Johan Hedberg [Thu, 9 Feb 2012 13:56:11 +0000 (15:56 +0200)]
Bluetooth: Add address type to mgmt blacklist messages
This patch updates the implmentation for mgmt_block_device and
mgmt_unblock_device and their corresponding events to match the latest
API specification.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 9 Feb 2012 13:44:09 +0000 (15:44 +0200)]
Bluetooth: Add address type to Out Of Band mgmt messages
This patch updates the implementation for these mgmt to be up to date
with the latest API specification. Right now the address type isn't
actually used for anything but that might change in the future.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 9 Feb 2012 13:26:12 +0000 (15:26 +0200)]
Bluetooth: Add address type to user_confirm and user_passkey messages
This patch upadate the user confirm and user passkey mgmt messages to
match the latest API specification by adding an address type parameter
to them.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 9 Feb 2012 12:27:38 +0000 (14:27 +0200)]
Bluetooth: Update mgmt_disconnect to match latest API
This patch adds an address type parameter to the disconnect command and
response in order to match the latest mgmt API specification.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 9 Feb 2012 11:50:12 +0000 (13:50 +0200)]
Bluetooth: Update and rename mgmt_remove_keys to mgmt_unpair_device
This patch renames the mgmt_remove_keys command to mgmt_unpair_device
and updates its parameters to match the latest API (specifically, it
adds an address type parameter to the command and its response).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Szymon Janc [Tue, 7 Feb 2012 14:43:02 +0000 (15:43 +0100)]
Bluetooth: Fix double acking I-Frames when sending pending I-Frames
Pending I-Frame(s) are considered as acknowledgement. To void double
acking (via I-Frame and later via RR) clear ack timer when sending
first pending I-Frame.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Tue, 7 Feb 2012 14:43:01 +0000 (15:43 +0100)]
Bluetooth: Fix possible missing I-Frame acknowledgement
Make l2cap_ertm_send return number of pending I-Frames transmitted
instead of all (pending + retransmitted) I-Frames transmitted.
As only pending I-Frames are considered as acknowledgement, this could
lead to situation when no ACK was sent in __l2cap_send_ack (if only
already transmitted I-Frames were retransmitted).
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Mon, 6 Feb 2012 13:04:01 +0000 (15:04 +0200)]
Bluetooth: Remove unneeded sk variable
In debug use chan %p instead of sk.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Mon, 6 Feb 2012 13:04:00 +0000 (15:04 +0200)]
Bluetooth: Clean up l2cap_chan_add
Change elseif to switch. This make sense even more with following
patches which otherwise have to add more elseifs statements.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Mon, 6 Feb 2012 13:03:59 +0000 (15:03 +0200)]
Bluetooth: Change chan_ready param from sk to chan
Change is needed to remove dependency on sk when possible
before introducing l2cap channel lock.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Tue, 22 Nov 2011 20:14:19 +0000 (17:14 -0300)]
Bluetooth: Add BT_DBG to mgmt_discovering()
This is helpful for device discovery implementation & debuging.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Fri, 3 Feb 2012 22:06:00 +0000 (00:06 +0200)]
Bluetooth: Fix device_found event length for remote name resolving
The correct length of the event is the size of the ev struct (not size
of the pointer like the code was previously using) plus the length of
the variable-sized EIR data at the end of the struct.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Andre Guedes [Fri, 3 Feb 2012 20:48:02 +0000 (17:48 -0300)]
Bluetooth: Fix indentation
This patch fixes a #define indentation in mgmt.c.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 3 Feb 2012 20:48:01 +0000 (17:48 -0300)]
Bluetooth: MGMT start discovery LE-Only support
This patch adds LE-Only discovery procedure support to MGMT Start
Discovery command.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 3 Feb 2012 20:48:00 +0000 (17:48 -0300)]
Bluetooth: Add hci_le_scan()
We are not supposed to block in start_discovery() because
start_discovery code is running in write() syscall context
and this would block the write operation on the mgmt socket.
This way, we cannot directly call hci_do_le_scan() to scan
LE devices in start_discovery(). To overcome this issue a
derefered work (hdev->le_scan) was created so we can properly
call hci_do_le_scan().
The helper function hci_le_scan() simply set LE scan parameters
and queue hdev->le_scan work. The work is queued on system_long_wq
since it can sleep for a few seconds in the worst case (timeout).
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 3 Feb 2012 20:47:59 +0000 (17:47 -0300)]
Bluetooth: Add hci_do_le_scan()
This patch adds to hci_core the hci_do_le_scan function which
should be used to scan LE devices.
In order to enable LE scan, hci_do_le_scan() sends commands (Set
LE Scan Parameters and Set LE Scan Enable) to the controller and
waits for its results. If commands were executed successfully a
delayed work is scheduled to disable the ongoing scanning after
some amount of time. This function blocks.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 3 Feb 2012 20:47:58 +0000 (17:47 -0300)]
Bluetooth: Minor code refactoring
This patch does a trivial code refacting in hci_discovery_active.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 3 Feb 2012 20:47:57 +0000 (17:47 -0300)]
Bluetooth: LE scan should send Discovering events
Send MGMT Discovering events once LE scan starts/stops so the
userspace can track when local adapters are discovering LE devices.
This way, we also keep the same behavior of inquiry which sends MGMT
Discovering events once inquiry starts/stops even if it is triggered
by an external tool (e.g. hcitool).
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Fri, 3 Feb 2012 19:29:40 +0000 (21:29 +0200)]
Bluetooth: Add missing QUIRK_NO_RESET test to hci_dev_do_close
We should only perform a reset in hci_dev_do_close if the
HCI_QUIRK_NO_RESET flag is set (since in such a case a reset will not be
performed when initializing the device).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Andrei Emeltchenko [Fri, 3 Feb 2012 14:27:55 +0000 (16:27 +0200)]
Bluetooth: Helper removes duplicated code
Use __check_timout helper to remove duplicated code
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Fri, 3 Feb 2012 14:27:54 +0000 (16:27 +0200)]
Bluetooth: Recalculate sched HCI blk/pkt flow ctrl
Split HCI scheduling for block and packet flow control.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:05 +0000 (21:08 -0300)]
Bluetooth: Add support for notifying userspace of new LTK's
If we want to have proper pairing support over LE we need to
inform userspace that a new LTK is available, so userspace
can store that key permanently.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:04 +0000 (21:08 -0300)]
Bluetooth: Clean up structures left unused
With the use of the new structures and lists for the SMP LTK's
we may remove some code that is now unused. No need to have extra
fields of information inside link_key now that it is only used
for Link Keys.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:03 +0000 (21:08 -0300)]
Bluetooth: Add support for removing LTK's when pairing is removed
Instead of having a separated command for removing SMP keys, we use the
Remove Keys command to remove *all* keys.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:02 +0000 (21:08 -0300)]
Bluetooth: Add MGMT handlers for dealing with SMP LTK's
This adds a method to notify that a new LTK is available and
a handler to store keys coming from userspace into the kernel LTK
list.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:01 +0000 (21:08 -0300)]
Bluetooth: Use the updated key structures for handling LTKs
This updates all the users of the older way, that was using the
link_keys list to store the SMP keys, to use the new way.
This includes defining new types for the keys, we have a type for each
combination of STK/LTK and Master/Slave.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:08:00 +0000 (21:08 -0300)]
Bluetooth: Add new structures for handling SMP Long Term Keys
This includes a new list for storing the keys and a new structure used
to represent each key.
Some notes: authenticated is used to identify that the key may be used
to setup a HIGH security link. As the same list is used to store both
the STK's and the LTK's the type field is used so we can separate
between those two types of keys and if the key should be used when
in the master or slave role.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Fri, 3 Feb 2012 00:07:59 +0000 (21:07 -0300)]
Bluetooth: Fix doing some useless casts when receiving MGMT commands
Every command handler of mgmt does a cast to the command structure
so it can properly interpreted. So we can avoid that cast if we
make those functions receive a void * directly.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Manoj Iyer [Thu, 2 Feb 2012 15:32:36 +0000 (09:32 -0600)]
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
T: Bus=01 Lev=02 Prnt=02 Port=03 Cnt=03 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0a5c ProdID=21f3 Rev=01.12
S: Manufacturer=Broadcom Corp
S: Product=BCM20702A0
S: SerialNumber=
74DE2B344A7B
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com>
Tested-by: Dennis Chua <dennis.chua@canonical.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Thu, 2 Feb 2012 08:32:18 +0000 (10:32 +0200)]
Bluetooth: Use list _safe deleting from conn chan_list
Fixes possible bug when deleting element from the list in
function hci_chan_list_flush. list_for_each_entry_rcu is used
and after deleting element from the list we also free pointer
and then list_entry_rcu is taken from freed pointer.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Thu, 2 Feb 2012 08:32:17 +0000 (10:32 +0200)]
Bluetooth: Use list _safe deleting from conn_hash_list
Use list_for_each_entry_safe which is safe version against removal
of list entry. Otherwise we remove hci_conn element and reference
next element which result in accessing LIST_POISON.
[ 95.571834] Bluetooth: unknown link type 127
[ 95.578349] BUG: unable to handle kernel paging request at
20002000
[ 95.580236] IP: [<
20002000>] 0x20001fff
[ 95.580763] *pde =
00000000
[ 95.581196] Oops: 0000 [#1] SMP
...
[ 95.582298] Pid: 3355, comm: hciconfig Tainted: G O 3.2.0-VirttualBox
[ 95.582298] EIP: 0060:[<
20002000>] EFLAGS:
00210206 CPU: 0
[ 95.582298] EIP is at 0x20002000
...
[ 95.582298] Call Trace:
[ 95.582298] [<
f8231ab6>] ? hci_conn_hash_flush+0x76/0xf0 [bluetooth]
[ 95.582298] [<
f822bcb1>] hci_dev_do_close+0xc1/0x2e0 [bluetooth]
[ 95.582298] [<
f822d679>] ? hci_dev_get+0x69/0xb0 [bluetooth]
[ 95.582298] [<
f822e1da>] hci_dev_close+0x2a/0x50 [bluetooth]
[ 95.582298] [<
f824102f>] hci_sock_ioctl+0x1af/0x3f0 [bluetooth]
[ 95.582298] [<
c11153ea>] ? handle_pte_fault+0x8a/0x8f0
[ 95.582298] [<
c146becf>] sock_ioctl+0x5f/0x260
[ 95.582298] [<
c146be70>] ? sock_fasync+0x90/0x90
[ 95.582298] [<
c1152b33>] do_vfs_ioctl+0x83/0x5b0
[ 95.582298] [<
c1563f87>] ? do_page_fault+0x297/0x500
[ 95.582298] [<
c1563cf0>] ? spurious_fault+0xd0/0xd0
[ 95.582298] [<
c107165b>] ? up_read+0x1b/0x30
[ 95.582298] [<
c1563f87>] ? do_page_fault+0x297/0x500
[ 95.582298] [<
c100aa9f>] ? init_fpu+0xef/0x160
[ 95.582298] [<
c15617c0>] ? do_debug+0x180/0x180
[ 95.582298] [<
c100a958>] ? fpu_finit+0x28/0x80
[ 95.582298] [<
c11530e7>] sys_ioctl+0x87/0x90
[ 95.582298] [<
c156795f>] sysenter_do_call+0x12/0x38
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Thu, 2 Feb 2012 02:02:29 +0000 (04:02 +0200)]
Bluetooth: mgmt: Implement Cancel Pair Device command
This patch implements the Cancel Pair Device command for mgmt. It's used
by user space to cancel an ongoing pairing attempt which was triggered
by the Pair Device command.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Hemant Gupta [Mon, 23 Jan 2012 10:06:11 +0000 (15:36 +0530)]
Bluetooth: Fix clearing of debug and linkkey flags
This patch fixes clearing of HCI_LINK_KEYS and HCI_DEBUG_KEYS
dev_flags while resetting. Without this patch pairing does
not work over management interface for BR-EDR devices.
Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Hemant Gupta [Mon, 16 Jan 2012 08:04:29 +0000 (13:34 +0530)]
Bluetooth: Send correct response to IO Capability Request
This patch sends correct IO Capability response to remote device
in case Local Device supports KeyBoardDisplay IO Capability as
this capability is not valid as per BT spec for IO capability
Request Reply Command.
This capability is mapped to DisplayYesNo which is in accordance
with BT spec.
Signed-off-by: Hemant Gupta <hemant.gupta@stericsson.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Peter Hurley [Fri, 13 Jan 2012 14:11:30 +0000 (15:11 +0100)]
Bluetooth: Fix l2cap conn failures for ssp devices
Commit
330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Wed, 1 Feb 2012 21:42:38 +0000 (23:42 +0200)]
Bluetooth: Update mgmt.h to match latest API spec
This patch updates the opcodes for mgmt commands and events to match the
latest user space API specification.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Vinicius Costa Gomes [Wed, 1 Feb 2012 21:27:56 +0000 (18:27 -0300)]
Bluetooth: Fix invalid memory access when there's no SMP channel
We only should try to free the SMP channel that was created if there
is a pending SMP session.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Octavian Purdila [Fri, 27 Jan 2012 17:32:39 +0000 (19:32 +0200)]
Bluetooth: Fix RFCOMM session reference counting issue
There is an imbalance in the rfcomm_session_hold / rfcomm_session_put
operations which causes the following crash:
[ 685.010159] BUG: unable to handle kernel paging request at
6b6b6b6b
[ 685.010169] IP: [<
c149d76d>] rfcomm_process_dlcs+0x1b/0x15e
[ 685.010181] *pdpt =
000000002d665001 *pde =
0000000000000000
[ 685.010191] Oops: 0000 [#1] PREEMPT SMP
[ 685.010247]
[ 685.010255] Pid: 947, comm: krfcommd Tainted: G C 3.0.16-mid8-dirty #44
[ 685.010266] EIP: 0060:[<
c149d76d>] EFLAGS:
00010246 CPU: 1
[ 685.010274] EIP is at rfcomm_process_dlcs+0x1b/0x15e
[ 685.010281] EAX:
e79f551c EBX:
6b6b6b6b ECX:
00000007 EDX:
e79f40b4
[ 685.010288] ESI:
e79f4060 EDI:
ed4e1f70 EBP:
ed4e1f68 ESP:
ed4e1f50
[ 685.010295] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 685.010303] Process krfcommd (pid: 947, ti=
ed4e0000 task=
ed43e5e0 task.ti=
ed4e0000)
[ 685.010308] Stack:
[ 685.010312]
ed4e1f68 c149eb53 e5925150 e79f4060 ed500000 ed4e1f70 ed4e1f80 c149ec10
[ 685.010331]
00000000 ed43e5e0 00000000 ed4e1f90 ed4e1f9c c149ec87 0000bf54 00000000
[ 685.010348]
00000000 ee03bf54 c149ec37 ed4e1fe4 c104fe01 00000000 00000000 00000000
[ 685.010367] Call Trace:
[ 685.010376] [<
c149eb53>] ? rfcomm_process_rx+0x6e/0x74
[ 685.010387] [<
c149ec10>] rfcomm_process_sessions+0xb7/0xde
[ 685.010398] [<
c149ec87>] rfcomm_run+0x50/0x6d
[ 685.010409] [<
c149ec37>] ? rfcomm_process_sessions+0xde/0xde
[ 685.010419] [<
c104fe01>] kthread+0x63/0x68
[ 685.010431] [<
c104fd9e>] ? __init_kthread_worker+0x42/0x42
[ 685.010442] [<
c14dae82>] kernel_thread_helper+0x6/0xd
This issue has been brought up earlier here:
https://lkml.org/lkml/2011/5/21/127
The issue appears to be the rfcomm_session_put in rfcomm_recv_ua. This
operation doesn't seem be to required as for the non-initiator case we
have the rfcomm_process_rx doing an explicit put and in the initiator
case the last dlc_unlink will drive the reference counter to 0.
There have been several attempts to fix these issue:
6c2718d Bluetooth: Do not call rfcomm_session_put() for RFCOMM UA on closed socket
683d949 Bluetooth: Never deallocate a session when some DLC points to it
but AFAICS they do not fix the issue just make it harder to reproduce.
Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Gopala Krishna Murala <gopala.krishna.murala@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Tue, 31 Jan 2012 02:31:28 +0000 (23:31 -0300)]
Bluetooth: Use GFP_KERNEL in hci_add_adv_entry()
This function is not called in interrupt context anymore, so it
should use GFP_KERNEL to allocate memory.
Signed-off-by: Andre Guedes <aguedespe@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Mon, 30 Jan 2012 22:29:12 +0000 (19:29 -0300)]
Bluetooth: Rename smp_key_size to enc_key_size
This makes clear that this is the size of the key used to
encrypt the link.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Vinicius Costa Gomes [Mon, 30 Jan 2012 22:29:11 +0000 (19:29 -0300)]
Bluetooth: Add structures for the new LTK exchange messages
This defines two new messages, one event that will inform
userspace that a new Long Term Key was exchanged and one that
will allow userspace to load LTKs into the kernel.
Besides the information necessary for the restablishement of
the secure link, we added some extra information: "authenticated"
that informs if the key can be used to establish an authenticated
link, and "master" that informs the role in that the key should
be used.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Ulisses Furquim [Mon, 30 Jan 2012 20:26:29 +0000 (18:26 -0200)]
Bluetooth: Fix possible use after free in delete path
We need to use the _sync() version for cancelling the info and security
timer in the L2CAP connection delete path. Otherwise the delayed work
handler might run after the connection object is freed.
Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Ulisses Furquim [Mon, 30 Jan 2012 20:26:28 +0000 (18:26 -0200)]
Bluetooth: Remove usage of __cancel_delayed_work()
__cancel_delayed_work() is being used in some paths where we cannot
sleep waiting for the delayed work to finish. However, that function
might return while the timer is running and the work will be queued
again. Replace the calls with safer cancel_delayed_work() version
which spins until the timer handler finishes on other CPUs and
cancels the delayed work.
Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 27 Jan 2012 22:42:03 +0000 (19:42 -0300)]
Bluetooth: Remove unneeded locking
We don't need locking hdev in hci_conn_timeout() since it doesn't
access any hdev's shared resources, it basically queues HCI commands.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Fri, 27 Jan 2012 22:42:02 +0000 (19:42 -0300)]
Bluetooth: Fix potential deadlock
We don't need to use the _sync variant in hci_conn_hold and
hci_conn_put to cancel conn->disc_work delayed work. This way
we avoid potential deadlocks like this one reported by lockdep.
======================================================
[ INFO: possible circular locking dependency detected ]
3.2.0+ #1 Not tainted
-------------------------------------------------------
kworker/u:1/17 is trying to acquire lock:
(&hdev->lock){+.+.+.}, at: [<
ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
but task is already holding lock:
((&(&conn->disc_work)->work)){+.+...}, at: [<
ffffffff81035751>] process_one_work+0x11a/0x2bf
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 ((&(&conn->disc_work)->work)){+.+...}:
[<
ffffffff81057444>] lock_acquire+0x8a/0xa7
[<
ffffffff81034ed1>] wait_on_work+0x3d/0xaa
[<
ffffffff81035b54>] __cancel_work_timer+0xac/0xef
[<
ffffffff81035ba4>] cancel_delayed_work_sync+0xd/0xf
[<
ffffffffa00554b0>] smp_chan_create+0xde/0xe6 [bluetooth]
[<
ffffffffa0056160>] smp_conn_security+0xa3/0x12d [bluetooth]
[<
ffffffffa0053640>] l2cap_connect_cfm+0x237/0x2e8 [bluetooth]
[<
ffffffffa004239c>] hci_proto_connect_cfm+0x2d/0x6f [bluetooth]
[<
ffffffffa0046ea5>] hci_event_packet+0x29d1/0x2d60 [bluetooth]
[<
ffffffffa003dde3>] hci_rx_work+0xd0/0x2e1 [bluetooth]
[<
ffffffff810357af>] process_one_work+0x178/0x2bf
[<
ffffffff81036178>] worker_thread+0xce/0x152
[<
ffffffff81039a03>] kthread+0x95/0x9d
[<
ffffffff812e7754>] kernel_thread_helper+0x4/0x10
-> #1 (slock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
[<
ffffffff81057444>] lock_acquire+0x8a/0xa7
[<
ffffffff812e553a>] _raw_spin_lock_bh+0x36/0x6a
[<
ffffffff81244d56>] lock_sock_nested+0x24/0x7f
[<
ffffffffa004d96f>] lock_sock+0xb/0xd [bluetooth]
[<
ffffffffa0052906>] l2cap_chan_connect+0xa9/0x26f [bluetooth]
[<
ffffffffa00545f8>] l2cap_sock_connect+0xb3/0xff [bluetooth]
[<
ffffffff81243b48>] sys_connect+0x69/0x8a
[<
ffffffff812e6579>] system_call_fastpath+0x16/0x1b
-> #0 (&hdev->lock){+.+.+.}:
[<
ffffffff81056d06>] __lock_acquire+0xa80/0xd74
[<
ffffffff81057444>] lock_acquire+0x8a/0xa7
[<
ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
[<
ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
[<
ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
[<
ffffffff810357af>] process_one_work+0x178/0x2bf
[<
ffffffff81036178>] worker_thread+0xce/0x152
[<
ffffffff81039a03>] kthread+0x95/0x9d
[<
ffffffff812e7754>] kernel_thread_helper+0x4/0x10
other info that might help us debug this:
Chain exists of:
&hdev->lock --> slock-AF_BLUETOOTH-BTPROTO_L2CAP --> (&(&conn->disc_work)->work)
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((&(&conn->disc_work)->work));
lock(slock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock((&(&conn->disc_work)->work));
lock(&hdev->lock);
*** DEADLOCK ***
2 locks held by kworker/u:1/17:
#0: (hdev->name){.+.+.+}, at: [<
ffffffff81035751>] process_one_work+0x11a/0x2bf
#1: ((&(&conn->disc_work)->work)){+.+...}, at: [<
ffffffff81035751>] process_one_work+0x11a/0x2bf
stack backtrace:
Pid: 17, comm: kworker/u:1 Not tainted 3.2.0+ #1
Call Trace:
[<
ffffffff812e06c6>] print_circular_bug+0x1f8/0x209
[<
ffffffff81056d06>] __lock_acquire+0xa80/0xd74
[<
ffffffff81021ef2>] ? arch_local_irq_restore+0x6/0xd
[<
ffffffff81022bc7>] ? vprintk+0x3f9/0x41e
[<
ffffffff81057444>] lock_acquire+0x8a/0xa7
[<
ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
[<
ffffffff812e3870>] __mutex_lock_common+0x48/0x38e
[<
ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
[<
ffffffff81190fd6>] ? __dynamic_pr_debug+0x6d/0x6f
[<
ffffffffa0041155>] ? hci_conn_timeout+0x62/0x158 [bluetooth]
[<
ffffffff8105320f>] ? trace_hardirqs_off+0xd/0xf
[<
ffffffff812e3c75>] mutex_lock_nested+0x2a/0x31
[<
ffffffffa0041155>] hci_conn_timeout+0x62/0x158 [bluetooth]
[<
ffffffff810357af>] process_one_work+0x178/0x2bf
[<
ffffffff81035751>] ? process_one_work+0x11a/0x2bf
[<
ffffffff81055af3>] ? lock_acquired+0x1d0/0x1df
[<
ffffffffa00410f3>] ? hci_acl_disconn+0x65/0x65 [bluetooth]
[<
ffffffff81036178>] worker_thread+0xce/0x152
[<
ffffffff810407ed>] ? finish_task_switch+0x45/0xc5
[<
ffffffff810360aa>] ? manage_workers.isra.25+0x16a/0x16a
[<
ffffffff81039a03>] kthread+0x95/0x9d
[<
ffffffff812e7754>] kernel_thread_helper+0x4/0x10
[<
ffffffff812e5db4>] ? retint_restore_args+0x13/0x13
[<
ffffffff8103996e>] ? __init_kthread_worker+0x55/0x55
[<
ffffffff812e7750>] ? gs_change+0x13/0x13
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Reviewed-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Mon, 30 Jan 2012 12:22:10 +0000 (09:22 -0300)]
Bluetooth: Use GFP_KERNEL in hci_chan_create()
This function is called in process context only, so it should use
GFP_KERNEL to allocate memory.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Mon, 30 Jan 2012 12:22:09 +0000 (09:22 -0300)]
Bluetooth: Use GFP_KERNEL in hci_conn_add()
This function is called in process context only, so it should use
GFP_KERNEL to allocate memory.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Mon, 23 Jan 2012 09:06:05 +0000 (10:06 +0100)]
Bluetooth: Make l2cap_ertm_data_rcv static
It is not used outside of l2cap_core.c. Also l2cap_ertm_data_rcv is
only used after it is defined so there is no need for forward declaration.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Fri, 20 Jan 2012 12:08:03 +0000 (14:08 +0200)]
Bluetooth: Add alloc_skb chan operator
Add channel-specific skb allocation method
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Octavian Purdila [Sat, 21 Jan 2012 22:28:34 +0000 (00:28 +0200)]
Bluetooth: silence lockdep warning
Since bluetooth uses multiple protocols types, to avoid lockdep
warnings, we need to use different lockdep classes (one for each
protocol type).
This is already done in bt_sock_create but it misses a couple of cases
when new connections are created. This patch corrects that to fix the
following warning:
<4>[ 1864.732366] =======================================================
<4>[ 1864.733030] [ INFO: possible circular locking dependency detected ]
<4>[ 1864.733544]
3.0.16-mid3-00007-gc9a0f62 #3
<4>[ 1864.733883] -------------------------------------------------------
<4>[ 1864.734408] t.android.btclc/4204 is trying to acquire lock:
<4>[ 1864.734869] (rfcomm_mutex){+.+.+.}, at: [<
c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.735541]
<4>[ 1864.735549] but task is already holding lock:
<4>[ 1864.736045] (sk_lock-AF_BLUETOOTH){+.+.+.}, at: [<
c1498bf7>] lock_sock+0xa/0xc
<4>[ 1864.736732]
<4>[ 1864.736740] which lock already depends on the new lock.
<4>[ 1864.736750]
<4>[ 1864.737428]
<4>[ 1864.737437] the existing dependency chain (in reverse order) is:
<4>[ 1864.738016]
<4>[ 1864.738023] -> #1 (sk_lock-AF_BLUETOOTH){+.+.+.}:
<4>[ 1864.738549] [<
c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.738977] [<
c13d35c1>] lock_sock_nested+0x58/0x68
<4>[ 1864.739411] [<
c1493c33>] l2cap_sock_sendmsg+0x3e/0x76
<4>[ 1864.739858] [<
c13d06c3>] __sock_sendmsg+0x50/0x59
<4>[ 1864.740279] [<
c13d0ea2>] sock_sendmsg+0x94/0xa8
<4>[ 1864.740687] [<
c13d0ede>] kernel_sendmsg+0x28/0x37
<4>[ 1864.741106] [<
c14969ca>] rfcomm_send_frame+0x30/0x38
<4>[ 1864.741542] [<
c1496a2a>] rfcomm_send_ua+0x58/0x5a
<4>[ 1864.741959] [<
c1498447>] rfcomm_run+0x441/0xb52
<4>[ 1864.742365] [<
c104f095>] kthread+0x63/0x68
<4>[ 1864.742742] [<
c14d5182>] kernel_thread_helper+0x6/0xd
<4>[ 1864.743187]
<4>[ 1864.743193] -> #0 (rfcomm_mutex){+.+.+.}:
<4>[ 1864.743667] [<
c1061ada>] __lock_acquire+0x988/0xc00
<4>[ 1864.744100] [<
c1062273>] lock_acquire+0x104/0x140
<4>[ 1864.744519] [<
c14d2c70>] __mutex_lock_common+0x3b/0x33f
<4>[ 1864.744975] [<
c14d303e>] mutex_lock_nested+0x2d/0x36
<4>[ 1864.745412] [<
c14970ea>] rfcomm_dlc_close+0x15/0x30
<4>[ 1864.745842] [<
c14990d9>] __rfcomm_sock_close+0x5f/0x6b
<4>[ 1864.746288] [<
c1499114>] rfcomm_sock_shutdown+0x2f/0x62
<4>[ 1864.746737] [<
c13d275d>] sys_socketcall+0x1db/0x422
<4>[ 1864.747165] [<
c14d42f0>] syscall_call+0x7/0xb
Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Thu, 19 Jan 2012 09:19:50 +0000 (11:19 +0200)]
Bluetooth: trivial: space correction
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Wed, 18 Jan 2012 19:33:12 +0000 (21:33 +0200)]
Bluetooth: Add a convenience function to check for SSP enabled
It's a very common test to see if both the local and the remote device
have SSP enabled. By creating a simple function to test this we can
shorten many if-statements in the code.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 25 Jan 2012 12:21:06 +0000 (14:21 +0200)]
Bluetooth: Convert hdev->ssp_mode to a flag
The ssp_mode is essentially just a boolean so it's more appropriate to
have it simply as a flag in hdev->dev_flags.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Mon, 16 Jan 2012 04:47:28 +0000 (06:47 +0200)]
Bluetooth: Merge boolean members of struct hci_conn into flags
Now that the flags member of struct hci_conn is supposed to accommodate
any boolean type values we can easily merge all boolean members into it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 17 Jan 2012 19:48:47 +0000 (21:48 +0200)]
Bluetooth: Update device_connected and device_found events to latest API
This patch updates mgmt_ev_device_connected and mgmt_ev_device found to
include an EIR-encoded remote name and class whenever possible. With
this addition the mgmt_ev_remote_name event becomes unnecessary and can
be removed. Since the connected event doesn't map to hci_conn_complete
anymore a HCI_CONN_MGMT_CONNECTED flag is added to track when mgmt has
been notified about a connection.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Mon, 16 Jan 2012 07:49:58 +0000 (09:49 +0200)]
Bluetooth: Convert hdev->out to a bool type
The hdev->out variable is essentially a boolean so the type 'bool' makes
more sense than u8.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Mon, 16 Jan 2012 04:10:31 +0000 (06:10 +0200)]
Bluetooth: Rename conn->pend to conn->flags
These flags can and will be used for more general purpose values than
just pending state transitions so the more common name "flags" makes
more sense than "pend".
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 19:01:23 +0000 (21:01 +0200)]
Bluetooth: Merge device class into the EIR data in mgmt_ev_device_found
There's no need to have a separate device class field since the same
information can be encoded into the EIR data.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 18:51:14 +0000 (20:51 +0200)]
Bluetooth: Move eir_has_data_field to hci_core.h
This makes the function accessible from all places it's needed (e.g.
mgmt.c and hci_event.c).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 18:46:33 +0000 (20:46 +0200)]
Bluetooth: Add missing EIR defines to hci.h
This patch adds missing EIR defines (as specified in the Bluetooth
Assigned Numbers document) to hci.h.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 18:04:43 +0000 (20:04 +0200)]
Bluetooth: Rename eir_has_complete_name to eir_has_data_type
This allows for other uses such as checking for an embedded class of
device value in order to decide whether to append the class or not.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 17:51:59 +0000 (19:51 +0200)]
Bluetooth: Add eir_len parameter to mgmt_ev_device_found
This patch add a two byte eir_len parameter mgmt_ev_device_found. Since
it's unlikely that the data will in the short term be much bigger than
conventional EIR lengths just use a small stack based buffer for now to
avoid dynamic memory allocation & freeing.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 15 Jan 2012 16:11:07 +0000 (18:11 +0200)]
Bluetooth: Rename mgmt connected events to match user space
User space uses device_(dis)connected instead of just (dis)connected so
rename the defines and functions to match this.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 18 Jan 2012 14:14:43 +0000 (16:14 +0200)]
Bluetooth: Fix clearing persistent flags
There are several other dev_flags besided HCI_MGMT that should not be
cleared upon reset.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Andre Guedes [Tue, 10 Jan 2012 21:20:50 +0000 (18:20 -0300)]
Bluetooth: Report LE devices
Devices found during LE scan should be reported to userspace through
mgmt_device_found events.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andre Guedes [Tue, 10 Jan 2012 21:20:49 +0000 (18:20 -0300)]
Bluetooth: Add 'eir_len' param to mgmt_device_found()
This patch adds a new parameter to mgmt_device_found() to inform
the length of 'eir' pointer.
EIR data from LE advertising report event doesn't have a fixed length
as EIR data from extended inquiry result event does. We needed to
change mgmt_device_found() so it copies 'eir_len' bytes instead of
HCI_MAX_EIR_LENGTH.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Fri, 13 Jan 2012 15:21:43 +0000 (17:21 +0200)]
Bluetooth: Change sk to l2cap_chan
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Andrei Emeltchenko [Fri, 13 Jan 2012 15:21:42 +0000 (17:21 +0200)]
Bluetooth: Use chan instead of sk
Remove unneeded conversion from sk to chan.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Wed, 11 Jan 2012 09:59:49 +0000 (10:59 +0100)]
Bluetooth: Drop L2CAP chan reference if ERTM ack_timer fired
Reference counter was incremented when starting ack timer but
decremented only when clearing timer, not when timer fired.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Wed, 11 Jan 2012 09:59:48 +0000 (10:59 +0100)]
Bluetooth: Don't send RNR immediately when entering local busy
There is no need to send RNR immediately when entring local busy.
Also upper layer might clear local busy condition before ack timer
expires saving few cycles for sending RNR.
This also prevents sending two RNRs in some cases where sending one
would be enough i.e received N I-frame can trigger local busy
(sending RNR acking up to N-1 I-frame) and later sending ack (RNR
acking up to N I-frame).
This was affecting TC_ERM_BV_07_C and TC_ERM_BV_22_C with some non
default channel parameters (tx window and receiving buffer sizes).
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Wed, 11 Jan 2012 09:59:47 +0000 (10:59 +0100)]
Bluetooth: Clear ack_timer when sending ack
ack_timer should be cleared when sending ACK to avoid acking I-frames
twice.
This commit introduces helper function (only send ack, not clearing
timer) which is used by l2cap_send_ack and l2cap_ack_timeout. This is
to avoid clearing ack timer in timer function.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Wed, 11 Jan 2012 09:59:46 +0000 (10:59 +0100)]
Bluetooth: Set P-bit for SREJ frame only if there are I-frames to ack
SREJ frame with P-bit set acknowledges I-frames numbered up to
(ReqSeq - 1). With this patch P-bit in SREJ is set only when there are
some I-frames to ack.
This fixes ambiguous situation when lost of I-frame with TxSeq=0 would
result in sending SREJ acking all previous I-frames.
Consider following scenario:
TxWindow=3
HostA: sent I-frame TxSeq=0
HostA: sent I-frame TxSeq=1
HostA: sent I-frame TxSeq=2
HostB: missed I-frame TxSeq=0
HostB: received I-frame TxSeq=1
HostB: sent SREJ ReqSeq=0 Pbit=1
HostA: received SREJ ReqSeq=0 Pbit=1 <- All I-frames acked or not?
...
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Szymon Janc [Wed, 11 Jan 2012 09:59:45 +0000 (10:59 +0100)]
Bluetooth: Make l2cap_clear_timer return if timer was running or not
This is usefull when need to make action after timer was cleared
depending on if it was running or not.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fabio Estevam [Tue, 10 Jan 2012 20:33:50 +0000 (18:33 -0200)]
Bluetooth: Fix 'enable_hs' type
Fix the following build warning:
CC [M] net/bluetooth/hci_core.o
net/bluetooth/hci_core.c: In function ‘__check_enable_hs’:
net/bluetooth/hci_core.c:2587: warning: return from incompatible pointer type
module_param in hci_core.c passes 'enable_hs' as bool format, so fix
this variable definition type.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Sun, 8 Jan 2012 22:53:02 +0000 (00:53 +0200)]
Bluetooth: Sort to-be-resolved devices by RSSI during discovery
This patch makes sure that devices with stronger signal (RSSI closer to
0) are sorted first in the resolve list and will therefore get their
names resolved first during device discovery. Since it's more likely
that the device the user is trying to discover has a strong signal due
to its proximity this ensures that the user gets the "device found"
event for it more quickly.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 8 Jan 2012 21:39:40 +0000 (23:39 +0200)]
Bluetooth: Fix resetting HCI_MGMT flag
The HCI_MGMT flag should not be cleared when resetting a HCI device.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 8 Jan 2012 21:11:15 +0000 (23:11 +0200)]
Bluetooth: Move mgmt related flags from hdev->flags to hdev->dev_flags
There's no point in exposing these to user-space (which is what happens
to everything in hdev->flags) so move them to dev_flags instead.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Sun, 8 Jan 2012 20:51:16 +0000 (22:51 +0200)]
Bluetooth: Remove bogus inline declaration from l2cap_chan_connect
As reported by Dan Carpenter this function causes a Sparse warning and
shouldn't be declared inline:
include/net/bluetooth/l2cap.h:837:30 error: marked inline, but without a
definition"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
David Herrmann [Sat, 7 Jan 2012 14:47:24 +0000 (15:47 +0100)]
Bluetooth: Remove __hci_dev_put/hold
Since we remove the owner field of hci_dev hci_dev_put and __hci_dev_put
do the same so we can merge them into one function. Same for
hci_dev_hold and __hci_dev_hold.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:23 +0000 (15:47 +0100)]
Bluetooth: Correctly take hci_dev->dev refcount
The hci_dev->dev device structure has an internal refcount. This
refcount is used to protect the whole hci_dev object. However, we
currently do not use it. Therefore, if someone calls hci_free_dev() we
currently immediately destroy the hci_dev object because we never took
the device refcount.
This even happens if the hci_dev->refcnt is not 0. In fact, the
hci_dev->refcnt is totally useless in its current state. Therefore, we
simply remove hci_dev->refcnt and instead use hci_dev->dev refcnt.
This fixes all the symptoms and also correctly integrates the device
structure into our bluetooth bus system.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:22 +0000 (15:47 +0100)]
Bluetooth: Remove HCI-owner field
After unregistering an hci_dev object a bluetooth driver does not have
any callbacks in the hci_dev structure left over. Therefore, there is no
need to keep a reference to the module.
Previously, we needed this to protect the hci-destruct callback.
However, this callback is no longer available so we do not need this
owner field, anymore. Drivers now call hci_unregister_dev() and they
are done with the object.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:21 +0000 (15:47 +0100)]
Bluetooth: Correctly acquire module ref
We provide a device-object to other subsystems and we provide our own
release-function. Therefore, the device-object must own a reference to
our module, otherwise the release-function may get deleted before the
device-object does.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:20 +0000 (15:47 +0100)]
Bluetooth: Remove unused hci-destruct cb
The hci-destruct callback is not used by any driver so we can remove it.
There is no reason to keep it alive, anymore. Drivers can free their
internal data on driver-release and we do not need to provide a public
destruct callback.
Internally, we still use a destruct callback inside of hci_sysfs.c. This
one is used to correctly free our hci_dev data structure if no more
users have a reference to it.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:19 +0000 (15:47 +0100)]
Bluetooth: uart-ldisc: Fix memory leak and remove destruct cb
We currently leak the hci_uart object if HCI_UART_PROTO_SET is never set
because the hci-destruct callback will then never be called. This fix
removes the hci-destruct callback and frees the driver internal private
hci_uart object directly on tty-close. We call hci_unregister_dev() here
so the hci-core will never call our callbacks again (except destruct).
Therefore, we can safely free the driver internal data right away and
set the destruct callback to NULL.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:18 +0000 (15:47 +0100)]
Bluetooth: btsdio: Free driver data on SDIO shutdown
Instead of waiting for the hdev object to get freed we now free the
private driver-internal data on SDIO shutdown. This allows us to remove
the obsolete hci-destruct callback and free our data object right away
after calling hci_unregister_dev(). The HCI-core does not call any
callbacks after this so we are never called again and can safely exit
the module.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:17 +0000 (15:47 +0100)]
Bluetooth: bpa10x: Free private driver data on usb shutdown
Instead of waiting for the hci-device to be destroyed we now free the
private driver data on driver shutdown right away. We call
hci_unregister_dev() on driver shutdown, that means, the hci-core will
never ever call our callbacks again except the destruct callback. It
also does not access hdev->driver_data so there is no reason to keep
that alive. We simply set the destruct cb to NULL to avoid getting
called again.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:16 +0000 (15:47 +0100)]
Bluetooth: btusb: Free driver data on USB shutdown
Instead of using the hci-destruct callback we free our private driver
data on USB shutdown. We already called hci_unregister_dev() here so the
hci core will never ever call our callbacks again except the destruct
callback.
However, there is no reason to keep our *private* driver data alive if
we get never called again and the hci-core does never touch it the data.
So we simply free it right away and set the destruct callback to NULL.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:15 +0000 (15:47 +0100)]
Bluetooth: bfusb: Free driver_data on USB shutdown
This frees the private driver data on USB shutdown instead of using the
hci-destruct callback. We already call usb_set_intfdata(intf, NULL) but
we do not do the same with the hci object. This would be totally safe,
though.
After calling hci_unregister_dev()/hci_free_dev() the hdev object will
never call any callback of us again except the destruct callback.
Therefore, we can safely set the destruct callback to NULL and free the
driver data right away. This allows to unload the module without
waiting for the hdev device to be released.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:14 +0000 (15:47 +0100)]
Bluetooth: vhci: Free driver_data on file release
This removes the hci-destruct callback and instead frees the private
driver data in the vhci_release file release function. There is no
reason to keep private driver data available if the driver has already
shut down.
After vhci_release is called our module can be unloaded. The only reason
it is kept alive is the hci-core having a module-ref on us because of
our destruct callback. However, this callback only frees
hdev->driver_data. That is, we wait for the hdev-device to get destroyed
to free our internal driver-data. In fact, the hci-core does never touch
hdev->driver_data so it doesn't care if it is NULL. Therefore, we simply
free it when unloading the driver.
Another important fact is that the hdev core does not call any callbacks
other than the destruct-cb after hci_unregister_dev() has been called.
So there is no function of our module that will be called nor does the
hci-core touch hdev->driver_data. Hence, no other code can touch
hdev->driver_data after our cleanup so the destruct callback is
definitely unnecessary here.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:13 +0000 (15:47 +0100)]
Bluetooth: dtl1-cs: Remove empty destruct cb
The destruct cb is optional so we can safely remove our dummy cb.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:12 +0000 (15:47 +0100)]
Bluetooth: btwilink: Remove empty destruct cb
The destruct cb is optional so remove our empty dummy cb.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:11 +0000 (15:47 +0100)]
Bluetooth: btuart-cs: Remove empty destruct cb
The destruct callback is optional and we provide an empty callback so
remove it.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:10 +0000 (15:47 +0100)]
Bluetooth: btmrvl: Remove empty destruct cb
The callback is optional and we provide an empty callback so remove it
entirely.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:09 +0000 (15:47 +0100)]
Bluetooth: bt3c-cs: Remove empty destruct cb
The callback is optional and we provide an empty callback so remove it.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:08 +0000 (15:47 +0100)]
Bluetooth: bluecard-cs: Remove empty destruct cb
The destruct callback is optional and we provide an empty callback so
remove it entirely to avoid unnecessary code.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:47:07 +0000 (15:47 +0100)]
Bluetooth: Make hci-destruct callback optional
Several drivers already provide an empty callback so we can actually
make this optional and then remove all those empty callbacks in the
drivers.
This callback isn't needed at all by most drivers as they can remove
their allocated structures on device disconnect and not on hci
destruction.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:19:41 +0000 (15:19 +0100)]
Bluetooth: dtl1: Fix memleak in probe()
We currently leak the driver info structure if dtl1_config fails. If we add a
kfree() to dtl1_release to fix this, then dtl1_release and dtl1_detach are
identical so this merges both functions.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:19:40 +0000 (15:19 +0100)]
Bluetooth: hci-uart-ath: Use GFP_ATOMIC in open()
The uart_proto open() callback is not called in atomic context so we can safely
sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler
and therefore can sleep.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:19:39 +0000 (15:19 +0100)]
Bluetooth: hci-uart-bcsp: Use GFP_ATOMIC in open()
The uart_proto open() callback is not called in atomic context so we can safely
sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler
and therefore can sleep.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
David Herrmann [Sat, 7 Jan 2012 14:19:38 +0000 (15:19 +0100)]
Bluetooth: hci-uart-h4: Use GFP_ATOMIC in open()
The uart_proto open() callback is not called in atomic context so we can safely
sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler
and therefore can sleep.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>