Commit Graph

824 Commits

Author SHA1 Message Date
Linus Torvalds f78089e87e IEEE 1394 (FireWire) subsystem changes:
- fix controller removal when controller is in suspended state
   - fix video reception on VIA VT6306 with gstreamer, MythTV, and maybe dv4l
   - fix a startup issue with Agere/LSI FW643-e2
   - error logging improvements and other small updates
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJRi5gtAAoJEHnzb7JUXXnQKnAP/0TzrfuDeUY5pyIUt4Ce9emt
 8DGlMNRGSg6+VztSWQN23Heo9pvr3oWfQMtBcBsh6Jhj3ovXwXmpbhbledJxevJT
 iVofTMc/pTRlAGaNv+cEszFkOrnH9nqqDYs9sK8hibgNu7tNbivmzyG+tF7OsIIp
 aAjsFpTelKqgwo7LqTOLNvQoYx1HRTyQnp1OBa2gc76pXR1GLLuSjNlvh8b7ops5
 FCt7gmfpEzJ6U/+AWTU/QBdXdXNRzle9rwZil3d1y80qfej7+V+lGRKzuVDaZHRY
 C0t09SoYRop0m+UpnC3iXs5w0h09F4KKvRMfZ4m3sBmcRKYQeGkdKn2RRZn35hb9
 D1Oa6NhXbYw4vzvQPRWzvDqrwyOXNce/wCysQXbkBnaB05ojYzchU5KGSnoQUiBD
 G/TTLgmpiO4YPNxQgazeWesW+Y0gzd1alJvn6LPxRXTeRJLGZapYQxFZkJMkI2KU
 0hjBblF2xxLnGjy0SpxOGQNiSo2Gg6vyRkqlSXu9kKpk6h7aAGPn0eIVxjaI/aJ9
 qkqq7Qi2uPhn3y6SIO23/3tIULl+ws3+i9UzQEUtXlgFgowzOljbnkKnabjqIfl3
 OjkD3mEn0njz6mXQGsCV7MTPlUvST9ysvPi5PbkevBeLCBx8F9fiuNGdGFBqCIUb
 kHl3zh9YbyS4QtWRnpWb
 =f8Yl
 -----END PGP SIGNATURE-----

Merge tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394

Pull firewure updates from Stefan Richter:
  - fix controller removal when controller is in suspended state
  - fix video reception on VIA VT6306 with gstreamer, MythTV, and maybe dv4l
  - fix a startup issue with Agere/LSI FW643-e2
  - error logging improvements and other small updates

* tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: ohci: dump_stack() for PHY regs read/write failures
  firewire: ohci: Improve bus reset error messages
  firewire: ohci: Alias dev_* log functions
  firewire: ohci: Fix 'failed to read phy reg' on FW643 rev8
  firewire: ohci: fix VIA VT6306 video reception
  firewire: ohci: Check LPS before register access on pci removal
  firewire: ohci: Fix double free_irq()
  firewire: remove unnecessary alloc/OOM messages
  firewire: sbp2: replace BUG_ON by WARN_ON
  firewire: core: remove an always false test
  firewire: Remove two unneeded checks for macros
2013-05-09 10:11:48 -07:00
Peter Hurley 6fe9efb9c9 firewire: ohci: dump_stack() for PHY regs read/write failures
A stack trace is an invaluable tool in determining the basis
and cause of PHY regs read/write failures.

Include PHY reg addr (and value for writes) in the diagnostic.

[Stefan R:  changed whitespace]

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-30 20:30:16 +02:00
Peter Hurley 67672134aa firewire: ohci: Improve bus reset error messages
Many of the error messages possible from bus_reset_work() do not
contain enough information to distinguish which error condition
occurred nor enough information to evaluate the error afterwards.

Differentiate all error conditions in bus_reset_work(); add
additional information to make error diagnosis possible.

[Stefan R:  fixed self-ID endian conversion]

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-30 20:30:16 +02:00
Peter Hurley de97cb64a9 firewire: ohci: Alias dev_* log functions
Convert dev_xxxx(ohci->card.device, ...) log functions to
ohci_xxxx(ohci, ...).

[Stefan R:  Peter argues that this increases readability of the code.]
[Stefan R:  changed whitespace]

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-30 20:30:16 +02:00
Peter Hurley bd972688eb firewire: ohci: Fix 'failed to read phy reg' on FW643 rev8
With the LSI FW643 rev 8 [1], the first commanded bus reset at
the conclusion of ohci_enable() has been observed to fail with
the following messages:

[    4.884015] firewire_ohci 0000:01:00.0: failed to read phy reg
....
[    5.684012] firewire_ohci 0000:01:00.0: failed to read phy reg

With drivers/firewire/ohci.c instrumented, the error condition [2]
indicates the PHY arbitration state machine has timed out prior to
enabling PHY LCtrl.

Furthermore, instrumenting ohci_enable() shows that LPS has been
enabled within 1 ms.

Test LPS latching every 1 ms rather than every 50ms.

[1]  lspci -v

01:00.0 FireWire (IEEE 1394): LSI Corporation FW643 [TrueFire] PCIe 1394b Controller (rev 08) (prog-if 10 [OHCI])
	Subsystem: LSI Corporation FW643 [TrueFire] PCIe 1394b Controller
	Flags: bus master, fast devsel, latency 0, IRQ 92
	Memory at fbeff000 (64-bit, non-prefetchable) [size=4K]
	Capabilities: [44] Power Management version 3
	Capabilities: [4c] MSI: Enable+ Count=1/1 Maskable- 64bit+
	Capabilities: [60] Express Endpoint, MSI 00
	Capabilities: [100] Advanced Error Reporting
	Capabilities: [140] Virtual Channel
	Capabilities: [170] Device Serial Number 08-14-43-82-00-00-41-fc
	Kernel driver in use: firewire_ohci
	Kernel modules: firewire-ohci

[2] instrumented WARNING in read_phy_reg()

[    4.576010] ------------[ cut here ]------------
[    4.576035] WARNING: at ./drivers/firewire/ohci.c:570 read_phy_reg+0x93/0xe0 [firewire_ohci]()
[    4.576050] Hardware name: Precision WorkStation T5400
[    4.576058] failed to read phy reg:1 (phy(5) @ config enhance:19)
[    4.576068] Modules linked in: hid_logitech_dj hid_generic(+) usbhid <...snip...>
[    4.576140] Pid: 61, comm: kworker/2:1 Not tainted 3.8.0-2+fwtest-xeon #2+fwtest
[    4.576149] Call Trace:
[    4.576160]  [<ffffffff8105468f>] warn_slowpath_common+0x7f/0xc0
[    4.576168]  [<ffffffff81054786>] warn_slowpath_fmt+0x46/0x50
[    4.576178]  [<ffffffffa00caca3>] read_phy_reg+0x93/0xe0 [firewire_ohci]
[    4.576188]  [<ffffffffa00cae19>] ohci_read_phy_reg+0x39/0x60 [firewire_ohci]
[    4.576203]  [<ffffffffa00731ff>] fw_send_phy_config+0xbf/0xe0 [firewire_core]
[    4.576214]  [<ffffffffa006b2d6>] br_work+0x46/0xb0 [firewire_core]
[    4.576225]  [<ffffffff81071e0c>] process_one_work+0x13c/0x500
[    4.576238]  [<ffffffffa006b290>] ? fw_card_initialize+0x180/0x180 [firewire_core]
[    4.576248]  [<ffffffff810737ed>] worker_thread+0x16d/0x470
[    4.576257]  [<ffffffff81073680>] ? busy_worker_rebind_fn+0x100/0x100
[    4.576266]  [<ffffffff8107d160>] kthread+0xc0/0xd0
[    4.576275]  [<ffffffff816a0000>] ? pcpu_dump_alloc_info+0x1cb/0x2c4
[    4.576284]  [<ffffffff8107d0a0>] ? kthread_create_on_node+0x130/0x130
[    4.576297]  [<ffffffff816b2f6c>] ret_from_fork+0x7c/0xb0
[    4.576305]  [<ffffffff8107d0a0>] ? kthread_create_on_node+0x130/0x130
[    4.576313] ---[ end trace cbc940994b300302 ]---

[Stefan R:  Peter also reports a change of behavior with LSI FW323.
Before the patch, there would often occur a lock transaction failure
during firewire-core startup:
[    6.056022] firewire_core 0000:07:06.0: BM lock failed (timeout), making local node (ffc0) root
This failure no longer happens after the patch, without an obvious
reason for the failure or the fix.]

[Stefan R:  Added quirk flag, quirk table entry, and comment.]

Reported-by: Tim Jordan <tim@insipid.org.uk>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-30 20:30:15 +02:00
Andy Leiserson be8dcab942 firewire: ohci: fix VIA VT6306 video reception
Add quirk for VT6306 wake bit behavior.

VT6306 seems to reread the wrong descriptor when the wake bit is
written. work around by putting a copy of the branch address in the
first descriptor of the block.

[Stefan R:  This fixes the known broken video reception via gstreamer
on VIA VT6306.  100% repeatable testcase:
$ gst-launch-0.10 dv1394src \! dvdemux \! dvdec \! xvimagesink
with a camcorder or other DV source connected.  Likewise for MPEG2-TS
reception via gstreamer, e.g. from TV settop boxes.
Perhaps this also fixes dv4l on VT6306, but this is as yet untested.
Kino, dvgrab or FFADO had not been affected by this chip quirk.
Additional comments from Andy:]

I've looked into some problems with the wake bit on a vt6306 family
chip (1106:3044, rev 46).

I used this firewire card in a mythtv setup (ISO receive MPEG2 stream)
with Debian 2.6.32 kernels for ~2 years without problems.

Since upgrading to 3.2, I've been having problems with the input stream
freezing -- input data stops until I restart mythtv (I expect closing
and reopening the device would be sufficient). This happens
infrequently, maybe one out of 20 recordings. I eventually determined
that the problem is more likely to occur if the system is loaded.

I isolated the kernel version as the triggering SW factor and then
specifically the change from dualbuffer back to packet-per-buffer DMA
mode.

The possibility that the controller does not properly respond to the
wake bit was suggested in
https://bugzilla.redhat.com/show_bug.cgi?id=415841, but not proven.

Based on the fact that dualbuffer mode worked while packet-per-buffer
has trouble, I guessed that upon seeing the wake bit written, the vt6306
controller only checks the branch address in the first descriptor of the
block, even if that is not the correct place to look (because the block
has multiple descriptors).

This theory seems to be correct. When the ISO reception is hung, I am
able to resume it by manually writing the branch address to the first
descriptor in the block, and then writing the wake bit.

I've had luck so far with the attached patch, so I'm including it. It's
probably not a complete solution -- I haven't tested transmit modes to
see whether they have a similar issue.

I doubt that the quirk test is any cheaper than just writing the extra
branch address in all cases, but it does reduce the risk of breaking
other hardware.

[Stefan R:  omitted QUIRK_NO_MSI from VT6306 quirks table entry,
changed whitespace]

Signed-off-by: Andy Leiserson <andy@leiserson.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:44 +02:00
Peter Hurley 8db491490b firewire: ohci: Check LPS before register access on pci removal
A pci device can be removed while in its suspended state. If the ohci
host controller is suspended, the PHY is also in low-power mode and
LPS is disabled. If LPS is disabled, most of the host registers aren't
accessible, including IntMaskClear. Furthermore, access to these registers
when LPS is disabled can cause hard lockups on some hardware. Since
interrupts are already disabled in this mode, further action is
unnecessary.

Test LPS before attempting to write IntMaskClear to disable interrupts.

[Stefan R: whitespace changes]

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:44 +02:00
Peter Hurley 247fd50b59 firewire: ohci: Fix double free_irq()
A pci device can be removed while in its suspended state.
Because the ohci driver freed the irq to suspend, free_irq() is
called twice; once from pci_remove() and again from pci_suspend(),
which issues the warning below [1].

Rather than allocate the irq in the .enable() path, move the
allocation to .probe(). Consequently, the irq is not reallocated
upon pci_resume() and thus is not freed upon pci_suspend().

[1] Warning reported by Mark Einon <mark.einon@gmail.com> when
suspending an MSI MS-1727 GT740 laptop on Ubuntu 3.5.0-22-generic

WARNING: at ./kernel/irq/manage.c:1198 __free_irq+0xa3/0x1e0()
Hardware name: MS-1727
Trying to free already-free IRQ 16
Modules linked in: ip6table_filter ip6_tables ebtable_nat ebtables <...snip...>
Pid: 4, comm: kworker/0:0 Tainted: P           O 3.5.0-22-generic #34-Ubuntu
Call Trace:
 [<ffffffff81051c1f>] warn_slowpath_common+0x7f/0xc0
 [<ffffffff81051d16>] warn_slowpath_fmt+0x46/0x50
 [<ffffffff8103fa39>] ? default_spin_lock_flags+0x9/0x10
 [<ffffffff810df6b3>] __free_irq+0xa3/0x1e0
 [<ffffffff810df844>] free_irq+0x54/0xc0
 [<ffffffffa005a27e>] pci_remove+0x6e/0x210 [firewire_ohci]
 [<ffffffff8135ae7f>] pci_device_remove+0x3f/0x110
 [<ffffffff8141fdbc>] __device_release_driver+0x7c/0xe0
 [<ffffffff8141fe4c>] device_release_driver+0x2c/0x40
 [<ffffffff8141f5f1>] bus_remove_device+0xe1/0x120
 [<ffffffff8141cd1a>] device_del+0x12a/0x1c0
 [<ffffffff8141cdc6>] device_unregister+0x16/0x30
 [<ffffffff81354784>] pci_stop_bus_device+0x94/0xa0
 [<ffffffffa0091c67>] acpiphp_disable_slot+0xb7/0x1a0 [acpiphp]
 [<ffffffffa0090716>] ? get_slot_status+0x46/0xc0 [acpiphp]
 [<ffffffffa0091d7d>] acpiphp_check_bridge.isra.15+0x2d/0xf0 [acpiphp]
 [<ffffffffa0092442>] _handle_hotplug_event_bridge+0x372/0x4d0 [acpiphp]
 [<ffffffff81390f8c>] ? acpi_os_execute_deferred+0x2f/0x34
 [<ffffffff8116e22d>] ? kfree+0xed/0x110
 [<ffffffff8107086a>] process_one_work+0x12a/0x420
 [<ffffffffa00920d0>] ? _handle_hotplug_event_func+0x1d0/0x1d0 [acpiphp]
 [<ffffffff8107141e>] worker_thread+0x12e/0x2f0
 [<ffffffff810712f0>] ? manage_workers.isra.26+0x200/0x200
 [<ffffffff81075f13>] kthread+0x93/0xa0
 [<ffffffff8168d024>] kernel_thread_helper+0x4/0x10
 [<ffffffff81075e80>] ? kthread_freezable_should_stop+0x70/0x70
 [<ffffffff8168d020>] ? gs_change+0x13/0x13

Reported-by: Mark Einon <mark.einon@gmail.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:44 +02:00
Stefan Richter cfb0c9d1ff firewire: remove unnecessary alloc/OOM messages
These are redundant to log messages from the mm core.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:44 +02:00
Stefan Richter d6c8cefc69 firewire: sbp2: replace BUG_ON by WARN_ON
No need to crash and burn if S/G element sizes cannot be set to our
liking; just leave a message in the log.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:44 +02:00
Stefan Richter bdabfa5463 firewire: core: remove an always false test
struct fw_cdev_allocate_iso_resource.bandwidth is unsigned.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:43 +02:00
Paul Bolle df7ce66363 firewire: Remove two unneeded checks for macros
The old IEEE 1394 driver stack was removed in v2.6.37. That made the
checks for two Kconfig (module) macros unneeded, since they will now
always evaluate to true. Remove these two checks.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-04-28 23:36:43 +02:00
Simon Horman e5c5d22e8d net: add ETH_P_802_3_MIN
Add a new constant ETH_P_802_3_MIN, the minimum ethernet type for
an 802.3 frame. Frames with a lower value in the ethernet type field
are Ethernet II.

Also update all the users of this value that David Miller and
I could find to use the new constant.

Also correct a bug in util.c. The comparison with ETH_P_802_3_MIN
should be >= not >.

As suggested by Jesse Gross.

Compile tested only.

Cc: David Miller <davem@davemloft.net>
Cc: Jesse Gross <jesse@nicira.com>
Cc: Karsten Keil <isdn@linux-pingi.de>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Bart De Schuymer <bart.de.schuymer@pandora.be>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Gustavo Padovan <gustavo@padovan.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: linux-bluetooth@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
Cc: bridge@lists.linux-foundation.org
Cc: linux-wireless@vger.kernel.org
Cc: linux1394-devel@lists.sourceforge.net
Cc: linux-media@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: dev@openvswitch.org
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-28 01:20:42 -04:00
YOSHIFUJI Hideaki / 吉藤英明 cb6bf35502 firewire net, ipv6: IPv6 over Firewire (RFC3146) support.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki / 吉藤英明 6752c8db8e firewire net, ipv4 arp: Extend hardware address and remove driver-level packet inspection.
Inspection of upper layer protocol is considered harmful, especially
if it is about ARP or other stateful upper layer protocol; driver
cannot (and should not) have full state of them.

IPv4 over Firewire module used to inspect ARP (both in sending path
and in receiving path), and record peer's GUID, max packet size, max
speed and fifo address.  This patch removes such inspection by extending
our "hardware address" definition to include other information as well:
max packet size, max speed and fifo.  By doing this, The neighbour
module in networking subsystem can cache them.

Note: As we have started ignoring sspd and max_rec in ARP/NDP, those
      information will not be used in the driver when sending.

When a packet is being sent, the IP layer fills our pseudo header with
the extended "hardware address", including GUID and fifo.  The driver
can look-up node-id (the real but rather volatile low-level address)
by GUID, and then the module can send the packet to the wire using
parameters provided in the extendedn hardware address.

This approach is realistic because IP over IEEE1394 (RFC2734) and IPv6
over IEEE1394 (RFC3146) share same "hardware address" format
in their address resolution protocols.

Here, extended "hardware address" is defined as follows:

union fwnet_hwaddr {
	u8 u[16];
	struct {
		__be64 uniq_id;		/* EUI-64			*/
		u8 max_rec;		/* max packet size		*/
		u8 sspd;		/* max speed			*/
		__be16 fifo_hi;		/* hi 16bits of FIFO addr	*/
		__be32 fifo_lo;		/* lo 32bits of FIFO addr	*/
	} __packed uc;
};

Note that Hardware address is declared as union, so that we can map full
IP address into this, when implementing MCAP (Multicast Cannel Allocation
Protocol) for IPv6, but IP and ARP subsystem do not need to know this
format in detail.

One difference between original ARP (RFC826) and 1394 ARP (RFC2734)
is that 1394 ARP Request/Reply do not contain the target hardware address
field (aka ar$tha).  This difference is handled in the ARP subsystem.

CC: Stephan Gatzka <stephan.gatzka@gmail.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki / 吉藤英明 61a7839a19 firewire net: Ignore spd and max_payload advertised by ARP.
Stefan Richter <stefanr@s5r6.in-berlin.de> says:
| As far as I can tell, it would be best to ignore max_rec and sspd from ARP
| and NDP but keep using the respective information from firewire-core
| instead (handed over by fwnet_probe()).
|
| Why?  As I noted earlier, RFC 2734:1999 and RFC 3146:2001 were apparently
| written with a too simplistic notion of IEEE 1394 bus topology, resulting
| in max_rec and sspd in ARP-1394 and NDP-1394 to be useless, IMO.
|
| Consider a bus like this:
|
|     A ---- B ==== C
|
| A, B, C are all IP-over-1394 capable nodes.  ---- is an S400 cable hop,
| and ==== is an S800 cable hop.
|
| In case of unicasts or multicasts in which node A is involved as
| transmitter or receiver, as well as in case of broadcasts, the speeds
| S100, S200, S400 work and speed S400 is optimal.
|
| In case of anything else, IOW in case of unicasts or multicasts in which
| only nodes B and C are involved, the speeds S100, S200, S400, S800 work
| and speed S800 is optimal.
|
| Clearly, node A should indicate sspd = S400 in its ARP or NDP packets.
| But which sspd should nodes B and C set there?  Maybe they set S400, which
| would work but would waste half of the available bandwidth in the second
| case.  Or maybe they set S800, which is OK in the second case but would
| prohibit any communication with node A if blindly taken for correct.
|
| On the other hand, firewire-core *always* gives us the correct and optimum
| peer-to-peer speed and asynchronous packet payload, no matter how simple
| or complex the bus topology is and no matter in which temporal order nodes
| join the bus and are discovered.

CC: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki / 吉藤英明 382c4b4090 firewire net: Allocate address handler before registering net_device.
Allocate FIFO address before registering net_device.
This is preparation to change the pseudo hardware address format
for firewire devices to include the offset of the FIFO for receipt
of unicast datagrams, instead of mangling ARP/NDP messages in the
driver layer.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki / 吉藤英明 021b97e469 firewire net: Send L2 multicast via GASP.
Send L2 multicast packet via GASP (Global asynchronous stream packet) by
seeing the multicast bit in the L2 hardware address, not by seeing upper-
layer protocol address.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki / 吉藤英明 18406d7e42 firewire net: Accept IPv4 and ARP only.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-26 12:32:13 -04:00
YOSHIFUJI Hideaki 8559e7f069 firewire net: Release broadcast/fifo resources on ifdown.
Since those resources are allocated on ifup, relsase them on ifdown.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:12 +01:00
YOSHIFUJI Hideaki 111534cd7a firewire net: Introduce fwnet_broadcast_stop() to destroy broadcast resources.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:12 +01:00
YOSHIFUJI Hideaki eac31d58ca firewire net: Allocate dev->broadcast_rcv_buffer_ptrs early.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:12 +01:00
YOSHIFUJI Hideaki d9d2b484e0 firewire net: Fix leakage of kmap for broadcast receive buffer.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:12 +01:00
YOSHIFUJI Hideaki f2090594dd firewire net: Omit checking dev->broadcast_rcv_context in fwnet_broadcast_start().
dev->broadcast_rcv_context is always non-NULL if dev->broadcast_state is
not FWNET_BROADCAST_ERROR.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:11 +01:00
YOSHIFUJI Hideaki f60bac4bc9 firewire net: Clear dev->broadcast_rcv_context and dev->broadcast_state after destruction of context.
Clear dev->broadcast_rcv_context to NULL and set dev->broadcast_state
to FWNET_BROADCAST_ERROR after descruction of broadcast context.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:11 +01:00
YOSHIFUJI Hideaki 48a8406f5b firewire net: Fix memory leakage in fwnet_remove().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:11 +01:00
YOSHIFUJI Hideaki 2fbd8dfee1 firewire net: Check dev->broadcast_state inside fwnet_broadcast_start().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:11 +01:00
YOSHIFUJI Hideaki b9a8871ac2 firewire net: Setup broadcast and local fifo independently.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:11 +01:00
YOSHIFUJI Hideaki 9d39c90abc firewire net: Introduce fwnet_fifo_{start, stop}() helpers.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:10 +01:00
YOSHIFUJI Hideaki 5104a03d7d firewire net: No need to reset dev->local_fifo after failure of fw_core_add_address_handler().
fwnet_broadcast_start() try to register address handler at first
if it was not registered yet; dev->local_fifo ==
FWNET_NO_FIFO_ADDR.

Since dev->local_info not changed if fw_core_add_address_hander()
has failed, we do not need to set dev->local_info to
FWNET_NO_FIFO_ADDR.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2013-03-13 16:11:10 +01:00
Tejun Heo 37b61890d7 firewire: convert to idr_alloc()
Convert to the much saner new idr interface.

v2: Stefan pointed out that add_client_resource() may be called from
    non-process context.  Preload iff @gfp_mask contains __GFP_WAIT.
    Also updated to include minor upper limit check.

[tim.gardner@canonical.com: fix accidentally orphaned 'minor'[
Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:15 -08:00
Tejun Heo 3bec60d511 firewire: add minor number range check to fw_device_init()
fw_device_init() didn't check whether the allocated minor number isn't
too large.  Fail if it goes overflows MINORBITS.

Signed-off-by: Tejun Heo <tj@kernel.org>
Suggested-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:15 -08:00
Tejun Heo 748689d40c firewire: don't use idr_remove_all()
idr_destroy() can destroy idr by itself and idr_remove_all() is being
deprecated.  Drop its usage.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-27 19:10:13 -08:00
Linus Torvalds 9afa3195b9 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial tree from Jiri Kosina:
 "Assorted tiny fixes queued in trivial tree"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (22 commits)
  DocBook: update EXPORT_SYMBOL entry to point at export.h
  Documentation: update top level 00-INDEX file with new additions
  ARM: at91/ide: remove unsused at91-ide Kconfig entry
  percpu_counter.h: comment code for better readability
  x86, efi: fix comment typo in head_32.S
  IB: cxgb3: delay freeing mem untill entirely done with it
  net: mvneta: remove unneeded version.h include
  time: x86: report_lost_ticks doesn't exist any more
  pcmcia: avoid static analysis complaint about use-after-free
  fs/jfs: Fix typo in comment : 'how may' -> 'how many'
  of: add missing documentation for of_platform_populate()
  btrfs: remove unnecessary cur_trans set before goto loop in join_transaction
  sound: soc: Fix typo in sound/codecs
  treewide: Fix typo in various drivers
  btrfs: fix comment typos
  Update ibmvscsi module name in Kconfig.
  powerpc: fix typo (utilties -> utilities)
  of: fix spelling mistake in comment
  h8300: Fix home page URL in h8300/README
  xtensa: Fix home page URL in Kconfig
  ...
2013-02-21 17:40:58 -08:00
Jiri Kosina 617677295b Merge branch 'master' into for-next
Conflicts:
	drivers/devfreq/exynos4_bus.c

Sync with Linus' tree to be able to apply patches that are
against newer code (mvneta).
2013-01-29 10:48:30 +01:00
YOSHIFUJI Hideaki / 吉藤英明 825863408a firewire net: Use LL_RESERVED_SPACE(), HH_DATA_OFF().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-20 23:16:03 -05:00
YOSHIFUJI Hideaki / 吉藤英明 b577d7e2ad firewire net: Ensure checksumming in upper layer.
It is wrong to set skb->ip_summed to CHECKSUM_UNNECESSARY unless
the device has already checked it.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-01-20 23:16:03 -05:00
Masanari Iida 8a168ca707 treewide: Fix typo in various drivers
Correct spelling typo in printk within various drivers.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-01-09 11:43:32 +01:00
Linus Torvalds a2013a13e6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial branch from Jiri Kosina:
 "Usual stuff -- comment/printk typo fixes, documentation updates, dead
  code elimination."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
  HOWTO: fix double words typo
  x86 mtrr: fix comment typo in mtrr_bp_init
  propagate name change to comments in kernel source
  doc: Update the name of profiling based on sysfs
  treewide: Fix typos in various drivers
  treewide: Fix typos in various Kconfig
  wireless: mwifiex: Fix typo in wireless/mwifiex driver
  messages: i2o: Fix typo in messages/i2o
  scripts/kernel-doc: check that non-void fcts describe their return value
  Kernel-doc: Convention: Use a "Return" section to describe return values
  radeon: Fix typo and copy/paste error in comments
  doc: Remove unnecessary declarations from Documentation/accounting/getdelays.c
  various: Fix spelling of "asynchronous" in comments.
  Fix misspellings of "whether" in comments.
  eisa: Fix spelling of "asynchronous".
  various: Fix spelling of "registered" in comments.
  doc: fix quite a few typos within Documentation
  target: iscsi: fix comment typos in target/iscsi drivers
  treewide: fix typo of "suport" in various comments and Kconfig
  treewide: fix typo of "suppport" in various comments
  ...
2012-12-13 12:00:02 -08:00
Linus Torvalds dadfab4873 IEEE 1394 (FireWire) subsystem updates:
- IPv4-over-1394: fixes for broadcast and multicast
   - SBP-2: allow thin-provisioning related commands
   - trivia
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJQyPUwAAoJEHnzb7JUXXnQ9/cQAMOpU1VJ08h4HzxlhEgiFKK/
 5iYONLuYXmervb7RKTgcFCKUq1ix0B+5DFTaZcArhWThKX+2JF537QJ1AsqsgivW
 y4zlG5glJ9q99FXoSKtheY1PHRnLEFbkcs2BkaPeM0Is4yg5gIVDquewZAILpOxo
 T+2en4HeKz3dBmwtNWQc6peGURYmfQZkQjE5dU7ZwBlaZvDm5mt6+8hDI+CmxCgk
 qAWYEOg3h1EX5utV4jimOQANkbcVP1AFg6AGzWcEMmcepUXoI9sVJFhm/bM6Ly+H
 4e8A8TZc6McxT0bnFaZnG+oZ/MlSBfkE6OP4yM+fhyw6NwW94qtZfhR8JpkX3LJ5
 RQx5xKy0lbf0ZYB2JuX15y0azYtrzkDx1fCBIFkj0CE/FT17fC7SgGTLKn3NVz2I
 RoSAsR+UzZuQZ4NMXR8x5f3CElz8wJTgagxNnU2kQBOvt+xoF3rGkYCk/NOv/3ob
 U3Bu3emzMp4i4dS2KHrhA0b0nFsZIzlysiL4ORsBYQqvAEhAO4AteJ2tFKEW8vyJ
 iuoLNAlFS0MmcWJzRouHA2geN2XH+Y1la5i090fsg855WCAvi/V4PD9+EewBAX0+
 rmv3qcDJkNzHZGOT0RZkLjmfP+WhpiZ+QYjLN4IHQJd5UgyhFnQU1fODdFqwqDNx
 /LF35POVU1e5oH8h68U5
 =G3d3
 -----END PGP SIGNATURE-----

Merge tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394

Pull IEEE 1394 (FireWire) subsystem updates from Stefan Richter:
  - IPv4-over-1394: fixes for broadcast and multicast
  - SBP-2: allow thin-provisioning related commands
  - trivia

* tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
  firewire: net: remove unused variable in fwnet_receive_broadcast()
  firewire: net: Fix handling of fragmented multicast/broadcast packets.
  firewire: sbp2: allow WRITE SAME and REPORT SUPPORTED OPERATION CODES
  tools/firewire: nosy-dump: check for allocation failure
2012-12-13 11:59:27 -08:00
Linus Torvalds cff2f741b8 Driver core updates for 3.8-rc1
Here's the large driver core updates for 3.8-rc1.
 
 The biggest thing here is the various __dev* marking removals.  This is
 going to be a pain for the merge with different subsystem trees, I know,
 but all of the patches included here have been ACKed by their various
 subsystem maintainers, as they wanted them to go through here.
 
 If this is too much of a pain, I can pull all of them out of this tree
 and just send you one with the other fixes/updates and then, after
 3.8-rc1 is out, do the rest of the removals to ensure we catch them all,
 it's up to you.  The merges should all be trivial, and Stephen has been
 doing them all in linux-next for a few weeks now quite easily.
 
 Other than the __dev* marking removals, there's nothing major here, some
 firmware loading updates and other minor things in the driver core.
 
 All of these have (much to Stephen's annoyance), been in linux-next for
 a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iEYEABECAAYFAlDHkPkACgkQMUfUDdst+ykaWgCfW7AM30cv0nzoVO08ax6KjlG1
 KVYAn3z/KYazvp4B6LMvrW9y0G34Wmad
 =yvVr
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-3.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core updates from Greg Kroah-Hartman:
 "Here's the large driver core updates for 3.8-rc1.

  The biggest thing here is the various __dev* marking removals.  This
  is going to be a pain for the merge with different subsystem trees, I
  know, but all of the patches included here have been ACKed by their
  various subsystem maintainers, as they wanted them to go through here.

  If this is too much of a pain, I can pull all of them out of this tree
  and just send you one with the other fixes/updates and then, after
  3.8-rc1 is out, do the rest of the removals to ensure we catch them
  all, it's up to you.  The merges should all be trivial, and Stephen
  has been doing them all in linux-next for a few weeks now quite
  easily.

  Other than the __dev* marking removals, there's nothing major here,
  some firmware loading updates and other minor things in the driver
  core.

  All of these have (much to Stephen's annoyance), been in linux-next
  for a while.

  Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"

Fixed up trivial conflicts in drivers/gpio/gpio-{em,stmpe}.c due to gpio
update.

* tag 'driver-core-3.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (93 commits)
  modpost.c: Stop checking __dev* section mismatches
  init.h: Remove __dev* sections from the kernel
  acpi: remove use of __devinit
  PCI: Remove __dev* markings
  PCI: Always build setup-bus when PCI is enabled
  PCI: Move pci_uevent into pci-driver.c
  PCI: Remove CONFIG_HOTPLUG ifdefs
  unicore32/PCI: Remove CONFIG_HOTPLUG ifdefs
  sh/PCI: Remove CONFIG_HOTPLUG ifdefs
  powerpc/PCI: Remove CONFIG_HOTPLUG ifdefs
  mips/PCI: Remove CONFIG_HOTPLUG ifdefs
  microblaze/PCI: Remove CONFIG_HOTPLUG ifdefs
  dma: remove use of __devinit
  dma: remove use of __devexit_p
  firewire: remove use of __devinitdata
  firewire: remove use of __devinit
  leds: remove use of __devexit
  leds: remove use of __devinit
  leds: remove use of __devexit_p
  mmc: remove use of __devexit
  ...
2012-12-11 13:13:55 -08:00
Wei Yongjun db2cad2f55 firewire: net: remove unused variable in fwnet_receive_broadcast()
The variable card is initialized but never used
otherwise, so remove the unused variable.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2012-12-03 14:45:54 +01:00
Stephan Gatzka 9d23734209 firewire: net: Fix handling of fragmented multicast/broadcast packets.
This patch fixes both the transmit and receive portion of sending
fragmented mutlicast and broadcast packets.

The transmit section was broken because the offset for INTFRAG and
LASTFRAG packets were just miscalculated by IEEE1394_GASP_HDR_SIZE (which
was reserved with skb_push() in fwnet_send_packet).

The receive section was broken because in fwnet_incoming_packet is a call
to fwnet_peer_find_by_node_id(). Called with generation == -1 it will
not find a peer and the partial datagrams are associated to a peer.

[Stefan R:  The fix to use context->card->generation is not perfect.
It relies on the IR tasklet which processes packets from the prior bus
generation to run before the self-ID-complete worklet which sets the
current card generation.  Alas, there is no simple way of a race-free
implementation.  Let's do it this way for now.]

Signed-off-by: Stephan Gatzka <stephan.gatzka@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2012-12-02 20:10:18 +01:00
Stefan Richter b0ea5f19d3 firewire: sbp2: allow WRITE SAME and REPORT SUPPORTED OPERATION CODES
The commits
    3c6bdaeab4 "[SCSI] Add a report opcode helper"
    5db44863b6 "[SCSI] sd: Implement support for WRITE SAME"
introduced in-kernel uses of the mentioned commands but cautiously
blacklisted them for any IEEE 1394 (SBP-2/3) targets and some other
transports.

I looked through a range of SBP devices and found that the blacklist
flags can be removed:

The kernel never attempts these commands if the device's INQUIRY
data claim a SCSI revision of less than 0x05.  This is the case with
all SBP devices that I checked, except for three more recent devices
which claimed a revision of 0x05 i.e. conformance with SPC-3 (two
devices based on the OXUF936QSE chip but having different firmwares,
one based on OXUF934DSB.)

I tried "sg_opcodes" from sg3_utils on several older and newer devices
and did not encounter any apparent firmware bugs with it.  All devices
returned Illegal Request/ Invalid command operation code and carried on.
I furthermore tried "sg_write_same -U" on the OXUF934DSB device with the
same result.  Alas I did not have a TRIM enabled SSD available for these
tests.  All of the bridges were correctly identified by the kernel as
"fully provisioned", CD-ROM devices aside.

The kernel won't issue WRITE SAME to fully provisioned devices, nor
would it attempt REPORT SUPPORTED OPERATION CODES or WRITE SAME with
UNMAP bit on devices which do not claim conformance to SPC-3 or later.

Hence let's remove the no_report_opcodes and no_write_same blacklist
flags so that these commands can be used on newer targets with
respective capabilities.  I guess the Linux sbp-target could be such a
target.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2012-12-02 20:10:18 +01:00
Bill Pemberton 7eeb741895 firewire: remove use of __devinitdata
CONFIG_HOTPLUG is going away as an option so __devinitdata is no
longer needed.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28 12:40:42 -08:00
Bill Pemberton 03f94c0f62 firewire: remove use of __devinit
CONFIG_HOTPLUG is going away as an option so __devinit is no longer
needed.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-11-28 12:40:42 -08:00
Adam Buchbinder b3834be5c4 various: Fix spelling of "asynchronous" in comments.
"Asynchronous" is misspelled in some comments. No code changes.

Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-11-19 14:32:13 +01:00
Martin K. Petersen 5db44863b6 [SCSI] sd: Implement support for WRITE SAME
Implement support for WRITE SAME(10) and WRITE SAME(16) in the SCSI disk
driver.

 - We set the default maximum to 0xFFFF because there are several
   devices out there that only support two-byte block counts even with
   WRITE SAME(16). We only enable transfers bigger than 0xFFFF if the
   device explicitly reports MAXIMUM WRITE SAME LENGTH in the BLOCK
   LIMITS VPD.

 - max_write_same_blocks can be overriden per-device basis in sysfs.

 - The UNMAP discovery heuristics remain unchanged but the discard
   limits are tweaked to match the "real" WRITE SAME commands.

 - In the error handling logic we now distinguish between WRITE SAME
   with and without UNMAP set.

The discovery process heuristics are:

 - If the device reports a SCSI level of SPC-3 or greater we'll issue
   READ SUPPORTED OPERATION CODES to find out whether WRITE SAME(16) is
   supported. If that's the case we will use it.

 - If the device supports the block limits VPD and reports a MAXIMUM
   WRITE SAME LENGTH bigger than 0xFFFF we will use WRITE SAME(16).

 - Otherwise we will use WRITE SAME(10) unless the target LBA is beyond
   0xFFFFFFFF or the block count exceeds 0xFFFF.

 - no_write_same is set for ATA, FireWire and USB.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Reviewed-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-11-13 22:45:42 -08:00
Martin K. Petersen 3c6bdaeab4 [SCSI] Add a report opcode helper
The REPORT SUPPORTED OPERATION CODES command can be used to query
whether a given opcode is supported by a device. Add a helper function
that allows us to look up commands.

We only issue RSOC if the device reports compliance with SPC-3 or
later. But to err on the side of caution we disable the command for ATA,
FireWire and USB.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-11-13 21:11:31 -08:00
Stefan Richter 790198f74c firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel)
Fix two bugs of the /dev/fw* character device concerning the
FW_CDEV_IOC_GET_INFO ioctl with nonzero fw_cdev_get_info.bus_reset.
(Practically all /dev/fw* clients issue this ioctl right after opening
the device.)

Both bugs are caused by sizeof(struct fw_cdev_event_bus_reset) being 36
without natural alignment and 40 with natural alignment.

 1) Memory corruption, affecting i386 userland on amd64 kernel:
    Userland reserves a 36 bytes large buffer, kernel writes 40 bytes.
    This has been first found and reported against libraw1394 if
    compiled with gcc 4.7 which happens to order libraw1394's stack such
    that the bug became visible as data corruption.

 2) Information leak, affecting all kernel architectures except i386:
    4 bytes of random kernel stack data were leaked to userspace.

Hence limit the respective copy_to_user() to the 32-bit aligned size of
struct fw_cdev_event_bus_reset.

Reported-by: Simon Kirby <sim@hostway.ca>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: stable@kernel.org
2012-10-09 18:26:28 +02:00