The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: (21 commits)
BUG_ON() Conversion in drivers/video/
BUG_ON() Conversion in drivers/parisc/
BUG_ON() Conversion in drivers/block/
BUG_ON() Conversion in sound/sparc/cs4231.c
BUG_ON() Conversion in drivers/s390/block/dasd.c
BUG_ON() Conversion in lib/swiotlb.c
BUG_ON() Conversion in kernel/cpu.c
BUG_ON() Conversion in ipc/msg.c
BUG_ON() Conversion in block/elevator.c
BUG_ON() Conversion in fs/coda/
BUG_ON() Conversion in fs/binfmt_elf_fdpic.c
BUG_ON() Conversion in input/serio/hil_mlc.c
BUG_ON() Conversion in md/dm-hw-handler.c
BUG_ON() Conversion in md/bitmap.c
The comment describing how MS_ASYNC works in msync.c is confusing
rcu: undeclared variable used in documentation
fix typos "wich" -> "which"
typo patch for fs/ufs/super.c
Fix simple typos
tabify drivers/char/Makefile
...
Because of historic reasons, there are two separate directories with
V4L stuff. Most drivers are located at driver/media/video. However, some
code for USB Webcams were inserted under drivers/usb/media.
This makes difficult for module authors to know were things should be.
Also, makes Kconfig menu confusing for normal users.
This patch moves all V4L content under drivers/usb/media to
drivers/media/video, and fixes Kconfig/Makefile entries.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Thanks to Warren Lewis <wlewis@scn.org> for the information needed to
write the driver and for testing it out.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This one is about announcing the device registration after the last check
has been made.
From: Petko Manolov <petkan@nucleusys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Icom ID-1 1.2 GHz band digital transceiver is a new radio
that has a USB interface. With this patch, the ftdi_sio driver
will report "Detected FT8U232AM" and provide a serial device
interface.
Signed-off-by: "A. Maitland Bottoms" <bottoms@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds a new device ID to the cp2101 driver
Signed-off-by: Craig Shelley <craig@microtron.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
check_ctrlrecip() disallows any control transfers if the device is
deconfigured (in configuration 0, ie. state ADDRESS). This for example
makes it impossible to read the device descriptors without configuring the
device, although most standard device requests are allowed in this state by
the spec. This patch allows control transfers for the ADDRESS state, too.
Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a NULL pointer dereference spotted by the Coverity
checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as661) adds an unusual_devs entry for the Mitsumi 7in1 Card
Reader.
From: Rodolfo Quesada <rquesada@roqz.net>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The following adds an unusual_devs entry for the SanDisk ImageMate CompactFlash
USB drive, for the US_FL_FIX_CAPACITY flag. Additionally, it removes trailing
whitespace from the previous entry. It's based on the patch sent by Roman Hodek
<roman@hodek.net>.
Signed-off-by: Phil Dibowitz <phil@ipom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
As found by Sam's scripts.
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
When trying to deconfigure a device via usb_set_configuration(dev, 0),
2.6.16-rc kernels after 55c527187c oops
with "Unable to handle NULL pointer dereference at...". This is due to
an unchecked dereference of cp in the power budget part.
Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In a couple of places, usbcore assumes that a USB device configuration
will have a nonzero number of interfaces. Having no interfaces may or
may not be allowed by the USB spec; in any event we shouldn't die if we
encounter such a thing. This patch (as662) removes the assumptions.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as657) increases the port-reset completion delay in uhci-hcd
for HP's embedded controllers. Unlike other UHCI controllers, the HP
chips can take as long as 250 us to carry out the processing associated
with finishing a port reset.
This fixes Novell bug #148761.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The USB data cable for my Samsung GSM phone contains the USB-to-serial
converter chip MS3303H from Speed Dragon Multimedia, Inc. that appears to
be compatible with the PL2303 chip. The following patch adds support for
this chip to the pl2303 driver.
Signed-off-by: Dick Streefland <dick@streefland.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
A while ago, I posted about TIOCMIWAIT not working with the PL2303
USB-serial adapter.
After a brief exchange with Greg, I tracked this to a missing wake-up
in the USB interrupt procedures. I got our systems staff to install
the enclosed very simple patch to our 2.6.12 kernels, and it all works
fine as expected. I guess this should also apply to the latest version
and go into the mainstream.
Apologies for the long delay in posting the result.
The routine being patched is pl2303_update_line_status
Signed-off-by: Julian Bradfield <jcb+luu@inf.ed.ac.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds support for the Nokia ca42 version 2 cable to the
cypress_m8 driver. The device was tested by others with this patch and
found to be compatible with the cypress_m8 driver. A special note
should be taken that this cable seems to vary in the type of chipset
used. This patch supports the cable with product id 0x4101.
Signed-off-by: Lonnie Mendez <lmendez19@austin.rr.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
ZC0301 driver updates.
Changes: + new, - removed, * cleanup, @ bugfix
@ Need usb_get|put_dev() when disconnecting, if the device is open
* Cleanups and updates in the documentation
+ Use per-device sensor structures
+ Add frame_timeout module parameter
Signed-off-by: Luca Risolia <luca.risolia@studio.unibo.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: ET61X[12]51 driver updates
Changes: + new, - removed, * cleanup, @ bugfix
@ Fix stream_interrupt()
@ Fix vidioc_enum_input() and split vidioc_gs_input()
@ Need usb_get|put_dev() when disconnecting, if the device is open
* Use wait_event_interruptible_timeout() instead of wait_event_interruptible()
when waiting for video frames
* replace wake_up_interruptible(&wait_stream) with wake_up(&wait_stream)
* Cleanups and updates in the documentation
* Use mutexes instead of semaphores
+ Use per-device sensor structures
+ Add support for PAS202BCA image sensors
+ Add frame_timeout module parameter
Signed-off-by: Luca Risolia <luca.risolia@studio.unibo.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
SN9C10x driver updates.
Changes: + new, - removed, * cleanup, @ bugfix
@ Fix stream_interrupt()
@ Fix vidioc_enum_input() and split vidioc_gs_input()
@ Need usb_get|put_dev() when disconnecting, if the device is open
* Use wait_event_interruptible_timeout() instead of wait_event_interruptible()
when waiting for video frames
* replace wake_up_interruptible(&wait_stream) with wake_up(&wait_stream)
* Cleanups and updates in the documentation
+ Use per-device sensor structures
+ Add support for PAS202BCA image sensors
+ Add frame_timeout module parameter
Signed-off-by: Luca Risolia <luca.risolia@studio.unibo.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
this patch converts drivers/usb to kzalloc usage.
Compile tested with allyes config.
I think there was a bug in drivers/usb/gadget/inode.c because
it used sizeof(*data) for the kmalloc() and sizeof(data) for
the memset(), since sizeof(data) just returns the size for a pointer.
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
"Cosmetic" driver updates for the ZC0301 driver:
- Fix stream_interrupt() (and work around a possible kernel bug);
- Fix vidioc_enum_input() and split vidioc_gs_input() in two parts;
- Use wait_event_interruptible_timeout() instead of wait_event_interruptible()
when waiting for video frames;
- replace erroneous wake_up_interruptible(&wait_stream) with
wake_up(&wait_stream);
- Cosmetic cleanups in the documentation.
Signed-off-by: Luca Risolia <luca.risolia@studio.unibo.it>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Gcc 4.0.2 had the warning:
drivers/usb/media/ov511.c: In function 'show_exposure':
drivers/usb/media/ov511.c:5642: warning: 'exp' may be used uninitialized
in this function
Here is the patch to fix that warning.
Signed-off-by: Matthew Martin <lihnucks@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch allows you to set the iSerialNumber field in the
usb_device_descriptor structure for your USB ethernet gadget.
It also changes the parameters shown through sysfs so they're
no longer declared as __initdata, preventing potential oopses.
That's most useful for the Ethernet addresses, which may in
some cases be random "locally administered" addresses.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This adds __init section annotations to gadget driver bind() routines to
remove calls from .text into .init sections (for endpoint autoconfig).
Likewise it adds __exit section annotations to their unbind() routines.
The specification of the gadget driver register/unregister functions is
updated to explicitly allow use of those sections.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as647) fixes a small error introduced by a recent change to
the USB core suspend/resume code.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as640) removes several put_device and the corresponding
get_device calls from the USB core and HCDs. Some of the puts were done
in atomic contexts, and none of them are needed since the core now
guarantees that every endpoint will be disabled and every URB completed
before a USB device is released.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
A recent update to the uhci-hcd driver invoked the list_prepare_entry
macro incorrectly. This patch (as646) corrects it.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Even when the URB_SHORT_NOT_OK flag is set, a short transfer shouldn't
generate a debugging log message. Especially not one with the confusing
claim that the transfer "failed with status 0". This patch (as627)
fixes that behavior in uhci-hcd.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as626) makes some improvements to the debugging code in
uhci-hcd. The main change is that now the code won't get compiled if
CONFIG_USB_DEBUG isn't set. But there are other changes too, like
adding a missing .owner field and printing a debugging dump if the
controller dies.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
As part of reorienting uhci-hcd away from URBs and toward endpoint
queues, this patch (as625) eliminates the driver's main list of URBs.
The list wsa used mainly in checking for URB completions; now the driver
goes through the list of active endpoints and checks the members of the
queues.
As a side effect, I had to remove the code that looks for FSBR timeouts.
For now, FSBR will remain on so long as any URBs on a full-speed control
or bulk queue request it, even if the queue isn't advancing. A later
patch can add more intelligent handling. This isn't a huge drawback;
it's pretty rare for an URB to get stuck for more than a fraction of a
second. (And it will help the people trying to use those insane HP USB
devices.)
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as624) fixes a hardware race in uhci-hcd by adding a dummy
TD to the end of each endpoint's queue. Without the dummy the host
controller will effectively turn off the queue when it reaches the end,
which happens asynchronously. This leads to a potential problem when
new transfer descriptors are added to the end of the queue; they may
never get used.
With a dummy TD present the controller never turns off the queue;
instead it just stops at the dummy and leaves the queue on but inactive.
When new TDs are added to the end of the queue, the first new one gets
written over the dummy. Thus there's never any question about whether
the queue is running or needs to be restarted.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as623) changes the uhci-hcd driver to make it use one QH per
device endpoint, instead of a QH per URB as it does now. Numerous areas
of the code are affected by this. For example, the distinction between
"queued" URBs and non-"queued" URBs no longer exists; all URBs belong to
a queue and some just happen to be at the queue's head.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In setting up the of PHY we masked off too many bits, instead just
initialize PORTSC for the type of PHY we are using.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds a second linksys vendor-id (077b) and the product id of the
pegasus based adapter USBVPN1
http://www1.linksys.com/Products/product.asp?prid=3D543&scid=3D30
Furthermore it replaces all LINKSYS_GPIO_RESET with DEFAULT_GPIO_RESET as both
are declared like this:
#define DEFAULT_GPIO_RESET 0x24
#define LINKSYS_GPIO_RESET 0x24
This is misleading and confusing.
The check is now done via the VENDOR_ID in pegasus.c:
if (usb_dev_id[pegasus->dev_index].vendor == VENDOR_LINKSYS
Signed-off-by: Malte Doersam <mdoersam@arcor.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as628c) adds error handling to the USB HID core. When an
error is reported for an interrupt URB, the driver will do delayed
retries, at increasing intervals, for up to one second. If that doesn't
work, it will try to reset the device. Testing by users has shown that
both the retries and the resets end up getting used.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This makes usbcore use the driver model wakeup flags for host controllers
and for their root hubs. Since previous patches have removed all users of
the HCD flags they replace, this converts the last users of those flags.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This makes OHCI use the driver model wakeup control bits for its root hub
(e.g. disable on amd756, because of chip erratum) and for the controller
itself. It no longer uses the hcd glue bits with those roles, and depends
on the previous patch making the root hub available earlier.
Note that on most platforms (boot code properly setting the RWC bit) this
gives a partial workaround for the way PCI isn't currently flagging devices
that support PME# signals. (Because of odd PCI init sequencing on PPC.)
That's because many OHCI controllers support "legacy PCI PM" ... without
involving any PCI PM capability.
USB wakeup from STR, if it works on your system, may still involve
tweaking things by hand in /proc/acpi/wakeup.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Make the HCD initialization sequence more sane ... notably, setting up
root hubs before HCDs are asked to do their one-time init. Among other
things, that lets the HCDs do custom root hub init along with all the
other one-time initialization done in the (now misnamed) reset() method.
This also copies the controller wakeup flags into the root hub; it's
done a bit later than would be ideal, but that'll be necessary until
the PCI code initializes them correctly. (The PCI patch breaks on PPC
due to how it sequences PCI initialization.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>