GitHub/LineageOS/android_kernel_motorola_exynos9610.git
10 years agoBluetooth: 6lowpan: Memory leak as the skb is not freed
Jukka Rissanen [Wed, 1 Oct 2014 08:30:26 +0000 (11:30 +0300)]
Bluetooth: 6lowpan: Memory leak as the skb is not freed

The earlier multicast commit 36b3dd250dde ("Bluetooth: 6lowpan:
Ensure header compression does not corrupt IPv6 header") lost one
skb free which then caused memory leak.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Fix lockdep warning with l2cap_chan_connect
Johan Hedberg [Thu, 2 Oct 2014 07:16:22 +0000 (10:16 +0300)]
Bluetooth: Fix lockdep warning with l2cap_chan_connect

The L2CAP connection's channel list lock (conn->chan_lock) must never be
taken while already holding a channel lock (chan->lock) in order to
avoid lock-inversion and lockdep warnings. So far the l2cap_chan_connect
function has acquired the chan->lock early in the function and then
later called l2cap_chan_add(conn, chan) which will try to take the
conn->chan_lock. This violates the correct order of taking the locks and
may lead to the following type of lockdep warnings:

-> #1 (&conn->chan_lock){+.+...}:
       [<c109324d>] lock_acquire+0x9d/0x140
       [<c188459c>] mutex_lock_nested+0x6c/0x420
       [<d0aab48e>] l2cap_chan_add+0x1e/0x40 [bluetooth]
       [<d0aac618>] l2cap_chan_connect+0x348/0x8f0 [bluetooth]
       [<d0cc9a91>] lowpan_control_write+0x221/0x2d0 [bluetooth_6lowpan]
-> #0 (&chan->lock){+.+.+.}:
       [<c10928d8>] __lock_acquire+0x1a18/0x1d20
       [<c109324d>] lock_acquire+0x9d/0x140
       [<c188459c>] mutex_lock_nested+0x6c/0x420
       [<d0ab05fd>] l2cap_connect_cfm+0x1dd/0x3f0 [bluetooth]
       [<d0a909c4>] hci_le_meta_evt+0x11a4/0x1260 [bluetooth]
       [<d0a910eb>] hci_event_packet+0x3ab/0x3120 [bluetooth]
       [<d0a7cb08>] hci_rx_work+0x208/0x4a0 [bluetooth]

       CPU0                    CPU1
       ----                    ----
  lock(&conn->chan_lock);
                               lock(&chan->lock);
                               lock(&conn->chan_lock);
  lock(&chan->lock);

Before calling l2cap_chan_add() the channel is not part of the
conn->chan_l list, and can therefore only be accessed by the L2CAP user
(such as l2cap_sock.c). We can therefore assume that it is the
responsibility of the user to handle mutual exclusion until this point
(which we can see is already true in l2cap_sock.c by it in many places
touching chan members without holding chan->lock).

Since the hci_conn and by exctension l2cap_conn creation in the
l2cap_chan_connect() function depend on chan details we cannot simply
add a mutex_lock(&conn->chan_lock) in the beginning of the function
(since the conn object doesn't yet exist there). What we can do however
is move the chan->lock taking later into the function where we already
have the conn object and can that way take conn->chan_lock first.

This patch implements the above strategy and does some other necessary
changes such as using __l2cap_chan_add() which assumes conn->chan_lock
is held, as well as adding a second needed label so the unlocking
happens as it should.

Reported-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: btusb: remove redundant lock variable
Amitkumar Karwar [Tue, 30 Sep 2014 11:39:05 +0000 (07:39 -0400)]
Bluetooth: btusb: remove redundant lock variable

This variable is nowhere used in the code.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: btmrvl: support Marvell Bluetooth device SD8887
Xinming Hu [Tue, 30 Sep 2014 10:45:33 +0000 (06:45 -0400)]
Bluetooth: btmrvl: support Marvell Bluetooth device SD8887

This patch adds driver support for marvell SD8887 chip.

Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Kevin Gan <ganhy@marvell.com>
Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: btmrvl: rename definitions from 88xx to 8897
Amitkumar Karwar [Tue, 30 Sep 2014 10:45:32 +0000 (06:45 -0400)]
Bluetooth: btmrvl: rename definitions from 88xx to 8897

Register offsets are different for SD8897 and newer chip SD8887.
We can not have common btmrvl_sdio_card_reg map for them.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: 6lowpan: Enable multicast support
Jukka Rissanen [Mon, 29 Sep 2014 13:37:26 +0000 (16:37 +0300)]
Bluetooth: 6lowpan: Enable multicast support

Set multicast support for 6lowpan network interface.
This is needed in every network interface that supports IPv6.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: 6lowpan: Ensure header compression does not corrupt IPv6 header
Jukka Rissanen [Mon, 29 Sep 2014 13:37:25 +0000 (16:37 +0300)]
Bluetooth: 6lowpan: Ensure header compression does not corrupt IPv6 header

If skb is going to multiple destinations, then make sure that we
do not overwrite the common IPv6 headers. So before compressing
the IPv6 headers, we copy the skb and that is then sent to 6LoWPAN
Bluetooth devices.

This is a similar patch as what was done for IEEE 802.154 6LoWPAN
in commit f19f4f9525cf3 ("ieee802154: 6lowpan: ensure header compression
does not corrupt ipv6 header")

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: 6lowpan: Make sure skb exists before accessing it
Jukka Rissanen [Mon, 29 Sep 2014 07:55:46 +0000 (10:55 +0300)]
Bluetooth: 6lowpan: Make sure skb exists before accessing it

We need to make sure that the saved skb exists when
resuming or suspending a CoC channel. This can happen if
initial credits is 0 when channel is connected.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Rename sco_param_wideband table to esco_param_msbc
Johan Hedberg [Thu, 25 Sep 2014 06:48:01 +0000 (09:48 +0300)]
Bluetooth: Rename sco_param_wideband table to esco_param_msbc

The sco_param_wideband table represents the eSCO parameters for
specifically mSBC encoding. This patch renames the table to the more
descriptive esco_param_msbc name.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add retransmission effort into SCO parameter table
Johan Hedberg [Wed, 24 Sep 2014 19:41:46 +0000 (22:41 +0300)]
Bluetooth: Add retransmission effort into SCO parameter table

It is expected that new parameter combinations will have the
retransmission effort value different between some entries (mainly
because of the new S4 configuration added by HFP 1.7), so it makes sense
to move it into the table instead of having it hard coded based on the
selected SCO_AIRMODE_*.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoieee802154: 6lowpan: ensure header compression does not corrupt ipv6 header
Simon Vincent [Wed, 24 Sep 2014 10:21:33 +0000 (12:21 +0200)]
ieee802154: 6lowpan: ensure header compression does not corrupt ipv6 header

The 6lowpan ipv6 header compression was causing problems for other interfaces
that expected a ipv6 header to still be in place, as we were replacing the
ipv6 header with a compressed version. This happened if you sent a packet to a
multicast address as the packet would be output on 802.15.4, ethernet, and also
be sent to the loopback interface. The skb data was shared between these
interfaces so all interfaces ended up with a compressed ipv6 header.

The solution is to ensure that before we do any header compression we are not
sharing the skb or skb data with any other interface. If we are then we must
take a copy of the skb and skb data before modifying the ipv6 header.
The only place we can copy the skb is inside the xmit function so we don't
leave dangling references to skb.

This patch moves all the header compression to inside the xmit function. Very
little code has been changed it has mostly been moved from lowpan_header_create
to lowpan_xmit. At the top of the xmit function we now check if the skb is
shared and if so copy it. In lowpan_header_create all we do now is store the
source and destination addresses for use later when we compress the header.

Signed-off-by: Simon Vincent <simon.vincent@xsilon.com>
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agomrf24j40: use pr_* / dev_* instead of printk()
Varka Bhadram [Wed, 24 Sep 2014 10:21:32 +0000 (12:21 +0200)]
mrf24j40: use pr_* / dev_* instead of printk()

Replace printk() with dev_*() pr_*().

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alan Ott <alan@signal11.us>
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agomrf24j40: remove unnecessary return statement
Varka Bhadram [Wed, 24 Sep 2014 10:21:31 +0000 (12:21 +0200)]
mrf24j40: remove unnecessary return statement

Remove the return statement in the void function.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alan Ott <alan@signal11.us>
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agomrf24j40: fix Missing a blank line after declarations
Varka Bhadram [Wed, 24 Sep 2014 10:21:30 +0000 (12:21 +0200)]
mrf24j40: fix Missing a blank line after declarations

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alan Ott <alan@signal11.us>
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix reason code used for rejecting SCO connections
Johan Hedberg [Wed, 24 Sep 2014 10:14:46 +0000 (13:14 +0300)]
Bluetooth: Fix reason code used for rejecting SCO connections

The core specification defines valid values for the
HCI_Reject_Synchronous_Connection_Request command to be 0x0D-0x0F. So
far the code has been using HCI_ERROR_REMOTE_USER_TERM (0x13) which is
not a valid value and is therefore being rejected by some controllers:

 > HCI Event: Connect Request (0x04) plen 10
bdaddr 40:6F:2A:6A:E5:E0 class 0x000000 type eSCO
 < HCI Command: Reject Synchronous Connection (0x01|0x002a) plen 7
bdaddr 40:6F:2A:6A:E5:E0 reason 0x13
Reason: Remote User Terminated Connection
 > HCI Event: Command Status (0x0f) plen 4
Reject Synchronous Connection (0x01|0x002a) status 0x12 ncmd 1
Error: Invalid HCI Command Parameters

This patch introduces a new define for a value from the valid range
(0x0d == Connection Rejected Due To Limited Resources) and uses it
instead for rejecting incoming connections.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Convert bt_<level> logging functions to return void
Joe Perches [Mon, 22 Sep 2014 18:17:41 +0000 (11:17 -0700)]
Bluetooth: Convert bt_<level> logging functions to return void

No caller or macro uses the return value so make all
the functions return void.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Check for SCO type before setting retransmission effort
Bernhard Thaler [Tue, 23 Sep 2014 09:01:07 +0000 (11:01 +0200)]
Bluetooth: Check for SCO type before setting retransmission effort

SCO connection cannot be setup to devices that do not support retransmission.
Patch based on http://permalink.gmane.org/gmane.linux.bluez.kernel/7779 and
adapted for this kernel version.

Code changed to check SCO/eSCO type before setting retransmission effort
and max. latency. The purpose of the patch is to support older devices not
capable of eSCO.

Tested on Blackberry 655+ headset which does not support retransmission.
Credits go to Alexander Sommerhuber.

Signed-off-by: Bernhard Thaler <bernhard.thaler@r-it.at>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix setting correct security level when initiating SMP
Johan Hedberg [Thu, 18 Sep 2014 08:26:32 +0000 (11:26 +0300)]
Bluetooth: Fix setting correct security level when initiating SMP

We can only determine the final security level when both pairing request
and response have been exchanged. When initiating pairing the starting
target security level is set to MEDIUM unless explicitly specified to be
HIGH, so that we can still perform pairing even if the remote doesn't
have MITM capabilities. However, once we've received the pairing
response we should re-consult the remote and local IO capabilities and
upgrade the target security level if necessary.

Without this patch the resulting Long Term Key will occasionally be
reported to be unauthenticated when it in reality is an authenticated
one.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoBluetooth: Remove exported hci_recv_fragment function
Marcel Holtmann [Tue, 16 Sep 2014 19:36:09 +0000 (21:36 +0200)]
Bluetooth: Remove exported hci_recv_fragment function

The hci_recv_fragment function is no longer used by any driver and thus
do not export it. In fact it is not even needed by the core and it can
be removed altogether.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btusb: Implement driver internal packet reassembly
Marcel Holtmann [Tue, 16 Sep 2014 06:00:29 +0000 (08:00 +0200)]
Bluetooth: btusb: Implement driver internal packet reassembly

When receiving USB interrupt, bulk or isochronous packet, they normally
come in fragments. So far the driver just handed each fragment off to
the hci_recv_fragment function of the Bluetooth core. That function is
however so specific that is does not belong in the core. This patch
implements the same reassembly logic in the driver.

In addition this fixes a long standing bug where multiple complete
packets are received within a single USB packet.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btusb: Split fragement receiption into separate functions
Marcel Holtmann [Tue, 16 Sep 2014 03:33:33 +0000 (05:33 +0200)]
Bluetooth: btusb: Split fragement receiption into separate functions

The actual packet reassembly should be done inside the driver. To allow
this to happen cleanly in future patches, split the fragment reception
into its own functions.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btusb: Fix old coding style issues
Marcel Holtmann [Tue, 16 Sep 2014 02:44:50 +0000 (04:44 +0200)]
Bluetooth: btusb: Fix old coding style issues

The btusb driver has been around for a while now and it is time to
bring its coding style in sync with what has been done for the
Bluetooth subsystem and other drivers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoMAINTAINERS: add maintainer for generic 6LoWPAN
Jukka Rissanen [Mon, 15 Sep 2014 08:03:36 +0000 (11:03 +0300)]
MAINTAINERS: add maintainer for generic 6LoWPAN

Add Jukka to 6LoWPAN maintainer list. He will concentrate on
generic and bluetooth part of 6LoWPAN stack.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Provide HCI command opcode information to driver
Marcel Holtmann [Sun, 14 Sep 2014 21:06:28 +0000 (23:06 +0200)]
Bluetooth: Provide HCI command opcode information to driver

The Bluetooth core already does processing of the HCI command header
and puts it together before sending it to the driver. It is not really
efficient for the driver to look at the HCI command header again in
case it has to make certain decisions about certain commands. To make
this easier, just provide the opcode as part of the SKB control buffer
information. The extra information about the opcode is optional and
only provided for HCI commands.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: Add BUILD_BUG_ON check for SKB control buffer size
Marcel Holtmann [Sun, 14 Sep 2014 20:50:46 +0000 (22:50 +0200)]
Bluetooth: Add BUILD_BUG_ON check for SKB control buffer size

The struct bt_skb_cb size needs to stay within the limits of skb->cb
at all times and to ensure that add a BUILD_BUG_ON to check for it at
compile time.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btusb: Separate TX URB allocation and submission
Marcel Holtmann [Sun, 14 Sep 2014 07:11:06 +0000 (09:11 +0200)]
Bluetooth: btusb: Separate TX URB allocation and submission

The complete TX URB handling is done via a switch statement in the
btusb_send_frame function. To allow for more clear separation between
control, bulk and isoc URBs, split them into allocation and submission.

Previously the inc_tx function has been used for tracking in-flight
URB for HCI commands and ACL data packets. Convert that into a common
function that either submits the URB or queues it when needed.

This provides the flexibility to allow vendor specific hdev->send_frame
callbacks without having to duplicate the whole URB handling logic.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
10 years agoBluetooth: btusb: Use GFP_KERNEL in btusb_send_frame()
Johan Hedberg [Sun, 14 Sep 2014 05:49:34 +0000 (08:49 +0300)]
Bluetooth: btusb: Use GFP_KERNEL in btusb_send_frame()

All hdev->send() calls are these days done through a work queue. For the
btusb driver this means the btusb_send_frame() function. Because of this
we can safely use GFP_KERNEL for all memory allocations in this code
path.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix re-setting RPA as expired when deferring update
Johan Hedberg [Fri, 12 Sep 2014 16:31:52 +0000 (09:31 -0700)]
Bluetooth: Fix re-setting RPA as expired when deferring update

The hci_update_random_address will clear the RPA_EXPIRED flag and
proceed with setting a new one if the flag was set. However, the
set_random_addr() function that is called may choose to defer the update
to a later moment. In such a case the flag would incorrectly remain
unset unless set_random_addr() re-sets it. This patch fixes the issue.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Expire RPA if encryption fails
Johan Hedberg [Thu, 11 Sep 2014 05:16:35 +0000 (22:16 -0700)]
Bluetooth: Expire RPA if encryption fails

If encryption fails and we're using an RPA it may be because of a
conflict with another device. To avoid repeated failures the safest
action is to simply mark the RPA as expired so that a new one gets
generated as soon as the connection drops.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Avoid hard-coded IO capability values in SMP
Johan Hedberg [Thu, 11 Sep 2014 00:58:54 +0000 (17:58 -0700)]
Bluetooth: Avoid hard-coded IO capability values in SMP

This is a trivial change to use a proper define for the NoInputNoOutput
IO capability instead of hard-coded values.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix L2CAP information request handling for fixed channels
Johan Hedberg [Thu, 11 Sep 2014 00:37:46 +0000 (17:37 -0700)]
Bluetooth: Fix L2CAP information request handling for fixed channels

Even if we have no connection-oriented channels we should perform the
L2CAP Information Request procedures before notifying L2CAP channels of
the connection. This is so that the L2CAP channel implementations can
perform checks on what the remote side supports (e.g. does it support
the fixed channel in question).

So far the code has relied on the l2cap_do_start() function to initiate
the Information Request, however l2cap_do_start() is used on a
per-channel basis and only for connection-oriented channels. This means
that if there are no connection-oriented channels on the system we would
never start the Information Request procedure.

This patch creates a new l2cap_request_info() helper function to
initiate the Information Request procedure, and ensures that it is
called whenever a BR/EDR connection has been established. The patch also
updates fixed channels to be notified of connection readiness only once
the Information Request procedure has completed.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add smp_ltk_sec_level() helper function
Johan Hedberg [Thu, 11 Sep 2014 00:37:45 +0000 (17:37 -0700)]
Bluetooth: Add smp_ltk_sec_level() helper function

There are several places that need to determine the security level that
an LTK can provide. This patch adds a convenience function for this to
help make the code more readable.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix SMP security level when we have no IO capabilities
Johan Hedberg [Thu, 11 Sep 2014 00:37:44 +0000 (17:37 -0700)]
Bluetooth: Fix SMP security level when we have no IO capabilities

When the local IO capability is NoInputNoOutput any attempt to convert
the remote authentication requirement to a target security level is
futile. This patch makes sure that we set the target security level at
most to MEDIUM if the local IO capability is NoInputNoOutput.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Centralize disallowing SMP commands to a single place
Johan Hedberg [Thu, 11 Sep 2014 00:37:43 +0000 (17:37 -0700)]
Bluetooth: Centralize disallowing SMP commands to a single place

All the cases where we mark SMP commands as dissalowed are their
respective command handlers. We can therefore simplify the code by
always clearing the bit immediately after testing it. This patch
converts the corresponding test_bit() call to a test_and_clear_bit()
call and also removes the now unused SMP_DISALLOW_CMD macro.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix ignoring unknown SMP authentication requirement bits
Johan Hedberg [Thu, 11 Sep 2014 00:37:42 +0000 (17:37 -0700)]
Bluetooth: Fix ignoring unknown SMP authentication requirement bits

The SMP specification states that we should ignore any unknown bits from
the authentication requirement. We already have a define for masking out
unknown bits but we haven't used it in all places so far. This patch
adds usage of the AUTH_REQ_MASK to all places that need it and ensures
that we don't pass unknown bits onward to other functions.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary early initialization of variable
Johan Hedberg [Thu, 11 Sep 2014 00:37:41 +0000 (17:37 -0700)]
Bluetooth: Remove unnecessary early initialization of variable

We do nothing else with the auth variable in smp_cmd_pairing_rsp()
besides passing it to tk_request() which in turn only cares about
whether one of the sides had the MITM bit set. It is therefore
unnecessary to assign a value to it until just before calling
tk_request(), and this value can simply be the bit-wise or of the local
and remote requirements.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix allowing SMP Signing info PDU
Johan Hedberg [Tue, 9 Sep 2014 23:21:46 +0000 (16:21 -0700)]
Bluetooth: Fix allowing SMP Signing info PDU

If the remote side is not distributing its IRK but is distributing the
CSRK the next PDU after master identification is the Signing
Information. This patch fixes a missing SMP_ALLOW_CMD() for this in the
smp_cmd_master_ident() function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: 6lowpan: Route packets that are not meant to peer via correct device
Jukka Rissanen [Mon, 8 Sep 2014 09:11:45 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Route packets that are not meant to peer via correct device

Packets that are supposed to be delivered via the peer device need to
be checked and sent to correct device. This requires that user has set
the routes properly so that the 6lowpan module can then figure out
the destination gateway and the correct Bluetooth device.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: 6lowpan: Set the peer IPv6 address correctly
Jukka Rissanen [Mon, 8 Sep 2014 09:11:44 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Set the peer IPv6 address correctly

The peer IPv6 address contained wrong U/L bit in the EUI-64 part.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: 6lowpan: Increase the connection timeout value
Jukka Rissanen [Mon, 8 Sep 2014 09:11:43 +0000 (12:11 +0300)]
Bluetooth: 6lowpan: Increase the connection timeout value

Use the default connection timeout value defined in l2cap.h because
the current timeout was too short and most of the time the connection
attempts timed out.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.17.x
10 years agoBluetooth: Fix issue with USB suspend in btusb driver
Champion Chen [Sat, 6 Sep 2014 19:06:08 +0000 (14:06 -0500)]
Bluetooth: Fix issue with USB suspend in btusb driver

Suspend could fail for some platforms because
btusb_suspend==> btusb_stop_traffic ==> usb_kill_anchored_urbs.

When btusb_bulk_complete returns before system suspend and resubmits
an URB, the system cannot enter suspend state.

Signed-off-by: Champion Chen <champion_chen@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoBluetooth: Fix mgmt pairing failure when authentication fails
Johan Hedberg [Tue, 9 Sep 2014 00:09:49 +0000 (17:09 -0700)]
Bluetooth: Fix mgmt pairing failure when authentication fails

Whether through HCI with BR/EDR or SMP with LE when authentication fails
we should also notify any pending Pair Device mgmt command. This patch
updates the mgmt_auth_failed function to take the actual hci_conn object
and makes sure that any pending pairing command is notified and cleaned
up appropriately.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix dereferencing conn variable before NULL check
Johan Hedberg [Sat, 6 Sep 2014 03:59:10 +0000 (06:59 +0300)]
Bluetooth: Fix dereferencing conn variable before NULL check

This patch fixes the following type of static analyzer warning (and
probably a real bug as well as the NULL check should be there for a
reason):

net/bluetooth/smp.c:1182 smp_conn_security() warn: variable dereferenced before check 'conn' (see line 1174)

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: LLVMLinux: Remove VLAIS from bluetooth/amp.c
Behan Webster [Fri, 5 Sep 2014 23:03:34 +0000 (16:03 -0700)]
Bluetooth: LLVMLinux: Remove VLAIS from bluetooth/amp.c

Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using an char array.

The new code can be compiled with both gcc and clang.

struct shash_desc contains a flexible array member member ctx declared with
CRYPTO_MINALIGN_ATTR, so sizeof(struct shash_desc) aligns the beginning
of the array declared after struct shash_desc with long long.

No trailing padding is required because it is not a struct type that can
be used in an array.

The CRYPTO_MINALIGN_ATTR is required so that desc is aligned with long long
as would be the case for a struct containing a member with
CRYPTO_MINALIGN_ATTR.

Signed-off-by: Behan Webster <behanw@converseincode.com>
Signed-off-by: Mark Charlebois <charlebm@gmail.com>
Signed-off-by: Jan-Simon Möller <dl9pf@gmx.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add strict checks for allowed SMP PDUs
Johan Hedberg [Fri, 5 Sep 2014 19:19:55 +0000 (22:19 +0300)]
Bluetooth: Add strict checks for allowed SMP PDUs

SMP defines quite clearly when certain PDUs are to be expected/allowed
and when not, but doesn't have any explicit request/response definition.
So far the code has relied on each PDU handler to behave correctly if
receiving PDUs at an unexpected moment, however this requires many
different checks and is prone to errors.

This patch introduces a generic way to keep track of allowed PDUs and
thereby reduces the responsibility & load on individual command
handlers. The tracking is implemented using a simple bit-mask where each
opcode maps to its own bit. If the bit is set the corresponding PDU is
allow and if the bit is not set the PDU is not allowed.

As a simple example, when we send the Pairing Request we'd set the bit
for Pairing Response, and when we receive the Pairing Response we'd
clear the bit for Pairing Response.

Since the disallowed PDU rejection is now done in a single central place
we need to be a bit careful of which action makes most sense to all
cases. Previously some, such as Security Request, have been simply
ignored whereas others have caused an explicit disconnect.

The only PDU rejection action that keeps good interoperability and can
be used for all the applicable use cases is to drop the data. This may
raise some concerns of us now being more lenient for misbehaving (and
potentially malicious) devices, but the policy of simply dropping data
has been a successful one for many years e.g. in L2CAP (where this is
the *only* policy for such cases - we never request disconnection in
l2cap_core.c because of bad data). Furthermore, we cannot prevent
connected devices from creating the SMP context (through a Security or
Pairing Request), and once the context exists looking up the
corresponding bit for the received opcode and deciding to reject it is
essentially an equally lightweight operation as the kind of rejection
that l2cap_core.c already successfully does.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix calling smp_distribute_keys() when still waiting for keys
Johan Hedberg [Fri, 5 Sep 2014 19:19:54 +0000 (22:19 +0300)]
Bluetooth: Fix calling smp_distribute_keys() when still waiting for keys

When we're in the process of receiving keys in phase 3 of SMP we keep
track of which keys are still expected in the smp->remote_key_dist
variable. If we still have some key bits set we need to continue waiting
for more PDUs and not needlessly call smp_distribute_keys(). This patch
fixes two such cases in the smp_cmd_master_ident() and
smp_cmd_ident_addr_info() handler functions.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add define for key distribution mask
Johan Hedberg [Fri, 5 Sep 2014 19:19:53 +0000 (22:19 +0300)]
Bluetooth: Add define for key distribution mask

This patch adds a define for the allowed bits of the key distribution
mask so we don't have to have magic 0x07 constants throughout the code.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix locking of the SMP context
Johan Hedberg [Fri, 5 Sep 2014 19:19:52 +0000 (22:19 +0300)]
Bluetooth: Fix locking of the SMP context

Before the move the l2cap_chan the SMP context (smp_chan) didn't have
any kind of proper locking. The best there existed was the
HCI_CONN_LE_SMP_PEND flag which was used to enable mutual exclusion for
potential multiple creators of the SMP context.

Now that SMP has been converted to use the l2cap_chan infrastructure and
since the SMP context is directly mapped to a corresponding l2cap_chan
we get the SMP context locking essentially for free through the
l2cap_chan lock. For all callbacks that l2cap_core.c makes for each
channel implementation (smp.c in the case of SMP) the l2cap_chan lock is
held through l2cap_chan_lock(chan).

Since the calls from l2cap_core.c to smp.c are covered the only missing
piece to have the locking implemented properly is to ensure that the
lock is held for any other call path that may access the SMP context.
This means user responses through mgmt.c, requests to elevate the
security of a connection through hci_conn.c, as well as any deferred
work through workqueues.

This patch adds the necessary locking to all these other code paths that
try to access the SMP context. Since mutual exclusion for the l2cap_chan
access is now covered from all directions the patch also removes
unnecessary HCI_CONN_LE_SMP_PEND flag (once we've acquired the chan lock
we can simply check whether chan->smp is set to know if there's an SMP
context).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary deferred work for SMP key distribution
Johan Hedberg [Fri, 5 Sep 2014 19:19:51 +0000 (22:19 +0300)]
Bluetooth: Remove unnecessary deferred work for SMP key distribution

Now that the identity address update happens through its own deferred
work there's no need to have smp_distribute_keys anymore behind a second
deferred work. This patch removes this extra construction and makes the
code do direct calls to smp_distribute_keys() again.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Move identity address update behind a workqueue
Johan Hedberg [Fri, 5 Sep 2014 19:19:50 +0000 (22:19 +0300)]
Bluetooth: Move identity address update behind a workqueue

The identity address update of all channels for an l2cap_conn needs to
take the lock for each channel, i.e. it's safest to do this by a
separate workqueue callback.

Previously this was partially solved by moving the entire SMP key
distribution behind a workqueue. However, if we want SMP context locking
to be correct and safe we should always use the l2cap_chan lock when
accessing it, meaning even smp_distribute_keys needs to take that lock
which would once again create a dead lock when updating the identity
address.

The simplest way to solve this is to have l2cap_conn manage the deferred
work which is what this patch does. A subsequent patch will remove the
now unnecessary SMP key distribution work struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Don't take any action in smp_resume_cb if not encrypted
Johan Hedberg [Fri, 5 Sep 2014 19:19:49 +0000 (22:19 +0300)]
Bluetooth: Don't take any action in smp_resume_cb if not encrypted

When smp_resume_cb is called if we're not encrypted (i.e. the callback
wasn't called because the connection became encrypted) we shouldn't take
any action at all. This patch moves also the security_timer cancellation
behind this condition.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary checks after canceling SMP security timer
Johan Hedberg [Fri, 5 Sep 2014 19:19:48 +0000 (22:19 +0300)]
Bluetooth: Remove unnecessary checks after canceling SMP security timer

The SMP security timer used to be able to modify the SMP context state
but now days it simply calls hci_disconnect(). It is therefore
unnecessary to have extra sanity checks for the SMP context after
canceling the timer.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Add clarifying comment for LE CoC result value
Johan Hedberg [Mon, 1 Sep 2014 06:45:03 +0000 (09:45 +0300)]
Bluetooth: Add clarifying comment for LE CoC result value

The "pending" L2CAP response value is not defined for LE CoC. This patch
adds a clarifying comment to the code so that the reader will not think
there is a bug in trying to use this value for LE CoC.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Move clock offset reading into hci_disconnect()
Johan Hedberg [Mon, 18 Aug 2014 17:33:34 +0000 (20:33 +0300)]
Bluetooth: Move clock offset reading into hci_disconnect()

To give all hci_disconnect() users the advantage of getting the clock
offset read automatically this patch moves the necessary code from
hci_conn_timeout() into hci_disconnect(). This way we pretty much always
update the clock offset when disconnecting.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use hci_disconnect() for mgmt_disconnect_device()
Johan Hedberg [Mon, 18 Aug 2014 17:33:33 +0000 (20:33 +0300)]
Bluetooth: Use hci_disconnect() for mgmt_disconnect_device()

There's no reason to custom build the HCI_Disconnect command in the
Disconnect Device mgmt command handler. This patch updates the code to
use hci_disconnect() instead.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Update hci_disconnect() to return an error value
Johan Hedberg [Mon, 18 Aug 2014 17:33:32 +0000 (20:33 +0300)]
Bluetooth: Update hci_disconnect() to return an error value

We'll soon use hci_disconnect() from places that are interested to know
whether the hci_send_cmd() really succeeded or not. This patch updates
hci_disconnect() to pass on any error returned from hci_send_cmd().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix SMP error and response to be mutually exclusive
Johan Hedberg [Mon, 18 Aug 2014 17:33:31 +0000 (20:33 +0300)]
Bluetooth: Fix SMP error and response to be mutually exclusive

Returning failure from the SMP data parsing function will cause an
immediate disconnect, making any attempts to send a response PDU futile.
This patch updates the function to always either send a response or
return an error, but never both at the same time:

* In the case that HCI_LE_ENABLED is not set we want to send a Pairing Not
  Supported response but it is not required to force a disconnection, so
  do not set the error return in this case.

* If we get garbage SMP data we can just fail with the handler function
  instead of also trying to send an SMP Failure PDU.

* There's no reason to force a disconnection if we receive an unknown SMP
  command. Instead simply send a proper Command Not Supported SMP
  response.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unused l2cap_conn_shutdown API
Johan Hedberg [Mon, 18 Aug 2014 17:33:30 +0000 (20:33 +0300)]
Bluetooth: Remove unused l2cap_conn_shutdown API

Now that there are no more users of the l2cap_conn_shutdown API (since
smp.c switched to using hci_disconnect) we can simply remove it along
with all of it's l2cap_conn variables.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use hci_disconnect for immediate disconnection from SMP
Johan Hedberg [Mon, 18 Aug 2014 17:33:29 +0000 (20:33 +0300)]
Bluetooth: Use hci_disconnect for immediate disconnection from SMP

Relying on the l2cap_conn_del procedure (triggered through the
l2cap_conn_shutdown API) to get the connection disconnected is not
reliable as it depends on all users releasing (through hci_conn_drop)
and that there's at least one user (so hci_conn_drop is called at least
one time).

A much simpler and more reliable solution is to call hci_disconnect()
directly from the SMP code when we want to disconnect. One side-effect
this has is that it prevents any SMP Failure PDU from being sent before
the disconnection, however neither one of the scenarios where
l2cap_conn_shutdown was used really requires this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set discon_timeout to 0 in l2cap_conn_del
Johan Hedberg [Mon, 18 Aug 2014 17:33:28 +0000 (20:33 +0300)]
Bluetooth: Set discon_timeout to 0 in l2cap_conn_del

When the l2cap_conn_del() function is used we do not want to wait around
"in case something happens" before disconnecting. This patch sets the
disconnection timeout to 0 so that the disconnection routines get
immediately scheduled.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove hci_conn_hold/drop from hci_chan
Johan Hedberg [Mon, 18 Aug 2014 17:33:27 +0000 (20:33 +0300)]
Bluetooth: Remove hci_conn_hold/drop from hci_chan

We can't have hci_chan contribute to the "active" reference counting of
the hci_conn since otherwise the connection would never get dropped when
there are no more users (since hci_chan would be counted as a user).
This patch removes hold() when creating the hci_chan and drop() when
destroying it.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Ignore incoming data after initiating disconnection
Johan Hedberg [Sun, 17 Aug 2014 21:41:44 +0000 (00:41 +0300)]
Bluetooth: Ignore incoming data after initiating disconnection

When hci_chan_del is called the disconnection routines get scheduled
through a workqueue. If there's any incoming ACL data before the
routines get executed there's a chance that a new hci_chan is created
and the disconnection never happens. This patch adds a new hci_conn flag
to indicate that we're in the process of driving the connection down. We
set the flag in hci_chan_del and check for it in hci_chan_create so that
no new channels are created for the same connection.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set disc_timeout to 0 when calling hci_chan_del
Johan Hedberg [Sun, 17 Aug 2014 21:41:43 +0000 (00:41 +0300)]
Bluetooth: Set disc_timeout to 0 when calling hci_chan_del

The hci_chan_del() function is used in scenarios where we've decided we
want to get rid of the underlying baseband link. It makes therefore
sense to force the disc_timeout to 0 so that the disconnection routines
are immediately scheduled.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix hci_conn reference counting with hci_chan
Johan Hedberg [Sun, 17 Aug 2014 21:41:42 +0000 (00:41 +0300)]
Bluetooth: Fix hci_conn reference counting with hci_chan

The hci_chan_del() function was doing a hci_conn_drop() but there was no
matching hci_conn_hold() in the hci_chan_create() function. Furthermore,
as the hci_chan struct holds a pointer to the hci_conn there should be
proper use of hci_conn_get/put. This patch fixes both issues so that
hci_chan does correct reference counting of the hci_conn object.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Use zero timeout for immediate scheduling
Johan Hedberg [Sun, 17 Aug 2014 21:41:41 +0000 (00:41 +0300)]
Bluetooth: Use zero timeout for immediate scheduling

There's no point in passing a "small" timeout to queue_delayed_work() to
try to get the callback faster scheduled. Passing 0 is perfectly valid
and will cause a shortcut to a direct queue_work().

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Refactor connection parameter freeing into its own function
Johan Hedberg [Fri, 15 Aug 2014 18:06:59 +0000 (21:06 +0300)]
Bluetooth: Refactor connection parameter freeing into its own function

The necessary steps for freeing connection paramaters have grown quite a
bit so we can simplify the code by factoring it out into its own
function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix using hci_conn_get() for hci_conn pointers
Johan Hedberg [Sun, 17 Aug 2014 20:28:57 +0000 (23:28 +0300)]
Bluetooth: Fix using hci_conn_get() for hci_conn pointers

Wherever we keep hci_conn pointers around we should be using
hci_conn_get/put to ensure that they stay valid. This patch fixes
all places violating against the principle currently.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Improve *_get() functions to return the object type
Johan Hedberg [Fri, 15 Aug 2014 18:06:57 +0000 (21:06 +0300)]
Bluetooth: Improve *_get() functions to return the object type

It's natural to have *_get() functions that increment the reference
count of an object to return the object type itself. This way it's
simple to make a copy of the object pointer and increase the reference
count in a single step. This patch updates two such get() functions,
namely hci_conn_get() and l2cap_conn_get(), and updates the users to
take advantage of the new API.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Optimize connection parameter lookup for LE connections
Johan Hedberg [Fri, 15 Aug 2014 18:06:56 +0000 (21:06 +0300)]
Bluetooth: Optimize connection parameter lookup for LE connections

When we get an LE connection complete event there's really no reason to
look through the entire connection parameter list as the entry should be
present in the hdev->pend_le_conns list too. This patch changes the
lookup code to do a more restricted lookup only in the pend_le_conns
list.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Set addr_type only when it's needed
Johan Hedberg [Fri, 15 Aug 2014 18:06:55 +0000 (21:06 +0300)]
Bluetooth: Set addr_type only when it's needed

In the hci_le_conn_complete_evt() function there's no need to set the
addr_type value until it's actually needed, i.e. for the black list
lookup. This patch moves the code a bit further down in the function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix hci_conn reference counting for fixed channels
Johan Hedberg [Fri, 15 Aug 2014 18:17:06 +0000 (21:17 +0300)]
Bluetooth: Fix hci_conn reference counting for fixed channels

Now that SMP has been converted to use fixed channels we've got a bit of
a problem with the hci_conn reference counting. So far the L2CAP code
has kept a reference for each L2CAP channel that was notified of the
connection. With SMP however this would mean that the connection is
never dropped even though there are no other users of it. Furthermore,
SMP already does its own hci_conn reference counting internally,
starting from a security or pairing request and ending with the key
distribution.

This patch makes L2CAP fixed channels default to the L2CAP core not
keeping a hci_conn reference for them. A new FLAG_HOLD_HCI_CONN flag is
added so that L2CAP users can declare an exception to this rule and hold
a reference even for their fixed channels. One such exception is the
L2CAP socket layer which does want a reference for each socket (e.g. an
ATT socket which uses a fixed channel).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Remove unnecessary l2cap_chan_unlock before l2cap_chan_add
Johan Hedberg [Fri, 15 Aug 2014 18:06:52 +0000 (21:06 +0300)]
Bluetooth: Remove unnecessary l2cap_chan_unlock before l2cap_chan_add

The l2cap_chan_add() function doesn't require the channel to be
unlocked. It only requires the l2cap_conn to be unlocked. Therefore,
it's unnecessary to unlock a channel before calling l2cap_chan_add().
This patch removes such unnecessary unlocking from the
l2cap_chan_connect() function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
10 years agoBluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU
Johan Hedberg [Fri, 15 Aug 2014 18:06:51 +0000 (21:06 +0300)]
Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU

The l2cap_create_le_flowctl_pdu() function that l2cap_segment_le_sdu()
calls is perfectly capable of doing packet fragmentation if given bigger
PDUs than the HCI buffers allow. Forcing the PDU length based on the HCI
MTU (conn->mtu) would therefore needlessly strict operation on hardware
with limited LE buffers (e.g. both Intel and Broadcom seem to have this
set to just 27 bytes).

This patch removes the restriction and makes it possible to send PDUs of
the full length that the remote MPS value allows.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
10 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville [Mon, 8 Sep 2014 15:14:56 +0000 (11:14 -0400)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless

10 years agoath5k: added debugfs file for dumping eeprom
Jade Bilkey [Sat, 30 Aug 2014 19:14:14 +0000 (15:14 -0400)]
ath5k: added debugfs file for dumping eeprom

Signed-off-by: Jade Bilkey <herself@thefumon.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agobcma: get info about flash type SoC booted from
Rafał Miłecki [Wed, 3 Sep 2014 08:35:13 +0000 (10:35 +0200)]
bcma: get info about flash type SoC booted from

There is an ongoing work on cleaning MIPS's nvram support so it could be
re-used on other platforms (bcm53xx to say precisely).
This will require a bit of extra logic in bcma this patch implements.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Thu, 4 Sep 2014 17:45:56 +0000 (13:45 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-next

10 years agoMerge tag 'mac80211-next-for-john-2014-08-29' of git://git.kernel.org/pub/scm/linux...
John W. Linville [Thu, 4 Sep 2014 17:41:33 +0000 (13:41 -0400)]
Merge tag 'mac80211-next-for-john-2014-08-29' of git://git./linux/kernel/git/jberg/mac80211-next

Johannes Berg <johannes@sipsolutions.net> says:

"Not that much content this time. Some RCU cleanups, crypto
performance improvements, and various patches all over,
rather than listing them one might as well look into the
git log instead."

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Conflicts:
drivers/net/wireless/ath/wil6210/wmi.c

10 years agoMerge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi...
John W. Linville [Thu, 4 Sep 2014 17:12:02 +0000 (13:12 -0400)]
Merge branch 'for-john' of git://git./linux/kernel/git/iwlwifi/iwlwifi-fixes

10 years agoMerge tag 'mac80211-for-john-2014-08-29' of git://git.kernel.org/pub/scm/linux/kernel...
John W. Linville [Thu, 4 Sep 2014 17:08:24 +0000 (13:08 -0400)]
Merge tag 'mac80211-for-john-2014-08-29' of git://git./linux/kernel/git/jberg/mac80211

Johannes Berg <johannes@sipsolutions.net> says:

"Here are a few fixes for mac80211. One has been discussed for a while
and adds a terminating NUL-byte to the alpha2 sent to userspace, which
shouldn't be necessary but since many places treat it as a string we
couldn't move to just sending two bytes.

In addition to that, we have two VLAN fixes from Felix, a mesh fix, a
fix for the recently introduced RX aggregation offload, a revert for
a broken patch (that luckily didn't really cause any harm) and a small
fix for alignment in debugfs."

Signed-off-by: John W. Linville <linville@redhat.com>
10 years agoiwlwifi: mvm: clean up AUX station handling
Johannes Berg [Mon, 4 Aug 2014 12:14:14 +0000 (14:14 +0200)]
iwlwifi: mvm: clean up AUX station handling

The auxiliary station is being handled using the internal
station helper functions, clean that up and make the helpers
static.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: clean up broadcast station handling
Johannes Berg [Mon, 4 Aug 2014 11:38:48 +0000 (13:38 +0200)]
iwlwifi: mvm: clean up broadcast station handling

Unify all the functions that handle the per-interface broadcast
station and make them have mvm and vif parameters. While at it,
add a new function to allocate the broadcast station instead of
open-coding it, and make the combined alloc+send and free+send
functions use the alloc/free & send functions.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: use iwl_mvm_mac_get_queues_mask() more
Johannes Berg [Fri, 1 Aug 2014 21:14:24 +0000 (23:14 +0200)]
iwlwifi: mvm: use iwl_mvm_mac_get_queues_mask() more

There are a few places that can call the function
iwl_mvm_mac_get_queues_mask() instead of open-coding the
equivalent, so do that. This requires changing it to return
the multicast queue as part of the bitmap, which broke GO
mode because including it in the broadcast station queues
seems to confuse the firmware, so work around that.

Also, the API defines that the CAB queue shouldn't be
included in the TFD queue mask, adjust the comment
accordingly (not a bug).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: use tdls indication from mac80211
Johannes Berg [Mon, 4 Aug 2014 12:33:42 +0000 (14:33 +0200)]
iwlwifi: mvm: use tdls indication from mac80211

Instead of checking whether a given station is the first to
be added on a client interface check for the new TDLS flag
and warn in the unexpected cases.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: clarify stop_count, remove transport_stopped
Johannes Berg [Fri, 1 Aug 2014 16:14:45 +0000 (18:14 +0200)]
iwlwifi: mvm: clarify stop_count, remove transport_stopped

The queue handling is a bit unclear - we have an array for
stop_count[IWL_MAX_HW_QUEUES] but indices really are the
mac80211 queue numbers. Change the array to be only of the
right size for mac80211 queues (IEEE80211_MAX_QUEUES) and
rename it to be clearer.

While at it, also remove the unused transport queue stop
bitmap in mvm.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: clean up FIFO definitions
Johannes Berg [Fri, 1 Aug 2014 18:48:25 +0000 (20:48 +0200)]
iwlwifi: mvm: clean up FIFO definitions

Move all FIFO definitions together into the firmware API
header file and use the same enum/naming scheme for the
command FIFO.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: correct firmware disassoc command sequence
Johannes Berg [Mon, 11 Aug 2014 19:37:30 +0000 (21:37 +0200)]
iwlwifi: mvm: correct firmware disassoc command sequence

The firmware would like to have a MAC context (unassoc)
before the AP station is removed (we do this) but would
like to keep the BSSID until after it is removed, so we
need to send two commands - one with the BSSID before
and one without the BSSID after.

In order to do this, we need to store the BSSID as it
will have been cleared by mac80211 by the time we get
notified of the disassociation. Also pass it around as
an override to the various functions needing it, and
keep taking it from the mac80211 data otherwise. This
avoids having to keep track of the BSSID in all modes.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: set the TX disable bit when doing a chanctx switch
Luciano Coelho [Thu, 8 May 2014 13:03:39 +0000 (16:03 +0300)]
iwlwifi: mvm: set the TX disable bit when doing a chanctx switch

During a channel switch we should tell the firmware to disable TX
temporarily and re-enable it after the switch is done.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: add Intel Mobile Communications copyright
Johannes Berg [Thu, 24 Jul 2014 12:05:26 +0000 (14:05 +0200)]
iwlwifi: add Intel Mobile Communications copyright

Our legal structure changed at some point (see wikipedia), but
we forgot to immediately switch over to the new copyright
notice.

For files that we have modified in the time since the change,
add the proper copyright notice now.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: trans: configure the scheduler enable register
Avri Altman [Thu, 24 Jul 2014 16:25:10 +0000 (19:25 +0300)]
iwlwifi: trans: configure the scheduler enable register

Currently the firmware is handling this, but that is wrong as it then
needs to assume a certain command queue, therefore this should be in
the driver; add it here so it can be removed from the firmware in the
future.

Signed-off-by: Avri Altman <avri.altman@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: trans: make aggregation explicit for TX queue handling
Johannes Berg [Fri, 1 Aug 2014 11:33:46 +0000 (13:33 +0200)]
iwlwifi: trans: make aggregation explicit for TX queue handling

Currently a valid sta_id is assumed to mean that the queue is
meant to also be aggregated, but that assumption will not be
true in the future, so don't make it in the lower level but
only in the inline wrapper.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: trans: allow skipping scheduler hardware config
Johannes Berg [Fri, 1 Aug 2014 10:17:40 +0000 (12:17 +0200)]
iwlwifi: trans: allow skipping scheduler hardware config

In a later patch, the hardware configuration will be moved to
firmware. Prepare for this by allowing hardware configuration
in the transport to be skipped by not passing a configuration
on enable and passing configure_scd=false on disable.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: fix comment typo
Eran Harary [Mon, 4 Aug 2014 09:21:05 +0000 (12:21 +0300)]
iwlwifi: mvm: fix comment typo

Signed-off-by: Eran Harary <eran.harary@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: don't export tracepoints unnecessarily
Johannes Berg [Tue, 5 Aug 2014 08:36:54 +0000 (10:36 +0200)]
iwlwifi: don't export tracepoints unnecessarily

The tracepoints that are only used in code linked with iwlwifi.ko,
as are the tracepoints, don't need to be exported, so don't.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add some debugging to quota allocation
Johannes Berg [Mon, 4 Aug 2014 14:39:54 +0000 (16:39 +0200)]
iwlwifi: mvm: add some debugging to quota allocation

In order to follow more easily what's going on, add some
debug statements to the quota allocation algorithm.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: enable passive fragmented scan changes
David Spinadel [Tue, 22 Jul 2014 10:11:18 +0000 (13:11 +0300)]
iwlwifi: mvm: enable passive fragmented scan changes

Enable fragmented scan that was diabled due to a FW bug.
New fixed FWs use a TLV bit to advertise fragmented scan support.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: trans: refactor txq_enable arguments
Johannes Berg [Fri, 1 Aug 2014 09:58:47 +0000 (11:58 +0200)]
iwlwifi: trans: refactor txq_enable arguments

Instead of having all arguments passed to the function,
add a struct to hold them and only pass some directly.

This will make future work in this area cleaner.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: consolidate hw scheduler configuration code
Avri Altman [Mon, 14 Jul 2014 06:40:27 +0000 (09:40 +0300)]
iwlwifi: consolidate hw scheduler configuration code

Configuring the hw scheduler during queue enablement is done by
writing the appropriate values to the scheduler peripherals, and
it is essentially the same for all buses.

Whenever writing is done via the standard iwl_write_prph, we can
avoid duplicating the code for each bus. Those operations are
queue deactivation, RA/TID mapping, chain-building settings,
enabling/disabling aggregations and activating/deactivating the
TX FIFOs.

Consolidate this code using static inlines in a new header file.

Signed-off-by: Avri Altman <avri.altman@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: wait for TE notif when protecting TDLS session
Liad Kaufman [Sun, 6 Jul 2014 14:14:39 +0000 (17:14 +0300)]
iwlwifi: mvm: wait for TE notif when protecting TDLS session

Make sure that when running the TDLS discovery session
protection - the time event that ensures we remain on channel
has been scheduled and started running before leaving.

Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
10 years agoiwlwifi: mvm: add option that allows a vif to disable PS
Luciano Coelho [Fri, 8 Aug 2014 16:50:46 +0000 (19:50 +0300)]
iwlwifi: mvm: add option that allows a vif to disable PS

We need to disable PS when a monitor vif is active or, in the future,
when a channel switch is happening.  Add a boolean to mvmvif that
allows PS to be disabled generically.  Additionally, make the monitor
interface use this new flag when it gets activated.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>