firewire: insist on successive self ID complete events
authorStefan Richter <stefanr@s5r6.in-berlin.de>
Wed, 19 Mar 2008 21:02:40 +0000 (22:02 +0100)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Tue, 20 Jan 2009 18:29:51 +0000 (19:29 +0100)
The whole topology code only works if the old and new topologies which
are compared come from immediately successive self ID complete events.

If there happened bus resets without self ID complete events in the
meantime, or self ID complete events with invalid selfIDs, the topology
comparison could identify nodes wrongly, or more likely just corrupt
kernel memory or panic right away.

We now discard all nodes of the old topology and treat all current nodes
as new ones if the current self ID generation is not the previous one
plus 1.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Jarod Wilson <jwilson@redhat.com>
drivers/firewire/fw-topology.c

index c9be6e6948c4aec745e71a3cd25e4990ebf65f57..e7520e4bd6bcea739655b16a0b8c826d3068e172 100644 (file)
@@ -518,6 +518,18 @@ fw_core_handle_bus_reset(struct fw_card *card,
        struct fw_node *local_node;
        unsigned long flags;
 
+       /*
+        * If the selfID buffer is not the immediate successor of the
+        * previously processed one, we cannot reliably compare the
+        * old and new topologies.
+        */
+       if ((generation & 0xff) != ((card->generation + 1) & 0xff) &&
+           card->local_node != NULL) {
+               fw_notify("skipped bus generations, destroying all nodes\n");
+               fw_destroy_nodes(card);
+               card->bm_retries = 0;
+       }
+
        spin_lock_irqsave(&card->lock, flags);
 
        card->node_id = node_id;