| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Change-Id: I1aaec157aa196f3448eff8636134fce89a814cf2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Another regression fix considering incomming l2cap connections with
defer_setup enabled. In situations when incomming connection is
extracted with l2cap_sock_accept, it's bt_sock info will have
'parent' member zerroed, but 'parent' may be used unconditionally
in l2cap_conn_start() and l2cap_security_cfm() when defer_setup
is enabled.
Backtrace:
[<bf02d5ac>] (l2cap_security_cfm+0x0/0x2ac [bluetooth]) from [<bf01f01c>] (hci_event_pac
ket+0xc2c/0x4aa4 [bluetooth])
[<bf01e3f0>] (hci_event_packet+0x0/0x4aa4 [bluetooth]) from [<bf01a844>] (hci_rx_task+0x
cc/0x27c [bluetooth])
[<bf01a778>] (hci_rx_task+0x0/0x27c [bluetooth]) from [<c008eee4>] (tasklet_action+0xa0/
0x15c)
[<c008ee44>] (tasklet_action+0x0/0x15c) from [<c008f38c>] (__do_softirq+0x98/0x130)
r7:00000101 r6:00000018 r5:00000001 r4:efc46000
[<c008f2f4>] (__do_softirq+0x0/0x130) from [<c008f524>] (do_softirq+0x4c/0x58)
[<c008f4d8>] (do_softirq+0x0/0x58) from [<c008f5e0>] (run_ksoftirqd+0xb0/0x1b4)
r4:efc46000 r3:00000001
[<c008f530>] (run_ksoftirqd+0x0/0x1b4) from [<c009f2a8>] (kthread+0x84/0x8c)
r7:00000000 r6:c008f530 r5:efc47fc4 r4:efc41f08
[<c009f224>] (kthread+0x0/0x8c) from [<c008cc84>] (do_exit+0x0/0x5f0)
Signed-off-by: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Caused by the following commit, partially revert it.
commit 9fa7e4f76f3658ba1f44fbdb95c77e7df3f53f95
Author: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Thu Jun 30 16:11:30 2011 -0300
Bluetooth: Fix regression with incoming L2CAP connections
PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that
( probably after the df3c3931e commit ) the l2cap connection
could not be established in case when the "Auth Complete" HCI
event does not arive before the initiator send "Configuration
request", in which case l2cap replies with "Command rejected"
since the channel is still in BT_CONNECT2 state.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that
( probably after the df3c3931e commit ) the l2cap connection
could not be established in case when the "Auth Complete" HCI
event does not arive before the initiator send "Configuration
request", in which case l2cap replies with "Command rejected"
since the channel is still in BT_CONNECT2 state.
Based on patch from: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A remote user can provide a small value for the command size field in
the command header of an l2cap configuration request, resulting in an
integer underflow when subtracting the size of the configuration request
header. This results in copying a very large amount of data via
memcpy() and destroying the kernel heap. Check for underflow.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When authentication completes we shouldn't blindly accept any pending
L2CAP connect requests. If the socket has the defer_setup feature
enabled it should still wait for user space acceptance of the connect
request. The issue only happens for non-SSP connections since with SSP
the L2CAP Connect request may not be sent for non-SDP PSMs before
authentication has completed successfully.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
read_lock() ... read_unlock_bh() is clearly bogus.
This was broken by
commit 23691d75cdc69c3b285211b4d77746aa20a17d18
Author: Gustavo F. Padovan <padovan@profusion.mobi>
Date: Wed Apr 27 18:26:32 2011 -0300
Bluetooth: Remove l2cap_sk_list
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
|
|
|
|
|
|
|
|
|
| |
net/bluetooth/l2cap_core.c: In function ‘l2cap_recv_frame’:
net/bluetooth/l2cap_core.c:3758:15: warning: ‘sk’ may be used uninitialized in this function
net/bluetooth/l2cap_core.c:3758:15: note: ‘sk’ was declared here
net/bluetooth/l2cap_core.c:3791:15: warning: ‘sk’ may be used uninitialized in this function
net/bluetooth/l2cap_core.c:3791:15: note: ‘sk’ was declared here
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|\
| |
| |
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
Conflicts:
drivers/net/wireless/iwlwifi/iwl-agn-tx.c
net/mac80211/sta_info.h
|
| |
| |
| |
| |
| |
| | |
They were added by me while testing and I forgot to remove.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A new list was added to replace the socket based one. This new list
doesn't depent on sock and then fits better inside l2cap_core.c code.
It also rename l2cap_chan_alloc() to l2cap_chan_create() and
l2cap_chan_free() to l2cap_chan_destroy)
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
When the user doesn't specify a psm we have the choose one for the
channel. Now we do this inside l2cap_add_psm().
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The intention is to get rid of the l2cap_sk_list usage inside
l2cap_core.c. l2cap_sk_list will soon be replaced by a list that does not
depend on socket usage.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
Conflicts:
drivers/net/wireless/libertas/if_cs.c
drivers/net/wireless/rtlwifi/pci.c
net/bluetooth/l2cap_sock.c
|
| |
| |
| |
| |
| |
| | |
A new l2cap_chan_free() is added to free the channels.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
There is no need to the socket deal directly with the channel, most of the
time it cares about the channel only.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
In this commit, psm, scid and dcid.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
In this commit, omtu, imtu, flush_to, mode and sport. It also remove the
pi var from l2cap_sock_sendmsg().
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
In this commit all ERTM and Streaming Mode specific vars.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
In this commit sec_level, force_reliable, role_switch and flushable.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| | |
l2cap_chan_connect() is a much better name and reflects what this
functions is doing (or will do once socket dependence is removed from the
core).
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
First move of elements depending on user data.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
net/bluetooth/mgmt.c
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Resolved logic conflicts causing a build failure due to
drivers/net/r8169.c changes using a patch from Stephen Rothwell.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When retrasmitting one frame, only SAR bits in control field should
be kept.
Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch lets 'l2cap_pinfo.unacked_frames' be incremented only
the first time a frame is transmitted.
Previously it was being incremented for retransmitted packets
too resulting the value to cross the transmit window size.
Signed-off-by: Suraj Sumangala <suraj@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
net/bluetooth/l2cap_core.c: In function ‘l2cap_recv_frame’:
net/bluetooth/l2cap_core.c:3612:15: warning: ‘sk’ may be used uninitialized in this function
net/bluetooth/l2cap_core.c:3612:15: note: ‘sk’ was declared here
Actually the problem is in the inline function l2cap_data_channel(), we
branch to the label 'done' which tests 'sk' before we set it to anything.
Initialize it to NULL to fix this.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression from the L2CAP "rewrite" patches.
Purge the tx_q already happens on l2cap_chan_del() so we don't need it at
l2cap_disconnect_req().
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
l2cap_get_sock_by_scid was changed to not lock the socket anymore, but I
forgot to change all the users of this function.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix an locking issue with the new l2cap_att_channel(). l2cap_att_channel()
was trying to lock a locked socket.
Reported-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
Despite it works, handling through l2cap_data_channel() is wrongs.
That function should handle only connection oriented data.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
tx_q is the queue used by ERTM mode.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
That was unnecessary use of it.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
Change some BT_DBG messages and consequently remove some struct sock
declarations.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of moving all the Channel related operation to struct l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
This is a regression acctually, caused by the first patch series for
creating a formal strcut l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel stuff to l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel stuff to l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
This also triggered a change in l2cap_send_disconn_req() parameters.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel stuff to l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel stuff to l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel stuff to l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
As part of the moving channel to stuff to struct l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is part of "moving things to l2cap_chan". As one the first move it
triggered a big number of changes in the funcions parameters, basically
changing the struct sock param to struct l2cap_chan.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| |
| | |
Move some channel specific stuff to l2cap_core.c, this will make things
more clear.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
They are also l2cap_chan specific.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |
| |
| |
| |
| |
| | |
ident is chan property, no need to reside on socket.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|