = open_f,
...
};

// use no_llseek if we call nonseekable_open
////////////////////////////////////////////
@ nonseekable1 depends on !has_llseek && has_open @
identifier fops0.fops;
identifier nso ~= "nonseekable_open";
@@
struct file_operations fops = {
...  .open = nso, ...
+.llseek = no_llseek, /* nonseekable */
};

@ nonseekable2 depends on !has_llseek @
identifier fops0.fops;
identifier open.open_f;
@@
struct file_operations fops = {
...  .open = open_f, ...
+.llseek = no_llseek, /* open uses nonseekable */
};

// use seq_lseek for sequential files
/////////////////////////////////////
@ seq depends on !has_llseek @
identifier fops0.fops;
identifier sr ~= "seq_read";
@@
struct file_operations fops = {
...  .read = sr, ...
+.llseek = seq_lseek, /* we have seq_read */
};

// use default_llseek if there is a readdir
///////////////////////////////////////////
@ fops1 depends on !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier readdir_e;
@@
// any other fop is used that changes pos
struct file_operations fops = {
... .readdir = readdir_e, ...
+.llseek = default_llseek, /* readdir is present */
};

// use default_llseek if at least one of read/write touches f_pos
/////////////////////////////////////////////////////////////////
@ fops2 depends on !fops1 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read.read_f;
@@
// read fops use offset
struct file_operations fops = {
... .read = read_f, ...
+.llseek = default_llseek, /* read accesses f_pos */
};

@ fops3 depends on !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write.write_f;
@@
// write fops use offset
struct file_operations fops = {
... .write = write_f, ...
+	.llseek = default_llseek, /* write accesses f_pos */
};

// Use noop_llseek if neither read nor write accesses f_pos
///////////////////////////////////////////////////////////

@ fops4 depends on !fops1 && !fops2 && !fops3 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
identifier write_no_fpos.write_f;
@@
// write fops use offset
struct file_operations fops = {
...
 .write = write_f,
 .read = read_f,
...
+.llseek = noop_llseek, /* read and write both use no f_pos */
};

@ depends on has_write && !has_read && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write_no_fpos.write_f;
@@
struct file_operations fops = {
... .write = write_f, ...
+.llseek = noop_llseek, /* write uses no f_pos */
};

@ depends on has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
@@
struct file_operations fops = {
... .read = read_f, ...
+.llseek = noop_llseek, /* read uses no f_pos */
};

@ depends on !has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
@@
struct file_operations fops = {
...
+.llseek = noop_llseek, /* no read or write fn */
};
===== End semantic patch =====
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Cc: Julia Lawall <julia@diku.dk>
Cc: Christoph Hellwig <hch@infradead.org>

The drivers
  - ohci1394 (controller driver)
  - ieee1394 (core)
  - dv1394, raw1394, video1394 (userspace ABI)
  - eth1394, sbp2 (protocol drivers)
are replaced by
  - firewire-ohci (controller driver)
  - firewire-core (core and userspace ABI)
  - firewire-net, firewire-sbp2 (protocol drivers)
which are more featureful, better performing, and more secure than the older
drivers; all with a smaller and more modern code base.

The driver firedtv in drivers/media/dvb/firewire/ contains backends to both
ieee1394 and firewire-core.  Its ieee1394 backend code can be removed in an
independent commit; firedtv as-is builds and works fine without ieee1394.

The driver pcilynx (an incomplete controller driver) is deleted without
replacement since PCILynx cards are extremely rare.  Owners of these cards
use them with the stand-alone bus sniffer driver nosy instead.

The drivers nosy and init_ohci1394_dma which do not interact with either of
the two IEEE 1394 stacks are not affected by the ieee1394 subsystem removal.

There are still some issues with the newer firewire subsystem compared to
the older one:
  - The rare and quirky controllers ALi M52xx, Apple UniNorth v1, NVIDIA
    NForce2 are even less well supported by firewire-ohci than by ohci1394.
    I am looking into the M52xx issue.
  - The experimental firewire-net is reportedly less stable than its
    experimental cousin eth1394.
  - Audio playback of a certain group of audio devices (ones based on DICE
    chipset with EAP; supported by prerelease FFADO code) does not work yet.
    This issue is still under investigation.
  - There were some ieee1394 based out-of-the-mainline drivers.  Of them,
    only lisight, an audio driver for iSight webcams, seems still useful.
    Work is underway to reimplement it on top of firewire-core.

All these remainig issues are minor; they should not stand in the way of
overall better user experience of IEEE 1394 on Linux, together with a
reduction in support efforts and maintenance burden.  The coexistence of two
IEEE 1394 kernel driver stacks in the mainline since 2.6.22 shall end now,
as announced earlier this year.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

because drivers/ieee1394/ will be deleted.

Additional changes:
  - add some #include directives
  - adjust to use firewire/ohci.h instead of ieee1394/ohci1394.h,
    replace struct ti_ohci by a minimal struct ohci,
    replace quadlet_t from ieee1394_types.h by u32
  - two or three trivial stylistic changes
  - __iomem annotation
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The Ricoh FireWire controllers appear to have the non-atomic cycle
timer register access bug, so, activate the driver workaround by
default.

The behaviour was observed on:
Ricoh Co Ltd R5C552 IEEE 1394 Controller [1180:0552] and
Ricoh Co Ltd R5C832 IEEE 1394 Controller [1180:0832] (rev 04).
Signed-off-by: NHeikki Lindholm <holin@iki.fi>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

VIA VT6306, VIA VT6308, and NEC OrangeLink controllers do not write
packet event codes for received PHY packets (or perhaps write
evt_no_status, hard to tell).  Work around it by overwriting the
packet's ACK by ack_complete, so that upper layers that listen to PHY
packet reception get to see these packets.

(Also tested:  TI TSB82AA2, TI TSB43AB22/A, TI XIO2213A, Agere FW643,
JMicron JMB381 --- these do not exhibit this bug.)

Clemens proposed a quirks flag for that, IOW whitelist known misbehaving
controllers for this workaround.  Though to me it seems harmless enough
to enable for all controllers.

The log_ar_at_event() debug log will continue to show the original
status from the DMA unit.

Reported-by: Clemens Ladisch <clemens@ladisch.de> (VT6308)
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Because we might be in interrupt context, replace del_timer_sync() with
del_timer().  If the timer is already running, we know that it will
clean up the transaction, so we do not need to do any further processing
in the normal transaction handler.

Many thanks to Yong Zhang for diagnosing this.
Reported-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The incoming request hander fwnet_receive_packet() expects subsequent
datagram handling code to return non-zero on errors.  However, almost
none of the failure paths did so.  Fix them all.

(This error reporting is used to send and RCODE_CONFLICT_ERROR to the
sender node in such failure cases.  Two modes of failure exist:  Out of
memory, or firewire-net is unaware of any peer node to which a fragment
or an ARP packet belongs.  However, it is unclear whether a sender can
actually make use of such information.  A Linux peer apparently can't.
Maybe it should all be simplified to void functions.)
Reported-by: NJulia Lawall <julia@diku.dk>
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Fix I/O stalls with some 4-bay RAID enclosures which are based on
OXUF936QSE:
  - Onnto dataTale RSM4QO, old firmware (not anymore with current
    firmware),
  - inXtron Hydra Super-S LCM, old as well as current firmware
when used in RAID-5 mode, perhaps also in other RAID modes.

The stalls happen during heavy or moderate disk traffic in periods that
are a multiple of 5 minutes, roughly twice per hour.  They are caused
by the target responding too late to an ORB_Pointer register write:
The target responds after Split_Timeout, hence firewire-core cancels
the transaction, and firewire-sbp2 fails the SCSI request.  The SCSI
core retries the request, that fails again (and again), hence SCSI core
calls firewire-sbp2's abort handler (and even the Management_Agent
register write in the abort handler has the transaction timeout
problem).

During all that, the process which issued the I/O is stalled in I/O
wait state.

Meanwhile, the target actually acts on the first failed SCSI request:
It responds to the ORB_Pointer write later (seen in the kernel log as
"firewire_core: Unsolicited response") and also finishes the SCSI
request with proper status (seen in the kernel log as "firewire_sbp2:
status write for unknown orb").

So let's just ignore RCODE_CANCELLED in the transaction callback and
wait for the target to complete the ORB nevertheless.  This requires
a small modification is sbp2_cancel_orbs(); it now needs to call
orb->callback() regardless whether fw_cancel_transaction() found the
transaction unfinished or finished.

A different solution is to increase Split_Timeout on the local node.
(Tested: 2000ms timeout; maybe 1000ms or something like that works too.
200ms is insufficient.  Standard is 100ms.)  However, I rather not do
this because any software on any node could change the Split_Timeout to
something unsuitable.  Or such a large Split_Timeout may be undesirable
for other purposes.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When an ORB was canceled (Command ORB i.e. SCSI request timed out, or
Management ORB timed out), or there was a send error in the initial
transaction, we missed to drop one of the ORB's references and thus
leaked memory.

Background:
In total, we hold 3 references to each Operation Request Block:
  - 1 during sbp2_scsi_queuecommand() or sbp2_send_management_orb()
    respectively,
  - 1 for the duration of the write transaction to the ORB_Pointer or
    Management_Agent register of the target,
  - 1 for as long as the ORB stays within the lu->orb_list, until
    the ORB is unlinked from the list and the orb->callback was
    executed.

The latter one of these 3 references is finished
  - normally by sbp2_status_write() when the target wrote status
    for a pending ORB,
  - or by sbp2_cancel_orbs() in case of an ORB time-out,
  - or by complete_transaction() in case of a send error.
Of them, the latter two lacked the kref_put.

Add the missing kref_put()s.  Add comments to the gets and puts of
references for transaction callbacks and ORB callbacks so that it is
easier to see what is supposed to happen.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The driver name and bus address for a net_device can normally be found
through the driver model now.  Instead of requiring drivers to provide
this information redundantly through the ethtool_ops::get_drvinfo
operation, use the driver model to do so if the driver does not define
the operation.  Since ETHTOOL_GDRVINFO no longer requires the driver
to implement any operations, do not require net_device::ethtool_ops to
be set either.

Remove implementations of get_drvinfo and ethtool_ops that provide
only this information.
Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

There is an at least theoretic race condition in which .start_iso etc.
could still be called between when the dummy driver is bound to the card
and when the children devices are being shut down.  Add dummy_start_iso
and friends.

On the other hand, .enable, .set_config_rom, .read_csr, write_csr do not
need to be implemented by the dummy driver, as commented.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

This adds the DMA context programming and userspace ABI for multichannel
reception, i.e. for listening on multiple channel numbers by means of a
single DMA context.

The use case is reception of more streams than there are IR DMA units
offered by the link layer.  This is already implemented by the older
ohci1394 + ieee1394 + raw1394 stack.  And as discussed recently on
linux1394-devel, this feature is occasionally used in practice.

The big drawbacks of this mode are that buffer layout and interrupt
generation necessarily differ from single-channel reception:  Headers
and trailers are not stripped from packets, packets are not aligned with
buffer chunks, interrupts are per buffer chunk, not per packet.

These drawbacks also cause a rather hefty code footprint to support this
rarely used OHCI-1394 feature.  (367 lines added, among them 94 lines of
added userspace ABI documentation.)

This implementation enforces that a multichannel reception context may
only listen to channels to which no single-channel context on the same
link layer is presently listening to.  OHCI-1394 would allow to overlay
single-channel contexts by the multi-channel context, but this would be
a departure from the present first-come-first-served policy of IR
context creation.

The implementation is heavily based on an earlier one by Jay Fenlason.
Thanks Jay.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Make a note on the seemingly unused linux/sched.h.
Rename an irritatingly named variable.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

ioctl_create_iso_context enforces ctx->header_size >= 4.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

firewire-ohci keeps book of which isochronous channels are occupied by
IR DMA contexts, so that there cannot be more than one context listening
to a certain channel.

If IR context creation failed due to an out-of-memory condition, this
bookkeeping leaked a channel.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

When we append to a DMA program, we need to ensure that the order in
which initialization of the new descriptors and update of the
branch_address of the old tail descriptor, as seen by the PCI device,
happen as intended.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

This adds nosy-dump, the userspace part of nosy, the IEEE 1394 traffic
sniffer for Texas Instruments PCILynx/ PCILynx2 based cards.  Author is
Kristian Høgsberg.

The files added here are taken from
git://anongit.freedesktop.org/~krh/nosy commit ee29be97 (2009-11-10)
with the following changes by Stefan Richter:
  - Parts pertaining to the kernel module removed from Makefile.
  - dist target removed from the Makefile.
  - Mentioned nosy-dump in the Kconfig help to nosy's kernel component.
  - Add copyright notice to nosy-dump.c.  This is a duplicate of the
    respective notice in the kernel component nosy.c except for a time
    span of 2002 - 2006, according to Kristian's git log.

"git shortlog decode-fcp.c list.h nosy-dump.[ch]" from nosy's git
repository:

Jonathan Woithe (1):
      Save logs on Ctrl-C

Kristian Høgsberg (11):
      Pull over nosy from mercurial repo.
      Remove some fields from default view, add logging feature.
      Use infinite time out for poll(), mark more detail fields.
      Fix byte ordering macro.
      Add decoding of iso data and lock packets.
      Add flag to indicate data length field.
      Add cycle start packet decoding, add --iso and --cycle-start flags.
      Distinguish between phy-packets and 0-length iso data.
      Fix transaction and stats view.
      Add simple AV/C decoder.
      Don't break down on big payloads.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: NKristian Høgsberg <krh@bitplanet.net>

Replace home-grown printk wrapper macros by ones from kernel.h and
device.h.

Also raise the log level in set_phy_reg() from debug to error because
these are really error conditions.  Could even be WARN_ON.  Lower the
log level in the device probe and driver shutdown from notice to info.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

1.)  The DMA programs (struct pcl) are PCI-endian = little endian data
(except for the 3rd quadlet in a PCL which the controller does not
touch).  Annotate them as such.

Fix all accesses of the PCL to work with big endian CPUs also.  Not
actually tested, I only have a little endian PC to test with.  This
includes replacement of a bitfield struct pcl_status by open-coded
shift and mask operations.

2.)  The two __attribute__ ((packed)) at struct pcl are not really
required since it consists of u32/__le32 only, i.e. there will be no
padding with or without the attribute.

3.)  The received IEEE 1394 data are byteswapped by the controller from
IEEE 1394 endian = big endian to PCI endian = little endian because the
PCL_BIGENDIAN control bit is set.  Therefore annotate the DMA buffer as
a __le32 array.

Fix the one access of the DMA buffer (the check of the transaction code
of link packets) to work with big endian CPUs.  Also fix the two
accesses of the client bounce buffer (the reading of packet length).

4.)  Add a comment to the userspace ABI header that all of the data gets
out as little endian data, except for the timestamp which is CPU endian.
(We could make it little endian too, but why?  Vice versa, an ioctl
could be added to dump packet data in big endian byte order...)
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Fix race between nosy_open() and remove_card() by replacing the
unprotected array of card pointers by a mutex-protected list of cards.

Make card instances reference-counted and let each client hold a
reference.

Notify clients about card removal via POLLHUP in poll()'s events
bitmap; also let read() fail with errno=ENODEV if the card was removed
and everything in the buffer was read.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

and add a missing pci_disable_device() to device shutdown.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Untested, I don't have a PCILynx CardBus card.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

nosy_start/stop_snoop() and nosy_add/remove_client() are simple enough
to be inlined into their callers.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

nosy_start/stop_snoop() are always only called by the ioctl method, i.e.
with IRQs enabled.  packet_handler() and bus_reset_handler() are always
only called by the IRQ handler.  Hence neither one needs to track IRQ
flags.

To underline the call context of packet_handler() and
bus_reset_handler(), rename these functions to *_irq_handler().
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

nosy_stop_snoop() would blow up the second time it was called without
nosy_start_snoop() in between.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

The required serialization of NOSY_IOC_START and NOSY_IOC_STOP is
already provided by the client_list_lock.

NOSY_IOC_FILTER does not really require serialization since accesses
to tcode_mask are atomic on any sane CPU architecture.  Nevertheless,
make it explicit that we want this to be atomic by means of
client_list_lock (which also surrounds the other tcode_mask access in
the IRQ handler).  While we are at it, change the type of tcode_mask to
u32 for consistency with the user API.

NOSY_IOC_GET_STATS does not require serialization against itself.  But
there is a bug here regarding concurrent updates of the two counters
by the IRQ handler.  Fix it by taking the client_list_lock in this ioctl
too.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Extend copyright note to 2007, c.f. Kristian's git log.

Includes:
  - replace some <asm/*.h> by <linux/*.h>
  - add required indirectly included <linux/spinlock.h>
  - order alphabetically

Coding style related changes:
  - change to utf8
  - normalize whitespace
  - normalize comment style
  - remove usages of __FUNCTION__
  - remove an unnecessary cast from void *

Const and static declarations:
  - driver_name is not const in pci_driver.name, drop const qualifier
  - driver_name can be taken from KBUILD_MODNAME
  - the global variable minors[] can and should be static
  - constify struct file_operations instance

Data types:
  - Remove unused struct member struct packet.code.  struct packet is
    only used for driver-internal bookkeeping; it does not appear on the
    wire or in DMA programs or the userspace ABI.  Hence the unused
    member .code can be removed without worries.

Preprocessor macros:
  - unroll a preprocessor macro that containd a return
  - use list_for_each_entry

Printk:
  - add missing terminating \n in some format strings
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

This adds the traffic sniffer driver for Texas Instruments PCILynx/
PCILynx2 based cards.  The use cases for nosy are analysis of
nonstandard protocols and as an aid in development of drivers,
applications, or firmwares.

Author of the driver is Kristian Høgsberg.  Known contributers are
Jody McIntyre and Jonathan Woithe.

Nosy programs PCILynx chips to operate in promiscuous mode, which is a
feature that is not found in OHCI-1394 controllers.  Hence, only special
hardware as mentioned in the Kconfig help text is suitable for nosy.

This is only the kernelspace part of nosy.  There is a userspace
interface to it, called nosy-dump, proposed to be added into the tools/
subdirectory of the kernel sources in a subsequent change.  Kernelspace
and userspave component of nosy communicate via a 'misc' character
device file called /dev/nosy with a simple ioctl() and read() based
protocol, as described by nosy-user.h.

The files added here are taken from
git://anongit.freedesktop.org/~krh/nosy commit ee29be97 (2009-11-10)
with the following changes by Stefan Richter:
  - Kconfig and Makefile hunks are written from scratch.
  - Commented out version printk in nosy.c.
  - Included missing <linux/sched.h>, reported by Stephen Rothwell.

"git shortlog nosy{-user.h,.c,.h}" from nosy's git repository:

Jonathan Woithe (2):
      Nosy updates for recent kernels
      Fix uninitialised memory (needed for 2.6.31 kernel)

Kristian Høgsberg (5):
      Pull over nosy from mercurial repo.
      Use a misc device instead.
      Add simple AV/C decoder.
      Don't break down on big payloads.
      Set parent device for misc device.

As a low-level IEEE 1394 driver, its files are placed into
drivers/firewire/ although nosy is not part of the firewire driver
stack.

I am aware of the following literature from Texas Instruments about
PCILynx programming:
      SCPA020A - PCILynx 1394 to PCI Bus Interface TSB12LV21BPGF
                 Functional Specification
      SLLA023  - Initialization and Asynchronous Programming of the
                 TSB12LV21A 1394 Device
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: NKristian Høgsberg <krh@bitplanet.net>

In both the ieee1394 stack and the firewire stack, the core treats
kernelspace drivers better than userspace drivers when it comes to
CSR address range allocation:  The former may request a register to be
placed automatically at a free spot anywhere inside a specified address
range.  The latter may only request a register at a fixed offset.

Hence, userspace drivers which do not require a fixed offset potentially
need to implement a retry loop with incremented offset in each retry
until the kernel does not fail allocation with EBUSY.  This awkward
procedure is not fundamentally necessary as the core already provides a
superior allocation API to kernelspace drivers.

Therefore change the ioctl() ABI by addition of a region_end member in
the existing struct fw_cdev_allocate.  Userspace and kernelspace APIs
work the same way now.

There is a small cost to pay by clients though:  If client source code
is required to compile with older kernel headers too, then any use of
the new member fw_cdev_allocate.region_end needs to be enclosed by
#ifdef/#endif directives.  However, any client program that seriously
wants to use address range allocations will require a kernel of cdev ABI
version >= 4 at runtime and a linux/firewire-cdev.h header of >= 4
anyway.  This is because v4 brings FW_CDEV_EVENT_REQUEST2.  The only
client program in which build-time compatibility with struct
fw_cdev_allocate as found in older kernel headers makes sense is
libraw1394.

(libraw1394 uses the older broken FW_CDEV_EVENT_REQUEST to implement a
makeshift, incorrect transaction responder that does at least work
somewhat in many simple scenarios, relying on guesswork by libraw1394
and by libraw1394 based applications.  Plus, address range allocation
and transaction responder is only one of many features that libraw1394
needs to provide, and these other features need to work with kernel and
kernel-headers as old as possible.  Any new linux/firewire-cdev.h based
client that implements a transaction responder should never attempt to
do it like libraw1394;  instead it should make a header and kernel of v4
or later a hard requirement.)

While we are at it, update the struct fw_cdev_allocate documentation to
better reflect the recent fw_cdev_event_request2 ABI addition.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

region->end is defined as an upper bound of the requested address range,
exclusive --- i.e. as an address outside of the range in which the
requested CSR is to be placed.

Hence 0x0001,0000,0000,0000 is the biggest valid region->end, not
0x0000,ffff,ffff,fffc like the current check asserted.

For simplicity, the fix drops the region->end & 3 test because there is
no actual problem with these bits set in region->end.  The allocated
address range will be quadlet aligned and of a size of multiple quadlets
due to the checks for region->start & 3 and handler->length & 3 alone.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

This extends the FW_CDEV_IOC_SEND_PHY_PACKET ioctl() for /dev/fw* to be
useful for ping time measurements.  One application for it would be gap
count optimization in userspace that is based on ping times rather than
hop count.  (The latter is implemented in firewire-core itself but is
not applicable to beta PHYs that act as repeater.)
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Add an FW_CDEV_IOC_RECEIVE_PHY_PACKETS ioctl() and
FW_CDEV_EVENT_PHY_PACKET_RECEIVED poll()/read() event for /dev/fw*.
This can be used to get information from remote PHYs by remote access
PHY packets.

This is also the 2nd half of the functionality (the receive part) to
support a userspace implementation of a VersaPHY transaction layer.

Safety considerations:

  - PHY packets are generally broadcasts, hence some kind of elevated
    privileges should be required of a process to be able to listen in
    on PHY packets.  This implementation assumes that a process that is
    allowed to open the /dev/fw* of a local node does have this
    privilege.

    There was an inconclusive discussion about introducing POSIX
    capabilities as a means to check for user privileges for these
    kinds of operations.

Other limitations:

  - PHY packet reception may be switched on by ioctl() but cannot be
    switched off again.  It would be trivial to provide an off switch,
    but this is not worth the code.  The client should simply close()
    the fd then, or just ignore further events.

  - For sake of simplicity of API and kernel-side implementation, no
    filter per packet content is provided.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>

Add an FW_CDEV_IOC_SEND_PHY_PACKET ioctl() for /dev/fw* which can be
used to implement bus management related functionality in userspace.

This is also half of the functionality (the transmit part) that is
needed to support a userspace implementation of a VersaPHY transaction
layer.

Safety considerations:

  - PHY packets are generally broadcasts and may have interesting
    effects on PHYs and the bus, e.g. make asynchronous arbitration
    impossible due to too low gap count.  Hence some kind of elevated
    privileges should be required of a process to be able to send
    PHY packets.  This implementation assumes that a process that is
    allowed to open the /dev/fw* of a local node does have this
    privilege.

    There was an inconclusive discussion about introducing POSIX
    capabilities as a means to check for user privileges for these
    kinds of operations.

  - The kernel does not check integrity of the supplied packet data.
    That would be far too much code, considering the many kinds of
    PHY packets.  A process which got the privilege to send these
    packets is trusted to do it correctly.

Just like with the other "send packet" ioctls, a non-blocking API is
chosen; i.e. the ioctl may return even before AT DMA started.  After
transmission, an event for poll()/read() is enqueued.  Most users are
going to need a blocking API, but a blocking userspace wrapper is easy
to implement, and the second of the two existing libraw1394 calls
raw1394_phy_packet_write() and raw1394_start_phy_packet_write() can be
better supported that way.
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>