2019-05-27 00:55:05 -06:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2007-05-07 18:33:32 -06:00
|
|
|
/*
|
|
|
|
|
* Char device for device raw access
|
2006-12-19 17:58:31 -07:00
|
|
|
*
|
2007-05-07 18:33:32 -06:00
|
|
|
* Copyright (C) 2005-2007 Kristian Hoegsberg <krh@bitplanet.net>
|
2006-12-19 17:58:31 -07:00
|
|
|
*/
|
|
|
|
|
|
2010-07-07 06:13:14 -06:00
|
|
|
#include <linux/bug.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/compat.h>
|
|
|
|
|
#include <linux/delay.h>
|
|
|
|
|
#include <linux/device.h>
|
2012-04-09 12:51:18 -06:00
|
|
|
#include <linux/dma-mapping.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/errno.h>
|
firewire: reorganize header files
The three header files of firewire-core, i.e.
"drivers/firewire/fw-device.h",
"drivers/firewire/fw-topology.h",
"drivers/firewire/fw-transaction.h",
are replaced by
"drivers/firewire/core.h",
"include/linux/firewire.h".
The latter includes everything which a firewire high-level driver (like
firewire-sbp2) needs besides linux/firewire-constants.h, while core.h
contains the rest which is needed by firewire-core itself and by low-
level drivers (card drivers) like firewire-ohci.
High-level drivers can now also reside outside of drivers/firewire
without having to add drivers/firewire to the header file search path in
makefiles. At least the firedtv driver will be such a driver.
I also considered to spread the contents of core.h over several files,
one for each .c file where the respective implementation resides. But
it turned out that most core .c files will end up including most of the
core .h files. Also, the combined core.h isn't unreasonably big, and it
will lose more of its contents to linux/firewire.h anyway soon when more
firewire drivers are added. (IP-over-1394, firedtv, and there are plans
for one or two more.)
Furthermore, fw-ohci.h is renamed to ohci.h. The name of core.h and
ohci.h is chosen with regard to name changes of the .c files in a
follow-up change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2009-06-05 08:26:18 -06:00
|
|
|
#include <linux/firewire.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/firewire-cdev.h>
|
|
|
|
|
#include <linux/idr.h>
|
2010-02-20 14:24:43 -07:00
|
|
|
#include <linux/irqflags.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/jiffies.h>
|
2006-12-19 17:58:31 -07:00
|
|
|
#include <linux/kernel.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/kref.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/mm.h>
|
|
|
|
|
#include <linux/module.h>
|
2008-10-05 02:37:11 -06:00
|
|
|
#include <linux/mutex.h>
|
2006-12-19 17:58:31 -07:00
|
|
|
#include <linux/poll.h>
|
2010-07-29 01:31:56 -06:00
|
|
|
#include <linux/sched.h> /* required for linux/wait.h */
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 02:04:11 -06:00
|
|
|
#include <linux/slab.h>
|
2008-10-03 09:19:09 -06:00
|
|
|
#include <linux/spinlock.h>
|
2010-01-24 08:45:03 -07:00
|
|
|
#include <linux/string.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/time.h>
|
2009-06-06 10:36:24 -06:00
|
|
|
#include <linux/uaccess.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/vmalloc.h>
|
|
|
|
|
#include <linux/wait.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
#include <linux/workqueue.h>
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
|
firewire: reorganize header files
The three header files of firewire-core, i.e.
"drivers/firewire/fw-device.h",
"drivers/firewire/fw-topology.h",
"drivers/firewire/fw-transaction.h",
are replaced by
"drivers/firewire/core.h",
"include/linux/firewire.h".
The latter includes everything which a firewire high-level driver (like
firewire-sbp2) needs besides linux/firewire-constants.h, while core.h
contains the rest which is needed by firewire-core itself and by low-
level drivers (card drivers) like firewire-ohci.
High-level drivers can now also reside outside of drivers/firewire
without having to add drivers/firewire to the header file search path in
makefiles. At least the firedtv driver will be such a driver.
I also considered to spread the contents of core.h over several files,
one for each .c file where the respective implementation resides. But
it turned out that most core .c files will end up including most of the
core .h files. Also, the combined core.h isn't unreasonably big, and it
will lose more of its contents to linux/firewire.h anyway soon when more
firewire drivers are added. (IP-over-1394, firedtv, and there are plans
for one or two more.)
Furthermore, fw-ohci.h is renamed to ohci.h. The name of core.h and
ohci.h is chosen with regard to name changes of the .c files in a
follow-up change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2009-06-05 08:26:18 -06:00
|
|
|
#include "core.h"
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-06-20 14:52:55 -06:00
|
|
|
/*
|
|
|
|
|
* ABI version history is documented in linux/firewire-cdev.h.
|
|
|
|
|
*/
|
2012-03-18 12:05:29 -06:00
|
|
|
#define FW_CDEV_KERNEL_VERSION 5
|
2010-07-23 05:05:39 -06:00
|
|
|
#define FW_CDEV_VERSION_EVENT_REQUEST2 4
|
|
|
|
|
#define FW_CDEV_VERSION_ALLOCATE_REGION_END 4
|
2013-07-22 13:32:09 -06:00
|
|
|
#define FW_CDEV_VERSION_AUTO_FLUSH_ISO_OVERFLOW 5
|
2010-06-20 14:52:55 -06:00
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
struct client {
|
2007-03-07 10:12:43 -07:00
|
|
|
u32 version;
|
2006-12-19 17:58:31 -07:00
|
|
|
struct fw_device *device;
|
2008-12-21 08:47:17 -07:00
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
spinlock_t lock;
|
2008-12-21 08:47:17 -07:00
|
|
|
bool in_shutdown;
|
|
|
|
|
struct idr resource_idr;
|
2006-12-19 17:58:31 -07:00
|
|
|
struct list_head event_list;
|
|
|
|
|
wait_queue_head_t wait;
|
2011-01-10 09:28:39 -07:00
|
|
|
wait_queue_head_t tx_flush_wait;
|
2007-03-26 23:43:39 -06:00
|
|
|
u64 bus_reset_closure;
|
2007-02-16 15:34:38 -07:00
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
struct fw_iso_context *iso_context;
|
2007-04-30 13:03:14 -06:00
|
|
|
u64 iso_closure;
|
2007-02-16 15:34:38 -07:00
|
|
|
struct fw_iso_buffer buffer;
|
|
|
|
|
unsigned long vm_start;
|
2012-04-09 12:51:18 -06:00
|
|
|
bool buffer_is_mapped;
|
2007-03-07 10:12:41 -07:00
|
|
|
|
2010-07-16 14:25:51 -06:00
|
|
|
struct list_head phy_receiver_link;
|
|
|
|
|
u64 phy_receiver_closure;
|
|
|
|
|
|
2007-03-07 10:12:41 -07:00
|
|
|
struct list_head link;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct kref kref;
|
2006-12-19 17:58:31 -07:00
|
|
|
};
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static inline void client_get(struct client *client)
|
|
|
|
|
{
|
|
|
|
|
kref_get(&client->kref);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void client_release(struct kref *kref)
|
|
|
|
|
{
|
|
|
|
|
struct client *client = container_of(kref, struct client, kref);
|
|
|
|
|
|
|
|
|
|
fw_device_put(client->device);
|
|
|
|
|
kfree(client);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void client_put(struct client *client)
|
|
|
|
|
{
|
|
|
|
|
kref_put(&client->kref, client_release);
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
struct client_resource;
|
|
|
|
|
typedef void (*client_resource_release_fn_t)(struct client *,
|
|
|
|
|
struct client_resource *);
|
|
|
|
|
struct client_resource {
|
|
|
|
|
client_resource_release_fn_t release;
|
|
|
|
|
int handle;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct address_handler_resource {
|
|
|
|
|
struct client_resource resource;
|
|
|
|
|
struct fw_address_handler handler;
|
|
|
|
|
__u64 closure;
|
|
|
|
|
struct client *client;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct outbound_transaction_resource {
|
|
|
|
|
struct client_resource resource;
|
|
|
|
|
struct fw_transaction transaction;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct inbound_transaction_resource {
|
|
|
|
|
struct client_resource resource;
|
firewire: cdev: fix responses to nodes at different card
My box has two firewire cards in it: card0 and card1.
My application opens /dev/fw0 (card 0) and allocates an address space.
The core makes the address space available on both cards.
Along comes the remote device, which sends a READ_QUADLET_REQUEST to
card1. The request gets passed up to my application, which calls
ioctl_send_response().
ioctl_send_response() then calls fw_send_response() with card0,
because that's the card it's bound to.
Card0's driver drops the response, because it isn't part of
a transaction that it has outstanding.
So in core-cdev: handle_request(), we need to stash the
card of the inbound request in the struct inbound_transaction_resource and
use that card to send the response to.
The hard part will be refcounting the card correctly
so it can't get deallocated while we hold a pointer to it.
Here's a trivial patch, which does not do the card refcounting, but at
least demonstrates what the problem is.
Note that we can't depend on the fact that the core-cdev:client
structure holds a card open, because in this case the card it holds
open is not the card the request came in on.
..and there's no way for the core to tell cdev "this card is gone,
kill any inbound transactions on it", while cdev holds the transaction
open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
very long time. But when it does, it calls fw_send_response(), which
will dereference the card...
So how unhappy are we about userspace potentially holding a fw_card
open forever?
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Reference counting to be addressed in a separate change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (whitespace)
2010-05-18 12:02:45 -06:00
|
|
|
struct fw_card *card;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct fw_request *request;
|
|
|
|
|
void *data;
|
|
|
|
|
size_t length;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct descriptor_resource {
|
|
|
|
|
struct client_resource resource;
|
|
|
|
|
struct fw_descriptor descriptor;
|
|
|
|
|
u32 data[0];
|
|
|
|
|
};
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
struct iso_resource {
|
|
|
|
|
struct client_resource resource;
|
|
|
|
|
struct client *client;
|
|
|
|
|
/* Schedule work and access todo only with client->lock held. */
|
|
|
|
|
struct delayed_work work;
|
2009-01-04 08:23:29 -07:00
|
|
|
enum {ISO_RES_ALLOC, ISO_RES_REALLOC, ISO_RES_DEALLOC,
|
|
|
|
|
ISO_RES_ALLOC_ONCE, ISO_RES_DEALLOC_ONCE,} todo;
|
2009-01-04 08:23:29 -07:00
|
|
|
int generation;
|
|
|
|
|
u64 channels;
|
|
|
|
|
s32 bandwidth;
|
|
|
|
|
struct iso_resource_event *e_alloc, *e_dealloc;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void release_iso_resource(struct client *, struct client_resource *);
|
|
|
|
|
|
2009-10-07 16:41:10 -06:00
|
|
|
static void schedule_iso_resource(struct iso_resource *r, unsigned long delay)
|
|
|
|
|
{
|
|
|
|
|
client_get(r->client);
|
firewire: sbp2: parallelize login, reconnect, logout
The struct sbp2_logical_unit.work items can all be executed in parallel
but are not reentrant. Furthermore, reconnect or re-login work must be
executed in a WQ_MEM_RECLAIM workqueue.
Hence replace the old single-threaded firewire-sbp2 workqueue by a
concurrency-managed but non-reentrant workqueue with rescuer.
firewire-core already maintains one, hence use this one.
In earlier versions of this change, I observed occasional failures of
parallel INQUIRY to an Initio INIC-2430 FireWire 800 to dual IDE bridge.
More testing indicates that parallel INQUIRY is not actually a problem,
but too quick successions of logout and login + INQUIRY, e.g. a quick
sequence of cable plugout and plugin, can result in failed INQUIRY.
This does not seem to be something that should or could be addressed by
serialization.
Another dual-LU device to which I currently have access to, an
OXUF924DSB FireWire 800 to dual SATA bridge with firmware from MacPower,
has been successfully tested with this too.
This change is beneficial to environments with two or more FireWire
storage devices, especially if they are located on the same bus.
Management tasks that should be performed as soon and as quickly as
possible, especially reconnect, are no longer held up by tasks on other
devices that may take a long time, especially login with INQUIRY and sd
or sr driver probe.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2011-05-01 12:50:31 -06:00
|
|
|
if (!queue_delayed_work(fw_workqueue, &r->work, delay))
|
2009-10-07 16:41:10 -06:00
|
|
|
client_put(r->client);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void schedule_if_iso_resource(struct client_resource *resource)
|
|
|
|
|
{
|
|
|
|
|
if (resource->release == release_iso_resource)
|
|
|
|
|
schedule_iso_resource(container_of(resource,
|
|
|
|
|
struct iso_resource, resource), 0);
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
/*
|
|
|
|
|
* dequeue_event() just kfree()'s the event, so the event has to be
|
|
|
|
|
* the first field in a struct XYZ_event.
|
|
|
|
|
*/
|
|
|
|
|
struct event {
|
|
|
|
|
struct { void *data; size_t size; } v[2];
|
|
|
|
|
struct list_head link;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct bus_reset_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct fw_cdev_event_bus_reset reset;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct outbound_transaction_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct client *client;
|
|
|
|
|
struct outbound_transaction_resource r;
|
|
|
|
|
struct fw_cdev_event_response response;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct inbound_transaction_event {
|
|
|
|
|
struct event event;
|
firewire: cdev: fix ABI for FCP and address range mapping, add fw_cdev_event_request2
The problem:
A target-like userspace driver, e.g. AV/C target or SBP-2/3 target,
needs to be able to act as responder and requester. In the latter role,
it needs to send requests to nods from which it received requests. This
is currently impossible because fw_cdev_event_request lacks information
about sender node ID.
Reported-by: Jay Fenlason <fenlason@redhat.com>
Libffado + libraw1394 + firewire-core is currently unable to drive two
or more audio devices on the same bus.
Reported-by: Arnold Krille <arnold@arnoldarts.de>
This is because libffado requires destination node ID of FCP requests
and sender node ID of FCP responses to match. It even prohibits
libffado from working with a bus on which libraw1394 opens a /dev/fw* as
default ioctl device that does not correspond with the audio device.
This is because libraw1394 does not receive the sender node ID from the
kernel.
Moreover, fw_cdev_event_request makes it impossible to tell unicast and
broadcast write requests apart.
The fix:
Add a replacement of struct fw_cdev_event_request request, boringly
called struct fw_cdev_event_request2. The new event will be sent to a
userspace client instead of the old one if the client claims
compatibility with <linux/firewire-cdev.h> ABI version 4 or later.
libraw1394 needs to be extended to make use of the new event, in order
to properly support libffado and other FCP or address range mapping
users who require correct sender node IDs.
Further notes:
While we are at it, change back the range of possible values of
fw_cdev_event_request.tcode to 0x0...0xb like in ABI version <= 3.
The preceding change "firewire: expose extended tcode of incoming lock
requests to (userspace) drivers" expanded it to 0x0...0x17 which could
catch sloppily coded clients by surprise. The extended range of codes
is only used in the new fw_cdev_event_request2.tcode.
Jay and I also suggested an alternative approach to fix the ABI for
incoming requests: Add an FW_CDEV_IOC_GET_REQUEST_INFO ioctl which can
be called after reception of an fw_cdev_event_request, before issuing of
the closing FW_CDEV_IOC_SEND_RESPONSE ioctl. The new ioctl would reveal
the vital information about a request that fw_cdev_event_request lacks.
Jay showed an implementation of this approach.
The former event approach adds 27 LOC of rather trivial code to
core-cdev.c, the ioctl approach 34 LOC, some of which is nontrivial.
The ioctl approach would certainly also add more LOC to userspace
programs which require the expanded information on inbound requests.
This approach is probably only on the lighter-weight side in case of
clients that want to be compatible with kernels that lack the new
capability, like libraw1394. However, the code to be added to such
libraw1394-like clients in case of the event approach is a straight-
forward additional switch () case in its event handler.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:53:55 -06:00
|
|
|
union {
|
|
|
|
|
struct fw_cdev_event_request request;
|
|
|
|
|
struct fw_cdev_event_request2 request2;
|
|
|
|
|
} req;
|
2009-01-04 08:23:29 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct iso_interrupt_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct fw_cdev_event_iso_interrupt interrupt;
|
|
|
|
|
};
|
|
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
struct iso_interrupt_mc_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct fw_cdev_event_iso_interrupt_mc interrupt;
|
|
|
|
|
};
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
struct iso_resource_event {
|
|
|
|
|
struct event event;
|
2009-10-07 16:41:38 -06:00
|
|
|
struct fw_cdev_event_iso_resource iso_resource;
|
2009-01-04 08:23:29 -07:00
|
|
|
};
|
|
|
|
|
|
2010-07-16 14:25:14 -06:00
|
|
|
struct outbound_phy_packet_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct client *client;
|
|
|
|
|
struct fw_packet p;
|
|
|
|
|
struct fw_cdev_event_phy_packet phy_packet;
|
|
|
|
|
};
|
|
|
|
|
|
2010-07-16 14:25:51 -06:00
|
|
|
struct inbound_phy_packet_event {
|
|
|
|
|
struct event event;
|
|
|
|
|
struct fw_cdev_event_phy_packet phy_packet;
|
|
|
|
|
};
|
|
|
|
|
|
2011-08-10 16:06:04 -06:00
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
|
static void __user *u64_to_uptr(u64 value)
|
|
|
|
|
{
|
2016-03-22 15:25:13 -06:00
|
|
|
if (in_compat_syscall())
|
2011-08-10 16:06:04 -06:00
|
|
|
return compat_ptr(value);
|
|
|
|
|
else
|
|
|
|
|
return (void __user *)(unsigned long)value;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static u64 uptr_to_u64(void __user *ptr)
|
|
|
|
|
{
|
2016-03-22 15:25:13 -06:00
|
|
|
if (in_compat_syscall())
|
2011-08-10 16:06:04 -06:00
|
|
|
return ptr_to_compat(ptr);
|
|
|
|
|
else
|
|
|
|
|
return (u64)(unsigned long)ptr;
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
static inline void __user *u64_to_uptr(u64 value)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
|
|
|
|
return (void __user *)(unsigned long)value;
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-10 16:06:04 -06:00
|
|
|
static inline u64 uptr_to_u64(void __user *ptr)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2011-08-10 16:06:04 -06:00
|
|
|
return (u64)(unsigned long)ptr;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
2011-08-10 16:06:04 -06:00
|
|
|
#endif /* CONFIG_COMPAT */
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
static int fw_device_op_open(struct inode *inode, struct file *file)
|
|
|
|
|
{
|
|
|
|
|
struct fw_device *device;
|
|
|
|
|
struct client *client;
|
|
|
|
|
|
2008-02-02 07:01:09 -07:00
|
|
|
device = fw_device_get_by_devt(inode->i_rdev);
|
2007-03-07 10:12:44 -07:00
|
|
|
if (device == NULL)
|
|
|
|
|
return -ENODEV;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2008-05-16 09:15:23 -06:00
|
|
|
if (fw_device_is_shutdown(device)) {
|
|
|
|
|
fw_device_put(device);
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
}
|
|
|
|
|
|
2007-05-09 17:23:14 -06:00
|
|
|
client = kzalloc(sizeof(*client), GFP_KERNEL);
|
2008-02-02 07:01:09 -07:00
|
|
|
if (client == NULL) {
|
|
|
|
|
fw_device_put(device);
|
2006-12-19 17:58:31 -07:00
|
|
|
return -ENOMEM;
|
2008-02-02 07:01:09 -07:00
|
|
|
}
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2008-02-02 07:01:09 -07:00
|
|
|
client->device = device;
|
2006-12-19 17:58:31 -07:00
|
|
|
spin_lock_init(&client->lock);
|
2008-12-21 08:47:17 -07:00
|
|
|
idr_init(&client->resource_idr);
|
|
|
|
|
INIT_LIST_HEAD(&client->event_list);
|
2006-12-19 17:58:31 -07:00
|
|
|
init_waitqueue_head(&client->wait);
|
2011-01-10 09:28:39 -07:00
|
|
|
init_waitqueue_head(&client->tx_flush_wait);
|
2010-07-16 14:25:51 -06:00
|
|
|
INIT_LIST_HEAD(&client->phy_receiver_link);
|
firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing
Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO
ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events
to be read(2) by the client. The get_info ioctl is practically always
issued right away after open, hence this condition only occurs if the
client opens during a bus reset, especially during a rapid series of bus
resets.
The problem with this condition is twofold:
- These bus reset events carry the (as yet undocumented) @closure
value of 0. But it is not the kernel's place to choose closures;
they are privat to the client. E.g., this 0 value forced from the
kernel makes it unsafe for clients to dereference it as a pointer to
a closure object without NULL pointer check.
- It is impossible for clients to determine the relative order of bus
reset events from get_info ioctl(2) versus those from read(2),
except in one way: By comparison of closure values. Again, such a
procedure imposes complexity on clients and reduces freedom in use
of the bus reset closure.
So, change the ABI to suppress queuing of bus reset events before the
first FW_CDEV_IOC_GET_INFO ioctl was issued by the client.
Note, this ABI change cannot be version-controlled. The kernel cannot
distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO
ioctl.
We will try to back-merge this change into currently maintained stable/
longterm series, and we only document the new behaviour. The old
behavior is now considered a kernel bug, which it basically is.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org>
2011-07-09 08:43:22 -06:00
|
|
|
INIT_LIST_HEAD(&client->link);
|
2009-01-04 08:23:29 -07:00
|
|
|
kref_init(&client->kref);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
file->private_data = client;
|
|
|
|
|
|
2010-04-10 09:38:05 -06:00
|
|
|
return nonseekable_open(inode, file);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void queue_event(struct client *client, struct event *event,
|
|
|
|
|
void *data0, size_t size0, void *data1, size_t size1)
|
|
|
|
|
{
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
|
|
event->v[0].data = data0;
|
|
|
|
|
event->v[0].size = size0;
|
|
|
|
|
event->v[1].data = data1;
|
|
|
|
|
event->v[1].size = size1;
|
|
|
|
|
|
|
|
|
|
spin_lock_irqsave(&client->lock, flags);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (client->in_shutdown)
|
|
|
|
|
kfree(event);
|
|
|
|
|
else
|
|
|
|
|
list_add_tail(&event->link, &client->event_list);
|
2006-12-19 17:58:31 -07:00
|
|
|
spin_unlock_irqrestore(&client->lock, flags);
|
2007-10-08 15:00:29 -06:00
|
|
|
|
|
|
|
|
wake_up_interruptible(&client->wait);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static int dequeue_event(struct client *client,
|
|
|
|
|
char __user *buffer, size_t count)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
|
|
|
|
struct event *event;
|
|
|
|
|
size_t size, total;
|
2008-12-14 13:45:45 -07:00
|
|
|
int i, ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2008-12-14 13:45:45 -07:00
|
|
|
ret = wait_event_interruptible(client->wait,
|
|
|
|
|
!list_empty(&client->event_list) ||
|
|
|
|
|
fw_device_is_shutdown(client->device));
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2007-03-07 10:12:48 -07:00
|
|
|
if (list_empty(&client->event_list) &&
|
|
|
|
|
fw_device_is_shutdown(client->device))
|
|
|
|
|
return -ENODEV;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_lock_irq(&client->lock);
|
2008-12-21 08:49:57 -07:00
|
|
|
event = list_first_entry(&client->event_list, struct event, link);
|
2006-12-19 17:58:31 -07:00
|
|
|
list_del(&event->link);
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_unlock_irq(&client->lock);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
total = 0;
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(event->v) && total < count; i++) {
|
|
|
|
|
size = min(event->v[i].size, count - total);
|
2007-03-07 10:12:48 -07:00
|
|
|
if (copy_to_user(buffer + total, event->v[i].data, size)) {
|
2008-12-14 13:45:45 -07:00
|
|
|
ret = -EFAULT;
|
2006-12-19 17:58:31 -07:00
|
|
|
goto out;
|
2007-03-07 10:12:48 -07:00
|
|
|
}
|
2006-12-19 17:58:31 -07:00
|
|
|
total += size;
|
|
|
|
|
}
|
2008-12-14 13:45:45 -07:00
|
|
|
ret = total;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
kfree(event);
|
|
|
|
|
|
2008-12-14 13:45:45 -07:00
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static ssize_t fw_device_op_read(struct file *file, char __user *buffer,
|
|
|
|
|
size_t count, loff_t *offset)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
|
|
|
|
struct client *client = file->private_data;
|
|
|
|
|
|
|
|
|
|
return dequeue_event(client, buffer, count);
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
|
|
|
|
|
struct client *client)
|
2007-03-07 10:12:43 -07:00
|
|
|
{
|
2007-03-26 23:43:39 -06:00
|
|
|
struct fw_card *card = client->device->card;
|
2008-10-03 09:19:09 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_lock_irq(&card->lock);
|
2007-03-07 10:12:43 -07:00
|
|
|
|
2007-03-26 23:43:39 -06:00
|
|
|
event->closure = client->bus_reset_closure;
|
2007-03-07 10:12:43 -07:00
|
|
|
event->type = FW_CDEV_EVENT_BUS_RESET;
|
2008-01-23 17:53:51 -07:00
|
|
|
event->generation = client->device->generation;
|
2007-03-26 23:43:39 -06:00
|
|
|
event->node_id = client->device->node_id;
|
2007-03-07 10:12:43 -07:00
|
|
|
event->local_node_id = card->local_node->node_id;
|
2010-06-21 15:24:35 -06:00
|
|
|
event->bm_node_id = card->bm_node_id;
|
2007-03-07 10:12:43 -07:00
|
|
|
event->irm_node_id = card->irm_node->node_id;
|
|
|
|
|
event->root_node_id = card->root_node->node_id;
|
2008-10-03 09:19:09 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_unlock_irq(&card->lock);
|
2007-03-07 10:12:43 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void for_each_client(struct fw_device *device,
|
|
|
|
|
void (*callback)(struct client *client))
|
2007-03-07 10:12:48 -07:00
|
|
|
{
|
|
|
|
|
struct client *c;
|
|
|
|
|
|
2008-10-05 02:37:11 -06:00
|
|
|
mutex_lock(&device->client_list_mutex);
|
2007-03-07 10:12:48 -07:00
|
|
|
list_for_each_entry(c, &device->client_list, link)
|
|
|
|
|
callback(c);
|
2008-10-05 02:37:11 -06:00
|
|
|
mutex_unlock(&device->client_list_mutex);
|
2007-03-07 10:12:48 -07:00
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static int schedule_reallocations(int id, void *p, void *data)
|
|
|
|
|
{
|
2009-10-07 16:41:10 -06:00
|
|
|
schedule_if_iso_resource(p);
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void queue_bus_reset_event(struct client *client)
|
2007-03-07 10:12:41 -07:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct bus_reset_event *e;
|
2007-03-07 10:12:41 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
e = kzalloc(sizeof(*e), GFP_KERNEL);
|
2013-03-24 10:32:00 -06:00
|
|
|
if (e == NULL)
|
2007-03-07 10:12:41 -07:00
|
|
|
return;
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
fill_bus_reset_event(&e->reset, client);
|
2007-03-07 10:12:41 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
queue_event(client, &e->event,
|
|
|
|
|
&e->reset, sizeof(e->reset), NULL, 0);
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
idr_for_each(&client->resource_idr, schedule_reallocations, client);
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
2007-03-07 10:12:41 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void fw_device_cdev_update(struct fw_device *device)
|
|
|
|
|
{
|
2007-03-07 10:12:48 -07:00
|
|
|
for_each_client(device, queue_bus_reset_event);
|
|
|
|
|
}
|
2007-03-07 10:12:41 -07:00
|
|
|
|
2007-03-07 10:12:48 -07:00
|
|
|
static void wake_up_client(struct client *client)
|
|
|
|
|
{
|
|
|
|
|
wake_up_interruptible(&client->wait);
|
|
|
|
|
}
|
2007-03-07 10:12:41 -07:00
|
|
|
|
2007-03-07 10:12:48 -07:00
|
|
|
void fw_device_cdev_remove(struct fw_device *device)
|
|
|
|
|
{
|
|
|
|
|
for_each_client(device, wake_up_client);
|
2007-03-07 10:12:41 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
union ioctl_arg {
|
|
|
|
|
struct fw_cdev_get_info get_info;
|
|
|
|
|
struct fw_cdev_send_request send_request;
|
|
|
|
|
struct fw_cdev_allocate allocate;
|
|
|
|
|
struct fw_cdev_deallocate deallocate;
|
|
|
|
|
struct fw_cdev_send_response send_response;
|
|
|
|
|
struct fw_cdev_initiate_bus_reset initiate_bus_reset;
|
|
|
|
|
struct fw_cdev_add_descriptor add_descriptor;
|
|
|
|
|
struct fw_cdev_remove_descriptor remove_descriptor;
|
|
|
|
|
struct fw_cdev_create_iso_context create_iso_context;
|
|
|
|
|
struct fw_cdev_queue_iso queue_iso;
|
|
|
|
|
struct fw_cdev_start_iso start_iso;
|
|
|
|
|
struct fw_cdev_stop_iso stop_iso;
|
|
|
|
|
struct fw_cdev_get_cycle_timer get_cycle_timer;
|
|
|
|
|
struct fw_cdev_allocate_iso_resource allocate_iso_resource;
|
|
|
|
|
struct fw_cdev_send_stream_packet send_stream_packet;
|
|
|
|
|
struct fw_cdev_get_cycle_timer2 get_cycle_timer2;
|
2010-07-16 14:25:14 -06:00
|
|
|
struct fw_cdev_send_phy_packet send_phy_packet;
|
2010-07-16 14:25:51 -06:00
|
|
|
struct fw_cdev_receive_phy_packets receive_phy_packets;
|
2010-07-29 10:19:22 -06:00
|
|
|
struct fw_cdev_set_iso_channels set_iso_channels;
|
2012-03-18 12:06:39 -06:00
|
|
|
struct fw_cdev_flush_iso flush_iso;
|
2010-02-21 09:56:21 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int ioctl_get_info(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_get_info *a = &arg->get_info;
|
2007-03-07 10:12:43 -07:00
|
|
|
struct fw_cdev_event_bus_reset bus_reset;
|
2008-03-24 13:54:28 -06:00
|
|
|
unsigned long ret = 0;
|
2007-03-07 10:12:43 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
client->version = a->version;
|
2010-06-20 14:52:55 -06:00
|
|
|
a->version = FW_CDEV_KERNEL_VERSION;
|
2010-02-21 09:56:21 -07:00
|
|
|
a->card = client->device->card->index;
|
2007-03-07 10:12:43 -07:00
|
|
|
|
2008-03-24 13:54:28 -06:00
|
|
|
down_read(&fw_device_rwsem);
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->rom != 0) {
|
|
|
|
|
size_t want = a->rom_length;
|
2007-03-20 12:42:15 -06:00
|
|
|
size_t have = client->device->config_rom_length * 4;
|
2007-03-07 10:12:43 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
ret = copy_to_user(u64_to_uptr(a->rom),
|
|
|
|
|
client->device->config_rom, min(want, have));
|
2007-03-07 10:12:43 -07:00
|
|
|
}
|
2010-02-21 09:56:21 -07:00
|
|
|
a->rom_length = client->device->config_rom_length * 4;
|
2007-03-07 10:12:43 -07:00
|
|
|
|
2008-03-24 13:54:28 -06:00
|
|
|
up_read(&fw_device_rwsem);
|
|
|
|
|
|
|
|
|
|
if (ret != 0)
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing
Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO
ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events
to be read(2) by the client. The get_info ioctl is practically always
issued right away after open, hence this condition only occurs if the
client opens during a bus reset, especially during a rapid series of bus
resets.
The problem with this condition is twofold:
- These bus reset events carry the (as yet undocumented) @closure
value of 0. But it is not the kernel's place to choose closures;
they are privat to the client. E.g., this 0 value forced from the
kernel makes it unsafe for clients to dereference it as a pointer to
a closure object without NULL pointer check.
- It is impossible for clients to determine the relative order of bus
reset events from get_info ioctl(2) versus those from read(2),
except in one way: By comparison of closure values. Again, such a
procedure imposes complexity on clients and reduces freedom in use
of the bus reset closure.
So, change the ABI to suppress queuing of bus reset events before the
first FW_CDEV_IOC_GET_INFO ioctl was issued by the client.
Note, this ABI change cannot be version-controlled. The kernel cannot
distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO
ioctl.
We will try to back-merge this change into currently maintained stable/
longterm series, and we only document the new behaviour. The old
behavior is now considered a kernel bug, which it basically is.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org>
2011-07-09 08:43:22 -06:00
|
|
|
mutex_lock(&client->device->client_list_mutex);
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
client->bus_reset_closure = a->bus_reset_closure;
|
|
|
|
|
if (a->bus_reset != 0) {
|
2007-03-26 23:43:39 -06:00
|
|
|
fill_bus_reset_event(&bus_reset, client);
|
2012-10-06 06:12:56 -06:00
|
|
|
/* unaligned size of bus_reset is 36 bytes */
|
|
|
|
|
ret = copy_to_user(u64_to_uptr(a->bus_reset), &bus_reset, 36);
|
2007-03-07 10:12:43 -07:00
|
|
|
}
|
firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing
Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO
ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events
to be read(2) by the client. The get_info ioctl is practically always
issued right away after open, hence this condition only occurs if the
client opens during a bus reset, especially during a rapid series of bus
resets.
The problem with this condition is twofold:
- These bus reset events carry the (as yet undocumented) @closure
value of 0. But it is not the kernel's place to choose closures;
they are privat to the client. E.g., this 0 value forced from the
kernel makes it unsafe for clients to dereference it as a pointer to
a closure object without NULL pointer check.
- It is impossible for clients to determine the relative order of bus
reset events from get_info ioctl(2) versus those from read(2),
except in one way: By comparison of closure values. Again, such a
procedure imposes complexity on clients and reduces freedom in use
of the bus reset closure.
So, change the ABI to suppress queuing of bus reset events before the
first FW_CDEV_IOC_GET_INFO ioctl was issued by the client.
Note, this ABI change cannot be version-controlled. The kernel cannot
distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO
ioctl.
We will try to back-merge this change into currently maintained stable/
longterm series, and we only document the new behaviour. The old
behavior is now considered a kernel bug, which it basically is.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org>
2011-07-09 08:43:22 -06:00
|
|
|
if (ret == 0 && list_empty(&client->link))
|
|
|
|
|
list_add_tail(&client->link, &client->device->client_list);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
firewire: cdev: prevent race between first get_info ioctl and bus reset event queuing
Between open(2) of a /dev/fw* and the first FW_CDEV_IOC_GET_INFO
ioctl(2) on it, the kernel already queues FW_CDEV_EVENT_BUS_RESET events
to be read(2) by the client. The get_info ioctl is practically always
issued right away after open, hence this condition only occurs if the
client opens during a bus reset, especially during a rapid series of bus
resets.
The problem with this condition is twofold:
- These bus reset events carry the (as yet undocumented) @closure
value of 0. But it is not the kernel's place to choose closures;
they are privat to the client. E.g., this 0 value forced from the
kernel makes it unsafe for clients to dereference it as a pointer to
a closure object without NULL pointer check.
- It is impossible for clients to determine the relative order of bus
reset events from get_info ioctl(2) versus those from read(2),
except in one way: By comparison of closure values. Again, such a
procedure imposes complexity on clients and reduces freedom in use
of the bus reset closure.
So, change the ABI to suppress queuing of bus reset events before the
first FW_CDEV_IOC_GET_INFO ioctl was issued by the client.
Note, this ABI change cannot be version-controlled. The kernel cannot
distinguish old from new clients before the first FW_CDEV_IOC_GET_INFO
ioctl.
We will try to back-merge this change into currently maintained stable/
longterm series, and we only document the new behaviour. The old
behavior is now considered a kernel bug, which it basically is.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: <stable@kernel.org>
2011-07-09 08:43:22 -06:00
|
|
|
mutex_unlock(&client->device->client_list_mutex);
|
|
|
|
|
|
|
|
|
|
return ret ? -EFAULT : 0;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static int add_client_resource(struct client *client,
|
|
|
|
|
struct client_resource *resource, gfp_t gfp_mask)
|
2007-03-26 23:43:41 -06:00
|
|
|
{
|
2015-11-06 17:28:21 -07:00
|
|
|
bool preload = gfpflags_allow_blocking(gfp_mask);
|
2007-03-26 23:43:41 -06:00
|
|
|
unsigned long flags;
|
2008-12-21 08:47:17 -07:00
|
|
|
int ret;
|
|
|
|
|
|
2013-02-27 18:04:05 -07:00
|
|
|
if (preload)
|
|
|
|
|
idr_preload(gfp_mask);
|
2007-03-26 23:43:41 -06:00
|
|
|
spin_lock_irqsave(&client->lock, flags);
|
2013-02-27 18:04:05 -07:00
|
|
|
|
2008-12-21 08:47:17 -07:00
|
|
|
if (client->in_shutdown)
|
|
|
|
|
ret = -ECANCELED;
|
|
|
|
|
else
|
2013-02-27 18:04:05 -07:00
|
|
|
ret = idr_alloc(&client->resource_idr, resource, 0, 0,
|
|
|
|
|
GFP_NOWAIT);
|
2009-01-04 08:23:29 -07:00
|
|
|
if (ret >= 0) {
|
2013-02-27 18:04:05 -07:00
|
|
|
resource->handle = ret;
|
2009-01-04 08:23:29 -07:00
|
|
|
client_get(client);
|
2009-10-07 16:41:10 -06:00
|
|
|
schedule_if_iso_resource(resource);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
2008-12-21 08:47:17 -07:00
|
|
|
|
2013-02-27 18:04:05 -07:00
|
|
|
spin_unlock_irqrestore(&client->lock, flags);
|
|
|
|
|
if (preload)
|
|
|
|
|
idr_preload_end();
|
2008-12-21 08:47:17 -07:00
|
|
|
|
|
|
|
|
return ret < 0 ? ret : 0;
|
2007-03-26 23:43:41 -06:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static int release_client_resource(struct client *client, u32 handle,
|
|
|
|
|
client_resource_release_fn_t release,
|
2009-10-07 16:41:38 -06:00
|
|
|
struct client_resource **return_resource)
|
2007-03-26 23:43:41 -06:00
|
|
|
{
|
2009-10-07 16:41:38 -06:00
|
|
|
struct client_resource *resource;
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_lock_irq(&client->lock);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (client->in_shutdown)
|
2009-10-07 16:41:38 -06:00
|
|
|
resource = NULL;
|
2008-12-21 08:47:17 -07:00
|
|
|
else
|
2009-10-07 16:41:38 -06:00
|
|
|
resource = idr_find(&client->resource_idr, handle);
|
|
|
|
|
if (resource && resource->release == release)
|
2008-12-21 08:47:17 -07:00
|
|
|
idr_remove(&client->resource_idr, handle);
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_unlock_irq(&client->lock);
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2009-10-07 16:41:38 -06:00
|
|
|
if (!(resource && resource->release == release))
|
2007-03-26 23:43:41 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2009-10-07 16:41:38 -06:00
|
|
|
if (return_resource)
|
|
|
|
|
*return_resource = resource;
|
2007-03-26 23:43:41 -06:00
|
|
|
else
|
2009-10-07 16:41:38 -06:00
|
|
|
resource->release(client, resource);
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
client_put(client);
|
|
|
|
|
|
2007-03-26 23:43:41 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void release_transaction(struct client *client,
|
|
|
|
|
struct client_resource *resource)
|
2007-03-26 23:43:41 -06:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void complete_transaction(struct fw_card *card, int rcode,
|
|
|
|
|
void *payload, size_t length, void *data)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct outbound_transaction_event *e = data;
|
|
|
|
|
struct fw_cdev_event_response *rsp = &e->response;
|
|
|
|
|
struct client *client = e->client;
|
2007-03-07 10:12:50 -07:00
|
|
|
unsigned long flags;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
if (length < rsp->length)
|
|
|
|
|
rsp->length = length;
|
2006-12-19 17:58:31 -07:00
|
|
|
if (rcode == RCODE_COMPLETE)
|
2009-01-04 08:23:29 -07:00
|
|
|
memcpy(rsp->data, payload, rsp->length);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2007-03-07 10:12:50 -07:00
|
|
|
spin_lock_irqsave(&client->lock, flags);
|
2011-01-10 09:28:39 -07:00
|
|
|
idr_remove(&client->resource_idr, e->r.resource.handle);
|
|
|
|
|
if (client->in_shutdown)
|
|
|
|
|
wake_up(&client->tx_flush_wait);
|
2007-03-07 10:12:50 -07:00
|
|
|
spin_unlock_irqrestore(&client->lock, flags);
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
rsp->type = FW_CDEV_EVENT_RESPONSE;
|
|
|
|
|
rsp->rcode = rcode;
|
2008-07-30 00:46:25 -06:00
|
|
|
|
|
|
|
|
/*
|
2009-01-04 08:23:29 -07:00
|
|
|
* In the case that sizeof(*rsp) doesn't align with the position of the
|
2008-07-30 00:46:25 -06:00
|
|
|
* data, and the read is short, preserve an extra copy of the data
|
|
|
|
|
* to stay compatible with a pre-2.6.27 bug. Since the bug is harmless
|
|
|
|
|
* for short reads and some apps depended on it, this is both safe
|
|
|
|
|
* and prudent for compatibility.
|
|
|
|
|
*/
|
2009-01-04 08:23:29 -07:00
|
|
|
if (rsp->length <= sizeof(*rsp) - offsetof(typeof(*rsp), data))
|
|
|
|
|
queue_event(client, &e->event, rsp, sizeof(*rsp),
|
|
|
|
|
rsp->data, rsp->length);
|
2008-07-30 00:46:25 -06:00
|
|
|
else
|
2009-01-04 08:23:29 -07:00
|
|
|
queue_event(client, &e->event, rsp, sizeof(*rsp) + rsp->length,
|
2008-07-30 00:46:25 -06:00
|
|
|
NULL, 0);
|
2009-01-04 08:23:29 -07:00
|
|
|
|
2011-01-10 09:28:39 -07:00
|
|
|
/* Drop the idr's reference */
|
|
|
|
|
client_put(client);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static int init_request(struct client *client,
|
|
|
|
|
struct fw_cdev_send_request *request,
|
|
|
|
|
int destination_id, int speed)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct outbound_transaction_event *e;
|
2008-12-05 14:44:42 -07:00
|
|
|
int ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-03-10 14:02:21 -06:00
|
|
|
if (request->tcode != TCODE_STREAM_DATA &&
|
|
|
|
|
(request->length > 4096 || request->length > 512 << speed))
|
2009-01-04 08:23:29 -07:00
|
|
|
return -EIO;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-07-07 06:37:30 -06:00
|
|
|
if (request->tcode == TCODE_WRITE_QUADLET_REQUEST &&
|
|
|
|
|
request->length < 4)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
|
|
|
|
|
if (e == NULL)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
e->client = client;
|
|
|
|
|
e->response.length = request->length;
|
|
|
|
|
e->response.closure = request->closure;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2007-04-30 13:03:13 -06:00
|
|
|
if (request->data &&
|
2009-01-04 08:23:29 -07:00
|
|
|
copy_from_user(e->response.data,
|
2007-04-30 13:03:13 -06:00
|
|
|
u64_to_uptr(request->data), request->length)) {
|
2008-12-05 14:44:42 -07:00
|
|
|
ret = -EFAULT;
|
2008-12-21 08:47:17 -07:00
|
|
|
goto failed;
|
2008-12-05 14:44:42 -07:00
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
e->r.resource.release = release_transaction;
|
|
|
|
|
ret = add_client_resource(client, &e->r.resource, GFP_KERNEL);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto failed;
|
2007-03-07 10:12:50 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
fw_send_request(client->device->card, &e->r.transaction,
|
2009-03-10 14:01:54 -06:00
|
|
|
request->tcode, destination_id, request->generation,
|
|
|
|
|
speed, request->offset, e->response.data,
|
|
|
|
|
request->length, complete_transaction, e);
|
|
|
|
|
return 0;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2008-12-21 08:47:17 -07:00
|
|
|
failed:
|
2009-01-04 08:23:29 -07:00
|
|
|
kfree(e);
|
2008-12-05 14:44:42 -07:00
|
|
|
|
|
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_send_request(struct client *client, union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
switch (arg->send_request.tcode) {
|
2009-01-04 08:23:29 -07:00
|
|
|
case TCODE_WRITE_QUADLET_REQUEST:
|
|
|
|
|
case TCODE_WRITE_BLOCK_REQUEST:
|
|
|
|
|
case TCODE_READ_QUADLET_REQUEST:
|
|
|
|
|
case TCODE_READ_BLOCK_REQUEST:
|
|
|
|
|
case TCODE_LOCK_MASK_SWAP:
|
|
|
|
|
case TCODE_LOCK_COMPARE_SWAP:
|
|
|
|
|
case TCODE_LOCK_FETCH_ADD:
|
|
|
|
|
case TCODE_LOCK_LITTLE_ADD:
|
|
|
|
|
case TCODE_LOCK_BOUNDED_ADD:
|
|
|
|
|
case TCODE_LOCK_WRAP_ADD:
|
|
|
|
|
case TCODE_LOCK_VENDOR_DEPENDENT:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_request(client, &arg->send_request, client->device->node_id,
|
2009-01-04 08:23:29 -07:00
|
|
|
client->device->max_speed);
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-24 08:45:03 -07:00
|
|
|
static inline bool is_fcp_request(struct fw_request *request)
|
|
|
|
|
{
|
|
|
|
|
return request == NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void release_request(struct client *client,
|
|
|
|
|
struct client_resource *resource)
|
2007-03-26 23:43:41 -06:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct inbound_transaction_resource *r = container_of(resource,
|
|
|
|
|
struct inbound_transaction_resource, resource);
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2010-01-24 08:45:03 -07:00
|
|
|
if (is_fcp_request(r->request))
|
|
|
|
|
kfree(r->data);
|
|
|
|
|
else
|
firewire: cdev: fix responses to nodes at different card
My box has two firewire cards in it: card0 and card1.
My application opens /dev/fw0 (card 0) and allocates an address space.
The core makes the address space available on both cards.
Along comes the remote device, which sends a READ_QUADLET_REQUEST to
card1. The request gets passed up to my application, which calls
ioctl_send_response().
ioctl_send_response() then calls fw_send_response() with card0,
because that's the card it's bound to.
Card0's driver drops the response, because it isn't part of
a transaction that it has outstanding.
So in core-cdev: handle_request(), we need to stash the
card of the inbound request in the struct inbound_transaction_resource and
use that card to send the response to.
The hard part will be refcounting the card correctly
so it can't get deallocated while we hold a pointer to it.
Here's a trivial patch, which does not do the card refcounting, but at
least demonstrates what the problem is.
Note that we can't depend on the fact that the core-cdev:client
structure holds a card open, because in this case the card it holds
open is not the card the request came in on.
..and there's no way for the core to tell cdev "this card is gone,
kill any inbound transactions on it", while cdev holds the transaction
open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
very long time. But when it does, it calls fw_send_response(), which
will dereference the card...
So how unhappy are we about userspace potentially holding a fw_card
open forever?
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Reference counting to be addressed in a separate change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (whitespace)
2010-05-18 12:02:45 -06:00
|
|
|
fw_send_response(r->card, r->request, RCODE_CONFLICT_ERROR);
|
firewire: cdev: count references of cards during inbound transactions
If a request comes in to an address range managed by a userspace driver
i.e. <linux/firewire-cdev.h> client, the card instance of request and
response may differ from the card instance of the client device.
Therefore we need to take a reference of the card until the response was
sent.
I thought about putting the reference counting into core-transaction.c,
but the various high-level drivers besides cdev clients (firewire-net,
firewire-sbp2, firedtv) use the card pointer in their fw_address_handler
address_callback method only to look up devices of which they already
hold the necessary references. So this seems to be a specific
firewire-cdev issue which is better addressed locally.
We do not need the reference
- in case of FCP_REQUEST or FCP_RESPONSE requests because then the
firewire-core will send the split transaction response for us
already in the context of the request handler,
- if it is the same card as the client device's because we hold a
card reference indirectly via teh client->device reference.
To keep things simple, we take the reference nevertheless.
Jay Fenlason wrote:
> there's no way for the core to tell cdev "this card is gone,
> kill any inbound transactions on it", while cdev holds the transaction
> open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
> very long time. But when it does, it calls fw_send_response(), which
> will dereference the card...
>
> So how unhappy are we about userspace potentially holding a fw_card
> open forever?
While termination of inbound transcations at card removal could be
implemented, it is IMO not worth the effort. Currently, the effect of
holding a reference of a card that has been removed is to block the
process that called the pci_remove of the card. This is
- either a user process ran by root. Root can find and kill processes
that have /dev/fw* open, if desired.
- a kernel thread (which one?) in case of hot removal of a PCCard or
ExpressCard.
The latter case could be a problem indeed. firewire-core's card
shutdown and card release should probably be improved not to block in
shutdown, just to defer freeing of memory until release.
This is not a new problem though; the same already always happens with
the client->device->card without the need of inbound transactions or
other special conditions involved, other than the client not closing the
file.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:52:27 -06:00
|
|
|
|
|
|
|
|
fw_card_put(r->card);
|
2009-01-04 08:23:29 -07:00
|
|
|
kfree(r);
|
2007-03-26 23:43:41 -06:00
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static void handle_request(struct fw_card *card, struct fw_request *request,
|
2008-12-14 13:47:04 -07:00
|
|
|
int tcode, int destination, int source,
|
2010-06-20 14:50:35 -06:00
|
|
|
int generation, unsigned long long offset,
|
2008-12-14 13:47:04 -07:00
|
|
|
void *payload, size_t length, void *callback_data)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct address_handler_resource *handler = callback_data;
|
|
|
|
|
struct inbound_transaction_resource *r;
|
|
|
|
|
struct inbound_transaction_event *e;
|
firewire: cdev: fix ABI for FCP and address range mapping, add fw_cdev_event_request2
The problem:
A target-like userspace driver, e.g. AV/C target or SBP-2/3 target,
needs to be able to act as responder and requester. In the latter role,
it needs to send requests to nods from which it received requests. This
is currently impossible because fw_cdev_event_request lacks information
about sender node ID.
Reported-by: Jay Fenlason <fenlason@redhat.com>
Libffado + libraw1394 + firewire-core is currently unable to drive two
or more audio devices on the same bus.
Reported-by: Arnold Krille <arnold@arnoldarts.de>
This is because libffado requires destination node ID of FCP requests
and sender node ID of FCP responses to match. It even prohibits
libffado from working with a bus on which libraw1394 opens a /dev/fw* as
default ioctl device that does not correspond with the audio device.
This is because libraw1394 does not receive the sender node ID from the
kernel.
Moreover, fw_cdev_event_request makes it impossible to tell unicast and
broadcast write requests apart.
The fix:
Add a replacement of struct fw_cdev_event_request request, boringly
called struct fw_cdev_event_request2. The new event will be sent to a
userspace client instead of the old one if the client claims
compatibility with <linux/firewire-cdev.h> ABI version 4 or later.
libraw1394 needs to be extended to make use of the new event, in order
to properly support libffado and other FCP or address range mapping
users who require correct sender node IDs.
Further notes:
While we are at it, change back the range of possible values of
fw_cdev_event_request.tcode to 0x0...0xb like in ABI version <= 3.
The preceding change "firewire: expose extended tcode of incoming lock
requests to (userspace) drivers" expanded it to 0x0...0x17 which could
catch sloppily coded clients by surprise. The extended range of codes
is only used in the new fw_cdev_event_request2.tcode.
Jay and I also suggested an alternative approach to fix the ABI for
incoming requests: Add an FW_CDEV_IOC_GET_REQUEST_INFO ioctl which can
be called after reception of an fw_cdev_event_request, before issuing of
the closing FW_CDEV_IOC_SEND_RESPONSE ioctl. The new ioctl would reveal
the vital information about a request that fw_cdev_event_request lacks.
Jay showed an implementation of this approach.
The former event approach adds 27 LOC of rather trivial code to
core-cdev.c, the ioctl approach 34 LOC, some of which is nontrivial.
The ioctl approach would certainly also add more LOC to userspace
programs which require the expanded information on inbound requests.
This approach is probably only on the lighter-weight side in case of
clients that want to be compatible with kernels that lack the new
capability, like libraw1394. However, the code to be added to such
libraw1394-like clients in case of the event approach is a straight-
forward additional switch () case in its event handler.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:53:55 -06:00
|
|
|
size_t event_size0;
|
2010-01-24 08:45:03 -07:00
|
|
|
void *fcp_frame = NULL;
|
2008-12-21 08:47:17 -07:00
|
|
|
int ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
firewire: cdev: count references of cards during inbound transactions
If a request comes in to an address range managed by a userspace driver
i.e. <linux/firewire-cdev.h> client, the card instance of request and
response may differ from the card instance of the client device.
Therefore we need to take a reference of the card until the response was
sent.
I thought about putting the reference counting into core-transaction.c,
but the various high-level drivers besides cdev clients (firewire-net,
firewire-sbp2, firedtv) use the card pointer in their fw_address_handler
address_callback method only to look up devices of which they already
hold the necessary references. So this seems to be a specific
firewire-cdev issue which is better addressed locally.
We do not need the reference
- in case of FCP_REQUEST or FCP_RESPONSE requests because then the
firewire-core will send the split transaction response for us
already in the context of the request handler,
- if it is the same card as the client device's because we hold a
card reference indirectly via teh client->device reference.
To keep things simple, we take the reference nevertheless.
Jay Fenlason wrote:
> there's no way for the core to tell cdev "this card is gone,
> kill any inbound transactions on it", while cdev holds the transaction
> open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
> very long time. But when it does, it calls fw_send_response(), which
> will dereference the card...
>
> So how unhappy are we about userspace potentially holding a fw_card
> open forever?
While termination of inbound transcations at card removal could be
implemented, it is IMO not worth the effort. Currently, the effect of
holding a reference of a card that has been removed is to block the
process that called the pci_remove of the card. This is
- either a user process ran by root. Root can find and kill processes
that have /dev/fw* open, if desired.
- a kernel thread (which one?) in case of hot removal of a PCCard or
ExpressCard.
The latter case could be a problem indeed. firewire-core's card
shutdown and card release should probably be improved not to block in
shutdown, just to defer freeing of memory until release.
This is not a new problem though; the same already always happens with
the client->device->card without the need of inbound transactions or
other special conditions involved, other than the client not closing the
file.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:52:27 -06:00
|
|
|
/* card may be different from handler->client->device->card */
|
|
|
|
|
fw_card_get(card);
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r = kmalloc(sizeof(*r), GFP_ATOMIC);
|
2007-05-09 17:23:14 -06:00
|
|
|
e = kmalloc(sizeof(*e), GFP_ATOMIC);
|
2013-03-24 10:32:00 -06:00
|
|
|
if (r == NULL || e == NULL)
|
2008-12-21 08:47:17 -07:00
|
|
|
goto failed;
|
2013-03-24 10:32:00 -06:00
|
|
|
|
firewire: cdev: fix responses to nodes at different card
My box has two firewire cards in it: card0 and card1.
My application opens /dev/fw0 (card 0) and allocates an address space.
The core makes the address space available on both cards.
Along comes the remote device, which sends a READ_QUADLET_REQUEST to
card1. The request gets passed up to my application, which calls
ioctl_send_response().
ioctl_send_response() then calls fw_send_response() with card0,
because that's the card it's bound to.
Card0's driver drops the response, because it isn't part of
a transaction that it has outstanding.
So in core-cdev: handle_request(), we need to stash the
card of the inbound request in the struct inbound_transaction_resource and
use that card to send the response to.
The hard part will be refcounting the card correctly
so it can't get deallocated while we hold a pointer to it.
Here's a trivial patch, which does not do the card refcounting, but at
least demonstrates what the problem is.
Note that we can't depend on the fact that the core-cdev:client
structure holds a card open, because in this case the card it holds
open is not the card the request came in on.
..and there's no way for the core to tell cdev "this card is gone,
kill any inbound transactions on it", while cdev holds the transaction
open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
very long time. But when it does, it calls fw_send_response(), which
will dereference the card...
So how unhappy are we about userspace potentially holding a fw_card
open forever?
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Reference counting to be addressed in a separate change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (whitespace)
2010-05-18 12:02:45 -06:00
|
|
|
r->card = card;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->request = request;
|
|
|
|
|
r->data = payload;
|
|
|
|
|
r->length = length;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-01-24 08:45:03 -07:00
|
|
|
if (is_fcp_request(request)) {
|
|
|
|
|
/*
|
|
|
|
|
* FIXME: Let core-transaction.c manage a
|
|
|
|
|
* single reference-counted copy?
|
|
|
|
|
*/
|
|
|
|
|
fcp_frame = kmemdup(payload, length, GFP_ATOMIC);
|
|
|
|
|
if (fcp_frame == NULL)
|
|
|
|
|
goto failed;
|
|
|
|
|
|
|
|
|
|
r->data = fcp_frame;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r->resource.release = release_request;
|
|
|
|
|
ret = add_client_resource(handler->client, &r->resource, GFP_ATOMIC);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto failed;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
firewire: cdev: fix ABI for FCP and address range mapping, add fw_cdev_event_request2
The problem:
A target-like userspace driver, e.g. AV/C target or SBP-2/3 target,
needs to be able to act as responder and requester. In the latter role,
it needs to send requests to nods from which it received requests. This
is currently impossible because fw_cdev_event_request lacks information
about sender node ID.
Reported-by: Jay Fenlason <fenlason@redhat.com>
Libffado + libraw1394 + firewire-core is currently unable to drive two
or more audio devices on the same bus.
Reported-by: Arnold Krille <arnold@arnoldarts.de>
This is because libffado requires destination node ID of FCP requests
and sender node ID of FCP responses to match. It even prohibits
libffado from working with a bus on which libraw1394 opens a /dev/fw* as
default ioctl device that does not correspond with the audio device.
This is because libraw1394 does not receive the sender node ID from the
kernel.
Moreover, fw_cdev_event_request makes it impossible to tell unicast and
broadcast write requests apart.
The fix:
Add a replacement of struct fw_cdev_event_request request, boringly
called struct fw_cdev_event_request2. The new event will be sent to a
userspace client instead of the old one if the client claims
compatibility with <linux/firewire-cdev.h> ABI version 4 or later.
libraw1394 needs to be extended to make use of the new event, in order
to properly support libffado and other FCP or address range mapping
users who require correct sender node IDs.
Further notes:
While we are at it, change back the range of possible values of
fw_cdev_event_request.tcode to 0x0...0xb like in ABI version <= 3.
The preceding change "firewire: expose extended tcode of incoming lock
requests to (userspace) drivers" expanded it to 0x0...0x17 which could
catch sloppily coded clients by surprise. The extended range of codes
is only used in the new fw_cdev_event_request2.tcode.
Jay and I also suggested an alternative approach to fix the ABI for
incoming requests: Add an FW_CDEV_IOC_GET_REQUEST_INFO ioctl which can
be called after reception of an fw_cdev_event_request, before issuing of
the closing FW_CDEV_IOC_SEND_RESPONSE ioctl. The new ioctl would reveal
the vital information about a request that fw_cdev_event_request lacks.
Jay showed an implementation of this approach.
The former event approach adds 27 LOC of rather trivial code to
core-cdev.c, the ioctl approach 34 LOC, some of which is nontrivial.
The ioctl approach would certainly also add more LOC to userspace
programs which require the expanded information on inbound requests.
This approach is probably only on the lighter-weight side in case of
clients that want to be compatible with kernels that lack the new
capability, like libraw1394. However, the code to be added to such
libraw1394-like clients in case of the event approach is a straight-
forward additional switch () case in its event handler.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:53:55 -06:00
|
|
|
if (handler->client->version < FW_CDEV_VERSION_EVENT_REQUEST2) {
|
|
|
|
|
struct fw_cdev_event_request *req = &e->req.request;
|
|
|
|
|
|
|
|
|
|
if (tcode & 0x10)
|
|
|
|
|
tcode = TCODE_LOCK_REQUEST;
|
|
|
|
|
|
|
|
|
|
req->type = FW_CDEV_EVENT_REQUEST;
|
|
|
|
|
req->tcode = tcode;
|
|
|
|
|
req->offset = offset;
|
|
|
|
|
req->length = length;
|
|
|
|
|
req->handle = r->resource.handle;
|
|
|
|
|
req->closure = handler->closure;
|
|
|
|
|
event_size0 = sizeof(*req);
|
|
|
|
|
} else {
|
|
|
|
|
struct fw_cdev_event_request2 *req = &e->req.request2;
|
|
|
|
|
|
|
|
|
|
req->type = FW_CDEV_EVENT_REQUEST2;
|
|
|
|
|
req->tcode = tcode;
|
|
|
|
|
req->offset = offset;
|
|
|
|
|
req->source_node_id = source;
|
|
|
|
|
req->destination_node_id = destination;
|
|
|
|
|
req->card = card->index;
|
|
|
|
|
req->generation = generation;
|
|
|
|
|
req->length = length;
|
|
|
|
|
req->handle = r->resource.handle;
|
|
|
|
|
req->closure = handler->closure;
|
|
|
|
|
event_size0 = sizeof(*req);
|
|
|
|
|
}
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
queue_event(handler->client, &e->event,
|
firewire: cdev: fix ABI for FCP and address range mapping, add fw_cdev_event_request2
The problem:
A target-like userspace driver, e.g. AV/C target or SBP-2/3 target,
needs to be able to act as responder and requester. In the latter role,
it needs to send requests to nods from which it received requests. This
is currently impossible because fw_cdev_event_request lacks information
about sender node ID.
Reported-by: Jay Fenlason <fenlason@redhat.com>
Libffado + libraw1394 + firewire-core is currently unable to drive two
or more audio devices on the same bus.
Reported-by: Arnold Krille <arnold@arnoldarts.de>
This is because libffado requires destination node ID of FCP requests
and sender node ID of FCP responses to match. It even prohibits
libffado from working with a bus on which libraw1394 opens a /dev/fw* as
default ioctl device that does not correspond with the audio device.
This is because libraw1394 does not receive the sender node ID from the
kernel.
Moreover, fw_cdev_event_request makes it impossible to tell unicast and
broadcast write requests apart.
The fix:
Add a replacement of struct fw_cdev_event_request request, boringly
called struct fw_cdev_event_request2. The new event will be sent to a
userspace client instead of the old one if the client claims
compatibility with <linux/firewire-cdev.h> ABI version 4 or later.
libraw1394 needs to be extended to make use of the new event, in order
to properly support libffado and other FCP or address range mapping
users who require correct sender node IDs.
Further notes:
While we are at it, change back the range of possible values of
fw_cdev_event_request.tcode to 0x0...0xb like in ABI version <= 3.
The preceding change "firewire: expose extended tcode of incoming lock
requests to (userspace) drivers" expanded it to 0x0...0x17 which could
catch sloppily coded clients by surprise. The extended range of codes
is only used in the new fw_cdev_event_request2.tcode.
Jay and I also suggested an alternative approach to fix the ABI for
incoming requests: Add an FW_CDEV_IOC_GET_REQUEST_INFO ioctl which can
be called after reception of an fw_cdev_event_request, before issuing of
the closing FW_CDEV_IOC_SEND_RESPONSE ioctl. The new ioctl would reveal
the vital information about a request that fw_cdev_event_request lacks.
Jay showed an implementation of this approach.
The former event approach adds 27 LOC of rather trivial code to
core-cdev.c, the ioctl approach 34 LOC, some of which is nontrivial.
The ioctl approach would certainly also add more LOC to userspace
programs which require the expanded information on inbound requests.
This approach is probably only on the lighter-weight side in case of
clients that want to be compatible with kernels that lack the new
capability, like libraw1394. However, the code to be added to such
libraw1394-like clients in case of the event approach is a straight-
forward additional switch () case in its event handler.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:53:55 -06:00
|
|
|
&e->req, event_size0, r->data, length);
|
2008-12-21 08:47:17 -07:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
failed:
|
2009-01-04 08:23:29 -07:00
|
|
|
kfree(r);
|
2008-12-21 08:47:17 -07:00
|
|
|
kfree(e);
|
2010-01-24 08:45:03 -07:00
|
|
|
kfree(fcp_frame);
|
|
|
|
|
|
|
|
|
|
if (!is_fcp_request(request))
|
firewire: fix use of multiple AV/C devices, allow multiple FCP listeners
Control of more than one AV/C device at once --- e.g. camcorders, tape
decks, audio devices, TV tuners --- failed or worked only unreliably,
depending on driver implementation. This affected kernelspace and
userspace drivers alike and was caused by firewire-core's inability to
accept multiple registrations of FCP listeners.
The fix allows multiple address handlers to be registered for the FCP
command and response registers. When a request for these registers is
received, all handlers are invoked, and the Firewire response is
generated by the core and not by any handler.
The cdev API does not change, i.e., userspace is still expected to send
a response for FCP requests; this response is silently ignored.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (changelog, rebased, whitespace)
2009-12-24 04:05:58 -07:00
|
|
|
fw_send_response(card, request, RCODE_CONFLICT_ERROR);
|
firewire: cdev: count references of cards during inbound transactions
If a request comes in to an address range managed by a userspace driver
i.e. <linux/firewire-cdev.h> client, the card instance of request and
response may differ from the card instance of the client device.
Therefore we need to take a reference of the card until the response was
sent.
I thought about putting the reference counting into core-transaction.c,
but the various high-level drivers besides cdev clients (firewire-net,
firewire-sbp2, firedtv) use the card pointer in their fw_address_handler
address_callback method only to look up devices of which they already
hold the necessary references. So this seems to be a specific
firewire-cdev issue which is better addressed locally.
We do not need the reference
- in case of FCP_REQUEST or FCP_RESPONSE requests because then the
firewire-core will send the split transaction response for us
already in the context of the request handler,
- if it is the same card as the client device's because we hold a
card reference indirectly via teh client->device reference.
To keep things simple, we take the reference nevertheless.
Jay Fenlason wrote:
> there's no way for the core to tell cdev "this card is gone,
> kill any inbound transactions on it", while cdev holds the transaction
> open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
> very long time. But when it does, it calls fw_send_response(), which
> will dereference the card...
>
> So how unhappy are we about userspace potentially holding a fw_card
> open forever?
While termination of inbound transcations at card removal could be
implemented, it is IMO not worth the effort. Currently, the effect of
holding a reference of a card that has been removed is to block the
process that called the pci_remove of the card. This is
- either a user process ran by root. Root can find and kill processes
that have /dev/fw* open, if desired.
- a kernel thread (which one?) in case of hot removal of a PCCard or
ExpressCard.
The latter case could be a problem indeed. firewire-core's card
shutdown and card release should probably be improved not to block in
shutdown, just to defer freeing of memory until release.
This is not a new problem though; the same already always happens with
the client->device->card without the need of inbound transactions or
other special conditions involved, other than the client not closing the
file.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:52:27 -06:00
|
|
|
|
|
|
|
|
fw_card_put(card);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void release_address_handler(struct client *client,
|
|
|
|
|
struct client_resource *resource)
|
2007-03-26 23:43:41 -06:00
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct address_handler_resource *r =
|
|
|
|
|
container_of(resource, struct address_handler_resource, resource);
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
fw_core_remove_address_handler(&r->handler);
|
|
|
|
|
kfree(r);
|
2007-03-26 23:43:41 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_allocate(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_allocate *a = &arg->allocate;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct address_handler_resource *r;
|
2006-12-19 17:58:31 -07:00
|
|
|
struct fw_address_region region;
|
2008-12-21 08:47:17 -07:00
|
|
|
int ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r = kmalloc(sizeof(*r), GFP_KERNEL);
|
|
|
|
|
if (r == NULL)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
region.start = a->offset;
|
2010-07-23 05:05:39 -06:00
|
|
|
if (client->version < FW_CDEV_VERSION_ALLOCATE_REGION_END)
|
|
|
|
|
region.end = a->offset + a->length;
|
|
|
|
|
else
|
|
|
|
|
region.end = a->region_end;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
r->handler.length = a->length;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->handler.address_callback = handle_request;
|
2010-02-21 09:56:21 -07:00
|
|
|
r->handler.callback_data = r;
|
|
|
|
|
r->closure = a->closure;
|
|
|
|
|
r->client = client;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
ret = fw_core_add_address_handler(&r->handler, ®ion);
|
2008-12-14 11:21:01 -07:00
|
|
|
if (ret < 0) {
|
2009-01-04 08:23:29 -07:00
|
|
|
kfree(r);
|
2008-12-14 11:21:01 -07:00
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
2010-07-23 05:05:39 -06:00
|
|
|
a->offset = r->handler.offset;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r->resource.release = release_address_handler;
|
|
|
|
|
ret = add_client_resource(client, &r->resource, GFP_KERNEL);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (ret < 0) {
|
2009-01-04 08:23:29 -07:00
|
|
|
release_address_handler(client, &r->resource);
|
2008-12-21 08:47:17 -07:00
|
|
|
return ret;
|
|
|
|
|
}
|
2010-02-21 09:56:21 -07:00
|
|
|
a->handle = r->resource.handle;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_deallocate(struct client *client, union ioctl_arg *arg)
|
2007-03-14 15:34:55 -06:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return release_client_resource(client, arg->deallocate.handle,
|
2008-12-21 08:47:17 -07:00
|
|
|
release_address_handler, NULL);
|
2007-03-14 15:34:55 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_send_response(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_send_response *a = &arg->send_response;
|
2007-03-26 23:43:41 -06:00
|
|
|
struct client_resource *resource;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct inbound_transaction_resource *r;
|
2009-10-07 16:39:56 -06:00
|
|
|
int ret = 0;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (release_client_resource(client, a->handle,
|
2008-12-21 08:47:17 -07:00
|
|
|
release_request, &resource) < 0)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EINVAL;
|
2008-12-21 08:47:17 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r = container_of(resource, struct inbound_transaction_resource,
|
|
|
|
|
resource);
|
2010-01-24 08:45:03 -07:00
|
|
|
if (is_fcp_request(r->request))
|
|
|
|
|
goto out;
|
|
|
|
|
|
2010-05-19 00:28:32 -06:00
|
|
|
if (a->length != fw_get_response_length(r->request)) {
|
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
kfree(r->request);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (copy_from_user(r->data, u64_to_uptr(a->data), a->length)) {
|
2010-01-24 08:45:03 -07:00
|
|
|
ret = -EFAULT;
|
|
|
|
|
kfree(r->request);
|
|
|
|
|
goto out;
|
2009-10-07 16:39:56 -06:00
|
|
|
}
|
firewire: cdev: fix responses to nodes at different card
My box has two firewire cards in it: card0 and card1.
My application opens /dev/fw0 (card 0) and allocates an address space.
The core makes the address space available on both cards.
Along comes the remote device, which sends a READ_QUADLET_REQUEST to
card1. The request gets passed up to my application, which calls
ioctl_send_response().
ioctl_send_response() then calls fw_send_response() with card0,
because that's the card it's bound to.
Card0's driver drops the response, because it isn't part of
a transaction that it has outstanding.
So in core-cdev: handle_request(), we need to stash the
card of the inbound request in the struct inbound_transaction_resource and
use that card to send the response to.
The hard part will be refcounting the card correctly
so it can't get deallocated while we hold a pointer to it.
Here's a trivial patch, which does not do the card refcounting, but at
least demonstrates what the problem is.
Note that we can't depend on the fact that the core-cdev:client
structure holds a card open, because in this case the card it holds
open is not the card the request came in on.
..and there's no way for the core to tell cdev "this card is gone,
kill any inbound transactions on it", while cdev holds the transaction
open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
very long time. But when it does, it calls fw_send_response(), which
will dereference the card...
So how unhappy are we about userspace potentially holding a fw_card
open forever?
Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Reference counting to be addressed in a separate change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (whitespace)
2010-05-18 12:02:45 -06:00
|
|
|
fw_send_response(r->card, r->request, a->rcode);
|
2009-10-07 16:39:56 -06:00
|
|
|
out:
|
firewire: cdev: count references of cards during inbound transactions
If a request comes in to an address range managed by a userspace driver
i.e. <linux/firewire-cdev.h> client, the card instance of request and
response may differ from the card instance of the client device.
Therefore we need to take a reference of the card until the response was
sent.
I thought about putting the reference counting into core-transaction.c,
but the various high-level drivers besides cdev clients (firewire-net,
firewire-sbp2, firedtv) use the card pointer in their fw_address_handler
address_callback method only to look up devices of which they already
hold the necessary references. So this seems to be a specific
firewire-cdev issue which is better addressed locally.
We do not need the reference
- in case of FCP_REQUEST or FCP_RESPONSE requests because then the
firewire-core will send the split transaction response for us
already in the context of the request handler,
- if it is the same card as the client device's because we hold a
card reference indirectly via teh client->device reference.
To keep things simple, we take the reference nevertheless.
Jay Fenlason wrote:
> there's no way for the core to tell cdev "this card is gone,
> kill any inbound transactions on it", while cdev holds the transaction
> open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
> very long time. But when it does, it calls fw_send_response(), which
> will dereference the card...
>
> So how unhappy are we about userspace potentially holding a fw_card
> open forever?
While termination of inbound transcations at card removal could be
implemented, it is IMO not worth the effort. Currently, the effect of
holding a reference of a card that has been removed is to block the
process that called the pci_remove of the card. This is
- either a user process ran by root. Root can find and kill processes
that have /dev/fw* open, if desired.
- a kernel thread (which one?) in case of hot removal of a PCCard or
ExpressCard.
The latter case could be a problem indeed. firewire-core's card
shutdown and card release should probably be improved not to block in
shutdown, just to defer freeing of memory until release.
This is not a new problem though; the same already always happens with
the client->device->card without the need of inbound transactions or
other special conditions involved, other than the client not closing the
file.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-06-20 14:52:27 -06:00
|
|
|
fw_card_put(r->card);
|
2006-12-19 17:58:31 -07:00
|
|
|
kfree(r);
|
|
|
|
|
|
2009-10-07 16:39:56 -06:00
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_initiate_bus_reset(struct client *client, union ioctl_arg *arg)
|
2007-03-07 10:12:42 -07:00
|
|
|
{
|
2010-07-08 08:09:06 -06:00
|
|
|
fw_schedule_bus_reset(client->device->card, true,
|
2010-02-21 09:56:21 -07:00
|
|
|
arg->initiate_bus_reset.type == FW_CDEV_SHORT_RESET);
|
2010-07-08 08:09:06 -06:00
|
|
|
return 0;
|
2007-03-07 10:12:42 -07:00
|
|
|
}
|
|
|
|
|
|
2007-03-26 23:43:41 -06:00
|
|
|
static void release_descriptor(struct client *client,
|
|
|
|
|
struct client_resource *resource)
|
|
|
|
|
{
|
2009-01-04 08:23:29 -07:00
|
|
|
struct descriptor_resource *r =
|
|
|
|
|
container_of(resource, struct descriptor_resource, resource);
|
2007-03-26 23:43:41 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
fw_core_remove_descriptor(&r->descriptor);
|
|
|
|
|
kfree(r);
|
2007-03-26 23:43:41 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_add_descriptor(struct client *client, union ioctl_arg *arg)
|
2007-03-28 13:26:42 -06:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_add_descriptor *a = &arg->add_descriptor;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct descriptor_resource *r;
|
2008-12-21 08:47:17 -07:00
|
|
|
int ret;
|
2007-03-28 13:26:42 -06:00
|
|
|
|
2009-03-10 14:00:23 -06:00
|
|
|
/* Access policy: Allow this ioctl only on local nodes' device files. */
|
2009-05-13 13:42:14 -06:00
|
|
|
if (!client->device->is_local)
|
2009-03-10 14:00:23 -06:00
|
|
|
return -ENOSYS;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->length > 256)
|
2007-03-28 13:26:42 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
r = kmalloc(sizeof(*r) + a->length * 4, GFP_KERNEL);
|
2009-01-04 08:23:29 -07:00
|
|
|
if (r == NULL)
|
2007-03-28 13:26:42 -06:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (copy_from_user(r->data, u64_to_uptr(a->data), a->length * 4)) {
|
2008-12-21 08:47:17 -07:00
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto failed;
|
2007-03-28 13:26:42 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
r->descriptor.length = a->length;
|
|
|
|
|
r->descriptor.immediate = a->immediate;
|
|
|
|
|
r->descriptor.key = a->key;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->descriptor.data = r->data;
|
2007-03-28 13:26:42 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
ret = fw_core_add_descriptor(&r->descriptor);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto failed;
|
2007-03-28 13:26:42 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
r->resource.release = release_descriptor;
|
|
|
|
|
ret = add_client_resource(client, &r->resource, GFP_KERNEL);
|
2008-12-21 08:47:17 -07:00
|
|
|
if (ret < 0) {
|
2009-01-04 08:23:29 -07:00
|
|
|
fw_core_remove_descriptor(&r->descriptor);
|
2008-12-21 08:47:17 -07:00
|
|
|
goto failed;
|
|
|
|
|
}
|
2010-02-21 09:56:21 -07:00
|
|
|
a->handle = r->resource.handle;
|
2007-03-28 13:26:42 -06:00
|
|
|
|
|
|
|
|
return 0;
|
2008-12-21 08:47:17 -07:00
|
|
|
failed:
|
2009-01-04 08:23:29 -07:00
|
|
|
kfree(r);
|
2008-12-21 08:47:17 -07:00
|
|
|
|
|
|
|
|
return ret;
|
2007-03-28 13:26:42 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_remove_descriptor(struct client *client, union ioctl_arg *arg)
|
2007-03-28 13:26:42 -06:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return release_client_resource(client, arg->remove_descriptor.handle,
|
2008-12-21 08:47:17 -07:00
|
|
|
release_descriptor, NULL);
|
2007-03-28 13:26:42 -06:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static void iso_callback(struct fw_iso_context *context, u32 cycle,
|
|
|
|
|
size_t header_length, void *header, void *data)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
|
|
|
|
struct client *client = data;
|
2009-01-04 08:23:29 -07:00
|
|
|
struct iso_interrupt_event *e;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-06-07 16:20:10 -06:00
|
|
|
e = kmalloc(sizeof(*e) + header_length, GFP_ATOMIC);
|
2013-03-24 10:32:00 -06:00
|
|
|
if (e == NULL)
|
2006-12-19 17:58:31 -07:00
|
|
|
return;
|
2013-03-24 10:32:00 -06:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
e->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT;
|
|
|
|
|
e->interrupt.closure = client->iso_closure;
|
|
|
|
|
e->interrupt.cycle = cycle;
|
|
|
|
|
e->interrupt.header_length = header_length;
|
|
|
|
|
memcpy(e->interrupt.header, header, header_length);
|
|
|
|
|
queue_event(client, &e->event, &e->interrupt,
|
|
|
|
|
sizeof(e->interrupt) + header_length, NULL, 0);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
static void iso_mc_callback(struct fw_iso_context *context,
|
|
|
|
|
dma_addr_t completed, void *data)
|
|
|
|
|
{
|
|
|
|
|
struct client *client = data;
|
|
|
|
|
struct iso_interrupt_mc_event *e;
|
|
|
|
|
|
|
|
|
|
e = kmalloc(sizeof(*e), GFP_ATOMIC);
|
2013-03-24 10:32:00 -06:00
|
|
|
if (e == NULL)
|
2010-07-29 10:19:22 -06:00
|
|
|
return;
|
2013-03-24 10:32:00 -06:00
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
e->interrupt.type = FW_CDEV_EVENT_ISO_INTERRUPT_MULTICHANNEL;
|
|
|
|
|
e->interrupt.closure = client->iso_closure;
|
|
|
|
|
e->interrupt.completed = fw_iso_buffer_lookup(&client->buffer,
|
|
|
|
|
completed);
|
|
|
|
|
queue_event(client, &e->event, &e->interrupt,
|
|
|
|
|
sizeof(e->interrupt), NULL, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-09 12:51:18 -06:00
|
|
|
static enum dma_data_direction iso_dma_direction(struct fw_iso_context *context)
|
|
|
|
|
{
|
|
|
|
|
if (context->type == FW_ISO_CONTEXT_TRANSMIT)
|
|
|
|
|
return DMA_TO_DEVICE;
|
|
|
|
|
else
|
|
|
|
|
return DMA_FROM_DEVICE;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_create_iso_context *a = &arg->create_iso_context;
|
2007-06-20 15:48:07 -06:00
|
|
|
struct fw_iso_context *context;
|
2010-07-29 10:19:22 -06:00
|
|
|
fw_iso_callback_t cb;
|
2012-04-09 12:51:18 -06:00
|
|
|
int ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-07-07 06:13:14 -06:00
|
|
|
BUILD_BUG_ON(FW_CDEV_ISO_CONTEXT_TRANSMIT != FW_ISO_CONTEXT_TRANSMIT ||
|
2010-07-29 10:19:22 -06:00
|
|
|
FW_CDEV_ISO_CONTEXT_RECEIVE != FW_ISO_CONTEXT_RECEIVE ||
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_RECEIVE_MULTICHANNEL !=
|
|
|
|
|
FW_ISO_CONTEXT_RECEIVE_MULTICHANNEL);
|
2007-02-16 15:34:50 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
switch (a->type) {
|
2010-07-29 10:19:22 -06:00
|
|
|
case FW_ISO_CONTEXT_TRANSMIT:
|
|
|
|
|
if (a->speed > SCODE_3200 || a->channel > 63)
|
2007-03-14 15:34:53 -06:00
|
|
|
return -EINVAL;
|
2010-07-29 10:19:22 -06:00
|
|
|
|
|
|
|
|
cb = iso_callback;
|
2007-03-14 15:34:53 -06:00
|
|
|
break;
|
|
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
case FW_ISO_CONTEXT_RECEIVE:
|
|
|
|
|
if (a->header_size < 4 || (a->header_size & 3) ||
|
|
|
|
|
a->channel > 63)
|
2007-03-14 15:34:53 -06:00
|
|
|
return -EINVAL;
|
2010-07-29 10:19:22 -06:00
|
|
|
|
|
|
|
|
cb = iso_callback;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case FW_ISO_CONTEXT_RECEIVE_MULTICHANNEL:
|
|
|
|
|
cb = (fw_iso_callback_t)iso_mc_callback;
|
2007-03-14 15:34:53 -06:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
2007-02-16 15:34:50 -07:00
|
|
|
return -EINVAL;
|
2007-03-14 15:34:53 -06:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
context = fw_iso_context_create(client->device->card, a->type,
|
2010-07-29 10:19:22 -06:00
|
|
|
a->channel, a->speed, a->header_size, cb, client);
|
2007-06-20 15:48:07 -06:00
|
|
|
if (IS_ERR(context))
|
|
|
|
|
return PTR_ERR(context);
|
2013-07-22 13:32:09 -06:00
|
|
|
if (client->version < FW_CDEV_VERSION_AUTO_FLUSH_ISO_OVERFLOW)
|
|
|
|
|
context->drop_overflow_headers = true;
|
2007-06-20 15:48:07 -06:00
|
|
|
|
2010-06-14 03:46:25 -06:00
|
|
|
/* We only support one context at this time. */
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
if (client->iso_context != NULL) {
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
fw_iso_context_destroy(context);
|
2012-04-09 12:51:18 -06:00
|
|
|
|
2010-06-14 03:46:25 -06:00
|
|
|
return -EBUSY;
|
|
|
|
|
}
|
2012-04-09 12:51:18 -06:00
|
|
|
if (!client->buffer_is_mapped) {
|
|
|
|
|
ret = fw_iso_buffer_map_dma(&client->buffer,
|
|
|
|
|
client->device->card,
|
|
|
|
|
iso_dma_direction(context));
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
fw_iso_context_destroy(context);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
client->buffer_is_mapped = true;
|
|
|
|
|
}
|
2010-02-21 09:56:21 -07:00
|
|
|
client->iso_closure = a->closure;
|
2007-06-20 15:48:07 -06:00
|
|
|
client->iso_context = context;
|
2010-06-14 03:46:25 -06:00
|
|
|
spin_unlock_irq(&client->lock);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
a->handle = 0;
|
2007-04-30 13:03:14 -06:00
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
static int ioctl_set_iso_channels(struct client *client, union ioctl_arg *arg)
|
|
|
|
|
{
|
|
|
|
|
struct fw_cdev_set_iso_channels *a = &arg->set_iso_channels;
|
|
|
|
|
struct fw_iso_context *ctx = client->iso_context;
|
|
|
|
|
|
|
|
|
|
if (ctx == NULL || a->handle != 0)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
return fw_iso_context_set_channels(ctx, &a->channels);
|
|
|
|
|
}
|
|
|
|
|
|
2007-05-31 09:16:43 -06:00
|
|
|
/* Macros for decoding the iso packet control header. */
|
|
|
|
|
#define GET_PAYLOAD_LENGTH(v) ((v) & 0xffff)
|
|
|
|
|
#define GET_INTERRUPT(v) (((v) >> 16) & 0x01)
|
|
|
|
|
#define GET_SKIP(v) (((v) >> 17) & 0x01)
|
2008-09-12 10:09:55 -06:00
|
|
|
#define GET_TAG(v) (((v) >> 18) & 0x03)
|
|
|
|
|
#define GET_SY(v) (((v) >> 20) & 0x0f)
|
2007-05-31 09:16:43 -06:00
|
|
|
#define GET_HEADER_LENGTH(v) (((v) >> 24) & 0xff)
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_queue_iso(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_queue_iso *a = &arg->queue_iso;
|
2006-12-19 17:58:31 -07:00
|
|
|
struct fw_cdev_iso_packet __user *p, *end, *next;
|
2007-02-16 15:34:44 -07:00
|
|
|
struct fw_iso_context *ctx = client->iso_context;
|
2010-07-29 10:19:22 -06:00
|
|
|
unsigned long payload, buffer_end, transmit_header_bytes = 0;
|
2007-05-31 09:16:43 -06:00
|
|
|
u32 control;
|
2006-12-19 17:58:31 -07:00
|
|
|
int count;
|
|
|
|
|
struct {
|
|
|
|
|
struct fw_iso_packet packet;
|
|
|
|
|
u8 header[256];
|
|
|
|
|
} u;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (ctx == NULL || a->handle != 0)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-05-07 18:33:32 -06:00
|
|
|
/*
|
|
|
|
|
* If the user passes a non-NULL data pointer, has mmap()'ed
|
2006-12-19 17:58:31 -07:00
|
|
|
* the iso buffer, and the pointer points inside the buffer,
|
|
|
|
|
* we setup the payload pointers accordingly. Otherwise we
|
2007-02-16 15:34:38 -07:00
|
|
|
* set them both to 0, which will still let packets with
|
2006-12-19 17:58:31 -07:00
|
|
|
* payload_length == 0 through. In other words, if no packets
|
|
|
|
|
* use the indirect payload, the iso buffer need not be mapped
|
2010-02-21 09:56:21 -07:00
|
|
|
* and the a->data pointer is ignored.
|
2007-05-07 18:33:32 -06:00
|
|
|
*/
|
2010-02-21 09:56:21 -07:00
|
|
|
payload = (unsigned long)a->data - client->vm_start;
|
2007-03-28 12:46:23 -06:00
|
|
|
buffer_end = client->buffer.page_count << PAGE_SHIFT;
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->data == 0 || client->buffer.pages == NULL ||
|
2007-03-28 12:46:23 -06:00
|
|
|
payload >= buffer_end) {
|
2007-02-16 15:34:38 -07:00
|
|
|
payload = 0;
|
2007-03-28 12:46:23 -06:00
|
|
|
buffer_end = 0;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
if (ctx->type == FW_ISO_CONTEXT_RECEIVE_MULTICHANNEL && payload & 3)
|
|
|
|
|
return -EINVAL;
|
2007-10-14 12:34:40 -06:00
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
p = (struct fw_cdev_iso_packet __user *)u64_to_uptr(a->packets);
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-03 19:57:57 -07:00
|
|
|
if (!access_ok(p, a->size))
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
end = (void __user *)p + a->size;
|
2006-12-19 17:58:31 -07:00
|
|
|
count = 0;
|
|
|
|
|
while (p < end) {
|
2007-05-31 09:16:43 -06:00
|
|
|
if (get_user(control, &p->control))
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EFAULT;
|
2007-05-31 09:16:43 -06:00
|
|
|
u.packet.payload_length = GET_PAYLOAD_LENGTH(control);
|
|
|
|
|
u.packet.interrupt = GET_INTERRUPT(control);
|
|
|
|
|
u.packet.skip = GET_SKIP(control);
|
|
|
|
|
u.packet.tag = GET_TAG(control);
|
|
|
|
|
u.packet.sy = GET_SY(control);
|
|
|
|
|
u.packet.header_length = GET_HEADER_LENGTH(control);
|
2007-02-16 15:34:40 -07:00
|
|
|
|
2010-07-29 10:19:22 -06:00
|
|
|
switch (ctx->type) {
|
|
|
|
|
case FW_ISO_CONTEXT_TRANSMIT:
|
|
|
|
|
if (u.packet.header_length & 3)
|
2010-03-31 08:26:46 -06:00
|
|
|
return -EINVAL;
|
2010-07-29 01:31:56 -06:00
|
|
|
transmit_header_bytes = u.packet.header_length;
|
2010-07-29 10:19:22 -06:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case FW_ISO_CONTEXT_RECEIVE:
|
2010-07-28 15:49:45 -06:00
|
|
|
if (u.packet.header_length == 0 ||
|
|
|
|
|
u.packet.header_length % ctx->header_size != 0)
|
2010-03-31 08:26:46 -06:00
|
|
|
return -EINVAL;
|
2010-07-29 10:19:22 -06:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case FW_ISO_CONTEXT_RECEIVE_MULTICHANNEL:
|
|
|
|
|
if (u.packet.payload_length == 0 ||
|
|
|
|
|
u.packet.payload_length & 3)
|
2007-02-16 15:34:40 -07:00
|
|
|
return -EINVAL;
|
2010-07-29 10:19:22 -06:00
|
|
|
break;
|
2007-02-16 15:34:40 -07:00
|
|
|
}
|
|
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
next = (struct fw_cdev_iso_packet __user *)
|
2010-07-29 01:31:56 -06:00
|
|
|
&p->header[transmit_header_bytes / 4];
|
2006-12-19 17:58:31 -07:00
|
|
|
if (next > end)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if (__copy_from_user
|
2010-07-29 01:31:56 -06:00
|
|
|
(u.packet.header, p->header, transmit_header_bytes))
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EFAULT;
|
2007-02-16 15:34:51 -07:00
|
|
|
if (u.packet.skip && ctx->type == FW_ISO_CONTEXT_TRANSMIT &&
|
2006-12-19 17:58:31 -07:00
|
|
|
u.packet.header_length + u.packet.payload_length > 0)
|
|
|
|
|
return -EINVAL;
|
2007-03-28 12:46:23 -06:00
|
|
|
if (payload + u.packet.payload_length > buffer_end)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-02-16 15:34:44 -07:00
|
|
|
if (fw_iso_context_queue(ctx, &u.packet,
|
|
|
|
|
&client->buffer, payload))
|
2006-12-19 17:58:31 -07:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
p = next;
|
|
|
|
|
payload += u.packet.payload_length;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
2011-05-02 01:33:56 -06:00
|
|
|
fw_iso_context_queue_flush(ctx);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
a->size -= uptr_to_u64(p) - a->packets;
|
|
|
|
|
a->packets = uptr_to_u64(p);
|
|
|
|
|
a->data = client->vm_start + payload;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_start_iso(struct client *client, union ioctl_arg *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_start_iso *a = &arg->start_iso;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-07-07 06:13:14 -06:00
|
|
|
BUILD_BUG_ON(
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_MATCH_TAG0 != FW_ISO_CONTEXT_MATCH_TAG0 ||
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_MATCH_TAG1 != FW_ISO_CONTEXT_MATCH_TAG1 ||
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_MATCH_TAG2 != FW_ISO_CONTEXT_MATCH_TAG2 ||
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_MATCH_TAG3 != FW_ISO_CONTEXT_MATCH_TAG3 ||
|
|
|
|
|
FW_CDEV_ISO_CONTEXT_MATCH_ALL_TAGS != FW_ISO_CONTEXT_MATCH_ALL_TAGS);
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (client->iso_context == NULL || a->handle != 0)
|
2007-04-30 13:03:14 -06:00
|
|
|
return -EINVAL;
|
2008-02-20 13:10:06 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (client->iso_context->type == FW_ISO_CONTEXT_RECEIVE &&
|
|
|
|
|
(a->tags == 0 || a->tags > 15 || a->sync > 15))
|
|
|
|
|
return -EINVAL;
|
2007-03-14 15:34:54 -06:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
return fw_iso_context_start(client->iso_context,
|
|
|
|
|
a->cycle, a->sync, a->tags);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_stop_iso(struct client *client, union ioctl_arg *arg)
|
2007-02-16 15:34:42 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_stop_iso *a = &arg->stop_iso;
|
2007-04-30 13:03:14 -06:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (client->iso_context == NULL || a->handle != 0)
|
2007-04-30 13:03:14 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-02-16 15:34:42 -07:00
|
|
|
return fw_iso_context_stop(client->iso_context);
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-18 12:06:39 -06:00
|
|
|
static int ioctl_flush_iso(struct client *client, union ioctl_arg *arg)
|
|
|
|
|
{
|
|
|
|
|
struct fw_cdev_flush_iso *a = &arg->flush_iso;
|
|
|
|
|
|
|
|
|
|
if (client->iso_context == NULL || a->handle != 0)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
return fw_iso_context_flush_completions(client->iso_context);
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_get_cycle_timer2(struct client *client, union ioctl_arg *arg)
|
2007-09-29 02:41:58 -06:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_get_cycle_timer2 *a = &arg->get_cycle_timer2;
|
2007-09-29 02:41:58 -06:00
|
|
|
struct fw_card *card = client->device->card;
|
2018-08-17 16:43:44 -06:00
|
|
|
struct timespec64 ts = {0, 0};
|
2010-02-20 14:24:43 -07:00
|
|
|
u32 cycle_time;
|
2010-02-20 04:13:49 -07:00
|
|
|
int ret = 0;
|
2007-09-29 02:41:58 -06:00
|
|
|
|
2010-02-20 14:24:43 -07:00
|
|
|
local_irq_disable();
|
2007-09-29 02:41:58 -06:00
|
|
|
|
2010-06-12 12:35:52 -06:00
|
|
|
cycle_time = card->driver->read_csr(card, CSR_CYCLE_TIME);
|
2010-02-20 04:13:49 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
switch (a->clk_id) {
|
2018-08-17 16:43:44 -06:00
|
|
|
case CLOCK_REALTIME: ktime_get_real_ts64(&ts); break;
|
|
|
|
|
case CLOCK_MONOTONIC: ktime_get_ts64(&ts); break;
|
|
|
|
|
case CLOCK_MONOTONIC_RAW: ktime_get_raw_ts64(&ts); break;
|
2010-02-20 04:13:49 -07:00
|
|
|
default:
|
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
}
|
2007-09-29 02:41:58 -06:00
|
|
|
|
2010-02-20 14:24:43 -07:00
|
|
|
local_irq_enable();
|
2007-09-29 02:41:58 -06:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
a->tv_sec = ts.tv_sec;
|
|
|
|
|
a->tv_nsec = ts.tv_nsec;
|
|
|
|
|
a->cycle_timer = cycle_time;
|
2010-02-20 04:13:49 -07:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_get_cycle_timer(struct client *client, union ioctl_arg *arg)
|
2010-02-20 04:13:49 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_get_cycle_timer *a = &arg->get_cycle_timer;
|
2010-02-20 04:13:49 -07:00
|
|
|
struct fw_cdev_get_cycle_timer2 ct2;
|
|
|
|
|
|
|
|
|
|
ct2.clk_id = CLOCK_REALTIME;
|
2010-02-21 09:56:21 -07:00
|
|
|
ioctl_get_cycle_timer2(client, (union ioctl_arg *)&ct2);
|
2010-02-20 04:13:49 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
a->local_time = ct2.tv_sec * USEC_PER_SEC + ct2.tv_nsec / NSEC_PER_USEC;
|
|
|
|
|
a->cycle_timer = ct2.cycle_timer;
|
2010-02-20 14:24:43 -07:00
|
|
|
|
2007-09-29 02:41:58 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static void iso_resource_work(struct work_struct *work)
|
|
|
|
|
{
|
|
|
|
|
struct iso_resource_event *e;
|
|
|
|
|
struct iso_resource *r =
|
|
|
|
|
container_of(work, struct iso_resource, work.work);
|
|
|
|
|
struct client *client = r->client;
|
|
|
|
|
int generation, channel, bandwidth, todo;
|
|
|
|
|
bool skip, free, success;
|
|
|
|
|
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
generation = client->device->generation;
|
|
|
|
|
todo = r->todo;
|
|
|
|
|
/* Allow 1000ms grace period for other reallocations. */
|
|
|
|
|
if (todo == ISO_RES_ALLOC &&
|
2011-01-22 07:05:03 -07:00
|
|
|
time_before64(get_jiffies_64(),
|
|
|
|
|
client->device->card->reset_jiffies + HZ)) {
|
2009-10-07 16:41:10 -06:00
|
|
|
schedule_iso_resource(r, DIV_ROUND_UP(HZ, 3));
|
2009-01-04 08:23:29 -07:00
|
|
|
skip = true;
|
|
|
|
|
} else {
|
|
|
|
|
/* We could be called twice within the same generation. */
|
|
|
|
|
skip = todo == ISO_RES_REALLOC &&
|
|
|
|
|
r->generation == generation;
|
|
|
|
|
}
|
2009-01-04 08:23:29 -07:00
|
|
|
free = todo == ISO_RES_DEALLOC ||
|
|
|
|
|
todo == ISO_RES_ALLOC_ONCE ||
|
|
|
|
|
todo == ISO_RES_DEALLOC_ONCE;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->generation = generation;
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
|
|
|
|
|
if (skip)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
bandwidth = r->bandwidth;
|
|
|
|
|
|
|
|
|
|
fw_iso_resource_manage(client->device->card, generation,
|
|
|
|
|
r->channels, &channel, &bandwidth,
|
2009-01-04 08:23:29 -07:00
|
|
|
todo == ISO_RES_ALLOC ||
|
|
|
|
|
todo == ISO_RES_REALLOC ||
|
2011-04-22 07:13:54 -06:00
|
|
|
todo == ISO_RES_ALLOC_ONCE);
|
2009-01-04 08:23:29 -07:00
|
|
|
/*
|
|
|
|
|
* Is this generation outdated already? As long as this resource sticks
|
|
|
|
|
* in the idr, it will be scheduled again for a newer generation or at
|
|
|
|
|
* shutdown.
|
|
|
|
|
*/
|
|
|
|
|
if (channel == -EAGAIN &&
|
|
|
|
|
(todo == ISO_RES_ALLOC || todo == ISO_RES_REALLOC))
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
success = channel >= 0 || bandwidth > 0;
|
|
|
|
|
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
/*
|
|
|
|
|
* Transit from allocation to reallocation, except if the client
|
|
|
|
|
* requested deallocation in the meantime.
|
|
|
|
|
*/
|
|
|
|
|
if (r->todo == ISO_RES_ALLOC)
|
|
|
|
|
r->todo = ISO_RES_REALLOC;
|
|
|
|
|
/*
|
|
|
|
|
* Allocation or reallocation failure? Pull this resource out of the
|
|
|
|
|
* idr and prepare for deletion, unless the client is shutting down.
|
|
|
|
|
*/
|
|
|
|
|
if (r->todo == ISO_RES_REALLOC && !success &&
|
|
|
|
|
!client->in_shutdown &&
|
2016-12-22 11:30:22 -07:00
|
|
|
idr_remove(&client->resource_idr, r->resource.handle)) {
|
2009-01-04 08:23:29 -07:00
|
|
|
client_put(client);
|
|
|
|
|
free = true;
|
|
|
|
|
}
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
|
|
|
|
|
if (todo == ISO_RES_ALLOC && channel >= 0)
|
2009-01-08 15:07:40 -07:00
|
|
|
r->channels = 1ULL << channel;
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
if (todo == ISO_RES_REALLOC && success)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
if (todo == ISO_RES_ALLOC || todo == ISO_RES_ALLOC_ONCE) {
|
2009-01-04 08:23:29 -07:00
|
|
|
e = r->e_alloc;
|
|
|
|
|
r->e_alloc = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
e = r->e_dealloc;
|
|
|
|
|
r->e_dealloc = NULL;
|
|
|
|
|
}
|
2009-10-07 16:41:38 -06:00
|
|
|
e->iso_resource.handle = r->resource.handle;
|
|
|
|
|
e->iso_resource.channel = channel;
|
|
|
|
|
e->iso_resource.bandwidth = bandwidth;
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
queue_event(client, &e->event,
|
2009-10-07 16:41:38 -06:00
|
|
|
&e->iso_resource, sizeof(e->iso_resource), NULL, 0);
|
2009-01-04 08:23:29 -07:00
|
|
|
|
|
|
|
|
if (free) {
|
|
|
|
|
cancel_delayed_work(&r->work);
|
|
|
|
|
kfree(r->e_alloc);
|
|
|
|
|
kfree(r->e_dealloc);
|
|
|
|
|
kfree(r);
|
|
|
|
|
}
|
|
|
|
|
out:
|
|
|
|
|
client_put(client);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void release_iso_resource(struct client *client,
|
|
|
|
|
struct client_resource *resource)
|
|
|
|
|
{
|
|
|
|
|
struct iso_resource *r =
|
|
|
|
|
container_of(resource, struct iso_resource, resource);
|
|
|
|
|
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
r->todo = ISO_RES_DEALLOC;
|
2009-10-07 16:41:10 -06:00
|
|
|
schedule_iso_resource(r, 0);
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
static int init_iso_resource(struct client *client,
|
|
|
|
|
struct fw_cdev_allocate_iso_resource *request, int todo)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
|
|
|
|
struct iso_resource_event *e1, *e2;
|
|
|
|
|
struct iso_resource *r;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if ((request->channels == 0 && request->bandwidth == 0) ||
|
2013-03-24 10:31:09 -06:00
|
|
|
request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL)
|
2009-01-04 08:23:29 -07:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
r = kmalloc(sizeof(*r), GFP_KERNEL);
|
|
|
|
|
e1 = kmalloc(sizeof(*e1), GFP_KERNEL);
|
|
|
|
|
e2 = kmalloc(sizeof(*e2), GFP_KERNEL);
|
|
|
|
|
if (r == NULL || e1 == NULL || e2 == NULL) {
|
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
INIT_DELAYED_WORK(&r->work, iso_resource_work);
|
|
|
|
|
r->client = client;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->todo = todo;
|
2009-01-04 08:23:29 -07:00
|
|
|
r->generation = -1;
|
|
|
|
|
r->channels = request->channels;
|
|
|
|
|
r->bandwidth = request->bandwidth;
|
|
|
|
|
r->e_alloc = e1;
|
|
|
|
|
r->e_dealloc = e2;
|
|
|
|
|
|
2009-10-07 16:41:38 -06:00
|
|
|
e1->iso_resource.closure = request->closure;
|
|
|
|
|
e1->iso_resource.type = FW_CDEV_EVENT_ISO_RESOURCE_ALLOCATED;
|
|
|
|
|
e2->iso_resource.closure = request->closure;
|
|
|
|
|
e2->iso_resource.type = FW_CDEV_EVENT_ISO_RESOURCE_DEALLOCATED;
|
2009-01-04 08:23:29 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
if (todo == ISO_RES_ALLOC) {
|
|
|
|
|
r->resource.release = release_iso_resource;
|
|
|
|
|
ret = add_client_resource(client, &r->resource, GFP_KERNEL);
|
2009-01-11 05:44:46 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto fail;
|
2009-01-04 08:23:29 -07:00
|
|
|
} else {
|
|
|
|
|
r->resource.release = NULL;
|
|
|
|
|
r->resource.handle = -1;
|
2009-10-07 16:41:10 -06:00
|
|
|
schedule_iso_resource(r, 0);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
2009-01-04 08:23:29 -07:00
|
|
|
request->handle = r->resource.handle;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
fail:
|
|
|
|
|
kfree(r);
|
|
|
|
|
kfree(e1);
|
|
|
|
|
kfree(e2);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_allocate_iso_resource(struct client *client,
|
|
|
|
|
union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_iso_resource(client,
|
|
|
|
|
&arg->allocate_iso_resource, ISO_RES_ALLOC);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_deallocate_iso_resource(struct client *client,
|
|
|
|
|
union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return release_client_resource(client,
|
|
|
|
|
arg->deallocate.handle, release_iso_resource, NULL);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_allocate_iso_resource_once(struct client *client,
|
|
|
|
|
union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_iso_resource(client,
|
|
|
|
|
&arg->allocate_iso_resource, ISO_RES_ALLOC_ONCE);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_deallocate_iso_resource_once(struct client *client,
|
|
|
|
|
union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_iso_resource(client,
|
|
|
|
|
&arg->allocate_iso_resource, ISO_RES_DEALLOC_ONCE);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2009-03-10 13:59:16 -06:00
|
|
|
/*
|
|
|
|
|
* Returns a speed code: Maximum speed to or from this device,
|
|
|
|
|
* limited by the device's link speed, the local node's link speed,
|
|
|
|
|
* and all PHY port speeds between the two links.
|
|
|
|
|
*/
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_get_speed(struct client *client, union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2009-03-10 13:59:16 -06:00
|
|
|
return client->device->max_speed;
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_send_broadcast_request(struct client *client,
|
|
|
|
|
union ioctl_arg *arg)
|
2009-01-04 08:23:29 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_send_request *a = &arg->send_request;
|
2009-01-04 08:23:29 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
switch (a->tcode) {
|
2009-01-04 08:23:29 -07:00
|
|
|
case TCODE_WRITE_QUADLET_REQUEST:
|
|
|
|
|
case TCODE_WRITE_BLOCK_REQUEST:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
/* Security policy: Only allow accesses to Units Space. */
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->offset < CSR_REGISTER_BASE + CSR_CONFIG_ROM_END)
|
2009-01-04 08:23:29 -07:00
|
|
|
return -EACCES;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_request(client, a, LOCAL_BUS | 0x3f, SCODE_100);
|
2009-01-04 08:23:29 -07:00
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int ioctl_send_stream_packet(struct client *client, union ioctl_arg *arg)
|
2009-03-05 11:08:40 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
struct fw_cdev_send_stream_packet *a = &arg->send_stream_packet;
|
2009-03-10 14:02:21 -06:00
|
|
|
struct fw_cdev_send_request request;
|
|
|
|
|
int dest;
|
2009-03-05 11:08:40 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->speed > client->device->card->link_speed ||
|
|
|
|
|
a->length > 1024 << a->speed)
|
2009-03-10 14:02:21 -06:00
|
|
|
return -EIO;
|
2009-03-05 11:08:40 -07:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
if (a->tag > 3 || a->channel > 63 || a->sy > 15)
|
2009-03-10 14:02:21 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
dest = fw_stream_packet_destination_id(a->tag, a->channel, a->sy);
|
2009-03-10 14:02:21 -06:00
|
|
|
request.tcode = TCODE_STREAM_DATA;
|
2010-02-21 09:56:21 -07:00
|
|
|
request.length = a->length;
|
|
|
|
|
request.closure = a->closure;
|
|
|
|
|
request.data = a->data;
|
|
|
|
|
request.generation = a->generation;
|
2009-03-10 14:02:21 -06:00
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
return init_request(client, &request, dest, a->speed);
|
2009-03-05 11:08:40 -07:00
|
|
|
}
|
|
|
|
|
|
2010-07-16 14:25:14 -06:00
|
|
|
static void outbound_phy_packet_callback(struct fw_packet *packet,
|
|
|
|
|
struct fw_card *card, int status)
|
|
|
|
|
{
|
|
|
|
|
struct outbound_phy_packet_event *e =
|
|
|
|
|
container_of(packet, struct outbound_phy_packet_event, p);
|
|
|
|
|
|
|
|
|
|
switch (status) {
|
|
|
|
|
/* expected: */
|
|
|
|
|
case ACK_COMPLETE: e->phy_packet.rcode = RCODE_COMPLETE; break;
|
|
|
|
|
/* should never happen with PHY packets: */
|
|
|
|
|
case ACK_PENDING: e->phy_packet.rcode = RCODE_COMPLETE; break;
|
|
|
|
|
case ACK_BUSY_X:
|
|
|
|
|
case ACK_BUSY_A:
|
|
|
|
|
case ACK_BUSY_B: e->phy_packet.rcode = RCODE_BUSY; break;
|
|
|
|
|
case ACK_DATA_ERROR: e->phy_packet.rcode = RCODE_DATA_ERROR; break;
|
|
|
|
|
case ACK_TYPE_ERROR: e->phy_packet.rcode = RCODE_TYPE_ERROR; break;
|
|
|
|
|
/* stale generation; cancelled; on certain controllers: no ack */
|
|
|
|
|
default: e->phy_packet.rcode = status; break;
|
|
|
|
|
}
|
2010-07-18 05:00:50 -06:00
|
|
|
e->phy_packet.data[0] = packet->timestamp;
|
2010-07-16 14:25:14 -06:00
|
|
|
|
2010-07-18 05:00:50 -06:00
|
|
|
queue_event(e->client, &e->event, &e->phy_packet,
|
|
|
|
|
sizeof(e->phy_packet) + e->phy_packet.length, NULL, 0);
|
2010-07-16 14:25:14 -06:00
|
|
|
client_put(e->client);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ioctl_send_phy_packet(struct client *client, union ioctl_arg *arg)
|
|
|
|
|
{
|
|
|
|
|
struct fw_cdev_send_phy_packet *a = &arg->send_phy_packet;
|
|
|
|
|
struct fw_card *card = client->device->card;
|
|
|
|
|
struct outbound_phy_packet_event *e;
|
|
|
|
|
|
|
|
|
|
/* Access policy: Allow this ioctl only on local nodes' device files. */
|
|
|
|
|
if (!client->device->is_local)
|
|
|
|
|
return -ENOSYS;
|
|
|
|
|
|
2010-07-18 05:00:50 -06:00
|
|
|
e = kzalloc(sizeof(*e) + 4, GFP_KERNEL);
|
2010-07-16 14:25:14 -06:00
|
|
|
if (e == NULL)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
client_get(client);
|
|
|
|
|
e->client = client;
|
|
|
|
|
e->p.speed = SCODE_100;
|
|
|
|
|
e->p.generation = a->generation;
|
2010-11-30 00:24:47 -07:00
|
|
|
e->p.header[0] = TCODE_LINK_INTERNAL << 4;
|
|
|
|
|
e->p.header[1] = a->data[0];
|
|
|
|
|
e->p.header[2] = a->data[1];
|
|
|
|
|
e->p.header_length = 12;
|
2010-07-16 14:25:14 -06:00
|
|
|
e->p.callback = outbound_phy_packet_callback;
|
|
|
|
|
e->phy_packet.closure = a->closure;
|
|
|
|
|
e->phy_packet.type = FW_CDEV_EVENT_PHY_PACKET_SENT;
|
2010-07-18 05:00:50 -06:00
|
|
|
if (is_ping_packet(a->data))
|
|
|
|
|
e->phy_packet.length = 4;
|
2010-07-16 14:25:14 -06:00
|
|
|
|
|
|
|
|
card->driver->send_request(card, &e->p);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-07-16 14:25:51 -06:00
|
|
|
static int ioctl_receive_phy_packets(struct client *client, union ioctl_arg *arg)
|
|
|
|
|
{
|
|
|
|
|
struct fw_cdev_receive_phy_packets *a = &arg->receive_phy_packets;
|
|
|
|
|
struct fw_card *card = client->device->card;
|
|
|
|
|
|
|
|
|
|
/* Access policy: Allow this ioctl only on local nodes' device files. */
|
|
|
|
|
if (!client->device->is_local)
|
|
|
|
|
return -ENOSYS;
|
|
|
|
|
|
|
|
|
|
spin_lock_irq(&card->lock);
|
|
|
|
|
|
|
|
|
|
list_move_tail(&client->phy_receiver_link, &card->phy_receiver_list);
|
|
|
|
|
client->phy_receiver_closure = a->closure;
|
|
|
|
|
|
|
|
|
|
spin_unlock_irq(&card->lock);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void fw_cdev_handle_phy_packet(struct fw_card *card, struct fw_packet *p)
|
|
|
|
|
{
|
|
|
|
|
struct client *client;
|
|
|
|
|
struct inbound_phy_packet_event *e;
|
|
|
|
|
unsigned long flags;
|
|
|
|
|
|
|
|
|
|
spin_lock_irqsave(&card->lock, flags);
|
|
|
|
|
|
|
|
|
|
list_for_each_entry(client, &card->phy_receiver_list, phy_receiver_link) {
|
|
|
|
|
e = kmalloc(sizeof(*e) + 8, GFP_ATOMIC);
|
2013-03-24 10:32:00 -06:00
|
|
|
if (e == NULL)
|
2010-07-16 14:25:51 -06:00
|
|
|
break;
|
2013-03-24 10:32:00 -06:00
|
|
|
|
2010-07-16 14:25:51 -06:00
|
|
|
e->phy_packet.closure = client->phy_receiver_closure;
|
|
|
|
|
e->phy_packet.type = FW_CDEV_EVENT_PHY_PACKET_RECEIVED;
|
|
|
|
|
e->phy_packet.rcode = RCODE_COMPLETE;
|
|
|
|
|
e->phy_packet.length = 8;
|
|
|
|
|
e->phy_packet.data[0] = p->header[1];
|
|
|
|
|
e->phy_packet.data[1] = p->header[2];
|
|
|
|
|
queue_event(client, &e->event,
|
|
|
|
|
&e->phy_packet, sizeof(e->phy_packet) + 8, NULL, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
spin_unlock_irqrestore(&card->lock, flags);
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
static int (* const ioctl_handlers[])(struct client *, union ioctl_arg *) = {
|
2010-07-16 14:24:29 -06:00
|
|
|
[0x00] = ioctl_get_info,
|
|
|
|
|
[0x01] = ioctl_send_request,
|
|
|
|
|
[0x02] = ioctl_allocate,
|
|
|
|
|
[0x03] = ioctl_deallocate,
|
|
|
|
|
[0x04] = ioctl_send_response,
|
|
|
|
|
[0x05] = ioctl_initiate_bus_reset,
|
|
|
|
|
[0x06] = ioctl_add_descriptor,
|
|
|
|
|
[0x07] = ioctl_remove_descriptor,
|
|
|
|
|
[0x08] = ioctl_create_iso_context,
|
|
|
|
|
[0x09] = ioctl_queue_iso,
|
|
|
|
|
[0x0a] = ioctl_start_iso,
|
|
|
|
|
[0x0b] = ioctl_stop_iso,
|
|
|
|
|
[0x0c] = ioctl_get_cycle_timer,
|
|
|
|
|
[0x0d] = ioctl_allocate_iso_resource,
|
|
|
|
|
[0x0e] = ioctl_deallocate_iso_resource,
|
|
|
|
|
[0x0f] = ioctl_allocate_iso_resource_once,
|
|
|
|
|
[0x10] = ioctl_deallocate_iso_resource_once,
|
|
|
|
|
[0x11] = ioctl_get_speed,
|
|
|
|
|
[0x12] = ioctl_send_broadcast_request,
|
|
|
|
|
[0x13] = ioctl_send_stream_packet,
|
|
|
|
|
[0x14] = ioctl_get_cycle_timer2,
|
2010-07-16 14:25:14 -06:00
|
|
|
[0x15] = ioctl_send_phy_packet,
|
2010-07-16 14:25:51 -06:00
|
|
|
[0x16] = ioctl_receive_phy_packets,
|
2010-07-29 10:19:22 -06:00
|
|
|
[0x17] = ioctl_set_iso_channels,
|
2012-03-18 12:06:39 -06:00
|
|
|
[0x18] = ioctl_flush_iso,
|
2007-04-30 13:03:13 -06:00
|
|
|
};
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static int dispatch_ioctl(struct client *client,
|
|
|
|
|
unsigned int cmd, void __user *arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:21 -07:00
|
|
|
union ioctl_arg buffer;
|
2008-12-14 13:45:45 -07:00
|
|
|
int ret;
|
2007-04-30 13:03:13 -06:00
|
|
|
|
2010-02-21 09:56:42 -07:00
|
|
|
if (fw_device_is_shutdown(client->device))
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
2007-04-30 13:03:13 -06:00
|
|
|
if (_IOC_TYPE(cmd) != '#' ||
|
2010-04-07 00:30:50 -06:00
|
|
|
_IOC_NR(cmd) >= ARRAY_SIZE(ioctl_handlers) ||
|
|
|
|
|
_IOC_SIZE(cmd) > sizeof(buffer))
|
2011-07-09 08:42:26 -06:00
|
|
|
return -ENOTTY;
|
2007-04-30 13:03:13 -06:00
|
|
|
|
firewire: cdev: prevent kernel stack leaking into ioctl arguments
Found by the UC-KLEE tool: A user could supply less input to
firewire-cdev ioctls than write- or write/read-type ioctl handlers
expect. The handlers used data from uninitialized kernel stack then.
This could partially leak back to the user if the kernel subsequently
generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
which notably would contain the _u64 closure field which many of the
ioctl argument structures contain.
The fact that the handlers would act on random garbage input is a
lesser issue since all handlers must check their input anyway.
The fix simply always null-initializes the entire ioctl argument buffer
regardless of the actual length of expected user input. That is, a
runtime overhead of memset(..., 40) is added to each firewirew-cdev
ioctl() call. [Comment from Clemens Ladisch: This part of the stack is
most likely to be already in the cache.]
Remarks:
- There was never any leak from kernel stack to the ioctl output
buffer itself. IOW, it was not possible to read kernel stack by a
read-type or write/read-type ioctl alone; the leak could at most
happen in combination with read()ing subsequent event data.
- The actual expected minimum user input of each ioctl from
include/uapi/linux/firewire-cdev.h is, in bytes:
[0x00] = 32, [0x05] = 4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
[0x01] = 36, [0x06] = 20, [0x0b] = 4, [0x10] = 20, [0x15] = 20,
[0x02] = 20, [0x07] = 4, [0x0c] = 0, [0x11] = 0, [0x16] = 8,
[0x03] = 4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
[0x04] = 20, [0x09] = 24, [0x0e] = 4, [0x13] = 40, [0x18] = 4.
Reported-by: David Ramos <daramos@stanford.edu>
Cc: <stable@vger.kernel.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2014-11-11 09:16:44 -07:00
|
|
|
memset(&buffer, 0, sizeof(buffer));
|
2010-04-07 00:30:50 -06:00
|
|
|
|
|
|
|
|
if (_IOC_DIR(cmd) & _IOC_WRITE)
|
|
|
|
|
if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd)))
|
2007-04-30 13:03:13 -06:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
2010-02-21 09:56:21 -07:00
|
|
|
ret = ioctl_handlers[_IOC_NR(cmd)](client, &buffer);
|
2008-12-14 13:45:45 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
2007-04-30 13:03:13 -06:00
|
|
|
|
2010-04-07 00:30:50 -06:00
|
|
|
if (_IOC_DIR(cmd) & _IOC_READ)
|
|
|
|
|
if (copy_to_user(arg, &buffer, _IOC_SIZE(cmd)))
|
2007-04-30 13:03:13 -06:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
2008-12-14 13:45:45 -07:00
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2008-12-14 13:47:04 -07:00
|
|
|
static long fw_device_op_ioctl(struct file *file,
|
|
|
|
|
unsigned int cmd, unsigned long arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:42 -07:00
|
|
|
return dispatch_ioctl(file->private_data, cmd, (void __user *)arg);
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_COMPAT
|
2008-12-14 13:47:04 -07:00
|
|
|
static long fw_device_op_compat_ioctl(struct file *file,
|
|
|
|
|
unsigned int cmd, unsigned long arg)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
2010-02-21 09:56:42 -07:00
|
|
|
return dispatch_ioctl(file->private_data, cmd, compat_ptr(arg));
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static int fw_device_op_mmap(struct file *file, struct vm_area_struct *vma)
|
|
|
|
|
{
|
|
|
|
|
struct client *client = file->private_data;
|
2007-02-16 15:34:38 -07:00
|
|
|
unsigned long size;
|
2008-12-14 13:45:45 -07:00
|
|
|
int page_count, ret;
|
2007-02-16 15:34:38 -07:00
|
|
|
|
2008-05-16 09:15:23 -06:00
|
|
|
if (fw_device_is_shutdown(client->device))
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
2007-02-16 15:34:38 -07:00
|
|
|
/* FIXME: We could support multiple buffers, but we don't. */
|
|
|
|
|
if (client->buffer.pages != NULL)
|
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
|
|
if (!(vma->vm_flags & VM_SHARED))
|
|
|
|
|
return -EINVAL;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2007-02-16 15:34:38 -07:00
|
|
|
if (vma->vm_start & ~PAGE_MASK)
|
2006-12-19 17:58:31 -07:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
client->vm_start = vma->vm_start;
|
2007-02-16 15:34:38 -07:00
|
|
|
size = vma->vm_end - vma->vm_start;
|
|
|
|
|
page_count = size >> PAGE_SHIFT;
|
|
|
|
|
if (size & ~PAGE_MASK)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2012-04-09 12:51:18 -06:00
|
|
|
ret = fw_iso_buffer_alloc(&client->buffer, page_count);
|
2008-12-14 13:45:45 -07:00
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2012-04-09 12:51:18 -06:00
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
if (client->iso_context) {
|
|
|
|
|
ret = fw_iso_buffer_map_dma(&client->buffer,
|
|
|
|
|
client->device->card,
|
|
|
|
|
iso_dma_direction(client->iso_context));
|
|
|
|
|
client->buffer_is_mapped = (ret == 0);
|
|
|
|
|
}
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
2008-12-14 13:45:45 -07:00
|
|
|
if (ret < 0)
|
2012-04-09 12:51:18 -06:00
|
|
|
goto fail;
|
2007-02-16 15:34:38 -07:00
|
|
|
|
2012-04-09 12:51:18 -06:00
|
|
|
ret = fw_iso_buffer_map_vma(&client->buffer, vma);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
fail:
|
|
|
|
|
fw_iso_buffer_destroy(&client->buffer, client->device->card);
|
2008-12-14 13:45:45 -07:00
|
|
|
return ret;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2011-01-10 09:28:39 -07:00
|
|
|
static int is_outbound_transaction_resource(int id, void *p, void *data)
|
|
|
|
|
{
|
|
|
|
|
struct client_resource *resource = p;
|
|
|
|
|
|
|
|
|
|
return resource->release == release_transaction;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int has_outbound_transactions(struct client *client)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
spin_lock_irq(&client->lock);
|
|
|
|
|
ret = idr_for_each(&client->resource_idr,
|
|
|
|
|
is_outbound_transaction_resource, NULL);
|
|
|
|
|
spin_unlock_irq(&client->lock);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-21 08:47:17 -07:00
|
|
|
static int shutdown_resource(int id, void *p, void *data)
|
|
|
|
|
{
|
2009-10-07 16:41:38 -06:00
|
|
|
struct client_resource *resource = p;
|
2008-12-21 08:47:17 -07:00
|
|
|
struct client *client = data;
|
|
|
|
|
|
2009-10-07 16:41:38 -06:00
|
|
|
resource->release(client, resource);
|
2009-01-04 08:23:29 -07:00
|
|
|
client_put(client);
|
2008-12-21 08:47:17 -07:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
static int fw_device_op_release(struct inode *inode, struct file *file)
|
|
|
|
|
{
|
|
|
|
|
struct client *client = file->private_data;
|
2009-10-07 16:41:38 -06:00
|
|
|
struct event *event, *next_event;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2010-07-16 14:25:51 -06:00
|
|
|
spin_lock_irq(&client->device->card->lock);
|
|
|
|
|
list_del(&client->phy_receiver_link);
|
|
|
|
|
spin_unlock_irq(&client->device->card->lock);
|
|
|
|
|
|
2008-12-14 11:19:23 -07:00
|
|
|
mutex_lock(&client->device->client_list_mutex);
|
|
|
|
|
list_del(&client->link);
|
|
|
|
|
mutex_unlock(&client->device->client_list_mutex);
|
|
|
|
|
|
2006-12-19 17:58:31 -07:00
|
|
|
if (client->iso_context)
|
|
|
|
|
fw_iso_context_destroy(client->iso_context);
|
|
|
|
|
|
2009-01-05 12:28:10 -07:00
|
|
|
if (client->buffer.pages)
|
|
|
|
|
fw_iso_buffer_destroy(&client->buffer, client->device->card);
|
|
|
|
|
|
2008-12-21 08:47:17 -07:00
|
|
|
/* Freeze client->resource_idr and client->event_list */
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_lock_irq(&client->lock);
|
2008-12-21 08:47:17 -07:00
|
|
|
client->in_shutdown = true;
|
2009-01-04 08:23:29 -07:00
|
|
|
spin_unlock_irq(&client->lock);
|
2007-03-28 13:26:42 -06:00
|
|
|
|
2011-01-10 09:28:39 -07:00
|
|
|
wait_event(client->tx_flush_wait, !has_outbound_transactions(client));
|
|
|
|
|
|
2008-12-21 08:47:17 -07:00
|
|
|
idr_for_each(&client->resource_idr, shutdown_resource, client);
|
|
|
|
|
idr_destroy(&client->resource_idr);
|
2007-03-07 10:12:50 -07:00
|
|
|
|
2009-10-07 16:41:38 -06:00
|
|
|
list_for_each_entry_safe(event, next_event, &client->event_list, link)
|
|
|
|
|
kfree(event);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
2009-01-04 08:23:29 -07:00
|
|
|
client_put(client);
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-03 04:39:46 -06:00
|
|
|
static __poll_t fw_device_op_poll(struct file *file, poll_table * pt)
|
2006-12-19 17:58:31 -07:00
|
|
|
{
|
|
|
|
|
struct client *client = file->private_data;
|
2017-07-03 04:39:46 -06:00
|
|
|
__poll_t mask = 0;
|
2006-12-19 17:58:31 -07:00
|
|
|
|
|
|
|
|
poll_wait(file, &client->wait, pt);
|
|
|
|
|
|
2007-03-07 10:12:48 -07:00
|
|
|
if (fw_device_is_shutdown(client->device))
|
2018-02-11 15:34:03 -07:00
|
|
|
mask |= EPOLLHUP | EPOLLERR;
|
2006-12-19 17:58:31 -07:00
|
|
|
if (!list_empty(&client->event_list))
|
2018-02-11 15:34:03 -07:00
|
|
|
mask |= EPOLLIN | EPOLLRDNORM;
|
2007-03-07 10:12:48 -07:00
|
|
|
|
|
|
|
|
return mask;
|
2006-12-19 17:58:31 -07:00
|
|
|
}
|
|
|
|
|
|
2007-01-14 07:29:07 -07:00
|
|
|
const struct file_operations fw_device_ops = {
|
2006-12-19 17:58:31 -07:00
|
|
|
.owner = THIS_MODULE,
|
2010-04-10 09:38:05 -06:00
|
|
|
.llseek = no_llseek,
|
2006-12-19 17:58:31 -07:00
|
|
|
.open = fw_device_op_open,
|
|
|
|
|
.read = fw_device_op_read,
|
|
|
|
|
.unlocked_ioctl = fw_device_op_ioctl,
|
|
|
|
|
.mmap = fw_device_op_mmap,
|
2010-04-10 09:38:05 -06:00
|
|
|
.release = fw_device_op_release,
|
|
|
|
|
.poll = fw_device_op_poll,
|
2006-12-19 17:58:31 -07:00
|
|
|
#ifdef CONFIG_COMPAT
|
2007-01-21 12:45:32 -07:00
|
|
|
.compat_ioctl = fw_device_op_compat_ioctl,
|
2006-12-19 17:58:31 -07:00
|
|
|
#endif
|
|
|
|
|
};
|