Re: [PATCH 1/5] firewire: fix use of multiple AV/C devices, allowmultiple FCP listeners

From: Stefan Richter
Date: Sat Jan 23 2010 - 09:52:10 EST

Stefan Richter wrote:
> Date: Thu, 24 Dec 2009 12:05:58 +0100
> From: Clemens Ladisch <cladisch@xxxxxxxxxxxx>
> Control of more than one AV/C device at once --- e.g. camcorders, tape
> decks, audio devices, TV tuners --- failed or worked only unreliably,
> depending on driver implementation. This affected kernelspace and
> userspace drivers alike and was caused by firewire-core's inability to
> accept multiple registrations of FCP listeners.
> The fix allows multiple address handlers to be registered for the FCP
> command and response registers. When a request for these registers is
> received, all handlers are invoked, and the Firewire response is
> generated by the core and not by any handler.
> The cdev API does not change, i.e., userspace is still expected to send
> a response for FCP requests; this response is silently ignored.
> Signed-off-by: Clemens Ladisch <clemens@xxxxxxxxxx>
> Signed-off-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx> (changelog, rebased, whitespace)

I tested this on another box which has more kernel debug options enabled
than my current mainly used box. Alas, there is a serious regression on
that box:

1.) testlibraw now always shows:

- testing FCP monitoring on local node
got fcp command from node 0 of 8 bytes:ERROR: fcp payload not correct
6b 6b 6b 6b 6b 6b 6b 6b
got fcp response from node 0 of 8 bytes:ERROR: fcp payload not correct
6b 6b 6b 6b 6b 6b 6b 6b

2.) gscanbus's AV/C controls work but are now very quick to segfault.

3.) Kino frequently shows 6b:6b:6b:6b as timestamp when a DV camcorder
in "record" mode is connected.

4.) Kino is unable to determine the presence of a DV camcorder if the
camcorder is in "play" mode.

Only the AV/C kernel driver firedtv still works (tested with kaffeine).

0x6b is the POISON_FREE pattern in <linux/poison.h>. So, we apparently
have a use-after-free issue with FCP responses in firewire-core's cdev
interface now.

None of this happened before the patch. (There this box with otherwise
identical kernel and modules only exhibits the problem that was fixed by
the patch, i.e. no more than one FCP listener possible at a time.)
Stefan Richter
-=====-==-=- ---= =-===
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at