summaryrefslogtreecommitdiffstats
path: root/drivers/bluetooth/hci_bcsp.c
Commit message (Collapse)AuthorAgeFilesLines
* treewide: Convert del_timer*() to timer_shutdown*()Steven Rostedt (Google)2022-12-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to several bugs caused by timers being re-armed after they are shutdown and just before they are freed, a new state of timers was added called "shutdown". After a timer is set to this state, then it can no longer be re-armed. The following script was run to find all the trivial locations where del_timer() or del_timer_sync() is called in the same function that the object holding the timer is freed. It also ignores any locations where the timer->function is modified between the del_timer*() and the free(), as that is not considered a "trivial" case. This was created by using a coccinelle script and the following commands: $ cat timer.cocci @@ expression ptr, slab; identifier timer, rfield; @@ ( - del_timer(&ptr->timer); + timer_shutdown(&ptr->timer); | - del_timer_sync(&ptr->timer); + timer_shutdown_sync(&ptr->timer); ) ... when strict when != ptr->timer ( kfree_rcu(ptr, rfield); | kmem_cache_free(slab, ptr); | kfree(ptr); ) $ spatch timer.cocci . > /tmp/t.patch $ patch -p1 < /tmp/t.patch Link: https://lore.kernel.org/lkml/20221123201306.823305113@linutronix.de/ Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Acked-by: Pavel Machek <pavel@ucw.cz> [ LED ] Acked-by: Kalle Valo <kvalo@kernel.org> [ wireless ] Acked-by: Paolo Abeni <pabeni@redhat.com> [ networking ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()Yang Yingliang2022-12-121-1/+1
| | | | | | | | | | It is not allowed to call kfree_skb() from hardware interrupt context or with interrupts being disabled. So replace kfree_skb() with dev_kfree_skb_irq() under spin_lock_irqsave(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
* Bluetooth: Fix invalid-free in bcsp_close()Tomas Bortoli2019-11-041-0/+3
| | | | | | | | | | | Syzbot reported an invalid-free that I introduced fixing a memleak. bcsp_recv() also frees bcsp->rx_skb but never nullifies its value. Nullify bcsp->rx_skb every time it is freed. Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+a0d209a4676664613e76@syzkaller.appspotmail.com Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: hci_bcsp: Fix memory leak in rx_skbTomas Bortoli2019-07-061-0/+5
| | | | | | | | | | | Syzkaller found that it is possible to provoke a memory leak by never freeing rx_skb in struct bcsp_struct. Fix by freeing in bcsp_close() Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+98162c885993b72f19c4@syzkaller.appspotmail.com Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156Thomas Gleixner2019-05-301-16/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Bluetooth: Convert timers to use timer_setup()Kees Cook2017-10-061-4/+6
| | | | | | | | | | In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. As already done in hci_qca, add struct hci_uart pointer to priv structure. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* networking: introduce and use skb_put_data()Johannes Berg2017-06-161-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A common pattern with skb_put() is to just want to memcpy() some data into the new space, introduce skb_put_data() for this. An spatch similar to the one for skb_put_zero() converts many of the places using it: @@ identifier p, p2; expression len, skb, data; type t, t2; @@ ( -p = skb_put(skb, len); +p = skb_put_data(skb, data, len); | -p = (t)skb_put(skb, len); +p = skb_put_data(skb, data, len); ) ( p2 = (t2)p; -memcpy(p2, data, len); | -memcpy(p, data, len); ) @@ type t, t2; identifier p, p2; expression skb, data; @@ t *p; ... ( -p = skb_put(skb, sizeof(t)); +p = skb_put_data(skb, data, sizeof(t)); | -p = (t *)skb_put(skb, sizeof(t)); +p = skb_put_data(skb, data, sizeof(t)); ) ( p2 = (t2)p; -memcpy(p2, data, sizeof(*p)); | -memcpy(p, data, sizeof(*p)); ) @@ expression skb, len, data; @@ -memcpy(skb_put(skb, len), data, len); +skb_put_data(skb, data, len); (again, manually post-processed to retain some comments) Reviewed-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Bluetooth: hci_bcsp: Use setup_timer Kernel API instead of init_timerPrasanna Karthik2016-11-271-3/+1
| | | | | | | Replace init_timer function with setup_timer reported by coccinelle Signed-off-by: Prasanna Karthik <pkarthik@intrinsyc.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: BCSP fails to ACK re-transmitted frames from the peerDean Jenkins2016-09-241-34/+51
| | | | | | | | | | | | | | | | | | | | | | Send an ACK frame with the current txack value in response to every received reliable frame unless a TX reliable frame is being sent. This modification allows re-transmitted frames from the remote peer to be acknowledged rather than ignored. It means that the remote peer knows which frame number to start re-transmitting from. Without this modification, the recovery time to a missing frame from the remote peer was unnecessarily being extended because the headers of the out of order reliable frames were being discarded rather than being processed. The frame headers of received frames will indicate whether the local peer's transmissions have been acknowledged by the remote peer. Therefore, the local peer may unnecessarily re-transmit despite the remote peer already indicating that the frame had been acknowledged in out of order reliable frame. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Jiada Wang <jiada_wang@mentor.com> Signed-off-by: Rajeev Kumar <rajeev_kumar@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: Tidy-up coding style in hci_bcsp.cDean Jenkins2016-09-241-26/+29
| | | | | | | | | | | | | | | | | | drivers/bluetooth/hci_bcsp.c contains some style issues as highlighted by ./scripts/checkpatch.pl --strict -f drivers/bluetooth/hci_bcsp.c a) comments - maintainer prefers network style comments b) positioning of lines in multi-line statements c) spaces after casts d) missing blank lines after declarations Therefore, tidy-up the above to make it easier to apply future code changes that have conforming style. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: hci_bcsp: fix code styleMaxim Zhukov2016-04-081-26/+31
| | | | | | | | | | | This commit fixed: trailing "*/" trailing spaces mixed indent space between ~ and ( Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: Use new hci_skb_pkt_* wrappers for driversMarcel Holtmann2015-11-191-10/+15
| | | | | | | | | The new hci_skb_pkt_* wrappers are mainly intented for drivers to require less knowledge about bt_cb(sbk) handling. So after converting the core packet handling, convert all drivers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: hci_bcsp: Clean up code FixPrasanna Karthik2015-06-091-8/+8
| | | | | | | | Fix for spaces prohibited around that '->' reported by checkpatch and space prohibited between function name and open parenthesis '(' Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: hci_uart: Change 1 to true for bool type variables assignmentsShailendra Verma2015-05-251-2/+2
| | | | | | | | The variables txcrc and hciextn are bool type. So assigning true instead of 1. Signed-off-by: Shailendra Verma <shailendra.capricorn@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: hci_uart: Update version number driverMarcel Holtmann2015-04-071-2/+0
| | | | | | | | | | | This version number is more cosmetic and for debugging purposes, but since there has been a few changes lately, increase it now. Two left-over and not used version constants that were never exposed anywhere are removed since they have no actual value. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: hci_uart: Remove the manual protocol init messageMarcel Holtmann2015-04-071-8/+1
| | | | | | | | | The init function for each HCI UART protocol prints the same on success and failure. This information is so generic, remove it and let the main HCI UART handling print it instead. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: hci_uart: Add name information to hci_uart_proto structMarcel Holtmann2015-04-071-0/+1
| | | | | | | | This adds an extra name field to the hci_uart_proto struct that provides a simple way of adding a string identifier to the protocol. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: hci_uart: Make struct hci_uart_proto always constMarcel Holtmann2015-04-071-1/+1
| | | | | | | | The usage of struct hci_uart_proto should always be const. Change the function headers and individual protocol drivers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: hci_uart: Use const data pointer for received dataMarcel Holtmann2015-04-071-2/+2
| | | | | | | | | | The TTY layer provides its data pointers as const, but the HCI UART callbacks expect them as general data pointers. This is of course wrong and instead of casting them, just fix the individual drivers to actually take a const data pointer. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: Remove assignments in if-statementsValentin Ilie2014-03-051-11/+16
| | | | | | | | Remove assignment in if-statements to be consistent with the coding style. Signed-off-by: Valentin Ilie <valentin.ilie@gmail.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: Stop BCSP/H5 timer before cleaning upMichael Knudsen2014-03-041-1/+3
| | | | | | | | | | | When stopping BCSP/H5, stop the retransmission timer before proceeding to clean up packet queues. The previous code had a race condition where the timer could trigger after the packet lists and protocol structure had been removed which led to dereferencing NULL or use-after-free bugs. Signed-off-by: Michael Knudsen <m.knudsen@samsung.com> Reported-by: Kirill Tkhai <ktkhai@parallels.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: Provide hdev parameter to hci_recv_frame() driver callbackMarcel Holtmann2013-10-111-3/+2
| | | | | | | | | | To avoid casting skb->dev into hdev, just let the drivers provide the hdev directly when calling hci_recv_frame() function. This patch also fixes up all drivers to provide the hdev. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: Remove 'register' usage from the subsystemGustavo Padovan2012-06-051-1/+1
| | | | | | | Let the compiler chooses what is best. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Merge branch 'master' of ↵Johan Hedberg2012-02-161-2/+2
|\ | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next.git Conflicts: include/net/bluetooth/l2cap.h net/bluetooth/hci_conn.c net/bluetooth/l2cap_core.c
| * module_param: make bool parameters really bool (drivers & misc)Rusty Russell2012-01-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* | Bluetooth: hci-uart-bcsp: Use GFP_ATOMIC in open()David Herrmann2012-02-131-1/+1
|/ | | | | | | | | | The uart_proto open() callback is not called in atomic context so we can safely sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler and therefore can sleep. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
* Bluetooth: Add __init and __exit marks to UART driversGustavo F. Padovan2010-07-271-2/+2
| | | | | | | Those marks are useful to save space in the binary and in the memory. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: Fix abuse of the preincrement operatorDavid Howells2010-06-301-1/+1
| | | | | | | | | | | | | | Fix abuse of the preincrement operator as detected when building with gcc 4.6.0: CC [M] drivers/bluetooth/hci_bcsp.o drivers/bluetooth/hci_bcsp.c: In function 'bcsp_prepare_pkt': drivers/bluetooth/hci_bcsp.c:247:20: warning: operation on 'bcsp->msgq_txseq' may be undefined Reported-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: David S. Miller <davem@davemloft.net>
* Bluetooth: Fix false errors from bcsp_pkt_cull functionWending Weng2009-08-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | The error message "Removed only %u out of %u pkts" is printed when multiple to be acked packets are queued. if (i++ >= pkts_to_be_removed) break; This will break out of the loop and increase the counter i when i==pkts_to_be_removed and the loop ends up with i=pkts_to_be_removed+1. The following line if (i != pkts_to_be_removed) { BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); } will then display the false message. The counter i must not increase on the same statement. Signed-off-by: Wending Weng <wweng@rheinmetall.ca> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Bluetooth: Enable per-module dynamic debug messagesMarcel Holtmann2008-11-301-5/+0
| | | | | | | | | | | With the introduction of CONFIG_DYNAMIC_PRINTK_DEBUG it is possible to allow debugging without having to recompile the kernel. This patch turns all BT_DBG() calls into pr_debug() to support dynamic debug messages. As a side effect all CONFIG_BT_*_DEBUG statements are now removed and some broken debug entries have been fixed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* bluetooth: hci_bcsp: Use SKB list interfaces instead of home-grown stuff.David S. Miller2008-09-211-9/+9
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* bluetooth: hci_bcsp.c small cleanups/api usersHarvey Harrison2008-06-101-31/+13
| | | | | | | | | | | | | | | | | Use bitrev16 from lib/bitrev.c. Use the get_unaligned_be16 to get the crc from the packet, create a small helper function for this. Fix a shadowed variable sparse warning: drivers/bluetooth/hci_bcsp.c:218:26: warning: symbol 'hdr' shadows an earlier one drivers/bluetooth/hci_bcsp.c:187:5: originally declared here [akpm@linux-foundation.org: select CONFIG_BITREVERSE, noted by akinobu.mita@gmail.com] Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [Bluetooth] Switch from OGF+OCF to using only opcodesMarcel Holtmann2007-10-221-1/+2
| | | | | | | | | | | | The Bluetooth HCI commands are divided into logical OGF groups for easier identification of their purposes. While this still makes sense for the written specification, its makes the code only more complex and harder to read. So instead of using separate OGF and OCF values to identify the commands, use a common 16-bit opcode that combines both values. As a side effect this also reduces the complexity of OGF and OCF calculations during command header parsing. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [PATCH] remove many unneeded #includes of sched.hTim Schmielau2007-02-141-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* [PATCH] lockdep: annotate bcsp driverPeter Zijlstra2006-12-071-2/+2
| | | | | | | | | | | | | | | | | | | | ============================================= [ INFO: possible recursive locking detected ] 2.6.18-1.2699.fc6 #1 --------------------------------------------- swapper/0 is trying to acquire lock: (&list->lock#3){+...}, at: [<c05ad307>] skb_dequeue+0x12/0x43 but task is already holding lock: (&list->lock#3){+...}, at: [<df98cd79>] bcsp_dequeue+0x6a/0x11e [hci_uart] Two different list locks nest, annotate so. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Remove obsolete #include <linux/config.h>Jörn Engel2006-06-301-1/+0
| | | | | Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* [PATCH] Unlinline a bunch of other functionsArjan van de Ven2006-01-141-1/+1
| | | | | | | | | | | Remove the "inline" keyword from a bunch of big functions in the kernel with the goal of shrinking it by 30kb to 40kb Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] bluetooth: kmalloc + memset -> kzalloc conversionDeepak Saxena2005-11-071-2/+1
| | | | | | | Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Cc: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [Bluetooth] Cleanup of the HCI UART driverMarcel Holtmann2005-10-281-42/+78
| | | | | | | | This patch contains the big cleanup of the HCI UART driver. The uneeded header files are removed and their structure declarations are moved into the protocol implementations. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [Bluetooth] Remove TXCRC compile option for BCSP driverMarcel Holtmann2005-10-281-19/+23
| | | | | | | The TXCRC compile option is not really useful and thus change it into a module parameter. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* [Bluetooth]: Move packet type into the SKB control bufferMarcel Holtmann2005-08-291-9/+9
| | | | | | | | | This patch moves the usage of packet type into the SKB control buffer. After this patch it is now possible to shrink the sk_buff structure and redefine its pkt_type. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [Bluetooth] Remove unused functions and cleanup symbol exportsMarcel Holtmann2005-08-061-2/+0
| | | | | | | | | This patch removes the unused bt_dump() function and it also removes its BT_DMP macro. It also unexports the hci_dev_get(), hci_send_cmd() and hci_si_event() functions. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+749
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!