linux/drivers
Jay Fenlason 08bd34c98d firewire: cdev: fix responses to nodes at different card
My box has two firewire cards in it: card0 and card1.
My application opens /dev/fw0 (card 0) and allocates an address space.
The core makes the address space available on both cards.
Along comes the remote device, which sends a READ_QUADLET_REQUEST to
card1.  The request gets passed up to my application, which calls
ioctl_send_response().

ioctl_send_response() then calls fw_send_response() with card0,
because that's the card it's bound to.
Card0's driver drops the response, because it isn't part of
a transaction that it has outstanding.

So in core-cdev: handle_request(), we need to stash the
card of the inbound request in the struct inbound_transaction_resource and
use that card to send the response to.

The hard part will be refcounting the card correctly
so it can't get deallocated while we hold a pointer to it.

Here's a trivial patch, which does not do the card refcounting, but at
least demonstrates what the problem is.

Note that we can't depend on the fact that the core-cdev:client
structure holds a card open, because in this case the card it holds
open is not the card the request came in on.

..and there's no way for the core to tell cdev "this card is gone,
kill any inbound transactions on it", while cdev holds the transaction
open until userspace issues a SEND_RESPONSE ioctl, which may be a very,
very long time.  But when it does, it calls fw_send_response(), which
will dereference the card...

So how unhappy are we about userspace potentially holding a fw_card
open forever?

Signed-off-by: Jay Fenlason <fenlason@redhat.com>

Reference counting to be addressed in a separate change.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (whitespace)
2010-06-20 23:11:56 +02:00
..
accessibility
acpi Merge branch 'pcc' into release 2010-02-23 00:39:00 -05:00
amba
ata [libata] Call flush_dcache_page after PIO data transfers in libata-sff.c 2010-02-04 01:04:50 -05:00
atm
auxdisplay
base class: Free the class private data in class_release 2010-02-16 15:43:00 -08:00
block cciss: Make cciss_seq_show handle holes in the h->drv[] array 2010-02-05 13:15:36 +01:00
bluetooth Bluetooth: Fix memory leak in Marvell BT-over-SDIO driver 2010-02-03 19:08:30 -08:00
cdrom
char Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-02-11 14:01:10 -08:00
clocksource geode-mfgpt: restore previous behavior for selecting IRQ 2010-02-22 19:50:34 -08:00
connector connector: Delete buggy notification code. 2010-02-02 15:58:48 -08:00
cpufreq [CPUFREQ] Fix ondemand to not request targets outside policy limits 2010-01-13 10:55:16 -05:00
cpuidle drivers/cpuidle/governors/menu.c: fix undefined reference to `__udivdi3' 2010-01-11 09:34:07 -08:00
crypto crypto: padlock-sha - Add import/export support 2010-02-02 06:50:25 +11:00
dca
dio
dma drivers/dma: Correct NULL test 2010-02-10 12:07:28 -07:00
edac Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp 2010-02-11 14:07:13 -08:00
eisa
firewire firewire: cdev: fix responses to nodes at different card 2010-06-20 23:11:56 +02:00
firmware firmware: only allow EDD on x86 2009-12-15 08:53:34 -08:00
gpio gpio: adp5588-gpio: new driver for ADP5588 GPIO expanders 2010-01-11 09:34:07 -08:00
gpu Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2010-02-23 18:13:34 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2010-01-13 16:10:13 -08:00
hwmon hwmon: (w83781d) Request I/O ports individually for probing 2010-02-05 19:58:36 +01:00
i2c i2c-tiny-usb: Fix on big-endian systems 2010-02-05 17:48:13 +01:00
ide
idle cpumask: convert drivers/idle/i7300_idle.c to cpumask_var_t 2009-12-17 11:43:25 +10:30
ieee1394 ieee1394: remove unused variables 2010-06-19 13:01:41 +02:00
ieee802154
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2010-02-11 14:01:25 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-02-22 08:48:06 -08:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-12 20:53:29 -08:00
leds leds: leds-pwm: Set led_classdev max_brightness 2009-12-17 11:42:34 +00:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-04 12:33:33 -08:00
macintosh powerpc/macintosh: Make Open Firmware device id constant 2010-01-15 13:26:04 +11:00
mca
md dm: sysfs revert add empty release function to avoid debug warning 2010-02-16 18:43:04 +00:00
media firewire: remove an unused function argument 2010-06-20 23:11:55 +02:00
memstick
message [SCSI] mptfusion : mptscsih_abort return value should be SUCCESS instead of value 0. 2010-02-08 13:40:17 -06:00
mfd mfd: Fix asic3 build 2010-01-29 21:03:09 +01:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2009-12-17 16:38:48 -08:00
mmc mmc_test: block addressed cards 2010-02-11 13:59:42 -08:00
mtd Merge branch 'for-linus' of git://git.infradead.org/ubi-2.6 2010-01-28 12:57:50 -08:00
net Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2010-02-23 01:27:05 -08:00
nubus
of
oprofile
parisc parisc: Fixup last users of irq_chip->typename 2009-12-16 03:48:56 +00:00
parport parport_pc.c: use correct length in strncmp 2009-12-16 07:20:12 -08:00
pci Merge branches 'bugzilla-14886', 'bugzilla-15000', 'bugzilla-15040', 'bugzilla-15108', 'pdc', 'hotplug-null-ref' and 'thinkpad' into release 2010-02-18 03:51:04 -05:00
pcmcia Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-12-30 13:13:24 -08:00
platform acer-wmi: Respect current backlight level when loading 2010-02-19 00:19:26 -05:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-12-16 12:33:19 -08:00
power wm97xx_battery: Handle missing platform data gracefully 2010-01-29 17:00:18 +03:00
pps
ps3
rapidio
regulator regulator/lp3971: vol_map out of bounds in lp3971_{ldo,dcdc}_set_voltage() 2010-02-12 11:39:49 +00:00
rtc rtc-fm3130: add missing braces 2010-02-02 18:11:21 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2010-02-11 14:05:55 -08:00
sbus bbc_envctrl: Clean up properly if kthread_run() fails. 2010-01-04 15:31:10 -08:00
scsi Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-02-20 16:55:05 -08:00
serial serial: 8250: add serial transmitter fully empty test 2010-02-16 15:55:51 -08:00
sfi
sh
sn ioc3/ioc4: fix error path on driver registration 2009-12-15 08:53:27 -08:00
spi spi: spi_sh_msiof: Fixed data sampling on the correct edge 2010-02-02 11:29:15 +09:00
ssb ssb: Fix CONFIG_SSB_SDIOHOST typo 2010-02-03 16:55:20 -05:00
staging Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2010-02-01 10:46:49 -08:00
tc
telephony
thermal Merge branch 'misc-2.6.33' into release 2009-12-16 14:22:32 -05:00
uio const: constify remaining dev_pm_ops 2009-12-15 08:53:25 -08:00
usb USB: gadget: fix EEM gadget CRC usage 2010-02-16 15:11:10 -08:00
uwb
video efifb: fix framebuffer handoff 2010-02-22 19:50:34 -08:00
virtio virtio: fix section mismatch warnings 2010-01-16 12:15:39 -08:00
vlynq
w1
watchdog [WATCHDOG] bfin: fix max timeout calculation 2010-02-21 19:16:30 +00:00
xen xen: fix hang on suspend. 2010-01-13 10:01:35 +00:00
zorro
Kconfig firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
Makefile