Commit graph

105 commits

Author SHA1 Message Date
Jiri Kosina
b40df5743e [PATCH] bluetooth: fix socket locking in hci_sock_dev_event()
[Bluetooth] Fix socket locking in hci_sock_dev_event()

hci_sock_dev_event() uses bh_lock_sock() to lock the socket lock.
This is not deadlock-safe against locking of the same socket lock in
l2cap_connect_cfm() from softirq context. In addition to that,
hci_sock_dev_event() doesn't seem to be called from softirq context,
so it is safe to use lock_sock()/release_sock() instead.

The lockdep warning can be triggered on my T42p simply by switching
the Bluetooth off by the keyboard button.

  =================================
  [ INFO: inconsistent lock state ]
  2.6.21-rc2 #4
  ---------------------------------
  inconsistent {in-softirq-W} -> {softirq-on-W} usage.
  khubd/156 [HC0[0]:SC0[0]:HE1:SE1] takes:
   (slock-AF_BLUETOOTH){-+..}, at: [<e0ca5520>] hci_sock_dev_event+0xa8/0xc5 [bluetooth]
  {in-softirq-W} state was registered at:
    [<c012d1db>] mark_lock+0x59/0x414
    [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap]
    [<c012dfd7>] __lock_acquire+0x3e5/0xb99
    [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap]
    [<c012e7f2>] lock_acquire+0x67/0x81
    [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap]
    [<c036ee72>] _spin_lock+0x29/0x34
    [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap]
    [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap]
    [<e0ca17c3>] hci_send_cmd+0x126/0x14f [bluetooth]
    [<e0ca4ce4>] hci_event_packet+0x729/0xebd [bluetooth]
    [<e0ca205b>] hci_rx_task+0x2a/0x20f [bluetooth]
    [<e0ca209d>] hci_rx_task+0x6c/0x20f [bluetooth]
    [<c012d7be>] trace_hardirqs_on+0x10d/0x14e
    [<c011ac85>] tasklet_action+0x3d/0x68
    [<c011abba>] __do_softirq+0x41/0x92
    [<c011ac32>] do_softirq+0x27/0x3d
    [<c0105134>] do_IRQ+0x7b/0x8f
    [<c0103dec>] common_interrupt+0x24/0x34
    [<c0103df6>] common_interrupt+0x2e/0x34
    [<c0248e65>] acpi_processor_idle+0x1b3/0x34a
    [<c0248e68>] acpi_processor_idle+0x1b6/0x34a
    [<c010232b>] cpu_idle+0x39/0x4e
    [<c04bab0c>] start_kernel+0x372/0x37a
    [<c04ba42b>] unknown_bootoption+0x0/0x202
    [<ffffffff>] 0xffffffff

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-08 07:38:21 -08:00
Marcel Holtmann
c1a3313698 [Bluetooth] Make use of device_move() for RFCOMM TTY devices
In the case of bound RFCOMM TTY devices the parent is not available
before its usage. So when opening a RFCOMM TTY device, move it to
the corresponding ACL device as a child. When closing the device,
move it back to the virtual device tree.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26 11:42:41 -08:00
Marcel Holtmann
f5ffd4620a [Bluetooth] Add open and close callbacks for HID device
The open and close callbacks for the HID device are not optional, but
for the Bluetooth HID report mode support it is enough to add empty
dummy callbacks.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26 11:42:39 -08:00
Marcel Holtmann
e1aaadd4d8 [Bluetooth] Add support for using the HID subsystem
This patch extends the current Bluetooth HID support to use the new
HID subsystem and adds full report mode support.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26 11:42:38 -08:00
Marcel Holtmann
a83d6c0de8 [Bluetooth] Fix wrong put_user() from HIDP compat ioctl patch
The compat ioctl patch copied the parser version field into the
report descriptor size field by mistake.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26 11:42:35 -08:00
Tim Schmielau
cd354f1ae7 [PATCH] remove many unneeded #includes of sched.h
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there.  Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.

To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.

Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm.  I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).

Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de>
Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-14 08:09:54 -08:00
YOSHIFUJI Hideaki
8e87d14255 [NET] BLUETOOTH: Fix whitespace errors.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-10 23:19:20 -08:00
Al Viro
55e747445b [PATCH] hidp __user annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-09 09:14:06 -08:00
Marcel Holtmann
847641d7db [Bluetooth] Restrict well known PSM to privileged users
The PSM values below 0x1001 of L2CAP are reserved for well known
services. Restrict the possibility to bind them to privileged
users.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-22 22:00:45 +01:00
Marcel Holtmann
7386397636 [Bluetooth] Missing endian swapping for L2CAP socket list
The PSM value in the L2CAP socket list must be converted to host
order before printing it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-22 22:00:40 +01:00
Marcel Holtmann
c893779e9f [Bluetooth] Handle device registration failures
In the case the device registration for a new Bluetooth low-level
connection fails there is no need to unregister it when the temporary
data structure has been removed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:56 -08:00
Marcel Holtmann
4d6a2188bd [Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()
When calling send() with a zero length parameter on a RFCOMM socket
it returns a positive value. In this rare case the variable err is
used uninitialized and unfortunately its value is returned.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:55 -08:00
Marcel Holtmann
b6e557fbf1 [Bluetooth] More checks if DLC is still attached to the TTY
If the DLC device is no longer attached to the TTY device, then return
errors or default values for various callbacks of the TTY layer.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:54 -08:00
Marcel Holtmann
f477756920 [Bluetooth] Add packet size checks for CAPI messages
With malformed packets it might be possible to overwrite internal
CMTP and CAPI data structures. This patch adds additional length
checks to prevent these kinds of remote attacks.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:53 -08:00
Al Viro
905f3ed625 [PATCH] hci endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 09:05:52 -08:00
Alan Cox
606d099cdd [PATCH] tty: switch to ktermios
This is the grungy swap all the occurrences in the right places patch that
goes with the updates.  At this point we have the same functionality as
before (except that sgttyb() returns speeds not zero) and are ready to
begin turning new stuff on providing nobody reports lots of bugs

If you are a tty driver author converting an out of tree driver the only
impact should be termios->ktermios name changes for the speed/property
setting functions from your upper layers.

If you are implementing your own TCGETS function before then your driver
was broken already and its about to get a whole lot more painful for you so
please fix it 8)

Also fill in c_ispeed/ospeed on init for most devices, although the current
code will do this for you anyway but I'd like eventually to lose that extra
paranoia

[akpm@osdl.org: bluetooth fix]
[mp3@de.ibm.com: sclp fix]
[mp3@de.ibm.com: warning fix for tty3270]
[hugh@veritas.com: fix tty_ioctl powerpc build]
[jdike@addtoit.com: uml: fix ->set_termios declaration]
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Martin Peschke <mp3@de.ibm.com>
Acked-by: Peter Oberparleiter <oberpar@de.ibm.com>
Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-08 08:28:57 -08:00
David Howells
4c1ac1b491 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Conflicts:

	drivers/infiniband/core/iwcm.c
	drivers/net/chelsio/cxgb2.c
	drivers/net/wireless/bcm43xx/bcm43xx_main.c
	drivers/net/wireless/prism54/islpci_eth.c
	drivers/usb/core/hub.h
	drivers/usb/input/hid-core.c
	net/core/netpoll.c

Fix up merge failures with Linus's head and fix new compilation failures.

Signed-Off-By: David Howells <dhowells@redhat.com>
2006-12-05 14:37:56 +00:00
Peter Zijlstra
fcc70d5fdc [BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTH
=============================================
[ INFO: possible recursive locking detected ]
2.6.18-1.2726.fc6 #1
2006-12-02 21:21:35 -08:00
Al Viro
e8db8c9910 [BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wire
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:30 -08:00
Al Viro
6ba9c755e5 [BLUETOOTH]: rfcomm endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:29 -08:00
Al Viro
1bc5d4483a [BLUETOOTH]: bnep endianness annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:28 -08:00
Al Viro
e41d216973 [BLUETOOTH] bnep endianness bug: filtering by packet type
<= and => don't work well on net-endian...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02 21:21:27 -08:00
David Howells
c4028958b6 WorkStruct: make allyesconfig
Fix up for make allyesconfig.

Signed-Off-By: David Howells <dhowells@redhat.com>
2006-11-22 14:57:56 +00:00
David S. Miller
4498c80d9c [BLUETOOTH]: Fix unaligned access in hci_send_to_sock.
The "u16 *" derefs of skb->data need to be wrapped inside of
a get_unaligned().

Thanks to Gustavo Zacarias for the bug report.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-11-21 16:17:41 -08:00
Marcel Holtmann
354f60a995 [Bluetooth] Ignore L2CAP config requests on disconnect
Any L2CAP connection in disconnecting state shall not response
to any further config requests from the remote side. So in case
such a request is received, ignore it.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21 16:16:32 -08:00
Marcel Holtmann
820ae1b865 [Bluetooth] Always include MTU in L2CAP config responses
When sending a positive config response it shall include the actual
MTU to be used on this channel. This differs from the Bluetooth 1.1
specification where it was enough to acknowledge the config request.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21 16:16:31 -08:00
Marcel Holtmann
ff2d367ac3 [Bluetooth] Check if RFCOMM session is still attached to the TTY
If the RFCOMM session is no longer attached to the TTY device, then it
makes no sense to go through with changing the termios settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21 16:16:30 -08:00
Marcel Holtmann
6bd5741612 [Bluetooth] Handling pending connect attempts after inquiry
After an inquiry completed or got canceled the Bluetooth core should
check for any pending connect attempts.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21 16:16:29 -08:00
Marcel Holtmann
e52726dece [Bluetooth] Attach low-level connections to the Bluetooth bus
To receive uvents for the low-level ACL and SCO links, they must be
assigned to a subsystem. It is enough to attach them to the already
established Bluetooth bus.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21 16:16:28 -08:00
Marcel Holtmann
7b19ffc40b [Bluetooth] Fix HID disconnect NULL pointer dereference
The latest HID disconnect sequence change introduced a NULL pointer
dereference. For the quirk to handle buggy remote HID implementations,
it is enough to wait for a potential control channel disconnect from
the remote side and it is also enough to wait only 500 msecs.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-20 01:15:05 -07:00
Marcel Holtmann
74da626a10 [Bluetooth] Add locking for bt_proto array manipulation
The bt_proto array needs to be protected by some kind of locking to
prevent a race condition between bt_sock_create and bt_sock_register.

And in addition all calls to sk_alloc need to be made GFP_ATOMIC now.

Signed-off-by: Masatake YAMATO <jet@gyve.org>
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:34 -07:00
Marcel Holtmann
cb19d9ea2c [Bluetooth] Check if DLC is still attached to the TTY
If the DLC device is no longer attached to the TTY device, then it
makes no sense to go through with changing the termios settings.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:33 -07:00
Marcel Holtmann
b2cfcd75df [Bluetooth] Fix reference count when connection lookup fails
When the connection lookup for the device structure fails, the reference
count for the HCI device needs to be decremented.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:32 -07:00
Marcel Holtmann
e86070c83e [Bluetooth] Disconnect HID interrupt channel first
The Bluetooth HID specification demands that the interrupt channel
shall be disconnected first. This is needed to pass the qualification
tests.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:31 -07:00
Marcel Holtmann
4c67bc74f0 [Bluetooth] Support concurrent connect requests
Most Bluetooth chips don't support concurrent connect requests, because
this would involve a multiple baseband page with only one radio. In the
case an upper layer like L2CAP requests a concurrent connect these chips
return the error "Command Disallowed" for the second request. If this
happens it the responsibility of the Bluetooth core to queue the request
and try again after the previous connect attempt has been completed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:30 -07:00
Marcel Holtmann
e9c4bec63e [Bluetooth] Make use of virtual devices tree
The Bluetooth subsystem currently uses a platform device for devices
with no parent. It is a better idea to use the new virtual devices
tree for these.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:29 -07:00
Marcel Holtmann
df5c37ea9a [Bluetooth] Handle return values from driver core functions
Some return values of the driver core register and create functions
are not handled and so might cause unexpected problems.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:28 -07:00
Marcel Holtmann
e9c5702e3c [Bluetooth] Fix compat ioctl for BNEP, CMTP and HIDP
There exists no attempt do deal with the fact that a structure with
a uint32_t followed by a pointer is going to be different for 32-bit
and 64-bit userspace. Any 32-bit process trying to use it will be
failing with -EFAULT if it's lucky; suffering from having data dumped
at a random address if it's not.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15 23:14:27 -07:00
Jeff Dike
b68e31d0eb [PATCH] const struct tty_operations
As part of an SMP cleanliness pass over UML, I consted a bunch of
structures in order to not have to document their locking.  One of these
structures was a struct tty_operations.  In order to const it in UML
without introducing compiler complaints, the declaration of
tty_set_operations needs to be changed, and then all of its callers need to
be fixed.

This patch declares all struct tty_operations in the tree as const.  In all
cases, they are static and used only as input to tty_set_operations.  As an
extra check, I ran an i386 allyesconfig build which produced no extra
warnings.

53 drivers are affected.  I checked the history of a bunch of them, and in
most cases, there have been only a handful of maintenance changes in the
last six months.  serial_core.c was the busiest one that I looked at.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-10-02 07:57:14 -07:00
Arnaud Patard
860e13b5c5 [Bluetooth]: Fix section mismatch of bt_sysfs_cleanup()
The bt_sysfs_cleanup() is marked with __exit attribute, but it will
be called from an __init function in the error case. So the __exit
attribute must be removed.

Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-28 18:03:12 -07:00
Marcel Holtmann
37e97b4ef0 [Bluetooth]: Don't update disconnect timer for incoming connections
In the case of device pairing the only safe method is to establish
a low-level ACL link. In this case, the remote side should not use
the disconnect timer to give the other side the chance to enter the
PIN code. If the disconnect timer is used, the connection will be
dropped to soon, because it is impossible to identify an actual user
of this link.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-28 18:03:11 -07:00
Marcel Holtmann
6ac59344ef [Bluetooth] Support create connection cancel command
In case of non-blocking connects it is possible that the last user
of an ACL link quits before the connection has been fully established.
This will lead to a race condition where the internal state of a
connection is closed, but the actual link has been established and is
active. In case of Bluetooth 1.2 and later devices it is possible to
call create connection cancel to abort the connect. For older devices
the disconnect timer will be used to trigger the needed disconnect.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:33 -07:00
Marcel Holtmann
1143e5a6d4 [Bluetooth] Read local version information on device init
The local version information are needed to identify certain feature
sets of devices. They must be read on device init and stored for later
use. It is also possible to access them through the device model.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:32 -07:00
Marcel Holtmann
b4c612a473 [Bluetooth] Return EINPROGRESS for non-blocking socket calls
In case of non-blocking socket calls we should return EINPROGRESS
and not EAGAIN.

Signed-off-by: Ulisses Furquim <ulissesf@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:31 -07:00
Marcel Holtmann
defc761bc2 [Bluetooth] Handle command complete event for exit periodic inquiry
The command complete event of the exit periodic inquiry command must
clear the HCI_INQUIRY flag and finish the HCI request.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:29 -07:00
Marcel Holtmann
0ac53939a0 [Bluetooth] Add HCI device identifier for SDIO cards
This patch assigns the next free HCI device identifier to Bluetooth
devices based on the SDIO interface.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:28 -07:00
Marcel Holtmann
0a85b964e1 [Bluetooth] Integrate services into the driver model
This patch integrates the services of the Bluetooth protocols RFCOMM,
BNEP and HIDP into the driver model. This makes it possible to assign
the virtual TTY, network and input devices to a specific Bluetooth
connection.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:26 -07:00
Marcel Holtmann
b219e3ac66 [Bluetooth] Integrate low-level connections into the driver model
This patch integrates the low-level connections (ACL and SCO) into the
driver model. Every connection is presented as device with the parent
set to its host controller device.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:25 -07:00
Marcel Holtmann
4d0eb0049c [Bluetooth] Remove unused host controller attributes
This patch removes the unused device attribute entries for the Bluetooth
host controllers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-09-28 18:01:24 -07:00
Marcel Holtmann
98bcd08b5b [Bluetooth] Correct RFCOMM channel MTU for broken implementations
Some Bluetooth RFCOMM implementations try to negotiate a bigger channel
MTU than we can support for a particular session. The maximum MTU for
a RFCOMM session is limited through the L2CAP layer. So if the other
side proposes a channel MTU that is bigger than the underlying L2CAP
MTU, we should reduce it to the L2CAP MTU of the session minus five
bytes for the RFCOMM headers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-24 12:44:25 -07:00