Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.35.y 2011-08-01T20:55:02+00:00 2011-08-01T20:55:02+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2011-07-09T22:23:03+00:00 urn:sha1:723df54958132696b5d203b6d8b9c914744983c2 [ upstream commit 7f7e37115a8b6724f26d0637a04e1d35e3c59717 ] When firewire-ohci is bound to a Pinnacle MovieBoard, eventually a "Register access failure" is logged and an interrupt storm or a kernel panic happens. https://bugzilla.kernel.org/show_bug.cgi?id=36622 Until this is sorted out (if that is going to succeed at all), let's just prevent firewire-ohci from touching these devices. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2011-08-01T20:55:01+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2011-07-09T14:42:26+00:00 urn:sha1:5392dda6e2b429cdf8d72dcbe36481372e1caa14 [ upstream commit d873d794235efa590ab3c94d5ee22bb1fab19ac4 ] -EINVAL On Jun 27 Linus Torvalds wrote: > The correct error code for "I don't understand this ioctl" is ENOTTY. > The naming may be odd, but you should think of that error value as a > "unrecognized ioctl number, you're feeding me random numbers that I > don't understand and I assume for historical reasons that you tried to > do some tty operation on me". [...] > The EINVAL thing goes way back, and is a disaster. It predates Linux > itself, as far as I can tell. You'll find lots of man-pages that have > this line in it: > > EINVAL Request or argp is not valid. > > and it shows up in POSIX etc. And sadly, it generally shows up > _before_ the line that says > > ENOTTY The specified request does not apply to the kind of object > that the descriptor d references. > > so a lot of people get to the EINVAL, and never even notice the ENOTTY. [...] > At least glibc (and hopefully other C libraries) use a _string_ that > makes much more sense: strerror(ENOTTY) is "Inappropriate ioctl for > device" So let's correct this in the <linux/firewire-cdev.h> ABI while it is still young, relative to distributor adoption. Side note: We return -ENOTTY not only on _IOC_TYPE or _IOC_NR mismatch, but also on _IOC_SIZE mismatch. An ioctl with an unsupported size of argument structure can be seen as an unsupported version of that ioctl. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2011-08-01T20:55:01+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2011-07-09T14:43:22+00:00 urn:sha1:c20974dfa539046b0cec0af14a2d707c39f33b2a [ upstream commit 93b37905f70083d6143f5f4dba0a45cc64379a62 ] and bus reset event queuing Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events to be read(2) by the client. The get_info ioctl is practically always issued right away after open, hence this condition only occurs if the client opens during a bus reset, especially during a rapid series of bus resets. The problem with this condition is twofold: - These bus reset events carry the (as yet undocumented) @closure value of 0. But it is not the kernel's place to choose closures; they are privat to the client. E.g., this 0 value forced from the kernel makes it unsafe for clients to dereference it as a pointer to a closure object without NULL pointer check. - It is impossible for clients to determine the relative order of bus reset events from get_info ioctl(2) versus those from read(2), except in one way: By comparison of closure values. Again, such a procedure imposes complexity on clients and reduces freedom in use of the bus reset closure. So, change the ABI to suppress queuing of bus reset events before the first FW_CDEV_IOC_GET_INFO ioctl was issued by the client. Note, this ABI change cannot be version-controlled. The kernel cannot distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO ioctl. We will try to back-merge this change into currently maintained stable/ longterm series, and we only document the new behaviour. The old behavior is now considered a kernel bug, which it basically is. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: <stable@kernel.org> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-12-14T22:40:09+00:00 Clemens Ladisch clemens@ladisch.de 2010-10-25T09:42:20+00:00 urn:sha1:48059b90318aff5a2578d5a1d10ea7ac76e03e18 commit a1f805e5e73a8fe166b71c6592d3837df0cd5e2e upstream. When handling an AR buffer that has been completely filled, we assumed that its descriptor will not be read by the controller and can be overwritten. However, when the last received packet happens to end at the end of the buffer, the controller might not yet have moved on to the next buffer and might read the branch address later. If we overwrite and free the page before that, the DMA context will either go dead because of an invalid Z value, or go off into some random memory. To fix this, ensure that the descriptor does not get overwritten by using only the actual buffer instead of the entire page for reassembling the split packet. Furthermore, to avoid freeing the page too early, move on to the next buffer only when some data in it guarantees that the controller has moved on. This should eliminate the remaining firewire-net problems. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Tested-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-12-14T22:40:09+00:00 Clemens Ladisch clemens@ladisch.de 2010-10-25T09:41:53+00:00 urn:sha1:329ad1cf88c3007e095a304028d11021eae8d402 commit 85f7ffd5d2b320f73912b15fe8cef34bae297daf upstream. When the controller had to split a received asynchronous packet into two buffers, the driver tries to reassemble it by copying both parts into the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet unhandled packets before the split packet, the split packet itself, and any received packets after the split packet are together larger than one page, then the memory after the first page would get overwritten. To fix this, do not try to copy the data of all unhandled packets at once, but copy the possibly needed data every time when handling a packet. This gets rid of most of the infamous crashes and data corruptions when using firewire-net. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Tested-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com> 2010-10-29T04:51:29+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2010-10-17T12:09:12+00:00 urn:sha1:14d7e74a7f658fdd370e9a790b55e3b93eb259fc commit aa0170fff3c26bf2b42159af2dd9cf86444c292a upstream. Revert commit 54672386ccf36ffa21d1de8e75624af83f9b0eeb "firewire: ohci: fix up configuration of TI chips". It caused massive slow-down and data corruption with a TSB82AA2 based StarTech EC1394B2 ExpressCard and FireWire 800 harddisks. https://bugs.launchpad.net/ubuntu/+source/linux/+bug/657081 http://thread.gmane.org/gmane.linux.kernel.firewire.user/4013 The fact that some card EEPROMs do not program these enhancements may be related to TSB81BA3 phy chip errata, if not to bugs of TSB82AA2 itself. We could re-add these configuration steps, but only conditional on a whitelist of cards on which these enhancements bring a proven positive effect. Reported-and-tested-by: Eric Shattow <lucent@gmail.com> Cc: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2010-06-02T17:48:13+00:00 Stefan Richter stefanr@s5r6.in-berlin.de 2010-05-30T17:43:52+00:00 urn:sha1:10389536742cefbedecb67a5b2906f155cf3a1c3 Per IEEE 1394 clause 8.4.2.3, a contender for the IRM role shall check whether the current IRM complies to 1394a-2000 or later. If not force a compliant node (e.g. itself) to become IRM. This was implemented in the older ieee1394 driver but not yet in firewire-core. An older Sony camcorder (Sony DCR-TRV25) which implements 1394-1995 IRM but neither 1394a-2000 IRM nor BM was now found to cause an interoperability bug: - Camcorder becomes root node when plugged in, hence gets IRM role. - firewire-core successfully contends for BM role, proceeds to perform gap count optimization and resets the bus. - Sony camcorder ignores presence of a BM (against the spec, this is a firmware bug), performs its idea of gap count optimization and resets the bus. - Preceding two steps are repeated endlessly, bus never settles, regular I/O is practically impossible. http://thread.gmane.org/gmane.linux.kernel.firewire.user/3913 This is an interoperability regression from the old to the new drivers. Fix it indirectly by adding the 1394a IRM check. The spec suggests three and a half methods to determine 1394a compliance of a remote IRM; we choose the method of testing the Config_ROM.Bus_Info.generation field. This is data that firewire-core should have readily available at this point, i.e. does not require extra I/O. Reported-by: Clemens Ladisch <clemens@ladisch.de> (missing 1394a check) Reported-by: H. S. <hs.samix@gmail.com> (issue with Sony DCR-TRV25) Tested-by: H. S. <hs.samix@gmail.com> Cc: <stable@kernel.org> # .32.x and newer Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> 2010-05-27T17:22:06+00:00 Linus Torvalds torvalds@linux-foundation.org 2010-05-27T17:22:06+00:00 urn:sha1:55ddf14b04bfe5afaab892a8fb12164b803f1dd5 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: ieee1394: schedule for removal firewire: core: use separate timeout for each transaction firewire: core: Fix tlabel exhaustion problem firewire: core: make transaction label allocation more robust firewire: core: clean up config ROM related defined constants ieee1394: mark char device files as not seekable firewire: cdev: mark char device files as not seekable firewire: ohci: cleanups and fix for nonstandard build without debug facility firewire: ohci: wait for PHY register accesses to complete firewire: ohci: fix up configuration of TI chips firewire: ohci: enable 1394a enhancements firewire: ohci: do not clear PHY interrupt status inadvertently firewire: ohci: add a function for reading PHY registers Trivial conflicts in Documentation/feature-removal-schedule.txt 2010-05-20T16:20:59+00:00 Linus Torvalds torvalds@linux-foundation.org 2010-05-20T16:20:59+00:00 urn:sha1:f39d01be4c59a61a08d0cb53f615e7016b85d339 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (44 commits) vlynq: make whole Kconfig-menu dependant on architecture add descriptive comment for TIF_MEMDIE task flag declaration. EEPROM: max6875: Header file cleanup EEPROM: 93cx6: Header file cleanup EEPROM: Header file cleanup agp: use NULL instead of 0 when pointer is needed rtc-v3020: make bitfield unsigned PCI: make bitfield unsigned jbd2: use NULL instead of 0 when pointer is needed cciss: fix shadows sparse warning doc: inode uses a mutex instead of a semaphore. uml: i386: Avoid redefinition of NR_syscalls fix "seperate" typos in comments cocbalt_lcdfb: correct sections doc: Change urls for sparse Powerpc: wii: Fix typo in comment i2o: cleanup some exit paths Documentation/: it's -> its where appropriate UML: Fix compiler warning due to missing task_struct declaration UML: add kernel.h include to signal.c ... 2010-05-18T22:26:30+00:00 Clemens Ladisch clemens@ladisch.de 2010-04-27T07:07:00+00:00 urn:sha1:5c40cbfefa828208c671e2f58789e4dd04f79563 Using a single timeout for all transaction that need to be flushed does not work if the submission of new transactions can defer the timeout indefinitely into the future. We need to have timeouts that do not change due to other transactions; the simplest way to do this is with a separate timer for each transaction. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (+ one lockdep annotation)