From: Jay Fenlason <fenlason@redhat.com>
Date: Tue, 29 Jan 2008 17:29:43 -0500
Subject: [firewire] more upstream fixes regarding rom
Message-id: 20080129222943.GD4896@redhat.com
O-Subject: [Additional PATCH] RHEL-5.2 bz#370421 Upgrade firewire stack to latest upstream
Bugzilla: 370421
jwilson proposed the following four additional patches for the 5.2 firewire
stack to solve issues that were fixed upstream after I did the original 5.2
backport. These are from upstream, they fix real bugs, and at least in my
testing they haven't broken anything on i686 and x86_64.
-----------------------------------------------------------------------------
RHEL5 backport to address issues accessing firewire device config roms, based
on the following linux1394-git commits:
====
http://git.kernel.org/?p=linux/kernel/git/ieee1394/linux1394-2.6.git;a=commit;h=f549da95402dde45b7184934df7ad54823cbc100
firewire: fw-cdev: use device generation, not card generation
We have to use the fw_device.generation here, not the fw_card.generation,
because the generation must never be newer than the node ID when we emit
a transaction. This cannot be guaranteed with fw_card.generation.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Verified in concert with subsequent memory barriers patch to fix 'giving
up on config rom' issues on multiple system and drive combinations that
were previously affected.
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
====
http://git.kernel.org/?p=linux/kernel/git/ieee1394/linux1394-2.6.git;a=commit;h=7f9c206f1496a9c9a18d64d247f756654653fea8
firewire: enforce access order between generation and node ID, fix "giving up on config rom"
fw_device.node_id and fw_device.generation are accessed without mutexes.
We have to ensure that all readers will get to see node_id updates
before generation updates.
Fixes an inability to recognize devices after "giving up on config rom",
https://bugzilla.redhat.com/show_bug.cgi?id=429950
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Reviewed by Nick Piggin <nickpiggin@yahoo.com.au>.
Verified to fix 'giving up on config rom' issues on multiple system and
drive combinations that were previously affected.
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
====
http://git.kernel.org/?p=linux/kernel/git/ieee1394/linux1394-2.6.git;a=commit;h=78f5e38feb61dad7d980da9cd55d120f70fb8b67
firewire: fw-core: react on bus resets while the config ROM is being fetched
read_rom() obtained a fresh new fw_device.generation for each read
transaction. Hence it was able to continue reading in the middle of the
ROM even if a bus reset happened. However the device may have modified
the ROM during the reset. We would end up with a corrupt fetched ROM
image then.
Although all of this is quite unlikely, it is not impossible.
Therefore we now restart reading the ROM if the bus generation changed.
Note, the memory barrier in read_rom() is still necessary according to
tests by Jarod Wilson, despite of the ->generation access being moved up
in the call chain.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Jarod Wilson <jwilson@redhat.com>
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index bdbc2d5..9de210d 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -205,12 +205,13 @@ fill_bus_reset_event(struct fw_cdev_event_bus_reset *event,
event->closure = client->bus_reset_closure;
event->type = FW_CDEV_EVENT_BUS_RESET;
+ event->generation = client->device->generation;
+ smp_rmb(); /* node_id must not be older than generation */
event->node_id = client->device->node_id;
event->local_node_id = card->local_node->node_id;
event->bm_node_id = 0; /* FIXME: We don't track the BM. */
event->irm_node_id = card->irm_node->node_id;
event->root_node_id = card->root_node->node_id;
- event->generation = card->generation;
}
static void
diff --git a/drivers/firewire/fw-device.c b/drivers/firewire/fw-device.c
index 0711c42..ba3ae3d 100644
--- a/drivers/firewire/fw-device.c
+++ b/drivers/firewire/fw-device.c
@@ -189,9 +189,13 @@ static void fw_device_release(struct device *dev)
int fw_device_enable_phys_dma(struct fw_device *device)
{
+ int generation = device->generation;
+
+ /* device->node_id, accessed below, must not be older than generation */
+ smp_rmb();
return device->card->driver->enable_phys_dma(device->card,
device->node_id,
- device->generation);
+ generation);
}
EXPORT_SYMBOL(fw_device_enable_phys_dma);
@@ -390,17 +394,20 @@ complete_transaction(struct fw_card *card, int rcode,
complete(&callback_data->done);
}
-static int read_rom(struct fw_device *device, int index, u32 * data)
+static int
+read_rom(struct fw_device *device, int generation, int index, u32 * data)
{
struct read_quadlet_callback_data callback_data;
struct fw_transaction t;
u64 offset;
+ /* device->node_id, accessed below, must not be older than generation */
+ smp_rmb();
init_completion(&callback_data.done);
offset = 0xfffff0000400ULL + index * 4;
fw_send_request(device->card, &t, TCODE_READ_QUADLET_REQUEST,
- device->node_id, device->generation, device->max_speed,
+ device->node_id, generation, device->max_speed,
offset, NULL, 4, complete_transaction, &callback_data);
wait_for_completion(&callback_data.done);
@@ -410,7 +417,14 @@ static int read_rom(struct fw_device *device, int index, u32 * data)
return callback_data.rcode;
}
-static int read_bus_info_block(struct fw_device *device)
+/*
+ * Read the bus info block, perform a speed probe, and read all of the rest of
+ * the config ROM. We do all this with a cached bus generation. If the bus
+ * generation changes under us, read_bus_info_block will fail and get retried.
+ * It's better to start all over in this case because the node from which we
+ * are reading the ROM may have changed the ROM during the reset.
+ */
+static int read_bus_info_block(struct fw_device *device, int generation)
{
static u32 rom[256];
u32 stack[16], sp, key;
@@ -420,7 +434,7 @@ static int read_bus_info_block(struct fw_device *device)
/* First read the bus info block. */
for (i = 0; i < 5; i++) {
- if (read_rom(device, i, &rom[i]) != RCODE_COMPLETE)
+ if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE)
return -1;
/*
* As per IEEE1212 7.2, during power-up, devices can
@@ -455,7 +469,8 @@ static int read_bus_info_block(struct fw_device *device)
device->max_speed = device->card->link_speed;
while (device->max_speed > SCODE_100) {
- if (read_rom(device, 0, &dummy) == RCODE_COMPLETE)
+ if (read_rom(device, generation, 0, &dummy) ==
+ RCODE_COMPLETE)
break;
device->max_speed--;
}
@@ -488,7 +503,7 @@ static int read_bus_info_block(struct fw_device *device)
return -1;
/* Read header quadlet for the block to get the length. */
- if (read_rom(device, i, &rom[i]) != RCODE_COMPLETE)
+ if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE)
return -1;
end = i + (rom[i] >> 16) + 1;
i++;
@@ -507,7 +522,8 @@ static int read_bus_info_block(struct fw_device *device)
* it references another block, and push it in that case.
*/
while (i < end) {
- if (read_rom(device, i, &rom[i]) != RCODE_COMPLETE)
+ if (read_rom(device, generation, i, &rom[i]) !=
+ RCODE_COMPLETE)
return -1;
if ((key >> 30) == 3 && (rom[i] >> 30) > 1 &&
sp < ARRAY_SIZE(stack))
@@ -647,7 +663,7 @@ static void fw_device_init(void *w)
* device.
*/
- if (read_bus_info_block(device) < 0) {
+ if (read_bus_info_block(device, device->generation) < 0) {
if (device->config_rom_retries < MAX_RETRIES) {
device->config_rom_retries++;
schedule_delayed_work(&device->work, RETRY_DELAY);
@@ -801,6 +817,7 @@ void fw_node_event(struct fw_card *card, struct fw_node *node, int event)
device = node->data;
device->node_id = node->node_id;
+ smp_wmb(); /* update node_id before generation */
device->generation = card->generation;
if (atomic_read(&device->state) == FW_DEVICE_RUNNING) {
PREPARE_WORK(&device->work, fw_device_update,
diff --git a/drivers/firewire/fw-ohci.c b/drivers/firewire/fw-ohci.c
index 129840b..38d041f 100644
--- a/drivers/firewire/fw-ohci.c
+++ b/drivers/firewire/fw-ohci.c
@@ -101,17 +101,48 @@ struct context;
typedef int (*descriptor_callback_t)(struct context *ctx,
struct descriptor *d,
struct descriptor *last);
+
+/*
+ * A buffer that contains a block of DMA-able coherent memory used for
+ * storing a portion of a DMA descriptor program.
+ */
+struct descriptor_buffer {
+ struct list_head list;
+ dma_addr_t buffer_bus;
+ size_t buffer_size;
+ size_t used;
+ struct descriptor buffer[0];
+};
+
struct context {
struct fw_ohci *ohci;
u32 regs;
+ int total_allocation;
- struct descriptor *buffer;
- dma_addr_t buffer_bus;
- size_t buffer_size;
- struct descriptor *head_descriptor;
- struct descriptor *tail_descriptor;
- struct descriptor *tail_descriptor_last;
- struct descriptor *prev_descriptor;
+ /*
+ * List of page-sized buffers for storing DMA descriptors.
+ * Head of list contains buffers in use and tail of list contains
+ * free buffers.
+ */
+ struct list_head buffer_list;
+
+ /*
+ * Pointer to a buffer inside buffer_list that contains the tail
+ * end of the current DMA program.
+ */
+ struct descriptor_buffer *buffer_tail;
+
+ /*
+ * The descriptor containing the branch address of the first
+ * descriptor that has not yet been filled by the device.
+ */
+ struct descriptor *last;
+
+ /*
+ * The last descriptor in the DMA program. It contains the branch
+ * address that must be updated upon appending a new descriptor.
+ */
+ struct descriptor *prev;
descriptor_callback_t callback;
@@ -128,6 +159,7 @@ struct context {
struct iso_context {
struct fw_iso_context base;
struct context context;
+ int excess_bytes;
void *header;
size_t header_length;
};
@@ -200,8 +232,6 @@ static inline struct fw_ohci *fw_ohci(struct fw_card *card)
#define SELF_ID_BUF_SIZE 0x800
#define OHCI_TCODE_PHY_PACKET 0x0e
#define OHCI_VERSION_1_1 0x010010
-#define ISO_BUFFER_SIZE (64 * 1024)
-#define AT_BUFFER_SIZE 4096
static char ohci_driver_name[] = KBUILD_MODNAME;
@@ -241,6 +271,7 @@ ohci_update_phy_reg(struct fw_card *card, int addr,
old = (old & ~clear_bits) | set_bits;
reg_write(ohci, OHCI1394_PhyControl,
OHCI1394_PhyControl_Write(addr, old));
+
return 0;
}
@@ -378,8 +409,8 @@ static void ar_context_tasklet(unsigned long data)
offset = offsetof(struct ar_buffer, data);
dma_unmap_single(ohci->card.device,
- le32_to_cpu(ab->descriptor.data_address) - offset,
- PAGE_SIZE, DMA_BIDIRECTIONAL);
+ le32_to_cpu(ab->descriptor.data_address) - offset,
+ PAGE_SIZE, DMA_BIDIRECTIONAL);
buffer = ab;
ab = ab->next;
@@ -457,72 +488,109 @@ find_branch_descriptor(struct descriptor *d, int z)
static void context_tasklet(unsigned long data)
{
struct context *ctx = (struct context *) data;
- struct fw_ohci *ohci = ctx->ohci;
struct descriptor *d, *last;
u32 address;
int z;
+ struct descriptor_buffer *desc;
- dma_sync_single_for_cpu(ohci->card.device, ctx->buffer_bus,
- ctx->buffer_size, DMA_TO_DEVICE);
-
- d = ctx->tail_descriptor;
- last = ctx->tail_descriptor_last;
-
+ desc = list_entry(ctx->buffer_list.next,
+ struct descriptor_buffer, list);
+ last = ctx->last;
while (last->branch_address != 0) {
+ struct descriptor_buffer *old_desc = desc;
address = le32_to_cpu(last->branch_address);
z = address & 0xf;
- d = ctx->buffer + (address - ctx->buffer_bus) / sizeof(*d);
+ address &= ~0xf;
+
+ /* If the branch address points to a buffer outside of the
+ * current buffer, advance to the next buffer. */
+ if (address < desc->buffer_bus ||
+ address >= desc->buffer_bus + desc->used)
+ desc = list_entry(desc->list.next,
+ struct descriptor_buffer, list);
+ d = desc->buffer + (address - desc->buffer_bus) / sizeof(*d);
last = find_branch_descriptor(d, z);
if (!ctx->callback(ctx, d, last))
break;
- ctx->tail_descriptor = d;
- ctx->tail_descriptor_last = last;
+ if (old_desc != desc) {
+ /* If we've advanced to the next buffer, move the
+ * previous buffer to the free list. */
+ unsigned long flags;
+ old_desc->used = 0;
+ spin_lock_irqsave(&ctx->ohci->lock, flags);
+ list_move_tail(&old_desc->list, &ctx->buffer_list);
+ spin_unlock_irqrestore(&ctx->ohci->lock, flags);
+ }
+ ctx->last = last;
}
}
+/*
+ * Allocate a new buffer and add it to the list of free buffers for this
+ * context. Must be called with ohci->lock held.
+ */
+static int
+context_add_buffer(struct context *ctx)
+{
+ struct descriptor_buffer *desc;
+ dma_addr_t bus_addr;
+ int offset;
+
+ /*
+ * 16MB of descriptors should be far more than enough for any DMA
+ * program. This will catch run-away userspace or DoS attacks.
+ */
+ if (ctx->total_allocation >= 16*1024*1024)
+ return -ENOMEM;
+
+ desc = dma_alloc_coherent(ctx->ohci->card.device, PAGE_SIZE,
+ &bus_addr, GFP_ATOMIC);
+ if (!desc)
+ return -ENOMEM;
+
+ offset = (void *)&desc->buffer - (void *)desc;
+ desc->buffer_size = PAGE_SIZE - offset;
+ desc->buffer_bus = bus_addr + offset;
+ desc->used = 0;
+
+ list_add_tail(&desc->list, &ctx->buffer_list);
+ ctx->total_allocation += PAGE_SIZE;
+
+ return 0;
+}
+
static int
context_init(struct context *ctx, struct fw_ohci *ohci,
- size_t buffer_size, u32 regs,
- descriptor_callback_t callback)
+ u32 regs, descriptor_callback_t callback)
{
ctx->ohci = ohci;
ctx->regs = regs;
- ctx->buffer_size = buffer_size;
- ctx->buffer = kmalloc(buffer_size, GFP_KERNEL);
- if (ctx->buffer == NULL) {
+ ctx->total_allocation = 0;
+
+ INIT_LIST_HEAD(&ctx->buffer_list);
+ if (context_add_buffer(ctx) < 0)
return -ENOMEM;
- }
+
+ ctx->buffer_tail = list_entry(ctx->buffer_list.next,
+ struct descriptor_buffer, list);
tasklet_init(&ctx->tasklet, context_tasklet, (unsigned long)ctx);
ctx->callback = callback;
- ctx->buffer_bus =
- dma_map_single(ohci->card.device, ctx->buffer,
- buffer_size, DMA_TO_DEVICE);
- if (dma_mapping_error(ctx->buffer_bus)) {
- kfree(ctx->buffer);
- return -ENOMEM;
- }
-
- ctx->head_descriptor = ctx->buffer;
- ctx->prev_descriptor = ctx->buffer;
- ctx->tail_descriptor = ctx->buffer;
- ctx->tail_descriptor_last = ctx->buffer;
-
/*
* We put a dummy descriptor in the buffer that has a NULL
* branch address and looks like it's been sent. That way we
- * have a descriptor to append DMA programs to. Also, the
- * ring buffer invariant is that it always has at least one
- * element so that head == tail means buffer full.
+ * have a descriptor to append DMA programs to.
*/
+ memset(ctx->buffer_tail->buffer, 0, sizeof(*ctx->buffer_tail->buffer));
+ ctx->buffer_tail->buffer->control = cpu_to_le16(DESCRIPTOR_OUTPUT_LAST);
+ ctx->buffer_tail->buffer->transfer_status = cpu_to_le16(0x8011);
+ ctx->buffer_tail->used += sizeof(*ctx->buffer_tail->buffer);
+ ctx->last = ctx->buffer_tail->buffer;
+ ctx->prev = ctx->buffer_tail->buffer;
- memset(ctx->head_descriptor, 0, sizeof(*ctx->head_descriptor));
- ctx->head_descriptor->control = cpu_to_le16(DESCRIPTOR_OUTPUT_LAST);
- ctx->head_descriptor->transfer_status = cpu_to_le16(0x8011);
- ctx->head_descriptor++;
return 0;
}
@@ -530,35 +598,42 @@ static void
context_release(struct context *ctx)
{
struct fw_card *card = &ctx->ohci->card;
+ struct descriptor_buffer *desc, *tmp;
- dma_unmap_single(card->device, ctx->buffer_bus,
- ctx->buffer_size, DMA_TO_DEVICE);
- kfree(ctx->buffer);
+ list_for_each_entry_safe(desc, tmp, &ctx->buffer_list, list)
+ dma_free_coherent(card->device, PAGE_SIZE, desc,
+ desc->buffer_bus -
+ ((void *)&desc->buffer - (void *)desc));
}
+/* Must be called with ohci->lock held */
static struct descriptor *
context_get_descriptors(struct context *ctx, int z, dma_addr_t *d_bus)
{
- struct descriptor *d, *tail, *end;
-
- d = ctx->head_descriptor;
- tail = ctx->tail_descriptor;
- end = ctx->buffer + ctx->buffer_size / sizeof(*d);
-
- if (d + z <= tail) {
- goto has_space;
- } else if (d > tail && d + z <= end) {
- goto has_space;
- } else if (d > tail && ctx->buffer + z <= tail) {
- d = ctx->buffer;
- goto has_space;
- }
+ struct descriptor *d = NULL;
+ struct descriptor_buffer *desc = ctx->buffer_tail;
+
+ if (z * sizeof(*d) > desc->buffer_size)
+ return NULL;
+
+ if (z * sizeof(*d) > desc->buffer_size - desc->used) {
+ /* No room for the descriptor in this buffer, so advance to the
+ * next one. */
- return NULL;
+ if (desc->list.next == &ctx->buffer_list) {
+ /* If there is no free buffer next in the list,
+ * allocate one. */
+ if (context_add_buffer(ctx) < 0)
+ return NULL;
+ }
+ desc = list_entry(desc->list.next,
+ struct descriptor_buffer, list);
+ ctx->buffer_tail = desc;
+ }
- has_space:
+ d = desc->buffer + desc->used / sizeof(*d);
memset(d, 0, z * sizeof(*d));
- *d_bus = ctx->buffer_bus + (d - ctx->buffer) * sizeof(*d);
+ *d_bus = desc->buffer_bus + desc->used;
return d;
}
@@ -568,7 +643,7 @@ static void context_run(struct context *ctx, u32 extra)
struct fw_ohci *ohci = ctx->ohci;
reg_write(ohci, COMMAND_PTR(ctx->regs),
- le32_to_cpu(ctx->tail_descriptor_last->branch_address));
+ le32_to_cpu(ctx->last->branch_address));
reg_write(ohci, CONTROL_CLEAR(ctx->regs), ~0);
reg_write(ohci, CONTROL_SET(ctx->regs), CONTEXT_RUN | extra);
flush_writes(ohci);
@@ -578,15 +653,13 @@ static void context_append(struct context *ctx,
struct descriptor *d, int z, int extra)
{
dma_addr_t d_bus;
+ struct descriptor_buffer *desc = ctx->buffer_tail;
- d_bus = ctx->buffer_bus + (d - ctx->buffer) * sizeof(*d);
-
- ctx->head_descriptor = d + z + extra;
- ctx->prev_descriptor->branch_address = cpu_to_le32(d_bus | z);
- ctx->prev_descriptor = find_branch_descriptor(d, z);
+ d_bus = desc->buffer_bus + (d - desc->buffer) * sizeof(*d);
- dma_sync_single_for_device(ctx->ohci->card.device, ctx->buffer_bus,
- ctx->buffer_size, DMA_TO_DEVICE);
+ desc->used += (z + extra) * sizeof(*d);
+ ctx->prev->branch_address = cpu_to_le32(d_bus | z);
+ ctx->prev = find_branch_descriptor(d, z);
reg_write(ctx->ohci, CONTROL_SET(ctx->regs), CONTEXT_WAKE);
flush_writes(ctx->ohci);
@@ -623,7 +696,7 @@ static int
at_context_queue_packet(struct context *ctx, struct fw_packet *packet)
{
struct fw_ohci *ohci = ctx->ohci;
- dma_addr_t d_bus, payload_bus;
+ dma_addr_t d_bus, uninitialized_var(payload_bus);
struct driver_data *driver_data;
struct descriptor *d, *last;
__le32 *header;
@@ -699,7 +772,7 @@ at_context_queue_packet(struct context *ctx, struct fw_packet *packet)
if (ohci->generation != packet->generation) {
if (packet->payload_length > 0)
dma_unmap_single(ohci->card.device, payload_bus,
- packet->payload_length, DMA_TO_DEVICE);
+ packet->payload_length, DMA_TO_DEVICE);
packet->ack = RCODE_GENERATION;
return -1;
}
@@ -939,7 +1012,7 @@ static void bus_reset_tasklet(unsigned long data)
}
if ((reg & OHCI1394_NodeID_nodeNumber) == 63) {
fw_notify("malconfigured bus\n");
- return;
+ return;
}
ohci->node_id = reg & (OHCI1394_NodeID_busNumber |
OHCI1394_NodeID_nodeNumber);
@@ -1026,11 +1099,12 @@ static void bus_reset_tasklet(unsigned long data)
if (free_rom)
dma_free_coherent(ohci->card.device, CONFIG_ROM_SIZE,
free_rom, free_rom_bus);
+
fw_core_handle_bus_reset(&ohci->card, ohci->node_id, generation,
self_id_count, ohci->self_id_buffer);
}
-static irqreturn_t irq_handler(int irq, void *data, struct pt_regs *unused)
+static irqreturn_t irq_handler(int irq, void *data)
{
struct fw_ohci *ohci = data;
u32 event, iso_event, cycle_time;
@@ -1079,6 +1153,13 @@ static irqreturn_t irq_handler(int irq, void *data, struct pt_regs *unused)
if (unlikely(event & OHCI1394_postedWriteErr))
fw_error("PCI posted write error\n");
+ if (unlikely(event & OHCI1394_cycleTooLong)) {
+ if (printk_ratelimit())
+ fw_notify("isochronous cycle too long\n");
+ reg_write(ohci, OHCI1394_LinkControlSet,
+ OHCI1394_LinkControl_cycleMaster);
+ }
+
if (event & OHCI1394_cycle64Seconds) {
cycle_time = reg_read(ohci, OHCI1394_IsochronousCycleTimer);
if ((cycle_time & 0x80000000) == 0)
@@ -1097,7 +1178,7 @@ static int software_reset(struct fw_ohci *ohci)
for (i = 0; i < OHCI_LOOP_COUNT; i++) {
if ((reg_read(ohci, OHCI1394_HCControlSet) &
OHCI1394_HCControl_softReset) == 0)
- return 0;
+ return 0;
msleep(1);
}
@@ -1152,8 +1233,8 @@ static int ohci_enable(struct fw_card *card, u32 *config_rom, size_t length)
OHCI1394_RQPkt | OHCI1394_RSPkt |
OHCI1394_reqTxComplete | OHCI1394_respTxComplete |
OHCI1394_isochRx | OHCI1394_isochTx |
- OHCI1394_postedWriteErr | OHCI1394_cycle64Seconds |
- OHCI1394_masterIntEnable);
+ OHCI1394_postedWriteErr | OHCI1394_cycleTooLong |
+ OHCI1394_cycle64Seconds | OHCI1394_masterIntEnable);
/* Activate link_on bit and contender bit in our self ID packets.*/
if (ohci_update_phy_reg(card, 4, 0,
@@ -1190,7 +1271,7 @@ static int ohci_enable(struct fw_card *card, u32 *config_rom, size_t length)
memset(ohci->next_config_rom, 0, CONFIG_ROM_SIZE);
fw_memcpy_to_be32(ohci->next_config_rom, config_rom, length * 4);
} else {
- /*
+ /*
* In the suspend case, config_rom is NULL, which
* means that we just reuse the old config rom.
*/
@@ -1307,6 +1388,7 @@ ohci_set_config_rom(struct fw_card *card, u32 *config_rom, size_t length)
else
dma_free_coherent(ohci->card.device, CONFIG_ROM_SIZE,
next_config_rom, next_config_rom_bus);
+
return retval;
}
@@ -1408,9 +1490,13 @@ static int handle_ir_dualbuffer_packet(struct context *context,
void *p, *end;
int i;
- if (db->first_res_count > 0 && db->second_res_count > 0)
- /* This descriptor isn't done yet, stop iteration. */
- return 0;
+ if (db->first_res_count > 0 && db->second_res_count > 0) {
+ if (ctx->excess_bytes <= le16_to_cpu(db->second_req_count)) {
+ /* This descriptor isn't done yet, stop iteration. */
+ return 0;
+ }
+ ctx->excess_bytes -= le16_to_cpu(db->second_req_count);
+ }
header_length = le16_to_cpu(db->first_req_count) -
le16_to_cpu(db->first_res_count);
@@ -1429,11 +1515,15 @@ static int handle_ir_dualbuffer_packet(struct context *context,
*(u32 *) (ctx->header + i) = __swab32(*(u32 *) (p + 4));
memcpy(ctx->header + i + 4, p + 8, ctx->base.header_size - 4);
i += ctx->base.header_size;
+ ctx->excess_bytes +=
+ (le32_to_cpu(*(u32 *)(p + 4)) >> 16) & 0xffff;
p += ctx->base.header_size + 4;
}
-
ctx->header_length = i;
+ ctx->excess_bytes -= le16_to_cpu(db->second_req_count) -
+ le16_to_cpu(db->second_res_count);
+
if (le16_to_cpu(db->control) & DESCRIPTOR_IRQ_ALWAYS) {
ir_header = (__le32 *) (db + 1);
ctx->base.callback(&ctx->base,
@@ -1452,24 +1542,24 @@ static int handle_ir_packet_per_buffer(struct context *context,
{
struct iso_context *ctx =
container_of(context, struct iso_context, context);
- struct descriptor *pd = d + 1;
+ struct descriptor *pd;
__le32 *ir_header;
- size_t header_length;
- void *p, *end;
- int i, z;
+ void *p;
+ int i;
- if (pd->res_count == pd->req_count)
+ for (pd = d; pd <= last; pd++) {
+ if (pd->transfer_status)
+ break;
+ }
+ if (pd > last)
/* Descriptor(s) not done yet, stop iteration */
return 0;
- header_length = le16_to_cpu(d->req_count);
-
i = ctx->header_length;
- z = le32_to_cpu(pd->branch_address) & 0xf;
- p = d + z;
- end = p + header_length;
+ p = last + 1;
- while (p < end && i + ctx->base.header_size <= PAGE_SIZE) {
+ if (ctx->base.header_size > 0 &&
+ i + ctx->base.header_size <= PAGE_SIZE) {
/*
* The iso header is byteswapped to little endian by
* the controller, but the remaining header quadlets
@@ -1478,14 +1568,11 @@ static int handle_ir_packet_per_buffer(struct context *context,
*/
*(u32 *) (ctx->header + i) = __swab32(*(u32 *) (p + 4));
memcpy(ctx->header + i + 4, p + 8, ctx->base.header_size - 4);
- i += ctx->base.header_size;
- p += ctx->base.header_size + 4;
+ ctx->header_length += ctx->base.header_size;
}
- ctx->header_length = i;
-
- if (le16_to_cpu(pd->control) & DESCRIPTOR_IRQ_ALWAYS) {
- ir_header = (__le32 *) (d + z);
+ if (le16_to_cpu(last->control) & DESCRIPTOR_IRQ_ALWAYS) {
+ ir_header = (__le32 *) p;
ctx->base.callback(&ctx->base,
le32_to_cpu(ir_header[0]) & 0xffff,
ctx->header_length, ctx->header,
@@ -1493,7 +1580,6 @@ static int handle_ir_packet_per_buffer(struct context *context,
ctx->header_length = 0;
}
-
return 1;
}
@@ -1559,8 +1645,7 @@ ohci_allocate_iso_context(struct fw_card *card, int type, size_t header_size)
if (ctx->header == NULL)
goto out;
- retval = context_init(&ctx->context, ohci, ISO_BUFFER_SIZE,
- regs, callback);
+ retval = context_init(&ctx->context, ohci, regs, callback);
if (retval < 0)
goto out_with_header;
@@ -1775,19 +1860,6 @@ ohci_queue_iso_receive_dualbuffer(struct fw_iso_context *base,
* packet, retransmit or terminate..
*/
- if (packet->skip) {
- d = context_get_descriptors(&ctx->context, 2, &d_bus);
- if (d == NULL)
- return -ENOMEM;
-
- db = (struct db_descriptor *) d;
- db->control = cpu_to_le16(DESCRIPTOR_STATUS |
- DESCRIPTOR_BRANCH_ALWAYS |
- DESCRIPTOR_WAIT);
- db->first_size = cpu_to_le16(ctx->base.header_size + 4);
- context_append(&ctx->context, d, 2, 0);
- }
-
p = packet;
z = 2;
@@ -1815,11 +1887,18 @@ ohci_queue_iso_receive_dualbuffer(struct fw_iso_context *base,
db->control = cpu_to_le16(DESCRIPTOR_STATUS |
DESCRIPTOR_BRANCH_ALWAYS);
db->first_size = cpu_to_le16(ctx->base.header_size + 4);
- db->first_req_count = cpu_to_le16(header_size);
+ if (p->skip && rest == p->payload_length) {
+ db->control |= cpu_to_le16(DESCRIPTOR_WAIT);
+ db->first_req_count = db->first_size;
+ } else {
+ db->first_req_count = cpu_to_le16(header_size);
+ }
db->first_res_count = db->first_req_count;
db->first_buffer = cpu_to_le32(d_bus + sizeof(*db));
- if (offset + rest < PAGE_SIZE)
+ if (p->skip && rest == p->payload_length)
+ length = 4;
+ else if (offset + rest < PAGE_SIZE)
length = rest;
else
length = PAGE_SIZE - offset;
@@ -1835,7 +1914,8 @@ ohci_queue_iso_receive_dualbuffer(struct fw_iso_context *base,
context_append(&ctx->context, d, z, header_z);
offset = (offset + length) & ~PAGE_MASK;
rest -= length;
- page++;
+ if (offset == 0)
+ page++;
}
return 0;
@@ -1849,67 +1929,70 @@ ohci_queue_iso_receive_packet_per_buffer(struct fw_iso_context *base,
{
struct iso_context *ctx = container_of(base, struct iso_context, base);
struct descriptor *d = NULL, *pd = NULL;
- struct fw_iso_packet *p;
+ struct fw_iso_packet *p = packet;
dma_addr_t d_bus, page_bus;
u32 z, header_z, rest;
- int i, page, offset, packet_count, header_size;
-
- if (packet->skip) {
- d = context_get_descriptors(&ctx->context, 1, &d_bus);
- if (d == NULL)
- return -ENOMEM;
-
- d->control = cpu_to_le16(DESCRIPTOR_STATUS |
- DESCRIPTOR_INPUT_LAST |
- DESCRIPTOR_BRANCH_ALWAYS |
- DESCRIPTOR_WAIT);
- context_append(&ctx->context, d, 1, 0);
- }
-
- /* one descriptor for header, one for payload */
- /* FIXME: handle cases where we need multiple desc. for payload */
- z = 2;
- p = packet;
+ int i, j, length;
+ int page, offset, packet_count, header_size, payload_per_buffer;
/*
* The OHCI controller puts the status word in the
* buffer too, so we need 4 extra bytes per packet.
*/
packet_count = p->header_length / ctx->base.header_size;
- header_size = packet_count * (ctx->base.header_size + 4);
+ header_size = ctx->base.header_size + 4;
/* Get header size in number of descriptors. */
header_z = DIV_ROUND_UP(header_size, sizeof(*d));
page = payload >> PAGE_SHIFT;
offset = payload & ~PAGE_MASK;
- rest = p->payload_length;
+ payload_per_buffer = p->payload_length / packet_count;
for (i = 0; i < packet_count; i++) {
/* d points to the header descriptor */
+ z = DIV_ROUND_UP(payload_per_buffer + offset, PAGE_SIZE) + 1;
d = context_get_descriptors(&ctx->context,
- z + header_z, &d_bus);
+ z + header_z, &d_bus);
if (d == NULL)
return -ENOMEM;
- d->control = cpu_to_le16(DESCRIPTOR_INPUT_MORE);
+ d->control = cpu_to_le16(DESCRIPTOR_STATUS |
+ DESCRIPTOR_INPUT_MORE);
+ if (p->skip && i == 0)
+ d->control |= cpu_to_le16(DESCRIPTOR_WAIT);
d->req_count = cpu_to_le16(header_size);
d->res_count = d->req_count;
+ d->transfer_status = 0;
d->data_address = cpu_to_le32(d_bus + (z * sizeof(*d)));
- /* pd points to the payload descriptor */
- pd = d + 1;
+ rest = payload_per_buffer;
+ for (j = 1; j < z; j++) {
+ pd = d + j;
+ pd->control = cpu_to_le16(DESCRIPTOR_STATUS |
+ DESCRIPTOR_INPUT_MORE);
+
+ if (offset + rest < PAGE_SIZE)
+ length = rest;
+ else
+ length = PAGE_SIZE - offset;
+ pd->req_count = cpu_to_le16(length);
+ pd->res_count = pd->req_count;
+ pd->transfer_status = 0;
+
+ page_bus = page_private(buffer->pages[page]);
+ pd->data_address = cpu_to_le32(page_bus + offset);
+
+ offset = (offset + length) & ~PAGE_MASK;
+ rest -= length;
+ if (offset == 0)
+ page++;
+ }
pd->control = cpu_to_le16(DESCRIPTOR_STATUS |
DESCRIPTOR_INPUT_LAST |
DESCRIPTOR_BRANCH_ALWAYS);
- if (p->interrupt)
+ if (p->interrupt && i == packet_count - 1)
pd->control |= cpu_to_le16(DESCRIPTOR_IRQ_ALWAYS);
- pd->req_count = cpu_to_le16(rest);
- pd->res_count = pd->req_count;
-
- page_bus = page_private(buffer->pages[page]);
- pd->data_address = cpu_to_le32(page_bus + offset);
-
context_append(&ctx->context, d, z, header_z);
}
@@ -1923,16 +2006,22 @@ ohci_queue_iso(struct fw_iso_context *base,
unsigned long payload)
{
struct iso_context *ctx = container_of(base, struct iso_context, base);
+ unsigned long flags;
+ int retval;
+ spin_lock_irqsave(&ctx->context.ohci->lock, flags);
if (base->type == FW_ISO_CONTEXT_TRANSMIT)
- return ohci_queue_iso_transmit(base, packet, buffer, payload);
+ retval = ohci_queue_iso_transmit(base, packet, buffer, payload);
else if (ctx->context.ohci->version >= OHCI_VERSION_1_1)
- return ohci_queue_iso_receive_dualbuffer(base, packet,
+ retval = ohci_queue_iso_receive_dualbuffer(base, packet,
buffer, payload);
else
- return ohci_queue_iso_receive_packet_per_buffer(base, packet,
+ retval = ohci_queue_iso_receive_packet_per_buffer(base, packet,
buffer,
payload);
+ spin_unlock_irqrestore(&ctx->context.ohci->lock, flags);
+
+ return retval;
}
static const struct fw_card_driver ohci_driver = {
@@ -1953,7 +2042,6 @@ static const struct fw_card_driver ohci_driver = {
.stop_iso = ohci_stop_iso,
};
-
static int __devinit
pci_probe(struct pci_dev *dev, const struct pci_device_id *ent)
{
@@ -2005,10 +2093,10 @@ pci_probe(struct pci_dev *dev, const struct pci_device_id *ent)
ar_context_init(&ohci->ar_response_ctx, ohci,
OHCI1394_AsRspRcvContextControlSet);
- context_init(&ohci->at_request_ctx, ohci, AT_BUFFER_SIZE,
+ context_init(&ohci->at_request_ctx, ohci,
OHCI1394_AsReqTrContextControlSet, handle_at_packet);
- context_init(&ohci->at_response_ctx, ohci, AT_BUFFER_SIZE,
+ context_init(&ohci->at_response_ctx, ohci,
OHCI1394_AsRspTrContextControlSet, handle_at_packet);
reg_write(ohci, OHCI1394_IsoRecvIntMaskSet, ~0);
@@ -2150,8 +2238,8 @@ static struct pci_driver fw_ohci_pci_driver = {
.probe = pci_probe,
.remove = pci_remove,
#ifdef CONFIG_PM
- .resume = pci_resume,
- .suspend = pci_suspend,
+ .resume = pci_resume,
+ .suspend = pci_suspend,
#endif
};
diff --git a/drivers/firewire/fw-sbp2.c b/drivers/firewire/fw-sbp2.c
index 2706846..e9d44fd 100644
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -139,25 +139,33 @@ struct sbp2_logical_unit {
struct sbp2_target {
struct kref kref;
struct fw_unit *unit;
+ struct list_head lu_list;
u64 management_agent_address;
int directory_id;
int node_id;
int address_high;
- unsigned workarounds;
- struct list_head lu_list;
+ unsigned int workarounds;
+
+ unsigned int mgt_orb_timeout;
};
+/*
+ * Per section 7.4.8 of the SBP-2 spec, a mgt_ORB_timeout value can be
+ * provided in the config rom. Most devices do provide a value, which
+ * we'll use for login management orbs, but with some sane limits.
+ */
+#define SBP2_MIN_LOGIN_ORB_TIMEOUT 5000U /* Timeout in ms */
+#define SBP2_MAX_LOGIN_ORB_TIMEOUT 40000U /* Timeout in ms */
+#define SBP2_ORB_TIMEOUT 2000U /* Timeout in ms */
#define SBP2_MAX_SG_ELEMENT_LENGTH 0xf000
-#define SBP2_MAX_SECTORS 255 /* Max sectors supported */
-#define SBP2_ORB_TIMEOUT 200000 /* Timeout in ms */
-
#define SBP2_ORB_NULL 0x80000000
#define SBP2_DIRECTION_TO_MEDIA 0x0
#define SBP2_DIRECTION_FROM_MEDIA 0x1
/* Unit directory keys */
+#define SBP2_CSR_UNIT_CHARACTERISTICS 0x3a
#define SBP2_CSR_FIRMWARE_REVISION 0x3c
#define SBP2_CSR_LOGICAL_UNIT_NUMBER 0x14
#define SBP2_CSR_LOGICAL_UNIT_DIRECTORY 0xd4
@@ -219,7 +227,7 @@ struct sbp2_orb {
#define MANAGEMENT_ORB_LUN(v) ((v))
#define MANAGEMENT_ORB_FUNCTION(v) ((v) << 16)
#define MANAGEMENT_ORB_RECONNECT(v) ((v) << 20)
-#define MANAGEMENT_ORB_EXCLUSIVE(v) ((v) ? 1 << 28 : 0)
+#define MANAGEMENT_ORB_EXCLUSIVE(v) ((v) ? 1 << 28 : 0)
#define MANAGEMENT_ORB_REQUEST_FORMAT(v) ((v) << 29)
#define MANAGEMENT_ORB_NOTIFY ((1) << 31)
@@ -287,7 +295,7 @@ struct sbp2_command_orb {
static const struct {
u32 firmware_revision;
u32 model;
- unsigned workarounds;
+ unsigned int workarounds;
} sbp2_workarounds_table[] = {
/* DViCO Momobay CX-1 with TSB42AA9 bridge */ {
.firmware_revision = 0x002800,
@@ -305,6 +313,7 @@ static const struct {
.model = ~0,
.workarounds = SBP2_WORKAROUND_128K_MAX_TRANS,
},
+
/*
* There are iPods (2nd gen, 3rd gen) with model_id == 0, but
* these iPods do not feature the read_capacity bug according
@@ -404,7 +413,7 @@ complete_transaction(struct fw_card *card, int rcode,
* been set and only does the cleanup if the transaction
* failed and we didn't already get a status write.
*/
- spin_lock_irqsave(&card->lock, flags);
+ spin_lock_irqsave(&card->lock, flags);
if (orb->rcode == -1)
orb->rcode = rcode;
if (orb->rcode != RCODE_COMPLETE) {
@@ -472,7 +481,7 @@ static void
complete_management_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
{
struct sbp2_management_orb *orb =
- container_of(base_orb, struct sbp2_management_orb, base);
+ container_of(base_orb, struct sbp2_management_orb, base);
if (status)
memcpy(&orb->status, status, sizeof(*status));
@@ -486,6 +495,7 @@ sbp2_send_management_orb(struct sbp2_logical_unit *lu, int node_id,
{
struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
struct sbp2_management_orb *orb;
+ unsigned int timeout;
int retval = -ENOMEM;
orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
@@ -516,6 +526,9 @@ sbp2_send_management_orb(struct sbp2_logical_unit *lu, int node_id,
orb->request.misc |=
MANAGEMENT_ORB_EXCLUSIVE(sbp2_param_exclusive_login) |
MANAGEMENT_ORB_RECONNECT(0);
+ timeout = lu->tgt->mgt_orb_timeout;
+ } else {
+ timeout = SBP2_ORB_TIMEOUT;
}
fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
@@ -528,12 +541,11 @@ sbp2_send_management_orb(struct sbp2_logical_unit *lu, int node_id,
sizeof(orb->request), DMA_TO_DEVICE);
if (dma_mapping_error(orb->base.request_bus))
goto fail_mapping_request;
-
+
sbp2_send_orb(&orb->base, lu, node_id, generation,
lu->tgt->management_agent_address);
- wait_for_completion_timeout(&orb->done,
- msecs_to_jiffies(SBP2_ORB_TIMEOUT));
+ wait_for_completion_timeout(&orb->done, msecs_to_jiffies(timeout));
retval = -EIO;
if (sbp2_cancel_orbs(lu) == 0) {
@@ -681,9 +693,10 @@ static void sbp2_login(void *w)
struct sbp2_login_response response;
int generation, node_id, local_node_id;
- generation = device->card->generation;
- node_id = device->node->node_id;
- local_node_id = device->card->local_node->node_id;
+ generation = device->generation;
+ smp_rmb(); /* node_id must not be older than generation */
+ node_id = device->node_id;
+ local_node_id = device->card->node_id;
if (sbp2_send_management_orb(lu, node_id, generation,
SBP2_LOGIN_REQUEST, lu->lun, &response) < 0) {
@@ -694,7 +707,7 @@ static void sbp2_login(void *w)
unit->device.bus_id, lu->lun);
goto out;
}
- lu->generation = generation;
+ lu->generation = generation;
lu->tgt->node_id = node_id;
lu->tgt->address_high = local_node_id << 16;
@@ -722,17 +735,44 @@ static void sbp2_login(void *w)
sdev = __scsi_add_device(shost, 0, 0,
scsilun_to_int(&eight_bytes_lun), lu);
if (IS_ERR(sdev)) {
- sbp2_send_management_orb(lu, node_id, generation,
- SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
/*
- * Set this back to sbp2_login so we fall back and
- * retry login on bus reset.
+ * The most frequent cause for __scsi_add_device() to fail
+ * is a bust reset while sending the SCSI INQUIRY. Try again.
+ */
+ goto out_logout_login;
+
+ } else if (sdev->sdev_state == SDEV_OFFLINE) {
+ /* FIXME: We are unable to perform reconnects while in
+ * sbp2_login(). Therefore __scsi_add_device() will get
+ * into trouble if a bus reset happens in parallel.
+ * It will either fail (that's OK, see above) or take sdev
+ * offline. Here is a crude workaround for the latter.
*/
- PREPARE_WORK(&lu->work, sbp2_login, &(lu->work));
+ scsi_device_put(sdev);
+ scsi_remove_device(sdev);
+ goto out_logout_login;
+
} else {
+ /*
+ * Can you believe it? Everything went well.
+ */
lu->sdev = sdev;
scsi_device_put(sdev);
+ goto out;
}
+
+ out_logout_login:
+ smp_rmb(); /* generation may have changed */
+ generation = device->generation;
+ smp_rmb(); /* node_id must not be older than generation */
+
+ sbp2_send_management_orb(lu, device->node_id, generation,
+ SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
+ /*
+ * If a bus reset happened, sbp2_update will have requeued
+ * lu->work already. Reset the work from reconnect to login.
+ */
+ PREPARE_WORK(&lu->work, sbp2_login, &(lu->work));
out:
sbp2_target_put(lu->tgt);
}
@@ -784,6 +824,7 @@ static int sbp2_scan_unit_dir(struct sbp2_target *tgt, u32 *directory,
{
struct fw_csr_iterator ci;
int key, value;
+ unsigned int timeout;
fw_csr_iterator_init(&ci, directory);
while (fw_csr_iterator_next(&ci, &key, &value)) {
@@ -806,6 +847,21 @@ static int sbp2_scan_unit_dir(struct sbp2_target *tgt, u32 *directory,
*firmware_revision = value;
break;
+ case SBP2_CSR_UNIT_CHARACTERISTICS:
+ /* the timeout value is stored in 500ms units */
+ timeout = ((unsigned int) value >> 8 & 0xff) * 500;
+ timeout = max(timeout, SBP2_MIN_LOGIN_ORB_TIMEOUT);
+ tgt->mgt_orb_timeout =
+ min(timeout, SBP2_MAX_LOGIN_ORB_TIMEOUT);
+
+ if (timeout > tgt->mgt_orb_timeout)
+ fw_notify("%s: config rom contains %ds "
+ "management ORB timeout, limiting "
+ "to %ds\n", tgt->unit->device.bus_id,
+ timeout / 1000,
+ tgt->mgt_orb_timeout / 1000);
+ break;
+
case SBP2_CSR_LOGICAL_UNIT_NUMBER:
if (sbp2_add_logical_unit(tgt, value) < 0)
return -ENOMEM;
@@ -824,7 +880,7 @@ static void sbp2_init_workarounds(struct sbp2_target *tgt, u32 model,
u32 firmware_revision)
{
int i;
- unsigned w = sbp2_param_workarounds;
+ unsigned int w = sbp2_param_workarounds;
if (w)
fw_notify("Please notify linux1394-devel@lists.sourceforge.net "
@@ -843,10 +899,10 @@ static void sbp2_init_workarounds(struct sbp2_target *tgt, u32 model,
if (sbp2_workarounds_table[i].model != model &&
sbp2_workarounds_table[i].model != ~0)
continue;
+
w |= sbp2_workarounds_table[i].workarounds;
break;
}
-
out:
if (w)
fw_notify("Workarounds for %s: 0x%x "
@@ -926,14 +982,15 @@ static void sbp2_reconnect(void *w)
{
struct work_struct *work = w;
struct sbp2_logical_unit *lu =
- container_of(work, struct sbp2_logical_unit, work);
+ container_of(work, struct sbp2_logical_unit, work);
struct fw_unit *unit = lu->tgt->unit;
struct fw_device *device = fw_device(unit->device.parent);
int generation, node_id, local_node_id;
- generation = device->card->generation;
- node_id = device->node->node_id;
- local_node_id = device->card->local_node->node_id;
+ generation = device->generation;
+ smp_rmb(); /* node_id must not be older than generation */
+ node_id = device->node_id;
+ local_node_id = device->card->node_id;
if (sbp2_send_management_orb(lu, node_id, generation,
SBP2_RECONNECT_REQUEST,
@@ -949,12 +1006,13 @@ static void sbp2_reconnect(void *w)
goto out;
}
- lu->generation = generation;
+ lu->generation = generation;
lu->tgt->node_id = node_id;
lu->tgt->address_high = local_node_id << 16;
fw_notify("reconnected to %s LUN %04x (%d retries)\n",
unit->device.bus_id, lu->lun, lu->retries);
+
sbp2_agent_reset(lu);
sbp2_cancel_orbs(lu);
out:
@@ -1156,6 +1214,7 @@ sbp2_map_scatterlist(struct sbp2_command_orb *orb, struct fw_device *device,
sizeof(orb->page_table), DMA_TO_DEVICE);
if (dma_mapping_error(orb->page_table_bus))
goto fail_page_table;
+
/*
* The data_descriptor pointer is the one case where we need
* to fill in the node ID part of the address. All other
@@ -1163,7 +1222,6 @@ sbp2_map_scatterlist(struct sbp2_command_orb *orb, struct fw_device *device,
* initiator (i.e. us), but data_descriptor can refer to data
* on other nodes so we need to put our ID in descriptor.high.
*/
-
orb->request.data_descriptor.high = lu->tgt->address_high;
orb->request.data_descriptor.low = orb->page_table_bus;
orb->request.misc |=
@@ -1186,7 +1244,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
struct sbp2_logical_unit *lu = cmd->device->hostdata;
struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
struct sbp2_command_orb *orb;
- unsigned max_payload;
+ unsigned int max_payload;
int retval = SCSI_MLQUEUE_HOST_BUSY;
/*
@@ -1208,9 +1266,9 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
/* Initialize rcode to something not RCODE_COMPLETE. */
orb->base.rcode = -1;
-
kref_init(&orb->base.kref);
- orb->lu = lu;
+
+ orb->lu = lu;
orb->done = done;
orb->cmd = cmd;
@@ -1249,7 +1307,7 @@ static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
orb->base.request_bus =
dma_map_single(device->card->device, &orb->request,
- sizeof(orb->request), DMA_TO_DEVICE);
+ sizeof(orb->request), DMA_TO_DEVICE);
if (dma_mapping_error(orb->base.request_bus))
goto out;
@@ -1285,8 +1343,10 @@ static int sbp2_scsi_slave_configure(struct scsi_device *sdev)
if (sdev->type == TYPE_DISK &&
lu->tgt->workarounds & SBP2_WORKAROUND_MODE_SENSE_8)
sdev->skip_ms_page_8 = 1;
+
if (lu->tgt->workarounds & SBP2_WORKAROUND_FIX_CAPACITY)
sdev->fix_capacity = 1;
+
if (lu->tgt->workarounds & SBP2_WORKAROUND_128K_MAX_TRANS)
blk_queue_max_sectors(sdev->request_queue, 128 * 1024 / 512);
@@ -1304,6 +1364,7 @@ static int sbp2_scsi_abort(struct scsi_cmnd *cmd)
fw_notify("sbp2_scsi_abort\n");
sbp2_agent_reset(lu);
sbp2_cancel_orbs(lu);
+
return SUCCESS;
}
@@ -1324,8 +1385,10 @@ sbp2_sysfs_ieee1394_id_show(struct device *dev, struct device_attribute *attr,
if (!sdev)
return 0;
+
lu = sdev->hostdata;
device = fw_device(lu->tgt->unit->device.parent);
+
return sprintf(buf, "%08x%08x:%06x:%04x\n",
device->config_rom[3], device->config_rom[4],
lu->tgt->directory_id, lu->lun);
@@ -1369,7 +1432,7 @@ static int __init sbp2_init(void)
sbp2_wq = create_singlethread_workqueue(KBUILD_MODNAME);
if (!sbp2_wq)
return -ENOMEM;
-
+
return driver_register(&sbp2_driver.driver);
}
diff --git a/drivers/firewire/fw-topology.c b/drivers/firewire/fw-topology.c
index 4a8531f..8fad17e 100644
--- a/drivers/firewire/fw-topology.c
+++ b/drivers/firewire/fw-topology.c
@@ -518,6 +518,11 @@ fw_core_handle_bus_reset(struct fw_card *card,
card->bm_retries = 0;
card->node_id = node_id;
+ /*
+ * Update node_id before generation to prevent anybody from using
+ * a stale node_id together with a current generation.
+ */
+ smp_wmb();
card->generation = generation;
card->reset_jiffies = jiffies;
schedule_delayed_work(&card->work, 0);
diff --git a/drivers/firewire/fw-transaction.c b/drivers/firewire/fw-transaction.c
index aa2d9ee..7fcc59d 100644
--- a/drivers/firewire/fw-transaction.c
+++ b/drivers/firewire/fw-transaction.c
@@ -153,7 +153,7 @@ fw_fill_request(struct fw_packet *packet, int tcode, int tlabel,
int ext_tcode;
if (tcode > 0x10) {
- ext_tcode = tcode - 0x10;
+ ext_tcode = tcode & ~0x10;
tcode = TCODE_LOCK_REQUEST;
} else
ext_tcode = 0;
@@ -434,7 +434,7 @@ fw_core_add_address_handler(struct fw_address_handler *handler,
handler->offset,
handler->length);
if (other != NULL) {
- handler->offset +=
+ handler->offset =
roundup(other->offset + other->length, 4);
} else {
list_add_tail(&handler->link, &address_handler_list);
@@ -612,7 +612,7 @@ fw_send_response(struct fw_card *card, struct fw_request *request, int rcode)
* broadcast packets or posted writes.
*/
if (request->ack != ACK_PENDING) {
- kfree ( request );
+ kfree(request);
return;
}
@@ -650,7 +650,7 @@ fw_core_handle_request(struct fw_card *card, struct fw_packet *p)
HEADER_GET_OFFSET_HIGH(p->header[1]) << 32) | p->header[2];
tcode = HEADER_GET_TCODE(p->header[0]);
destination = HEADER_GET_DESTINATION(p->header[0]);
- source = HEADER_GET_SOURCE(p->header[0]);
+ source = HEADER_GET_SOURCE(p->header[1]);
spin_lock_irqsave(&address_handler_lock, flags);
handler = lookup_enclosing_address_handler(&address_handler_list,
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
829
