diff options
author | B.J. Buchalter <bj@mhlabs.com> | 2011-05-02 13:33:42 -0400 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2011-05-02 16:55:22 -0400 |
commit | 2e053a27d9d5ad5e0831e002cbf8043836fb2060 (patch) | |
tree | 4e3ed1110128cbb1ba3b5baf4e45161300ad58c2 /drivers | |
parent | 115881d395959b75c8c3bb94913f2ce869b8aa7a (diff) |
firewire: Fix for broken configrom updates in quick succession
Current implementation of ohci_set_config_rom() uses a deferred
bus reset via fw_schedule_bus_reset(). If clients add multiple
unit descriptors to the config_rom in quick succession, the
deferred bus reset may not have fired before succeeding update
requests have come in. This can lead to an incorrect partial
update of the config_rom for both addition and removal of
config_rom descriptors, as the ohci_set_config_rom() routine
will return -EBUSY if a previous pending update has not been
completed yet; the requested update just gets dropped on the floor.
This patch recognizes that the "in-flight" update can be modified
until it has been processed by the bus-reset, and the locking
in the bus_reset_tasklet ensures that the update is done atomically
with respect to modifications made by ohci_set_config_rom(). The
-EBUSY error case is simply removed.
[Stefan R: The bug always existed at least theoretically. But it
became easy to trigger since 2.6.36 commit 02d37bed188c "firewire: core:
integrate software-forced bus resets with bus management" which
introduced long mandatory delays between janitorial bus resets.]
Signed-off-by: Benjamin Buchalter <bj@mhlabs.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (trivial style changes)
Cc: <stable@kernel.org> # 2.6.36.y and newer
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/firewire/ohci.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index f903d7b6f34a..23d1468ad253 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c | |||
@@ -2199,7 +2199,6 @@ static int ohci_set_config_rom(struct fw_card *card, | |||
2199 | { | 2199 | { |
2200 | struct fw_ohci *ohci; | 2200 | struct fw_ohci *ohci; |
2201 | unsigned long flags; | 2201 | unsigned long flags; |
2202 | int ret = -EBUSY; | ||
2203 | __be32 *next_config_rom; | 2202 | __be32 *next_config_rom; |
2204 | dma_addr_t uninitialized_var(next_config_rom_bus); | 2203 | dma_addr_t uninitialized_var(next_config_rom_bus); |
2205 | 2204 | ||
@@ -2240,22 +2239,37 @@ static int ohci_set_config_rom(struct fw_card *card, | |||
2240 | 2239 | ||
2241 | spin_lock_irqsave(&ohci->lock, flags); | 2240 | spin_lock_irqsave(&ohci->lock, flags); |
2242 | 2241 | ||
2242 | /* | ||
2243 | * If there is not an already pending config_rom update, | ||
2244 | * push our new allocation into the ohci->next_config_rom | ||
2245 | * and then mark the local variable as null so that we | ||
2246 | * won't deallocate the new buffer. | ||
2247 | * | ||
2248 | * OTOH, if there is a pending config_rom update, just | ||
2249 | * use that buffer with the new config_rom data, and | ||
2250 | * let this routine free the unused DMA allocation. | ||
2251 | */ | ||
2252 | |||
2243 | if (ohci->next_config_rom == NULL) { | 2253 | if (ohci->next_config_rom == NULL) { |
2244 | ohci->next_config_rom = next_config_rom; | 2254 | ohci->next_config_rom = next_config_rom; |
2245 | ohci->next_config_rom_bus = next_config_rom_bus; | 2255 | ohci->next_config_rom_bus = next_config_rom_bus; |
2256 | next_config_rom = NULL; | ||
2257 | } | ||
2246 | 2258 | ||
2247 | copy_config_rom(ohci->next_config_rom, config_rom, length); | 2259 | copy_config_rom(ohci->next_config_rom, config_rom, length); |
2248 | 2260 | ||
2249 | ohci->next_header = config_rom[0]; | 2261 | ohci->next_header = config_rom[0]; |
2250 | ohci->next_config_rom[0] = 0; | 2262 | ohci->next_config_rom[0] = 0; |
2251 | 2263 | ||
2252 | reg_write(ohci, OHCI1394_ConfigROMmap, | 2264 | reg_write(ohci, OHCI1394_ConfigROMmap, ohci->next_config_rom_bus); |
2253 | ohci->next_config_rom_bus); | ||
2254 | ret = 0; | ||
2255 | } | ||
2256 | 2265 | ||
2257 | spin_unlock_irqrestore(&ohci->lock, flags); | 2266 | spin_unlock_irqrestore(&ohci->lock, flags); |
2258 | 2267 | ||
2268 | /* If we didn't use the DMA allocation, delete it. */ | ||
2269 | if (next_config_rom != NULL) | ||
2270 | dma_free_coherent(ohci->card.device, CONFIG_ROM_SIZE, | ||
2271 | next_config_rom, next_config_rom_bus); | ||
2272 | |||
2259 | /* | 2273 | /* |
2260 | * Now initiate a bus reset to have the changes take | 2274 | * Now initiate a bus reset to have the changes take |
2261 | * effect. We clean up the old config rom memory and DMA | 2275 | * effect. We clean up the old config rom memory and DMA |
@@ -2263,13 +2277,10 @@ static int ohci_set_config_rom(struct fw_card *card, | |||
2263 | * controller could need to access it before the bus reset | 2277 | * controller could need to access it before the bus reset |
2264 | * takes effect. | 2278 | * takes effect. |
2265 | */ | 2279 | */ |
2266 | if (ret == 0) | ||
2267 | fw_schedule_bus_reset(&ohci->card, true, true); | ||
2268 | else | ||
2269 | dma_free_coherent(ohci->card.device, CONFIG_ROM_SIZE, | ||
2270 | next_config_rom, next_config_rom_bus); | ||
2271 | 2280 | ||
2272 | return ret; | 2281 | fw_schedule_bus_reset(&ohci->card, true, true); |
2282 | |||
2283 | return 0; | ||
2273 | } | 2284 | } |
2274 | 2285 | ||
2275 | static void ohci_send_request(struct fw_card *card, struct fw_packet *packet) | 2286 | static void ohci_send_request(struct fw_card *card, struct fw_packet *packet) |