Bug 8174 - ohci1394 does not atomically update config ROM
Summary: ohci1394 does not atomically update config ROM
Status: REJECTED WILL_NOT_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: IEEE1394 (show other bugs)
Hardware: i386 Linux
: P2 low
Assignee: Stefan Richter
URL:
Keywords:
Depends on:
Blocks: 10046
  Show dependency tree
 
Reported: 2007-03-11 03:42 UTC by Stefan Richter
Modified: 2008-02-19 12:23 UTC (History)
1 user (show)

See Also:
Kernel Version: all
Subsystem:
Regression: ---
Bisected commit-id:


Attachments

Description Stefan Richter 2007-03-11 03:42:13 UTC
ohci_set_hw_config_rom() does not follow the mandatory procedure described in
OHCI 1.1 clause 5.5.6.  This may expose invalid configuration ROM data to
external FireWire peers.

How to solve this:
  - Copy new ROM data into a separate DMA area and point ConfigROMmap to it.
  - Keep track of existence of old and new DMA area.  Do not run
    ohci_set_hw_config_rom() if there are already both new + old DMA areas.
  - In a bus reset interrupt event, free the old DMA area if there is one.
Comment 1 Stefan Richter 2007-03-11 04:08:26 UTC
> Do not run ohci_set_hw_config_rom() if there are already both
> new + old DMA areas.

Correction: If there are already both new + old DMA areas, IOW if
ohci_set_hw_config_rom() is re-entered before the bus reset was performed, point
ConfigROMmap to the newest DMA area and free the not-anymore-so-new DMA area.
Comment 2 Stefan Richter 2007-03-11 04:10:46 UTC
This bug is a candidate for WILL_NOT_FIX, since the alternative drivers from
Kristian H
Comment 3 Stefan Richter 2007-07-05 02:10:33 UTC
I will update the status of this bug once we got a better impression on how Kristian's drivers fare in practice.  (They are now available to the broader public through Linus' 2.6.22-rc1 and later and already have replaced the old ieee1394 drivers in Fedora 7's kernel.)
Comment 4 Stefan Richter 2008-02-19 12:23:20 UTC
There are currently no resources to fix this in drivers/ieee1394/.
drivers/firewire/ does not feature this problem.

Note You need to log in before you can comment on or make changes to this bug.