#
2e7ed5f5 |
|
05-Apr-2024 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync The extended advertising reports do report the PHYs so this store then in hci_conn so it can be later used in hci_le_ext_create_conn_sync to narrow the PHYs to be scanned since the controller will also perform a scan having a smaller set of PHYs shall reduce the time it takes to find and connect peers. Fixes: 288c90224eec ("Bluetooth: Enable all supported LE PHY by default") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
600b0bbe |
|
04-Apr-2024 |
Archie Pusaka <apusaka@chromium.org> |
Bluetooth: l2cap: Don't double set the HCI_CONN_MGMT_CONNECTED bit The bit is set and tested inside mgmt_device_connected(), therefore we must not set it just outside the function. Fixes: eeda1bf97bb5 ("Bluetooth: hci_event: Fix not indicating new connection for BIG Sync") Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reviewed-by: Manish Mandlik <mmandlik@chromium.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
bf98feea |
|
07-Feb-2024 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: hci_conn: Always use sk_timeo as conn_timeout This aligns the use socket sk_timeo as conn_timeout when initiating a connection and then use it when scheduling the resulting HCI command, that way the command is actually aborted synchronously thus not blocking commands generated by hci_abort_conn_sync to inform the controller the connection is to be aborted. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
e7b02296 |
|
01-Feb-2024 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Remove BT_HS High Speed, Alternate MAC and PHY (AMP) extension, has been removed from Bluetooth Core specification on 5.3: https://www.bluetooth.com/blog/new-core-specification-v5-3-feature-enhancements/ Fixes: 244bc377591c ("Bluetooth: Add BT_HS config option") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
e4b01951 |
|
24-Jan-2024 |
Kai-Heng Feng <kai.heng.feng@canonical.com> |
Bluetooth: Enforce validation on max value of connection interval Right now Linux BT stack cannot pass test case "GAP/CONN/CPUP/BV-05-C 'Connection Parameter Update Procedure Invalid Parameters Central Responder'" in Bluetooth Test Suite revision GAP.TS.p44. [0] That was revoled by commit c49a8682fc5d ("Bluetooth: validate BLE connection interval updates"), but later got reverted due to devices like keyboards and mice may require low connection interval. So only validate the max value connection interval to pass the Test Suite, and let devices to request low connection interval if needed. [0] https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=229869 Fixes: 68d19d7d9957 ("Revert "Bluetooth: validate BLE connection interval updates"") Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
96a3398b |
|
19-Dec-2023 |
Frédéric Danis <frederic.danis@collabora.com> |
Bluetooth: L2CAP: Fix possible multiple reject send In case of an incomplete command or a command with a null identifier 2 reject packets will be sent, one with the identifier and one with 0. Consuming the data of the command will prevent it. This allows to send a reject packet for each corrupted command in a multi-command packet. Signed-off-by: Frédéric Danis <frederic.danis@collabora.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
78b99eb1 |
|
08-Dec-2023 |
Frédéric Danis <frederic.danis@collabora.com> |
Bluetooth: L2CAP: Send reject on command corrupted request L2CAP/COS/CED/BI-02-C PTS test send a malformed L2CAP signaling packet with 2 commands in it (a connection request and an unknown command) and expect to get a connection response packet and a command reject packet. The second is currently not sent. Cc: stable@vger.kernel.org Signed-off-by: Frédéric Danis <frederic.danis@collabora.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
f752a0b3 |
|
24-May-2023 |
Zhengping Jiang <jiangzp@google.com> |
Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej. Signed-off-by: Zhengping Jiang <jiangzp@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
75767213 |
|
03-Jun-2023 |
Sungwoo Kim <iam@sung-woo.kim> |
Bluetooth: L2CAP: Add missing checks for invalid DCID When receiving a connect response we should make sure that the DCID is within the valid range and that we don't already have another channel allocated for the same DCID. Missing checks may violate the specification (BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 3, Part A, Page 1046). Fixes: 40624183c202 ("Bluetooth: L2CAP: Add missing checks for invalid LE DCID") Signed-off-by: Sungwoo Kim <iam@sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
02c5ea52 |
|
30-May-2023 |
Ying Hsu <yinghsu@chromium.org> |
Bluetooth: Fix l2cap_disconnect_req deadlock L2CAP assumes that the locks conn->chan_lock and chan->lock are acquired in the order conn->chan_lock, chan->lock to avoid potential deadlock. For example, l2sock_shutdown acquires these locks in the order: mutex_lock(&conn->chan_lock) l2cap_chan_lock(chan) However, l2cap_disconnect_req acquires chan->lock in l2cap_get_chan_by_scid first and then acquires conn->chan_lock before calling l2cap_chan_del. This means that these locks are acquired in unexpected order, which leads to potential deadlock: l2cap_chan_lock(c) mutex_lock(&conn->chan_lock) This patch releases chan->lock before acquiring the conn_chan_lock to avoid the potential deadlock. Fixes: a2a9339e1c9d ("Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}") Signed-off-by: Ying Hsu <yinghsu@chromium.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
25e97f7b |
|
16-Apr-2023 |
Min Li <lm0963hack@gmail.com> |
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered. Reported-by: syzbot+9519d6b5b79cf7787cf3@syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000894f5f05f95e9f4d@google.com/ Signed-off-by: Min Li <lm0963hack@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
b8b23001 |
|
08-Mar-2023 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Delay identity address updates This delays the identity address updates to give time for userspace to process the new address otherwise there is a risk that userspace creates a duplicated device if the MGMT event is delayed for some reason. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
a2a9339e |
|
06-Apr-2023 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. Cc: stable@kernel.org Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Min Li <lm0963hack@gmail.com>
|
#
9aa9d947 |
|
08-Mar-2023 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix responding with wrong PDU type L2CAP_ECRED_CONN_REQ shall be responded with L2CAP_ECRED_CONN_RSP not L2CAP_LE_CONN_RSP: L2CAP LE EATT Server - Reject - run Listening for connections New client connection with handle 0x002a Sending L2CAP Request from client Client received response code 0x15 Unexpected L2CAP response code (expected 0x18) L2CAP LE EATT Server - Reject - test failed > ACL Data RX: Handle 42 flags 0x02 dlen 26 LE L2CAP: Enhanced Credit Connection Request (0x17) ident 1 len 18 PSM: 39 (0x0027) MTU: 64 MPS: 64 Credits: 5 Source CID: 65 Source CID: 66 Source CID: 67 Source CID: 68 Source CID: 69 < ACL Data TX: Handle 42 flags 0x00 dlen 16 LE L2CAP: LE Connection Response (0x15) ident 1 len 8 invalid size 00 00 00 00 00 00 06 00 L2CAP LE EATT Server - Reject - run Listening for connections New client connection with handle 0x002a Sending L2CAP Request from client Client received response code 0x18 L2CAP LE EATT Server - Reject - test passed Fixes: 15f02b910562 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
df570334 |
|
01-Feb-2023 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling alloc_skb which may release the chan lock and reacquire later which makes it possible that the chan is disconnected in the meantime. Fixes: a6a5568c03c4 ("Bluetooth: Lock the L2CAP channel when sending") Reported-by: Alexander Coffin <alex.coffin@matician.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
462fcd53 |
|
27-Oct-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Add CONFIG_BT_LE_L2CAP_ECRED This adds CONFIG_BT_LE_L2CAP_ECRED which can be used to enable L2CAP Enhanced Credit Flow Control Mode by default, previously it was only possible to set it via module parameter (e.g. bluetooth.enable_ecred=1). Since L2CAP ECRED mode is required by the likes of EATT which is recommended for LE Audio this enables it by default. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Tested-By: Tedd Ho-Jeong An <tedd.an@intel.com>
|
#
bcd70260 |
|
18-Nov-2022 |
Sungwoo Kim <iam@sung-woo.kim> |
Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this by adding a boundary check with L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 = Note: Bluetooth subsystem version 2.22 0.264636 @ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191 = New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741 = Open Index: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106 invalid packet size (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561 invalid packet size (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Bluetooth daemon 5.43 14.401828 > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753 invalid packet size (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@... Signed-off-by: Sungwoo Kim <iam@sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
b1a2cd50 |
|
31-Oct-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix attempting to access uninitialized memory On l2cap_parse_conf_req the variable efs is only initialized if remote_efs has been set. CVE: CVE-2022-42895 CC: stable@vger.kernel.org Reported-by: Tamás Koczka <poprdi@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
|
#
f937b758 |
|
31-Oct-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm l2cap_global_chan_by_psm shall not return fixed channels as they are not meant to be connected by (S)PSM. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
|
#
711f8c3f |
|
31-Oct-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM The Bluetooth spec states that the valid range for SPSM is from 0x0001-0x00ff so it is invalid to accept values outside of this range: BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 3, Part A page 1059: Table 4.15: L2CAP_LE_CREDIT_BASED_CONNECTION_REQ SPSM ranges CVE: CVE-2022-42896 CC: stable@vger.kernel.org Reported-by: Tamás Koczka <poprdi@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
|
#
7c9524d9 |
|
17-Oct-2022 |
Hawkins Jiawei <yin31149@gmail.com> |
Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 (size 240): [...] hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff838733d9>] __alloc_skb+0x1f9/0x270 net/core/skbuff.c:418 [<ffffffff833f742f>] alloc_skb include/linux/skbuff.h:1257 [inline] [<ffffffff833f742f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:469 [inline] [<ffffffff833f742f>] vhci_get_user drivers/bluetooth/hci_vhci.c:391 [inline] [<ffffffff833f742f>] vhci_write+0x5f/0x230 drivers/bluetooth/hci_vhci.c:511 [<ffffffff815e398d>] call_write_iter include/linux/fs.h:2192 [inline] [<ffffffff815e398d>] new_sync_write fs/read_write.c:491 [inline] [<ffffffff815e398d>] vfs_write+0x42d/0x540 fs/read_write.c:578 [<ffffffff815e3cdd>] ksys_write+0x9d/0x160 fs/read_write.c:631 [<ffffffff845e0645>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff845e0645>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [<ffffffff84600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd ==================================== HCI core will uses hci_rx_work() to process frame, which is queued to the hdev->rx_q tail in hci_recv_frame() by HCI driver. Yet the problem is that, HCI core may not free the skb after handling ACL data packets. To be more specific, when start fragment does not contain the L2CAP length, HCI core just copies skb into conn->rx_skb and finishes frame process in l2cap_recv_acldata(), without freeing the skb, which triggers the above memory leak. This patch solves it by releasing the relative skb, after processing the above case in l2cap_recv_acldata(). Fixes: 4d7ea8ee90e4 ("Bluetooth: L2CAP: Fix handling fragmented length") Link: https://lore.kernel.org/all/0000000000000d0b1905e6aaef64@google.com/ Reported-and-tested-by: syzbot+8f819e36e01022991cfa@syzkaller.appspotmail.com Signed-off-by: Hawkins Jiawei <yin31149@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
0d0e2d03 |
|
17-Oct-2022 |
Zhengchao Shao <shaozhengchao@huawei.com> |
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When l2cap_recv_frame() is invoked to receive data, and the cid is L2CAP_CID_A2MP, if the channel does not exist, it will create a channel. However, after a channel is created, the hold operation of the channel is not performed. In this case, the value of channel reference counting is 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del() invokes the close hook function of A2MP to release the channel. Then l2cap_chan_unlock(chan) will trigger UAF issue. The process is as follows: Receive data: l2cap_data_channel() a2mp_channel_create() --->channel ref is 2 l2cap_chan_put() --->channel ref is 1 Triger event: hci_error_reset() hci_dev_do_close() ... l2cap_disconn_cfm() l2cap_conn_del() l2cap_chan_hold() --->channel ref is 2 l2cap_chan_del() --->channel ref is 1 a2mp_chan_close_cb() --->channel ref is 0, release channel l2cap_chan_unlock() --->UAF of channel The detailed Call Trace is as follows: BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0 Read of size 8 at addr ffff8880160664b8 by task kworker/u11:1/7593 Workqueue: hci0 hci_error_reset Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 print_report.cold+0x2ba/0x719 kasan_report+0xb1/0x1e0 kasan_check_range+0x140/0x190 __mutex_unlock_slowpath+0xa6/0x5e0 l2cap_conn_del+0x404/0x7b0 l2cap_disconn_cfm+0x8c/0xc0 hci_conn_hash_flush+0x11f/0x260 hci_dev_close_sync+0x5f5/0x11f0 hci_dev_do_close+0x2d/0x70 hci_error_reset+0x9e/0x140 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 7593: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0xa9/0xd0 l2cap_chan_create+0x40/0x930 amp_mgr_create+0x96/0x990 a2mp_channel_create+0x7d/0x150 l2cap_recv_frame+0x51b8/0x9a70 l2cap_recv_acldata+0xaa3/0xc00 hci_rx_work+0x702/0x1220 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 Freed by task 7593: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_set_free_info+0x20/0x30 ____kasan_slab_free+0x167/0x1c0 slab_free_freelist_hook+0x89/0x1c0 kfree+0xe2/0x580 l2cap_chan_put+0x22a/0x2d0 l2cap_conn_del+0x3fc/0x7b0 l2cap_disconn_cfm+0x8c/0xc0 hci_conn_hash_flush+0x11f/0x260 hci_dev_close_sync+0x5f5/0x11f0 hci_dev_do_close+0x2d/0x70 hci_error_reset+0x9e/0x140 process_one_work+0x98a/0x1620 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0xbe/0xd0 call_rcu+0x99/0x740 netlink_release+0xe6a/0x1cf0 __sock_release+0xcd/0x280 sock_close+0x18/0x20 __fput+0x27c/0xa90 task_work_run+0xdd/0x1a0 exit_to_user_mode_prepare+0x23c/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0xbe/0xd0 call_rcu+0x99/0x740 netlink_release+0xe6a/0x1cf0 __sock_release+0xcd/0x280 sock_close+0x18/0x20 __fput+0x27c/0xa90 task_work_run+0xdd/0x1a0 exit_to_user_mode_prepare+0x23c/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put") Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
3aff8aac |
|
04-Oct-2022 |
Maxim Mikityanskiy <maxtram95@gmail.com> |
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) -> __sock_queue_rcv_skb. 2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram. An SKB can be queued by the first flow and immediately dequeued and freed by the second flow, therefore the callers of l2cap_reassemble_sdu can't use the SKB after that function returns. However, some places continue accessing struct l2cap_ctrl that resides in the SKB's CB for a short time after l2cap_reassemble_sdu returns, leading to a use-after-free condition (the stack trace is below, line numbers for kernel 5.19.8). Fix it by keeping a local copy of struct l2cap_ctrl. BUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth Read of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169 Workqueue: hci0 hci_rx_work [bluetooth] Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth ret_from_fork (arch/x86/entry/entry_64.S:306) </TASK> Allocated by task 43169: kasan_save_stack (mm/kasan/common.c:39) __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293) __alloc_skb (net/core/skbuff.c:414) l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth process_one_work (kernel/workqueue.c:2289) worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437) kthread (kernel/kthread.c:376) ret_from_fork (arch/x86/entry/entry_64.S:306) Freed by task 27920: kasan_save_stack (mm/kasan/common.c:39) kasan_set_track (mm/kasan/common.c:45) kasan_set_free_info (mm/kasan/generic.c:372) ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328) slab_free_freelist_hook (mm/slub.c:1780) kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553) skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323) bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth sock_read_iter (net/socket.c:1087) new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401) vfs_read (fs/read_write.c:482) ksys_read (fs/read_write.c:620) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) Link: https://lore.kernel.org/linux-bluetooth/CAKErNvoqga1WcmoR3-0875esY6TVWFQDandbVZncSiuGPBQXLA@mail.gmail.com/T/#u Fixes: d2a7ac5d5d3a ("Bluetooth: Add the ERTM receive state machine") Fixes: 4b51dae96731 ("Bluetooth: Add streaming mode receive and incoming packet classifier") Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
35fcbc42 |
|
29-Sep-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref *kref) Bluetooth: chan 0000000023c4974d Bluetooth: parent 00000000ae861c08 ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:191 [inline] BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:671 [inline] BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400 kernel/locking/mutex.c:729 Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389 Link: https://lore.kernel.org/lkml/20220622082716.478486-1-lee.jones@linaro.org Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
|
#
2d2cb306 |
|
03-Sep-2022 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() syzbot is reporting cancel_delayed_work() without INIT_DELAYED_WORK() at l2cap_chan_del() [1], for CONF_NOT_COMPLETE flag (which meant to prevent l2cap_chan_del() from calling cancel_delayed_work()) is cleared by timer which fires before l2cap_chan_del() is called by closing file descriptor created by socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_L2CAP). l2cap_bredr_sig_cmd(L2CAP_CONF_REQ) and l2cap_bredr_sig_cmd(L2CAP_CONF_RSP) are calling l2cap_ertm_init(chan), and they call l2cap_chan_ready() (which clears CONF_NOT_COMPLETE flag) only when l2cap_ertm_init(chan) succeeded. l2cap_sock_init() does not call l2cap_ertm_init(chan), and it instead sets CONF_NOT_COMPLETE flag by calling l2cap_chan_set_defaults(). However, when connect() is requested, "command 0x0409 tx timeout" happens after 2 seconds from connect() request, and CONF_NOT_COMPLETE flag is cleared after 4 seconds from connect() request, for l2cap_conn_start() from l2cap_info_timeout() callback scheduled by schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); in l2cap_connect() is calling l2cap_chan_ready(). Fix this problem by initializing delayed works used by L2CAP_MODE_ERTM mode as soon as l2cap_chan_create() allocates a channel, like I did in commit be8597239379f0f5 ("Bluetooth: initialize skb_queue_head at l2cap_chan_create()"). Link: https://syzkaller.appspot.com/bug?extid=83672956c7aa6af698b3 [1] Reported-by: syzbot <syzbot+83672956c7aa6af698b3@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
fc5ae5b4 |
|
12-Aug-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix build errors in some archs This attempts to fix the follow errors: In function 'memcmp', inlined from 'bacmp' at ./include/net/bluetooth/bluetooth.h:347:9, inlined from 'l2cap_global_chan_by_psm' at net/bluetooth/l2cap_core.c:2003:15: ./include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread] 44 | #define __underlying_memcmp __builtin_memcmp | ^ ./include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp' 420 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ In function 'memcmp', inlined from 'bacmp' at ./include/net/bluetooth/bluetooth.h:347:9, inlined from 'l2cap_global_chan_by_psm' at net/bluetooth/l2cap_core.c:2004:15: ./include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread] 44 | #define __underlying_memcmp __builtin_memcmp | ^ ./include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp' 420 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ Fixes: 332f1795ca20 ("Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
b840304f |
|
12-Aug-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix build errors in some archs This attempts to fix the follow errors: In function 'memcmp', inlined from 'bacmp' at ./include/net/bluetooth/bluetooth.h:347:9, inlined from 'l2cap_global_chan_by_psm' at net/bluetooth/l2cap_core.c:2003:15: ./include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread] 44 | #define __underlying_memcmp __builtin_memcmp | ^ ./include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp' 420 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ In function 'memcmp', inlined from 'bacmp' at ./include/net/bluetooth/bluetooth.h:347:9, inlined from 'l2cap_global_chan_by_psm' at net/bluetooth/l2cap_core.c:2004:15: ./include/linux/fortify-string.h:44:33: error: '__builtin_memcmp' specified bound 6 exceeds source size 0 [-Werror=stringop-overread] 44 | #define __underlying_memcmp __builtin_memcmp | ^ ./include/linux/fortify-string.h:420:16: note: in expansion of macro '__underlying_memcmp' 420 | return __underlying_memcmp(p, q, size); | ^~~~~~~~~~~~~~~~~~~ Fixes: 332f1795ca20 ("Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
332f1795 |
|
01-Aug-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression The patch d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put" from Jul 21, 2022, leads to the following Smatch static checker warning: net/bluetooth/l2cap_core.c:1977 l2cap_global_chan_by_psm() error: we previously assumed 'c' could be null (see line 1996) Fixes: d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
a5133fe8 |
|
07-Jun-2022 |
Xiaohui Zhang <xiaohuizhang@ruc.edu.cn> |
Bluetooth: use memset avoid memory leaks Similar to the handling of l2cap_ecred_connect in commit d3715b2333e9 ("Bluetooth: use memset avoid memory leaks"), we thought a patch might be needed here as well. Use memset to initialize structs to prevent memory leaks in l2cap_le_connect Signed-off-by: Xiaohui Zhang <xiaohuizhang@ruc.edu.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d0be8347 |
|
21-Jul-2022 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put This fixes the following trace which is caused by hci_rx_work starting up *after* the final channel reference has been put() during sock_close() but *before* the references to the channel have been destroyed, so instead the code now rely on kref_get_unless_zero/l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. refcount_t: increment on 0; use-after-free. BUG: KASAN: use-after-free in refcount_dec_and_test+0x20/0xd0 Read of size 4 at addr ffffffc114f5bf18 by task kworker/u17:14/705 CPU: 4 PID: 705 Comm: kworker/u17:14 Tainted: G S W 4.14.234-00003-g1fb6d0bd49a4-dirty #28 Hardware name: Qualcomm Technologies, Inc. SM8150 V2 PM8150 Google Inc. MSM sm8150 Flame DVT (DT) Workqueue: hci0 hci_rx_work Call trace: dump_backtrace+0x0/0x378 show_stack+0x20/0x2c dump_stack+0x124/0x148 print_address_description+0x80/0x2e8 __kasan_report+0x168/0x188 kasan_report+0x10/0x18 __asan_load4+0x84/0x8c refcount_dec_and_test+0x20/0xd0 l2cap_chan_put+0x48/0x12c l2cap_recv_frame+0x4770/0x6550 l2cap_recv_acldata+0x44c/0x7a4 hci_acldata_packet+0x100/0x188 hci_rx_work+0x178/0x23c process_one_work+0x35c/0x95c worker_thread+0x4cc/0x960 kthread+0x1a8/0x1c4 ret_from_fork+0x10/0x18 Cc: stable@kernel.org Reported-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Tested-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
|
#
1f667e15 |
|
02-Mar-2022 |
Christophe JAILLET <christophe.jaillet@wanadoo.fr> |
Bluetooth: Don't assign twice the same value data.pid is set twice with the same value. Remove one of these redundant calls. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d3715b23 |
|
25-Feb-2022 |
Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn> |
Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2cap_ecred_connect Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Minghao Chi (CGEL ZTE) <chi.minghao@zte.com.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
8e8b92ee |
|
22-Dec-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: hci_sync: Add hci_le_create_conn_sync This adds hci_le_create_conn_sync and make hci_le_connect use it instead of queueing multiple commands which may conflict with the likes of hci_update_passive_scan which uses hci_cmd_sync_queue. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d850bf08 |
|
30-Aug-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Fix using RPA when address has been resolved When connecting to a device using an RPA if the address has been resolved by the controller (types 0x02 and 0x03) the identity address shall be used as the actual RPA in the advertisement won't be visible to the host. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3d4f9c00 |
|
04-Jun-2021 |
Archie Pusaka <apusaka@chromium.org> |
Bluetooth: use inclusive language when filtering devices This patch replaces some non-inclusive terms based on the appropriate language mapping table compiled by the Bluetooth SIG: https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf Specifically, these terms are replaced: blacklist -> reject list whitelist -> accept list Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reviewed-by: Miao-chen Chou <mcchou@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
74be523c |
|
04-Jun-2021 |
Archie Pusaka <apusaka@chromium.org> |
Bluetooth: use inclusive language in HCI role comments This patch replaces some non-inclusive terms based on the appropriate language mapping table compiled by the Bluetooth SIG: https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf Specifically, these terms are replaced: master -> initiator (for smp) or central (everything else) slave -> responder (for smp) or peripheral (everything else) The #define preprocessor terms are unchanged for now to not disturb dependent APIs. Signed-off-by: Archie Pusaka <apusaka@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
de895b43 |
|
19-May-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix invalid access on ECRED Connection response The use of l2cap_chan_del is not safe under a loop using list_for_each_entry. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
1fa20d7d |
|
19-May-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails The use of l2cap_chan_del is not safe under a loop using list_for_each_entry. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
1c6ed31b |
|
09-Apr-2021 |
Yu Liu <yudiliu@google.com> |
Bluetooth: Return whether a connection is outbound When an MGMT_EV_DEVICE_CONNECTED event is reported back to the user space we will set the flags to tell if the established connection is outbound or not. This is useful for the user space to log better metrics and error messages. Reviewed-by: Miao-chen Chou <mcchou@chromium.org> Reviewed-by: Alain Michaud <alainm@chromium.org> Signed-off-by: Yu Liu <yudiliu@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
93917fd2 |
|
06-Apr-2021 |
Kai Ye <yekai13@huawei.com> |
Bluetooth: use the correct print format for L2CAP debug statements Use the correct print format. Printing an unsigned int value should use %u instead of %d. For details, please read document: Documentation/core-api/printk-formats.rst Signed-off-by: Kai Ye <yekai13@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
149b3f13 |
|
01-Apr-2021 |
Meng Yu <yumeng18@huawei.com> |
Bluetooth: Coding style fix 1. Add space when needed; 2. Block comments style fix; 3. Move open brace '{' following function definitions to the next line; 4. Remove unnecessary braces '{}' for single statement blocks. Signed-off-by: Meng Yu <yumeng18@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
82a12426 |
|
01-Apr-2021 |
Meng Yu <yumeng18@huawei.com> |
Bluetooth: Remove 'return' in void function void function return statements are not generally useful. Signed-off-by: Meng Yu <yumeng18@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5153ceb9 |
|
24-Mar-2021 |
Bhaskar Chowdhury <unixbhaskar@gmail.com> |
Bluetooth: L2CAP: Rudimentary typo fixes s/minium/minimum/ s/procdure/procedure/ Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
be859723 |
|
21-Mar-2021 |
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
Bluetooth: initialize skb_queue_head at l2cap_chan_create() syzbot is hitting "INFO: trying to register non-static key." message [1], for "struct l2cap_chan"->tx_q.lock spinlock is not yet initialized when l2cap_chan_del() is called due to e.g. timeout. Since "struct l2cap_chan"->lock mutex is initialized at l2cap_chan_create() immediately after "struct l2cap_chan" is allocated using kzalloc(), let's as well initialize "struct l2cap_chan"->{tx_q,srej_q}.lock spinlocks there. [1] https://syzkaller.appspot.com/bug?extid=fadfba6a911f6bf71842 Reported-and-tested-by: syzbot <syzbot+fadfba6a911f6bf71842@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3a9d54b1 |
|
22-Mar-2021 |
Archie Pusaka <apusaka@chromium.org> |
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default Currently l2cap_chan_set_defaults() reset chan->conf_state to zero. However, there is a flag CONF_NOT_COMPLETE which is set when creating the l2cap_chan. It is suggested that the flag should be cleared when l2cap_chan is ready, but when l2cap_chan_set_defaults() is called, l2cap_chan is not yet ready. Therefore, we must set this flag as the default. Example crash call trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0xc4/0x118 lib/dump_stack.c:56 panic+0x1c6/0x38b kernel/panic.c:117 __warn+0x170/0x1b9 kernel/panic.c:471 warn_slowpath_fmt+0xc7/0xf8 kernel/panic.c:494 debug_print_object+0x175/0x193 lib/debugobjects.c:260 debug_object_assert_init+0x171/0x1bf lib/debugobjects.c:614 debug_timer_assert_init kernel/time/timer.c:629 [inline] debug_assert_init kernel/time/timer.c:677 [inline] del_timer+0x7c/0x179 kernel/time/timer.c:1034 try_to_grab_pending+0x81/0x2e5 kernel/workqueue.c:1230 cancel_delayed_work+0x7c/0x1c4 kernel/workqueue.c:2929 l2cap_clear_timer+0x1e/0x41 include/net/bluetooth/l2cap.h:834 l2cap_chan_del+0x2d8/0x37e net/bluetooth/l2cap_core.c:640 l2cap_chan_close+0x532/0x5d8 net/bluetooth/l2cap_core.c:756 l2cap_sock_shutdown+0x806/0x969 net/bluetooth/l2cap_sock.c:1174 l2cap_sock_release+0x64/0x14d net/bluetooth/l2cap_sock.c:1217 __sock_release+0xda/0x217 net/socket.c:580 sock_close+0x1b/0x1f net/socket.c:1039 __fput+0x322/0x55c fs/file_table.c:208 ____fput+0x17/0x19 fs/file_table.c:244 task_work_run+0x19b/0x1d3 kernel/task_work.c:115 exit_task_work include/linux/task_work.h:21 [inline] do_exit+0xe4c/0x204a kernel/exit.c:766 do_group_exit+0x291/0x291 kernel/exit.c:891 get_signal+0x749/0x1093 kernel/signal.c:2396 do_signal+0xa5/0xcdb arch/x86/kernel/signal.c:737 exit_to_usermode_loop arch/x86/entry/common.c:243 [inline] prepare_exit_to_usermode+0xed/0x235 arch/x86/entry/common.c:277 syscall_return_slowpath+0x3a7/0x3b3 arch/x86/entry/common.c:348 int_ret_from_sys_call+0x25/0xa3 Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reported-by: syzbot+338f014a98367a08a114@syzkaller.appspotmail.com Reviewed-by: Alain Michaud <alainm@chromium.org> Reviewed-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org> Reviewed-by: Guenter Roeck <groeck@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
7cf3b1dd |
|
15-Mar-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix not checking for maximum number of DCID When receiving L2CAP_CREDIT_BASED_CONNECTION_REQ the remote may request more channels than allowed by the spec (10 octecs = 5 CIDs) so this checks if the number of channels is bigger than the maximum allowed and respond with an error. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
98d2c3e1 |
|
08-Dec-2020 |
Bastien Nocera <hadess@hadess.net> |
Bluetooth: L2CAP: Try harder to accept device not knowing options The current implementation of L2CAP options negotiation will continue the negotiation when a device responds with L2CAP_CONF_UNACCEPT ("unaccepted options"), but not when the device replies with L2CAP_CONF_UNKNOWN ("unknown options"). Trying to continue the negotiation without ERTM support will allow Bluetooth-capable XBox One controllers (notably models 1708 and 1797) to connect. btmon before patch: > ACL Data RX: Handle 256 flags 0x02 dlen 16 #64 [hci0] 59.182702 L2CAP: Connection Response (0x03) ident 2 len 8 Destination CID: 64 Source CID: 64 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 256 flags 0x00 dlen 23 #65 [hci0] 59.182744 L2CAP: Configure Request (0x04) ident 3 len 15 Destination CID: 64 Flags: 0x0000 Option: Retransmission and Flow Control (0x04) [mandatory] Mode: Basic (0x00) TX window size: 0 Max transmit: 0 Retransmission timeout: 0 Monitor timeout: 0 Maximum PDU size: 0 > ACL Data RX: Handle 256 flags 0x02 dlen 16 #66 [hci0] 59.183948 L2CAP: Configure Request (0x04) ident 1 len 8 Destination CID: 64 Flags: 0x0000 Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1480 < ACL Data TX: Handle 256 flags 0x00 dlen 18 #67 [hci0] 59.183994 L2CAP: Configure Response (0x05) ident 1 len 10 Source CID: 64 Flags: 0x0000 Result: Success (0x0000) Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1480 > ACL Data RX: Handle 256 flags 0x02 dlen 15 #69 [hci0] 59.187676 L2CAP: Configure Response (0x05) ident 3 len 7 Source CID: 64 Flags: 0x0000 Result: Failure - unknown options (0x0003) 04 . < ACL Data TX: Handle 256 flags 0x00 dlen 12 #70 [hci0] 59.187722 L2CAP: Disconnection Request (0x06) ident 4 len 4 Destination CID: 64 Source CID: 64 > ACL Data RX: Handle 256 flags 0x02 dlen 12 #73 [hci0] 59.192714 L2CAP: Disconnection Response (0x07) ident 4 len 4 Destination CID: 64 Source CID: 64 btmon after patch: > ACL Data RX: Handle 256 flags 0x02 dlen 16 #248 [hci0] 103.502970 L2CAP: Connection Response (0x03) ident 5 len 8 Destination CID: 65 Source CID: 65 Result: Connection pending (0x0001) Status: No further information available (0x0000) > ACL Data RX: Handle 256 flags 0x02 dlen 16 #249 [hci0] 103.504184 L2CAP: Connection Response (0x03) ident 5 len 8 Destination CID: 65 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 256 flags 0x00 dlen 23 #250 [hci0] 103.504398 L2CAP: Configure Request (0x04) ident 6 len 15 Destination CID: 65 Flags: 0x0000 Option: Retransmission and Flow Control (0x04) [mandatory] Mode: Basic (0x00) TX window size: 0 Max transmit: 0 Retransmission timeout: 0 Monitor timeout: 0 Maximum PDU size: 0 > ACL Data RX: Handle 256 flags 0x02 dlen 16 #251 [hci0] 103.505472 L2CAP: Configure Request (0x04) ident 3 len 8 Destination CID: 65 Flags: 0x0000 Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1480 < ACL Data TX: Handle 256 flags 0x00 dlen 18 #252 [hci0] 103.505689 L2CAP: Configure Response (0x05) ident 3 len 10 Source CID: 65 Flags: 0x0000 Result: Success (0x0000) Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1480 > ACL Data RX: Handle 256 flags 0x02 dlen 15 #254 [hci0] 103.509165 L2CAP: Configure Response (0x05) ident 6 len 7 Source CID: 65 Flags: 0x0000 Result: Failure - unknown options (0x0003) 04 . < ACL Data TX: Handle 256 flags 0x00 dlen 12 #255 [hci0] 103.509426 L2CAP: Configure Request (0x04) ident 7 len 4 Destination CID: 65 Flags: 0x0000 < ACL Data TX: Handle 256 flags 0x00 dlen 12 #257 [hci0] 103.511870 L2CAP: Connection Request (0x02) ident 8 len 4 PSM: 1 (0x0001) Source CID: 66 > ACL Data RX: Handle 256 flags 0x02 dlen 14 #259 [hci0] 103.514121 L2CAP: Configure Response (0x05) ident 7 len 6 Source CID: 65 Flags: 0x0000 Result: Success (0x0000) Signed-off-by: Florian Dollinger <dollinger.florian@gmx.de> Co-developed-by: Florian Dollinger <dollinger.florian@gmx.de> Reviewed-by: Luiz Augusto Von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4d7ea8ee |
|
13-Jan-2021 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix handling fragmented length Bluetooth Core Specification v5.2, Vol. 3, Part A, section 1.4, table 1.1: 'Start Fragments always either begin with the first octet of the Basic L2CAP header of a PDU or they have a length of zero (see [Vol 2] Part B, Section 6.6.2).' Apparently this was changed by the following errata: https://www.bluetooth.org/tse/errata_view.cfm?errata_id=10216 Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5b8ec15d |
|
16-Nov-2020 |
Jimmy Wahlberg <jimmywa@spotify.com> |
Bluetooth: Fix for Bluetooth SIG test L2CAP/COS/CFD/BV-14-C This test case is meant to verify that multiple unknown options is included in the response. BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part A page 1057 'On an unknown option failure (Result=0x0003), the option(s) that contain anoption type field that is not understood by the recipient of the L2CAP_CONFIGURATION_REQ packet shall be included in the L2CAP_CONFIGURATION_RSP packet unless they are hints.' Before this patch: > ACL Data RX: Handle 11 flags 0x02 dlen 24 L2CAP: Configure Request (0x04) ident 18 len 16 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [mandatory] 10 00 11 02 11 00 12 02 12 00 < ACL Data TX: Handle 11 flags 0x00 dlen 17 L2CAP: Configure Response (0x05) ident 18 len 9 Source CID: 64 Flags: 0x0000 Result: Failure - unknown options (0x0003) Option: Unknown (0x10) [mandatory] 12 After this patch: > ACL Data RX: Handle 11 flags 0x02 dlen 24 L2CAP: Configure Request (0x04) ident 5 len 16 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [mandatory] 10 00 11 02 11 00 12 02 12 00 < ACL Data TX: Handle 11 flags 0x00 dlen 23 L2CAP: Configure Response (0x05) ident 5 len 15 Source CID: 64 Flags: 0x0000 Result: Failure - unknown options (0x0003) Option: Unknown (0x10) [mandatory] 10 11 01 11 12 01 12 Signed-off-by: Jimmy Wahlberg <jimmywa@spotify.com> Reviewed-by: Luiz Augusto Von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
288c0697 |
|
10-Nov-2020 |
Archie Pusaka <apusaka@chromium.org> |
Bluetooth: Enforce key size of 16 bytes on FIPS level According to the spec Ver 5.2, Vol 3, Part C, Sec 5.2.2.8: Device in security mode 4 level 4 shall enforce: 128-bit equivalent strength for link and encryption keys required using FIPS approved algorithms (E0 not allowed, SAFER+ not allowed, and P-192 not allowed; encryption key not shortened) This patch rejects connection with key size below 16 for FIPS level services. Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reviewed-by: Alain Michaud <alainm@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f1942564 |
|
06-Aug-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel Only sockets will have the chan->data set to an actual sk, channels like A2MP would have its own data which would likely cause a crash when calling sk_filter, in order to fix this a new callback has been introduced so channels can implement their own filtering if necessary. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
19186c7b |
|
08-Jul-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
Bluetooth: core: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
76b13996 |
|
17-Jun-2020 |
Manish Mandlik <mmandlik@google.com> |
Bluetooth: Terminate the link if pairing is cancelled If user decides to cancel the ongoing pairing process (e.g. by clicking the cancel button on pairing/passkey window), abort any ongoing pairing and then terminate the link if it was created because of the pair device action. Signed-off-by: Manish Mandlik <mmandlik@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
69d67b46 |
|
04-May-2020 |
Konstantin Forostyan <konstantin.forostyan@peiker-cee.de> |
Bluetooth: L2CAP: Fix errors during L2CAP_CREDIT_BASED_CONNECTION_REQ (0x17) Fix 2 typos in L2CAP_CREDIT_BASED_CONNECTION_REQ (0x17) handling function, that cause BlueZ answer with L2CAP_CR_LE_INVALID_PARAMS or L2CAP_CR_LE_INVALID_SCID error on a correct ECRED connection request. Enchanced Credit Based Mode support was recently introduced with the commit 15f02b91056253e8cdc592888f431da0731337b8 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode"). Signed-off-by: Konstantin Forostyan <konstantin.forostyan@peiker-cee.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
da49b602 |
|
25-Mar-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Use DEFER_SETUP to group ECRED connections This uses the DEFER_SETUP flag to group channels with L2CAP_CREDIT_BASED_CONNECTION_REQ. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
965995b7 |
|
14-Mar-2020 |
YueHaibing <yuehaibing@huawei.com> |
Bluetooth: L2CAP: remove set but not used variable 'credits' net/bluetooth/l2cap_core.c: In function l2cap_ecred_conn_req: net/bluetooth/l2cap_core.c:5848:6: warning: variable credits set but not used [-Wunused-but-set-variable] commit 15f02b910562 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode") involved this unused variable, remove it. Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
96298f64 |
|
11-Mar-2020 |
Howard Chung <howardchung@google.com> |
Bluetooth: L2CAP: handle l2cap config request during open state According to Core Spec Version 5.2 | Vol 3, Part A 6.1.5, the incoming L2CAP_ConfigReq should be handled during OPEN state. The section below shows the btmon trace when running L2CAP/COS/CFD/BV-12-C before and after this change. === Before === ... > ACL Data RX: Handle 256 flags 0x02 dlen 12 #22 L2CAP: Connection Request (0x02) ident 2 len 4 PSM: 1 (0x0001) Source CID: 65 < ACL Data TX: Handle 256 flags 0x00 dlen 16 #23 L2CAP: Connection Response (0x03) ident 2 len 8 Destination CID: 64 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 256 flags 0x00 dlen 12 #24 L2CAP: Configure Request (0x04) ident 2 len 4 Destination CID: 65 Flags: 0x0000 > HCI Event: Number of Completed Packets (0x13) plen 5 #25 Num handles: 1 Handle: 256 Count: 1 > HCI Event: Number of Completed Packets (0x13) plen 5 #26 Num handles: 1 Handle: 256 Count: 1 > ACL Data RX: Handle 256 flags 0x02 dlen 16 #27 L2CAP: Configure Request (0x04) ident 3 len 8 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [hint] 01 00 .. < ACL Data TX: Handle 256 flags 0x00 dlen 18 #28 L2CAP: Configure Response (0x05) ident 3 len 10 Source CID: 65 Flags: 0x0000 Result: Success (0x0000) Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 672 > HCI Event: Number of Completed Packets (0x13) plen 5 #29 Num handles: 1 Handle: 256 Count: 1 > ACL Data RX: Handle 256 flags 0x02 dlen 14 #30 L2CAP: Configure Response (0x05) ident 2 len 6 Source CID: 64 Flags: 0x0000 Result: Success (0x0000) > ACL Data RX: Handle 256 flags 0x02 dlen 20 #31 L2CAP: Configure Request (0x04) ident 3 len 12 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [hint] 01 00 91 02 11 11 ...... < ACL Data TX: Handle 256 flags 0x00 dlen 14 #32 L2CAP: Command Reject (0x01) ident 3 len 6 Reason: Invalid CID in request (0x0002) Destination CID: 64 Source CID: 65 > HCI Event: Number of Completed Packets (0x13) plen 5 #33 Num handles: 1 Handle: 256 Count: 1 ... === After === ... > ACL Data RX: Handle 256 flags 0x02 dlen 12 #22 L2CAP: Connection Request (0x02) ident 2 len 4 PSM: 1 (0x0001) Source CID: 65 < ACL Data TX: Handle 256 flags 0x00 dlen 16 #23 L2CAP: Connection Response (0x03) ident 2 len 8 Destination CID: 64 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 256 flags 0x00 dlen 12 #24 L2CAP: Configure Request (0x04) ident 2 len 4 Destination CID: 65 Flags: 0x0000 > HCI Event: Number of Completed Packets (0x13) plen 5 #25 Num handles: 1 Handle: 256 Count: 1 > HCI Event: Number of Completed Packets (0x13) plen 5 #26 Num handles: 1 Handle: 256 Count: 1 > ACL Data RX: Handle 256 flags 0x02 dlen 16 #27 L2CAP: Configure Request (0x04) ident 3 len 8 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [hint] 01 00 .. < ACL Data TX: Handle 256 flags 0x00 dlen 18 #28 L2CAP: Configure Response (0x05) ident 3 len 10 Source CID: 65 Flags: 0x0000 Result: Success (0x0000) Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 672 > HCI Event: Number of Completed Packets (0x13) plen 5 #29 Num handles: 1 Handle: 256 Count: 1 > ACL Data RX: Handle 256 flags 0x02 dlen 14 #30 L2CAP: Configure Response (0x05) ident 2 len 6 Source CID: 64 Flags: 0x0000 Result: Success (0x0000) > ACL Data RX: Handle 256 flags 0x02 dlen 20 #31 L2CAP: Configure Request (0x04) ident 3 len 12 Destination CID: 64 Flags: 0x0000 Option: Unknown (0x10) [hint] 01 00 91 02 11 11 ..... < ACL Data TX: Handle 256 flags 0x00 dlen 18 #32 L2CAP: Configure Response (0x05) ident 3 len 10 Source CID: 65 Flags: 0x0000 Result: Success (0x0000) Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 672 < ACL Data TX: Handle 256 flags 0x00 dlen 12 #33 L2CAP: Configure Request (0x04) ident 3 len 4 Destination CID: 65 Flags: 0x0000 > HCI Event: Number of Completed Packets (0x13) plen 5 #34 Num handles: 1 Handle: 256 Count: 1 > HCI Event: Number of Completed Packets (0x13) plen 5 #35 Num handles: 1 Handle: 256 Count: 1 ... Signed-off-by: Howard Chung <howardchung@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4be5ca67 |
|
02-Mar-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Add module option to enable ECRED mode This should make it safe to have the code upstream without affecting stable systems since there are a few details not sort out with ECRED mode e.g: how to initiate multiple connections at once. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
15f02b91 |
|
02-Mar-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode This adds the initial code for Enhanced Credit Based Mode which introduces a new socket mode called L2CAP_MODE_EXT_FLOWCTL, which for the most part work the same as L2CAP_MODE_LE_FLOWCTL but uses different PDUs to setup the connections and also works over BR/EDR. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
55cee73e |
|
06-Mar-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Make use of skb_pull to parse L2CAP signaling PDUs This uses skb_pull when parsing signalling PDUs so skb->data for pointing to the current PDU and skb->len as the remaining bytes to be processed. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
6c08fc89 |
|
28-Jan-2020 |
Manish Mandlik <mmandlik@google.com> |
Bluetooth: Fix refcount use-after-free issue There is no lock preventing both l2cap_sock_release() and chan->ops->close() from running at the same time. If we consider Thread A running l2cap_chan_timeout() and Thread B running l2cap_sock_release(), expected behavior is: A::l2cap_chan_timeout()->l2cap_chan_close()->l2cap_sock_teardown_cb() A::l2cap_chan_timeout()->l2cap_sock_close_cb()->l2cap_sock_kill() B::l2cap_sock_release()->sock_orphan() B::l2cap_sock_release()->l2cap_sock_kill() where, sock_orphan() clears "sk->sk_socket" and l2cap_sock_teardown_cb() marks socket as SOCK_ZAPPED. In l2cap_sock_kill(), there is an "if-statement" that checks if both sock_orphan() and sock_teardown() has been run i.e. sk->sk_socket is NULL and socket is marked as SOCK_ZAPPED. Socket is killed if the condition is satisfied. In the race condition, following occurs: A::l2cap_chan_timeout()->l2cap_chan_close()->l2cap_sock_teardown_cb() B::l2cap_sock_release()->sock_orphan() B::l2cap_sock_release()->l2cap_sock_kill() A::l2cap_chan_timeout()->l2cap_sock_close_cb()->l2cap_sock_kill() In this scenario, "if-statement" is true in both B::l2cap_sock_kill() and A::l2cap_sock_kill() and we hit "refcount: underflow; use-after-free" bug. Similar condition occurs at other places where teardown/sock_kill is happening: l2cap_disconnect_rsp()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_disconnect_rsp()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_conn_del()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_conn_del()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_disconnect_req()->l2cap_chan_del()->l2cap_sock_teardown_cb() l2cap_disconnect_req()->l2cap_sock_close_cb()->l2cap_sock_kill() l2cap_sock_cleanup_listen()->l2cap_chan_close()->l2cap_sock_teardown_cb() l2cap_sock_cleanup_listen()->l2cap_sock_kill() Protect teardown/sock_kill and orphan/sock_kill by adding hold_lock on l2cap channel to ensure that the socket is killed only after marked as zapped and orphan. Signed-off-by: Manish Mandlik <mmandlik@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
788d10c0 |
|
07-Jan-2020 |
Colin Ian King <colin.king@canonical.com> |
Bluetooth: remove redundant assignment to variable icid Variable icid is being rc is assigned with a value that is never read. The assignment is redundant and can be removed. Addresses-Coverity: ("Unused value") Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4b6e228e |
|
02-Jan-2020 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Auto tune if input MTU is set to 0 This enables the code to set the input MTU using the underline link packet types when set to 0, previously this would likely be rejected by the remote peer since it would be bellow the minimal of 48 for BR/EDR or 23 for LE, that way it shall be safe to use 0 without causing any side effects. This is convenient for the likes of A2DP transport, see: https://habr.com/en/post/456182/ Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
df66499a |
|
18-Nov-2019 |
Dan Carpenter <dan.carpenter@oracle.com> |
Bluetooth: delete a stray unlock We used to take a lock in amp_physical_cfm() but then we moved it to the caller function. Unfortunately the unlock on this error path was overlooked so it leads to a double unlock. Fixes: a514b17fab51 ("Bluetooth: Refactor locking in amp_physical_cfm") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
68d19d7d |
|
04-Sep-2019 |
Marcel Holtmann <marcel@holtmann.org> |
Revert "Bluetooth: validate BLE connection interval updates" This reverts commit c49a8682fc5d298d44e8d911f4fa14690ea9485e. There are devices which require low connection intervals for usable operation including keyboards and mice. Forcing a static connection interval for these types of devices has an impact in latency and causes a regression. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
58a96fc3 |
|
16-Jul-2019 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Add debug setting for changing minimum encryption key size For testing and qualification purposes it is useful to allow changing the minimum encryption key size value that the host stack is going to enforce. This adds a new debugfs setting min_encrypt_key_size to achieve this functionality. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
00f62726 |
|
03-Jun-2019 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Check bearer type on __l2cap_global_chan_by_addr The spec defines PSM and LE_PSM as different domains so a listen on the same PSM is valid if the address type points to a different bearer. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
c49a8682 |
|
12-Jun-2019 |
csonsino <csonsino@gmail.com> |
Bluetooth: validate BLE connection interval updates Problem: The Linux Bluetooth stack yields complete control over the BLE connection interval to the remote device. The Linux Bluetooth stack provides access to the BLE connection interval min and max values through /sys/kernel/debug/bluetooth/hci0/ conn_min_interval and /sys/kernel/debug/bluetooth/hci0/conn_max_interval. These values are used for initial BLE connections, but the remote device has the ability to request a connection parameter update. In the event that the remote side requests to change the connection interval, the Linux kernel currently only validates that the desired value is within the acceptable range in the Bluetooth specification (6 - 3200, corresponding to 7.5ms - 4000ms). There is currently no validation that the desired value requested by the remote device is within the min/max limits specified in the conn_min_interval/conn_max_interval configurations. This essentially leads to Linux yielding complete control over the connection interval to the remote device. The proposed patch adds a verification step to the connection parameter update mechanism, ensuring that the desired value is within the min/max bounds of the current connection. If the desired value is outside of the current connection min/max values, then the connection parameter update request is rejected and the negative response is returned to the remote device. Recall that the initial connection is established using the local conn_min_interval/conn_max_interval values, so this allows the Linux administrator to retain control over the BLE connection interval. The one downside that I see is that the current default Linux values for conn_min_interval and conn_max_interval typically correspond to 30ms and 50ms respectively. If this change were accepted, then it is feasible that some devices would no longer be able to negotiate to their desired connection interval values. This might be remedied by setting the default Linux conn_min_interval and conn_max_interval values to the widest supported range (6 - 3200 / 7.5ms - 4000ms). This could lead to the same behavior as the current implementation, where the remote device could request to change the connection interval value to any value that is permitted by the Bluetooth specification, and Linux would accept the desired value. Signed-off-by: Carey Sonsino <csonsino@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
28261da8 |
|
21-May-2019 |
Matias Karhumaa <matias.karhumaa@gmail.com> |
Bluetooth: Check state in l2cap_disconnect_rsp Because of both sides doing L2CAP disconnection at the same time, it was possible to receive L2CAP Disconnection Response with CID that was already freed. That caused problems if CID was already reused and L2CAP Connection Request with same CID was sent out. Before this patch kernel deleted channel context regardless of the state of the channel. Example where leftover Disconnection Response (frame #402) causes local device to delete L2CAP channel which was not yet connected. This in turn confuses remote device's stack because same CID is re-used without properly disconnecting. Btmon capture before patch: ** snip ** > ACL Data RX: Handle 43 flags 0x02 dlen 8 #394 [hci1] 10.748949 Channel: 65 len 4 [PSM 3 mode 0] {chan 2} RFCOMM: Disconnect (DISC) (0x43) Address: 0x03 cr 1 dlci 0x00 Control: 0x53 poll/final 1 Length: 0 FCS: 0xfd < ACL Data TX: Handle 43 flags 0x00 dlen 8 #395 [hci1] 10.749062 Channel: 65 len 4 [PSM 3 mode 0] {chan 2} RFCOMM: Unnumbered Ack (UA) (0x63) Address: 0x03 cr 1 dlci 0x00 Control: 0x73 poll/final 1 Length: 0 FCS: 0xd7 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #396 [hci1] 10.749073 L2CAP: Disconnection Request (0x06) ident 17 len 4 Destination CID: 65 Source CID: 65 > HCI Event: Number of Completed Packets (0x13) plen 5 #397 [hci1] 10.752391 Num handles: 1 Handle: 43 Count: 1 > HCI Event: Number of Completed Packets (0x13) plen 5 #398 [hci1] 10.753394 Num handles: 1 Handle: 43 Count: 1 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #399 [hci1] 10.756499 L2CAP: Disconnection Request (0x06) ident 26 len 4 Destination CID: 65 Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #400 [hci1] 10.756548 L2CAP: Disconnection Response (0x07) ident 26 len 4 Destination CID: 65 Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #401 [hci1] 10.757459 L2CAP: Connection Request (0x02) ident 18 len 4 PSM: 1 (0x0001) Source CID: 65 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #402 [hci1] 10.759148 L2CAP: Disconnection Response (0x07) ident 17 len 4 Destination CID: 65 Source CID: 65 = bluetoothd: 00:1E:AB:4C:56:54: error updating services: Input/o.. 10.759447 > HCI Event: Number of Completed Packets (0x13) plen 5 #403 [hci1] 10.759386 Num handles: 1 Handle: 43 Count: 1 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #404 [hci1] 10.760397 L2CAP: Connection Request (0x02) ident 27 len 4 PSM: 3 (0x0003) Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 16 #405 [hci1] 10.760441 L2CAP: Connection Response (0x03) ident 27 len 8 Destination CID: 65 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 43 flags 0x00 dlen 27 #406 [hci1] 10.760449 L2CAP: Configure Request (0x04) ident 19 len 19 Destination CID: 65 Flags: 0x0000 Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1013 Option: Retransmission and Flow Control (0x04) [mandatory] Mode: Basic (0x00) TX window size: 0 Max transmit: 0 Retransmission timeout: 0 Monitor timeout: 0 Maximum PDU size: 0 > HCI Event: Number of Completed Packets (0x13) plen 5 #407 [hci1] 10.761399 Num handles: 1 Handle: 43 Count: 1 > ACL Data RX: Handle 43 flags 0x02 dlen 16 #408 [hci1] 10.762942 L2CAP: Connection Response (0x03) ident 18 len 8 Destination CID: 66 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) *snip* Similar case after the patch: *snip* > ACL Data RX: Handle 43 flags 0x02 dlen 8 #22702 [hci0] 1664.411056 Channel: 65 len 4 [PSM 3 mode 0] {chan 3} RFCOMM: Disconnect (DISC) (0x43) Address: 0x03 cr 1 dlci 0x00 Control: 0x53 poll/final 1 Length: 0 FCS: 0xfd < ACL Data TX: Handle 43 flags 0x00 dlen 8 #22703 [hci0] 1664.411136 Channel: 65 len 4 [PSM 3 mode 0] {chan 3} RFCOMM: Unnumbered Ack (UA) (0x63) Address: 0x03 cr 1 dlci 0x00 Control: 0x73 poll/final 1 Length: 0 FCS: 0xd7 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #22704 [hci0] 1664.411143 L2CAP: Disconnection Request (0x06) ident 11 len 4 Destination CID: 65 Source CID: 65 > HCI Event: Number of Completed Pac.. (0x13) plen 5 #22705 [hci0] 1664.414009 Num handles: 1 Handle: 43 Count: 1 > HCI Event: Number of Completed Pac.. (0x13) plen 5 #22706 [hci0] 1664.415007 Num handles: 1 Handle: 43 Count: 1 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #22707 [hci0] 1664.418674 L2CAP: Disconnection Request (0x06) ident 17 len 4 Destination CID: 65 Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #22708 [hci0] 1664.418762 L2CAP: Disconnection Response (0x07) ident 17 len 4 Destination CID: 65 Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 12 #22709 [hci0] 1664.421073 L2CAP: Connection Request (0x02) ident 12 len 4 PSM: 1 (0x0001) Source CID: 65 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #22710 [hci0] 1664.421371 L2CAP: Disconnection Response (0x07) ident 11 len 4 Destination CID: 65 Source CID: 65 > HCI Event: Number of Completed Pac.. (0x13) plen 5 #22711 [hci0] 1664.424082 Num handles: 1 Handle: 43 Count: 1 > HCI Event: Number of Completed Pac.. (0x13) plen 5 #22712 [hci0] 1664.425040 Num handles: 1 Handle: 43 Count: 1 > ACL Data RX: Handle 43 flags 0x02 dlen 12 #22713 [hci0] 1664.426103 L2CAP: Connection Request (0x02) ident 18 len 4 PSM: 3 (0x0003) Source CID: 65 < ACL Data TX: Handle 43 flags 0x00 dlen 16 #22714 [hci0] 1664.426186 L2CAP: Connection Response (0x03) ident 18 len 8 Destination CID: 66 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) < ACL Data TX: Handle 43 flags 0x00 dlen 27 #22715 [hci0] 1664.426196 L2CAP: Configure Request (0x04) ident 13 len 19 Destination CID: 65 Flags: 0x0000 Option: Maximum Transmission Unit (0x01) [mandatory] MTU: 1013 Option: Retransmission and Flow Control (0x04) [mandatory] Mode: Basic (0x00) TX window size: 0 Max transmit: 0 Retransmission timeout: 0 Monitor timeout: 0 Maximum PDU size: 0 > ACL Data RX: Handle 43 flags 0x02 dlen 16 #22716 [hci0] 1664.428804 L2CAP: Connection Response (0x03) ident 12 len 8 Destination CID: 66 Source CID: 65 Result: Connection successful (0x0000) Status: No further information available (0x0000) *snip* Fix is to check that channel is in state BT_DISCONN before deleting the channel. This bug was found while fuzzing Bluez's OBEX implementation using Synopsys Defensics. Reported-by: Matti Kamunen <matti.kamunen@synopsys.com> Reported-by: Ari Timonen <ari.timonen@synopsys.com> Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
eca94432 |
|
02-Jul-2019 |
Matias Karhumaa <matias.karhumaa@gmail.com> |
Bluetooth: Fix faulty expression for minimum encryption key size check Fix minimum encryption key size check so that HCI_MIN_ENC_KEY_SIZE is also allowed as stated in the comment. This bug caused connection problems with devices having maximum encryption key size of 7 octets (56-bit). Fixes: 693cd8ce3f88 ("Bluetooth: Fix regression with minimum encryption key size alignment") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203997 Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
693cd8ce |
|
22-Jun-2019 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Fix regression with minimum encryption key size alignment When trying to align the minimum encryption key size requirement for Bluetooth connections, it turns out doing this in a central location in the HCI connection handling code is not possible. Original Bluetooth version up to 2.0 used a security model where the L2CAP service would enforce authentication and encryption. Starting with Bluetooth 2.1 and Secure Simple Pairing that model has changed into that the connection initiator is responsible for providing an encrypted ACL link before any L2CAP communication can happen. Now connecting Bluetooth 2.1 or later devices with Bluetooth 2.0 and before devices are causing a regression. The encryption key size check needs to be moved out of the HCI connection handling into the L2CAP channel setup. To achieve this, the current check inside hci_conn_security() has been moved into l2cap_check_enc_key_size() helper function and then called from four decisions point inside L2CAP to cover all combinations of Secure Simple Pairing enabled devices and device using legacy pairing and legacy service security model. Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203643 Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
ba8f5289 |
|
14-Mar-2019 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: Fix not initializing L2CAP tx_credits l2cap_le_flowctl_init was reseting the tx_credits which works only for outgoing connection since that set the tx_credits on the response, for incoming connections that was not the case which leaves the channel without any credits causing it to be suspended. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org # 4.20+
|
#
6317950c |
|
23-Jan-2019 |
Gustavo A. R. Silva <gustavo@embeddedor.com> |
Bluetooth: Mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This patch fixes the following warnings: net/bluetooth/rfcomm/core.c:479:6: warning: this statement may fall through [-Wimplicit-fallthrough=] net/bluetooth/l2cap_core.c:4223:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Warning level 3 was used: -Wimplicit-fallthrough=3 This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
7c9cbd0b |
|
18-Jan-2019 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer The function l2cap_get_conf_opt will return L2CAP_CONF_OPT_SIZE + opt->len as length value. The opt->len however is in control over the remote user and can be used by an attacker to gain access beyond the bounds of the actual packet. To prevent any potential leak of heap memory, it is enough to check that the resulting len calculation after calling l2cap_get_conf_opt is not below zero. A well formed packet will always return >= 0 here and will end with the length value being zero after the last option has been parsed. In case of malformed packets messing with the opt->len field the length value will become negative. If that is the case, then just abort and ignore the option. In case an attacker uses a too short opt->len value, then garbage will be parsed, but that is protected by the unknown option handling and also the option parameter size checks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
af3d5d1c |
|
17-Jan-2019 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt When doing option parsing for standard type values of 1, 2 or 4 octets, the value is converted directly into a variable instead of a pointer. To avoid being tricked into being a pointer, check that for these option types that sizes actually match. In L2CAP every option is fixed size and thus it is prudent anyway to ensure that the remote side sends us the right option size along with option paramters. If the option size is not matching the option type, then that option is silently ignored. It is a protocol violation and instead of trying to give the remote attacker any further hints just pretend that option is not present and proceed with the default values. Implementation following the specification and its qualification procedures will always use the correct size and thus not being impacted here. To keep the code readable and consistent accross all options, a few cosmetic changes were also required. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
8e2924e3 |
|
05-Nov-2018 |
Yangtao Li <tiny.windzz@gmail.com> |
Bluetooth: Change to use DEFINE_SHOW_ATTRIBUTE macro Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code. Signed-off-by: Yangtao Li <tiny.windzz@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dd1a8f8a |
|
05-Oct-2018 |
Mallikarjun Phulari <mallikarjun.phulari@intel.com> |
Bluetooth: Errata Service Release 8, Erratum 3253 L2CAP: New result values 0x0006 - Connection refused – Invalid Source CID 0x0007 - Connection refused – Source CID already allocated As per the ESR08_V1.0.0, 1.11.2 Erratum 3253, Page No. 54, "Remote CID invalid Issue". Applies to Core Specification versions: V5.0, V4.2, v4.1, v4.0, and v3.0 + HS Vol 3, Part A, Section 4.2, 4.3, 4.14, 4.15. Core Specification Version 5.0, Page No.1753, Table 4.6 and Page No. 1767, Table 4.14 New result values are added to l2cap connect/create channel response as 0x0006 - Connection refused – Invalid Source CID 0x0007 - Connection refused – Source CID already allocated Signed-off-by: Mallikarjun Phulari <mallikarjun.phulari@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
571f7390 |
|
05-Oct-2018 |
Mallikarjun Phulari <mallikarjun.phulari@intel.com> |
Bluetooth: Use separate L2CAP LE credit based connection result values Add the result values specific to L2CAP LE credit based connections and change the old result values wherever they were used. Signed-off-by: Mallikarjun Phulari <mallikarjun.phulari@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
a5c3021b |
|
04-Sep-2018 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS If the remote is not able to fully utilize the MPS choosen recalculate the credits based on the actual amount it is sending that way it can still send packets of MTU size without credits dropping to 0. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
96cd8eaa |
|
04-Sep-2018 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Derive rx credits from MTU and MPS Give enough rx credits for a full packet instead of using an arbitrary number which may not be enough depending on the MTU and MPS which can cause interruptions while waiting for more credits, also remove debugfs entry for l2cap_le_max_credits. With these changes the credits are restored after each SDU is received instead of using fixed threshold, this way it is garanteed that there will always be enough credits to send a packet without waiting more credits to arrive. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
fe149310 |
|
04-Sep-2018 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Derive MPS from connection MTU This ensures the MPS can fit in a single HCI fragment so each segment don't have to be reassembled at HCI level, in addition to that also remove the debugfs entry to configure the MPS. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
6da2ec56 |
|
12-Jun-2018 |
Kees Cook <keescook@chromium.org> |
treewide: kmalloc() -> kmalloc_array() The kmalloc() function has a 2-factor argument form, kmalloc_array(). This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a * b, gfp) as well as handling cases of: kmalloc(a * b * c, gfp) with: kmalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kmalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kmalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The tools/ directory was manually excluded, since it has its own implementation of kmalloc(). The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kmalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kmalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kmalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(char) * COUNT + COUNT , ...) | kmalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kmalloc + kmalloc_array ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kmalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kmalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kmalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kmalloc(C1 * C2 * C3, ...) | kmalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kmalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kmalloc(sizeof(THING) * C2, ...) | kmalloc(sizeof(TYPE) * C2, ...) | kmalloc(C1 * C2 * C3, ...) | kmalloc(C1 * C2, ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - (E1) * E2 + E1, E2 , ...) | - kmalloc + kmalloc_array ( - (E1) * (E2) + E1, E2 , ...) | - kmalloc + kmalloc_array ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
082f2300 |
|
03-Apr-2018 |
Szymon Janc <szymon.janc@codecoup.pl> |
Bluetooth: Fix connection if directed advertising and privacy is used Local random address needs to be updated before creating connection if RPA from LE Direct Advertising Report was resolved in host. Otherwise remote device might ignore connection request due to address mismatch. This was affecting following qualification test cases: GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C Before patch: < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216 Address: 56:BC:E8:24:11:68 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) > HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:D6:76:8C:DF:82 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) RSSI: -74 dBm (0xb6) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385 > HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014 LE Create Connection Cancel (0x08|0x000e) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074 LE Connection Complete (0x01) Status: Unknown Connection Identifier (0x02) Handle: 0 Role: Master (0x00) Peer address type: Public (0x00) Peer address: 00:00:00:00:00:00 (OUI 00-00-00) Connection interval: 0.00 msec (0x0000) Connection latency: 0 (0x0000) Supervision timeout: 0 msec (0x0000) Master clock accuracy: 0x00 After patch: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) RSSI: -70 dBm (0xba) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645 Address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) > HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824 LE Connection Complete (0x01) Status: Success (0x00) Handle: 0 Role: Master (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Master clock accuracy: 0x07 @ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996 LE Address: 11:22:33:44:55:66 (OUI 11-22-33) Flags: 0x00000000 Data length: 0 Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
|
#
06e7e776 |
|
08-Dec-2017 |
Ben Seri <ben@armis.com> |
Bluetooth: Prevent stack info leak from the EFS element. In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). This issue has been assigned CVE-2017-1000410 Cc: Marcel Holtmann <marcel@holtmann.org> Cc: Gustavo Padovan <gustavo@padovan.org> Cc: Johan Hedberg <johan.hedberg@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Ben Seri <ben@armis.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
e860d2c9 |
|
09-Sep-2017 |
Ben Seri <ben@armis.com> |
Bluetooth: Properly check L2CAP config option output buffer length Validate the output buffer length for L2CAP config requests and responses to avoid overflowing the stack buffer used for building the option blocks. Cc: stable@vger.kernel.org Signed-off-by: Ben Seri <ben@armis.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
4df864c1 |
|
16-Jun-2017 |
Johannes Berg <johannes.berg@intel.com> |
networking: make skb_put & friends return void pointers It seems like a historic accident that these return unsigned char *, and in many places that means casts are required, more often than not. Make these functions (skb_put, __skb_put and pskb_put) return void * and remove all the casts across the tree, adding a (u8 *) cast only where the unsigned char pointer was used directly, all done with the following spatch: @@ expression SKB, LEN; typedef u8; identifier fn = { skb_put, __skb_put }; @@ - *(fn(SKB, LEN)) + *(u8 *)fn(SKB, LEN) @@ expression E, SKB, LEN; identifier fn = { skb_put, __skb_put }; type T; @@ - E = ((T *)(fn(SKB, LEN))) + E = fn(SKB, LEN) which actually doesn't cover pskb_put since there are only three users overall. A handful of stragglers were converted manually, notably a macro in drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many instances in net/bluetooth/hci_sock.c. In the former file, I also had to fix one whitespace problem spatch introduced. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
59ae1d12 |
|
16-Jun-2017 |
Johannes Berg <johannes.berg@intel.com> |
networking: introduce and use skb_put_data() A common pattern with skb_put() is to just want to memcpy() some data into the new space, introduce skb_put_data() for this. An spatch similar to the one for skb_put_zero() converts many of the places using it: @@ identifier p, p2; expression len, skb, data; type t, t2; @@ ( -p = skb_put(skb, len); +p = skb_put_data(skb, data, len); | -p = (t)skb_put(skb, len); +p = skb_put_data(skb, data, len); ) ( p2 = (t2)p; -memcpy(p2, data, len); | -memcpy(p, data, len); ) @@ type t, t2; identifier p, p2; expression skb, data; @@ t *p; ... ( -p = skb_put(skb, sizeof(t)); +p = skb_put_data(skb, data, sizeof(t)); | -p = (t *)skb_put(skb, sizeof(t)); +p = skb_put_data(skb, data, sizeof(t)); ) ( p2 = (t2)p; -memcpy(p2, data, sizeof(*p)); | -memcpy(p, data, sizeof(*p)); ) @@ expression skb, len, data; @@ -memcpy(skb_put(skb, len), data, len); +skb_put_data(skb, data, len); (again, manually post-processed to retain some comments) Reviewed-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8a505b7f |
|
11-Apr-2017 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Add l2cap_le_flowctl_send Consolidate code sending data to LE CoC channels and adds proper accounting of packets sent, the remaining credits and how many packets are queued. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
03732141 |
|
03-Apr-2017 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: L2CAP: Don't return -EAGAIN if out of credits Just keep queueing them into TX queue since the caller might just have to do the same and there is no impact in adding another packet to the TX queue even if there aren't any credits to transmit them. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
2c935bc5 |
|
14-Nov-2016 |
Peter Zijlstra <peterz@infradead.org> |
locking/atomic, kref: Add kref_read() Since we need to change the implementation, stop exposing internals. Provide kref_read() to read the current reference count; typically used for debug messages. Kills two anti-patterns: atomic_read(&kref->refcount) kref->refcount.counter Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
cbbd26b8 |
|
01-Nov-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
[iov_iter] new primitives - copy_from_iter_full() and friends copy_from_iter_full(), copy_from_iter_full_nocache() and csum_and_copy_from_iter_full() - counterparts of copy_from_iter() et.al., advancing iterator only in case of successful full copy and returning whether it had been successful or not. Convert some obvious users. *NOTE* - do not blindly assume that something is a good candidate for those unless you are sure that not advancing iov_iter in failure case is the right thing in this case. Anything that does short read/short write kind of stuff (or is in a loop, etc.) is unlikely to be a good one. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
39385cb5 |
|
12-Nov-2016 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix using the correct source address type The hci_get_route() API is used to look up local HCI devices, however so far it has been incapable of dealing with anything else than the public address of HCI devices. This completely breaks with LE-only HCI devices that do not come with a public address, but use a static random address instead. This patch exteds the hci_get_route() API with a src_type parameter that's used for comparing with the right address of each HCI device. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dbb50887 |
|
27-Jul-2016 |
Daniel Borkmann <daniel@iogearbox.net> |
Bluetooth: split sk_filter in l2cap_sock_recv_cb During an audit for sk_filter(), we found that rx_busy_skb handling in l2cap_sock_recv_cb() and l2cap_sock_recvmsg() looks not quite as intended. The assumption from commit e328140fdacb ("Bluetooth: Use event-driven approach for handling ERTM receive buffer") is that errors returned from sock_queue_rcv_skb() are due to receive buffer shortage. However, nothing should prevent doing a setsockopt() with SO_ATTACH_FILTER on the socket, that could drop some of the incoming skbs when handled in sock_queue_rcv_skb(). In that case sock_queue_rcv_skb() will return with -EPERM, propagated from sk_filter() and if in L2CAP_MODE_ERTM mode, wrong assumption was that we failed due to receive buffer being full. From that point onwards, due to the to-be-dropped skb being held in rx_busy_skb, we cannot make any forward progress as rx_busy_skb is never cleared from l2cap_sock_recvmsg(), due to the filter drop verdict over and over coming from sk_filter(). Meanwhile, in l2cap_sock_recv_cb() all new incoming skbs are being dropped due to rx_busy_skb being occupied. Instead, just use __sock_queue_rcv_skb() where an error really tells that there's a receive buffer issue. Split the sk_filter() and enable it for non-segmented modes at queuing time since at this point in time the skb has already been through the ERTM state machine and it has been acked, so dropping is not allowed. Instead, for ERTM and streaming mode, call sk_filter() in l2cap_data_rcv() so the packet can be dropped before the state machine sees it. Fixes: e328140fdacb ("Bluetooth: Use event-driven approach for handling ERTM receive buffer") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ca8bee5d |
|
05-Jul-2016 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Rename HCI_BREDR into HCI_PRIMARY The HCI_BREDR naming is confusing since it actually stands for Primary Bluetooth Controller. Which is a term that has been used in the latest standard. However from a legacy point of view there only really have been Basic Rate (BR) and Enhanced Data Rate (EDR). Recent versions of Bluetooth introduced Low Energy (LE) and made this terminology a little bit confused since Dual Mode Controllers include BR/EDR and LE. To simplify this the name HCI_PRIMARY stands for the Primary Controller which can be a single mode or dual mode controller. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
92594a51 |
|
26-Jan-2016 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: L2CAP: Fix auto-allocating LE PSM values The LE dynamic PSM range is different from BR/EDR (0x0080 - 0x00ff) and doesn't have requirements relating to parity, so separate checks are needed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9a544210 |
|
18-Nov-2015 |
Prasanna Karthik <mkarthi3@visteon.com> |
Bluetooth: remove unneeded variable in l2cap_stream_rx Remove unneeded variable used to store return value. Error reported by coccicheck. Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0ad06aa6 |
|
11-Nov-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix specifying role for LE connections The hci_connect_le_scan() is (as the name implies) a master/central role API, so it makes no sense in passing a role parameter to it. At the same time this patch also fixes the direct advertising support for LE L2CAP sockets where we now call the more appropriate hci_le_connect() API if slave/peripheral role is desired. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
40624183 |
|
02-Nov-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: L2CAP: Add missing checks for invalid LE DCID When receiving a connect response we should make sure that the DCID is within the valid range and that we don't already have another channel allocated for the same DCID. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ab0c127f |
|
02-Nov-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: L2CAP: Fix checked range when allocating new CID The 'dyn_end' value is also a valid CID so it should be included in the range of values checked. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
8a7889cc |
|
02-Nov-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: L2CAP: Fix returning correct LE CoC response codes The core spec defines specific response codes for situations when the received CID is incorrect. Add the defines for these and return them as appropriate from the LE Connect Request handler function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
fa142220 |
|
07-Aug-2015 |
Jakub Pawlowski <jpawlowski@google.com> |
Bluetooth: Enable new connection establishment procedure. Currently, when trying to connect to already paired device that just rotated its RPA MAC address, old address would be used and connection would fail. In order to fix that, kernel must scan and receive advertisement with fresh RPA before connecting. This patch enables new connection establishment procedure. Instead of just sending HCI_OP_LE_CREATE_CONN to controller, "connect" will add device to kernel whitelist and start scan. If advertisement is received, it'll be compared against whitelist and then trigger connection if it matches. That fixes mentioned reconnect issue for already paired devices. It also make whole connection procedure more robust. We can try to connect to multiple devices at same time now, even though controller allow only one. Signed-off-by: Jakub Pawlowski <jpawlowski@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9b284cbd |
|
04-Jul-2015 |
Linus Torvalds <torvalds@linux-foundation.org> |
bluetooth: fix list handling Commit 835a6a2f8603 ("Bluetooth: Stop sabotaging list poisoning") thought that the code was sabotaging the list poisoning when NULL'ing out the list pointers and removed it. But what was going on was that the bluetooth code was using NULL pointers for the list as a way to mark it empty, and that commit just broke it (and replaced the test with NULL with a "list_empty()" test on a uninitialized list instead, breaking things even further). So fix it all up to use the regular and real list_empty() handling (which does not use NULL, but a pointer to itself), also making sure to initialize the list properly (the previous NULL case was initialized implicitly by the session being allocated with kzalloc()) This is a combination of patches by Marcel Holtmann and Tedd Ho-Jeong An. [ I would normally expect to get this through the bt tree, but I'm going to release -rc1, so I'm just committing this directly - Linus ] Reported-and-tested-by: Jörg Otte <jrg.otte@gmail.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Original-by: Tedd Ho-Jeong An <tedd.an@intel.com> Original-by: Marcel Holtmann <marcel@holtmann.org>: Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
ab944c83 |
|
30-Jun-2015 |
Tedd Ho-Jeong An <tedd.an@intel.com> |
Bluetooth: Reinitialize the list after deletion for session user list If the user->list is deleted with list_del(), it doesn't initialize the entry which can cause the issue with list_empty(). According to the comment from the list.h, list_empty() returns false even if the list is empty and put the entry in an undefined state. /** * list_del - deletes entry from list. * @entry: the element to delete from the list. * Note: list_empty() on entry does not return true after this, the entry is * in an undefined state. */ Because of this behavior, list_empty() returns false even if list is empty when the device is reconnected. So, user->list needs to be re-initialized after list_del(). list.h already have a macro list_del_init() which deletes the entry and initailze it again. Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com> Tested-by: Jörg Otte <jrg.otte@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
835a6a2f |
|
10-Jun-2015 |
Alexey Dobriyan <adobriyan@gmail.com> |
Bluetooth: Stop sabotaging list poisoning list_del() poisons pointers with special values, no need to overwrite them. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9b4c3336 |
|
09-Jun-2015 |
Arron Wang <arron.wang@intel.com> |
Bluetooth: Make l2cap_recv_acldata() and sco_recv_scodata() return void The return value of l2cap_recv_acldata() and sco_recv_scodata() are not used, then change it to return void Signed-off-by: Arron Wang <arron.wang@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
a4368ff3 |
|
30-Mar-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Refactor L2CAP variables into l2cap_ctrl We're getting very close to the maximum possible size of bt_skb_cb. To prepare to shrink the struct with the help of a union this patch moves all L2CAP related variables into the l2cap_ctrl struct. To later add other 'ctrl' structs the L2CAP one is renamed simple 'l2cap' instead of 'control'. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b7cb93e5 |
|
13-Mar-2015 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Merge hdev->dbg_flags fields into hdev->dev_flags With the extension of hdev->dev_flags utilizing a bitmap now, the space is no longer restricted. Merge the hdev->dbg_flags into hdev->dev_flags to save space on 64-bit architectures. On 32-bit architectures no size reduction happens. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
d7a5a11d |
|
13-Mar-2015 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Introduce hci_dev_test_flag helper macro Instead of manually coding test_bit on hdev->dev_flags all the time, use hci_dev_test_flag helper macro. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
3a6d576b |
|
18-Feb-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert disconn_cfm to be triggered through hci_cb This patch moves all the disconn_cfm callbacks to be based on the hci_cb list. This means making l2cap_disconn_cfm private to l2cap_core.c and sco_conn_cb private to sco.c respectively. Since the hci_conn type filtering isn't done any more on the wrapper level the callbacks themselves need to check that they were passed a relevant type of connection. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
539c496d |
|
18-Feb-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert connect_cfm to be triggered through hci_cb This patch moves all the connect_cfm callbacks to be based on the hci_cb list. This means making l2cap_connect_cfm private to l2cap_core.c and sco_connect_cb private to sco.c respectively. Since the hci_conn type filtering isn't done any more on the wrapper level the callbacks themselves need to check that they were passed a relevant type of connection. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
354fe804 |
|
18-Feb-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert L2CAP security callback to use hci_cb There's no reason to have the custom hci_proto_auth/encrypt_cfm helpers when the hci_cb list works equally well. This patch adds L2CAP to the hci_cb list and makes l2cap_security_cfm a private function of l2cap_core.c. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
315917e0 |
|
16-Feb-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix accepting early data on fixed channels On BR/EDR the L2CAP channel instances for fixed channels have so far been marked as ready only once the L2CAP information req/rsp procedure is complete and we have the fixed channel mask. This could however lead to data being dropped if we receive it on the channel before knowing the remote mask. Since it is valid for a remote to send data this early, simply assume that the channel is supported when we receive data on it. So far this hasn't been noticed much because of limited use of fixed channels on BR/EDR, but e.g. with SMP over BR/EDR this is already now visible with automated tests failing randomly. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
327a7191 |
|
15-Jan-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix lookup of fixed channels by local bdaddr The comparing of chan->src should always be done against the local identity address, represented by hcon->src and hcon->src_type. This patch modifies l2cap_global_fixed_chan() to take the full hci_conn so that we can easily compare against hcon->src and hcon->src_type. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
a250e048 |
|
15-Jan-2015 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add helpers for src/dst bdaddr type conversion The current bdaddr_type() usage in l2cap_core.c is a bit funny in that it's always passed a hci_conn + a hci_conn member. Because of this only the hci_conn is really needed. Since the second parameter is always either hcon->src_type or hcon->dst type this patch adds two helper functions for each purpose: bdaddr_src_type() and bdaddr_dst_type(). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
eeb5a067 |
|
14-Jan-2015 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Show device address type for L2CAP debugfs entries The devices address types are BR/EDR Public, LE Public and LE Random and any of these three is valid for L2CAP connections. So show the correct type in the debugfs list. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
300acfde |
|
31-Dec-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Introduce force_bredr_smp debugfs option for testing Testing cross-transport pairing that starts on BR/EDR is only valid when using a controller with BR/EDR Secure Connections. Devices will indicate this by providing BR/EDR SMP fixed channel over L2CAP. To allow testing of this feature on Bluetooth 4.0 controller or controllers without the BR/EDR Secure Connections features, introduce a force_bredr_smp debugfs option that allows faking the required AES connection. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
17836394 |
|
24-Nov-2014 |
Al Viro <viro@zeniv.linux.org.uk> |
first fruits - kill l2cap ->memcpy_fromiovec() Just use copy_from_iter(). That's what this method is trying to do in all cases, in a very convoluted fashion. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
56c39fb6 |
|
24-Nov-2014 |
Al Viro <viro@zeniv.linux.org.uk> |
switch l2cap ->memcpy_fromiovec() to msghdr it'll die soon enough - now that kvec-backed iov_iter works regardless of set_fs(), both instances will become copy_from_iter() as soon as we introduce ->msg_iter... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
f9be9e86 |
|
05-Dec-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Check for force_lesc_support when enabling SMP over BR/EDR The SMP over BR/EDR support for cross-transport pairing should also be enabled when the debugfs setting force_lesc_support has been enabled. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
b5ae344d |
|
13-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add full SMP BR/EDR support When doing SMP over BR/EDR some of the routines can be shared with the LE functionality whereas others needs to be split into their own BR/EDR specific branches. This patch implements the split of BR/EDR specific SMP code from the LE-only code, making sure SMP over BR/EDR works as specified. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0bd49fc7 |
|
02-Dec-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Track both local and remote L2CAP fixed channel mask To pave the way for future fixed channels to be added easily we should track both the local and remote mask on a per-L2CAP connection (struct l2cap_conn) basis. So far the code has used a global variable in a racy way which anyway needs fixing. This patch renames the existing conn->fixed_chan_mask that tracked the remote mask to conn->remote_fixed_chan and adds a new variable conn->local_fixed_chan to track the local mask. Since the HS support info is now available in the local mask we can remove the conn->hs_enabled variable. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f6af675e |
|
19-Nov-2014 |
Steven Walter <stevenrwalter@gmail.com> |
Bluetooth: Automatically flushable packets aren't allowed on LE links The Bluetooth spec states that automatically flushable packets may not be sent over a LE-U link. Signed-off-by: Steven Walter <stevenrwalter@gmail.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
49d11741 |
|
13-Nov-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add debug logs to help track locking issues This patch adds some extra debug logs to L2CAP related code. These are mainly to help track locking issues but will probably be useful for debugging other types of issues as well. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3e64b7bd |
|
13-Nov-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Trigger SMP for the appropriate LE CoC errors The insufficient authentication/encryption errors indicate to the L2CAP client that it should try to elevate the security level. Since there really isn't any exception to this rule it makes sense to fully handle it on the kernel side instead of pushing the responsibility to user space. This patch adds special handling of these two error codes and calls smp_conn_security() with the elevated security level if necessary. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
35dc6f83 |
|
13-Nov-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add key preference parameter to smp_sufficient_security So far smp_sufficient_security() has returned false if we're encrypted with an STK but do have an LTK available. However, for the sake of LE CoC servers we do want to let the incoming connection through even though we're only encrypted with the STK. This patch adds a key preference parameter to smp_sufficient_security() with two possible values (enum used instead of bool for readability). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
fa37c1aa |
|
13-Nov-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix sending incorrect LE CoC PDU in BT_CONNECT2 state For LE CoC L2CAP servers we don't do security level elevation during the BT_CONNECT2 state (instead LE CoC simply sends an immediate error response if the security level isn't high enough). Therefore if we get a security level change while an LE CoC channel is in the BT_CONNECT2 state we should simply do nothing. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ff714119 |
|
13-Nov-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP nesting level initialization location There's no reason why all users of L2CAP would need to worry about initializing chan->nesting to L2CAP_NESTING_NORMAL (which is important since 0 is the same as NESTING_SMP). This patch moves the initialization to the common place that's used to create all new channels, i.e. the l2cap_chan_create() function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
49c922bb |
|
27-Oct-2014 |
Stephen Hemminger <stephen@networkplumber.org> |
Bluetooth: spelling fixes Fix spelling errors in comments. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ee93053d |
|
13-Oct-2014 |
Martin Townsend <mtownsend1973@gmail.com> |
Bluetooth: Fix missing channel unlock in l2cap_le_credits In the error case where credits is greater than max_credits there is a missing l2cap_chan_unlock before returning. Signed-off-by: Martin Townsend <mtownsend1973@gmail.com> Tested-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
48ec92fa |
|
07-Oct-2014 |
Alfonso Acosta <fons@spotify.com> |
Bluetooth: Refactor arguments of mgmt_device_connected The values of a lot of the mgmt_device_connected() parameters come straight from a hci_conn object. We can simplify the function by passing the full hci_conn pointer to it. Signed-off-by: Alfonso Acosta <fons@spotify.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
02e246ae |
|
02-Oct-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix lockdep warning with l2cap_chan_connect The L2CAP connection's channel list lock (conn->chan_lock) must never be taken while already holding a channel lock (chan->lock) in order to avoid lock-inversion and lockdep warnings. So far the l2cap_chan_connect function has acquired the chan->lock early in the function and then later called l2cap_chan_add(conn, chan) which will try to take the conn->chan_lock. This violates the correct order of taking the locks and may lead to the following type of lockdep warnings: -> #1 (&conn->chan_lock){+.+...}: [<c109324d>] lock_acquire+0x9d/0x140 [<c188459c>] mutex_lock_nested+0x6c/0x420 [<d0aab48e>] l2cap_chan_add+0x1e/0x40 [bluetooth] [<d0aac618>] l2cap_chan_connect+0x348/0x8f0 [bluetooth] [<d0cc9a91>] lowpan_control_write+0x221/0x2d0 [bluetooth_6lowpan] -> #0 (&chan->lock){+.+.+.}: [<c10928d8>] __lock_acquire+0x1a18/0x1d20 [<c109324d>] lock_acquire+0x9d/0x140 [<c188459c>] mutex_lock_nested+0x6c/0x420 [<d0ab05fd>] l2cap_connect_cfm+0x1dd/0x3f0 [bluetooth] [<d0a909c4>] hci_le_meta_evt+0x11a4/0x1260 [bluetooth] [<d0a910eb>] hci_event_packet+0x3ab/0x3120 [bluetooth] [<d0a7cb08>] hci_rx_work+0x208/0x4a0 [bluetooth] CPU0 CPU1 ---- ---- lock(&conn->chan_lock); lock(&chan->lock); lock(&conn->chan_lock); lock(&chan->lock); Before calling l2cap_chan_add() the channel is not part of the conn->chan_l list, and can therefore only be accessed by the L2CAP user (such as l2cap_sock.c). We can therefore assume that it is the responsibility of the user to handle mutual exclusion until this point (which we can see is already true in l2cap_sock.c by it in many places touching chan members without holding chan->lock). Since the hci_conn and by exctension l2cap_conn creation in the l2cap_chan_connect() function depend on chan details we cannot simply add a mutex_lock(&conn->chan_lock) in the beginning of the function (since the conn object doesn't yet exist there). What we can do however is move the chan->lock taking later into the function where we already have the conn object and can that way take conn->chan_lock first. This patch implements the above strategy and does some other necessary changes such as using __l2cap_chan_add() which assumes conn->chan_lock is held, as well as adding a second needed label so the unlocking happens as it should. Reported-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Tested-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
aeaeb4bb |
|
10-Sep-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP information request handling for fixed channels Even if we have no connection-oriented channels we should perform the L2CAP Information Request procedures before notifying L2CAP channels of the connection. This is so that the L2CAP channel implementations can perform checks on what the remote side supports (e.g. does it support the fixed channel in question). So far the code has relied on the l2cap_do_start() function to initiate the Information Request, however l2cap_do_start() is used on a per-channel basis and only for connection-oriented channels. This means that if there are no connection-oriented channels on the system we would never start the Information Request procedure. This patch creates a new l2cap_request_info() helper function to initiate the Information Request procedure, and ensures that it is called whenever a BR/EDR connection has been established. The patch also updates fixed channels to be notified of connection readiness only once the Information Request procedure has completed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f3d82d0c |
|
05-Sep-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Move identity address update behind a workqueue The identity address update of all channels for an l2cap_conn needs to take the lock for each channel, i.e. it's safest to do this by a separate workqueue callback. Previously this was partially solved by moving the entire SMP key distribution behind a workqueue. However, if we want SMP context locking to be correct and safe we should always use the l2cap_chan lock when accessing it, meaning even smp_distribute_keys needs to take that lock which would once again create a dead lock when updating the identity address. The simplest way to solve this is to have l2cap_conn manage the deferred work which is what this patch does. A subsequent patch will remove the now unnecessary SMP key distribution work struct. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
434714dc |
|
01-Sep-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add clarifying comment for LE CoC result value The "pending" L2CAP response value is not defined for LE CoC. This patch adds a clarifying comment to the code so that the reader will not think there is a bug in trying to use this value for LE CoC. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b04afa0c |
|
18-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unused l2cap_conn_shutdown API Now that there are no more users of the l2cap_conn_shutdown API (since smp.c switched to using hci_disconnect) we can simply remove it along with all of it's l2cap_conn variables. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e31fb860 |
|
18-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Set discon_timeout to 0 in l2cap_conn_del When the l2cap_conn_del() function is used we do not want to wait around "in case something happens" before disconnecting. This patch sets the disconnection timeout to 0 so that the disconnection routines get immediately scheduled. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
51bb8457 |
|
15-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Improve *_get() functions to return the object type It's natural to have *_get() functions that increment the reference count of an object to return the object type itself. This way it's simple to make a copy of the object pointer and increase the reference count in a single step. This patch updates two such get() functions, namely hci_conn_get() and l2cap_conn_get(), and updates the users to take advantage of the new API. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
c16900cf |
|
15-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix hci_conn reference counting for fixed channels Now that SMP has been converted to use fixed channels we've got a bit of a problem with the hci_conn reference counting. So far the L2CAP code has kept a reference for each L2CAP channel that was notified of the connection. With SMP however this would mean that the connection is never dropped even though there are no other users of it. Furthermore, SMP already does its own hci_conn reference counting internally, starting from a security or pairing request and ending with the key distribution. This patch makes L2CAP fixed channels default to the L2CAP core not keeping a hci_conn reference for them. A new FLAG_HOLD_HCI_CONN flag is added so that L2CAP users can declare an exception to this rule and hold a reference even for their fixed channels. One such exception is the L2CAP socket layer which does want a reference for each socket (e.g. an ATT socket which uses a fixed channel). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b3ed6c63 |
|
15-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unnecessary l2cap_chan_unlock before l2cap_chan_add The l2cap_chan_add() function doesn't require the channel to be unlocked. It only requires the l2cap_conn to be unlocked. Therefore, it's unnecessary to unlock a channel before calling l2cap_chan_add(). This patch removes such unnecessary unlocking from the l2cap_chan_connect() function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
72c6fb91 |
|
15-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU The l2cap_create_le_flowctl_pdu() function that l2cap_segment_le_sdu() calls is perfectly capable of doing packet fragmentation if given bigger PDUs than the HCI buffers allow. Forcing the PDU length based on the HCI MTU (conn->mtu) would therefore needlessly strict operation on hardware with limited LE buffers (e.g. both Intel and Broadcom seem to have this set to just 27 bytes). This patch removes the restriction and makes it possible to send PDUs of the full length that the remote MPS value allows. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
|
#
13cac152 |
|
14-Aug-2014 |
Lukasz Rymanowski <lukasz.rymanowski@tieto.com> |
Bluetooth: Fix ERTM L2CAP resend packet I-Frame which is going to be resend already has FCS field added and set (if it was required). Adding additional FCS field calculated from data + old FCS in resend function is incorrect. This patch fix that. Issue has been found during PTS testing. Signed-off-by: Lukasz Rymanowski <lukasz.rymanowski@tieto.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
069cb270 |
|
13-Aug-2014 |
Lukasz Rymanowski <lukasz.rymanowski@tieto.com> |
Bluetooth: Improve data packing in SAR mode There is no need to decrease pdu size with L2CAP SDU lenght in Start L2CAP SDU frame. Start packtet is just 2 bytes longer as specified and we can keep payload as long as possible. When testing SAR L2CAP against PTS, L2CAP channel is usually configured in that way, that SDU = MPS * 3. PTS expets then 3 I-Frames from IUT: Start, Continuation and End frame. Without this fix, we sent 4 I-Frames. We could pass a test by using -b option in l2test and send just two bytes less than SDU length. With this patch no need to use -b option. Signed-off-by: Lukasz Rymanowski <lukasz.rymanowski@tieto.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
276d8073 |
|
11-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unused l2cap_conn->security_timer Now that there are no-longer any users for l2cap_conn->security_timer we can go ahead and simply remove it. The patch makes initialization of the conn->info_timer unconditional since it's better not to leave any l2cap_conn data structures uninitialized no matter what the underlying transport. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dec5b492 |
|
11-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add public l2cap_conn_shutdown() API to request disconnection Since we no-longer do special handling of SMP within l2cap_core.c we don't have any code for calling l2cap_conn_del() when smp.c doesn't like the data it gets. At the same time we cannot simply export l2cap_conn_del() since it will try to lock the channels it calls into whereas we already hold the lock in the smp.c l2cap_chan callbacks (i.e. it'd lead to a deadlock). This patch adds a new l2cap_conn_shutdown() API which is very similar to l2cap_conn_del() except that it defers the call to l2cap_conn_del() through a workqueue, thereby making it safe to use it from an L2CAP channel callback. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
44f1a7ab |
|
11-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Use L2CAP resume callback to call smp_distribute_keys There's no need to export the smp_distribute_keys() function since the resume callback is called in the same scenario. This patch makes the smp_notify_keys function private (at the same time moving it higher up in smp.c to avoid forward declarations) and adds a resume callback for SMP to call it from there instead. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5d88cc73 |
|
08-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert SMP to use l2cap_chan infrastructure Now that we have all the necessary pieces in place we can fully convert SMP to use the L2CAP channel infrastructure. This patch adds the necessary callbacks and removes the now unneeded conn->smp_chan pointer. One notable behavioral change in this patch comes from the following code snippet: - case L2CAP_CID_SMP: - if (smp_sig_channel(conn, skb)) - l2cap_conn_del(conn->hcon, EACCES); This piece of code was essentially forcing a disconnection if garbage SMP data was received. The l2cap_conn_del() function is private to l2cap_conn.c so we don't have access to it anymore when using the L2CAP channel callbacks. Therefore, the behavior of the new code is simply to return errors in the recv() callback (which is simply the old smp_sig_channel()), but no disconnection will occur. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
79a05727 |
|
08-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Call l2cap_le_conn_ready after notifying channels For most cases it makes no difference whether l2cap_le_conn_ready() is called before or after calling the channel ready() callbacks, however for upcoming SMP code we need this as the ready() callback initializes certain structures that a call to smp_conn_security() from l2cap_le_conn_ready() depends on. Therefore, move the call to l2cap_le_conn_ready() after iterating through and notifying channels. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
72847ce0 |
|
08-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Call L2CAP teardown callback before clearing chan->conn L2CAP channel implementations may want to still access the chan->conn pointer. This will particularly be the case for SMP that will want to clear a reference to the SMP channel in the l2cap_conn structure. The only user of the teardown callback so far is l2cap_sock.c and for the code there it makes no difference whether the callback is called before or after clearing the chan->conn pointer. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
14824308 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Move parts of fixed channel initialization to l2cap_add_scid The l2cap_add_scid function is used for registering a fixed L2CAP channel. Instead of having separate initialization of the channel type and outgoing MTU in l2cap_sock.c it's more intuitive to do these things in the l2cap_add_scid function itself (and thereby make the functionality available to other users besides l2cap_sock.c). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
06171e05 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove special ATT data channel handling Now that we've got the fixed channel infrastructure cleaned up in a generic way there's no longer a need to have a dedicated function for handling data on the ATT channel. Instead the generic l2cap_data_channel() handler will be able to do the exact same thing. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
54a1b626 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Improve fixed channel lookup based on link type When notifying global fixed channels of new connections it doesn't make sense to consider channels meant for a different link type than the one available. This patch adds an extra parameter to the l2cap_global_fixed_chan() lookup function and ensures that only channels matching the current hci_conn type are looked up. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e760ec12 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Move L2CAP fixed channel creation into l2cap_conn_cfm In order to remove special handling of fixed L2CAP channels we need to start creating them in a single place instead of having per-channel exceptions. The most natural place is the l2cap_conn_cfm() function which is called whenever there is a new baseband link. The only really special case so far has been the ATT socket, so in order not to break the code in between this patch removes the ATT special handling at the same time as it adds the generic fixed channel handling from l2cap_le_conn_ready() into the hci_conn_cfm() function. As a related change the channel locking in l2cap_conn_ready() becomes simpler and we can thereby move the smp_conn_security() call into the l2cap_le_conn_ready() function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dc0f5088 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Refactor l2cap_connect_cfm This patch is a simple refactoring of l2cap_connect_cfm to allow easier extension of the function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
191eb398 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove special handling of ATT in l2cap_security_cfm() With the update to sk->resume() and __l2cap_no_conn_pending() we no-longer need to have special handling of ATT channels in the l2cap_security_cfm() function. The chan->sec_level update when encryption has been enabled is safe to do for any kind of channel, and the loop takes later care of calling chan->ready() or chan->resume() if necessary. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5ff6f34d |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix __l2cap_no_conn_pending() usage with all channels The __l2cap_no_conn_pending() function would previously only return a meaningful value for connection oriented channels and was therefore not useful for anything else. As preparation of making the L2CAP code more generic allow the function to be called for other channel types as well by returning a meaningful value for them. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
a24cce14 |
|
07-Aug-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix reference counting of global L2CAP channels When looking up entries from the global L2CAP channel list there needs to be a guarantee that other code doesn't go and remove the entry after a channel has been returned by the lookup function. This patch makes sure that the channel reference is incremented before the read lock is released in the global channel lookup functions. The patch also adds the corresponding l2cap_chan_put() calls once the channels pointers are no-longer needed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
27f70f3e |
|
21-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Prefer sizeof(*ptr) when allocating memory It's safer practice to use sizeof(*ptr) instead of sizeof(ptr_type) when allocating memory in case the type changes. This also fixes the following style of warnings from static analyzers: CHECK: Prefer kzalloc(sizeof(*ie)...) over kzalloc(sizeof(struct inquiry_entry)...) + ie = kzalloc(sizeof(struct inquiry_entry), GFP_KERNEL); Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
beb19e4c |
|
18-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Use EOPNOTSUPP instead of ENOTSUPP The EOPNOTSUPP and ENOTSUPP errors are very similar in meaning, but ENOTSUPP is a fairly new addition to POSIX. Not all libc versions know about the value the kernel uses for ENOTSUPP so it's better to use EOPNOTSUPP to ensure understandable error messages. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e7cafc45 |
|
17-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Pass initiator/acceptor information to hci_conn_security() We're interested in whether an authentication request is because of a remote or local action. So far hci_conn_security() has been used both for incoming and outgoing actions (e.g. RFCOMM or L2CAP connect requests) so without some modifications it cannot know which peer is responsible for requesting authentication. This patch adds a new "bool initiator" parameter to hci_conn_security() to indicate which side is responsible for the request and updates the current users to pass this information correspondingly. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e804d25d |
|
16-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Use explicit role instead of a bool in function parameters To make the code more understandable it makes sense to use the new HCI defines for connection role instead of a "bool master" parameter. This makes it immediately clear when looking at the function calls what the last parameter is describing. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
40bef302 |
|
16-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert HCI_CONN_MASTER flag to a conn->role variable Having a dedicated u8 role variable in the hci_conn struct greatly simplifies tracking of the role, since this is the native way that it's represented on the HCI level. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5a54e7c8 |
|
13-Jul-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Convert L2CAP ident spinlock into a mutex The spinlock protecting the L2CAP ident number can be converted into a mutex since the whole processing is run in a workqueue. So instead of using a spinlock, just use a mutex here. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
a6801ca9 |
|
10-Jul-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Update the list of L2CAP fixed channels The list of L2CAP fixed channels increased with newer versions of the specification. This just updates the constants for it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6fea7ad1 |
|
09-Jul-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Don't send ERTM configuration option when disabled When ERTM support is disabled, then do not even send ERTM configuration option even if the remote side supports it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
dcc36c16 |
|
08-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Unify helpers for bdaddr_list manipulations We already have several lists with struct bdaddr_list entries, and there will be more in the future. Since the operations for adding, removing, looking up and clearing entries in these lists are exactly the same it doesn't make sense to define new functions for every single list. This patch unifies the functions by passing the list_head to them instead of a hci_dev pointer. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
cdd6275e |
|
07-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Pass desired connection role to hci_connect_le() If we have both LE scanning and advertising simultaneously enabled we need a way to tell hci_connect_le() in which role to initiate a connection. This patch adds a new parameter to the function to give it the necessary information. For auto-connect and mgmt_pair_device we always use master role, whereas for L2CAP users (in practice sockets) we use slave role whenever HCI_ADVERTISING is set and master role otherwise. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d93375a8 |
|
07-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove auth_type parameter from hci_connect_le() The auth_type value which gets assigned to hci_conn->auth_type is something that's only used for BR/EDR connections and is of no value for LE connections. It makes therefore little sense to pass it to the hci_connect_le() function. This patch removes the parameter from the function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
09ae260b |
|
06-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Use lower timeout for LE auto-connections When we establish connections as a consequence of receiving an advertising report it makes no sense to wait the normal 20 second LE connection timeout. This patch modifies the hci_connect_le function to take an extra timeout value and uses a lower 2 second timeout for the auto-connection case. This timeout is intentionally chosen to be just a bit higher than the 1.28 second timeout that High Duty Cycle Advertising uses. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9e1d7e15 |
|
06-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Restrict blocked device check in l2cap_recv_frame to LE BR/EDR has the connection request and connection request rejection, but LE doesn't have anything similar. We still request LE connections to blocked devices to be disconnected but it's possible that ACL data slips through before that. The check in l2cap_recv_frame really only needs to be for LE and not BR/EDR because of this. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f4869e2a |
|
02-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Pass store hint to mgmt_new_conn_param The calling functions of mgmt_new_conn_param have more information about the parameters, such as whether the kernel is tracking them or not. It makes therefore sense to have them pass an initial store_hint value to the mgmt_new_conn_param function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e493150e |
|
02-Jul-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Centralize looking up blocked devices to l2cap_recv_frame The ATT channel isn't the only one that we should ensure doesn't receive data from blocked devices. SMP is another, and in general we don't want data packets going to any of the various handlers. Therefore, add a single check to the l2cap_recv_frame function. The patch fixes at the same time the use of a correct address type. The blacklist stores the values with the user space facing triple type wheras hci_conn->dst_type uses the HCI address type (0x00 or 0x01). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ffb5a827 |
|
01-Jul-2014 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Introduce "New Connection Parameter" Event This patch introduces a new Mgmt event called "New Connection Parameter". This event indicates to userspace the connection parameters values the remote device requested. The user may store these values and load them into kernel. This way, next time a connection is established to that device, the kernel will use those parameters values instead of the default ones. This event is sent when the remote device requests new connection parameters through connection parameter update procedure. This event is not sent for slave connections. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d4905f24 |
|
25-Jun-2014 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Connection parameters check helper This patch renames l2cap_check_conn_param() to hci_check_conn_params() and moves it to hci_core.h so it can reused in others files. This helper will be reused in the next patch. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4dae2798 |
|
24-Jun-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Convert hci_conn->link_mode into flags Since the link_mode member of the hci_conn struct is a bit field and we already have a flags member as well it makes sense to merge these two together. This patch moves all used link_mode bits into corresponding flags. To keep backwards compatibility with user space we still need to provide a get_link_mode() helper function for the ioctl's that expect a link_mode style value. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
80afeb6c |
|
22-Jun-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Add support LE slave connection update procedure When the current LE connection parameters of a slave connection do not match up with the controller defined values, then trigger the connection update procedure to allow adjusting them. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6b8d4a6a |
|
18-Jun-2014 |
Jukka Rissanen <jukka.rissanen@linux.intel.com> |
Bluetooth: 6LoWPAN: Use connected oriented channel instead of fixed one Create a CoC dynamically instead of one fixed channel for communication to peer devices. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0498878b |
|
18-Jun-2014 |
Jukka Rissanen <jukka.rissanen@linux.intel.com> |
Bluetooth: Provide L2CAP ops callback for memcpy_fromiovec The highly optimized TX path for L2CAP channels and its fragmentation within the HCI ACL packets requires to copy data from user provided IO vectors and also kernel provided memory buffers. This patch allows channel clients to provide a memcpy_fromiovec callback to keep this optimized behavior, but adapt it to kernel vs user memory for the TX path. For all kernel internal L2CAP channels, a default implementation is provided that can be referenced. In case of A2MP, this fixes a long-standing issue with wrongly accessing kernel memory as user memory. This patch originally by Marcel Holtmann. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d9fbd02b |
|
08-Jun-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Use explicit header and body length for L2CAP SKB allocation When allocating the L2CAP SKB for transmission, provide the upper layers with a clear distinction on what is the header and what is the body portion of the SKB. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
8d46321c |
|
05-Jun-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Assign L2CAP socket priority when allocating SKB The SKB for L2CAP sockets are all allocated in a central callback in the socket support. Instead of having to pass around the socket priority all the time, assign it to skb->priority when actually allocating the SKB. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
7ab56c3a |
|
12-Jun-2014 |
Jukka Taimisto <jtt@codenomicon.com> |
Bluetooth: Fix deadlock in l2cap_conn_del() A deadlock occurs when PDU containing invalid SMP opcode is received on Security Manager Channel over LE link and conn->pending_rx_work worker has not run yet. When LE link is created l2cap_conn_ready() is called and before returning it schedules conn->pending_rx_work worker to hdev->workqueue. Incoming data to SMP fixed channel is handled by l2cap_recv_frame() which calls smp_sig_channel() to handle the SMP PDU. If smp_sig_channel() indicates failure l2cap_conn_del() is called to delete the connection. When deleting the connection, l2cap_conn_del() purges the pending_rx queue and calls flush_work() to wait for the pending_rx_work worker to complete. Since incoming data is handled by a worker running from the same workqueue as the pending_rx_work is being scheduled on, we will deadlock on waiting for pending_rx_work to complete. This patch fixes the deadlock by calling cancel_work_sync() instead of flush_work(). Signed-off-by: Jukka Taimisto <jtt@codenomicon.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
|
#
6a5e8165 |
|
28-May-2014 |
Jukka Rissanen <jukka.rissanen@linux.intel.com> |
Bluetooth: l2cap: Set more channel defaults Default values for various channel settings were missing. This way channel users do not need to set default values themselves. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
40b9397a |
|
14-May-2014 |
Samuel Ortiz <sameo@linux.intel.com> |
Bluetooth: Fix L2CAP LE debugfs entries permissions 0466 was probably meant to be 0644, there's no reason why everyone except root could write there. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
|
#
dcf4adbf |
|
12-Mar-2014 |
Joe Perches <joe@perches.com> |
Bluetooth: Convert uses of __constant_<foo> to <foo> The use of __constant_<foo> has been unnecessary for quite awhile now. Make these uses consistent with the rest of the kernel. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
6f77d8c7 |
|
26-Feb-2014 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Move address type conversion to outside hci_connect_le This patch moves address type conversion (L2CAP address type to HCI address type) to outside hci_connect_le. This way, we avoid back and forth address type conversion in a comming patch. So hci_connect_le() now expects 'dst_type' parameter in HCI address type convention. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
04a6c589 |
|
26-Feb-2014 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Refactor HCI connection code hci_connect() is a very simple and useless wrapper of hci_connect_acl and hci_connect_le functions. Addtionally, all places where hci_connect is called the link type value is passed explicitly. This way, we can safely delete hci_connect, declare hci_connect_acl and hci_connect_le in hci_core.h and call them directly. No functionality is changed by this patch. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4bd6d38e |
|
26-Feb-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unneeded "force" parameter from smp_distribute_keys() Now that to-be-received keys are properly tracked we no-longer need the "force" parameter to smp_distribute_keys(). It was essentially acting as an indicator whether all keys have been received, but now it's just redundant together with smp->remote_key_dist. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ede81a2a |
|
25-Feb-2014 |
Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> |
Bluetooth: Fix NULL pointer dereference when sending data When trying to allocate skb for new PDU, l2cap_chan is unlocked so we can sleep waiting for memory as otherwise there's possible deadlock as fixed in e454c84464. However, in a6a5568c03 lock was moved from socket to channel level and it's no longer safe to just unlock and lock again without checking l2cap_chan state since channel can be disconnected when lock is not held. This patch adds missing checks for l2cap_chan state when returning from call which allocates skb. Scenario is easily reproducible by running rfcomm-tester in a loop. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffffa0442169>] l2cap_do_send+0x29/0x120 [bluetooth] PGD 0 Oops: 0000 [#1] SMP Modules linked in: CPU: 7 PID: 4038 Comm: krfcommd Not tainted 3.14.0-rc2+ #15 Hardware name: Dell Inc. OptiPlex 790/0HY9JP, BIOS A10 11/24/2011 task: ffff8802bdd731c0 ti: ffff8801ec986000 task.ti: ffff8801ec986000 RIP: 0010:[<ffffffffa0442169>] [<ffffffffa0442169>] l2cap_do_send+0x29/0x120 RSP: 0018:ffff8801ec987ad8 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8800c5796800 RCX: 0000000000000000 RDX: ffff880410e7a800 RSI: ffff8802b6c1da00 RDI: ffff8800c5796800 RBP: ffff8801ec987af8 R08: 00000000000000c0 R09: 0000000000000300 R10: 000000000000573b R11: 000000000000573a R12: ffff8802b6c1da00 R13: 0000000000000000 R14: ffff8802b6c1da00 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88042dce0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000041257c000 CR4: 00000000000407e0 Stack: ffff8801ec987d78 ffff8800c5796800 ffff8801ec987d78 0000000000000000 ffff8801ec987ba8 ffffffffa0449e37 0000000000000004 ffff8801ec987af0 ffff8801ec987d40 0000000000000282 0000000000000000 ffffffff00000004 Call Trace: [<ffffffffa0449e37>] l2cap_chan_send+0xaa7/0x1120 [bluetooth] [<ffffffff81770100>] ? _raw_spin_unlock_bh+0x20/0x40 [<ffffffffa045188b>] l2cap_sock_sendmsg+0xcb/0x110 [bluetooth] [<ffffffff81652b0f>] sock_sendmsg+0xaf/0xc0 [<ffffffff810a8381>] ? update_curr+0x141/0x200 [<ffffffff810a8961>] ? dequeue_entity+0x181/0x520 [<ffffffff81652b60>] kernel_sendmsg+0x40/0x60 [<ffffffffa04a8505>] rfcomm_send_frame+0x45/0x70 [rfcomm] [<ffffffff810766f0>] ? internal_add_timer+0x20/0x50 [<ffffffffa04a8564>] rfcomm_send_cmd+0x34/0x60 [rfcomm] [<ffffffffa04a8605>] rfcomm_send_disc+0x75/0xa0 [rfcomm] [<ffffffffa04aacec>] rfcomm_run+0x8cc/0x1a30 [rfcomm] [<ffffffffa04aa420>] ? rfcomm_check_accept+0xc0/0xc0 [rfcomm] [<ffffffff8108e3a9>] kthread+0xc9/0xe0 [<ffffffff8108e2e0>] ? flush_kthread_worker+0xb0/0xb0 [<ffffffff817795fc>] ret_from_fork+0x7c/0xb0 [<ffffffff8108e2e0>] ? flush_kthread_worker+0xb0/0xb0 Code: 00 00 66 66 66 66 90 55 48 89 e5 48 83 ec 20 f6 05 d6 a3 02 00 04 RIP [<ffffffffa0442169>] l2cap_do_send+0x29/0x120 [bluetooth] RSP <ffff8801ec987ad8> CR2: 0000000000000000 Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
2c96e03d |
|
18-Feb-2014 |
Szymon Janc <szymon.janc@gmail.com> |
Bluetooth: Print error when dropping L2CAP data Silently dropping L2CAP data (i.e. due to remote device not obeying negotiated MTU) is confusing and makes debugging harder. Signed-off-by: Szymon Janc <szymon.janc@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
387a33e3 |
|
18-Feb-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix updating Identity Address in L2CAP channels When we receive a remote identity address during SMP key distribution we should ensure that any associated L2CAP channel instances get their address information correspondingly updated (so that e.g. doing getpeername on associated sockets returns the correct address). This patch adds a new L2CAP core function l2cap_conn_update_id_addr() which is used to iterate through all L2CAP channels associated with a connection and update their address information. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9b7655ea |
|
13-Feb-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Enable LE L2CAP CoC support by default Now that the LE L2CAP Connection Oriented Channel support has undergone a decent amount of testing we can make it officially supported. This patch removes the enable_lecoc module parameter which was previously needed to enable support for LE L2CAP CoC. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
7b25c9b3 |
|
28-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unnecessary check for chan->psm Now that ATT sockets have been converted to use the new L2CAP_CHAN_FIXED type there is no need to have an extra check for chan->psm in the l2cap_chan_close function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
61202e4d |
|
28-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Free up l2cap_chan->sport when initiating a connection The sport variable is used to track the allocation of the local PSM database to ensure no two sockets take the same local PSM. It is acquired upon bind() but needs to be freed up if the socket ends up becoming a client one. This patch adds the clearing of the value when l2cap_chan_connect is called. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0f1bfe4e |
|
27-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix disconnecting L2CAP when a credits overflow occurs The L2CAP specification requires us to disconnect an L2CAP channel if the remote side gives us credits beyond 65535. This patch makes sure we disconnect the channel in such a situation. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dfd9774c |
|
27-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix disconnecting L2CAP channel for credits violation The L2CAP specification requires us to disconnect a channel if the remote device sends us data when it doesn't have any credits to do so. This patch makes sure that we send the appropriate L2CAP Disconnect request in this situation. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d1d79413 |
|
27-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix respecting le_default_mps value There's a le_default_mps variable that can be modified through debugfs but it was never actually used for determining our MPS value. This patch fixes the MPS initialization to use the variable instead of a fixed value. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
7a8e5a31 |
|
25-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix CID initialization for fixed channels Fixed channels have the same source and destination CID. Ensure that the values get properly initialized when receiving incoming connections and deriving values from the parent socket. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
21626e62 |
|
24-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Switch ATT channels to use L2CAP_CHAN_FIXED ATT channels are not connection oriented so having them use L2CAP_CHAN_CONN_ORIENTED is quite confusing. Instead, use the new L2CAP_CHAN_FIXED type and ensure that the MTU and CID values get properly set. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
2338a7e0 |
|
24-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Rename L2CAP_CHAN_CONN_FIX_A2MP to L2CAP_CHAN_FIXED There's no reason why A2MP should need or deserve its on channel type. Instead we should be able to group all fixed CID users under a single channel type and reuse as much code as possible for them. Where CID specific exceptions are needed the chan-scid value can be used. This patch renames the current A2MP channel type to a generic one and thereby paves the way to allow converting ATT and SMP (and any future fixed channel protocols) to use the new channel type. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
03a0c5d6 |
|
18-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove useless l2cap_seq_list_remove function The only user of l2cap_seq_list_remove() was l2cap_seq_list_pop() which only removes the head, meaning only the "else if (seq_list->head == seq)" branch was ever being used. This patch moves the code from this branch straight into l2cap_seq_list_pop() and removes the (now useless) l2cap_seq_list_remove(). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
61a939c6 |
|
17-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Queue incoming ACL data until BT_CONNECTED state is reached This patch adds a queue for incoming L2CAP data that's received before l2cap_connect_cfm is called and processes the data once l2cap_connect_cfm is called. This way we ensure that we have e.g. all remote features before processing L2CAP signaling data (which is very important for making the correct security decisions). The processing of the pending rx data needs to be done through queue_work since unlike l2cap_recv_acldata, l2cap_connect_cfm is called with the hci_dev lock held which could cause potential deadlocks. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
162b49e7 |
|
17-Jan-2014 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Reorder L2CAP functions to avoid forward declarations This patch moves the l2cap_conn_add, is_valid_psm and l2cap_chan_connect functions further down in l2cap_core.c. The patch doesn't contain anything else except the relocation of these functions. By moving the functions further down the patch enables a subsequent patch that adds a pending RX queue to be implemented without a forward declaration of a function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
7d513e92 |
|
15-Jan-2014 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Handle security level 4 for L2CAP connections With the introduction of security level 4, the L2CAP sockets need to be made aware of this new level. This change ensures that the pairing requirements are set correctly for these connections. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
18722c24 |
|
11-Dec-2013 |
Jukka Rissanen <jukka.rissanen@linux.intel.com> |
Bluetooth: Enable 6LoWPAN support for BT LE devices This is initial version of http://tools.ietf.org/html/draft-ietf-6lo-btle-00 By default the 6LoWPAN support is not activated and user needs to tweak /sys/kernel/debug/bluetooth/hci0/6lowpan file. The kernel needs IPv6 support before 6LoWPAN is usable. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
71fb4197 |
|
10-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix handling of L2CAP Command Reject over LE If we receive an L2CAP command reject message over LE we should take appropriate action on the corresponding channel. This is particularly important when trying to interact with a remote pre-4.1 system using LE CoC signaling messages. If we don't react to the command reject the corresponding socket would not be notified until a connection timeout occurs. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
c8afe8d0 |
|
05-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix valid LE PSM check The range of valid LE PSMs is 0x0001-0x00ff so the check should be for "less than or equal to" instead of "less than". Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f1324ea5 |
|
05-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Use min_t for calculating chan->mps Since there's a nice convenient helper for calculating the minimum of two values, let's use that one. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0ce43ce6 |
|
05-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Simplify l2cap_chan initialization for LE CoC The values in l2cap_chan that are used for actually transmitting data only need to be initialized right after we've received an L2CAP Connect Request or just before we send one. The only thing that we need to initialize though bind() and connect() is the chan->mode value. This way all other initializations can be done in the l2cap_le_flowctl_init function (which now becomes private to l2cap_core.c) and the l2cap_le_flowctl_start function can be completely removed. Also, since the l2cap_sock_init function initializes the imtu and omtu to adequate values these do not need to be part of l2cap_le_flowctl_init. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f15b8ecf |
|
03-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add debugfs controls for LE CoC MPS and Credits This patch adds entries to debugfs to control the values used for the MPS and Credits for LE Flow Control Mode. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
4946096d |
|
08-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix validating LE PSM values LE PSM values have different ranges than those for BR/EDR. The valid ranges for fixed, SIG assigned values is 0x0001-0x007f and for dynamic PSM values 0x0080-0x00ff. We need to ensure that bind() and connect() calls conform to these ranges when operating on LE CoC sockets. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
e77af755 |
|
08-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix CID ranges for LE CoC CID allocations LE CoC used differend CIC ranges than BR/EDR L2CAP. The start of the range is the same (0x0040) but the range ends at 0x007f (unlike BR/EDR where it goes all the way to 0xffff). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
aeddd075 |
|
07-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix clearing of chan->omtu for LE CoC channels The outgoing MTU should only be set upon channel creation to the initial minimum value (23) or from a remote connect req/rsp PDU. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3916aed8 |
|
07-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Limit LE MPS to the MTU value It doesn't make sense to have an MPS value greater than the configured MTU value since we will then not be able to fill up the packets to their full possible size. We need to set the MPS both in flowctl_init() as well as flowctl_start() since the imtu may change after init() but start() is only called after we've sent the LE Connection Request PDU which depends on having a valid MPS value. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
029727a3 |
|
07-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix suspending the L2CAP socket if we start with 0 credits If the peer gives us zero credits in its connection request or response we must call the suspend channel callback so the BT_SK_SUSPEND flag gets set and user space is blocked from sending data to the socket. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
595177f3 |
|
02-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix LE L2CAP Connect Request handling together with SMP Unlike BR/EDR, for LE when we're in the BT_CONNECT state we may or may not have already have sent the Connect Request. This means that we need some extra tracking of the request. This patch adds an extra channel flag to prevent the request from being sent a second time. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
aac23bf6 |
|
01-Jun-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Implement LE L2CAP reassembly When receiving fragments over an LE Connection oriented Channel they need to be collected up and eventually merged into a single SDU. This patch adds the necessary code for collecting up the fragment skbs to the channel context and passing them to the recv() callback when the entire SDU has been received. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
177f8f2b |
|
31-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add LE L2CAP segmentation support for outgoing data This patch adds segmentation support for outgoing data packets. Packets are segmented based on the MTU and MPS values. The l2cap_chan struct already contains many helpful variables from BR/EDR Enhanced L2CAP which can be used for this. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3af8ace6 |
|
03-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Reject LE CoC commands when the feature is not enabled Since LE CoC support needs to be enabled through a module option for now we need to reject any related signaling PDUs in addition to rejecting the creation of LE CoC sockets (which we already do). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
fad5fc89 |
|
05-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add LE flow control discipline This patch adds the necessary discipline for reacting to LE L2CAP Credits packets, sending those packets, and modifying the known credits accordingly. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b1c325c2 |
|
05-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Implement returning of LE L2CAP credits We should return credits to the remote side whenever they fall below a certain level (in our case under half of the initially given amount). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0cd75f7e |
|
17-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Track LE L2CAP credits in l2cap_chan This patch adds tracking of L2CAP connection oriented channel local and remote credits to struct l2cap_chan and ensures that connect requests and responses contain the right values. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
38319713 |
|
16-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add LE L2CAP flow control mode The LE connection oriented channels have their own mode with its own data transfer rules. In order to implement this properly we need to distinguish L2CAP channels operating in this mode from other modes. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b5ecba64 |
|
01-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Make l2cap_le_sig_cmd logic consistent This patch makes the error handling and return logic of l2cap_le_sig_cmd consistent with its BR/EDR counterpart. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3defe01a |
|
15-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add L2CAP Disconnect suppport for LE The normal L2CAP Disconnect request and response are also used for LE connection oriented channels. Therefore, we can simply use the existing handler functions for terminating LE based L2CAP channels. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
cea04ce3 |
|
14-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP channel closing for LE connections Sending of the L2CAP Disconnect request should also be performed for LE based channels. The proper thing to do is therefore to look at whether there's a PSM specified for the channel instead of looking at the link type. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
27e2d4c8 |
|
14-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add basic LE L2CAP connect request receiving support This patch adds the necessary boiler plate code to handle receiving L2CAP connect requests over LE and respond to them with a proper connect response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
791d60f7 |
|
14-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Refactor L2CAP connect rejection to its own function We'll need to have a separate code path for LE based connection rejection so it's cleaner to move out the response construction code into its own function (and later a second one for LE). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f1496dee |
|
13-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add initial code for LE L2CAP Connect Request This patch adds the necessary code to send an LE L2CAP Connect Request and handle its response when user space has provided us with an LE socket with a PSM instead of a fixed CID. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
96ac34fb |
|
13-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Move LE L2CAP initiator procedure to its own function Once connection oriented L2CAP channels over LE are supported they will need a completely separate handling from BR/EDR channels. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
203e639e |
|
15-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Pass command length to LE signaling channel handlers The LE signaling PDU length is already calculated in the l2cap_le_sig_channel function so we can just pass the value to the various handler functions to avoid unnecessary recalculations (byte order conversions). Right now the only user is the connection parameter update procedure, but as new LE signaling operations become available (for connection oriented channels) they will also be able to make use of the value. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
a17de2fe |
|
14-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Allow l2cap_chan_check_security() to be used for LE links. With connection oriented L2CAP channels some code paths will be shared with BR/EDR links. It is therefore necessary to allow the l2cap_chan_check_security function to be usable also for LE links in addition to BR/EDR ones. This means that smp_conn_security() needs to be called instead of hci_conn_security() in the case of an LE link. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
bf20fd4e |
|
14-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Update l2cap_global_chan_by_psm() to take a link type Once connection oriented L2CAP channels become possible for LE we need to be able to specify the link type we're interested in when looking up L2CAP channels. Therefore, add a link_type parameter to the l2cap_global_chan_by_psm() function which gets compared to the address type associated with each l2cap_chan. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
6d3c15da |
|
02-Dec-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unnecessary braces from one-line if-statement This patch is just a trivial coding style fix to remove unnecessary braces from a one-line if-statement. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
31e8ce80 |
|
05-Nov-2013 |
Seung-Woo Kim <sw0312.kim@samsung.com> |
Bluetooth: Fix crash in l2cap_chan_send after l2cap_chan_del Removing a bond and disconnecting from a specific remote device can cause l2cap_chan_send() is called after l2cap_chan_del() is called. This causes following crash. [ 1384.972086] Unable to handle kernel NULL pointer dereference at virtual address 00000008 [ 1384.972090] pgd = c0004000 [ 1384.972125] [00000008] *pgd=00000000 [ 1384.972137] Internal error: Oops: 17 [#1] PREEMPT SMP ARM [ 1384.972144] Modules linked in: [ 1384.972156] CPU: 0 PID: 841 Comm: krfcommd Not tainted 3.10.14-gdf22a71-dirty #435 [ 1384.972162] task: df29a100 ti: df178000 task.ti: df178000 [ 1384.972182] PC is at l2cap_create_basic_pdu+0x30/0x1ac [ 1384.972191] LR is at l2cap_chan_send+0x100/0x1d4 [ 1384.972198] pc : [<c051d250>] lr : [<c0521c78>] psr: 40000113 [ 1384.972198] sp : df179d40 ip : c083a010 fp : 00000008 [ 1384.972202] r10: 00000004 r9 : 0000065a r8 : 000003f5 [ 1384.972206] r7 : 00000000 r6 : 00000000 r5 : df179e84 r4 : da557000 [ 1384.972210] r3 : 00000000 r2 : 00000004 r1 : df179e84 r0 : 00000000 [ 1384.972215] Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel [ 1384.972220] Control: 10c53c7d Table: 5c8b004a DAC: 00000015 [ 1384.972224] Process krfcommd (pid: 841, stack limit = 0xdf178238) [ 1384.972229] Stack: (0xdf179d40 to 0xdf17a000) [ 1384.972238] 9d40: 00000000 da557000 00000004 df179e84 00000004 000003f5 0000065a 00000000 [ 1384.972245] 9d60: 00000008 c0521c78 df179e84 da557000 00000004 da557204 de0c6800 df179e84 [ 1384.972253] 9d80: da557000 00000004 da557204 c0526b7c 00000004 df724000 df179e84 00000004 [ 1384.972260] 9da0: df179db0 df29a100 c083bc48 c045481c 00000001 00000000 00000000 00000000 [ 1384.972267] 9dc0: 00000000 df29a100 00000000 00000000 00000000 00000000 df179e10 00000000 [ 1384.972274] 9de0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 1384.972281] 9e00: 00000000 00000000 00000000 00000000 df179e4c c000ec80 c0b538c0 00000004 [ 1384.972288] 9e20: df724000 df178000 00000000 df179e84 c0b538c0 00000000 df178000 c07f4570 [ 1384.972295] 9e40: dcad9c00 df179e74 c07f4394 df179e60 df178000 00000000 df179e84 de247010 [ 1384.972303] 9e60: 00000043 c0454dec 00000001 00000004 df315c00 c0530598 00000004 df315c0c [ 1384.972310] 9e80: ffffc32c 00000000 00000000 df179ea0 00000001 00000000 00000000 00000000 [ 1384.972317] 9ea0: df179ebc 00000004 df315c00 c05df838 00000000 c0530810 c07d08c0 d7017303 [ 1384.972325] 9ec0: 6ec245b9 00000000 df315c00 c0531b04 c07f3fe0 c07f4018 da67a300 df315c00 [ 1384.972332] 9ee0: 00000000 c05334e0 df315c00 df315b80 df315c00 de0c6800 da67a300 00000000 [ 1384.972339] 9f00: de0c684c c0533674 df204100 df315c00 df315c00 df204100 df315c00 c082b138 [ 1384.972347] 9f20: c053385c c0533754 a0000113 df178000 00000001 c083bc48 00000000 c053385c [ 1384.972354] 9f40: 00000000 00000000 00000000 c05338c4 00000000 df9f0000 df9f5ee4 df179f6c [ 1384.972360] 9f60: df178000 c0049db4 00000000 00000000 c07f3ff8 00000000 00000000 00000000 [ 1384.972368] 9f80: df179f80 df179f80 00000000 00000000 df179f90 df179f90 df9f5ee4 c0049cfc [ 1384.972374] 9fa0: 00000000 00000000 00000000 c000f168 00000000 00000000 00000000 00000000 [ 1384.972381] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 1384.972388] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00010000 00000600 [ 1384.972411] [<c051d250>] (l2cap_create_basic_pdu+0x30/0x1ac) from [<c0521c78>] (l2cap_chan_send+0x100/0x1d4) [ 1384.972425] [<c0521c78>] (l2cap_chan_send+0x100/0x1d4) from [<c0526b7c>] (l2cap_sock_sendmsg+0xa8/0x104) [ 1384.972440] [<c0526b7c>] (l2cap_sock_sendmsg+0xa8/0x104) from [<c045481c>] (sock_sendmsg+0xac/0xcc) [ 1384.972453] [<c045481c>] (sock_sendmsg+0xac/0xcc) from [<c0454dec>] (kernel_sendmsg+0x2c/0x34) [ 1384.972469] [<c0454dec>] (kernel_sendmsg+0x2c/0x34) from [<c0530598>] (rfcomm_send_frame+0x58/0x7c) [ 1384.972481] [<c0530598>] (rfcomm_send_frame+0x58/0x7c) from [<c0530810>] (rfcomm_send_ua+0x98/0xbc) [ 1384.972494] [<c0530810>] (rfcomm_send_ua+0x98/0xbc) from [<c0531b04>] (rfcomm_recv_disc+0xac/0x100) [ 1384.972506] [<c0531b04>] (rfcomm_recv_disc+0xac/0x100) from [<c05334e0>] (rfcomm_recv_frame+0x144/0x264) [ 1384.972519] [<c05334e0>] (rfcomm_recv_frame+0x144/0x264) from [<c0533674>] (rfcomm_process_rx+0x74/0xfc) [ 1384.972531] [<c0533674>] (rfcomm_process_rx+0x74/0xfc) from [<c0533754>] (rfcomm_process_sessions+0x58/0x160) [ 1384.972543] [<c0533754>] (rfcomm_process_sessions+0x58/0x160) from [<c05338c4>] (rfcomm_run+0x68/0x110) [ 1384.972558] [<c05338c4>] (rfcomm_run+0x68/0x110) from [<c0049db4>] (kthread+0xb8/0xbc) [ 1384.972576] [<c0049db4>] (kthread+0xb8/0xbc) from [<c000f168>] (ret_from_fork+0x14/0x2c) [ 1384.972586] Code: e3100004 e1a07003 e5946000 1a000057 (e5969008) [ 1384.972614] ---[ end trace 6170b7ce00144e8c ]--- Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
7f5396a7 |
|
21-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Use bt_cb(skb)->chan to send raw data back Instead of accessing skb->sk in L2CAP core we now compare the channel a skb belongs to and not send it back if the channel is same. This change removes another struct socket usage from L2CAP core. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
8ffb9290 |
|
21-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove parent socket usage from l2cap_core.c The parent socket is not used inside the L2CAP core anymore. We only lock it to indirect access through the new_connection() callback. The hold of the socket lock was moved to the new_connection() callback. Inside L2CAP core the channel lock is now used in l2cap_le_conn_ready() and l2cap_conn_ready() to protect the execution of these two functions during the handling of new incoming connections. This change remove the socket lock usage from L2CAP core while keeping the code safe against race conditions. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f93fa273 |
|
21-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove socket lock from l2cap_state_change() This simplify and make safer the state change handling inside l2cap_core.c. we got rid of __l2cap_state_change(). And l2cap_state_change() doesn't lock the socket anymore, instead the socket is locked inside the ops callback for state change in l2cap_sock.c. It makes the code safer because in some we were using a unlocked version, and now we are calls to l2cap_state_change(), when dealing with sockets, use the locked version. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
acdcabf5 |
|
21-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Hold socket in defer callback in L2CAP socket In both places that we use the defer callback the socket lock is held for a indirect sk access inside __l2cap_change_state() and chan->ops->defer(), all the rest of the code between lock_sock() and release_sock() is already protected by the channel lock and won't be affected by this change. We now use l2cap_change_state(), the locked version of the change state function, and the defer callback does the locking itself now. This does not affect other uses of the defer callback. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d42970f3 |
|
21-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove not used struct sock It is a leftover from the recent effort of remove sk usage from L2CAP core. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
cc8dba2b |
|
18-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Block ATT connection on LE when device is blocked When the remote LE device is blocked, then do not create a L2CAP channel for it. Without a channel, all packets for that connection will be dropped. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
06ae3314 |
|
18-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Use hcon directly instead of conn->hcon where possible When the HCI connection hcon is already dereferenced, then use hcon directly instead of conn->hcon. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
1120e4bf |
|
17-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Use IS_ERR_OR_NULL for checking bt_debugfs Make sure to use IS_ERR_OR_NULL for checking the existing of the root debugfs dentry bt_debugfs. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
a521149a |
|
16-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove useless l2cap_err_to_reason function Now that the only reason code this function can return is L2CAP_REJ_NOT_UNDERSTOOD we can just do the necessary assignment without needing a separate function at all. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
33a2145e |
|
16-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unused command reject mapping for EMSGSIZE There is no command handler that would return an EMSGSIZE error, so just remove this mapping from the l2cap_err_to_reason function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
662d652d |
|
16-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP "Command Reject: Invalid CID" response When the reason code in the L2CAP command reject is "invalid CID" there should be four additional bytes of data in the PDU, namely the source and destination CIDs (which should be zero if one or both are not applicable). This patch fixes all occurrences of such errors to return the right kind of PDU. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
74e75740 |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: use l2cap_chan_ready() instead of duplicate code In this case the replacement by l2cap_chan_ready() doesn't change the code flow, the same operations will executed plus two others that have no effect: the use of the parent socket, that a non-oriented channel doesn't have and the reset of conf_state, which is also fine since the connection is ready at this point. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
dc25306b |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Move l2cap_wait_ack() to l2cap_sock.c The wait_ack code has a heavy dependency on the socket data structures and, as of now, it won't be worthless change it to use non-socket structures as the only user of such feature is a socket. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5ec1bbe5 |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Add chan->ops->set_shutdown() We need to remove all direct access of struct sock from L2CAP core. This change is pretty simple and just add a new L2CAP channel callback to do the work in the L2CAP socket side. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
8d836d71 |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Access sk_sndtimeo indirectly in l2cap_core.c As part of the work to remove struct sock from l2cap_core.c and make it more generic we remove in this commit the direct access to sk->sk_sndtimeo member. This objective of this change is purely remove sk usage from l2cap_core.c Now we have a new l2cap ops to get the current value of sk->sndtimeo. A l2cap_chan_no_get_sndtimeo was added for users of L2CAP that doesn't need to set a timeout. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
f8e73017 |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Add l2cap_state_change_and_error() l2cap_state_change_and_error() introduces the ability to update a l2cap_user with changes in channel's state and error code with just one call. The main reason for this is to avoid race conditions between and setting the state and then the error. Otherwise we would need to release the lock between both operations. This is another step of an ongoing work to make l2cap_core.c totally independent from l2cap's struct sock. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
53f52121 |
|
15-Oct-2013 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Extend state_change() call to report errors too Instead of creating an new function pointer to report errors we are just reusing state_change for that and there is a simple reason for this, one place in the l2cap_core.c code needs, in a locked sk, set both the sk_state and sk_err. If we create two different functions for this we would need to release the lock between the two operation putting the socket in non desired state. The change is transparent to the l2cap_core.c code, user that only needs to set the state won't need any modification. This is another step of an ongoing work to make l2cap_core.c totally independent from l2cap's struct sock. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d97c899b |
|
14-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Introduce L2CAP channel callback for resuming Clearing the BT_SK_SUSPEND socket flag from the L2CAP core is causing a dependency on the socket. So intead of doing that, use a channel callback into the socket handling to resume. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
bdc25783 |
|
14-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Introduce L2CAP channel flag for defer setup The L2CAP core should not look into the socket flags to figure out the setting of defer setup. So introduce a L2CAP channel flag that mirrors the socket flag. Since the defer setup option is only set in one place this becomes a really easy thing to do. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
2edf870d |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Provide msg_name callback for L2CAP connectionless channels The L2CAP connectionless channels use SOCK_DGRAM and recvmsg() and need to receive the remote BD_ADDR and PSM information via msg_name from the recvmsg() system call. So in case the L2CAP socket is for connectionless channels, provide a msg_name callback that can update the data. Also store the remote BD_ADDR and PSM in the skb so it can be extracted later on. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
4f1654e0 |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Return the correct address type for L2CAP sockets The L2CAP sockets can use BR/EDR public, LE public and LE random addresses for various combinations of source and destination devices. So make sure that getsockname(), getpeername() and accept() return the correct address type. For this the address type of the source and destination is stored with the L2CAP channel information. The stored address type is not the one specific for the HCI protocol. It is the address type used for the L2CAP sockets and the management interface. The underlying HCI connections store the HCI address type. If needed, it gets converted to the socket address type. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
7eafc59e |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Store address information in L2CAP channel structure With the effort of abstracting the L2CAP socket from the underlying L2CAP channel it is important to store the source and destination address information directly in the L2CAP channel structure. Direct access to the HCI connection address information is not possible since they might not be avaiable at L2CAP channel creation time. The address information will be updated when the underlying BR/EDR or LE connection status changes. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
4637f7c0 |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Update L2CAP socket source address from HCI connection When having LE connections, the source address is not always the public address of the controller. So update the socket address based on the actual used source address of the HCI connection. This also remove the pointless source address pointer and adds a proper lock around the socket structure. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6f59b904 |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Use hci_conn->src address for L2CAP functions The source address is now stored in hci_conn->src and so use that one for L2CAP functions. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
98e0f7ea |
|
13-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Remove l2cap_conn->src and l2cap_conn->dst usage from L2CAP The l2cap_conn->src and l2cap_conn->dst addresses are just a pointers to hci_conn structure. Use hci_conn->hdev->bdaddr and hci_conn->dst directly instead. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
547d1032 |
|
12-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Unicast connectionless data reception is supported The unicast connectionless data reception feature is actually support and has been supported all along. Mark it as supported in the L2CAP features bitmask. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
d40bffbc |
|
12-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: The L2CAP fixed channel connectionless data is supported The implementation actually supports the L2CAP connectionless data channel. So set it as supported in the fixed channels bitmask. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
3124b843 |
|
12-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Allow 3D profile to use security mode 4 level 0 The PSM 0x0021 is dedicated to the 3D profile and has permission to use security mode 4 level 0 for L2CAP connectionless unicast data transfers. When establishing a L2CAP connectionless channel on PSM 0x0021, it will no longer force Secure Simple Pairing. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6a974b50 |
|
12-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Limit security mode 4 level 0 to connection oriented channels The exception for certain PSM channels when it comes to security mode 4 level 0 should only be checked when actually a connection oriented channel is established. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
43b1b8df |
|
12-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Fix PSM value for L2CAP connectionless data packets The put_unaligned() for setting the PSM is missing the (__le16 *) cast. Without this, the PSM information transmitted over the air are bogus. In addition, print the used PSM value in the debug message so this becomes easier to debug in the future. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
ac4b7236 |
|
10-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Move smp.h header file into net/bluetooth/ The smp.h header file is only used internally by the bluetooth.ko module and is not a public API. So make it local to the core Bluetooth module. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
7024728e |
|
10-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Move a2mp.h header file into net/bluetooth/ The a2mp.h header file is only used internally by the bluetooth.ko module and is not a public API. So make it local to the core Bluetooth module. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
7ef9fbf0 |
|
10-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Move amp.h header file into net/bluetooth/ The amp.h header file is only used internally by the bluetooth.ko module and is not a public API. So make it local to the core Bluetooth module. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
c4e5bafa |
|
10-Oct-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix potential double-frees of L2CAP skbs The l2cap_recv_frame function is expected to take ownership and eventually free the skb passed to it. We need to ensure that the conn->rx_skb pointer is no longer reachable when calling l2cap_recv_frame so that no other function, such as l2cap_conn_del, may think that it can free conn->rx_skb. An actual situation when this can happen is when smp_sig_channel (called from l2cap_recv_frame) fails and l2cap_conn_del gets called as a consequence. The l2cap_conn_del function would then try to free conn->rx_skb, but as the same skb was just passed to smp_sig_channel and freed we get a double-free. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
1df7b17a |
|
05-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Simplify check if L2CAP connection is AMP capable The check if a L2CAP connection is AMP capable was a little bit complicated. This changes the code to make it simpler and more readable. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
80d58d0b |
|
05-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Move hci_amp_capable() function into L2CAP core The hci_amp_capable() function has only a single user inside the L2CAP core. Instead of exporting the function, place it next to its user. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6ed971ca |
|
05-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Use explicit AMP controller id value for BR/EDR The special AMP controller id 0 is reserved for the BR/EDR controller that has the main link. It is a fixed value and so use a constant for this throughout the code to make it more visible when the handling is for the BR/EDR channel or when it is for the AMP channel. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
4f3e219d |
|
03-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Only one command per L2CAP LE signalling is supported The Bluetooth specification makes it clear that only one command should be present in the L2CAP LE signalling packet. So tighten the checks here and restrict it to exactly one command. This is different from L2CAP BR/EDR signalling where multiple commands can be part of the same packet. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
b99707d7 |
|
03-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Drop packets on ATT fixed channel on BR/EDR The ATT fixed channel is only valid when using LE connections. On BR/EDR it is required to go through L2CAP connection oriented channel for ATT. Drop ATT packets when they are received on a BR/EDR connection. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
ae4fd2d3 |
|
03-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: L2CAP connectionless channels are only valid for BR/EDR When receiving connectionless packets on a LE connection, just drop the packet. There is no concept of connectionless channels for LE. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
94b6a09b |
|
03-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Don't copy L2CAP LE signalling to raw sockets The L2CAP raw sockets are only used for BR/EDR signalling. Packets on LE links should not be forwarded there. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
a2877629 |
|
03-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Fix switch statement order for L2CAP fixed channels The switch statement for the various L2CAP fixed channel handlers is not really ordered. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
3b166295 |
|
02-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Fix memory leak with L2CAP signal channels The wrong type of L2CAP signalling packets on the wrong type of either BR/EDR or LE links need to be dropped. When that happens the packet is dropped, but the memory not freed. So actually free the memory as well. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
848566b3 |
|
01-Oct-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Provide high speed configuration option Hiding the Bluetooth high speed support behind a module parameter is not really useful. This can be enabled and disabled at runtime via the management interface. This also has the advantage that this can now be changed per controller and not just global. This patch removes the module parameter and exposes the high speed setting of the management interface to all controllers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
941247f9 |
|
22-Sep-2013 |
Peter Senna Tschudin <peter.senna@gmail.com> |
Bluetooth: Fix assignment of 0/1 to bool variables Convert 0 to false and 1 to true when assigning values to bool variables. Inspired by commit 3db1cd5c05f35fb43eb134df6f321de4e63141f2. The simplified semantic patch that find this problem is as follows (http://coccinelle.lip6.fr/): @@ bool b; @@ ( -b = 0 +b = false | -b = 1 +b = true ) Signed-off-by: Peter Senna Tschudin <peter.senna@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
69c4e4e8 |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix responding to invalid L2CAP signaling commands When we have an LE link we should not respond to any data on the BR/EDR L2CAP signaling channel (0x0001) and vice-versa when we have a BR/EDR link we should not respond to LE L2CAP (CID 0x0005) signaling commands. This patch fixes this issue by checking for a valid link type and ignores data if it is wrong. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
9245e737 |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix sending responses to identified L2CAP response packets When L2CAP packets return a non-zero error and the value is passed onwards by l2cap_bredr_sig_cmd this will trigger a command reject packet to be sent. However, the core specification (page 1416 in core 4.0) says the following: "Command Reject packets should not be sent in response to an identified Response packet.". This patch ensures that a command reject packet is not sent for any identified response packet by ignoring the error return value from the response handler functions. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
7c2005d6 |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP command reject reason There are several possible reason codes that can be sent in the command reject L2CAP packet. Before this patch the code has used a hard-coded single response code ("command not understood"). This patch adds a helper function to map the return value of an L2CAP handler function to the correct command reject reason. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
c4ea249f |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP Disconnect response for unknown CID If we receive an L2CAP Disconnect Request for an unknown CID we should not just silently drop it but reply with a proper Command Reject response. This patch fixes this by ensuring that the disconnect handler returns a proper error instead of 0 and will cause the function caller to send the right response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
21870b52 |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix L2CAP error return used for failed channel lookups The EFAULT error should only be used for memory address related errors and ENOENT might be needed for other purposes than invalid CID errors. This patch fixes the l2cap_config_req, l2cap_connect_create_rsp and l2cap_create_channel_req handlers to use the unique EBADSLT error to indicate failed lookups on a given CID. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
dc280801 |
|
16-Sep-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix double error response for l2cap_create_chan_req When an L2CAP request handler returns non-zero the calling code will send a command reject response. The l2cap_create_chan_req function will in some cases send its own response but then still return a -EFAULT error which would cause two responses to be sent. This patch fixes this by making the function return 0 after sending its own response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
330b6c15 |
|
05-Aug-2013 |
Syam Sidhardhan <s.syam@samsung.com> |
Bluetooth: Fix ACL alive for long in case of non pariable devices For certain devices (ex: HID mouse), support for authentication, pairing and bonding is optional. For such devices, the ACL alive for too long after the L2CAP disconnection. To avoid the ACL alive for too long after L2CAP disconnection, reset the ACL disconnect timeout back to HCI_DISCONN_TIMEOUT during L2CAP connect. While merging the commit id:a9ea3ed9b71cc3271dd59e76f65748adcaa76422 this issue might have introduced. Hcidump info: sh-4.1# /opt/hcidump -Xt 2013-08-05 16:49:00.894129 < ACL data: handle 12 flags 0x00 dlen 12 L2CAP(s): Disconn req: dcid 0x004a scid 0x0041 2013-08-05 16:49:00.894195 < HCI Command: Exit Sniff Mode (0x02|0x0004) plen 2 handle 12 2013-08-05 16:49:00.894269 < ACL data: handle 12 flags 0x00 dlen 12 L2CAP(s): Disconn req: dcid 0x0049 scid 0x0040 2013-08-05 16:49:00.895645 > HCI Event: Command Status (0x0f) plen 4 Exit Sniff Mode (0x02|0x0004) status 0x00 ncmd 1 2013-08-05 16:49:00.934391 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 12 mode 0x00 interval 0 Mode: Active 2013-08-05 16:49:00.936592 > HCI Event: Number of Completed Packets (0x13) plen 5 handle 12 packets 2 2013-08-05 16:49:00.951577 > ACL data: handle 12 flags 0x02 dlen 12 L2CAP(s): Disconn rsp: dcid 0x004a scid 0x0041 2013-08-05 16:49:00.952820 > ACL data: handle 12 flags 0x02 dlen 12 L2CAP(s): Disconn rsp: dcid 0x0049 scid 0x0040 2013-08-05 16:49:00.969165 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 12 mode 0x02 interval 50 Mode: Sniff 2013-08-05 16:49:48.175533 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 12 mode 0x00 interval 0 Mode: Active 2013-08-05 16:49:48.219045 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 12 mode 0x02 interval 108 Mode: Sniff 2013-08-05 16:51:00.968209 < HCI Command: Disconnect (0x01|0x0006) plen 3 handle 12 reason 0x13 Reason: Remote User Terminated Connection 2013-08-05 16:51:00.969056 > HCI Event: Command Status (0x0f) plen 4 Disconnect (0x01|0x0006) status 0x00 ncmd 1 2013-08-05 16:51:01.013495 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 12 mode 0x00 interval 0 Mode: Active 2013-08-05 16:51:01.073777 > HCI Event: Disconn Complete (0x05) plen 4 status 0x00 handle 12 reason 0x16 Reason: Connection Terminated by Local Host ============================ After fix ================================ 2013-08-05 16:57:35.986648 < ACL data: handle 11 flags 0x00 dlen 12 L2CAP(s): Disconn req: dcid 0x004c scid 0x0041 2013-08-05 16:57:35.986713 < HCI Command: Exit Sniff Mode (0x02|0x0004) plen 2 handle 11 2013-08-05 16:57:35.986785 < ACL data: handle 11 flags 0x00 dlen 12 L2CAP(s): Disconn req: dcid 0x004b scid 0x0040 2013-08-05 16:57:35.988110 > HCI Event: Command Status (0x0f) plen 4 Exit Sniff Mode (0x02|0x0004) status 0x00 ncmd 1 2013-08-05 16:57:36.030714 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 11 mode 0x00 interval 0 Mode: Active 2013-08-05 16:57:36.032950 > HCI Event: Number of Completed Packets (0x13) plen 5 handle 11 packets 2 2013-08-05 16:57:36.047926 > ACL data: handle 11 flags 0x02 dlen 12 L2CAP(s): Disconn rsp: dcid 0x004c scid 0x0041 2013-08-05 16:57:36.049200 > ACL data: handle 11 flags 0x02 dlen 12 L2CAP(s): Disconn rsp: dcid 0x004b scid 0x0040 2013-08-05 16:57:36.065509 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 11 mode 0x02 interval 50 Mode: Sniff 2013-08-05 16:57:40.052006 < HCI Command: Disconnect (0x01|0x0006) plen 3 handle 11 reason 0x13 Reason: Remote User Terminated Connection 2013-08-05 16:57:40.052869 > HCI Event: Command Status (0x0f) plen 4 Disconnect (0x01|0x0006) status 0x00 ncmd 1 2013-08-05 16:57:40.104731 > HCI Event: Mode Change (0x14) plen 6 status 0x00 handle 11 mode 0x00 interval 0 Mode: Active 2013-08-05 16:57:40.146935 > HCI Event: Disconn Complete (0x05) plen 4 status 0x00 handle 11 reason 0x16 Reason: Connection Terminated by Local Host Signed-off-by: Sang-Ki Park <sangki79.park@samsung.com> Signed-off-by: Chan-yeol Park <chanyeol.park@samsung.com> Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
da9910ac |
|
21-Jun-2013 |
Jaganath Kanakkassery <jaganath.k@samsung.com> |
Bluetooth: Fix invalid length check in l2cap_information_rsp() The length check is invalid since the length varies with type of info response. This was introduced by the commit cb3b3152b2f5939d67005cff841a1ca748b19888 Because of this, l2cap info rsp is not handled and command reject is sent. > ACL data: handle 11 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x00b8 Enhanced Retransmission mode Streaming mode FCS Option Fixed Channels < ACL data: handle 11 flags 0x00 dlen 10 L2CAP(s): Command rej: reason 0 Command not understood Cc: stable@vger.kernel.org Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Chan-Yeol Park <chanyeol.park@samsung.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1c244f79 |
|
06-Dec-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Add missing braces to an "else if" Trivial change in the coding style. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
3f6fa3d4 |
|
21-Jun-2013 |
Jaganath Kanakkassery <jaganath.k@samsung.com> |
Bluetooth: Fix invalid length check in l2cap_information_rsp() The length check is invalid since the length varies with type of info response. This was introduced by the commit cb3b3152b2f5939d67005cff841a1ca748b19888 Because of this, l2cap info rsp is not handled and command reject is sent. > ACL data: handle 11 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x00b8 Enhanced Retransmission mode Streaming mode FCS Option Fixed Channels < ACL data: handle 11 flags 0x00 dlen 10 L2CAP(s): Command rej: reason 0 Command not understood Cc: stable@vger.kernel.org Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Chan-Yeol Park <chanyeol.park@samsung.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
44f3b0fb |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix multiple LE socket handling The LE ATT server socket needs to be superseded by any ATT client sockets. Previously this was done by looking at the hcon->out variable (indicating whether the connection is outgoing or incoming) which is a too crude way of determining whether the server socket needs to be picked or not (an outgoing connection doesn't necessarily mean that an ATT client socket has triggered it). This patch extends the ATT server socket lookup function (l2cap_le_conn_ready) to be used for all LE connections (regardless of the hcon->out value) and adds an internal check into the function for the existence of any ATT client sockets (in which case the server socket should be skipped). For this to work reliably all lookups must be done while the l2cap_conn->chan_lock is held, meaning also that the call to l2cap_chan_add needs to be changed to its lockless __l2cap_chan_add counterpart. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
0cc59a72 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove useless hci_conn disc_timeout setting There's no need to reset disc_timeout in l2cap_le_conn_ready since HCI_DISCONN_TIMEOUT is the default when the hci_conn is created and there should be no way for it to get changed between creation and l2cap_le_conn_ready being called. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5ee9891d |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Simplify hci_conn_hold/drop logic for L2CAP The L2CAP code has been incrementing the hci_conn reference for each l2cap_chan instance in the l2cap_conn list. Likewise, the reference is dropped each time an l2cap_chan is removed from the list. The reference counting policy with respect to removal has been clear and explicit in the l2cap_chan_del function, however for addition the function calling 2cap_chan_add has always had to do a separate hci_conn_hold call. What made the counting even more hard to follow is that the hci_connect() procedure increments the reference and the L2CAP layer making this call took advantage of it to use it as its own reference. This patch aims to clarify things by having the call to hci_conn_hold inside __l2cap_chan_add, thereby removing the need to do it in the functions calling __l2cap_chan_add. The reference count for hci_connect is still kept as it's necessary for users such as mgmt_pair_device, however for the L2CAP layer it means that an extra call to hci_conn_drop must be performed once l2cap_chan_add has been done. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
af1c0134 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove unnecessary L2CAP channel state check In l2cap_att_channel() we're only interested in the BT_CONNECTED state so this state can directly be passed to l2cap_global_chan_by_scid(). This way there's no need to do any additional state check later. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
60bac184 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove useless sk variable in l2cap_le_conn_ready The sk variable is of quite little use since it's only used to simplify access in the two bt_sk() calls. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
97f57c0b |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix duplicate call to l2cap_chan_ready() In l2cap_le_conn_ready() after doing l2cap_chann_add() the LE channel is part of the list which is subsequently iterated in l2cap_conn_ready() in this loop each channel will get l2cap_chan_ready() called which would result in trying to set the channel two times into BT_CONNECTED state. Instead it makes sense to just add the channel but not call chan_ready in l2cap_le_conn_ready, which is what this patch does. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d8729922 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Add clarifying comment to l2cap_conn_ready() There is an extra call to smp_conn_security() for outgoing LE connections from l2cap_conn_ready() but the reason for this call is far from clear. After a bit of commit history research and using git blame I found out that this extra call is for socket-less pairing processes added by commit 160dc6ac1. This patch adds a clarifying comment to the code for this. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
9f22398c |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix hardcoding ATT CID in __l2cap_chan_add() Since in the future more than the ATT CID may be permissible we should not be hardcoding it for all LE connections in __l2cap_chan_add(). Instead, the source ATT CID should only be set if the destination is also ATT, and in other cases we should just use the existing dynamic CID allocation function. Assigning scid based on dcid means that whenever __l2cap_chan_add() is called that chan->dcid is properly initialized. l2cap_le_conn_ready() wasn't initializing is properly so this is also taken care of in this patch. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
141d5706 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix EBUSY condition test in l2cap_chan_connect The current test in l2cap_chan_connect is intended to protect against multiple conflicting connect attempts. However, it assumes that there will ever only be a single CID that is connected to, which is not true. We do need to check for conflicts with connect attempts to the same destination CID but this check is not in anyway specific to LE but can be applied to BR/EDR as well. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f224ca5f |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix LE vs BR/EDR selection when connecting The choice between LE and BR/EDR should be made on the destination address type instead of the destination CID. This is particularly important when in the future more than one CID will be allowed for LE. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
073d1cf3 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Rename L2CAP_CID_LE_DATA to L2CAP_CID_ATT In future Core Specification versions the ATT CID will be just one of many possible CIDs that can be used for data transfer. Therefore, it makes sense to rename the define for the ATT CID to something less ambigous. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
c5623556 |
|
29-Apr-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Handle LE L2CAP signalling in its own function The LE L2CAP signalling channel follows its own rules and will continue to evolve independently from the BR/EDR signalling channel. Therefore, it makes sense to have a clear split from BR/EDR by having a dedicated function for handling LE signalling commands. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
300b962e |
|
02-Jun-2013 |
Anderson Lizardo <anderson.lizardo@openbossa.org> |
Bluetooth: Fix crash in l2cap_build_cmd() with small MTU If a too small MTU value is set with ioctl(HCISETACLMTU) or by a bogus controller, memory corruption happens due to a memcpy() call with negative length. Fix this crash on either incoming or outgoing connections with a MTU smaller than L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE: [ 46.885433] BUG: unable to handle kernel paging request at f56ad000 [ 46.888037] IP: [<c03d94cd>] memcpy+0x1d/0x40 [ 46.888037] *pdpt = 0000000000ac3001 *pde = 00000000373f8067 *pte = 80000000356ad060 [ 46.888037] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC [ 46.888037] Modules linked in: hci_vhci bluetooth virtio_balloon i2c_piix4 uhci_hcd usbcore usb_common [ 46.888037] CPU: 0 PID: 1044 Comm: kworker/u3:0 Not tainted 3.10.0-rc1+ #12 [ 46.888037] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 46.888037] Workqueue: hci0 hci_rx_work [bluetooth] [ 46.888037] task: f59b15b0 ti: f55c4000 task.ti: f55c4000 [ 46.888037] EIP: 0060:[<c03d94cd>] EFLAGS: 00010212 CPU: 0 [ 46.888037] EIP is at memcpy+0x1d/0x40 [ 46.888037] EAX: f56ac1c0 EBX: fffffff8 ECX: 3ffffc6e EDX: f55c5cf2 [ 46.888037] ESI: f55c6b32 EDI: f56ad000 EBP: f55c5c68 ESP: f55c5c5c [ 46.888037] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 46.888037] CR0: 8005003b CR2: f56ad000 CR3: 3557d000 CR4: 000006f0 [ 46.888037] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 46.888037] DR6: ffff0ff0 DR7: 00000400 [ 46.888037] Stack: [ 46.888037] fffffff8 00000010 00000003 f55c5cac f8c6a54c ffffffff f8c69eb2 00000000 [ 46.888037] f4783cdc f57f0070 f759c590 1001c580 00000003 0200000a 00000000 f5a88560 [ 46.888037] f5ba2600 f5a88560 00000041 00000000 f55c5d90 f8c6f4c7 00000008 f55c5cf2 [ 46.888037] Call Trace: [ 46.888037] [<f8c6a54c>] l2cap_send_cmd+0x1cc/0x230 [bluetooth] [ 46.888037] [<f8c69eb2>] ? l2cap_global_chan_by_psm+0x152/0x1a0 [bluetooth] [ 46.888037] [<f8c6f4c7>] l2cap_connect+0x3f7/0x540 [bluetooth] [ 46.888037] [<c019b37b>] ? trace_hardirqs_off+0xb/0x10 [ 46.888037] [<c01a0ff8>] ? mark_held_locks+0x68/0x110 [ 46.888037] [<c064ad20>] ? mutex_lock_nested+0x280/0x360 [ 46.888037] [<c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150 [ 46.888037] [<c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0 [ 46.888037] [<c064ad08>] ? mutex_lock_nested+0x268/0x360 [ 46.888037] [<c01a125b>] ? trace_hardirqs_on+0xb/0x10 [ 46.888037] [<f8c72f8d>] l2cap_recv_frame+0xb2d/0x1d30 [bluetooth] [ 46.888037] [<c01a0ff8>] ? mark_held_locks+0x68/0x110 [ 46.888037] [<c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150 [ 46.888037] [<c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0 [ 46.888037] [<f8c754f1>] l2cap_recv_acldata+0x2a1/0x320 [bluetooth] [ 46.888037] [<f8c491d8>] hci_rx_work+0x518/0x810 [bluetooth] [ 46.888037] [<f8c48df2>] ? hci_rx_work+0x132/0x810 [bluetooth] [ 46.888037] [<c0158979>] process_one_work+0x1a9/0x600 [ 46.888037] [<c01588fb>] ? process_one_work+0x12b/0x600 [ 46.888037] [<c015922e>] ? worker_thread+0x19e/0x320 [ 46.888037] [<c015922e>] ? worker_thread+0x19e/0x320 [ 46.888037] [<c0159187>] worker_thread+0xf7/0x320 [ 46.888037] [<c0159090>] ? rescuer_thread+0x290/0x290 [ 46.888037] [<c01602f8>] kthread+0xa8/0xb0 [ 46.888037] [<c0656777>] ret_from_kernel_thread+0x1b/0x28 [ 46.888037] [<c0160250>] ? flush_kthread_worker+0x120/0x120 [ 46.888037] Code: c3 90 8d 74 26 00 e8 63 fc ff ff eb e8 90 55 89 e5 83 ec 0c 89 5d f4 89 75 f8 89 7d fc 3e 8d 74 26 00 89 cb 89 c7 c1 e9 02 89 d6 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 5d f4 8b 75 f8 8b 7d fc 89 [ 46.888037] EIP: [<c03d94cd>] memcpy+0x1d/0x40 SS:ESP 0068:f55c5c5c [ 46.888037] CR2: 00000000f56ad000 [ 46.888037] ---[ end trace 0217c1f4d78714a9 ]--- Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org> Cc: stable@vger.kernel.org Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
cb3b3152 |
|
28-May-2013 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix missing length checks for L2CAP signalling PDUs There has been code in place to check that the L2CAP length header matches the amount of data received, but many PDU handlers have not been checking that the data received actually matches that expected by the specific PDU. This patch adds passing the length header to the specific handler functions and ensures that those functions fail cleanly in the case of an incorrect amount of data. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
72f78356 |
|
23-Apr-2013 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Remove unneeded parameter from L2CAP ATT channel handling The CID is fixed to L2CAP ATT channel and so there is no need to hand it down to the handling function. Just use a constant instead. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2c8e1411 |
|
06-Apr-2013 |
David Herrmann <dh.herrmann@gmail.com> |
Bluetooth: l2cap: add l2cap_user sub-modules Several sub-modules like HIDP, rfcomm, ... need to track l2cap connections. The l2cap_conn->hcon->dev object is used as parent for sysfs devices so the sub-modules need to be notified when the hci_conn object is removed from sysfs. As submodules normally use the l2cap layer, the l2cap_user objects are registered there instead of on the underlying hci_conn object. This avoids any direct dependency on the HCI layer and lets the l2cap core handle any specifics. This patch introduces l2cap_user objects which contain a "probe" and "remove" callback. You can register them on any l2cap_conn object and if it is active, the "probe" callback will get called. Otherwise, an error is returned. The l2cap_conn object will call your "remove" callback directly before it is removed from user-space. This allows you to remove your submodules _before_ the parent l2cap_conn and hci_conn object is removed. At any time you can asynchronously unregister your l2cap_user object if your submodule vanishes before the l2cap_conn object does. There is no way around l2cap_user. If we want wire-protocols in the kernel, we always want the hci_conn object as parent in the sysfs tree. We cannot use a channel here since we might need multiple channels for a single protocol. But the problem is, we _must_ get notified when an l2cap_conn object is removed. We cannot use reference-counting for object-removal! This is not how it works. If a hardware is removed, we should immediately remove the object from sysfs. Any other behavior would be inconsistent with the rest of the system. Also note that device_del() might sleep, but it doesn't wait for user-space or block very long. It only _unlinks_ the object from sysfs and the whole device-tree. Everything else is handled by ref-counts! This is exactly what the other sub-modules must do: unlink their devices when the "remove" l2cap_user callback is called. They should not do any cleanup or synchronous shutdowns. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
9c903e37 |
|
06-Apr-2013 |
David Herrmann <dh.herrmann@gmail.com> |
Bluetooth: l2cap: introduce l2cap_conn ref-counting If we want to use l2cap_conn outside of l2cap_core.c, we need refcounting for these objects. Otherwise, we cannot synchronize l2cap locks with outside locks and end up with deadlocks. Hence, introduce ref-counting for l2cap_conn objects. This doesn't affect l2cap internals at all, as they use a direct synchronization. We also keep a reference to the parent hci_conn for locking purposes as l2cap_conn depends on this. This doesn't affect the connection itself but only the lifetime of the (dead) object. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
baf43251 |
|
11-Apr-2013 |
Claudio Takahasi <claudio.takahasi@openbossa.org> |
Bluetooth: Remove unneeded parameter This patch removes the status parameter of the l2cap_conn_add function. The parameter 'status' is always 0. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
76a68ba0 |
|
06-Apr-2013 |
David Herrmann <dh.herrmann@gmail.com> |
Bluetooth: rename hci_conn_put to hci_conn_drop We use _get() and _put() for device ref-counting in the kernel. However, hci_conn_put() is _not_ used for ref-counting, hence, rename it to hci_conn_drop() so we can later fix ref-counting and introduce hci_conn_put(). hci_conn_hold() and hci_conn_put() are currently used to manage how long a connection should be held alive. When the last user drops the connection, we spawn a delayed work that performs the disconnect. Obviously, this has nothing to do with ref-counting for the _object_ but rather for the keep-alive of the connection. But we really _need_ proper ref-counting for the _object_ to allow connection-users like rfcomm-tty, HIDP or others. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
7b064eda |
|
09-Jan-2013 |
Jaganath Kanakkassery <jaganath.k@samsung.com> |
Bluetooth: Fix authentication if acl data comes before remote feature evt If remote device sends l2cap info request before read_remote_ext_feature completes then mgmt_connected will be sent in hci_acldata_packet() and remote name request wont be sent and eventually authentication wont happen Hcidump log of the issue < HCI Command: Create Connection (0x01|0x0005) plen 13 bdaddr BC:85:1F:74:7F:29 ptype 0xcc18 rswitch 0x01 clkoffset 0x4bf7 (valid) Packet type: DM1 DM3 DM5 DH1 DH3 DH5 > HCI Event: Command Status (0x0f) plen 4 Create Connection (0x01|0x0005) status 0x00 ncmd 1 > HCI Event: Connect Complete (0x03) plen 11 status 0x00 handle 12 bdaddr BC:85:1F:74:7F:29 type ACL encrypt 0x00 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 handle 12 > HCI Event: Command Status (0x0f) plen 4 Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1 > HCI Event: Read Remote Supported Features (0x0b) plen 11 status 0x00 handle 12 Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 > HCI Event: Max Slots Change (0x1b) plen 3 handle 12 slots 5 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 handle 12 page 1 > HCI Event: Command Status (0x0f) plen 4 Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1 > ACL data: handle 12 flags 0x02 dlen 10 L2CAP(s): Info req: type 2 < ACL data: handle 12 flags 0x00 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x00b8 Enhanced Retransmission mode Streaming mode FCS Option Fixed Channels > HCI Event: Read Remote Extended Features (0x23) plen 13 status 0x00 handle 12 page 1 max 1 Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 > ACL data: handle 12 flags 0x02 dlen 10 L2CAP(s): Info req: type 3 < ACL data: handle 12 flags 0x00 dlen 20 L2CAP(s): Info rsp: type 3 result 0 Fixed channel list 0x00000002 L2CAP Signalling Channel > HCI Event: Number of Completed Packets (0x13) plen 5 handle 12 packets 2 This patch moves sending mgmt_connected from hci_acldata_packet() to l2cap_connect_req() since this code is to handle the scenario remote device sends l2cap connect req too fast Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
cbf54ad1 |
|
07-Dec-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Remove dead code Remove code which cannot execute. l2cap_conn_add for AMP_LINK might only be invoked when receiving data in l2cap_recv_acldata. But this case is checked in the first statement there. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f2592d3e |
|
29-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Change NO_FCS_RECV to RECV_NO_FCS Make code more readable by changing CONF_NO_FCS_RECV which is read as "No L2CAP FCS option received" to CONF_RECV_NO_FCS which means "Received L2CAP option NO_FCS". This flag really means that we have received L2CAP FRAME CHECK SEQUENCE (FCS) OPTION with value "No FCS". Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
cbabee78 |
|
29-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Process receiving FCS_NONE in L2CAP Conf Rsp Process L2CAP Config rsp Pending with FCS Option 0x00 (No FCS) which is sent by Motorola Windows 7 Bluetooth stack. The trace is shown below (all other options are skipped). ... < ACL data: handle 1 flags 0x00 dlen 48 L2CAP(s): Config req: dcid 0x0043 flags 0x00 clen 36 ... FCS Option 0x00 (No FCS) > ACL data: handle 1 flags 0x02 dlen 48 L2CAP(s): Config req: dcid 0x0041 flags 0x00 clen 36 ... FCS Option 0x01 (CRC16 Check) < ACL data: handle 1 flags 0x00 dlen 47 L2CAP(s): Config rsp: scid 0x0043 flags 0x00 result 4 clen 33 Pending ... > ACL data: handle 1 flags 0x02 dlen 50 L2CAP(s): Config rsp: scid 0x0041 flags 0x00 result 4 clen 36 Pending ... FCS Option 0x00 (No FCS) < ACL data: handle 1 flags 0x00 dlen 14 L2CAP(s): Config rsp: scid 0x0043 flags 0x00 result 0 clen 0 Success > ACL data: handle 1 flags 0x02 dlen 14 L2CAP(s): Config rsp: scid 0x0041 flags 0x00 result 0 clen 0 Success ... Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
60918918 |
|
29-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix missing L2CAP EWS Conf parameter If L2CAP_FEAT_FCS is not supported we sould miss EWS option configuration because of break. Make code more readable by combining FCS configuration in the single block. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5d05416e |
|
29-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Check that AMP is present and active Before starting quering remote AMP controllers make sure that there is local active AMP controller. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5e4e3972 |
|
28-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Refactor l2cap_send_disconn_req l2cap_send_disconn_req takes 3 parameters of which conn might be derived from chan. Make this conversion inside l2cap_send_disconn_req. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fd45bf4c |
|
20-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Set no FCS for incoming L2CAP chan When receiving L2CAP Create Channel Request set the channel as L2CAP_FCS_NONE. Then in "L2CAP Config req" following field will be set: "FCS Option 0x00 (No FCS)". So by default High Speed channels have no FCS. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1bb166e6 |
|
20-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Improve error message printing Instead of printing: "[ 7763.082007] Bluetooth: 2" print something like: "[ 7763.082007] Bluetooth: Trailing bytes: 2 in sframe" Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
62748ca1 |
|
20-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix sending L2CAP Create Chan Req When receiving Physical Link Completed event we need to create L2CAP channel with L2CAP Create Chan Request. Current code was sending this command only if connection was pending (which is probably needed in channel move case). If channel is not moved but created Create Chan should be sent for outgoing channel which is checked with BT_CONNECT flag. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
62cd50e2 |
|
14-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Use __constant for constants Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
12d6cc60 |
|
14-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Disable FCS only for new HS channels Set chan->fcs to L2CAP_FCS_NONE only for new L2CAP channels (not moved). Other side can still request to use FCS. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
a514b17f |
|
14-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Refactor locking in amp_physical_cfm Remove locking from l2cap_physical_cfm and lock chan inside amp_physical_cfm. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
522db702 |
|
15-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Remove unneeded local_amp_id initialization local_amp_id is already set in l2cap_connect() which is called several lines above. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
96eff46e |
|
15-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use __l2cap_no_conn_pending helper Use helper instead of test_bit. This is the only place left using test CONF_CONNECT_PEND flag. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fffadc08 |
|
01-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Rename ctrl_id to remote_amp_id Since we have started to use local_amp_id for local AMP Controller Id it makes sense to rename ctrl_id to remote_amp_id since it represents remote AMP controller Id. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
6e1df6a6 |
|
01-Nov-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Process Create Chan Request Add processing L2CAP Create Chan Request. When channel is created save associated high speed link hs_hcon. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f351bc72 |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Check for hs_hcon instead of ctrl_id When deciding whether to send EFS configuration response with success, check rather for existence of High Speed physical link hs_hcon then ctrl_id. There might be cases when there is ctrl_id but high speed link is not established yet. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
419e08c1 |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Disconnect logical link when deleting chan Disconnect logical link for high speed channel hs_hchan associated with L2CAP channel chan. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5ce66b59 |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Add Logical Link Create function After physical link is created logical link needs to be created. The process starts after L2CAP channel is created and L2CAP Configuration Response with result PENDING is received. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
770bfefa |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Derive remote and local amp id from chan struct l2cap_chan already keeps information about *_amp_id. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
439f34ac |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Return correct L2CAP response type Return L2CAP_CREATE_CHAN_RSP for Create Channel Request and L2CAP_CONN_RSP for Create Connection Request. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
336178a3 |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Save hs_hchan instead of hs_hcon in loglink complete When logical link creation is completed we need to save hs_hchan which represents logical link instead of hs_hcon representing physical link. hs_hcon shall be saved when receiving physical link complete event. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
ba6fc317 |
|
31-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Fix braces style and remove empty line Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
27695fb4 |
|
25-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Process Logical Link complete evt After receiving HCI Logical Link Complete event finish EFS configuration by sending L2CAP Conf Response with success code. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
35ba9561 |
|
25-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use helper function sending EFS conf rsp There is helper function used to send EFS Configuration Response. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fe79c6fe |
|
25-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Remove unneeded assignment Assignment is not needed here since err is always gets value. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
3f7a56c4 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Start channel move when socket option is changed Channel moves are triggered by changes to the BT_CHANNEL_POLICY sockopt when an ERTM or streaming-mode channel is connected. Moves are only started if enable_hs is true. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
e6a3ee6e |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Do not retransmit data during a channel move Do not retransmit previously-sent data when a "receiver ready" s-frame with the "final" flag is received during a move. The ERTM state machines will resynchronize at the end of a channel move, and the state machine needs to avoid state changes during a move. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
a549574d |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Ignore BR/EDR packet size constraints when fragmenting for AMP When operating over BR/EDR, ERTM accounts for the maximum over-the-air packet size when setting the PDU size. AMP controllers do not use the same over-the-air packets, so the PDU size should only be based on the HCI MTU of the AMP controller. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
36c86c85 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Configure appropriate timeouts for AMP controllers The L2CAP spec recommends specific retransmit and monitor timeouts for ERTM channels that are on AMP controllers. These timeouts are calculated from the AMP controller's best effort flush timeout. BR/EDR controllers use the default retransmit and monitor timeouts. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
b99e13ad |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Do not send data during channel move Outgoing ERTM data is queued during a channel move. The ERTM state machine is partially reset at the start of a move, and must be resynchronized with the remote state machine at the end of the move. Data is not sent so that there are no state transitions between the partial reset and the resync. Streaming mode frames are dropped during a move. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d5f8a75d |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Flag ACL frames as complete for AMP controllers AMP controllers expect to transmit only "complete" ACL frames. These frames have both the "start" and "cont" bits set. AMP does not allow fragmented ACLs. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
8eb200bd |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Handle physical link completion Several different actions may be taken when an AMP physical link becomes available. A channel being created on an AMP controller must continue the connection process. A channel being moved needs to either send a move request or a move response. A failed physical link will revert to using a BR/EDR controller if possible. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
3fd71a0a |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add move confirm response handling The move confirm response concludes the channel move command sequence. Receipt of this command indicates that data may begin to flow again. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1500109b |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add logical link confirm The logical link confirm callback is executed when the AMP controller completes its logical link setup. During a channel move, a newly formed logical link allows a move responder to send a move channel response. A move initiator will send a move channel confirm. A failed logical link will end the channel move and send an appropriate response or confirm command indicating a failure. If the channel is being created on an AMP controller, L2CAP configuration is completed after the logical link is set up. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5b155ef9 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Move channel response The move response command includes a result code indicating "pending", "success", or "failure" status. A pending result is received when the remote address is still setting up a physical link, and will be followed by success or failure. On success, logical link setup will proceed. On failure, the move is stopped. The receiver of a move channel response must always follow up by sending a move channel confirm command. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5f3847a4 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add move channel confirm handling After sending a move channel response, a move responder waits for a move channel confirm command. If the received command has a "confirmed" result the move is proceeding, and "unconfirmed" means the move has failed and the channel will not change controllers. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
32b32735 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add new ERTM receive states for channel move Two new states are required to implement channel moves with the ERTM receive state machine. The "WAIT_P" state is used by a move responder to wait for a "poll" flag after a move is completed (success or failure). "WAIT_F" is similarly used by a move initiator to wait for a "final" flag when the move is completing. In either state, the reqseq value in the poll/final frame tells the state machine exactly which frame should be expected next. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
02b0fbb9 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Channel move request handling On receipt of a channel move request, the request must be validated based on the L2CAP mode, connection state, and controller capabilities. ERTM channels must have their state machines cleared and transmission paused while the channel move takes place. If the channel is being moved to an AMP controller then an AMP physical link must be prepared. Moving the channel back to BR/EDR proceeds immediately. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
b1a130b7 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Lookup channel structure based on DCID Processing a move channel request involves getting the channel structure using the destination channel ID. Previous code could only look up using the source channel ID. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
5909cf30 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove unnecessary intermediate function Resolves a conflict resolution issue in "Bluetooth: Fix L2CAP coding style". The remaining connect and create channel response handler is renamed to better reflect its use for both response types. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1700915f |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add L2CAP create channel request handling The L2CAP create channel request is very similar to an L2CAP connect request, but it has an additional parameter for the controller ID. If the controller id is 0, the channel is set up on the BR/EDR controller (just like a connect request). Using a valid high speed controller ID will cause the channel to be initially created on that high speed controller. While the L2CAP data will be initially routed over the AMP controller, the L2CAP fixed signaling channel only uses BR/EDR. When a create channel request is received for a high speed controller, a pending response is always sent first. After the high speed physical and logical links are complete a success response will be sent. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
08333283 |
|
23-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add new l2cap_chan struct members for high speed channels An L2CAP channel using high speed continues to be associated with a BR/EDR l2cap_conn, while also tracking an additional hci_conn (representing a physical link on a high speed controller) and hci_chan (representing a logical link). There may only be one physical link between two high speed controllers. Each physical link may contain several logical links, with each logical link representing a channel with specific quality of service. During a channel move, the destination channel id, current move state, and role (initiator vs. responder) are tracked and used by the channel move state machine. The ident value associated with a move request must also be stored in order to use it in later move responses. The active channel is stored in local_amp_id. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
56f60984 |
|
15-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Zero bredr pointer when chan is deleted If BREDR L2CAP chan is deleted and this chan is the channel through which High Speed traffic is routed to AMP then zero pointer to the chan in amp_mgr to prevent accessing it. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
79de886d |
|
15-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Send EFS Conf Rsp only for BR/EDR chan Do not send EFS Configuration Response for High Speed channel yet. It will be sent after receiving Logical Link Complete event. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1d13a254 |
|
15-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Drop packets when no l2cap conn exist High Speed hci_conn should always have l2cap_conn associated with it. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d73a0988 |
|
15-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Handle complete frames in l2cap Check flags type in switch statement and handle new frame type ACL_COMPLETE used for High Speed data over AMP. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
300229f9 |
|
12-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Rename __l2cap_connect() to l2cap_connect() Use of "__" usually means we need to call the function with a lock held, which is not the case here. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2dc4e510 |
|
12-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Add chan->ops->defer() When DEFER_SETUP is set defer() will trigger an authorization request to the userspace. l2cap_chan_no_defer() is meant to be used when one does not want to support DEFER_SETUP (A2MP for example). Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
644912e1 |
|
12-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Move bt_accept_enqueue() to l2cap_sock.c This is part of the move the parent socket usage to l2cap_sock.c The change is safe when it comes to locking, bt_accept_enqueue() is still protected by the parent socket lock inside the l2cap_sock_new_connection_cb() code. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
b699ec0d |
|
06-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Call ops->teardown() without checking for NULL Users that don't implement teardown() should use l2cap_chan_no_teardown() Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d117773c |
|
06-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Use locked l2cap_state_change() No one was protecting the state set in l2cap_send_disconn_req() Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
1d8b1fd5 |
|
06-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: use l2cap_chan_set_err() l2cap_conn_unreliable() doesn't take the sk lock, so we need to take it using l2cap_chan_set_err(). Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
8bcde1f2 |
|
28-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove GFP_ATOMIC usage from l2cap_core.c Since we change the Bluetooth core to run in process context we don't need to use GFP_ATOMIC in many of places we were using it. The we just replace by GFP_KERNEL. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2d792818 |
|
06-Oct-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Fix L2CAP coding style Follow the net subsystem coding style Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
4c89b6aa |
|
11-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Factor out common L2CAP connection code L2CAP connect requests and create channel requests share a significant amount of code. This change moves common code to a new function. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f5a2598d |
|
11-Oct-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Process create response and connect response identically Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
8936fa6d |
|
08-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: L2CAP: Fix using default Flush Timeout for EFS There are two Flush Timeouts: one is old Flush Timeot Option which is 2 octets and the second is Flush Timeout inside EFS which is 4 octets long. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
dcc042d5 |
|
05-Oct-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: AMP: Use block_mtu for AMP controller Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
29d8a590 |
|
20-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Factor out Create Configuration Response Use function to factor out similar code. For BR/EDR send EFS Configuration Response immediately, for HS response will be sent after receiving HCI Logical Link Complete event in the following patches. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fcb73338 |
|
24-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use %pMR in sprintf/seq_printf instead of batostr Instead of old unsafe batostr function use %pMR print specifier for printing Bluetooth addresses in sprintf and seq_printf statements. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
6ed93dc6 |
|
24-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use %pMR in debug instead of batostr Instead of old unsafe batostr function use %pMR print specifier for printing Bluetooth addresses in debug and error statements. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2766be48 |
|
27-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: A2MP: Add fallback to normal l2cap init sequence When there is no remote AMP controller found fallback to normal L2CAP sequence. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
93c3e8f5 |
|
27-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Choose connection based on capabilities Choose which L2CAP connection to establish by checking support for HS and remote side supported features. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
aad3d0e3 |
|
06-Sep-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix freeing uninitialized delayed works When releasing L2CAP socket which is in BT_CONFIG state l2cap_chan_close invokes l2cap_send_disconn_req which cancel delayed works which are only set in BT_CONNECTED state with l2cap_ertm_init. Add state check before cancelling those works. ... [ 9668.574372] [21085] l2cap_sock_release: sock cd065200, sk f073e800 [ 9668.574399] [21085] l2cap_sock_shutdown: sock cd065200, sk f073e800 [ 9668.574411] [21085] l2cap_chan_close: chan f073ec00 state BT_CONFIG sk f073e800 [ 9668.574421] [21085] l2cap_send_disconn_req: chan f073ec00 conn ecc16600 [ 9668.574441] INFO: trying to register non-static key. [ 9668.574443] the code is fine but needs lockdep annotation. [ 9668.574446] turning off the locking correctness validator. [ 9668.574450] Pid: 21085, comm: obex-client Tainted: G O 3.5.0+ #57 [ 9668.574452] Call Trace: [ 9668.574463] [<c10a64b3>] __lock_acquire+0x12e3/0x1700 [ 9668.574468] [<c10a44fb>] ? trace_hardirqs_on+0xb/0x10 [ 9668.574476] [<c15e4f60>] ? printk+0x4d/0x4f [ 9668.574479] [<c10a6e38>] lock_acquire+0x88/0x130 [ 9668.574487] [<c1059740>] ? try_to_del_timer_sync+0x60/0x60 [ 9668.574491] [<c1059790>] del_timer_sync+0x50/0xc0 [ 9668.574495] [<c1059740>] ? try_to_del_timer_sync+0x60/0x60 [ 9668.574515] [<f8aa1c23>] l2cap_send_disconn_req+0xe3/0x160 [bluetooth] ... Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
cc110922 |
|
23-Aug-2012 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Change signature of smp_conn_security() To make it clear that it may be called from contexts that may not have any knowledge of L2CAP, we change the connection parameter, to receive a hci_conn. This also makes it clear that it is checking the security of the link. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
144ad330 |
|
27-Jul-2012 |
Syam Sidhardhan <s.syam@samsung.com> |
Bluetooth: Use kref for l2cap channel reference counting This patch changes the struct l2cap_chan and associated code to use kref api for object refcounting and freeing. Suggested-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
ab19516a |
|
27-Jul-2012 |
Syam Sidhardhan <s.syam@samsung.com> |
Bluetooth: debug: Correct the PSM printing Earlier we were printing chan->psm before assigning any value. Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
a9ea3ed9 |
|
19-Jul-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix legacy pairing with some devices Some devices e.g. some Android based phones don't do SDP search before pairing and cancel legacy pairing when ACL is disconnected. PIN Code Request event which changes ACL timeout to HCI_PAIRING_TIMEOUT is only received after remote user entered PIN. In that case no L2CAP is connected so default HCI_DISCONN_TIMEOUT (2 seconds) is being used to timeout ACL connection. This results in problems with legacy pairing as remote user has only few seconds to enter PIN before ACL is disconnected. Increase disconnect timeout for incomming connection to HCI_PAIRING_TIMEOUT if SSP is disabled and no linkey exists. To avoid keeping ACL alive for too long after SDP search set ACL timeout back to HCI_DISCONN_TIMEOUT when L2CAP is connected. 2012-07-19 13:24:43.413521 < HCI Command: Create Connection (0x01|0x0005) plen 13 bdaddr 00:02:72:D6:6A:3F ptype 0xcc18 rswitch 0x01 clkoffset 0x0000 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 2012-07-19 13:24:43.425224 > HCI Event: Command Status (0x0f) plen 4 Create Connection (0x01|0x0005) status 0x00 ncmd 1 2012-07-19 13:24:43.885222 > HCI Event: Role Change (0x12) plen 8 status 0x00 bdaddr 00:02:72:D6:6A:3F role 0x01 Role: Slave 2012-07-19 13:24:44.054221 > HCI Event: Connect Complete (0x03) plen 11 status 0x00 handle 42 bdaddr 00:02:72:D6:6A:3F type ACL encrypt 0x00 2012-07-19 13:24:44.054313 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2 handle 42 2012-07-19 13:24:44.055176 > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7 bdaddr 00:02:72:D6:6A:3F mode 0 2012-07-19 13:24:44.056217 > HCI Event: Max Slots Change (0x1b) plen 3 handle 42 slots 5 2012-07-19 13:24:44.059218 > HCI Event: Command Status (0x0f) plen 4 Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 0 2012-07-19 13:24:44.062192 > HCI Event: Command Status (0x0f) plen 4 Unknown (0x00|0x0000) status 0x00 ncmd 1 2012-07-19 13:24:44.067219 > HCI Event: Read Remote Supported Features (0x0b) plen 11 status 0x00 handle 42 Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 2012-07-19 13:24:44.067248 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3 handle 42 page 1 2012-07-19 13:24:44.071217 > HCI Event: Command Status (0x0f) plen 4 Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1 2012-07-19 13:24:44.076218 > HCI Event: Read Remote Extended Features (0x23) plen 13 status 0x00 handle 42 page 1 max 1 Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 2012-07-19 13:24:44.076249 < HCI Command: Remote Name Request (0x01|0x0019) plen 10 bdaddr 00:02:72:D6:6A:3F mode 2 clkoffset 0x0000 2012-07-19 13:24:44.081218 > HCI Event: Command Status (0x0f) plen 4 Remote Name Request (0x01|0x0019) status 0x00 ncmd 1 2012-07-19 13:24:44.105214 > HCI Event: Remote Name Req Complete (0x07) plen 255 status 0x00 bdaddr 00:02:72:D6:6A:3F name 'uw000951-0' 2012-07-19 13:24:44.105284 < HCI Command: Authentication Requested (0x01|0x0011) plen 2 handle 42 2012-07-19 13:24:44.111207 > HCI Event: Command Status (0x0f) plen 4 Authentication Requested (0x01|0x0011) status 0x00 ncmd 1 2012-07-19 13:24:44.112220 > HCI Event: Link Key Request (0x17) plen 6 bdaddr 00:02:72:D6:6A:3F 2012-07-19 13:24:44.112249 < HCI Command: Link Key Request Negative Reply (0x01|0x000c) plen 6 bdaddr 00:02:72:D6:6A:3F 2012-07-19 13:24:44.115215 > HCI Event: Command Complete (0x0e) plen 10 Link Key Request Negative Reply (0x01|0x000c) ncmd 1 status 0x00 bdaddr 00:02:72:D6:6A:3F 2012-07-19 13:24:44.116215 > HCI Event: PIN Code Request (0x16) plen 6 bdaddr 00:02:72:D6:6A:3F 2012-07-19 13:24:48.099184 > HCI Event: Auth Complete (0x06) plen 3 status 0x13 handle 42 Error: Remote User Terminated Connection 2012-07-19 13:24:48.179182 > HCI Event: Disconn Complete (0x05) plen 4 status 0x00 handle 42 reason 0x13 Reason: Remote User Terminated Connection Cc: stable@vger.kernel.org Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
4af66c69 |
|
13-Jul-2012 |
Jaganath Kanakkassery <jaganath.k@samsung.com> |
Bluetooth: Free the l2cap channel list only when refcount is zero Move the l2cap channel list chan->global_l under the refcnt protection and free it based on the refcnt. Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Reviewed-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
30648372 |
|
13-Jul-2012 |
Jaganath Kanakkassery <jaganath.k@samsung.com> |
Bluetooth: Move l2cap_chan_hold/put to l2cap_core.c Refactor the code in order to use the l2cap_chan_destroy() from l2cap_chan_put() under the refcnt protection. Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com> Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Reviewed-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
9e664631 |
|
24-Jul-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Make connect / disconnect cfm functions return void Return values are never used because callers hci_proto_connect_cfm and hci_proto_disconn_cfm return void. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
78eb2f98 |
|
19-Jul-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix processing A2MP chan in security_cfm Do not process A2MP channel in l2cap_security_cfm Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
c20f8e35 |
|
10-Jul-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use tx window from config response for ack timing This change addresses an L2CAP ERTM throughput problem when a remote device does not fully utilize the available transmit window. The L2CAP ERTM transmit window size determines the maximum number of unacked frames that may be outstanding at any time. It is configured separately for each direction of an ERTM connection. Each side sends a configuration request with a tx_win field indicating how many unacked frames it is capable of receiving before sending an ack. The configuration response's tx_win field shows how many frames the transmitter will actually send before waiting for an ack. It's important to trace both the actual transmit window (to check for validity of incoming frames) and the number of frames that the transmitter will send before waiting (to send acks at the appropriate time). Now there are separate tx_win and ack_win values. ack_win is updated based on configuration responses, and is used to determine when acks are sent. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
89d8b407 |
|
10-Jul-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: debug: Add debug to l2cap_security_cfm Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
ad0ac6ca |
|
10-Jul-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: debug: Print CID and PSM in hex format Correct places where CID and PSM were printed as int. For CID: 0x%4.4x is used and for PSM: 0x%2.2x. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
b4400672 |
|
10-Jul-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: debug: Correct types specifiers for L2CAP Avoid unneeded type conversion by correcting type specifiers in debug statements for L2CAP. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
8f321f85 |
|
08-Jun-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix using uninitialized option in RFCMode If remote device sends bogus RFC option with invalid length, undefined options values are used. Fix this by using defaults when remote misbehaves. This also fixes the following warning reported by gcc 4.7.0: net/bluetooth/l2cap_core.c: In function 'l2cap_config_rsp': net/bluetooth/l2cap_core.c:3302:13: warning: 'rfc.max_pdu_size' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.max_pdu_size' was declared here net/bluetooth/l2cap_core.c:3298:25: warning: 'rfc.monitor_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.monitor_timeout' was declared here net/bluetooth/l2cap_core.c:3297:25: warning: 'rfc.retrans_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.retrans_timeout' was declared here net/bluetooth/l2cap_core.c:3295:2: warning: 'rfc.mode' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.mode' was declared here Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d06cc416 |
|
06-Jun-2012 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix deadlock and crash when SMP pairing times out The l2cap_conn_del function tries to cancel_sync the security timer, but when it's called from the timeout function itself a deadlock occurs. Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect multiple calls to l2cap_conn_del never gets cleared and when the connection finally drops we double free's etc which will crash the kernel. This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for protecting against this. The same flag is also used for the same purpose in other places in the SMP code. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
6fcb06a2 |
|
31-May-2012 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Change default MTU for L2CAP ATT channel This patch changes the default MTU value for L2CAP ATT fixed channel to L2CAP_DEFAULT_MTU (672 octets). Differently from others L2CAP channels, in L2CAP ATT fixed channel there is no MTU negotiation. The MTU value for that channel is up to the L2CAP implementation. The only restriction in L2CAP spec is the MTU value must not be less than 23 octets. At ATT protocol level (on top of L2CAP), we have the ATT_MTU which defines the maximum size of any ATT message sent between client and server. GATT profile defines ATT_MTU default value to 23 octets. If a GATT based profile wants to use ATT_MTU greater than 23 octets (e.g. HID over GATT profile), it should negotiate a new value by executing the GATT Exchange MTU sub-procedure. Thus, in order to support any value of ATT_MTU negotiated at ATT protocol level, our L2CAP implementation should have L2CAP ATT fixed channel MTU equal or greater than ATT_MAX_MTU (512 octets). Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f0f62799 |
|
29-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove unused err var from l2cap_segment_sdu() Trivial fix, let the code cleaner. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Reviewed-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
ba7aa64f |
|
29-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Create function to return the ERTM header size Simplify the handling of different ERTM header size. We were the same check in some places of the code, and more is expected to come, so just replace them with a function. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6810fca7 |
|
31-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Make l2cap_att_channel return void l2cap_att_channel always returns 0 which is not used. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
84104b24 |
|
31-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Make l2cap_conless_channel return void l2cap_conless_channel always return 0 which is not used. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
13ca56e0 |
|
31-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Make l2cap_data_channel return void l2cap_data_channel always return 0 which is not used anywhere, make it void function. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
3cabbfda |
|
31-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: A2MP: Do not reference hci_conn Make A2MP channel special channel which do not reference hci_conn. This prevents from keeping ACL connection open when all L2CAP channels got closed. hci_conn_hold and hci_conn_put are not reference counts on the hci_conn structure in the typical way. They are reference counts for the ACL. When you do the last hci_conn_put, the ACL is disconnected after a timeout. Reported-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fd83e2c2 |
|
30-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Do not check func ready existence Functions will be always defined and in case not implemented as dummy __no_func. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
97e8e89d |
|
29-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: A2MP: Manage incoming connections Handle incoming A2MP connection by creating AMP manager and processing A2MP messages. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
416fa752 |
|
29-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: A2MP: Handling fixed channels A2MP fixed channel do not have sk Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
466f8004 |
|
29-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: A2MP: Create A2MP channel Create and initialize fixed A2MP channel Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
0181a70f |
|
29-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Use defined PSMLEN instead of magic Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2dfa1003 |
|
27-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: check for already existent channel before create new one Move this check to before the channel time creation simplifies the code and avoid memory allocation if the channel already exist. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
53826692 |
|
27-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Move check for backlog size to l2cap_sock.c Remove socket specific code from l2cap_core.c Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0797e01d |
|
27-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Use chan->state instead of sk->sk_state These vars are kept in sync so we can use chan->state here. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
54a59aa2 |
|
27-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add l2cap_chan->ops->ready() This move socket specific code to l2cap_sock.c. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
c0df7f6e |
|
27-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Move clean up code and set of SOCK_ZAPPED to l2cap_sock.c This remove a bit more of socket code from l2cap core, this calls set the SOCK_ZAPPED and do some clean up depending on the socket state. Reported-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
80b98027 |
|
27-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Use chan as parameters for l2cap chan ops Use chan instead of void * makes more sense here. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
6754e0df |
|
25-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Use l2cap_chan_ready() in LE path This replace code in l2cap_le_conn_ready() by a similar code in l2cap_chan_ready(). Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
2f84a2e6 |
|
25-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove extra l2cap_state_change(BT_CONNECTED) This is already performed inside l2cap_chan_ready(), so we don't need it here again. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
35d401df |
|
25-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Get a more accurate L2CAP PDU len Both FCS and Extended header might be or might not be present in a ERTM channel. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Reviewed-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
ac73498c |
|
24-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use __constant when dealing with constants __constant_cpu_to_le16() is the right go here. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2983fd68 |
|
24-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Define and use PSM identifiers Define assigned Protocol and Service Multiplexor (PSM) identifiers and use them instead of magic numbers. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2d369359 |
|
23-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Send a configuration request after security confirmation Sometimes an ACL link must be raised to a higher security level after an L2CAP connection is requested, but before a connection response is sent. In this case, a connection response sent by L2CAP was not immediately followed by a configuration request. Other code paths do send this configuration request right away. It was possible for the connection to stall while L2CAP waited for the remote device (like PTS) to trigger the configuration process. Here is an abbreviated hcidump of the failure case with PTS: 1337806446.051982 > ACL data: handle 43 flags 0x02 dlen 10 L2CAP(s): Info req: type 2 1337806446.052050 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x000000b8 1337806446.595320 > ACL data: handle 43 flags 0x02 dlen 12 L2CAP(s): Connect req: psm 4097 scid 0x0041 1337806446.595673 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 1 status 0 1337806446.595679 < ACL data: handle 43 flags 0x00 dlen 10 L2CAP(s): Info req: type 2 1337806446.669835 > ACL data: handle 43 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x00000028 1337806446.669899 < HCI Command: Authentication Requested (0x01|0x0011) plen 2 1337806446.669906 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 1 status 1 <security setup here> 1337806446.769888 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 0 status 0 At this point, the connection stalls and no further messages are sent on the L2CAP signaling channel. No data is received either. If we immediately send a configuration request after a successful connect response, the connection completes: 1337724090.041162 > ACL data: handle 43 flags 0x02 dlen 10 L2CAP(s): Info req: type 2 1337724090.041236 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x000000b8 1337724090.597128 > ACL data: handle 43 flags 0x02 dlen 12 L2CAP(s): Connect req: psm 4097 scid 0x0041 1337724090.597236 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 1 status 0 1337724090.597244 < ACL data: handle 43 flags 0x00 dlen 10 L2CAP(s): Info req: type 2 1337724090.660842 > ACL data: handle 43 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x00000028 1337724090.660926 < HCI Command: Authentication Requested (0x01|0x0011) plen 2 1337724090.660934 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 1 status 1 <security setup here> 1337724090.755162 < ACL data: handle 43 flags 0x00 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0041 result 0 status 0 1337724090.755171 < ACL data: handle 43 flags 0x00 dlen 23 L2CAP(s): Config req: dcid 0x0041 flags 0x00 clen 11 1337724091.361847 > ACL data: handle 43 flags 0x02 dlen 29 L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 15 1337724091.863808 > ACL data: handle 43 flags 0x02 dlen 23 L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 11 1337724091.863882 < ACL data: handle 43 flags 0x00 dlen 29 L2CAP(s): Config rsp: scid 0x0041 flags 0x00 result 0 clen 15 1337724092.683745 > ACL data: handle 43 flags 0x02 dlen 12 L2CAP(d): cid 0x0040 len 8 [psm 4097] 0000: 00 00 11 22 33 44 34 2f ..."3D4/ Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
59e54bd1 |
|
23-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Define L2CAP conf continuation flag Define Continuation flag which the only flag used from Flags field in L2CAP Configuration Request and Response. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
8c520a59 |
|
23-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove unnecessary headers include Most of the include were unnecessary or already included by some other header. Replace module.h by export.h where possible. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
5325e5bb |
|
23-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Preserve L2CAP flags values Previous callers of l2cap_build_conf_rsp in l2cap_config_req use flags instead of continuation flag hardcoded value. It does not change logic and preserve future possible flags. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d660366d |
|
21-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove dead int returns These functions were returning always 0, we just make then void. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Reviewed-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
be4aad05 |
|
21-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Remove double check for BT_CONNECTED The same check is done just before call l2cap_streaming_send() Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Reviewed-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
401bb1f7 |
|
21-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Silent sparse warnings Silence warnings below: net/bluetooth/l2cap_core.c:1662:24: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:1662:27: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:1683:24: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:1683:27: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:2260:46: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:2574:33: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:2581:33: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:4556:24: warning: Using plain integer as NULL pointer net/bluetooth/l2cap_core.c:4556:27: warning: Using plain integer as NULL pointer Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
ee556f66 |
|
18-May-2012 |
Gustavo Padovan <gustavo.padovan@collabora.co.uk> |
Bluetooth: Do not purge queue in Basic Mode chan->tx_q is only initialized if we use ERTM or Streaming mode. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
d1de6d46 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Enable ERTM by default This enables the new receive and transmit state machines. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
273759e2 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Set txwin values for streaming mode The transmit window values must be configured for streaming mode, even though streaming mode does not have a window. This enables use of extended headers when the transmit window socket option is set to 64 or larger. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
6ea00485 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove unneccesary inline Let the compiler decide if inlining is appropriate. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
0362520b |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Simplify the ERTM ack timeout Since l2cap_send_ack can trigger extra actions like sending iframes, don't call it. Just send an RR or RNR frame if an ack needs sending. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
80909e04 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use the ERTM transmit state machine from timeout handlers Different states have different actions for retransmit and monitor timeouts, so remove the logic for those actions from the timer handlers. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
4239d16f |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Check rules when setting retransmit or monitor timers The ERTM specification requires the retransmit timer to be cancelled when the monitor timer is set. The retransmit timer cannot be set again while the monitor timer is pending. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
c9e3d5e0 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use new header structures in l2cap_send_rr_or_rnr struct l2cap_ctrl is now used, and the sframe is now sent directly rather than depending on a separate call. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
fcd289df |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Handle incoming REJ frames REJ frames are sent by the remote device to request that all frames after a given sequence number be retransmitted. These are also an implicit indication that the remote device is not in a busy state and can receive new iframes. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f80842a8 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Handle SREJ requests to resend unacked frames When a remote device sends an SREJ, retransmit the frame with the corresponding sequence number (subject to special cases with poll and final flags). An SREJ is also an implicit indication the the remote device is not in a busy state. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
63838725 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Reassemble all available data when retransmissions succeed. As retransmitted packets arrive, attempt to reassemble SDUs. If all requested retransmissions have been received, acknowledge them and transition back to the RECV state. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
bed68bde |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Send SREJ frames when packets go missing The ERTM specification lays out three scenarios for sending SREJ frames to request retransmission of specific frames. l2cap_send_srej requests all frames up to a given txseq that are not already queued for reassembly. l2cap_send_srej_tail only requests the most recent missing frame. l2cap_send_srej_list resends SREJ frames for data that was requested for resend but never received. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
e1fbd4c1 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add implementation for retransmitting all unacked frames This adds l2cap_ertm_resend to retransmit frames based on the sequence numbers in chan->retrans_list. If the retransmit limit is reached for any individual frame is reached, the connection is dropped. skbs that are cloned already are copied to avoid modifying shared data (this is uncommon). To retransmit all frames, l2cap_retransmit_all now builds a list of all unacked sequence numbers and then calls l2cap_ertm_resend. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
d2a7ac5d |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add the ERTM receive state machine This adds a top-level state machine with handlers for two receive states defined in the ERTM spec, RECV and SREJ_SENT. The reqseq value of the incoming frame is also validated at the top level and a disconnection is forced if it is invalid. The actions for the RECV and SREJ_SENT states are implemented according to the state tables in the ERTM specification. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
e31f7633 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Update l2cap_send_i_or_rr_or_rnr to fit the spec better This action now exactly matches what is defined in the ERTM specification, including clearing the remote busy flag and setting the retransmit timer rather than retransmitting frames directly. The spec does not retransmit frames as part of this action, since retransmission is only triggered by REJ, SREJ, or an RR with the final bit set. struct l2cap_ctrl is also used to set up header values. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
61aa4f5b |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use the transmit state machine for busy state changes This lets the transmit state machine handle local busy state changes, since different actions are taken in the different transmit states. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
0a0aba42 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Refactor l2cap_send_ack The function now encapsulates more of the logic to either immediately send an ack if the transmit window is over 75% full, or wait for the ack timer to expire if the transmit window is not full enough. It is also able to push out waiting iframes that can carry an acknowledgement. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
f5dbb077 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove receive code that has been superceded This deletes the receive code that had handlers for each frame type at the top level, and then had logic to determine the receive state within each handler. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
4b51dae9 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add streaming mode receive and incoming packet classifier Streaming mode reception is fairly simple, with in-sequence frames being reassembled as they arrive. Out-of-sequence frames are dropped, and also clear any partially-assembled SDUs that may exist. The packet classifier determines if the txseq value of the incoming packet is expected, invalid (resulting in a disconnection), invalid (ignorable), duplicate, or having to do with an SREJ request that was previously sent. The rules for each classification are defined in the ERTM specification, and consolidating these rules in one place helps clarify the receive state machine. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
cec8ab6e |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Consolidate common receive code for ERTM and streaming mode Creates a new l2cap_data_rcv function that combines previous code from l2cap_ertm_data_rcv and l2cap_data_channel. This reduces duplicate code for streaming mode, and sets up a framework for the ERTM receive state machine. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
a67d7f6f |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Refactor l2cap_send_sframe The new implementation uses struct l2cap_ctrl to set up the sframe fields, and also reduces duplicate acks by canceling the ack timer whenever an RR or RNR frame is sent. sframe PDU generation is also split in to a separate function to separate it from the logic related to the connection state and sframe type. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
18a48e76 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Refactor l2cap_ertm_send The new implementation is aware of the new transmit state machine, and uses struct l2cap_ctrl to compose ERTM headers. It also has improved error handling for allocation failures, and does not send the packet until after all skb and channel data structures are updated. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
3733937d |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Refactor l2cap_streaming_send This new implementation uses struct l2cap_ctrl to compose the streaming mode headers. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
608bcc6d |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add a new L2CAP ERTM transmit state machine. This implements a top-level transmit state machine with handlers for the two ERTM states defined in the specification: XMIT and WAIT_F. The state machine accepts an event and, optionally, a list of skbs to transmit. In addition to data transmission, the local busy state can be modified, acks are processed, and monitor and retransmit timeouts are handled. This mirrors the structure of the state tables in the spec. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
b191e031 |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Change default state of ERTM disable flag This is to allow for ERTM state machine replacement in the patches that follow. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
|
#
2827011f |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Fix early return from l2cap_chan_del This fixes a regression from commit 2ead70b8390d199ca04cd35311b51f5f3676079e that is present in all kernels starting at v3.0. When L2CAP information was moved to struct l2cap_chan, a check was added to l2cap_chan_del to avoid certain cleanup operations when ERTM or streaming mode had not yet been initialized. The logic in the check did not take in to account that chan->conf_state is set to 0 in l2cap_chan_ready, so l2cap_chan_del failed to cancel timers and leaked memory any time the ERTM queues or lists were not empty. This change makes sure that l2cap_chan_del only returns early if ERTM initialization was not performed. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9dc9affc |
|
17-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Free allocated ERTM SREJ list if init fails If the ERTM SREJ list is properly allocated but the retransmit list allocation fails, the SREJ list must be freed before returning from l2cap_ertm_init. l2cap_chan_del will not clean up the SREJ list if l2cap_ertm_init returns a failure code. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
c5daa683 |
|
15-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Create flags for bt_sk() defer_setup and suspended are now flags into bt_sk(). Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
ef191ade |
|
02-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Restore locking semantics when looking up L2CAP channels As the comment for l2cap_get_chan_by_scid indicated, the function used to return a locked socket. The lock for the socket was acquired while the channel list was also locked. When locking was moved over to the l2cap_chan structure, the channel lock was no longer acquired with the channel list still locked. This made it possible for the l2cap_chan to be deleted after conn->chan_lock was released but before l2cap_chan_lock was called. Making the call to l2cap_chan_lock before releasing conn->chan_lock makes it impossible for the l2cap_chan to be deleted at the wrong time. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
35c84d76 |
|
02-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Fix a redundant and problematic incoming MTU check The L2CAP MTU for incoming data is verified differently depending on the L2CAP mode, so the check is best performed in a mode-specific context. Checking the incoming MTU before HCI fragment reassembly is a layer violation and assumes all bytes after the standard L2CAP header are L2CAP data. This approach causes issues with unsegmented ERTM or streaming mode frames, where there are additional enhanced or extended headers before the data payload and possible FCS bytes after the data payload. A valid frame could be as many as 10 bytes larger than the MTU. Removing this code is the best fix, because the MTU is checked later on for all L2CAP data frames (connectionless, basic, ERTM, and streaming). This also gets rid of outdated locking (socket instead of l2cap_chan) and an extra lookup of the channel ID. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
f522ae36 |
|
09-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: improve readability of l2cap_seq_list code Removes one indentation level. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
2d0ed3d5 |
|
11-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Fix skb length calculation When we add a fragment to a skb, len and data_len fields need to be updated. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
fbe00700 |
|
15-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Fix wrong set of skb fragments If alloc() fails we let the frags linked list with garbage value (the err ptr value) in its last element. Reported-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
d34c34fb |
|
14-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Initialize the transmit queue for L2CAP streaming mode Commit 105bdf9ec19e729bacdb33861c74fcf3eb39eb37 introduced a regression in L2CAP streaming mode due to rearranged initialization code that is shared between ERTM and streaming mode. This change makes sure the transmit queue is initialized in both modes. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
577cfaeb |
|
14-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Update tx_send_head when sending ERTM data Commit 94122bbe9c8c4ad7ba9f02f9a30bfc95672c404e introduced a problem where tx_send_head was not set to point to the first skb in the ERTM transmit queue, which stalled data transmission. This change sets that pointer when transmission is not already in progress. Reported-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
a7d7723a |
|
13-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: notify userspace of security level change It fixes L2CAP socket based security level elevation during a connection. The HID profile needs this (for keyboards) and it is the only way to achieve the security level elevation when using the management interface to talk to the kernel (hence the management enabling patch being the one that exposes this issue). It enables the userspace a security level change when the socket is already connected and create a way to notify the socket the result of the request. At the moment of the request the socket is made non writable, if the request fails the connections closes, otherwise the socket is made writable again, POLL_OUT is emmited. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
94122bbe |
|
02-May-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Refactor L2CAP ERTM and streaming transmit segmentation Use more common code for ERTM and streaming mode segmentation and transmission, and begin using skb control block data for delaying extended or enhanced header generation until just before the packet is transmitted. This code is also better suited for resegmentation, which is needed when L2CAP links are reconfigured after an AMP channel move. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
daf6a78c |
|
03-May-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Remove unneeded calculation and magic number Remove magic number unneeded calculation since hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
f2ba7fae |
|
03-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Remove hlen variable hlen has a fixed size of L2CAP_HDR_SIZE, use this instead. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6ff9b5ef |
|
02-May-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Remove unneeded elements from size calculation hlen - L2CAP_HDR_SIZE = 0, so we don't need to add them in the calculation. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
422e925b |
|
27-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add Code Aurora Forum copyright Adding Code Aurora Forum copyright information due to significant additions of code. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
61d6ef3e |
|
27-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Make better use of l2cap_chan reference counting L2CAP sockets contain a pointer to l2cap_chan that needs to be reference counted in order to prevent a possible dangling pointer when the channel is freed. There were a few other cases where an l2cap_chan pointer on the stack was dereferenced after a call to l2cap_chan_del. Those pointers are also now reference counted. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
dbd89fdd |
|
27-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove unused function l2cap_get_chan_by_ident was not used, but didn't generate a compiler warning because it was an inline function. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
105bdf9e |
|
27-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Initialize new l2cap_chan structure members Structure members used by ERTM or streaming mode need to be initialized when an ERTM or streaming mode link is configured. Some duplicate code is also eliminated by moving in to the ERTM init function. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
b5c6aaed |
|
25-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Move recently-added ERTM header packing functions Moving these functions simplifies future patches by eliminating forward declarations, makes future patches easier to review, and better preserves 'git blame' information. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
3ce3514f |
|
25-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove duplicate structure members from bt_skb_cb These values are now in the nested l2cap_ctrl struct. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
8e9f9892 |
|
24-Apr-2012 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Use address type info from user-space In order to establish a LE connection we need the address type information. User-space already pass this information to kernel through struct sockaddr_l2. This patch adds the dst_type parameter to l2cap_chan_connect so we are able to pass the address type info from user-space down to hci_conn layer. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b12f62cf |
|
24-Apr-2012 |
Andre Guedes <andre.guedes@openbossa.org> |
Bluetooth: Add dst_type parameter to hci_connect This patch adds the dst_type parameter to hci_connect function. Instead of searching the address type in advertising cache, we use the dst_type parameter to establish LE connections. The dst_type is ignored for BR/EDR connection establishment. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
9f0caeb1 |
|
20-Apr-2012 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add support for reusing the same hci_conn for LE links As most LE devices leave advertising mode when they enter the connected state, we may want to "pass" that connection to other users. The first user will be the pairing procedure, the connection is established without an associated socket, after the pairing is complete, userspace may want to discover via GATT what services the newly bonded device has. If userspace establishes the connection while the timeout still hasn't expired, the connection will be re-used. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Tested-by: João Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
c2287681 |
|
20-Apr-2012 |
Ido Yariv <ido@wizery.com> |
Bluetooth: Search global l2cap channels by src/dst addresses The cid or psm and the source address might not be enough to uniquely identify a global channel, especially when the source address is our own. For instance, when trying to communicate with two LE devices in master mode, data received from the both devices is sent to the same socket. Fix this by taking the destination address into account when choosing the socket. Signed-off-by: Ido Yariv <ido@wizery.com> Signed-off-by: Arik Nemtsov <arik@wizery.com> Tested-by: João Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
35d4adcc |
|
18-Apr-2012 |
Hemant Gupta <hemant.gupta@stericsson.com> |
Bluetooth: Don't distribute keys in case of Encryption Failure SMP Keys should only be distributeed when encryption is successful. Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
b76bbd66 |
|
11-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Functions for handling ERTM control fields These functions encode or decode ERTM control fields (extended or enhanced) to or from the new l2cap_ctrl structure. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
3c588192 |
|
11-Apr-2012 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add the l2cap_seq_list structure for tracking frames A sequence list is a data structure used to track frames that need to be retransmitted, and frames that have been requested for retransmission by the remote device. It can compactly represent a list of sequence numbers within the ERTM transmit window. Memory for the list is allocated once at connection time, and common operations in ERTM are O(1). Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
#
90338947 |
|
06-Apr-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Remove err parameter from alloc_skb() Use ERR_PTR maginc instead. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
bd4b1653 |
|
28-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Adds set_default function in L2CAP setup Some parameters in L2CAP chan are set to default similar way in socket based channels and A2MP channels. Adds common function which sets all defaults. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
eef1d9b6 |
|
25-Mar-2012 |
Gustavo Padovan <gustavo@padovan.org> |
Bluetooth: Remove sk parameter from l2cap_chan_create() Following the separation if core and sock code this change avoid manipulation of sk inside l2cap_chan_create(). Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
14a28491 |
|
23-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Make L2CAP chan_add functions static Remove sparse warnings below: ... net/bluetooth/l2cap_core.c:302:6: warning: symbol '__l2cap_chan_add' was not declared. Should it be static? net/bluetooth/l2cap_core.c:351:6: warning: symbol 'l2cap_chan_add' was not declared. Should it be static? ... Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
bcd11ff7 |
|
21-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Remove unneeded timer clear set_chan_timer clears timer itself Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
4fd21a88 |
|
11-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Fix endian conversion mode In L2CAP we use le16 format so change direction of conversion from le16_to_cpu to cpu_to_le16. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
8ce0c498 |
|
11-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Convert error codes to le16 Create Chan Rsp shall put result and status in le format. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
d9b88702 |
|
11-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Correct CID endian notation L2CAP channel id is used in host format in internal L2CAP code. Fix sparse warnings about wrong endian conversion. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
61386cba |
|
11-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Correct length calc in L2CAP conf rsp cmd->len is in le format so convert it to host format before use. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
097db76c |
|
09-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Correct chan->psm endian conversions chan->psm is kept in __le16 format which was not always taken into account. Fix several bugs related to extra conversion. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9ffc93f2 |
|
28-Mar-2012 |
David Howells <dhowells@redhat.com> |
Remove all #inclusions of asm/system.h Remove all #inclusions of asm/system.h preparatory to splitting and killing it. Performed with the following command: perl -p -i -e 's!^#\s*include\s*<asm/system[.]h>.*\n!!' `grep -Irl '^#\s*include\s*<asm/system[.]h>' *` Signed-off-by: David Howells <dhowells@redhat.com>
|
#
8d7e1c7f |
|
23-Mar-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix memory leaks due to chan refcnt When we queue delayed work we hold(chan) and delayed work shall put(chan) after execution. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
|
#
04124681 |
|
07-Mar-2012 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: fix conding style issues all over the tree Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ba13ccd9 |
|
01-Mar-2012 |
Marcel Holtmann <marcel@holtmann.org> |
Bluetooth: Update L2CAP timeout constants to use msecs_to_jiffies The L2CAP timeout constants are always used in form of jiffies. So just include the conversion from msecs in the define itself. This has the advantage of making the code where the timeout is used more readable. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
978c93b9 |
|
29-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Save remote L2CAP fixed channel mask Fixed channel mask needs to be stored to decide whether to use A2MP for example. So far save only one relevant byte which keeps all information we need. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
3379013b |
|
27-Feb-2012 |
Dan Carpenter <dan.carpenter@oracle.com> |
Bluetooth: use kfree_skb() instead of kfree() sk_buffs should be freed using kfree_skb(). Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
9b27f350 |
|
24-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Remove duplicated code in l2cap conn req The same sequence sending L2CAP Connection Request was used in several places. Using subroutine makes those places easy to read. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
5b4cedaa |
|
24-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Fix double locking in LE and conless chan Remove socket lock since chan->ops->recv locks socket itself. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6be36555 |
|
22-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Change sk lock to chan lock in L2CAP core Change sk lock to chan lock in l2cap core and move sk locks to l2cap sock code. bh_locks were used because of being RCU critical section. When needed use explicit socket locks. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
643162a8 |
|
22-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add unlocked __l2cap_chan_add function Add unlocked L2CAP channel add function. Unlocked version will be used in later patches. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
2e0052e4 |
|
20-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add socket error function Use locked and unlocked versions to help removing socket locks from l2cap core functions. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
0e587be7 |
|
20-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add locked and unlocked state_change Split to locked and unlocked versions of l2cap_state_change helping to remove socket locks from l2cap code. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
c03b355e |
|
20-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add l2cap_chan_lock Channel lock will be used to lock L2CAP channels which are locked currently by socket locks. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
3df91ea2 |
|
20-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Revert to mutexes from RCU list Usage of RCU list looks not reasonalbe for a number of reasons: our code sleep and we had to use socket spinlocks. Most parts of code are updaters thus there is little sense to use RCU. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
1b009c98 |
|
20-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: Fix long line Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
42d2d87c |
|
17-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Prefix hex numbers with object name Several hex numbers were printed without object name which complicates debugging. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
e05dcc32 |
|
17-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use symbolic names for state in debug Use state_to_string function in debug statements. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
20d1803a |
|
17-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Move scope of state_to_string Function state_to_string will be used in other files in debug statements. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
24d2b8c0 |
|
30-Jan-2012 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Fix possible use after free in delete path We need to use the _sync() version for cancelling the info and security timer in the L2CAP connection delete path. Otherwise the delayed work handler might run after the connection object is freed. Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6de32750 |
|
30-Jan-2012 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Remove usage of __cancel_delayed_work() __cancel_delayed_work() is being used in some paths where we cannot sleep waiting for the delayed work to finish. However, that function might return while the timer is running and the work will be queued again. Replace the calls with safer cancel_delayed_work() version which spins until the timer handler finishes on other CPUs and cancels the delayed work. Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6e1da683 |
|
03-Jan-2012 |
Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> |
Bluetooth: l2cap_set_timer needs jiffies as timeout value After moving L2CAP timers to workqueues l2cap_set_timer expects timeout value to be specified in jiffies but constants defined in miliseconds are used. This makes timeouts unreliable when CONFIG_HZ is not set to 1000. __set_chan_timer macro still uses jiffies as input to avoid multiple conversions from/to jiffies for sk_sndtimeo value which is already specified in jiffies. Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Ackec-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
4aa832c2 |
|
08-Jan-2012 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect As reported by Dan Carpenter this function causes a Sparse warning and shouldn't be declared inline: include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a definition" Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org>
|
#
930fa4ae |
|
07-Feb-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix double acking I-Frames when sending pending I-Frames Pending I-Frame(s) are considered as acknowledgement. To void double acking (via I-Frame and later via RR) clear ack timer when sending first pending I-Frame. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
8ed7a0ae |
|
07-Feb-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix possible missing I-Frame acknowledgement Make l2cap_ertm_send return number of pending I-Frames transmitted instead of all (pending + retransmitted) I-Frames transmitted. As only pending I-Frames are considered as acknowledgement, this could lead to situation when no ACK was sent in __l2cap_send_ack (if only already transmitted I-Frames were retransmitted). Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
6d5922b0 |
|
06-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Remove unneeded sk variable In debug use chan %p instead of sk. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
5491120e |
|
06-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Clean up l2cap_chan_add Change elseif to switch. This make sense even more with following patches which otherwise have to add more elseifs statements. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
cf4cd009 |
|
06-Feb-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Change chan_ready param from sk to chan Change is needed to remove dependency on sk when possible before introducing l2cap channel lock. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
127074bf |
|
30-Jan-2012 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Fix possible use after free in delete path We need to use the _sync() version for cancelling the info and security timer in the L2CAP connection delete path. Otherwise the delayed work handler might run after the connection object is freed. Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
17cd3f37 |
|
30-Jan-2012 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Remove usage of __cancel_delayed_work() __cancel_delayed_work() is being used in some paths where we cannot sleep waiting for the delayed work to finish. However, that function might return while the timer is running and the work will be queued again. Replace the calls with safer cancel_delayed_work() version which spins until the timer handler finishes on other CPUs and cancels the delayed work. Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
cad8f1d0 |
|
23-Jan-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Make l2cap_ertm_data_rcv static It is not used outside of l2cap_core.c. Also l2cap_ertm_data_rcv is only used after it is defined so there is no need for forward declaration. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
2f7719ce |
|
20-Jan-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Add alloc_skb chan operator Add channel-specific skb allocation method Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
61e1b4b7 |
|
19-Jan-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: trivial: space correction Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
51a8efd7 |
|
15-Jan-2012 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Rename conn->pend to conn->flags These flags can and will be used for more general purpose values than just pending state transitions so the more common name "flags" makes more sense than "pend". Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org>
|
#
0952a57a |
|
13-Jan-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Change sk to l2cap_chan Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
5ef8cb9e |
|
13-Jan-2012 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Use chan instead of sk Remove unneeded conversion from sk to chan. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
09bfb2ee |
|
11-Jan-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Drop L2CAP chan reference if ERTM ack_timer fired Reference counter was incremented when starting ack timer but decremented only when clearing timer, not when timer fired. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
77f918bc |
|
11-Jan-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Don't send RNR immediately when entering local busy There is no need to send RNR immediately when entring local busy. Also upper layer might clear local busy condition before ack timer expires saving few cycles for sending RNR. This also prevents sending two RNRs in some cases where sending one would be enough i.e received N I-frame can trigger local busy (sending RNR acking up to N-1 I-frame) and later sending ack (RNR acking up to N I-frame). This was affecting TC_ERM_BV_07_C and TC_ERM_BV_22_C with some non default channel parameters (tx window and receiving buffer sizes). Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
b17e73bb |
|
11-Jan-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Clear ack_timer when sending ack ack_timer should be cleared when sending ACK to avoid acking I-frames twice. This commit introduces helper function (only send ack, not clearing timer) which is used by l2cap_send_ack and l2cap_ack_timeout. This is to avoid clearing ack timer in timer function. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
0ef3ef0f |
|
11-Jan-2012 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Set P-bit for SREJ frame only if there are I-frames to ack SREJ frame with P-bit set acknowledges I-frames numbered up to (ReqSeq - 1). With this patch P-bit in SREJ is set only when there are some I-frames to ack. This fixes ambiguous situation when lost of I-frame with TxSeq=0 would result in sending SREJ acking all previous I-frames. Consider following scenario: TxWindow=3 HostA: sent I-frame TxSeq=0 HostA: sent I-frame TxSeq=1 HostA: sent I-frame TxSeq=2 HostB: missed I-frame TxSeq=0 HostB: received I-frame TxSeq=1 HostB: sent SREJ ReqSeq=0 Pbit=1 HostA: received SREJ ReqSeq=0 Pbit=1 <- All I-frames acked or not? ... Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
cbe8fed4 |
|
08-Jan-2012 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect As reported by Dan Carpenter this function causes a Sparse warning and shouldn't be declared inline: include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a definition" Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org>
|
#
b83ddfe2 |
|
03-Jan-2012 |
Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> |
Bluetooth: l2cap_set_timer needs jiffies as timeout value After moving L2CAP timers to workqueues l2cap_set_timer expects timeout value to be specified in jiffies but constants defined in miliseconds are used. This makes timeouts unreliable when CONFIG_HZ is not set to 1000. __set_chan_timer macro still uses jiffies as input to avoid multiple conversions from/to jiffies for sk_sndtimeo value which is already specified in jiffies. Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Ackec-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
#
333055f2 |
|
22-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Don't use *_bh locks anymore Those locks are not shared between interrupt and process context anymore, so remove the part that disable interrupts. We are still safe because preemption is disabled. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9219b2a0 |
|
02-Jan-2012 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix bacpy in l2cap_core.c It should be the dst in the copy not src. 03a001948 introduced this bug. Reported-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2fb9b3d4 |
|
22-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: add debug output to l2cap_ack_timeout() Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
371fd835 |
|
21-Dec-2011 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Fix deadlocks with sock lock and L2CAP timers locks When cancelling a delayed work (timer) in L2CAP we can not sleep holding the sock mutex otherwise we might deadlock with an L2CAP timer handler. This is possible because RX/TX and L2CAP timers run in different workqueues. The scenario below illustrates the problem. Thus we are now avoiding to sleep on the timers locks. ====================================================== [ INFO: possible circular locking dependency detected ] 3.1.0-05270-ga978dc7-dirty #239 ------------------------------------------------------- kworker/1:1/873 is trying to acquire lock: (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}, at: [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] but task is already holding lock: ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 ((&(&chan->chan_timer)->work)){+.+...}: [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffff81052a6f>] wait_on_work+0x4f/0x160 [<ffffffff81052ca3>] __cancel_work_timer+0x73/0x80 [<ffffffff81052cbd>] cancel_delayed_work_sync+0xd/0x10 [<ffffffffa002f2ed>] l2cap_chan_connect+0x22d/0x470 [bluetooth] [<ffffffffa002fb51>] l2cap_sock_connect+0xb1/0x140 [bluetooth] [<ffffffff8130811b>] kernel_connect+0xb/0x10 [<ffffffffa00cf98a>] rfcomm_session_create+0x12a/0x1c0 [rfcomm] [<ffffffffa00cfbe7>] __rfcomm_dlc_open+0x1c7/0x240 [rfcomm] [<ffffffffa00d07c2>] rfcomm_dlc_open+0x42/0x70 [rfcomm] [<ffffffffa00d3b03>] rfcomm_sock_connect+0x103/0x150 [rfcomm] [<ffffffff8130bd7e>] sys_connect+0xae/0xc0 [<ffffffff813368d2>] compat_sys_socketcall+0xb2/0x220 [<ffffffff813b2089>] sysenter_dispatch+0x7/0x30 -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}: [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0 [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0 [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051ae4>] process_one_work+0x184/0x450 [<ffffffff8105276e>] worker_thread+0x15e/0x340 [<ffffffff81057bb6>] kthread+0x96/0xa0 [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&(&chan->chan_timer)->work)); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock((&(&chan->chan_timer)->work)); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); *** DEADLOCK *** 2 locks held by kworker/1:1/873: #0: (events){.+.+.+}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 #1: ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450 stack backtrace: Pid: 873, comm: kworker/1:1 Not tainted 3.1.0-05270-ga978dc7-dirty #239 Call Trace: [<ffffffff813a0f6e>] print_circular_bug+0xd2/0xe3 [<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0 [<ffffffff8106b276>] check_prevs_add+0xf6/0x170 [<ffffffff8106b903>] validate_chain+0x613/0x790 [<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0 [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0 [<ffffffff8106ea30>] ? lock_release_nested+0x100/0x110 [<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0 [<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0 [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0 [<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051a86>] ? process_one_work+0x126/0x450 [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth] [<ffffffff81051ae4>] process_one_work+0x184/0x450 [<ffffffff81051a86>] ? process_one_work+0x126/0x450 [<ffffffffa002ce70>] ? l2cap_security_cfm+0x4e0/0x4e0 [bluetooth] [<ffffffff8105276e>] worker_thread+0x15e/0x340 [<ffffffff81052610>] ? manage_workers+0x110/0x110 [<ffffffff81057bb6>] kthread+0x96/0xa0 [<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10 [<ffffffff813af69d>] ? retint_restore_args+0xe/0xe [<ffffffff81057b20>] ? __init_kthread_worker+0x70/0x70 [<ffffffff813b1ef0>] ? gs_change+0xb/0xb Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
686ebf28 |
|
21-Dec-2011 |
Ulisses Furquim <ulisses@profusion.mobi> |
Bluetooth: Make HCI call directly into SCO and L2CAP event functions The struct hci_proto and all related register/unregister and dispatching code was removed. HCI core code now call directly the SCO and L2CAP event functions. Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
030013d8 |
|
20-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Rename info_work to info_timer It makes more sense this way, since info_timer is a timer using delayed work API. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6c9d42a1 |
|
20-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: convert security timer to delayed_work This one also needs to run in process context Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c2ec9c1b |
|
20-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move l2cap_{set,clear}_timer to l2cap.h It is the only place where it is used. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
eb939922 |
|
19-Dec-2011 |
Rusty Russell <rusty@rustcorp.com.au> |
module_param: make bool parameters really bool (net & drivers/net) module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. (Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false). Cc: "David S. Miller" <davem@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
36e999a8 |
|
08-Dec-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Prevent uninitialized data access in L2CAP configuration When configuring an ERTM or streaming mode connection, remote devices are expected to send an RFC option in a successful config response. A misbehaving remote device might not send an RFC option, and the L2CAP code should not access uninitialized data in this case. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
590051de |
|
18-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add ProFUSION's copyright Add ProFUSION's copyright to some files I've been touching recently. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
3d57dc68 |
|
17-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Change l2cap chan_list to use RCU This list has much more reads than writes, so RCU makes senses here, also it avoid deadlock against the socket lock. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
03a00194 |
|
08-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: invert locking order in connect path This move some checking code that was in l2cap_sock_connect() to l2cap_chan_connect(). Thus we can invert the lock calls, i.e., call lock_sock() before hci_dev_lock() to avoid a deadlock scenario. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f878fcad |
|
14-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: convert info timer to delayed_work Another step of remove interrupt context from Bluetooth Core. Use the system workqueue. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d01b2ff4 |
|
08-Dec-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: convert chan_lock to mutex spin lock doesn't fit ok anymore on the new code based on workqueues. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
eb403a1b |
|
23-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove sk_backlog usage from L2CAP We run everything in the same lock now. The backlog queue is useless now Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
aa2ac881 |
|
23-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Don't use spin_lock socket lock anymore We now run everything in process context, so the mutex lock is the best option. But in some places we still need the bh_lock_sock() Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
721c4181 |
|
23-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move L2CAP timers to workqueue L2CAP timers also need to run in process context. As the works in l2cap are small we are using the system worqueue. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
09fd0de5 |
|
17-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Replace spin_lock by mutex in hci_dev Now we run everything in HCI in process context, so it's a better idea use mutex instead spin_lock. The macro remains hci_dev_lock() (and I got rid of hci_dev_lock_bh()), of course. Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
badaaa00 |
|
23-Nov-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add user readable debug for state changes I did this as a part of a testing course at university, but it might be useful upstream as well. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
7784d78f |
|
18-Nov-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: making enable_hs independent from L2CAP Fixes bluetooth compiling when CONFIG_BT_L2CAP is not enabled net/built-in.o: In function `hci_dev_open': (.text+0xdce9a): undefined reference to `enable_hs' Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
1ec918ce |
|
16-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix some checkpatch.pl errors and warnings Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
250938cb |
|
16-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Simplify __l2cap_global_chan_by_addr Make __l2cap_global_chan_by_addr similar to other find functions. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d1726b6d |
|
16-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Refactor loop in l2cap_retransmit_one_frame This make it easier to see what is the real reason for loop to exit. skb_queue_next return valid skb or garbage, not NULL. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
039d9572 |
|
16-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Simplify l2cap_add_to_srej_queue Make it easier to see what is loop break condition. skb_queue_next return valid skb or garbage, not NULL. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
aef89f21 |
|
16-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Fix possible NULL pointer derefence in l2cap code Due to ERTM reliability L2CAP channel needs to be disconnected if adding to srej list failed. Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
4d611e4d |
|
23-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Only set ack_timer if we didn't send and ack Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d45fc423 |
|
05-Nov-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Rename l2cap_check_security() rename to l2cap_chan_check_security() to make it consistent with other l2cap_exported functions. This function will be exported in a later commit. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
66af7aaf |
|
07-Nov-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: parse L2CAP config response Add parsing Extended Flow Specification in L2CAP Config Response. Based upon haijun.liu <haijun.liu@atheros.com> series of patches (sent Sun, 22 Aug 2010) Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9f5a0d7b |
|
07-Nov-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: Define HCI reasons instead of magic number Use HCI error reasons instead of magic numbers. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
abc545b8 |
|
03-Nov-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Add debug print to l2cap_chan_create Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
8d5a04a1 |
|
02-Nov-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add signal handlers for channel moves AMP channels can be moved between BR/EDR and AMP controllers using a sequence of signals. Every attempted channel move involves a series of four signals: Move Initiator Move Responder | | | Move Channel Request | | ----------------------------> | | | | Move Channel Response | | <---------------------------- | | | | Move Channel Confirm | | ----------------------------> | | | | Move Channel Confirm Response | | <---------------------------- | All four signals are sent even if the move fails. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
50a147cd |
|
02-Nov-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use symbolic values for the fixed channel map The A2MP fixed channel bit is only set when high-speed mode is enabled. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f94ff6ff |
|
02-Nov-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Add signal handlers for channel creation Handle both "create channel request" and "create channel response". Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
73d80deb |
|
02-Nov-2011 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: prioritizing data over HCI This implement priority based scheduler using skbuffer priority set via SO_PRIORITY socket option. It introduces hci_chan_hash (list of HCI Channel/hci_chan) per connection, each item in this list refer to a L2CAP connection and it is used to queue the data for transmission. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
5e59b791 |
|
01-Nov-2011 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: set skbuffer priority based on L2CAP socket priority This uses SO_PRIORITY to set the skbuffer priority field Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
457f4850 |
|
31-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: correct debug output l2cap_set_timer function prints sk instead of chan pointer. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c6337ea6 |
|
20-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: remove magic offset and size make code readable by removing magic numbers Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
3e6b3b95 |
|
01-Nov-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: small styles clean ups to l2cap_core.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
0e8b207e |
|
17-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: implement L2CAP config pending state Add L2CAP Config Pending state for EFS. Currently after receiving Config Response Pending respond with Config Response Success. ... > ACL data: handle 1 flags 0x02 dlen 16 L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0040 result 0 status 0 Connection successful > ACL data: handle 1 flags 0x02 dlen 45 L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33 RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 1009) EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff, AccLat 0xffffffff, FlushTO 0x0000ffff) < ACL data: handle 1 flags 0x00 dlen 45 L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33 RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 498) EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff, AccLat 0xffffffff, FlushTO 0x0000ffff) < ACL data: handle 1 flags 0x00 dlen 47 L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33 Pending MTU 672 RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498) EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff, AccLat 0xffffffff, FlushTO 0x0000ffff) > ACL data: handle 1 flags 0x02 dlen 47 L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33 Pending MTU 672 RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498) EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff, AccLat 0xffffffff, FlushTO 0x0000ffff) > ACL data: handle 1 flags 0x02 dlen 14 L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0 Success < ACL data: handle 1 flags 0x00 dlen 14 L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0 Success < ACL data: handle 1 flags 0x00 dlen 510 L2CAP(d): cid 0x0040 len 506 ext_ctrl 0x00010000 fcs 0xebe0 [psm 4113] I-frame: Start (len 672) TxSeq 0 ReqSeq 0 ... Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f3f668b0 |
|
07-Nov-2011 |
Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> |
Bluetooth: Use miliseconds for L2CAP channel timeouts Timers set by __set_chan_timer() should use miliseconds instead of jiffies. Commit 942ecc9c4643db5ce071562e0a23f99464d6b461 updated l2cap_set_timer() so it expects timeout to be specified in msecs instead of jiffies. This makes timeouts unreliable when CONFIG_HZ is not set to 1000. Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
42dceae2 |
|
17-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: parse L2CAP config request Add parsing Extended Flow Specification option in L2CAP Config Request Based upon haijun.liu <haijun.liu@atheros.com> series of patches (sent Sun, 22 Aug 2010) Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c8f79162 |
|
16-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: fix max_pdu calculation Fix max_pdu_size calculationin for RFC. Change magic number to human readable defines. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
03a51213 |
|
16-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: remove magic numbers in l2cap Remove magic numbers for FCS, SDU LEN and PSM LEN when calculating packet payload. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
836be934 |
|
16-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: support extended seq numbers Adds support for extended sequence numbers found in extended control fields. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
88843ab0 |
|
16-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: handling different Control fields There are three different Control Field formats: the Standard Control Field, the Enhanced Control Field, and the Extended Control Field. Patch adds function to handle all those fields seamlessly. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f89cef09 |
|
13-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: add efs option in L2CAP conf req Add Extended Flow Specification option when building L2CAP Configuration Request. EFS is added if both the local and remote L2CAP entities have indicated support for the Extended Flow Specification for BR/EDR. ... < ACL data: handle 1 flags 0x00 dlen 10 L2CAP(s): Info req: type 2 > ACL data: handle 1 flags 0x02 dlen 16 L2CAP(s): Info rsp: type 2 result 0 Extended feature mask 0x01f8 Enhanced Retransmission mode Streaming mode FCS Option Extended Flow Specification Fixed Channels Extended Window Size ... < ACL data: handle 1 flags 0x00 dlen 45 L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33 RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 498) EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff, AccLat 0xffffffff, FlushTO 0x0000ffff) ... Based upon haijun.liu <haijun.liu@atheros.com> series of patches (sent Sun, 22 Aug 2010) Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
8f7975b1 |
|
13-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: assign default values in chan add Assign default EFS values when creating L2CAP channel Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e4ca6d98 |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: recalculate L2CAP header size Recalculate length of L2CAP header based on Control field length. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e3781735 |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite handling POLL (P) bit Handle POLL (P) bit in L2CAP ERTM using information about control field type. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
03f6715d |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite handling FINAL (F) bit Handle final (F) bit in L2CAP using information about control field type. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
793c2f1c |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite check frame type function Check frame function uses now information about control field type. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
fb45de7d |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite L2CAP ERTM txseq calculation L2CAP ERTM txseq calculation uses now information about control field type. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
0b209fae |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite reqseq calculation reqseq calculation uses now information about control field type. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
7e0ef6ee |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite handling SAR bits Segmentation and Reassembly (SAR) occupies different windows in standard and extended control fields. Convert hardcoded masks to relative ones and use shift to access SAR bits. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ab784b73 |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: rewrite handling Supervisory (S) bits Supervisory bits occupy different windows in standard / extended control fields. Convert hardcoded masks to relative ones and use shift to access S-bit window. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6327eb98 |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EWS: extended window size option support Adds support for extended window size (EWS) config option. We enable EWS feature in L2CAP Info RSP when hs enabled. EWS option is included in L2CAP Config Req if tx_win (which is set via socket) bigger then standard default value (63) && hs enabled && remote side supports EWS feature. Using EWS selects extended control field in L2CAP. Code partly based on Qualcomm and Atheros patches sent upstream a year ago. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
43bd0f32 |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: convert role_switch variable to flag in l2cap chan role_switch variable inside l2cap_chan is a logical one and can be easily converted to flag Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
15770b1a |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: convert force_active variable to flag in l2cap chan force_active variable inside l2cap_chan is a logical one and can be easily converted to flag Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ecf61bdb |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: convert force_reliable variable to flag in l2cap chan force_reliable variable inside l2cap_chan is a logical one and can be easily converted to flag Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d57b0e8b |
|
11-Oct-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: convert flushable variable to flag in l2cap chan flushable variable inside l2cap_chan is a logical one and can be easily converted to flag. Added flags in l2cap_chan structure. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
a5fd6f30 |
|
16-Sep-2011 |
Andrei Emeltchenko <andrei.emeltchenko@intel.com> |
Bluetooth: EFS: add enable_hs kernel param Add enable_hs kernel parameter. L2CAP_FEAT_EXT_FLOW depends on it. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
67c9e840 |
|
28-Jul-2011 |
Szymon Janc <szymon.janc@tieto.com> |
Bluetooth: Mark not declared l2cap_core functions as static Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
84084a31 |
|
22-Jul-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Perform L2CAP SDU reassembly without copying data Use sk_buff fragment capabilities to link together incoming skbs instead of allocating a new skb for reassembly and copying. The new reassembly code works equally well for ERTM and streaming mode, so there is now one reassembly function instead of two. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ab0ff76d |
|
12-Sep-2011 |
Luiz Augusto von Dentz <luiz.von.dentz@intel.com> |
Bluetooth: mark l2cap_create_iframe_pdu as static l2cap_create_iframe_pdu is only used in l2cap_core.c Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
8aab4757 |
|
05-Sep-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Move SMP crypto functions to a workqueue The function crypto_blkcipher_setkey() called by smp_e() can sleep, so all the crypto work has to be moved to hci_dev workqueue. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
160dc6ac |
|
19-Aug-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add support for running SMP without a socket When doing the pairing procedure we won't have an associated socket, but we still have to do the SMP negotiation. This adds support for encrypting the link and exchanging keys. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d26a2345 |
|
19-Aug-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add a flag to indicate that SMP is going on Add HCI_CONN_LE_SMP_PEND flag to indicate that SMP is pending for that connection. This allows to have information that an SMP procedure is going on for that connection. We use the HCI_CONN_ENCRYPT_PEND to indicate that encryption (HCI_LE_Start_Encryption) is pending for that connection. While a SMP procedure is going on we hold an reference to the connection, to avoid disconnections. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
a71a0cf4 |
|
25-Jul-2011 |
Peter Hurley <peter@hurleysoftware.com> |
Bluetooth: l2cap: Fix lost wakeup waiting for ERTM acks Fix race condition which can result in missing wakeup during l2cap socket shutdown. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
05e9a2f6 |
|
15-Jul-2011 |
Ilia Kolomisnky <iliak@ti.com> |
Bluetooth: Fix crash with incoming L2CAP connections Another regression fix considering incomming l2cap connections with defer_setup enabled. In situations when incomming connection is extracted with l2cap_sock_accept, it's bt_sock info will have 'parent' member zerroed, but 'parent' may be used unconditionally in l2cap_conn_start() and l2cap_security_cfm() when defer_setup is enabled. Backtrace: [<bf02d5ac>] (l2cap_security_cfm+0x0/0x2ac [bluetooth]) from [<bf01f01c>] (hci_event_pac ket+0xc2c/0x4aa4 [bluetooth]) [<bf01e3f0>] (hci_event_packet+0x0/0x4aa4 [bluetooth]) from [<bf01a844>] (hci_rx_task+0x cc/0x27c [bluetooth]) [<bf01a778>] (hci_rx_task+0x0/0x27c [bluetooth]) from [<c008eee4>] (tasklet_action+0xa0/ 0x15c) [<c008ee44>] (tasklet_action+0x0/0x15c) from [<c008f38c>] (__do_softirq+0x98/0x130) r7:00000101 r6:00000018 r5:00000001 r4:efc46000 [<c008f2f4>] (__do_softirq+0x0/0x130) from [<c008f524>] (do_softirq+0x4c/0x58) [<c008f4d8>] (do_softirq+0x0/0x58) from [<c008f5e0>] (run_ksoftirqd+0xb0/0x1b4) r4:efc46000 r3:00000001 [<c008f530>] (run_ksoftirqd+0x0/0x1b4) from [<c009f2a8>] (kthread+0x84/0x8c) r7:00000000 r6:c008f530 r5:efc47fc4 r4:efc41f08 [<c009f224>] (kthread+0x0/0x8c) from [<c008cc84>] (do_exit+0x0/0x5f0) Signed-off-by: Ilia Kolomisnky <iliak@ti.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9191e6ad |
|
15-Jul-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix regression in L2CAP connection procedure Caused by the following commit, partially revert it. commit 9fa7e4f76f3658ba1f44fbdb95c77e7df3f53f95 Author: Gustavo F. Padovan <padovan@profusion.mobi> Date: Thu Jun 30 16:11:30 2011 -0300 Bluetooth: Fix regression with incoming L2CAP connections PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that ( probably after the df3c3931e commit ) the l2cap connection could not be established in case when the "Auth Complete" HCI event does not arive before the initiator send "Configuration request", in which case l2cap replies with "Command rejected" since the channel is still in BT_CONNECT2 state. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e2fd318e |
|
09-Jul-2011 |
Ilia Kolomisnky <iliak@ti.com> |
Bluetooth: Fixes l2cap "command reject" reply according to spec There can 3 reasons for the "command reject" reply produced by the stack. Each such reply should be accompanied by the relevand data ( as defined in spec. ). Currently there is one instance of "command reject" reply with reason "invalid cid" wich is fixed. Also, added clean-up definitions related to the "command reject" replies. Signed-off-by: Ilia Kolomisnky <iliak@ti.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
7034b911 |
|
07-Jul-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add support for SMP phase 3 (key distribution) This adds support for generating and distributing all the keys specified in the third phase of SMP. This will make possible to re-establish secure connections, resolve private addresses and sign commands. For now, the values generated are random. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
fadd192e |
|
07-Jul-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Remove L2CAP busy queue The ERTM receive buffer is now handled in a way that does not require the busy queue and the associated polling code. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e328140f |
|
07-Jul-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Use event-driven approach for handling ERTM receive buffer This change moves most L2CAP ERTM receive buffer handling out of the L2CAP core and in to the socket code. It's up to the higher layer (the socket code, in this case) to tell the core when its buffer is full or has space available. The recv op should always accept incoming ERTM data or else the connection will go down. Within the socket layer, an skb that does not fit in the socket receive buffer will be temporarily stored. When the socket is read from, that skb will be placed in the receive buffer if possible. Once adequate buffer space becomes available, the L2CAP core is informed and the ERTM local busy state is cleared. Receive buffer management for non-ERTM modes is unchanged. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
26f880d2 |
|
07-Jul-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Move code for ERTM local busy state to separate functions The local busy state is entered and exited based on buffer status in the socket layer (or other upper layer). This change is in preparation for general buffer status reports from the socket layer, which will then be used to change the local busy status. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
02f1b641 |
|
29-Jun-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Check earlier for L2CAP ERTM frames to drop Even when the received tx_seq is expected, the frame still needs to be dropped if the TX window is exceeded or the receiver is in the local busy state. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2461daac |
|
16-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix bad locking balance Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e175072f |
|
29-Jun-2011 |
Joe Perches <joe@perches.com> |
Bluetooth: Rename function bt_err to bt_to_errno Make it easier to use more normal logging styles later. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
942ecc9c |
|
29-Jun-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: ERTM timeouts need to be converted to jiffies ERTM timeouts are defined in milliseconds, but need to be converted to jiffies when passed to mod_timer(). Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
774e5651 |
|
29-Jun-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Fix indentation whitespace Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9fa7e4f7 |
|
30-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix regression with incoming L2CAP connections PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that ( probably after the df3c3931e commit ) the l2cap connection could not be established in case when the "Auth Complete" HCI event does not arive before the initiator send "Configuration request", in which case l2cap replies with "Command rejected" since the channel is still in BT_CONNECT2 state. Based on patch from: Ilia Kolomisnky <iliak@ti.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
7ac28817 |
|
24-Jun-2011 |
Dan Rosenberg <drosenberg@vsecurity.com> |
Bluetooth: Prevent buffer overflow in l2cap config request A remote user can provide a small value for the command size field in the command header of an l2cap configuration request, resulting in an integer underflow when subtracting the size of the configuration request header. This results in copying a very large amount of data via memcpy() and destroying the kernel heap. Check for underflow. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: stable <stable@kernel.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
43f3dc41 |
|
20-Jun-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Fix not setting the chan state When the connection is ready we should set the connection to CONNECTED so userspace can use it. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e13e21dc |
|
17-Jun-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Remove useless access to the socket We already have access to the chan, we don't have to access the socket to get its imtu. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
63128451 |
|
17-Jun-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Fix crash when setting a LE socket to ready We should not try to do any other type of configuration for LE links when they become ready. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e2ab4353 |
|
10-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Use bit operations on conn_state Instead of setting bits manually we use set_bit, test_bit, etc. Also remove L2CAP_ prefix from macros. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c1360a1c |
|
10-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: use bit operation on conf_state Instead of making the bit operations manually, we now use set_bit, test_bit, etc. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
5d3de7df |
|
14-Jun-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add support for SMP timeout This patch adds support for disconnecting the link when SMP procedure takes more than 30 seconds. SMP begins when either the Pairing Request command is sent or the Pairing Response is received, and it ends when the link is encrypted (or terminated). Vol 3, Part H Section 3.4. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
df3c3931 |
|
13-Jun-2011 |
Johan Hedberg <johan.hedberg@intel.com> |
Bluetooth: Fix accepting connect requests for defer_setup When authentication completes we shouldn't blindly accept any pending L2CAP connect requests. If the socket has the defer_setup feature enabled it should still wait for user space acceptance of the connect request. The issue only happens for non-SSP connections since with SSP the L2CAP Connect request may not be sent for non-SDP PSMs before authentication has completed successfully. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f1cb9af5 |
|
26-Jan-2011 |
Vinicius Costa Gomes <vinicius.gomes@openbossa.org> |
Bluetooth: Add support for resuming socket when SMP is finished This adds support for resuming the user space traffic when SMP negotiation is complete. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
b501d6a1 |
|
07-Jun-2011 |
Anderson Briglia <anderson.briglia@openbossa.org> |
Bluetooth: Start SMP procedure Start SMP procedure for LE connections. This modification intercepts l2cap received frames and call proper SMP functions to start the SMP procedure. By now, no keys are being used. Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org> Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
b5694506 |
|
08-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Don't forget to check for LE_LINK Otherwise the wrong error can be returned. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
1a09bcb9 |
|
17-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: keep reference if any ERTM timer is enabled ERTM use the generic L2CAP timer functions to keep a reference to the channel. This is useful for avoiding crashes. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c9b66675 |
|
17-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Make timer functions generic We now plan to use l2cap_set_timer and l2cap_clear_timer in ERTM timers. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
71ba0e56 |
|
17-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add refcnt to struct l2cap_chan struct l2cap_chan has now its own refcnt that is compatible with the socket refcnt, i.e., we won't see sk_refcnt = 0 and chan->refcnt > 0. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
89bc500e |
|
02-Jun-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add state tracking to struct l2cap_chan Now socket state is tracked by struct sock and channel state is tracked by chan->state. At this point both says the same, but this is going to change when we add AMP Support for example. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ba3bd0ee |
|
16-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: add close() callback to l2cap_chan_ops close() calls l2cap_sock_kill() on l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
23070494 |
|
16-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: add recv() callback to l2cap_chan_ops This abstracts the call to sock_queue_recv_skb() into l2cap_chan_ops->recv(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
80808e43 |
|
16-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add l2cap_chan_ops abstraction Add an abstraction layer between L2CAP core and its users (only l2cap_sock.c now). The first function implemented is new_connection() that replaces calls to l2cap_sock_alloc() in l2cap_core.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
dc50a06d |
|
16-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Merge l2cap_chan_create() in the l2cap_sock_alloc() As a first step to remove l2cap_sock_alloc() and l2cap_sock_init() from l2cap_core.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e6949280 |
|
03-Jun-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Fix check for the ERTM local busy state Local busy is encoded in a bitfield, but was not masked out correctly. Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d8d69c54 |
|
03-Jun-2011 |
Mat Martineau <mathewm@codeaurora.org> |
Bluetooth: Restore accidentally-deleted line When code was moved from l2cap_core.c to l2cap_sock.c in commit 6de0702b5b93da0ef097aa092b4597fbc024ebba, one line was dropped from the old __l2cap_sock_close() implementation. This sk_state change should still be in l2cap_chan_close(). Signed-off-by: Mat Martineau <mathewm@codeaurora.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
14b12d0b |
|
23-May-2011 |
Jaikumar Ganesh <jaikumar@google.com> |
Bluetooth: Add BT_POWER L2CAP socket option. Add BT_POWER socket option used to control the power characteristics of the underlying ACL link. When the remote end has put the link in sniff mode and the host stack wants to send data we need need to explicitly exit sniff mode to work well with certain devices (For example, A2DP on Plantronics Voyager 855). However, this causes problems with HID devices. Hence, moving into active mode when sending data, irrespective of who set the sniff mode has been made as a socket option. By default, we will move into active mode. HID devices can set the L2CAP socket option to prevent this from happening. Currently, this has been implemented for L2CAP sockets. This has been tested with incoming and outgoing L2CAP sockets for HID and A2DP. Based on discussions on linux-bluetooth and patches submitted by Andrei Emeltchenko. Signed-off-by: Jaikumar Ganesh <jaikumar@google.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
b5ad8b7f |
|
01-Jun-2011 |
Johannes Berg <johannes.berg@intel.com> |
Bluetooth: fix sparse & gcc warnings sparse complains about a few things that should be static. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
0f852724 |
|
04-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Rename __l2cap_chan_close() to l2cap_chan_close() To make it consistent with the rest of the API. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
500698d3 |
|
04-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove export of l2cap_chan_clear_timer() The call to l2cap_chan_clear_timer() is not really needed in l2cap_sock.c. This patch also adds a call to l2cap_chan_clear_timer() to the only place in __l2cap_sock_close() that wasn't calling it. It's safe call it there because l2cap_chan_clear_timer() check first for timer_peding(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
ab07801d |
|
02-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: create channel timer to replace sk_timer The new timer does not belong to struct sock, tought it still touch some sock things, but this will be sorted out soon. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
715ec005 |
|
02-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add chan->chan_type struct member chan_type says if our chan is raw(direclty access to HCI), connection less or connection oriented. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9a91a04a |
|
28-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Create l2cap_chan_send() This move all the sending logic to l2cap_core.c, but we still have a socket dependence there, struct msghdr. It will be removed in some of the further commits. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
4519de9a |
|
28-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Create __l2cap_chan_close() This is actually __l2cap_sock_close() renamed to __l2cap_chan_close(). At a first look it may not make sense, but with the further cleanups that will come it will. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
78676a06 |
|
18-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: fix set but not used warning Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
224f8af0 |
|
12-May-2011 |
Ruiyi Zhang <Ruiyi.Zhang@Atheros.com> |
Bluetooth: Allow unsegmented SDU retries on sock_queue_rcv_skb failure In L2CAP_SDU_UNSEGMENTED case, if sock_queue_rcv_skb returns error, l2cap_ertm_reassembly_sdu should not return 0 so as to insert the skb into BUSY_QUEUE for later retries. Signed-off-by: Ruiyi Zhang <Ruiyi.Zhang@Atheros.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
a7567b20 |
|
01-Jun-2011 |
Johannes Berg <johannes.berg@intel.com> |
bluetooth l2cap: fix locking in l2cap_global_chan_by_psm read_lock() ... read_unlock_bh() is clearly bogus. This was broken by commit 23691d75cdc69c3b285211b4d77746aa20a17d18 Author: Gustavo F. Padovan <padovan@profusion.mobi> Date: Wed Apr 27 18:26:32 2011 -0300 Bluetooth: Remove l2cap_sk_list Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
#
6dcae1ea |
|
16-May-2011 |
David S. Miller <davem@davemloft.net> |
bluetooth: Fix warnings in l2cap_core.c net/bluetooth/l2cap_core.c: In function ‘l2cap_recv_frame’: net/bluetooth/l2cap_core.c:3758:15: warning: ‘sk’ may be used uninitialized in this function net/bluetooth/l2cap_core.c:3758:15: note: ‘sk’ was declared here net/bluetooth/l2cap_core.c:3791:15: warning: ‘sk’ may be used uninitialized in this function net/bluetooth/l2cap_core.c:3791:15: note: ‘sk’ was declared here Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
55183d06 |
|
11-May-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove leftover debug messages They were added by me while testing and I forgot to remove. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
23691d75 |
|
27-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove l2cap_sk_list A new list was added to replace the socket based one. This new list doesn't depent on sock and then fits better inside l2cap_core.c code. It also rename l2cap_chan_alloc() to l2cap_chan_create() and l2cap_chan_free() to l2cap_chan_destroy) Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
73b2ec18 |
|
18-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Handle psm == 0 case inside l2cap_add_psm() When the user doesn't specify a psm we have the choose one for the channel. Now we do this inside l2cap_add_psm(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9e4425ff |
|
18-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add l2cap_add_psm() and l2cap_add_scid() The intention is to get rid of the l2cap_sk_list usage inside l2cap_core.c. l2cap_sk_list will soon be replaced by a list that does not depend on socket usage. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6ff5abbf |
|
25-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix memory leak with L2CAP channels A new l2cap_chan_free() is added to free the channels. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
8c1d787b |
|
13-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move conn to struct l2cap_chan There is no need to the socket deal directly with the channel, most of the time it cares about the channel only. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
fe4128e0 |
|
13-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move more vars to struct l2cap_chan In this commit, psm, scid and dcid. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
0c1bc5c6 |
|
13-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move more channel info to struct l2cap_chan In this commit, omtu, imtu, flush_to, mode and sport. It also remove the pi var from l2cap_sock_sendmsg(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
47d1ec61 |
|
13-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move more vars to struct l2cap_chan In this commit all ERTM and Streaming Mode specific vars. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
4343478f |
|
12-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move some more elements to struct l2cap_chan In this commit sec_level, force_reliable, role_switch and flushable. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
77a74c7e |
|
12-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Rename l2cap_do_connect() to l2cap_chan_connect() l2cap_chan_connect() is a much better name and reflects what this functions is doing (or will do once socket dependence is removed from the core). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
b4450035 |
|
12-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move conf_state to struct l2cap_chan First move of elements depending on user data. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
5d41ce1d |
|
08-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Refactor L2CAP channel allocation If the allocation happens at l2cap_sock_create() will be able to use the struct l2cap_chan to store channel info that comes from the user via setsockopt. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
bf734843 |
|
25-Apr-2011 |
David S. Miller <davem@davemloft.net> |
bluetooth: Fix use-before-initiailized var. net/bluetooth/l2cap_core.c: In function ‘l2cap_recv_frame’: net/bluetooth/l2cap_core.c:3612:15: warning: ‘sk’ may be used uninitialized in this function net/bluetooth/l2cap_core.c:3612:15: note: ‘sk’ was declared here Actually the problem is in the inline function l2cap_data_channel(), we branch to the label 'done' which tests 'sk' before we set it to anything. Initialize it to NULL to fix this. Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a429b519 |
|
17-Apr-2011 |
Ruiyi Zhang <Ruiyi.zhang@atheros.com> |
Bluetooth: Only keeping SAR bits when retransmitting one frame. When retrasmitting one frame, only SAR bits in control field should be kept. Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
26954c7f |
|
14-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix lockdep warning in L2CAP Fix a regression from the L2CAP "rewrite" patches. Purge the tx_q already happens on l2cap_chan_del() so we don't need it at l2cap_disconnect_req(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
62f3a2cf |
|
14-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix another locking unbalance l2cap_get_sock_by_scid was changed to not lock the socket anymore, but I forgot to change all the users of this function. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
280f294f |
|
13-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Don't lock sock inside l2cap_get_sock_by_scid() Fix an locking issue with the new l2cap_att_channel(). l2cap_att_channel() was trying to lock a locked socket. Reported-by: Anderson Lizardo <anderson.lizardo@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
9f69bda6 |
|
07-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add proper handling of received LE data Despite it works, handling through l2cap_data_channel() is wrongs. That function should handle only connection oriented data. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
58d35f87 |
|
04-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move tx queue to struct l2cap_chan tx_q is the queue used by ERTM mode. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c916fbe4 |
|
04-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove unneeded uninitialized_vars() That was unnecessary use of it. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
49208c9c |
|
04-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove some sk references from l2cap_core.c Change some BT_DBG messages and consequently remove some struct sock declarations. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
39d5a3ee |
|
04-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move SREJ list to struct l2cap_chan As part of moving all the Channel related operation to struct l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2ead70b8 |
|
01-Apr-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Fix lockdep warning with skb list lock This is a regression acctually, caused by the first patch series for creating a formal strcut l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
311bb895 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move busy workqueue to struct l2cap_chan As part of the moving channel stuff to l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
f1c6775b |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move srej and busy queues to struct l2cap_chan As part of the moving channel stuff to l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e92c8e70 |
|
31-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move ERTM timers to struct l2cap_chan This also triggered a change in l2cap_send_disconn_req() parameters. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2c03a7a4 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move remote info to struct l2cap_chan As part of the moving channel stuff to l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6f61fd47 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move SDU related vars to struct l2cap_chan As part of the moving channel stuff to l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6a026610 |
|
31-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move more ERTM stuff to struct l2cap_chan As part of the moving channel stuff to l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
42e5c802 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move of ERTM *_seq vars to struct l2cap_chan As part of the moving channel to stuff to struct l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
525cd185 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move conn_state to struct l2cap_chan This is part of "moving things to l2cap_chan". As one the first move it triggered a big number of changes in the funcions parameters, basically changing the struct sock param to struct l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
710f9b0a |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: clean up l2cap_sock_recvmsg() Move some channel specific stuff to l2cap_core.c, this will make things more clear. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
73ffa904 |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan They are also l2cap_chan specific. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
fc7f8a7e |
|
25-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move ident to struct l2cap_chan ident is chan property, no need to reside on socket. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
820ffdb3 |
|
31-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove struct del_list As we use struct list_head to keep L2CAP channels list the workaround with del_list is not needed anymore. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
baa7e1fa |
|
31-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Use struct list_head for L2CAP channels list Use a well known Kernel API is always a good idea than implement your own list. In the future we might use RCU on this list. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
48454079 |
|
24-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Create struct l2cap_chan struct l2cap_chan cames to create a clear separation between what properties and data belongs to the L2CAP channel and what belongs to the socket. By now we just fold the struct sock * in struct l2cap_chan as all the channel info is struct l2cap_pinfo today. In the next commits we will see a move of channel stuff to struct l2cap_chan. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
23e9fde2 |
|
09-Mar-2011 |
Suraj Sumangala <suraj@atheros.com> |
Bluetooth: Increment unacked_frames count only the first transmit This patch lets 'l2cap_pinfo.unacked_frames' be incremented only the first time a frame is transmitted. Previously it was being incremented for retransmitted packets too resulting the value to cross the transmit window size. Signed-off-by: Suraj Sumangala <suraj@atheros.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e90165be |
|
25-Mar-2011 |
Andrei Emeltchenko <andrei.emeltchenko@nokia.com> |
Bluetooth: check L2CAP info_rsp ident and state Information requests/responses are unbound to L2CAP channel. Patch fixes issue arising when two devices connects at the same time to each other. This way we do not process out of the context messages. We are safe dropping info_rsp since info_timer is left running. Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d1010240 |
|
24-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Move bt_accept_enqueue() to outside __l2cap_chan_add bt_accept_enqueue() is not really a channel action, so do it outside. This patch is part of a set of patches to create an struct l2cap_chan to have a clear separation between the struct sock and the L2CAP channel stuff. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2c6d1a2e |
|
23-Mar-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Improve error message on wrong link type Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
52cb1c0d |
|
09-Mar-2011 |
Suraj Sumangala <suraj@atheros.com> |
Bluetooth: Increment unacked_frames count only the first transmit This patch lets 'l2cap_pinfo.unacked_frames' be incremented only the first time a frame is transmitted. Previously it was being incremented for retransmitted packets too resulting the value to cross the transmit window size. Signed-off-by: Suraj Sumangala <suraj@atheros.com> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
30e76272 |
|
22-Feb-2011 |
Ville Tervo <ville.tervo@nokia.com> |
Bluetooth: Use ERR_PTR as return error from hci_connect Use ERR_PTR mechanism to return error from hci_connect. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
50899e8d |
|
21-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Remove duplicated BT_INFO() from L2CAP The message for the initialization of the L2CAP layer was being printed twice. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
e2174ca4 |
|
17-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: fix errors reported by checkpatch.pl Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
2ce603eb |
|
16-Feb-2011 |
Claudio Takahasi <claudio.takahasi@openbossa.org> |
Bluetooth: Send LE Connection Update Command If the new connection update parameter are accepted, the LE master host sends the LE Connection Update Command to its controller informing the new requested parameters. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
de73115a |
|
11-Feb-2011 |
Claudio Takahasi <claudio.takahasi@openbossa.org> |
Bluetooth: Add connection parameter update response Implements L2CAP Connection Parameter Update Response defined in the Bluetooth Core Specification, Volume 3, Part A, section 4.21. Address the LE Connection Parameter Procedure initiated by the slave. Connection Interval Minimum and Maximum have the same range: 6 to 3200. Time = N * 1.25ms. Minimum shall be less or equal to Maximum. The Slave Latency field shall have a value in the range of 0 to ((connSupervisionTimeout / connIntervalMax) - 1). Latency field shall be less than 500. connSupervisionTimeout = Timeout Multiplier * 10 ms. Multiplier field shall have a value in the range of 10 to 3200. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
3300d9a9 |
|
11-Feb-2011 |
Claudio Takahasi <claudio.takahasi@openbossa.org> |
Bluetooth: Add LE signaling commands handling This patch splits the L2CAP command handling function in order to have a clear separation between the commands related to BR/EDR and LE. Commands and responses in the LE signaling channel are not being handled yet, command reject is sent to all received requests. Bluetooth Core Specification, Volume 3, Part A, section 4 defines the signaling packets formats and allowed commands/responses over the LE signaling channel. Signed-off-by: Claudio Takahasi <claudio.takahasi@openbossa.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
b62f328b |
|
10-Feb-2011 |
Ville Tervo <ville.tervo@nokia.com> |
Bluetooth: Add server socket support for LE connection Add support for LE server sockets. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
acd7d370 |
|
10-Feb-2011 |
Ville Tervo <ville.tervo@nokia.com> |
Bluetooth: Add LE connection support to L2CAP Add basic LE connection support to L2CAP. LE connection can be created by specifying cid in struct sockaddr_l2 Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
903d343e |
|
10-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Add L2CAP mode to debugfs output Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c531a12a |
|
07-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: remove l2cap_load() hack l2cap_load() was added to trigger l2cap.ko module loading from the RFCOMM and BNEP modules. Now that L2CAP module is gone, we don't need it anymore. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
64274518 |
|
07-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Merge L2CAP and SCO modules into bluetooth.ko Actually doesn't make sense have these modules built separately. The L2CAP layer is needed by almost all Bluetooth protocols and profiles. There isn't any real use case without having L2CAP loaded. SCO is only essential for Audio transfers, but it is so small that we can have it loaded always in bluetooth.ko without problems. If you really doesn't want it you can disable SCO in the kernel config. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6de0702b |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move __l2cap_sock_close() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
05fc1576 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_kill() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
6ddc0485 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move L2CAP sock timers function to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
fd83ccdb |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_sendmsg() to l2cap_sock.c Also moves some L2CAP sending functions declaration to l2cap.h Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
dcba0dba |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_shutdown() to l2cap_sock.c Declare __l2cap_wait_ack() and l2cap_sock_clear_timer() in l2cap.h Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
68983259 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_recvmsg() to l2cap_sock.c It causes the move of the declaration of 3 functions to l2cap.h: l2cap_get_ident(), l2cap_send_cmd(), l2cap_build_conf_req() Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
4e34c50b |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_connect() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
99f4808d |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_getsockopt() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
33575df7 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_setsockopt() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
d7175d55 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_getname() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
c47b7c72 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_accept() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
af6bcd82 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_bind()/listen() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
554f05bb |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_release() to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
65390587 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: move l2cap_sock_ops to l2cap_sock.c First step to move all l2cap_sock_ops function to l2cap_sock.c Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
bb58f747 |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Initial work for L2CAP split. This patch tries to do the minimal to move l2cap_sock_create() and its dependencies to l2cap_sock.c. It create a API to initialize and cleanup the L2CAP sockets from l2cap_core.c through l2cap_init_sockets() and l2cap_cleanup_sockets(). Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
#
0a708f8f |
|
03-Feb-2011 |
Gustavo Padovan <padovan@profusion.mobi> |
Bluetooth: Rename l2cap.c to l2cap_core.c In a preparation to the the L2CAP code split in many files. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|