On 26 Apr 2010, Clemens Ladisch wrote:
> In theory, none of the interrupts should occur before the link is
> enabled.  In practice, I'd rather make sure to not set the master
> interrupt enable bit until we have installed the interrupt handler.

and proposed to move OHCI1394_masterIntEnable out of the present
reg_write() into a new one before the HCControl.linkEnable reg_write().

Why not defer setting /all/ of the bits until right before linkEnable?
Reviewed-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

...when user data is immediately copied into the allocated region.
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (changelog)

All application domains that are supported by the old ieee1394 driver
stack are supported by the newer firewire driver stack too.  There is
now good and extensive experience with the newer stack from deployment
in Fedora since F7 as well as by enthusiast users of other
distributions.

The new drivers have consequently been recommended as the default ones
since 2.6.33, in order to fix some severe usability problems of FireWire
on Linux due to limitations of the old stack.  It is now high time to
announce when the obsolete drivers will be removed.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Acked-by: Jarod Wilson <jarod@redhat.com>

Using a single timeout for all transaction that need to be flushed does
not work if the submission of new transactions can defer the timeout
indefinitely into the future.  We need to have timeouts that do not
change due to other transactions; the simplest way to do this is with a
separate timer for each transaction.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (+ one lockdep annotation)

fw_core_handle_response() was not properly clearing tlabel_mask. This
was resulting in premature tlabel exhaustion.
Signed-off-by: Peter Hurley <phurley@charter.net>

This fixes an omission in 2.6.31-rc1 commit 1e626fdc "firewire: core:
use more outbound tlabels" which prevented to really use 64 instead of
32 transaction labels, as soon as split transactions occurred that had
their AR-resp tasklet run after the AT-req tasklet.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

If one request is so long-lived that it does not get a response before
the following 63 requests, its bit in tlabel_mask is still set when the
next request tries to allocate a transaction label for that number.  In
this state, while the first request is not completed or timed out, no
new requests can be submitted.

To fix this, skip over any label still in use, and do not error out
unless we have entirely run out of labels.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Clemens Ladisch pointed out that
  - BIB_IMC is not named like the field is called in the standard,
  - readers of the code may get worried about the magic 0x0c0083c0,
  - a CSR_NODE_CAPABILITIES key is there in the header but not put to
    good use.

So let's rename BIB_IMC, add a defined constant for Node_Capabilities
and a comment which reassures people that somebody thought about it and
they don't have to (or if they still do, tell them where they have to
look for confirmation), and prune our incomplete and arbitrary set of
defined constants of CSR key IDs.  And there is a nother magic number,
that of Bus_Information_Block.Bus_Name, to be defined and commented.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The
  - raw1394   (/dev/raw1394),
  - video1394 (/dev/video1394/*),
  - dv1394    (/dev/dv1394/*)
character device file ABIs do not make any use of lseek(), pread(), or
pwrite().  Therefore use nonseekable_open() and, redundantly, set
file_operations.llseek to no_llseek to remove any doubt whether the BKL-
grabbing default_llseek handler is used.

Although all this is legacy code which should be left in peace until it
is eventually removed (as it is superseded by firewire-core's
<linux/firewire-cdev.h> ABI), this change seems still worth doing to
further minimize the presence of BKL usage in the kernel.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The <linux/firewire-cdev.h> character device file ABI (i.e. /dev/fw*
character device file interface) does not make any use of lseek(),
pread(), pwrite() (or any kind of write() at all).

Use nonseekable_open() and, redundantly, set file_operations.llseek to
no_llseek to remove any doubt whether the BKL-grabbing default_llseek
handler is used.  (Also shuffle file_operations initialization according
to the order of handler definitions.)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

1) Clean up two function names:  The ohci_ prefix is only used in names
of fw_card_driver hooks.  There were two unnecessary exceptions.

2) Replace empty macros by empty inline functions so that call parameter
type checking is available in #ifndef'd builds.

3) CONFIG_FIREWIRE_OHCI_DEBUG is currently a hidden kconfig variable,
hence is not going to be switched off by anybody.  Still, it can be
switched off but then compilation will fail in ohci_enable() at the
expression param_debug & OHCI_PARAM_DEBUG_BUSRESETS.  Add the necessary
definitions in the nonstandard case.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Rather than having the arbitrary msleep(2) pause, let read_phy_reg()
loop until the link--phy access was finished.

Factor write_phy_reg() out of ohci_update_phy_reg() and of
read_paged_phy_reg() and let it loop too until the link--phy access was
finished.

Like in the older ohci1394 driver, a timeout of 100 milliseconds is
chosen.  Unlike the old driver, we sleep instead of busy-wait in each
waiting loop iteration.  Instead of a loop, the waiting could probably
also be implemented interrupt driven, but why bother.  It would require
up and running interrupt handling before the link was fully configured
and enabled.

Also modify functions a bit:  Error return and value return can be
combined in read_phy_reg() since the domain of values is only u8.
Likewise in read_paged_phy_reg().
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

On TI chips (OHCI-Lynx and later), enable link enhancements features
that TI recommends to be used.  None of these are required for proper
operation, but they are safe and nice to have.

In theory, these bits should have been set by default, but in practice,
some BIOS/EEPROM writers apparently do not read the datasheet, or get
spooked by names like "unfair".
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The OHCI spec says that, if the programPhyEnable bit is set, the driver
is responsible for configuring the IEEE1394a enhancements within the PHY
and the link consistently.  So do this.

Also add a quirk to allow disabling these enhancements; this is needed
for the TSB12LV22 where ack accelerations are buggy (erratum b).
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The interrupt status bits in PHY register 5 are cleared by writing a one
bit.  To avoid clearing them unadvertently, do not write them back when
they were read as set, but only when they have been explicitly requested
to be set.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Move the register reading code from ohci_update_phy_reg() into
a function which can be used separately.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Add the missing documentation for iso packets.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

A userspace client got to see uninitialized stack-allocated memory if it
specified an _IOC_READ type of ioctl and an argument size larger than
expected by firewire-core's ioctl handlers (but not larger than the
core's union ioctl_arg).

Fix this by clearing the requested buffer size to zero, but only at _IOR
ioctls.  This way, there is almost no runtime penalty to legitimate
ioctls.  The only legitimate _IOR is FW_CDEV_IOC_GET_CYCLE_TIMER with 12
or 16 bytes to memset.

[Another way to fix this would be strict checking of argument size (and
possibly direction) vs. command number.  However, we then need a lookup
table, and we need to allow for slight size deviations in case of 32bit
userland on 64bit kernel.]
Reported-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The definition of struct fw_cdev_iso_packet seems to imply that the
header_length must be quadlet-aligned, and in fact, specifying an
unaligned header has never really worked when using multiple packet
structures, because the position of the next control word is computed by
rounding the header_length _down_, so the last one to three bytes of the
header would overlap the next control word.

To avoid this problem, check that the header length is properly aligned.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

In receive contexts, reject packets with header_length==0.  This would
be an instruction to queue zero packets which would not make sense.

This prevents a division by zero in the OHCI driver.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The driver match strategy was:
  - Match vendor/model/specifier/version of the unit directory.
  - If that was a miss, match vendor from the root directory and
    model/specifier/version of the unit directory.

This was inconsistent with how the modalias string was constructed
until recently (take vendor/model from root directory and specifier/
version from unit directory).  It was also inconsistent with how it is
done since the parent commit:
  - Use vendor/model/specifier/version of the unit directory if possible,
  - fall back to one or more of vendor/model/specifier/version from the
    root directory depending on which ones are not present at the unit
    directory.

Fix this inconsistency by sharing the ROM scanner function between
modalias printer function and driver match function.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The modalias string of devices that represent units on a FireWire node
did not show Module_ID entries within unit directories.  This was
because firewire-core searched only the root directory of the
configuration ROM for a Model_ID entry.

We now search first the root directory, then the unit directory.  IOW
honor a unit directory's Model_ID if present, otherwise fall back to the
root directory's model ID (if present).

Furthermore, apply the same change to Vendor_ID.  This had the same
issue but it was less apparent because most devices provide Vendor_ID
only in the root directory.

And finally, also use this strategy for the remaining two IDs in the
modalias, Specifier_ID and Version.  It does not actually make sense to
look for them elsewhere than in the unit directory because they are
mandatory there.  However, a uniform search order simplifies the
implementation and has no adverse affect in practice.

Side notes:
  - The older counterpart of this, nodemgr.c of ieee1394, looked for
    Vendor_ID first in the root directory, then in the unit directory,
    and for Model_ID only in the unit directory.
  - There is a single mainline driver which requires Vendor_ID and
    Model_ID --- the firedtv driver.  This one worked because FireDTVs
    provide Vendor_ID in the root directory and Model_ID identically in
    root directory and unit directory.
  - Apart from firedtv, there are currently no drivers known to me
    (including userspace drivers) that look at the Vendor_ID or Model_ID
    of the modalias.
Reported-by: Maciej Żenczykowski <zenczykowski@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Among the many entries in the TSB12LV22 errata list (TI literature
number SLLS312) is the following:

  PCI Slave reads of the Cycle Timer register may occasionally get an
  incorrect value.
  Software may be able to validate value by reading the register
  multiple times rapidly and evaluating for a reasonable difference.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de> (untested)
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (added #define)

If the bandwidth allocation fails, the error must be returned in
*channel regardless of whether the channel allocation succeeded.
Checking for c >= 0 is not correct if no channel allocation was
requested, in which case this part of the code is reached with
c == -EINVAL.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

by the number of available isochronous DMA contexts and active quirks
which is occasionally useful information.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

This bug was present in firewire-ohci since day one:  The number of
available isochronous receive DMA contexts was mixed up with that of
available isochronous transmit DMA contexts.

This is harmless on a few chips which offer the same number of contexts
in both directions, but most chips nowadays implement only the standard
minimum of 4 IR contexts, but 8 IT contexts.  If a user attempted to run
a lot of IR contexts at once, results with more than four were therefore
unpredictable.  I suppose the controller would simply refuse to start
DMA of any unimplemented context.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

This way, we can advise users of precompiled kernel packages to test
existing quirk fixes on chips which have not been listed yet, without
them having to build a kernel from source.

Note, to use this feature on a machine with more than one controller,
steps like these are necessary:
# lspci | grep 1394
# ls /sys/bus/pci/drivers/firewire_ohci/
# echo -n "0000:03:02.0" > /sys/bus/pci/drivers/firewire_ohci/unbind
# echo 2 > /sys/module/firewire_ohci/parameters/quirks
# echo -n "0000:03:02.0" > /sys/bus/pci/drivers/firewire_ohci/bind
# echo 0 > /sys/module/firewire_ohci/parameters/quirks

The parameter can also be used to switch off quirk flags that were
hardwired into firewire-ohci's quirks table.  Simply specify a non-zero
quirks value but without any known flags, e.g. 0x100.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

We don't have a lot of quirks to take into account (especially since
dual-buffer IR is out of the picture), but still, a table-based approach
is more organized than a series of if () clauses.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The config_rom struct members are only accessed during relatively
infrequent self-ID-complete interrupts and only if the local config ROM
was changed, while the ar_, at_, ir_, it_ members are used very
frequently during I/O.  Hence move the config_rom members further down.

More importantly, make the huge self_id_buffer member the last one; this
is only accessed in self-ID-complete interrupts.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

This code was no longer used since 2.6.33, "firewire: ohci: always use
packet-per-buffer mode for isochronous reception" commit 090699c0.  If
anybody needs this code in the future for special purposes, it can be
brought back in.  But it must not be re-enabled by default; drivers
(kernelspace or userspace drivers) should only get this mode if they
explicitly request it.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

from array of char to union of structs.  I already used a union to size
the buffer which holds ioctl arguments; more consequent is to define it
as an instance of this union in the first place.

Also rename several local variables from "request" to "a"(rgument) since
the term request can be mistaken to mean a transaction subaction, e.g.
an instance of struct fw_request.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

so that clients can detect whether the FW_CDEV_IOC_GET_CYCLE_TIMER ioctl
is reliable (on all tested controllers, especially the widely used VIA
controllers, also NEC controllers, see commits b677532b and 1c1517ef).

Also add a comment on the 2.6.32 iso xmit enhancement and on dual-buffer
IR having been disabled in 2.6.33.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The system time from CLOCK_REALTIME is not monotonic, hence problematic
for the main user of the FW_CDEV_IOC_GET_CYCLE_TIMER ioctl.  This issue
exists in its successor ABI, i.e. raw1394, too.
http://subversion.ffado.org/ticket/242

We now offer an alternative ioctl which lets the caller choose between
CLOCK_REALTIME, CLOCK_MONOTONIC, and CLOCK_MONOTONIC_RAW as source of
the local time, very similar to the clock_gettime libc function.  The
format of the local time return value matches that of clock_gettime
(seconds and nanoseconds, instead of a single microseconds value from
the existing ioctl).
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

according to what it really does.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

If a device exposes a sparsely populated configuration ROM,
firewire-core's sysfs interface and character device file interface
showed random data in the gaps between config ROM blocks.  Fix this by
zero-initialization of the config ROM reader's scratch buffer.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The stack size of 16 was artificially chosen and may be too small in
extreme cases.  A device won't be accessible then.

Since it doesn't really matter to the slab allocator whether we ask for
1088 bytes or 2048 bytes of scratch memory, just allocate 2048 bytes for
the sum of temporary config ROM image and stack, and we will never ever
overflow the stack (because there simply can't be more stack items than
ROM entries).
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

It never happened yet, but better safe than sorry:  If a device's config
ROM contains a block which overlaps the boundary at 0xfffff00007ff, just
ignore that one block instead of refusing to add the device
representation.  That way, upper layers (kernelspace or userspace
drivers) might still be able to use the device to some degree.

That's better than total inaccessibility of the device.  Worse, the core
would have logged only a generic "giving up on config rom" message which
could only be debugged by feeding a firewire-ohci debug logging session
through a config ROM interpreter, IOW would likely remain undiagnosed.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

The Panasonic AG-DV2500 tape deck contains an invalid entry in its
configuration ROM root directory:  A leaf pointer with the undefined key
ID 0 and an offset that points way out of the standard config ROM area.
This caused firewire-core to dismiss the device with the generic log
message "giving up on config rom for node id...", after which it was of
course impossible to access the tape deck with dvgrab or any other
program.  https://bugzilla.redhat.com/show_bug.cgi?id=449252#c29

The fix is to simply ignore this invalid ROM entry and proceed to read
the valid rest of the ROM.  There is a catch though:  When the kernel
later iterates over the ROM, it would be nasty having to check again for
such too large ROM offsets.  Therefore we manipulate the defective or
unsupported ROM entry to become a harmless immediate entry that won't
have any side effects later (an entry with the value 0x00000000).

Reported-by: George Chriss
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>