linux-toradex.git/drivers/firewire/core-card.c, branch v2.6.35.4 Linux kernel for Apalis and Colibri modules firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder 2010-06-02T17:48:13+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2010-05-30T17:43:52+00:00 10389536742cefbedecb67a5b2906f155cf3a1c3 Per IEEE 1394 clause 8.4.2.3, a contender for the IRM role shall check whether the current IRM complies to 1394a-2000 or later. If not force a compliant node (e.g. itself) to become IRM. This was implemented in the older ieee1394 driver but not yet in firewire-core. An older Sony camcorder (Sony DCR-TRV25) which implements 1394-1995 IRM but neither 1394a-2000 IRM nor BM was now found to cause an interoperability bug: - Camcorder becomes root node when plugged in, hence gets IRM role. - firewire-core successfully contends for BM role, proceeds to perform gap count optimization and resets the bus. - Sony camcorder ignores presence of a BM (against the spec, this is a firmware bug), performs its idea of gap count optimization and resets the bus. - Preceding two steps are repeated endlessly, bus never settles, regular I/O is practically impossible. http://thread.gmane.org/gmane.linux.kernel.firewire.user/3913 This is an interoperability regression from the old to the new drivers. Fix it indirectly by adding the 1394a IRM check. The spec suggests three and a half methods to determine 1394a compliance of a remote IRM; we choose the method of testing the Config_ROM.Bus_Info.generation field. This is data that firewire-core should have readily available at this point, i.e. does not require extra I/O. Reported-by: Clemens Ladisch <clemens@ladisch.de> (missing 1394a check) Reported-by: H. S. <hs.samix@gmail.com> (issue with Sony DCR-TRV25) Tested-by: H. S. <hs.samix@gmail.com> Cc: <stable@kernel.org> # .32.x and newer Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Per IEEE 1394 clause 8.4.2.3, a contender for the IRM role shall check
whether the current IRM complies to 1394a-2000 or later.  If not force a
compliant node (e.g. itself) to become IRM.  This was implemented in the
older ieee1394 driver but not yet in firewire-core.

An older Sony camcorder (Sony DCR-TRV25) which implements 1394-1995 IRM
but neither 1394a-2000 IRM nor BM was now found to cause an
interoperability bug:
  - Camcorder becomes root node when plugged in, hence gets IRM role.
  - firewire-core successfully contends for BM role, proceeds to perform
    gap count optimization and resets the bus.
  - Sony camcorder ignores presence of a BM (against the spec, this is
    a firmware bug), performs its idea of gap count optimization and
    resets the bus.
  - Preceding two steps are repeated endlessly, bus never settles,
    regular I/O is practically impossible.
http://thread.gmane.org/gmane.linux.kernel.firewire.user/3913

This is an interoperability regression from the old to the new drivers.
Fix it indirectly by adding the 1394a IRM check.  The spec suggests
three and a half methods to determine 1394a compliance of a remote IRM;
we choose the method of testing the Config_ROM.Bus_Info.generation
field.  This is data that firewire-core should have readily available at
this point, i.e. does not require extra I/O.

Reported-by: Clemens Ladisch <clemens@ladisch.de> (missing 1394a check)
Reported-by: H. S. <hs.samix@gmail.com> (issue with Sony DCR-TRV25)
Tested-by: H. S. <hs.samix@gmail.com>

Cc: <stable@kernel.org> # .32.x and newer

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: use separate timeout for each transaction 2010-05-18T22:26:30+00:00 Clemens Ladisch clemens@ladisch.de 2010-04-27T07:07:00+00:00 5c40cbfefa828208c671e2f58789e4dd04f79563 Using a single timeout for all transaction that need to be flushed does not work if the submission of new transactions can defer the timeout indefinitely into the future. We need to have timeouts that do not change due to other transactions; the simplest way to do this is with a separate timer for each transaction. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (+ one lockdep annotation) 
Using a single timeout for all transaction that need to be flushed does
not work if the submission of new transactions can defer the timeout
indefinitely into the future.  We need to have timeouts that do not
change due to other transactions; the simplest way to do this is with a
separate timer for each transaction.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (+ one lockdep annotation)
firewire: core: clean up config ROM related defined constants 2010-04-19T18:00:44+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2010-04-14T20:30:18+00:00 edd5bdaf128e04066caac84fcb21377197ea0d64 Clemens Ladisch pointed out that - BIB_IMC is not named like the field is called in the standard, - readers of the code may get worried about the magic 0x0c0083c0, - a CSR_NODE_CAPABILITIES key is there in the header but not put to good use. So let's rename BIB_IMC, add a defined constant for Node_Capabilities and a comment which reassures people that somebody thought about it and they don't have to (or if they still do, tell them where they have to look for confirmation), and prune our incomplete and arbitrary set of defined constants of CSR key IDs. And there is a nother magic number, that of Bus_Information_Block.Bus_Name, to be defined and commented. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Clemens Ladisch pointed out that
  - BIB_IMC is not named like the field is called in the standard,
  - readers of the code may get worried about the magic 0x0c0083c0,
  - a CSR_NODE_CAPABILITIES key is there in the header but not put to
    good use.

So let's rename BIB_IMC, add a defined constant for Node_Capabilities
and a comment which reassures people that somebody thought about it and
they don't have to (or if they still do, tell them where they have to
look for confirmation), and prune our incomplete and arbitrary set of
defined constants of CSR key IDs.  And there is a nother magic number,
that of Bus_Information_Block.Bus_Name, to be defined and commented.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: add_descriptor size check 2010-01-26T19:54:50+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2010-01-24T13:47:02+00:00 e300839da40e99581581c5d053a95a172651fec8 Presently, firewire-core only checks whether descriptors that are to be added by userspace drivers to the local node's config ROM do not exceed a size of 256 quadlets. However, the sum of the bare minimum ROM plus all descriptors (from firewire-core, from firewire-net, from userspace) must not exceed 256 quadlets. Otherwise, the bounds of a statically allocated buffer will be overwritten. If the kernel survives that, firewire-core will subsequently be unable to parse the local node's config ROM. (Note, userspace drivers can add descriptors only through device files of local nodes. These are usually only accessible by root, unlike device files of remote nodes which may be accessible to lesser privileged users.) Therefore add a test which takes the actual present and required ROM size into account for all descriptors of kernelspace and userspace drivers. Cc: stable@kernel.org Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets.  However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.

Otherwise, the bounds of a statically allocated buffer will be
overwritten.  If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.

(Note, userspace drivers can add descriptors only through device files
of local nodes.  These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)

Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.

Cc: stable@kernel.org
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: optimize Topology Map creation 2009-10-14T21:10:48+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-10-07T22:42:53+00:00 cb7c96da3651111efbe088fa12f9bed61836ea93 The Topology Map of the local node was created in CPU byte order, then a temporary big endian copy was created to compute the CRC, and when a read request to the Topology Map arrived it had to be converted to big endian byte order again. We now generate it in big endian byte order in the first place. This also rids us of 1000 bytes stack usage in tasklet context. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
The Topology Map of the local node was created in CPU byte order,
then a temporary big endian copy was created to compute the CRC,
and when a read request to the Topology Map arrived it had to be
converted to big endian byte order again.

We now generate it in big endian byte order in the first place.
This also rids us of 1000 bytes stack usage in tasklet context.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: clarify generate_config_rom usage 2009-10-14T21:10:48+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-10-07T22:42:27+00:00 fe242579e9f33150868f1bb79c7e262ad7953f17 Move the static config ROM buffer into the scope of the two callers of generate_config_rom(). That way the ROM length can be passed over as return value rather than through a pointer argument. It also becomes more obvious that accesses to the config ROM buffer have to be serialized and how this is accomplished. And firewire-core.ko shrinks a bit as well. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
Move the static config ROM buffer into the scope of the two callers of
generate_config_rom().  That way the ROM length can be passed over as
return value rather than through a pointer argument.

It also becomes more obvious that accesses to the config ROM buffer have
to be serialized and how this is accomplished.  And firewire-core.ko
shrinks a bit as well.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: optimize config ROM creation 2009-10-14T21:10:48+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-10-07T22:41:59+00:00 8e85973efc87dfae8508f1a3440fd44612897458 The config ROM image of the local node was created in CPU byte order, then a temporary big endian copy was created to compute the CRC, and finally the card driver created its own big endian copy. We now generate it in big endian byte order in the first place to avoid one byte order conversion and the temporary on-stack copy of the ROM image (1000 bytes stack usage in process context). Furthermore, two 1000 bytes memset()s are replaced by one 1000 bytes - ROM length sized memset. The trivial fw_memcpy_{from,to}_be32() helpers are now superfluous and removed. The newly added __compute_block_crc() function will be folded into fw_compute_block_crc() in a subsequent change. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
The config ROM image of the local node was created in CPU byte order,
then a temporary big endian copy was created to compute the CRC, and
finally the card driver created its own big endian copy.

We now generate it in big endian byte order in the first place to avoid
one byte order conversion and the temporary on-stack copy of the ROM
image (1000 bytes stack usage in process context).  Furthermore, two
1000 bytes memset()s are replaced by one 1000 bytes - ROM length sized
memset.

The trivial fw_memcpy_{from,to}_be32() helpers are now superfluous and
removed.  The newly added __compute_block_crc() function will be folded
into fw_compute_block_crc() in a subsequent change.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: normalize style of queue_work wrappers 2009-10-14T21:10:48+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-10-07T22:41:10+00:00 9fb551bf72929b316abb6d96cfb2ec05e896042a A few stylistic changes to unify some code patterns in the subsystem: - The similar queue_delayed_work helpers fw_schedule_bm_work, schedule_iso_resource, and sbp2_queue_work now have the same call convention. - Two conditional calls of schedule_iso_resource are factored into another small helper. - An sbp2_target_get helper is added as counterpart to sbp2_target_put. Object size of firewire-core is decreased a little bit, object size of firewire-sbp2 remains unchanged. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
A few stylistic changes to unify some code patterns in the subsystem:

  - The similar queue_delayed_work helpers fw_schedule_bm_work,
    schedule_iso_resource, and sbp2_queue_work now have the same call
    convention.
  - Two conditional calls of schedule_iso_resource are factored into
    another small helper.
  - An sbp2_target_get helper is added as counterpart to
    sbp2_target_put.

Object size of firewire-core is decreased a little bit, object size of
firewire-sbp2 remains unchanged.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: fix race with parallel PCI device probe 2009-09-12T12:48:40+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-09-06T16:50:29+00:00 b171e204b32b69e241af994d6e9be559e33535c1 The config ROM buffer received from generate_config_rom is a globally shared static buffer. Extend the card_mutex protection in fw_add_card until after the config ROM was copied into the card driver's buffer. Otherwise, parallelized card driver probes may end up with ROM contents that were meant for a different card. firewire-ohci's card->driver->enable hook is safe to be called within the card_mutex. Furthermore, it is safe to reorder card_list update versus card enable, which simplifies the code a little. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
The config ROM buffer received from generate_config_rom is a globally
shared static buffer.  Extend the card_mutex protection in fw_add_card
until after the config ROM was copied into the card driver's buffer.
Otherwise, parallelized card driver probes may end up with ROM contents
that were meant for a different card.

firewire-ohci's card->driver->enable hook is safe to be called within
the card_mutex.  Furthermore, it is safe to reorder card_list update
versus card enable, which simplifies the code a little.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: core: do not DMA-map stack addresses 2009-06-25T17:42:36+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2009-06-20T11:23:59+00:00 6fdc03709433ccc2005f0f593ae9d9dd04f7b485 The DMA mapping API cannot map on-stack addresses, as explained in Documentation/DMA-mapping.txt. Convert the two cases of on-stack packet payload buffers in firewire-core (payload of lock requests in the bus manager work and in iso resource management) to slab-allocated memory. There are a number on-stack buffers for quadlet write or quadlet read requests in firewire-core and firewire-sbp2. These are harmless; they are copied to/ from card driver internal DMA buffers since quadlet payloads are inlined with packet headers. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 
The DMA mapping API cannot map on-stack addresses, as explained in
Documentation/DMA-mapping.txt.  Convert the two cases of on-stack packet
payload buffers in firewire-core (payload of lock requests in the bus
manager work and in iso resource management) to slab-allocated memory.

There are a number on-stack buffers for quadlet write or quadlet read
requests in firewire-core and firewire-sbp2.  These are harmless; they
are copied to/ from card driver internal DMA buffers since quadlet
payloads are inlined with packet headers.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>