| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Replace a hardcoded buffer size by a sizeof union {}. This shrinks the
stack-allocated ioctl argument buffer from 256 to 40 bytes. (This is
not much, but subsequent stack usage particularly by the queue_iso ioctl
handler adds up.)
The new form is also easier to keep up to date than a hardcoded size if
more ioctls are added.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
I was told that there are obscure architectures with non-coherent DMA
which may DMA-map to bus address 0. We shall not use 0 as a magic
number of uninitialized bus address variables.
The packet->payload_length > 0 test cannot be used either (except in
at_context_queue_packet) because local requests are not DMA-mapped
regardless of payload_length. Hence add a state flag to struct
fw_packet.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
In the code path which creates request packets, clearly mark a switch
branch which must never be reached with a WARN.
In the code path which creates response packets, replace a BUG by a
friendlier to debug WARN.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The Topology Map of the local node was created in CPU byte order,
then a temporary big endian copy was created to compute the CRC,
and when a read request to the Topology Map arrived it had to be
converted to big endian byte order again.
We now generate it in big endian byte order in the first place.
This also rids us of 1000 bytes stack usage in tasklet context.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Move the static config ROM buffer into the scope of the two callers of
generate_config_rom(). That way the ROM length can be passed over as
return value rather than through a pointer argument.
It also becomes more obvious that accesses to the config ROM buffer have
to be serialized and how this is accomplished. And firewire-core.ko
shrinks a bit as well.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The config ROM image of the local node was created in CPU byte order,
then a temporary big endian copy was created to compute the CRC, and
finally the card driver created its own big endian copy.
We now generate it in big endian byte order in the first place to avoid
one byte order conversion and the temporary on-stack copy of the ROM
image (1000 bytes stack usage in process context). Furthermore, two
1000 bytes memset()s are replaced by one 1000 bytes - ROM length sized
memset.
The trivial fw_memcpy_{from,to}_be32() helpers are now superfluous and
removed. The newly added __compute_block_crc() function will be folded
into fw_compute_block_crc() in a subsequent change.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Unify some names:
- "e" for pointers to subtypes of struct event,
- "event" for struct members and pointers to struct event,
- "r" for pointers to subtypes of struct client_resource,
- "resource" for struct members and pointers to struct client_resource,
- other names for struct members and pointers to other types.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
A few stylistic changes to unify some code patterns in the subsystem:
- The similar queue_delayed_work helpers fw_schedule_bm_work,
schedule_iso_resource, and sbp2_queue_work now have the same call
convention.
- Two conditional calls of schedule_iso_resource are factored into
another small helper.
- An sbp2_target_get helper is added as counterpart to
sbp2_target_put.
Object size of firewire-core is decreased a little bit, object size of
firewire-sbp2 remains unchanged.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
If copy_from_user in an FW_CDEV_IOC_SEND_RESPONSE ioctl failed, an
inbound_transaction_resource instance is no longer referenced and needs
to be freed.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The Unit_Characteristics entry of an SBP-2 unit directory is not
mandatory as far as I can tell. If it is missing, we would probably
fail to log in into the target because firewire-sbp2 would not wait for
status after it sent the login request.
The fix moves the cleanup of tgt->mgt_orb_timeout into a place where it
is executed exactly once before login, rather than 0..n times depending
on the target's config ROM. With targets with one or more
Unit_Characteristics entries, the result is the same as before.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Add the file pattern of drivers/ieee1394/init_ohci1394_dma.c's
documentation to the maintainers database. init_ohci1394_dma.c is not
really part of the IEEE 1394 subsystem, but this maintainers contact
seems to be better than none at all.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Update URLs of the userspace tools to use ohci1394_dma=early for
debugging.
Seems the address ftp://ftp.suse.de/private/bk/firewire/tools/* is not
very helpful. After a quick search, seems this was talked about:
http://www.mail-archive.com/kgdb-bugreport@lists.sourceforge.net/msg02761.html
(can't find the original thread).
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The inquiry delay is not necessary anymore in tests on a recent kernel.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The inquiry delay does more harm than good in tests on a recent kernel.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Per SBP-2 clause 5.3, a target shall store 8...32 bytes of status
information. Trailing zeros after the first 8 bytes don't need to be
stored, they are implicit. Fix the status write handler to clear all
unwritten status data.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
This register is 1 kBytes large. Adjust topology_map.length to prevent
registration of other response handlers in this region and to make sure
that we respond to requests to the upper half of the register.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
The config ROM buffer received from generate_config_rom is a globally
shared static buffer. Extend the card_mutex protection in fw_add_card
until after the config ROM was copied into the card driver's buffer.
Otherwise, parallelized card driver probes may end up with ROM contents
that were meant for a different card.
firewire-ohci's card->driver->enable hook is safe to be called within
the card_mutex. Furthermore, it is safe to reorder card_list update
versus card enable, which simplifies the code a little.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
fw_card_get, fw_card_put, fw_card_release are currently not exported for
use outside the firewire-core. Move their definitions/ declarations
from the subsystem header file to the core header file.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
overflow)
The selfIDSize field of Self ID Count is 9 bits wide, and we are only
interested in the high 8 bits. Fix the mask accordingly. The
previously too large mask didn't do damage though because the next few
bits in the register are reserved and therefore zero with presently
existing hardware.
Also, check for the maximum possible self ID count of 252 (according to
OHCI 1.1 clause 11.2 and IEEE 1394a-2000 clause 4.3.4.1, i.e. up to four
self IDs of up to 63 nodes, even though IEEE 1394 up to edition 2008
defines only up to three self IDs per node). More than 252 self IDs
would only happen if the self ID receive DMA unit malfunctioned, which
would likely be caught by other self ID buffer checks. However, check
it early to be sure. More than 253 quadlets would overflow the Topology
Map CSR.
Reported-By: PaX Team
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
Do not leak the allocated memory in case the mutex_trylock() failed
to acquire the lock.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
This bug does not happen in practice: All raw1394 clients use
libraw1394, and accesses to a libraw1394 handle need to be serialized
by the client. This is documented in libraw1394's API reference.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
|
|
|
|
Andy Whitcroft reported an oops in aoe triggered by use of an
incorrectly initialised request_queue object:
[ 2645.959090] kobject '<NULL>' (ffff880059ca22c0): tried to add
an uninitialized object, something is seriously wrong.
[ 2645.959104] Pid: 6, comm: events/0 Not tainted 2.6.31-5-generic #24-Ubuntu
[ 2645.959107] Call Trace:
[ 2645.959139] [<ffffffff8126ca2f>] kobject_add+0x5f/0x70
[ 2645.959151] [<ffffffff8125b4ab>] blk_register_queue+0x8b/0xf0
[ 2645.959155] [<ffffffff8126043f>] add_disk+0x8f/0x160
[ 2645.959161] [<ffffffffa01673c4>] aoeblk_gdalloc+0x164/0x1c0 [aoe]
The request queue of an aoe device is not used but can be allocated in
code that does not sleep.
Bruno bisected this regression down to
cd43e26f071524647e660706b784ebcbefbd2e44
block: Expose stacked device queues in sysfs
"This seems to generate /sys/block/$device/queue and its contents for
everyone who is using queues, not just for those queues that have a
non-NULL queue->request_fn."
Addresses http://bugs.launchpad.net/bugs/410198
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=13942
Note that embedding a queue inside another object has always been
an illegal construct, since the queues are reference counted and
must persist until the last reference is dropped. So aoe was
always buggy in this respect (Jens).
Signed-off-by: Ed Cashin <ecashin@coraid.com>
Cc: Andy Whitcroft <apw@canonical.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Bruno Premont <bonbons@linux-vserver.org>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
|
|
Reinette Chatre reports a frozen system (with blinking keyboard LEDs)
when switching from graphics mode to the text console, or when
suspending (which does the same thing). With netconsole, the oops
turned out to be
BUG: unable to handle kernel NULL pointer dereference at 0000000000000084
IP: [<ffffffffa03ecaab>] i915_driver_irq_handler+0x26b/0xd20 [i915]
and it's due to the i915_gem.c code doing drm_irq_uninstall() after
having done i915_gem_idle(). And the i915_gem_idle() path will do
i915_gem_idle() ->
i915_gem_cleanup_ringbuffer() ->
i915_gem_cleanup_hws() ->
dev_priv->hw_status_page = NULL;
but if an i915 interrupt comes in after this stage, it may want to
access that hw_status_page, and gets the above NULL pointer dereference.
And since the NULL pointer dereference happens from within an interrupt,
and with the screen still in graphics mode, the common end result is
simply a silently hung machine.
Fix it by simply uninstalling the irq handler before idling rather than
after. Fixes
http://bugzilla.kernel.org/show_bug.cgi?id=13819
Reported-and-tested-by: Reinette Chatre <reinette.chatre@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
eDP is exclusive connector too, and add missing crtc_mask
setting for TV.
This fixes
http://bugzilla.kernel.org/show_bug.cgi?id=14139
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Reported-and-tested-by: Carlos R. Mafra <crmafra2@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon/kms: add LTE/GTE discard + rv515 two sided stencil register.
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
IMA: update ima_counts_put
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
gianfar: Fix build.
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6:
pcmcia: add CNF-CDROM-ID for ide
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel:
agp/intel: support for new chip variant of IGDNG mobile
drm/i915: Unref old_obj on get_fence_reg() error path
drm/i915: increase default latency constant (v2 w/comment)
|
|
This adds some rv350+ register for LTE/GTE discard,
and enables the rv515 two sided stencil register.
It also disables the DEPTHXY_OFFSET register which
can be used to workaround the CS checker.
Moves rs690 to proper place in rs600 and uses correct
table on rs600.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
- As ima_counts_put() may be called after the inode has been freed,
verify that the inode is not NULL, before dereferencing it.
- Maintain the IMA file counters in may_open() properly, decrementing
any counter increments on subsequent errors.
Reported-by: Ciprian Docan <docan@eden.rutgers.edu>
Reported-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Eric Paris <eparis@redhat.com
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Reported by Michael Guntsche <mike@it-loops.com>
--------------------
Commit
38bddf04bcfe661fbdab94888c3b72c32f6873b3 gianfar: gfar_remove needs to call unregister_netdev()
breaks the build of the gianfar driver because "dev" is undefined in
this function. To quickly test rc9 I changed this to priv->ndev but I do
not know if this is the correct one.
--------------------
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: sbp2: fix freeing of unallocated memory
firewire: ohci: fix Ricoh R5C832, video reception
firewire: ohci: fix Agere FW643 and multiple cameras
firewire: core: fix crash in iso resource management
|
|
This patch fixes a null pointer exception caused by removal of
'ack()' for level interrupts in the Xilinx interrupt driver. A recent
change to the xilinx interrupt controller removed the ack hook for
level irqs.
Signed-off-by: Roderick Colenbrander <thunderbird2k@gmail.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
* git://git.infradead.org/~dwmw2/mtd-2.6.31:
JFFS2: add missing verify buffer allocation/deallocation
mtd: nftl: fix offset alignments
mtd: nftl: write support is broken
mtd: m25p80: fix null pointer dereference bug
|
|
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
block: Allow changing max_sectors_kb above the default 512
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'fix/oxygen' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
sound: oxygen: handle cards with missing EEPROM
sound: oxygen: fix MCLK rate for 192 kHz playback
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
tc: Fix unitialized kernel memory leak
pkt_sched: Revert tasklet_hrtimer changes.
net: sk_free() should be allowed right after sk_alloc()
gianfar: gfar_remove needs to call unregister_netdev()
ipw2200: firmware DMA loading rework
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq:
[CPUFREQ] Re-enable cpufreq suspend and resume code
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] fix csum_ipv6_magic()
[IA64] Fix warning in dma-mapping.c
|
|
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: actually enable the swapext compat handler
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
nilfs2: fix preempt count underflow in nilfs_btnode_prepare_change_key
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
percpu: don't assume existence of cpu0
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6
* 'slab/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm:
dm snapshot: fix on disk chunk size validation
dm exception store: split set_chunk_size
dm snapshot: fix header corruption race on invalidation
dm snapshot: refactor zero_disk_area to use chunk_io
dm log: userspace add luid to distinguish between concurrent log instances
dm raid1: do not allow log_failure variable to unset after being set
dm log: remove incorrect field from userspace table output
dm log: fix userspace status output
dm stripe: expose correct io hints
dm table: add more context to terse warning messages
dm table: fix queue_limit checking device iterator
dm snapshot: implement iterate devices
dm multipath: fix oops when request based io fails when no paths
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI SR-IOV: correct broken resource alignment calculations
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Fix bootup with mcount in some configs.
sparc64: Kill spurious NMI watchdog triggers by increasing limit to 30 seconds.
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perfcounters-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf_counter/powerpc: Fix cache event codes for POWER7
perf_counter: Fix /0 bug in swcounters
perf_counters: Increase paranoia level
|
