GitHub/exynos8895/android_kernel_samsung_universal8895.git
15 years agofirewire: clean up includes
Stefan Richter [Thu, 4 Jun 2009 19:09:38 +0000 (21:09 +0200)]
firewire: clean up includes

Include required headers which were only indirectly included.
Remove unused includes and an unused constant.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: ohci: access bus_seconds atomically
Stefan Richter [Thu, 4 Jun 2009 19:08:43 +0000 (21:08 +0200)]
firewire: ohci: access bus_seconds atomically

In the unlikely event that card->driver->get_bus_time() is called during
a cycle64Seconds interrupt, we could read garbage unless atomic accesses
are used.

The switch to atomic ops requires to change the 64 seconds counter from
unsigned to signed, but this shouldn't matter to the end result.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: also use vendor ID in root directory for driver matches
Stefan Richter [Sun, 15 Feb 2009 23:22:05 +0000 (00:22 +0100)]
firewire: also use vendor ID in root directory for driver matches

Due to AV/C protocol extensions, FireDTV devices need a vendor-specific
driver.  But their configuration ROM features a vendor ID only in the
root directory, not in the unit directory.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: share device ID table type with ieee1394
Stefan Richter [Sun, 15 Feb 2009 22:12:34 +0000 (23:12 +0100)]
firewire: share device ID table type with ieee1394

That way, the new firedtv driver will be able to use a single ID table
in builds against ieee1394 core and/or against firewire core.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: add sysfs attribute for easier udev rules
Stefan Richter [Fri, 22 May 2009 22:03:29 +0000 (00:03 +0200)]
firewire: core: add sysfs attribute for easier udev rules

This adds the attribute /sys/bus/firewire/devices/fw[0-9]+/units.  It
can be used in udev rules like the following ones:

# IIDC devices: industrial cameras and some webcams
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010?*", GROUP="video"

# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, ...
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", GROUP="video"

Background:

firewire-core manages two device types:
  - fw_device is a FireWire node.  A character device file is associated
    with it.
  - fw_unit is a unit directory on a node.  Each fw_device may have 0..n
    children of type fw_unit.  The units tell us what kinds of protocols
    a node implements.

We want to set ownership or ACLs or permissions of the character device
file of an fw_device, or/and create symlinks to it, based on available
protocols.  Until now udev rules had to look at the fw_unit devices and
then modify their parent's character device file accordingly.  This is
problematic for two reasons:  1) It happens sometime after the creation
of the fw_device, 2) an access policy may require that information from
all children is evaluated before a decision about the parent is made.

Problem 1) can ultimately not be avoided since this is the nature of
FireWire nodes:  They may add or remove unit directories at any point in
time.

However, we can still help userland a lot by providing the protocol type
information of all units in a summary sysfs attribute directly at the
fw_device.  This way,
   - the information is immediately available at the affected device
     when userspace goes about to handle an ADD or CHANGE event of the
     fw_device,
   - with most policies, it won't be necessary anymore to dig through
     child attributes.

The new attribute is called "units".  It contains space-separated tuples
of specifier_id and version of each present unit.  The delimiter within
tuples is a colon.  Specifier_id and version are printed as 0x%06x.

Here is an example of a node which implements an IPv4 unit and an IPv6
unit:  $ cat /sys/bus/firewire/devices/fw2/units
0x00005e:0x000001 0x00005e:0x000002

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: check for missing struct update at build time, not run time
Stefan Richter [Fri, 22 May 2009 21:16:27 +0000 (23:16 +0200)]
firewire: core: check for missing struct update at build time, not run time

struct fw_attribute_group.attrs.[] must have enough room for all
attributes.  This can and should be checked at build time.

Our previous check at run time was a little late and not reliable since
most of the time less than the available attributes are populated.

Furthermore, omit an increment of an index at its last usage.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: improve check for local node
Stefan Richter [Wed, 13 May 2009 19:42:14 +0000 (21:42 +0200)]
firewire: core: improve check for local node

My recently added test for a device being local in fw-cdev.c got it
slightly wrong:  Comparisons of node IDs are only valid if the
generation is current, which I forgot to check.  Normally, serialization
by card->lock takes care of this, but a device in FW_DEVICE_GONE state
will necessarily have a wrong generation and invalid node_id.

The "is it local?" check is made 100% correct and simpler now by means
of a struct fw_device flag which is set at fw_device creation.

Besides the fw-cdev site which was to be fixed, there is another site
which can make use of the new flag, and an RFC-2734 driver will benefit
from it too.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoDVB: firedtv: FireDTV S2 problems with tuning solved
Beat Michel Liechti [Thu, 26 Mar 2009 21:36:52 +0000 (22:36 +0100)]
DVB: firedtv: FireDTV S2 problems with tuning solved

Signed-off-by: Beat Michel Liechti <bml303@gmail.com>
Tuning was broken on FireDTV S2 (and presumably  FloppyDTV S2) because a
wrong opcode was sent.  The box only gave "not implemented" responses.
Changing the opcode to _TUNE_QPSK2 fixes this for good.

Cc: stable@kernel.org
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoDVB: firedtv: fix printk format mismatch
Stefan Richter [Thu, 5 Mar 2009 18:13:43 +0000 (19:13 +0100)]
DVB: firedtv: fix printk format mismatch

Eliminate
drivers/media/dvb/firewire/firedtv-avc.c: In function 'debug_fcp':
drivers/media/dvb/firewire/firedtv-avc.c:156: warning: format '%d' expects type 'int', but argument 5 has type 'size_t'

Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoieee1394: constify device ID tables
Stefan Richter [Sun, 15 Feb 2009 22:11:38 +0000 (23:11 +0100)]
ieee1394: constify device ID tables

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoieee1394: raw1394: add sparse annotations to raw1394_compat_write
Stefan Richter [Sun, 15 Feb 2009 21:49:24 +0000 (22:49 +0100)]
ieee1394: raw1394: add sparse annotations to raw1394_compat_write

Eliminate the following warnings in raw1394_compat_write()'s error
return path, seen on x86-64 with CONFIG_COMPAT=y:

drivers/ieee1394/raw1394.c:381:17: warning: incorrect type in return expression (different address spaces)
drivers/ieee1394/raw1394.c:381:17:    expected char const [noderef] <asn:1>*
drivers/ieee1394/raw1394.c:381:17:    got void *
drivers/ieee1394/raw1394.c:2252:14: warning: incorrect type in argument 1 (different address spaces)
drivers/ieee1394/raw1394.c:2252:14:    expected void const *ptr
drivers/ieee1394/raw1394.c:2252:14:    got char const [noderef] <asn:1>*[assigned] buffer
drivers/ieee1394/raw1394.c:2253:19: warning: incorrect type in argument 1 (different address spaces)
drivers/ieee1394/raw1394.c:2253:19:    expected void const *ptr
drivers/ieee1394/raw1394.c:2253:19:    got char const [noderef] <asn:1>*[assigned] buffer

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoieee1394: Storage class should be before const qualifier
Tobias Klauser [Mon, 9 Feb 2009 21:05:06 +0000 (22:05 +0100)]
ieee1394: Storage class should be before const qualifier

The C99 specification states in section 6.11.5:

The placement of a storage-class specifier other than at the beginning
of the declaration specifiers in a declaration is an obsolescent
feature.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoieee1394: sbp2: follow up on "ieee1394: inherit ud vendor_id from node vendor_id"
Stefan Richter [Sat, 24 Jan 2009 18:41:46 +0000 (19:41 +0100)]
ieee1394: sbp2: follow up on "ieee1394: inherit ud vendor_id from node vendor_id"

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: optimize propagation of BROADCAST_CHANNEL
Stefan Richter [Tue, 10 Mar 2009 20:09:28 +0000 (21:09 +0100)]
firewire: core: optimize propagation of BROADCAST_CHANNEL

Cache the test result of whether a device implements BROADCAST_CHANNEL.
This minimizes traffic on the bus after each bus reset.  A majority of
devices does not implement BROADCAST_CHANNEL.

Remove busy retries; just rely on the hardware to retry requests to busy
responders.  Remove unnecessary log messages.

Rename the flag is_irm to broadcast_channel_allocated to better reflect
its meaning.  Reset the flag earlier in fw_core_handle_bus_reset.

Pass the generation down as a call parameter; that way generation can't
be newer than card->broadcast_channel_allocated and device->node_id.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: simplify broadcast channel allocation
Stefan Richter [Tue, 10 Mar 2009 20:08:37 +0000 (21:08 +0100)]
firewire: core: simplify broadcast channel allocation

fw-iso.c has channel allocation code now, use it.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: increase bus manager grace period
Stefan Richter [Tue, 10 Mar 2009 20:07:46 +0000 (21:07 +0100)]
firewire: core: increase bus manager grace period

Per IEEE 1394 clause 8.4.2.5, bus manager capable nodes which are not
incumbent shall wait at least 125ms before trying to establish
themselves as bus manager.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: drop unused call parameters of close_transaction
Stefan Richter [Tue, 10 Mar 2009 20:07:06 +0000 (21:07 +0100)]
firewire: core: drop unused call parameters of close_transaction

All callers inserted NULL and 0 here.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add closure to async stream ioctl
Stefan Richter [Tue, 10 Mar 2009 20:02:21 +0000 (21:02 +0100)]
firewire: cdev: add closure to async stream ioctl

This changes the as yet unreleased FW_CDEV_IOC_SEND_STREAM_PACKET ioctl
to generate an fw_cdev_event_response event just like the other two
ioctls for asynchronous request transmission do.  This way, clients get
feedback on successful or unsuccessful transmission.

This also adds input validation for length, tag, channel, sy, speed.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: simplify FW_CDEV_IOC_SEND_REQUEST return value
Stefan Richter [Tue, 10 Mar 2009 20:01:54 +0000 (21:01 +0100)]
firewire: cdev: simplify FW_CDEV_IOC_SEND_REQUEST return value

This changes the ioctl() return value of FW_CDEV_IOC_SEND_REQUEST and of
the as yet unreleased FW_CDEV_IOC_SEND_BROADCAST_REQUEST.  They used to
return
sizeof(struct fw_cdev_send_request *) + data_length

which is obviously a failed attempt to emulate the return value of
raw1394's respective interface which uses write() instead of ioctl().

However, the first summand, as size of a kernel pointer, is entirely
meaningless to clients and the second summand is already known to
clients.  And the result does not resemble raw1394's write() return
code anyway.

So simplify it to a constant non-negative value, i.e. 0.  The only
dangers here would be that future client implementations check for error
by ret != 0 instead of ret < 0 when running on top of an old kernel; or
that current clients interpret ret = 0 or more as failure.  But both are
hypothetical cases which don't justify to return irritating values.

While we touch this code, also remove "& 0x1f" from tcode in the call of
fw_send_request.  The tcode cannot be bigger than 0x1f at this point.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: fix race of ioctl_send_request with bus reset
Stefan Richter [Tue, 10 Mar 2009 20:01:08 +0000 (21:01 +0100)]
firewire: cdev: fix race of ioctl_send_request with bus reset

The bus reset handler concurrently frees client->device->node.  Use
device->node_id instead.  This is equivalent to device->node->node_id
while device->generation is current.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: secure add_descriptor ioctl
Stefan Richter [Tue, 10 Mar 2009 20:00:23 +0000 (21:00 +0100)]
firewire: cdev: secure add_descriptor ioctl

The access permissions and ownership or ACL of /dev/fw* character device
files will typically be set based on the device type of the respective
nodes, as obtained by firewire-core from descriptors in the device's
configuration ROM.  An example policy is to deny write permission by
default but grant write permission to files of AV/C video and audio
devices and IIDC video devices.

The FW_CDEV_IOC_ADD_DESCRIPTOR ioctl could be used to partly subvert
such a policy:  Find a device file with relaxed permissions, use the
ioctl to add a descriptor with AV/C marker to the local node's ROM, thus
gain access to the local node's character device file.  (This is only
possible if there are udev scripts installed which actively relax
permissions for known device types and if there is a device of such a
type connected.)

Accessibility of the local node's device file is relevant to host
security if the host contains two or more IEEE 1394 link layer
controllers which are plugged into a single bus.

Therefore change the ABI to deny FW_CDEV_IOC_ADD_DESCRIPTOR if the file
belongs to a remote node.  (This change has no impact on known
implementers of the ABI:  None of them uses the ioctl yet.)

Also clarify the documentation:  The ioctl affects all local nodes, not
just one local node.

Cc: stable@kernel.org
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: amendment to "add ioctl to query maximum transmission speed"
Stefan Richter [Tue, 10 Mar 2009 19:59:16 +0000 (20:59 +0100)]
firewire: cdev: amendment to "add ioctl to query maximum transmission speed"

The as yet unreleased FW_CDEV_IOC_GET_SPEED ioctl puts only a single
integer into the parameter buffer.  We can use ioctl()'s return value
instead.

(Also: Some whitespace change in firewire-cdev.h.)

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: broadcast channel support
Jay Fenlason [Mon, 23 Feb 2009 20:59:34 +0000 (15:59 -0500)]
firewire: broadcast channel support

This patch adds the ISO broadcast channel support that is required of a
1394a IRM.  In specific, if the local device the IRM, it allocates ISO
channel 31 and sets the broadcast channel register of all devices on the
local bus to BROADCAST_CHANNEL_INITIAL | BROADCAST_CHANNEL_VALID to indicate
that channel 31 can be use for broadcast messages.

One minor complication is that on startup the local device may become IRM
before all the devices on the bus have been enumerated by the stack.  Therefore
we have to keep a "the local device is IRM" flag and possibly set the
broadcast channel register of new devices at enumeration time.

Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: implement asynchronous stream transmission
Jay Fenlason [Thu, 5 Mar 2009 18:08:40 +0000 (19:08 +0100)]
firewire: implement asynchronous stream transmission

Allow userspace and other firewire drivers (fw-ipv4 I'm looking at
you!) to send Asynchronous Transmit Streams as described in 7.8.3 of
release 1.1 of the 1394 Open Host Controller Interface Specification.

Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (tweaks)
15 years agofirewire: core: normalize a function argument name
Stefan Richter [Thu, 5 Mar 2009 18:07:00 +0000 (19:07 +0100)]
firewire: core: normalize a function argument name

It's called "payload" rather than "data" almost everywhere in
fw-transaction.c.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: normalize a variable name
Stefan Richter [Tue, 3 Feb 2009 16:55:19 +0000 (17:55 +0100)]
firewire: normalize a variable name

Standardize on  if (err)
                        handle_error;
           and  if (ret < 0)
                        handle_error;

Don't call a variable err if we store values in it which mean success.
Also, offset some return statements by a blank line since this how we do
it in drivers/firewire.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: remove condition which is always false
Stefan Richter [Sat, 17 Jan 2009 21:45:54 +0000 (22:45 +0100)]
firewire: core: remove condition which is always false

reread_bus_info_block() only gets to see devices whose config_rom_length
is at least 6 (ROM header, bus info block, root directory header).

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: move some functions
Stefan Richter [Sat, 17 Jan 2009 21:45:54 +0000 (22:45 +0100)]
firewire: core: move some functions

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: clean up includes
Stefan Richter [Sat, 17 Jan 2009 21:45:54 +0000 (22:45 +0100)]
firewire: core: clean up includes

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: simplify a schedule_delayed_work wrapper
Stefan Richter [Sun, 11 Jan 2009 12:44:46 +0000 (13:44 +0100)]
firewire: cdev: simplify a schedule_delayed_work wrapper

The kernel API documentation says that queue_delayed_work() returns 0
(only) if the work was already queued.  The return codes of
schedule_delayed_work() are not documented but the same.

In init_iso_resource(), the work has never been queued yet, hence we
can assume schedule_delayed_work() to be a guaranteed success there.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add ioctls for iso resource management, amendment
Stefan Richter [Thu, 8 Jan 2009 22:07:40 +0000 (23:07 +0100)]
firewire: cdev: add ioctls for iso resource management, amendment

Some fixes:
  - Remove stale documentation.
  - Fix a != vs. == thinko that got in the way of channel management.
  - Try bandwidth deallocation even if channel deallocation failed.

A simplification:
  - fw_cdev_allocate_iso_resource.channels is now ordered like
    libdc1394's dc1394_iso_allocate_channel() channels_allowed
    argument.

By the way, I looked closer at cards from NEC, TI, and VIA, and noticed
that they all don't implement IEEE 1394a behaviour which is meant to
deviate from IEEE 1212's notion of lock compare-swap.  This means that
we have to do two lock transactions instead of one in many cases where
one transaction would already succeed on a fully 1394a compliant IRM.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: increment fw_cdev_version, update documentation
Stefan Richter [Wed, 7 Jan 2009 19:14:53 +0000 (20:14 +0100)]
firewire: cdev: increment fw_cdev_version, update documentation

Necessary due to
    Date: Tue, 22 Jul 2008 23:23:40 -0700
    From: David Moore <dcm@acm.org>
    Subject: firewire: Include iso timestamp in headers when header_size > 4

Side note:  The lack of upwards compatibility sounds worse than it is.
All existing client implementations, libraw1394 and libdc1394, set
header_size = 4.  And since the ABI v1 behaviour does not offer any
advantages over the new behaviour, we deliberately do not provide the
old behaviour anymore.

Also add documentation about the format of fw_cdev_get_cycle_timer which
may be used in conjunction with the timestamp of iso packets but has a
different format.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: shut down iso context before freeing the buffer
Stefan Richter [Mon, 5 Jan 2009 19:28:10 +0000 (20:28 +0100)]
firewire: cdev: shut down iso context before freeing the buffer

DMA must be halted before we DMA-unmap and free the DMA buffer.  Since
we cannot rely on the client to stop the context before it closes the
fd, we have to reorder fw_iso_buffer_destroy vs. fw_iso_context_destroy.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: replace some spin_lock_irqsave by spin_lock_irq
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: replace some spin_lock_irqsave by spin_lock_irq

All of these functions are entered with IRQs enabled.
Hence the unconditional spin_unlock_irq can be used.

Function:                  Caller context:
    dequeue_event()            client process, via read(2)
    fill_bus_reset_event()     fw-device.c update worqueue job
    release_client_resource()  client process, via ioctl(2)
    fw_device_op_release()     client process, via close(2)

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: extend transaction payload size check
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: extend transaction payload size check

Make the size check of ioctl_send_request and
ioctl_send_broadcast_request speed dependent.  Also change the error
return code from -EINVAL to -EIO to distinguish this from other errors
concerning the ioctl parameters.

Another payload size limit for which we don't check here though is the
remote node's Bus_Info_Block.max_rec.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: restrict broadcast write requests to Units Space
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: restrict broadcast write requests to Units Space

We don't want random users write to Memory Space (e.g. PCs with physical
DMA filters down) or to core CSRs like Reset_Start.

This does not protect SBP-2 target CSRs.  But properly behaving SBP-2
targets ignore broadcast write requests to these registers, and the
maximum damage which can happen with laxer targets is DOS.  But there
are ways to create DOS situations anyway if there are devices with weak
device file permissions (like audio/video devices) present at the same
bus as an SBP-2 target.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add ioctl for broadcast write requests
Jay Fenlason, Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: add ioctl for broadcast write requests

Write transactions to the broadcast node ID are a convenient way to
trigger functions of multiple nodes at once.  IIDC is a protocol which
can make use of this if multiple cameras with same command_regs_base are
connected at the same bus.

Based on
    Date: Wed, 10 Sep 2008 11:32:16 -0400
    From: Jay Fenlason <fenlason@redhat.com>
    Subject: [patch] SEND_BROADCAST_REQUEST
Changes:  ioctl_send_request() and ioctl_send_broadcast_request() now
share code.  Broadcast speed corrected to S100.  Check for proper tcode.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add ioctl to query maximum transmission speed
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: add ioctl to query maximum transmission speed

While the speed of asynchronous transactions is automatically chosen by
the kernel, the speed of isochronous streams has to be chosen by the
initiating client.

In case of 1394a bus topologies, the maximum possible speed could be
figured out with some effort by evaluation of the remote node's link
speed field in the config ROM, the local node's link speed field, and
the PHY speeds and topologic information in the local node's or IRM's
topology map CSR.  However, this does not work in case of 1394b buses.

Hence add an ioctl to export the maximum speed which the kernel already
determined.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add ioctls for manual iso resource management
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: add ioctls for manual iso resource management

This adds ioctls for allocation and deallocation of a channel or/and
bandwidth without auto-reallocation and without auto-deallocation.

The benefit of these ioctls is that libraw1394-style isochronous
resource management can be implemented without write access to the IRM's
character device file.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: add ioctls for isochronous resource management
Jay Fenlason, Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: add ioctls for isochronous resource management

Based on
    Date: Tue, 18 Nov 2008 11:41:27 -0500
    From: Jay Fenlason <fenlason@redhat.com>
    Subject: [Patch V4] Add ISO resource management support
with several changes to the ABI and implementation.  Only the part of
the ABI which enables auto-reallocation and auto-deallocation is
included here.

This implements ioctls for kernel-assisted allocation of isochronous
channels and isochronous bandwidth.  The benefits are:
  - The client does not have to have write access to the /dev/fw* device
    corresponding to the IRM.
  - The client does not have to perform reallocation after bus resets.
  - Channel and bandwidth are deallocated by the kernel if the file is
    closed before the client deallocated the resources.  Thus resources
    are released even if the client crashes.

It is anticipated that future in-kernel code (firewire-core IRM code;
the firewire port of firedtv), will use the fw-iso.c portions of this
code too.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Tested-by: David Moore <dcm@acm.org>
15 years agofirewire: core: topology header fix
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: core: topology header fix

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: sort includes
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: sort includes

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: unify names of struct types and of their instances
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: unify names of struct types and of their instances

to indicate that they are specializations of struct event or of struct
client_resource, respectively.

struct response was both an event and a client_resource; it is now split
into struct outbound_transaction_resource and ~_event in order to
document more explicitly which types of client resources exist.

struct request and struct_request_event are renamed to struct
inbound_transaction_resource and ~_event because requests and responses
occur in outbound and in inbound transactions.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: reference-count client instances
Stefan Richter [Sun, 4 Jan 2009 15:23:29 +0000 (16:23 +0100)]
firewire: cdev: reference-count client instances

The lifetime of struct client instances must be longer than the lifetime
of any client resource.

This fixes a possible race between fw_device_op_release and transaction
completions.  It also prepares for new ioctls for isochronous resource
management which will involve delayed processing of client resources.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Reviewed-by: David Moore <dcm@acm.org>
15 years agofirewire: cdev: fix documentation of FW_CDEV_IOC_GET_INFO
Stefan Richter [Fri, 2 Jan 2009 11:47:13 +0000 (12:47 +0100)]
firewire: cdev: fix documentation of FW_CDEV_IOC_GET_INFO

The FW_CDEV_IOC_GET_INFO ioctl looks at client->device->config_rom, not
at the local node's config ROM.

We could fix the implementation or the documentation.  I believe the way
how it is currently implemented is more useful than the way how it is
currently documented.  In fact, libdc1394 uses the ABI already as
implemented, not as documented.  Hence let's change the documentation.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: prevent creation of multiple IR DMA contexts for the same channel
Stefan Richter [Sun, 21 Dec 2008 15:39:46 +0000 (16:39 +0100)]
firewire: prevent creation of multiple IR DMA contexts for the same channel

OHCI-1394 1.1 clause 10.4.3 says:  "If more than one IR DMA context
specifies receives for packets from the same isochronous channel, the
context destination for that channel's packets is undefined."

Any userspace client and in the future also kernelspace clients can
allocate IR DMA contexts for any channel.  We don't want them to
interfere with each other, hence it is preferable to return -EBUSY if
allocation of a second context for a channel is attempted.

Notes:
  - This limitation is OHCI-1394 specific, therefore its proper place of
    implementation is down in the low-level driver.

  - Since the <linux/firewire-cdev.h> ABI simply maps one userspace iso
    client context to one hardware iso context, this OHCI-1394
    limitation alas requires userspace to implement its own multiplexing
    of iso reception from the same channel and card to multiple clients
    when needed.

  - The limitation is independent of channel allocation at the IRM; the
    latter is really only important for the initiation of iso
    transmission but not of iso reception.

  - We don't need to do the same for IT DMA because OHCI-1394 does not
    have any ties between IT contexts and channels.  Only the voluntary
    channel allocation protocol via the IRM, globally to the FireWire
    bus, can ensure proper isochronous transmit behaviour anyway.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: use list_first_entry
Stefan Richter [Sun, 21 Dec 2008 15:49:57 +0000 (16:49 +0100)]
firewire: cdev: use list_first_entry

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: remove unused definitions
Stefan Richter [Sun, 14 Dec 2008 20:47:36 +0000 (21:47 +0100)]
firewire: core: remove unused definitions

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: remove line breaks before function names
Stefan Richter [Sun, 14 Dec 2008 20:47:04 +0000 (21:47 +0100)]
firewire: remove line breaks before function names

type
    function_name(parameters);

is nice to look at but was not used consistently.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: standardize a variable name
Stefan Richter [Sun, 14 Dec 2008 20:45:45 +0000 (21:45 +0100)]
firewire: standardize a variable name

"ret" is the new "retval".

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: remove obsolete assertions
Stefan Richter [Sun, 14 Dec 2008 20:45:14 +0000 (21:45 +0100)]
firewire: core: remove obsolete assertions

This code never changes.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: core: remove outdated comment
Stefan Richter [Sun, 14 Dec 2008 18:21:31 +0000 (19:21 +0100)]
firewire: core: remove outdated comment

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: address handler input validation
Stefan Richter [Sun, 14 Dec 2008 18:21:01 +0000 (19:21 +0100)]
firewire: cdev: address handler input validation

Like before my commit 1415d9189e8c59aa9c77a3bba419dcea062c145f,
fw_core_add_address_handler() does not align the address region now.
Instead the caller is required to pass valid parameters.

Since one of the callers of fw_core_add_address_handler() is the cdev
userspace interface, we now check for valid input.  If the client is
buggy, we give it a hint with -EINVAL.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: use an idr rather than a linked list for resources
Jay Fenlason [Sun, 21 Dec 2008 15:47:17 +0000 (16:47 +0100)]
firewire: cdev: use an idr rather than a linked list for resources

The current code uses a linked list and a counter for storing
resources and the corresponding handle numbers.  By changing to an idr
we can be safe from counter wrap-around giving two resources the same
handle.

Furthermore, the deallocation ioctls now check whether the resource to
be freed is of the intended type.

Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Some rework by Stefan R:
  - The idr API documentation says we get an ID within 0...0x7fffffff.
    Hence we can rest assured that idr handles fit into cdev handles.
  - Fix some races.  Add a client->in_shutdown flag for this purpose.
  - Add allocation retry to add_client_resource().
  - It is possible to use idr_for_each() in fw_device_op_release().
  - Fix ioctl_send_response() regression.
  - Small style changes.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: fix race of fw_device_op_release with bus reset
Stefan Richter [Sun, 14 Dec 2008 18:19:23 +0000 (19:19 +0100)]
firewire: cdev: fix race of fw_device_op_release with bus reset

Unlink the client from the fw_device earlier in order to prevent bus
reset events being added to client->event_list during shutdown.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: tcodes input validation
Stefan Richter [Fri, 5 Dec 2008 21:44:42 +0000 (22:44 +0100)]
firewire: cdev: tcodes input validation

The behaviour of fw-transaction.c::fw_send_request is ill-defined for
any other tcodes than read/ write/ lock request tcodes.  Therefore
prevent requests with wrong tcodes from entering the transaction layer.

Maybe fw_send_request should check them itself, but I am not inclined to
change it and fw_fill_request from void-valued functions to ones which
return error codes and pass those up.  Besides, maybe fw_send_request is
going to support one more tcode than ioctl_send_request in the future
(TCODE_STREAM_DATA).

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: cdev: documentation fixlet
Stefan Richter [Fri, 5 Dec 2008 21:43:41 +0000 (22:43 +0100)]
firewire: cdev: documentation fixlet

Reported-by: Jay Fenlason <fenlason@redhat.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: convert client_list_lock to mutex
Stefan Richter [Sun, 5 Oct 2008 08:37:11 +0000 (10:37 +0200)]
firewire: convert client_list_lock to mutex

So far it is only taken in non-atomic contexts.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: add a client_list_lock
Jay Fenlason [Fri, 3 Oct 2008 15:19:09 +0000 (11:19 -0400)]
firewire: add a client_list_lock

This adds a client_list_lock, which only protects the device's
client_list, so that future versions of the driver can call code that
takes the card->lock while holding the client_list_lock.  Adding this
lock is much simpler than adding __ versions of all the functions that
the future version may need.  The one ordering issue is to make sure
code never takes the client_list_lock with card->lock held.  Since
client_list_lock is only used in three places, that isn't hard.

Signed-off-by: Jay Fenlason <fenlason@redhat.com>
Update fill_bus_reset_event() accordingly.  Include linux/spinlock.h.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agofirewire: Include iso timestamp in headers when header_size > 4
David Moore [Wed, 23 Jul 2008 06:23:40 +0000 (23:23 -0700)]
firewire: Include iso timestamp in headers when header_size > 4

Previously, when an iso context had header_size > 4, the iso header
(len/tag/channel/tcode/sy) was passed to userspace followed by quadlets
stripped from the payload.  This patch changes the behavior:
header_size = 8 now passes the header quadlet followed by the timestamp
quadlet.  When header_size > 8, quadlets are stripped from the payload.
The header_size = 4 case remains identical.

Since this alters the semantics of the API, the firewire API version
needs to be bumped concurrently with this change.

This change also refactors the header copying code slightly to be much
easier to read.

Signed-off-by: David Moore <dcm@acm.org>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
15 years agoLinux 2.6.29
Linus Torvalds [Mon, 23 Mar 2009 23:12:14 +0000 (16:12 -0700)]
Linux 2.6.29

15 years agoBuild with -fno-dwarf2-cfi-asm
Kyle McMartin [Mon, 23 Mar 2009 19:25:49 +0000 (15:25 -0400)]
Build with -fno-dwarf2-cfi-asm

With a sufficiently new compiler and binutils, code which wasn't
previously generating .eh_frame sections has begun to.  Certain
architectures (powerpc, in this case) may generate unexpected relocation
formats in response to this, preventing modules from loading.

While the new relocation types should probably be handled, revert to the
previous behaviour with regards to generation of .eh_frame sections.

(This was reported against Fedora, which appears to be the only distro
doing any building against gcc-4.4 at present: RH bz#486545.)

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Cc: Alexandre Oliva <aoliva@redhat.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agotrivial: fix orphan dates in ext2 documentation
Jody McIntyre [Mon, 23 Mar 2009 17:13:34 +0000 (13:13 -0400)]
trivial: fix orphan dates in ext2 documentation

Revert the change to the orphan dates of Windows 95, DOS, compression.
Add a new orphan date for OS/2.

Signed-off-by: Jody McIntyre <scjody@sun.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Mon, 23 Mar 2009 16:25:58 +0000 (09:25 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits)
  ucc_geth: Fix oops when using fixed-link support
  dm9000: locking bugfix
  net: update dnet.c for bus_id removal
  dnet: DNET should depend on HAS_IOMEM
  dca: add missing copyright/license headers
  nl80211: Check that function pointer != NULL before using it
  sungem: missing net_device_ops
  be2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle
  be2net: replenish when posting to rx-queue is starved in out of mem conditions
  bas_gigaset: correctly allocate USB interrupt transfer buffer
  smsc911x: reset last known duplex and carrier on open
  sh_eth: Fix mistake of the address of SH7763
  sh_eth: Change handling of IRQ
  netns: oops in ip[6]_frag_reasm incrementing stats
  net: kfree(napi->skb) => kfree_skb
  net: fix sctp breakage
  ipv6: fix display of local and remote sit endpoints
  net: Document /proc/sys/net/core/netdev_budget
  tulip: fix crash on iface up with shirq debug
  virtio_net: Make virtio_net support carrier detection
  ...

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
Linus Torvalds [Mon, 23 Mar 2009 16:25:24 +0000 (09:25 -0700)]
Merge git://git./linux/kernel/git/davem/sparc-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sparc64: Fix crash with /proc/iomem
  sparc64: Reschedule KGDB capture to a software interrupt.
  sbus: Auto-load openprom module when device opened.

15 years agofix ptrace slowness
Miklos Szeredi [Mon, 23 Mar 2009 15:07:24 +0000 (16:07 +0100)]
fix ptrace slowness

This patch fixes bug #12208:

  Bug-Entry       : http://bugzilla.kernel.org/show_bug.cgi?id=12208
  Subject         : uml is very slow on 2.6.28 host

This turned out to be not a scheduler regression, but an already
existing problem in ptrace being triggered by subtle scheduler
changes.

The problem is this:

 - task A is ptracing task B
 - task B stops on a trace event
 - task A is woken up and preempts task B
 - task A calls ptrace on task B, which does ptrace_check_attach()
 - this calls wait_task_inactive(), which sees that task B is still on the runq
 - task A goes to sleep for a jiffy
 - ...

Since UML does lots of the above sequences, those jiffies quickly add
up to make it slow as hell.

This patch solves this by not rescheduling in read_unlock() after
ptrace_stop() has woken up the tracer.

Thanks to Oleg Nesterov and Ingo Molnar for the feedback.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/galak/powerpc
Linus Torvalds [Mon, 23 Mar 2009 15:03:09 +0000 (08:03 -0700)]
Merge branch 'merge' of git://git./linux/kernel/git/galak/powerpc

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/galak/powerpc:
  powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines

15 years agopowerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines
Kumar Gala [Sat, 14 Mar 2009 14:23:03 +0000 (09:23 -0500)]
powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines

Grant picked up the wrong version of "Respect _PAGE_COHERENT on classic
ppc32 SW" (commit a4bd6a93c3f14691c8a29e53eb04dc734b27f0db)

It was missing the code to actually deal with the fixup of
_PAGE_COHERENT based on the CPU feature.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
15 years agoucc_geth: Fix oops when using fixed-link support
Anton Vorontsov [Mon, 23 Mar 2009 04:30:52 +0000 (21:30 -0700)]
ucc_geth: Fix oops when using fixed-link support

commit b1c4a9dddf09fe99b8f88252718ac5b357363dc4 ("ucc_geth: Change
uec phy id to the same format as gianfar's") introduced a regression
in the ucc_geth driver that causes this oops when fixed-link is used:

Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc0151270
Oops: Kernel access of bad area, sig: 11 [#1]
TMCUTU
NIP: c0151270 LR: c0151270 CTR: c0017760
REGS: cf81fa60 TRAP: 0300   Not tainted  (2.6.29-rc8)
MSR: 00009032 <EE,ME,IR,DR>  CR: 24024042  XER: 20000000
DAR: 00000000, DSISR: 20000000
TASK = cf81cba0[1] 'swapper' THREAD: cf81e000
GPR00: c0151270 cf81fb10 cf81cba0 00000000 c0272e20 c025f354 00001e80
cf86b08c
GPR08: d1068200 cffffb74 06000000 d106c200 42024042 10085148 0fffd000
0ffc81a0
GPR16: 00000001 00000001 00000000 007ffeb0 00000000 0000c000 cf83f36c
cf83f000
GPR24: 00000030 cf83f360 cf81fb20 00000000 d106c200 20000000 00001e80
cf83f360
NIP [c0151270] ucc_geth_open+0x330/0x1efc
LR [c0151270] ucc_geth_open+0x330/0x1efc
Call Trace:
[cf81fb10] [c0151270] ucc_geth_open+0x330/0x1efc (unreliable)
[cf81fba0] [c0187638] dev_open+0xbc/0x12c
[cf81fbc0] [c0187e38] dev_change_flags+0x8c/0x1b0

This patch fixes the issue by removing offending (and somewhat
duplicate) code from init_phy() routine, and changes _probe()
function to use uec_mdio_bus_name().

Also, since we fully construct phy_bus_id in the _probe() routine,
we no longer need ->phy_address and ->mdio_bus fields in
ucc_geth_info structure.

I wish the patch would be a bit shorter, but it seems like the only
way to fix the issue in a sane way. Luckily, the patch has been
tested with real PHYs and fixed-link, so no further regressions
expected.

Reported-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Tested-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agodm9000: locking bugfix
David Brownell [Mon, 23 Mar 2009 04:28:39 +0000 (21:28 -0700)]
dm9000: locking bugfix

This fixes a locking bug in the dm9000 driver.  It calls
request_irq() without setting IRQF_DISABLED ... which is
correct for handlers that support IRQ sharing, since that
behavior is not guaranteed for shared IRQs.  However, its
IRQ handler then wrongly assumes that IRQs are blocked.
So the fix just uses the right spinlock primitives in the
IRQ handler.

NOTE:  this is a classic example of the type of bug which
lockdep currently masks by forcibly setting IRQF_DISABLED
on IRQ handlers that did not request that flag.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonet: update dnet.c for bus_id removal
Stephen Rothwell [Mon, 23 Mar 2009 04:22:48 +0000 (21:22 -0700)]
net: update dnet.c for bus_id removal

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes
Linus Torvalds [Sun, 22 Mar 2009 18:41:02 +0000 (11:41 -0700)]
Merge git://git./linux/kernel/git/sam/kbuild-fixes

* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
  kconfig: improve seed in randconfig
  kconfig: fix randconfig for choice blocks

15 years agoMerge branch 'fix-includes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg...
Linus Torvalds [Sun, 22 Mar 2009 18:38:57 +0000 (11:38 -0700)]
Merge branch 'fix-includes' of git://git./linux/kernel/git/gerg/m68knommu

* 'fix-includes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: merge the non-MMU and MMU versions of siginfo.h
  m68k: use the MMU version of unistd.h for all m68k platforms
  m68k: merge the non-MMU and MMU versions of signal.h
  m68k: merge the non-MMU and MMU versions of ptrace.h
  m68k: use MMU version of setup.h for both MMU and non-MMU
  m68k: merge the non-MMU and MMU versions of sigcontext.h
  m68k: merge the non-MMU and MMU versions of swab.h
  m68k: merge the non-MMU and MMU versions of param.h

15 years agoUpdate my email address
Gertjan van Wingerde [Sat, 21 Mar 2009 22:18:57 +0000 (23:18 +0100)]
Update my email address

Update all previous incarnations of my email address to the correct one.

Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoeCryptfs: NULL crypt_stat dereference during lookup
Tyler Hicks [Fri, 20 Mar 2009 07:23:57 +0000 (02:23 -0500)]
eCryptfs: NULL crypt_stat dereference during lookup

If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference of crypt_stat
was possible during lookup.

This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.

Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Cc: Dan Carpenter <error27@gmail.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoeCryptfs: Allocate a variable number of pages for file headers
Tyler Hicks [Fri, 20 Mar 2009 06:25:09 +0000 (01:25 -0500)]
eCryptfs: Allocate a variable number of pages for file headers

When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.

ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header.  Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K.  This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.

This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().

Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem.  2.6.28 is the only kernel release with this
vulnerability.  Corresponds to CVE-2009-0787

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoradeonfb: Whack the PCI PM register until it sticks
Benjamin Herrenschmidt [Thu, 19 Mar 2009 22:22:30 +0000 (09:22 +1100)]
radeonfb: Whack the PCI PM register until it sticks

This fixes a regression introduced when we switched to using the core
pci_set_power_state().  The chip seems to need the state to be written
over and over again until it sticks, so we do that.

Note that the code is a bit blunt, without timeout, etc...  but that's
pretty much because I put back in there the code exactly as it used to
be before the regression.  I still add a call to pci_set_power_state()
at the end so that ACPI gets called appropriately on x86.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Tested-by: Raymond Wooninck <tittiatcoke@gmail.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agodnet: DNET should depend on HAS_IOMEM
Ilya Yanok [Sat, 21 Mar 2009 23:58:47 +0000 (16:58 -0700)]
dnet: DNET should depend on HAS_IOMEM

Signed-off-by: Ilya Yanok <yanok@emcraft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agodca: add missing copyright/license headers
Maciej Sosnowski [Sat, 21 Mar 2009 20:31:23 +0000 (13:31 -0700)]
dca: add missing copyright/license headers

In two dca files copyright and license headers are missing.
This patch adds them there.

Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Fri, 20 Mar 2009 21:53:36 +0000 (14:53 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

15 years agonl80211: Check that function pointer != NULL before using it
Jouni Malinen [Fri, 20 Mar 2009 15:57:36 +0000 (17:57 +0200)]
nl80211: Check that function pointer != NULL before using it

NL80211_CMD_GET_MESH_PARAMS and NL80211_CMD_SET_MESH_PARAMS handlers
did not verify whether a function pointer is NULL (not supported by
the driver) before trying to call the function. The former nl80211
command is available for unprivileged users, too, so this can
potentially allow normal users to kill networking (or worse..) if
mac80211 is built without CONFIG_MAC80211_MESH=y.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
15 years agosungem: missing net_device_ops
Stephen Hemminger [Fri, 20 Mar 2009 06:58:01 +0000 (23:58 -0700)]
sungem: missing net_device_ops

Sungem driver only got partially converted to net_device_ops.
Since this could cause bugs, please push this to 2.6.29

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agobe2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle
Sathya Perla [Fri, 20 Mar 2009 06:56:46 +0000 (23:56 -0700)]
be2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle

This is a patch to reconfigure vlan-ids during an i/f down/up cycle

Signed-off-by: Sathya Perla <sathyap@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agobe2net: replenish when posting to rx-queue is starved in out of mem conditions
Sathya Perla [Fri, 20 Mar 2009 06:56:20 +0000 (23:56 -0700)]
be2net: replenish when posting to rx-queue is starved in out of mem conditions

This is a patch to replenish the rx-queue when it is in a starved
state (due to out-of-mem conditions)

Signed-off-by: Sathya Perla <sathyap@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agoaio: lookup_ioctx can return the wrong value when looking up a bogus context
Jeff Moyer [Thu, 19 Mar 2009 00:04:21 +0000 (17:04 -0700)]
aio: lookup_ioctx can return the wrong value when looking up a bogus context

The libaio test harness turned up a problem whereby lookup_ioctx on a
bogus io context was returning the 1 valid io context from the list
(harness/cases/3.p).

Because of that, an extra put_iocontext was done, and when the process
exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio
(since we expect a users count of 1 and instead get 0).

The problem was introduced by "aio: make the lookup_ioctx() lockless"
(commit abf137dd7712132ee56d5b3143c2ff61a72a5faa).

Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not
return with a NULL tpos at the end of the loop, even if the entry was
not found.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Acked-by: Zach Brown <zach.brown@oracle.com>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoeventfd: remove fput() call from possible IRQ context
Davide Libenzi [Thu, 19 Mar 2009 00:04:19 +0000 (17:04 -0700)]
eventfd: remove fput() call from possible IRQ context

Remove a source of fput() call from inside IRQ context.  Myself, like Eric,
wasn't able to reproduce an fput() call from IRQ context, but Jeff said he was
able to, with the attached test program.  Independently from this, the bug is
conceptually there, so we might be better off fixing it.  This patch adds an
optimization similar to the one we already do on ->ki_filp, on ->ki_eventfd.
Playing with ->f_count directly is not pretty in general, but the alternative
here would be to add a brand new delayed fput() infrastructure, that I'm not
sure is worth it.

Signed-off-by: Davide Libenzi <davidel@xmailserver.org>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Cc: Zach Brown <zach.brown@oracle.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMove cc-option to below arch-specific setup
Linus Torvalds [Thu, 19 Mar 2009 22:53:19 +0000 (15:53 -0700)]
Move cc-option to below arch-specific setup

Sam Ravnborg says:
 "We have several architectures that plays strange games with $(CC) and
  $(CROSS_COMPILE).

  So we need to postpone any use of $(call cc-option..) until we have
  included the arch specific Makefile so we try with the correct $(CC)
  version."

Requested-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
Linus Torvalds [Thu, 19 Mar 2009 21:56:35 +0000 (14:56 -0700)]
Merge branch 'for-linus' of git://git390.marist.edu/linux-2.6

* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
  [S390] make page table upgrade work again
  [S390] make page table walking more robust
  [S390] Dont check for pfn_valid() in uaccess_pt.c
  [S390] ftrace/mcount: fix kernel stack backchain
  [S390] topology: define SD_MC_INIT to fix performance regression
  [S390] __div64_31 broken for CONFIG_MARCH_G5

15 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Linus Torvalds [Thu, 19 Mar 2009 21:50:15 +0000 (14:50 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jikos/hid

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: fix waitqueue usage in hiddev
  HID: fix incorrect free in hiddev

15 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable
Linus Torvalds [Thu, 19 Mar 2009 21:49:55 +0000 (14:49 -0700)]
Merge git://git./linux/kernel/git/mason/btrfs-unstable

* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable:
  Btrfs: Clear space_info full when adding new devices
  Btrfs: Fix locking around adding new space_info

15 years agoFix race in create_empty_buffers() vs __set_page_dirty_buffers()
Linus Torvalds [Thu, 19 Mar 2009 18:32:05 +0000 (11:32 -0700)]
Fix race in create_empty_buffers() vs __set_page_dirty_buffers()

Nick Piggin noticed this (very unlikely) race between setting a page
dirty and creating the buffers for it - we need to hold the mapping
private_lock until we've set the page dirty bit in order to make sure
that create_empty_buffers() might not build up a set of buffers without
the dirty bits set when the page is dirty.

I doubt anybody has ever hit this race (and it didn't solve the issue
Nick was looking at), but as Nick says: "Still, it does appear to solve
a real race, which we should close."

Acked-by: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoAdd '-fwrapv' to gcc CFLAGS
Linus Torvalds [Thu, 19 Mar 2009 18:10:17 +0000 (11:10 -0700)]
Add '-fwrapv' to gcc CFLAGS

This makes sure that gcc doesn't try to optimize away wrapping
arithmetic, which the kernel occasionally uses for overflow testing, ie
things like

if (ptr + offset < ptr)

which technically is undefined for non-unsigned types. See

http://bugzilla.kernel.org/show_bug.cgi?id=12597

for details.

Not all versions of gcc support it, so we need to make it conditional
(it looks like it was introduced in gcc-3.4).

Reminded-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
15 years agoMerge branch 'master' of /home/davem/src/GIT/linux-2.6/
David S. Miller [Thu, 19 Mar 2009 06:53:57 +0000 (23:53 -0700)]
Merge branch 'master' of /home/davem/src/GIT/linux-2.6/

15 years agosparc64: Fix crash with /proc/iomem
Mikulas Patocka [Thu, 19 Mar 2009 06:53:16 +0000 (23:53 -0700)]
sparc64: Fix crash with /proc/iomem

When you compile kernel on Sparc64 with heap memory checking and type
"cat /proc/iomem", you get a crash, because pointers in struct
resource are uninitialized.

Most code fills struct resource with zeros, so I assume that it is
responsibility of the caller of request_resource to initialized it,
not the responsibility of request_resource functuion.

After 2.6.29 is out, there could be a check for uninitialized fields
added to request_resource to avoid crashes like this.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosparc64: Reschedule KGDB capture to a software interrupt.
David S. Miller [Thu, 19 Mar 2009 06:51:57 +0000 (23:51 -0700)]
sparc64: Reschedule KGDB capture to a software interrupt.

Otherwise it might interrupt switch_to() midstream and use
half-cooked register window state.

Reported-by: Chris Torek <chris.torek@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agobas_gigaset: correctly allocate USB interrupt transfer buffer
Tilman Schmidt [Thu, 19 Mar 2009 06:44:23 +0000 (23:44 -0700)]
bas_gigaset: correctly allocate USB interrupt transfer buffer

Every USB transfer buffer has to be allocated individually by kmalloc.

Impact: bugfix, no functional change

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Tested-by: Kolja Waschk <kawk@users.sourceforge.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosmsc911x: reset last known duplex and carrier on open
Steve Glendinning [Thu, 19 Mar 2009 06:37:18 +0000 (23:37 -0700)]
smsc911x: reset last known duplex and carrier on open

smsc911x_phy_adjust_link is called periodically by the phy layer (as
it's run in polling mode), and it only updates the hardware when it sees
a change in duplex or carrier.  This patch clears the last known values
every time the interface is brought up, instead of only when the module
is loaded.

Without this patch the adjust_link function never updates the hardware
after an ifconfig down; ifconfig up.  On a full duplex link this causes
the tx error counter to increment, even though packets are correctly
transmitted, as the default MAC_CR register setting is for half duplex.

The tx errors are "no carrier" errors, which should be ignored in
full-duplex mode.  When MAC_CR is set to "full duplex" mode they are
correctly ignored by the hardware.

Note that even with this patch the tx error counter can increment if
packets are transmitted between "ifconfig up" and the first phy poll
interval.  An improved solution would use the phy interrupt with phylib,
but I haven't managed to make this work 100% robustly yet.

Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosh_eth: Fix mistake of the address of SH7763
Nobuhiro Iwamatsu [Mon, 16 Mar 2009 19:52:23 +0000 (19:52 +0000)]
sh_eth: Fix mistake of the address of SH7763

Address of SH_TSU_ADDR and ARSTR of SH7763 was wrong.
This revise it.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agosh_eth: Change handling of IRQ
Nobuhiro Iwamatsu [Mon, 16 Mar 2009 19:50:57 +0000 (19:50 +0000)]
sh_eth: Change handling of IRQ

Handling of IRQ of the SH7763/SH7764 CPU which sh_eth supported was
changed.
This revises it for this change.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
15 years agonetns: oops in ip[6]_frag_reasm incrementing stats
Jorge Boncompte [DTI2] [Thu, 19 Mar 2009 06:26:11 +0000 (23:26 -0700)]
netns: oops in ip[6]_frag_reasm incrementing stats

dev can be NULL in ip[6]_frag_reasm for skb's coming from RAW sockets.

Quagga's OSPFD sends fragmented packets on a RAW socket, when netfilter
conntrack reassembles them on the OUTPUT path you hit this code path.

You can test it with something like "hping2 -0 -d 2000 -f AA.BB.CC.DD"

With help from Jarek Poplawski.

Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: David S. Miller <davem@davemloft.net>