firewire: Use only a wait queue and terminate poll and read on device removal.
Drop the event list semaphore and only use the wait queue and the list
to synchronize queue access. Break out of a poll or read whenever
the device is disconnected.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Don't time out command orbs, leave that to the scsi stack.
The mod_timer based timing out of orb was a little to agressive and
would time out legit, but long-lived scsi cmds. Besides, the scsi
stack keeps track of this already. Since we're only timing out
management orbs, go back to wait_for_completion_timeout.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Repurpose the get_config_rom ioctl to a general get_info ioctl.
This ioctl is now used for version negotiation, and optionally
returns the config rom, and the current bus info.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Thomas Gleixner [Tue, 6 Mar 2007 02:19:51 +0000 (18:19 -0800)]
firewire: Scheduled removal of SA_xxx interrupt flags fixups 3
The obsolete SA_xxx interrupt flags have been used despite the scheduled
removal. Fixup the remaining users in -mm.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Don't touch DMA descriptors after appending.
When a DMA descriptor is appended to the context we sync it for
DMA and the device might potentially read it immediately. So,
we can't set the IRQ bits in the descriptor after appending.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Use a buffer fill descriptor for receive when header size is 0.
When the DMA is setup to not strip any headers, we need to use
the buffer fill descriptor instead of the dual buffer, since the
dual buffer descriptor must strip a non-zero number of header quadlets.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Generalize the iso transmit descriptor buffer logic.
The descriptor circular buffer logic used for iso transmission is
useful for async transmit too, so pull the sharable logic out in
a few standalone functions.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Split the iso buffer out from fw_iso_context and avoid vmalloc.
This patch splits out the iso buffer so we can initialize it at mmap
time with the size provided in the mmap call. Furthermore, allocate
the backing pages using alloc_page to avoid setting up kernel side
virtual memory mappings for the pages.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
firewire: Schedule topology work before calling driver update functions.
This prevents superfluous bus traffic as fw-sbp2 logs in only to
get kicked off the device by another bus reset as the driver core
does bus management. Scheduling it this way lets the driver core
finish bus management before higher level drivers get the update
callback.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
When a management ORB times out, either because the fw_transaction
times out or when we don't get the status write, we need to properly
cancel the entire operation.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Drivers such as fw-sbp2 had no way to properly cancel in-progress
transactions, which could leave a pending transaction or an unset
packet in the low-level queues after kfree'ing the containing
structure. fw_cancel_transaction() lets drivers cancel a submitted
transaction.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
The old DMA program for receiving async packets stops DMA while
processing received packets and only expects one packet per
interrupt. Stopping DMA can silently drop packets and we need to
handle multiple received packets per interrupt.
This new version keeps DMA running at all times and just append new
pages as buffers fill up, and supports multiple packets per interrupt.
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Stefan Richter [Sat, 27 Jan 2007 15:59:15 +0000 (16:59 +0100)]
firewire: fix compilation with gcc 3.4
drivers/firewire/fw-topology.c: In function `report_found_node':
drivers/firewire/fw-topology.c:345: error: `typeof' applied to a bit-field
drivers/firewire/fw-topology.c:345: error: `typeof' applied to a bit-field
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Stefan Richter [Tue, 23 Jan 2007 20:20:08 +0000 (21:20 +0100)]
firewire: fw-sbp2: set command set related device flags
Copied from sbp2:
- enable spin-up by START STOP UNIT for all devices
- enable INQUIRY (36) workaround on demand
- prefer READ/ WRITE (10) over (6) for all devices
- prefer MODE SENSE (10) for MMC devices
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Stefan Richter [Tue, 23 Jan 2007 20:11:43 +0000 (21:11 +0100)]
firewire: consistent usage of node_id
Definitions as per IEEE 1212 and IEEE 1394:
Node ID: Concatenation of bus ID and local ID. 16 bits long.
Bus ID: Identifies a particular bus within a group of buses
interconnected by bus bridges.
Local ID: Identifies a particular node on a bus.
PHY ID: Local ID of IEEE 1394 nodes. 6 bits long.
Never ever use a variable called node_id for anything else than a node ID.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Stefan Richter [Sun, 14 Jan 2007 14:29:07 +0000 (15:29 +0100)]
firewire: mark some structs const
Instances of struct file_operations and struct fw_card_driver can be
qualified as "const". Ditto with struct fw_descriptor.data, struct
fw_device_id, and predefined instances of struct fw_address_region,
at least in the current implementation.
Data qualified as const is placed into the .rodata section which won't
be mixed with dirty data.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Stefan Richter [Thu, 28 Dec 2006 11:46:54 +0000 (12:46 +0100)]
firewire: build fix 3
drivers/firewire/fw-sbp2.c: At top level:
drivers/firewire/fw-sbp2.c:1060: error: storage size of '__mod_ieee1394_device_table' isn't known
(error pointed out by akpm)
Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Andrew Morton [Wed, 27 Dec 2006 22:49:23 +0000 (14:49 -0800)]
firewire: build fix 2
ia64:
drivers/firewire/fw-sbp2.c: In function `sbp2_command_orb_map_scatterlist':
drivers/firewire/fw-sbp2.c:826: warning: implicit declaration of function `sg_dma_len'
drivers/firewire/fw-sbp2.c:828: warning: implicit declaration of function `sg_dma_address'
drivers/firewire/fw-sbp2.c:837: error: invalid use of undefined type `struct scatterlist'
drivers/firewire/fw-sbp2.c:838: error: invalid use of undefined type `struct scatterlist'
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Andrew Morton [Wed, 27 Dec 2006 22:36:37 +0000 (14:36 -0800)]
firewire: build fix
alpha:
drivers/firewire/fw-ohci.c: In function 'ar_context_tasklet':
drivers/firewire/fw-ohci.c:266: warning: implicit declaration of function 'dma_sync_single_for_device'
drivers/firewire/fw-ohci.c:267: error: 'DMA_TO_DEVICE' undeclared (first use in this function)
drivers/firewire/fw-ohci.c:267: error: (Each undeclared identifier is reported only once
drivers/firewire/fw-ohci.c:267: error: for each function it appears in.)
drivers/firewire/fw-ohci.c: In function 'ar_context_init':
drivers/firewire/fw-ohci.c:282: warning: implicit declaration of function 'dma_map_single'
drivers/firewire/fw-ohci.c:283: error: 'DMA_TO_DEVICE' undeclared (first use in this function)
drivers/firewire/fw-ohci.c:293: error: 'DMA_FROM_DEVICE' undeclared (first use in this function)
etc.
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Andrew Morton [Wed, 27 Dec 2006 21:51:57 +0000 (13:51 -0800)]
firewire: printk warning fix
drivers/firewire/fw-ohci.c: In function 'ar_context_init':
drivers/firewire/fw-ohci.c:288: warning: format '%08x' expects type 'unsigned int', but argument 2 has type 'dma_addr_t'
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Kristian Høgsberg <krh@redhat.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Linus Torvalds [Wed, 7 Mar 2007 03:52:50 +0000 (19:52 -0800)]
Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] cio: Call cancel_halt_clear even when actl == 0.
[S390] cio: Use path verification to check for path state.
[S390] cio: Fix locking when calling notify function.
[S390] Fixed handling of access register mode faults.
[S390] dasd: Use default recovery for SNSS requests
[S390] check_bugs() should be inline.
[S390] tape: Compression overwrites crypto setting
[S390] nss: disable kexec.
[S390] reipl: move dump_prefix_page out of text section.
[S390] smp: disable preemption in smp_call_function/smp_call_function_on
[S390] kprobes breaks BUG_ON
Linus Torvalds [Wed, 7 Mar 2007 03:44:13 +0000 (19:44 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
pata_pdc202xx_old: fix data corruption and other problems
pata_legacy: fix io/irq mismatch
ahci: RAID mode SATA patch for Intel ICH9M
The commit was buggy in multiple ways:
- the conversion to ilog2() was incorrect to begin with
- it tested the wrong #defines, so on all architectures but FRV you'd
never see the bug except for constant arguments.
- the new "get_order()" macro used its arguments multiple times, and
didn't even parenthesize them properly
- despite the comments, it was not true that you could use it for
constant initializers, since not all architectures even use the
generic page.h header file.
All of the problems are individually fixable, but it all boils down to:
better just revert it, and re-do it from scratch.
Cc: David Howells <dhowells@redhat.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 7 Mar 2007 02:05:10 +0000 (18:05 -0800)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] kexec: Use EFI_LOADER_DATA for ELF core header
[IA64] permon use-after-free fix
[IA64] sync compat getdents
[IA64] always build arch/ia64/lib/xor.o
[IA64] Remove stack hard limit on ia64
[IA64] point saved_max_pfn to the max_pfn of the entire system
Revert "[IA64] swiotlb abstraction (e.g. for Xen)"
Marcel Holtmann [Tue, 6 Mar 2007 21:12:00 +0000 (22:12 +0100)]
[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
Based on a patch from Don Howard <dhoward@redhat.com>
When calling write() with a buffer larger than 512 bytes, the
driver's write buffer overflows, allowing to overwrite the EIP and
execute arbitrary code with kernel privileges.
In read(), there exists a similar problem, but coming from the device.
A malicous or buggy device sending more than 512 bytes can overflow
of the driver's read buffer, with the same effects as above.
sysfs_write_file downs buffer->sem while calling flush_write_buffer, and
flushing that particular write buffer entails downing buffer->sem in
orphan_all_buffers, resulting in the obvious self-deadlock.
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
[CIFS] cifs_prepare_write was incorrectly rereading page in some cases
[CIFS] Fix set file size to zero when doing chmod to Samba 3.0.26pre
[CIFS] Remove some unused functions/declarations
[CIFS] New file for previous commit
[CIFS] cifs export operations
[CIFS] small piece missing from previous patch
[CIFS] Fix locking problem around some cifs uses of i_size write