summaryrefslogtreecommitdiff
path: root/drivers/firewire
AgeCommit message (Collapse)Author
2012-10-21firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel)Stefan Richter
commit 790198f74c9d1b46b6a89504361b1a844670d050 upstream. Fix two bugs of the /dev/fw* character device concerning the FW_CDEV_IOC_GET_INFO ioctl with nonzero fw_cdev_get_info.bus_reset. (Practically all /dev/fw* clients issue this ioctl right after opening the device.) Both bugs are caused by sizeof(struct fw_cdev_event_bus_reset) being 36 without natural alignment and 40 with natural alignment. 1) Memory corruption, affecting i386 userland on amd64 kernel: Userland reserves a 36 bytes large buffer, kernel writes 40 bytes. This has been first found and reported against libraw1394 if compiled with gcc 4.7 which happens to order libraw1394's stack such that the bug became visible as data corruption. 2) Information leak, affecting all kernel architectures except i386: 4 bytes of random kernel stack data were leaked to userspace. Hence limit the respective copy_to_user() to the 32-bit aligned size of struct fw_cdev_event_bus_reset. Reported-by: Simon Kirby <sim@hostway.ca> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-02firewire: ohci: fix too-early completion of IR multichannel buffersClemens Ladisch
commit 0c0efbacab8d70700d13301e0ae7975783c0cb0a upstream. handle_ir_buffer_fill() assumed that a completed descriptor would be indicated by a non-zero transfer_status (as in most other descriptors). However, this field is written by the controller as soon as (the end of) the first packet has been written into the buffer. As a consequence, if we happen to run into such a descriptor when the interrupt handler is executed after such a packet has completed, the descriptor would be taken out of the list of active descriptors as soon as the buffer had been partially filled, so the event for the buffer being completely filled would never be sent. To fix this, handle descriptors only when they have been completely filled, i.e., when res_count == 0. (This also matches the condition that is reported by the controller with an interrupt.) Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-03-19firewire: core: handle ack_busy when fetching the Config ROMStefan Richter
commit aaff12039ffd812d0c8bbff50b87b6f1f09bec3e upstream. Some older Panasonic made camcorders (Panasonic AG-EZ30 and NV-DX110, Grundig Scenos DLC 2000) reject requests with ack_busy_X if a request is sent immediately after they sent a response to a prior transaction. This causes firewire-core to fail probing of the camcorder with "giving up on config rom for node id ...". Consequently, programs like kino or dvgrab are unaware of the presence of a camcorder. Such transaction failures happen also with the ieee1394 driver stack (of the 2.4...2.6 kernel series until 2.6.36 inclusive) but with a lower likelihood, such that kino or dvgrab are generally able to use these camcorders via the older driver stack. The cause for firewire-ohci's or firewire-core's worse behavior is not yet known. Gap count optimization in firewire-core is not the cause. Perhaps the slightly higher latency of transaction completion in the older stack plays a role. (ieee1394: AR-resp DMA context tasklet -> packet completion ktread -> user process; firewire-core: tasklet -> user process.) This change introduces retries and delays after ack_busy_X into firewire-core's Config ROM reader, such that at least firewire-core's probing and /dev/fw* creation are successful. This still leaves the problem that userland processes are facing transaction failures. gscanbus's built-in retry routines deal with them successfully, but neither kino's nor dvgrab's do ever succeed. But at least DV capture with "dvgrab -noavc -card 0" works now. Live video preview in kino works too, but not actual capture. One way to prevent Configuration ROM reading failures in application programs is to modify libraw1394 to synthesize read responses by means of firewire-core's Configuration ROM cache. This would only leave CMP and FCP transaction failures as a potential problem source for applications. Reported-and-tested-by: Thomas Seilund <tps@netmaster.dk> Reported-and-tested-by: René Fritz <rene@colorcube.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-03-19firewire: cdev: fix 32 bit userland on 64 bit kernel compat corner casesStefan Richter
commit 9c1176b6a28850703ea6e3a0f0c703f6d6c61cd3 upstream. Clemens points out that we need to use compat_ptr() in order to safely cast from u64 to addresses of a 32-bit usermode client. Before, our conversion went wrong - in practice if the client cast from pointer to integer such that sign-extension happened, (libraw1394 and libdc1394 at least were not doing that, IOW were not affected) or - in theory on s390 (which doesn't have FireWire though) and on the tile architecture, regardless of what the client does. The bug would usually be observed as the initial get_info ioctl failing with "Bad address" (EFAULT). Reported-by: Carl Karsten <carl@personnelware.com> Reported-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-02-13firewire: ohci: disable MSI on Ricoh controllersStefan Richter
commit 320cfa6ce0b3dc794fedfa4bae54c0f65077234d upstream. The PCIe device FireWire (IEEE 1394) [0c00]: Ricoh Co Ltd FireWire Host Controller [1180:e832] (prog-if 10 [OHCI]) is unable to access attached FireWire devices when MSI is enabled but works if MSI is disabled. http://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg28251.html Hence add the "disable MSI" quirks flag for this device, or in fact for safety and simplicity for all current (R5U230, R5U231, R5U240) and future Ricoh PCIe 1394 controllers. Reported-by: Stefan Thomas <kontrapunktstefan@googlemail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-02-13firewire: ohci: add reset packet quirk for SB AudigyClemens Ladisch
commit d1bb399ad03c11e792f6dea198d3b1e23061f094 upstream. The Audigy's SB1394 controller is actually from Texas Instruments and has the same bus reset packet generation bug, so it needs the same quirk entry. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2011-10-25firewire: sbp2: fix panic after rmmod with slow targetsChris Boot
commit 0278ccd9d53e07c4e699432b2fed9de6c56f506c upstream. If firewire-sbp2 starts a login to a target that doesn't complete ORBs in a timely manner (and has to retry the login), and the module is removed before the operation times out, you end up with a null-pointer dereference and a kernel panic. [SR: This happens because sbp2_target_get/put() do not maintain module references. scsi_device_get/put() do, but at occasions like Chris describes one, nobody holds a reference to an SBP-2 sdev.] This patch cancels pending work for each unit in sbp2_remove(), which hopefully means there are no extra references around that prevent us from unloading. This fixes my crash. Signed-off-by: Chris Boot <bootc@bootc.net> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-10-03firewire: ohci: add no MSI quirk for O2Micro controllerMing Lei
commit f39aa30d7741f40ad964341e9243dbbd7f8ff057 upstream. This fixes https://bugs.launchpad.net/ubuntu/+source/linux/+bug/801719 . An O2Micro PCI Express FireWire controller, "FireWire (IEEE 1394) [0c00]: O2 Micro, Inc. Device [1217:11f7] (rev 05)" which is a combination device together with an SDHCI controller and some sort of storage controller, misses SBP-2 status writes from an attached FireWire HDD. This problem goes away if MSI is disabled for this FireWire controller. The device reportedly does not require QUIRK_CYCLE_TIMER. Signed-off-by: Ming Lei <ming.lei@canonical.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-08-04firewire: cdev: prevent race between first get_info ioctl and bus reset ↵Stefan Richter
event queuing commit 93b37905f70083d6143f5f4dba0a45cc64379a62 upstream. Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events to be read(2) by the client. The get_info ioctl is practically always issued right away after open, hence this condition only occurs if the client opens during a bus reset, especially during a rapid series of bus resets. The problem with this condition is twofold: - These bus reset events carry the (as yet undocumented) @closure value of 0. But it is not the kernel's place to choose closures; they are privat to the client. E.g., this 0 value forced from the kernel makes it unsafe for clients to dereference it as a pointer to a closure object without NULL pointer check. - It is impossible for clients to determine the relative order of bus reset events from get_info ioctl(2) versus those from read(2), except in one way: By comparison of closure values. Again, such a procedure imposes complexity on clients and reduces freedom in use of the bus reset closure. So, change the ABI to suppress queuing of bus reset events before the first FW_CDEV_IOC_GET_INFO ioctl was issued by the client. Note, this ABI change cannot be version-controlled. The kernel cannot distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO ioctl. We will try to back-merge this change into currently maintained stable/ longterm series, and we only document the new behaviour. The old behavior is now considered a kernel bug, which it basically is. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org>
2011-08-04firewire: cdev: return -ENOTTY for unimplemented ioctls, not -EINVALStefan Richter
commit d873d794235efa590ab3c94d5ee22bb1fab19ac4 upstream. On Jun 27 Linus Torvalds wrote: > The correct error code for "I don't understand this ioctl" is ENOTTY. > The naming may be odd, but you should think of that error value as a > "unrecognized ioctl number, you're feeding me random numbers that I > don't understand and I assume for historical reasons that you tried to > do some tty operation on me". [...] > The EINVAL thing goes way back, and is a disaster. It predates Linux > itself, as far as I can tell. You'll find lots of man-pages that have > this line in it: > > EINVAL Request or argp is not valid. > > and it shows up in POSIX etc. And sadly, it generally shows up > _before_ the line that says > > ENOTTY The specified request does not apply to the kind of object > that the descriptor d references. > > so a lot of people get to the EINVAL, and never even notice the ENOTTY. [...] > At least glibc (and hopefully other C libraries) use a _string_ that > makes much more sense: strerror(ENOTTY) is "Inappropriate ioctl for > device" So let's correct this in the <linux/firewire-cdev.h> ABI while it is still young, relative to distributor adoption. Side note: We return -ENOTTY not only on _IOC_TYPE or _IOC_NR mismatch, but also on _IOC_SIZE mismatch. An ioctl with an unsupported size of argument structure can be seen as an unsupported version of that ioctl. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-07-10firewire: ohci: do not bind to Pinnacle cards, avert panicStefan Richter
When firewire-ohci is bound to a Pinnacle MovieBoard, eventually a "Register access failure" is logged and an interrupt storm or a kernel panic happens. https://bugzilla.kernel.org/show_bug.cgi?id=36622 Until this is sorted out (if that is going to succeed at all), let's just prevent firewire-ohci from touching these devices. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org>
2011-05-10firewire: sbp2: parallelize login, reconnect, logoutStefan Richter
The struct sbp2_logical_unit.work items can all be executed in parallel but are not reentrant. Furthermore, reconnect or re-login work must be executed in a WQ_MEM_RECLAIM workqueue. Hence replace the old single-threaded firewire-sbp2 workqueue by a concurrency-managed but non-reentrant workqueue with rescuer. firewire-core already maintains one, hence use this one. In earlier versions of this change, I observed occasional failures of parallel INQUIRY to an Initio INIC-2430 FireWire 800 to dual IDE bridge. More testing indicates that parallel INQUIRY is not actually a problem, but too quick successions of logout and login + INQUIRY, e.g. a quick sequence of cable plugout and plugin, can result in failed INQUIRY. This does not seem to be something that should or could be addressed by serialization. Another dual-LU device to which I currently have access to, an OXUF924DSB FireWire 800 to dual SATA bridge with firmware from MacPower, has been successfully tested with this too. This change is beneficial to environments with two or more FireWire storage devices, especially if they are located on the same bus. Management tasks that should be performed as soon and as quickly as possible, especially reconnect, are no longer held up by tasks on other devices that may take a long time, especially login with INQUIRY and sd or sr driver probe. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-05-10firewire: sbp2: octlet AT payloads can be stack-allocatedStefan Richter
We do not need slab allocations for ORB pointer write transactions anymore in order to satisfy streaming DMA mapping constraints, thanks to commit da28947e7e36 "firewire: ohci: avoid separate DMA mapping for small AT payloads". (Besides, the slab-allocated buffers that firewire-sbp2 used to provide for 8-byte write requests were still not fully portable since they shared a cacheline with unrelated CPU-accessed data.) Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-05-10firewire: sbp2: omit Scsi_Host lock from queuecommandStefan Richter
firewire-sbp2 already takes care for internal serialization where required (ORB list accesses), and it does not use cmd->serial_number internally. Hence it is safe to not grab the shost lock around queuecommand. While we are at housekeeping, drop a redundant struct member: sbp2_command_orb.done is set once in a hot path and dereferenced once in a hot path. We can as well dereference sbp2_command_orb.cmd->scsi_done instead. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-05-10firewire: core: use non-reentrant workqueue with rescuerStefan Richter
firewire-core manages the following types of work items: fw_card.br_work: - resets the bus on a card and possibly sends a PHY packet before that - does not sleep for long or not at all - is scheduled via fw_schedule_bus_reset() by - firewire-ohci's pci_probe method - firewire-ohci's set_config_rom method, called by kernelspace protocol drivers and userspace drivers which add/remove Configuration ROM descriptors - userspace drivers which use the bus reset ioctl - itself if the last reset happened less than 2 seconds ago fw_card.bm_work: - performs bus management duties - usually does not (but may in corner cases) sleep for long - is scheduled via fw_schedule_bm_work() by - firewire-ohci's self-ID-complete IRQ handler tasklet - firewire-core's fw_device.work instances whenever the root node device was (successfully or unsuccessfully) discovered, refreshed, or rediscovered - itself in case of resource allocation failures or in order to obey the 125ms bus manager arbitration interval fw_device.work: - performs node probe, update, shutdown, revival, removal; including kernel driver probe, update, shutdown and bus reset notification to userspace drivers - usually sleeps moderately long, in corner cases very long - is scheduled by - firewire-ohci's self-ID-complete IRQ handler tasklet via the core's fw_node_event - firewire-ohci's pci_remove method via core's fw_destroy_nodes/ fw_node_event - itself during retries, e.g. while a node is powering up iso_resource.work: - accesses registers at the Isochronous Resource Manager node - usually does not (but may in corner cases) sleep for long - is scheduled via schedule_iso_resource() by - the owning userspace driver at addition and removal of the resource - firewire-core's fw_device.work instances after bus reset - itself in case of resource allocation if necessary to obey the 1000ms reallocation period after bus reset fw_card.br_work instances should not, and instances of the others must not, be executed in parallel by multiple CPUs -- but were not protected against that. Hence allocate a non-reentrant workqueue for them. fw_device.work may be used in the memory reclaim path in case of SBP-2 device updates. Hence we need a workqueue with rescuer and cannot use system_nrt_wq. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Reviewed-by: Tejun Heo <tj@kernel.org>
2011-05-10firewire: optimize iso queueing by setting wake only after the last packetClemens Ladisch
When queueing iso packets, the run time is dominated by the two MMIO accesses that set the DMA context's wake bit. Because most drivers submit packets in batches, we can save much time by removing all but the last wakeup. The internal kernel API is changed to require a call to fw_iso_context_queue_flush() after a batch of queued packets. The user space API does not change, so one call to FW_CDEV_IOC_QUEUE_ISO must specify multiple packets to take advantage of this optimization. In my measurements, this patch reduces the time needed to queue fifty skip packets from userspace to one sixth on a 2.5 GHz CPU, or to one third at 800 MHz. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-05-10firewire: octlet AT payloads can be stack-allocatedStefan Richter
We do not need slab allocations anymore in order to satisfy streaming DMA mapping constraints, thanks to commit da28947e7e36 "firewire: ohci: avoid separate DMA mapping for small AT payloads". (Besides, the slab-allocated buffers that firewire-core, firewire-sbp2, and firedtv used to provide for 8-byte write and lock requests were still not fully portable since they crossed cacheline boundaries or shared a cacheline with unrelated CPU-accessed data. snd-firewire-lib got this aspect right by using an extra kmalloc/ kfree just for the 8-byte transaction buffer.) This change replaces kmalloc'ed lock transaction scratch buffers in firewire-core, firedtv, and snd-firewire-lib by local stack allocations. Perhaps the most notable result of the change is simpler locking because there is no need to serialize usages of preallocated per-device buffers anymore. Also, allocations and deallocations are simpler. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Acked-by: Clemens Ladisch <clemens@ladisch.de>
2011-05-10Merge tag 'v2.6.39-rc7'Stefan Richter
in order to pull in changes in drivers/media/dvb/firewire/ and sound/firewire/.
2011-05-04Merge branch 'fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: Fix for broken configrom updates in quick succession
2011-05-02firewire: Fix for broken configrom updates in quick successionB.J. Buchalter
Current implementation of ohci_set_config_rom() uses a deferred bus reset via fw_schedule_bus_reset(). If clients add multiple unit descriptors to the config_rom in quick succession, the deferred bus reset may not have fired before succeeding update requests have come in. This can lead to an incorrect partial update of the config_rom for both addition and removal of config_rom descriptors, as the ohci_set_config_rom() routine will return -EBUSY if a previous pending update has not been completed yet; the requested update just gets dropped on the floor. This patch recognizes that the "in-flight" update can be modified until it has been processed by the bus-reset, and the locking in the bus_reset_tasklet ensures that the update is done atomically with respect to modifications made by ohci_set_config_rom(). The -EBUSY error case is simply removed. [Stefan R: The bug always existed at least theoretically. But it became easy to trigger since 2.6.36 commit 02d37bed188c "firewire: core: integrate software-forced bus resets with bus management" which introduced long mandatory delays between janitorial bus resets.] Signed-off-by: Benjamin Buchalter <bj@mhlabs.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (trivial style changes) Cc: <stable@kernel.org> # 2.6.36.y and newer
2011-04-19firewire: ohci: optimize find_branch_descriptor()Clemens Ladisch
When z==2, the condition "key == 2" is superfluous because it cannot occur without "b == 3", as a descriptor with b!=3 and key==2 would be an OUTPUT_MORE_IMMEDIATE descriptor which cannot be used alone. Also remove magic numbers and needless computations on the b field. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-04-19firewire: ohci: avoid separate DMA mapping for small AT payloadsClemens Ladisch
For AT packet payloads of up to eight bytes, we have enough unused space in the DMA descriptors list so that we can put a copy of the payload there and thus avoid having to create a separate streaming DMA mapping for the payload buffer. In a CPU-bound microbenchmark that just sends 8-byte packets, bandwidth was measured to increase by 5.7 %, from 1009 KB/s to 1067 KB/s. In practice, the only performance-sensitive usage of small asynchronous packets is the SBP-2 driver's write to the ORB_POINTER register during SCSI command submission. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-04-19firewire: ohci: do not start DMA contexts before link is enabledClemens Ladisch
OHCI 1.1 5.7.3 not only forbids enabling or starting any DMA contexts before the linkEnable bit is set, but also explicitly warns of undefined behaviour if this order is violated. Don't violate it then. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-03-31Fix common misspellingsLucas De Marchi
Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
2011-03-21Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: core: ignore link-active bit of new nodes, fix device recognition firewire: sbp2: revert obsolete 'fix stall with "Unsolicited response"' firewire: core: increase default SPLIT_TIMEOUT value firewire: ohci: Misleading kfree in ohci.c::pci_probe/remove firewire: ohci: omit IntEvent.busReset check rom AT queueing firewire: ohci: prevent starting of iso contexts with empty queue firewire: ohci: prevent iso completion callbacks after context stop firewire: core: rename some variables firewire: nosy: should work on Power Mac G4 PCI too firewire: core: fix card->reset_jiffies overflow firewire: cdev: remove unneeded reference firewire: cdev: always wait for outbound transactions to complete firewire: cdev: remove unneeded idr_find() from complete_transaction() firewire: ohci: log dead DMA contexts
2011-03-20firewire: core: ignore link-active bit of new nodes, fix device recognitionStefan Richter
Like the older ieee1394 core driver, firewire-core skipped scanning of any new node whose PHY sent a self ID without "link active" bit. If a device had this bit off mistakenly, it meant that it was inaccessible to kernel drivers with the old IEEE 1394 driver stack but could still be accessed by userspace drivers through the raw1394 interface. But with firewire-core, userspace drivers don't get to see such buggy devices anymore. This is effectively a driver regression since this device bug is otherwise harmless. We now attempt to scan all devices, even repeaters that don't have a link or powered-down devices that have everything but their PHY shut down when plugged in. This results in futile repeated scanning attempts in case of such devices that really don't have an active link, but this doesn't hurt since recent workqueue infrastructure lets us run more concurrent scanning jobs than we can shake a stick at. This should fix accessibility of Focusrite Saffire PRO 26 I/O: http://sourceforge.net/mailarchive/forum.php?thread_name=20110314215622.5c751bb0%40stein&forum_name=ffado-user Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-03-20firewire: sbp2: revert obsolete 'fix stall with "Unsolicited response"'Stefan Richter
Now that firewire-core sets the local node's SPLIT_TIMEOUT to 2 seconds per default, commit a481e97d3cdc40b9d58271675bd4f0abb79d4872 is no longer required. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-03-20firewire: core: increase default SPLIT_TIMEOUT valueClemens Ladisch
The SPLIT_TIMEOUT mechanism is intended to detect requests that somehow got lost. However, when the timeout value is too low, transactions that could have been completed successfully will be cancelled. Furthermore, there are chips whose firmwares ignore the configured split timeout and send late split response; known examples are the DM1x00 (BeBoB), TCD22x0 (DICE), and some OXUF936QSE firmwares. This patch changes the default timeout to two seconds, which happens to be the default on other OSes, too. Actual lost requests are extremely rare, so there should be no practical downside to increasing the split timeout even on devices that work correctly. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-03-15ALSA: add LaCie FireWire Speakers/Griffin FireWave Surround driverClemens Ladisch
Add a driver for two playback-only FireWire devices based on the OXFW970 chip. v2: better AMDTP API abstraction; fix fw_unit leak; small fixes v3: cache the iPCR value v4: FireWave constraints; fix fw_device reference counting; fix PCR caching; small changes and fixes v5: volume/mute support; fix crashing due to pcm stop races v6: fix build; one-channel volume for LaCie v7: use signed values to make volume (range checks) work; fix function block IDs for volume/mute; always use channel 0 for LaCie volume Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Tested-by: Jay Fenlason <fenlason@redhat.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-03-14firewire: ohci: Misleading kfree in ohci.c::pci_probe/removeOleg Drokin
It seems drivers/firewire/ohci.c is making some optimistic assumptions about struct fw_ohci and that member "card" will always remain the first member of the struct. Plus it's probably going to confuse a lot of static code analyzers too. So I wonder if there is a good reason not to free the ohci struct just like it was allocated instead of the tricky &ohci->card way? Signed-off-by: Oleg Drokin <green@linuxhacker.ru> It is perhaps just a rudiment from before mainline submission of the driver. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-03-14firewire: ohci: omit IntEvent.busReset check rom AT queueingStefan Richter
Since commit 82b662dc4102 "flush AT contexts after bus reset for OHCI 1.2", the driver takes care of any AT packets that were enqueued during a bus reset phase. The check from commit 76f73ca1b291 is therefore no longer necessary and the MMIO read can be avoided. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26firewire: ohci: prevent starting of iso contexts with empty queueClemens Ladisch
If a misguided program tried to start an isochronous context before it has queued any packets, the call would appear to succeed, but the context would not actually go into the running state, and the OHCI controller would then raise an unrecoverableError interrupt because the first Z value is zero and thus invalid. The driver logs such errors, but there is no mechanism to report this back to the program. Add an explicit check so that this error can be returned synchronously. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26firewire: ohci: prevent iso completion callbacks after context stopClemens Ladisch
To prevent the iso packet callback from being called after fw_iso_context_stop() has returned, make sure that the context's tasklet has finished executing before that. This fixes access-after-free bugs that have so far been observed only in the upcoming snd-firewire-speakers driver, but can theoretically also happen in the firedtv driver. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26firewire: core: rename some variablesClemens Ladisch
In manage_channel(), rename the variables "c" and "i" to the more expressive "bit" and "channel". Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-02-26firewire: nosy: should work on Power Mac G4 PCI tooStefan Richter
The first board generation of Power Mac G4 ("Yikes!", those with PCI graphics) still had a PCILynx controller like their G3 predecessors, but not the later AGP models. (Jonathan Woithe recalls to have heard of it, and some web sources reinforce it.) Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-23firewire: core: fix card->reset_jiffies overflowClemens Ladisch
On a 32-bit machine with, e.g., HZ=1000, jiffies will overflow after about 50 days, so if there are between 25 and 50 days between bus resets, the card->reset_jiffies comparisons can get wrong results. To fix this, ensure that this timestamp always uses 64 bits. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23firewire: cdev: remove unneeded referenceClemens Ladisch
For outbound transactions, the IDR's and the callback's references now have exactly the same lifetime, so we do not need both of them. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23firewire: cdev: always wait for outbound transactions to completeClemens Ladisch
We must not use fw_cancel_transaction() because it cannot correctly abort still-active transactions. The only place in core-cdev where this matters is when the file is released. Instead of trying to abort the transactions, we wait for them to complete normally, i.e., until all outbound transaction resources have been removed from the IDR tree. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23firewire: cdev: remove unneeded idr_find() from complete_transaction()Clemens Ladisch
Outbound transactions are never aborted with release_client_resource(), so it is not necessary for complete_transaction() to check whether the resource is still registered. Only shutdown_resource() can abort such an transaction, and this is already handled with the in_shutdown check. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: "Stefan Richter" <stefanr@s5r6.in-berlin.de>
2011-01-23firewire: ohci: log dead DMA contextsClemens Ladisch
When a DMA context goes into the dead state (and the controller thus stops working correctly), logging this error and the controller's error code might be helpful for debugging. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-21Merge branches 'fixes' and 'fwnet' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: core: fix unstable I/O with Canon camcorder * 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: net: is not experimental anymore firewire: net: invalidate ARP entries of removed nodes
2011-01-21firewire: net: is not experimental anymoreStefan Richter
thanks to Clemens' and Maxim's fixes to firewire-ohci and -net in the last two kernel releases. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-21firewire: net: invalidate ARP entries of removed nodesMaxim Levitsky
This makes it possible to resume communication with a node that dropped off the bus for a brief period. Otherwise communication will only be possible after ARP cache entry timeouts. Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (rebased)
2011-01-21firewire: core: fix unstable I/O with Canon camcorderStefan Richter
Regression since commit 10389536742c, "firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder": The camcorder Canon MV5i generates lots of bus resets when asynchronous requests are sent to it (e.g. Config ROM read requests or FCP Command write requests) if the camcorder is not root node. This causes drop- outs in videos or makes the camcorder entirely inaccessible. https://bugzilla.redhat.com/show_bug.cgi?id=633260 Fix this by allowing any Canon device, even if it is a pre-1394a IRM like MV5i are, to remain root node (if it is at least Cycle Master capable). With the FireWire controller cards that I tested, MV5i always becomes root node when plugged in and left to its own devices. Reported-by: Ralf Lange Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org> # 2.6.32.y and newer
2011-01-13firewire: ohci: fix compilation on arches without PAGE_KERNEL_ROClemens Ladisch
PAGE_KERNEL_RO is not available on all architectures, so its use in the new AR code broke compilation on sparc64. Because the read-only mapping was just a debugging aid, just use PAGE_KERNEL instead. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> James Bottomley wrote: > On Thu, 2011-01-13 at 08:27 +0100, Clemens Ladisch wrote: >> firewire: ohci: fix compilation on arches without PAGE_KERNEL_RO, e.g. sparc >> >> PAGE_KERNEL_RO is not available on all architectures, so its use in the >> new AR code broke compilation on sparc64. >> >> Because the R/O mapping is only used to catch drivers that try to write >> to the reception buffer and not actually required for correct operation, >> we can just use a normal PAGE_KERNEL mapping where _RO is not available. [...] >> +/* >> + * For archs where PAGE_KERNEL_RO is not supported; >> + * mapping the AR buffers readonly for the CPU is just a debugging aid. >> + */ >> +#ifndef PAGE_KERNEL_RO >> +#define PAGE_KERNEL_RO PAGE_KERNEL >> +#endif > > This might cause interesting issues on sparc64 if it ever acquired a > PAGE_KERNEL_RO. Sparc64 has extern pgprot_t for it's PAGE_KERNEL types > rather than #defines, so the #ifdef check wouldn't see this. > > I think either PAGE_PROT_RO becomes part of our arch API (so all > architectures are forced to add it), or, if it's not part of the API, > ohci isn't entitled to use it. The latter seems simplest since you have > no real use for write protection anyway. Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04firewire: use split transaction timeout only for split transactionsClemens Ladisch
Instead of starting the split transaction timeout timer when any request is submitted, start it only when the destination's ACK_PENDING has been received. This prevents us from using a timeout that is too short, and, if the controller's AT queue is emptying very slowly, from cancelling a packet that has not yet been sent. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04firewire: ohci: consolidate context status flagsStefan Richter
"firewire: ohci: restart iso DMA contexts on resume from low power mode" added the flag struct context.active and "firewire: ohci: cache the context run bit" added struct context.running. These flags contain the same information; combine them. Also, normalize whitespace in pci_resume(). Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04firewire: ohci: cache the context run bitClemens Ladisch
The DMA context run control bit is entirely controlled by software, so it is safe to cache it. This allows the driver to avoid doing an additional MMIO read when queueing an AT packet. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-01-04firewire: ohci: flush AT contexts after bus reset - addendumStefan Richter
Add comments - on why bus_reset_tasklet flushes AT queues, - that commit 76f73ca1b291 can possibly be reverted now. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Acked-by: Jarod Wilson <jarod@redhat.com>
2011-01-03firewire: ohci: flush AT contexts after bus reset for OHCI 1.2Clemens Ladisch
The OHCI 1.2 (draft) specification, clause 7.2.3.3, allows and recommends that, after a bus reset, the controller does not flush all the packets in the AT queues. Therefore, the driver has to do this itself. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>