firewire: fix use of multiple AV/C devices, allow multiple FCP listeners
authorClemens Ladisch <cladisch@fastmail.net>
Thu, 24 Dec 2009 11:05:58 +0000 (12:05 +0100)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Tue, 29 Dec 2009 18:58:16 +0000 (19:58 +0100)
Control of more than one AV/C device at once --- e.g. camcorders, tape
decks, audio devices, TV tuners --- failed or worked only unreliably,
depending on driver implementation.  This affected kernelspace and
userspace drivers alike and was caused by firewire-core's inability to
accept multiple registrations of FCP listeners.

The fix allows multiple address handlers to be registered for the FCP
command and response registers.  When a request for these registers is
received, all handlers are invoked, and the Firewire response is
generated by the core and not by any handler.

The cdev API does not change, i.e., userspace is still expected to send
a response for FCP requests; this response is silently ignored.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (changelog, rebased, whitespace)
drivers/firewire/core-cdev.c
drivers/firewire/core-transaction.c
drivers/media/dvb/firewire/firedtv-fw.c
include/linux/firewire-cdev.h
include/linux/firewire.h

index 231e6ee5ba4397c6aa511ad8ff2df4f54129799b..2cb22d160f6e534a58a2b8d74931e99151150100 100644 (file)
@@ -601,8 +601,9 @@ static void release_request(struct client *client,
        struct inbound_transaction_resource *r = container_of(resource,
                        struct inbound_transaction_resource, resource);
 
-       fw_send_response(client->device->card, r->request,
-                        RCODE_CONFLICT_ERROR);
+       if (r->request)
+               fw_send_response(client->device->card, r->request,
+                                RCODE_CONFLICT_ERROR);
        kfree(r);
 }
 
@@ -645,7 +646,8 @@ static void handle_request(struct fw_card *card, struct fw_request *request,
  failed:
        kfree(r);
        kfree(e);
-       fw_send_response(card, request, RCODE_CONFLICT_ERROR);
+       if (request)
+               fw_send_response(card, request, RCODE_CONFLICT_ERROR);
 }
 
 static void release_address_handler(struct client *client,
@@ -715,15 +717,17 @@ static int ioctl_send_response(struct client *client, void *buffer)
 
        r = container_of(resource, struct inbound_transaction_resource,
                         resource);
-       if (request->length < r->length)
-               r->length = request->length;
-
-       if (copy_from_user(r->data, u64_to_uptr(request->data), r->length)) {
-               ret = -EFAULT;
-               goto out;
+       if (r->request) {
+               if (request->length < r->length)
+                       r->length = request->length;
+               if (copy_from_user(r->data, u64_to_uptr(request->data),
+                                  r->length)) {
+                       ret = -EFAULT;
+                       goto out;
+               }
+               fw_send_response(client->device->card, r->request,
+                                request->rcode);
        }
-
-       fw_send_response(client->device->card, r->request, request->rcode);
  out:
        kfree(r);
 
index 842739df23e26cbb3f6a8caeec780c0872dc60fa..495849eb13cc2a3858f3675dc81b1359af706a72 100644 (file)
@@ -432,14 +432,20 @@ static struct fw_address_handler *lookup_overlapping_address_handler(
        return NULL;
 }
 
+static bool is_enclosing_handler(struct fw_address_handler *handler,
+                                unsigned long long offset, size_t length)
+{
+       return handler->offset <= offset &&
+               offset + length <= handler->offset + handler->length;
+}
+
 static struct fw_address_handler *lookup_enclosing_address_handler(
        struct list_head *list, unsigned long long offset, size_t length)
 {
        struct fw_address_handler *handler;
 
        list_for_each_entry(handler, list, link) {
-               if (handler->offset <= offset &&
-                   offset + length <= handler->offset + handler->length)
+               if (is_enclosing_handler(handler, offset, length))
                        return handler;
        }
 
@@ -465,6 +471,12 @@ const struct fw_address_region fw_unit_space_region =
        { .start = 0xfffff0000900ULL, .end = 0x1000000000000ULL, };
 #endif  /*  0  */
 
+static bool is_in_fcp_region(u64 offset, size_t length)
+{
+       return offset >= (CSR_REGISTER_BASE | CSR_FCP_COMMAND) &&
+               offset + length <= (CSR_REGISTER_BASE | CSR_FCP_END);
+}
+
 /**
  * fw_core_add_address_handler - register for incoming requests
  * @handler: callback
@@ -477,8 +489,11 @@ const struct fw_address_region fw_unit_space_region =
  * give the details of the particular request.
  *
  * Return value:  0 on success, non-zero otherwise.
+ *
  * The start offset of the handler's address region is determined by
  * fw_core_add_address_handler() and is returned in handler->offset.
+ *
+ * Address allocations are exclusive, except for the FCP registers.
  */
 int fw_core_add_address_handler(struct fw_address_handler *handler,
                                const struct fw_address_region *region)
@@ -498,10 +513,12 @@ int fw_core_add_address_handler(struct fw_address_handler *handler,
 
        handler->offset = region->start;
        while (handler->offset + handler->length <= region->end) {
-               other =
-                   lookup_overlapping_address_handler(&address_handler_list,
-                                                      handler->offset,
-                                                      handler->length);
+               if (is_in_fcp_region(handler->offset, handler->length))
+                       other = NULL;
+               else
+                       other = lookup_overlapping_address_handler
+                                       (&address_handler_list,
+                                        handler->offset, handler->length);
                if (other != NULL) {
                        handler->offset += other->length;
                } else {
@@ -668,6 +685,9 @@ static struct fw_request *allocate_request(struct fw_packet *p)
 void fw_send_response(struct fw_card *card,
                      struct fw_request *request, int rcode)
 {
+       if (WARN_ONCE(!request, "invalid for FCP address handlers"))
+               return;
+
        /* unified transaction or broadcast transaction: don't respond */
        if (request->ack != ACK_PENDING ||
            HEADER_DESTINATION_IS_BROADCAST(request->request_header[0])) {
@@ -686,26 +706,15 @@ void fw_send_response(struct fw_card *card,
 }
 EXPORT_SYMBOL(fw_send_response);
 
-void fw_core_handle_request(struct fw_card *card, struct fw_packet *p)
+static void handle_exclusive_region_request(struct fw_card *card,
+                                           struct fw_packet *p,
+                                           struct fw_request *request,
+                                           unsigned long long offset)
 {
        struct fw_address_handler *handler;
-       struct fw_request *request;
-       unsigned long long offset;
        unsigned long flags;
        int tcode, destination, source;
 
-       if (p->ack != ACK_PENDING && p->ack != ACK_COMPLETE)
-               return;
-
-       request = allocate_request(p);
-       if (request == NULL) {
-               /* FIXME: send statically allocated busy packet. */
-               return;
-       }
-
-       offset      =
-               ((unsigned long long)
-                HEADER_GET_OFFSET_HIGH(p->header[1]) << 32) | p->header[2];
        tcode       = HEADER_GET_TCODE(p->header[0]);
        destination = HEADER_GET_DESTINATION(p->header[0]);
        source      = HEADER_GET_SOURCE(p->header[1]);
@@ -732,6 +741,73 @@ void fw_core_handle_request(struct fw_card *card, struct fw_packet *p)
                                          request->data, request->length,
                                          handler->callback_data);
 }
+
+static void handle_fcp_region_request(struct fw_card *card,
+                                     struct fw_packet *p,
+                                     struct fw_request *request,
+                                     unsigned long long offset)
+{
+       struct fw_address_handler *handler;
+       unsigned long flags;
+       int tcode, destination, source;
+
+       if ((offset != (CSR_REGISTER_BASE | CSR_FCP_COMMAND) &&
+            offset != (CSR_REGISTER_BASE | CSR_FCP_RESPONSE)) ||
+           request->length > 0x200) {
+               fw_send_response(card, request, RCODE_ADDRESS_ERROR);
+
+               return;
+       }
+
+       tcode       = HEADER_GET_TCODE(p->header[0]);
+       destination = HEADER_GET_DESTINATION(p->header[0]);
+       source      = HEADER_GET_SOURCE(p->header[1]);
+
+       if (tcode != TCODE_WRITE_QUADLET_REQUEST &&
+           tcode != TCODE_WRITE_BLOCK_REQUEST) {
+               fw_send_response(card, request, RCODE_TYPE_ERROR);
+
+               return;
+       }
+
+       spin_lock_irqsave(&address_handler_lock, flags);
+       list_for_each_entry(handler, &address_handler_list, link) {
+               if (is_enclosing_handler(handler, offset, request->length))
+                       handler->address_callback(card, NULL, tcode,
+                                                 destination, source,
+                                                 p->generation, p->speed,
+                                                 offset, request->data,
+                                                 request->length,
+                                                 handler->callback_data);
+       }
+       spin_unlock_irqrestore(&address_handler_lock, flags);
+
+       fw_send_response(card, request, RCODE_COMPLETE);
+}
+
+void fw_core_handle_request(struct fw_card *card, struct fw_packet *p)
+{
+       struct fw_request *request;
+       unsigned long long offset;
+
+       if (p->ack != ACK_PENDING && p->ack != ACK_COMPLETE)
+               return;
+
+       request = allocate_request(p);
+       if (request == NULL) {
+               /* FIXME: send statically allocated busy packet. */
+               return;
+       }
+
+       offset = ((u64)HEADER_GET_OFFSET_HIGH(p->header[1]) << 32) |
+               p->header[2];
+
+       if (!is_in_fcp_region(offset, request->length))
+               handle_exclusive_region_request(card, p, request, offset);
+       else
+               handle_fcp_region_request(card, p, request, offset);
+
+}
 EXPORT_SYMBOL(fw_core_handle_request);
 
 void fw_core_handle_response(struct fw_card *card, struct fw_packet *p)
index fe44789ab03793fed09a9740e8622b9b798ceadc..6223bf01efe96893db6662bd5e308a8a59af6333 100644 (file)
@@ -202,14 +202,8 @@ static void handle_fcp(struct fw_card *card, struct fw_request *request,
        unsigned long flags;
        int su;
 
-       if ((tcode != TCODE_WRITE_QUADLET_REQUEST &&
-            tcode != TCODE_WRITE_BLOCK_REQUEST) ||
-           offset != CSR_REGISTER_BASE + CSR_FCP_RESPONSE ||
-           length == 0 ||
-           (((u8 *)payload)[0] & 0xf0) != 0) {
-               fw_send_response(card, request, RCODE_TYPE_ERROR);
+       if (length < 2 || (((u8 *)payload)[0] & 0xf0) != 0)
                return;
-       }
 
        su = ((u8 *)payload)[1] & 0x7;
 
@@ -230,10 +224,8 @@ static void handle_fcp(struct fw_card *card, struct fw_request *request,
        }
        spin_unlock_irqrestore(&node_list_lock, flags);
 
-       if (fdtv) {
+       if (fdtv)
                avc_recv(fdtv, payload, length);
-               fw_send_response(card, request, RCODE_COMPLETE);
-       }
 }
 
 static struct fw_address_handler fcp_handler = {
index c6b3ca3af6df6ce93614d3f6df59986b15fc4fd8..1f716d9f714b05b00d949891fd0b550e48fbee36 100644 (file)
@@ -340,6 +340,9 @@ struct fw_cdev_send_response {
  * The @closure field is passed back to userspace in the response event.
  * The @handle field is an out parameter, returning a handle to the allocated
  * range to be used for later deallocation of the range.
+ *
+ * The address range is allocated on all local nodes.  The address allocation
+ * is exclusive except for the FCP command and response registers.
  */
 struct fw_cdev_allocate {
        __u64 offset;
index 9416a461b69654b78bf51532cbecff7654f83c8e..a0e67150a729cadbc6782ab70821b2d5981a09ab 100644 (file)
@@ -248,8 +248,8 @@ typedef void (*fw_transaction_callback_t)(struct fw_card *card, int rcode,
                                          void *data, size_t length,
                                          void *callback_data);
 /*
- * Important note:  The callback must guarantee that either fw_send_response()
- * or kfree() is called on the @request.
+ * Important note:  Except for the FCP registers, the callback must guarantee
+ * that either fw_send_response() or kfree() is called on the @request.
  */
 typedef void (*fw_address_callback_t)(struct fw_card *card,
                                      struct fw_request *request,