summaryrefslogtreecommitdiff
path: root/net/bluetooth
AgeCommit message (Collapse)Author
2007-05-05[Bluetooth] Fix L2CAP and HCI setsockopt() information leaksMarcel Holtmann
The L2CAP and HCI setsockopt() implementations have a small information leak that makes it possible to leak kernel stack memory to userspace. If the optlen parameter is 0, no data will be copied by copy_from_user(), but the uninitialized stack buffer will be read and stored later. A call to getsockopt() can now retrieve the leaked information. To fix this problem the stack buffer given to copy_from_user() must be initialized with the current settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-04-26[BLUETOOTH] rfcomm_worker(): fix wakeup raceAndrew Morton
Set TASK_INTERRUPTIBLE prior to testing the flag to avoid missed wakeups. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[NET]: cleanup extra semicolonsStephen Hemminger
Spring cleaning time... There seems to be a lot of places in the network code that have extra bogus semicolons after conditionals. Most commonly is a bogus semicolon after: switch() { } Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_copy_from_linear_data{_offset}Arnaldo Carvalho de Melo
To clearly state the intent of copying from linear sk_buffs, _offset being a overly long variant but interesting for the sake of saving some bytes. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2007-04-25[SK_BUFF]: Convert skb->tail to sk_buff_data_tArnaldo Carvalho de Melo
So that it is also an offset from skb->head, reduces its size from 8 to 4 bytes on 64bit architectures, allowing us to combine the 4 bytes hole left by the layer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4 64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN... :-) Many calculations that previously required that skb->{transport,network, mac}_header be first converted to a pointer now can be done directly, being meaningful as offsets or pointers. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_transport_header(skb)Arnaldo Carvalho de Melo
For the places where we need a pointer to the transport header, it is still legal to touch skb->h.raw directly if just adding to, subtracting from or setting it to another layer header. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_reset_transport_header(skb)Arnaldo Carvalho de Melo
For the common, open coded 'skb->h.raw = skb->data' operation, so that we can later turn skb->h.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple cases: skb->h.raw = skb->data; skb->h.raw = {skb_push|[__]skb_pull}() The next ones will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_mac_header()Arnaldo Carvalho de Melo
For the places where we need a pointer to the mac header, it is still legal to touch skb->mac.raw directly if just adding to, subtracting from or setting it to another layer header. This one also converts some more cases to skb_reset_mac_header() that my regex missed as it had no spaces before nor after '=', ugh. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_reset_mac_header(skb)Arnaldo Carvalho de Melo
For the common, open coded 'skb->mac.raw = skb->data' operation, so that we can later turn skb->mac.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple case, next will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[ETH]: Make eth_type_trans set skb->dev like the other *_type_transArnaldo Carvalho de Melo
One less thing for drivers writers to worry about. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[NET] BLUETOOTH: Use cpu_to_le{16,32}() where appropriate.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-29[PATCH] bluetooth hid quirks: mightymouse quirkJiri Kosina
I have a bugreport that scrollwheel of bluetooth version of apple mightymouse doesn't work. The USB version of mightymouse works, as there is a quirk for handling scrollwheel in hid/usbhid for it. Now that bluetooth git tree is hooked to generic hid layer, it could easily use the quirks which are already present in generic hid parser, hid-input, etc. Below is a simple patch against bluetooth git tree, which adds quirk handling to current bluetooth hidp code, and sets quirk flags for device 0x05ac/0x030c, which is the bluetooth version of the apple mightymouse. Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-22[NET]: fix up misplaced inlines.Dave Jones
Turning up the warnings on gcc makes it emit warnings about the placement of 'inline' in function declarations. Here's everything that was under net/ Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-08[PATCH] bluetooth: fix socket locking in hci_sock_dev_event()Jiri Kosina
[Bluetooth] Fix socket locking in hci_sock_dev_event() hci_sock_dev_event() uses bh_lock_sock() to lock the socket lock. This is not deadlock-safe against locking of the same socket lock in l2cap_connect_cfm() from softirq context. In addition to that, hci_sock_dev_event() doesn't seem to be called from softirq context, so it is safe to use lock_sock()/release_sock() instead. The lockdep warning can be triggered on my T42p simply by switching the Bluetooth off by the keyboard button. ================================= [ INFO: inconsistent lock state ] 2.6.21-rc2 #4 --------------------------------- inconsistent {in-softirq-W} -> {softirq-on-W} usage. khubd/156 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_BLUETOOTH){-+..}, at: [<e0ca5520>] hci_sock_dev_event+0xa8/0xc5 [bluetooth] {in-softirq-W} state was registered at: [<c012d1db>] mark_lock+0x59/0x414 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012dfd7>] __lock_acquire+0x3e5/0xb99 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012e7f2>] lock_acquire+0x67/0x81 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c036ee72>] _spin_lock+0x29/0x34 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0ca17c3>] hci_send_cmd+0x126/0x14f [bluetooth] [<e0ca4ce4>] hci_event_packet+0x729/0xebd [bluetooth] [<e0ca205b>] hci_rx_task+0x2a/0x20f [bluetooth] [<e0ca209d>] hci_rx_task+0x6c/0x20f [bluetooth] [<c012d7be>] trace_hardirqs_on+0x10d/0x14e [<c011ac85>] tasklet_action+0x3d/0x68 [<c011abba>] __do_softirq+0x41/0x92 [<c011ac32>] do_softirq+0x27/0x3d [<c0105134>] do_IRQ+0x7b/0x8f [<c0103dec>] common_interrupt+0x24/0x34 [<c0103df6>] common_interrupt+0x2e/0x34 [<c0248e65>] acpi_processor_idle+0x1b3/0x34a [<c0248e68>] acpi_processor_idle+0x1b6/0x34a [<c010232b>] cpu_idle+0x39/0x4e [<c04bab0c>] start_kernel+0x372/0x37a [<c04ba42b>] unknown_bootoption+0x0/0x202 [<ffffffff>] 0xffffffff Signed-off-by: Jiri Kosina <jkosina@suse.cz> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-26[Bluetooth] Make use of device_move() for RFCOMM TTY devicesMarcel Holtmann
In the case of bound RFCOMM TTY devices the parent is not available before its usage. So when opening a RFCOMM TTY device, move it to the corresponding ACL device as a child. When closing the device, move it back to the virtual device tree. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Add open and close callbacks for HID deviceMarcel Holtmann
The open and close callbacks for the HID device are not optional, but for the Bluetooth HID report mode support it is enough to add empty dummy callbacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Add support for using the HID subsystemMarcel Holtmann
This patch extends the current Bluetooth HID support to use the new HID subsystem and adds full report mode support. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Fix wrong put_user() from HIDP compat ioctl patchMarcel Holtmann
The compat ioctl patch copied the parser version field into the report descriptor size field by mistake. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-14[PATCH] remove many unneeded #includes of sched.hTim Schmielau
After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-10[NET] BLUETOOTH: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-09[PATCH] hidp __user annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-22[Bluetooth] Restrict well known PSM to privileged usersMarcel Holtmann
The PSM values below 0x1001 of L2CAP are reserved for well known services. Restrict the possibility to bind them to privileged users. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-22[Bluetooth] Missing endian swapping for L2CAP socket listMarcel Holtmann
The PSM value in the L2CAP socket list must be converted to host order before printing it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Handle device registration failuresMarcel Holtmann
In the case the device registration for a new Bluetooth low-level connection fails there is no need to unregister it when the temporary data structure has been removed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()Marcel Holtmann
When calling send() with a zero length parameter on a RFCOMM socket it returns a positive value. In this rare case the variable err is used uninitialized and unfortunately its value is returned. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] More checks if DLC is still attached to the TTYMarcel Holtmann
If the DLC device is no longer attached to the TTY device, then return errors or default values for various callbacks of the TTY layer. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Add packet size checks for CAPI messagesMarcel Holtmann
With malformed packets it might be possible to overwrite internal CMTP and CAPI data structures. This patch adds additional length checks to prevent these kinds of remote attacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-12-13[PATCH] hci endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-08[PATCH] tty: switch to ktermiosAlan Cox
This is the grungy swap all the occurrences in the right places patch that goes with the updates. At this point we have the same functionality as before (except that sgttyb() returns speeds not zero) and are ready to begin turning new stuff on providing nobody reports lots of bugs If you are a tty driver author converting an out of tree driver the only impact should be termios->ktermios name changes for the speed/property setting functions from your upper layers. If you are implementing your own TCGETS function before then your driver was broken already and its about to get a whole lot more painful for you so please fix it 8) Also fill in c_ispeed/ospeed on init for most devices, although the current code will do this for you anyway but I'd like eventually to lose that extra paranoia [akpm@osdl.org: bluetooth fix] [mp3@de.ibm.com: sclp fix] [mp3@de.ibm.com: warning fix for tty3270] [hugh@veritas.com: fix tty_ioctl powerpc build] [jdike@addtoit.com: uml: fix ->set_termios declaration] Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Martin Peschke <mp3@de.ibm.com> Acked-by: Peter Oberparleiter <oberpar@de.ibm.com> Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-05Merge branch 'master' of ↵David Howells
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 Conflicts: drivers/infiniband/core/iwcm.c drivers/net/chelsio/cxgb2.c drivers/net/wireless/bcm43xx/bcm43xx_main.c drivers/net/wireless/prism54/islpci_eth.c drivers/usb/core/hub.h drivers/usb/input/hid-core.c net/core/netpoll.c Fix up merge failures with Linus's head and fix new compilation failures. Signed-Off-By: David Howells <dhowells@redhat.com>
2006-12-02[BLUETOOTH] lockdep: annotate sk_lock nesting in AF_BLUETOOTHPeter Zijlstra
============================================= [ INFO: possible recursive locking detected ] 2.6.18-1.2726.fc6 #1
2006-12-02[BLUETOOTH] rfcomm endianness bug: param_mask is little-endian on the wireAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH]: rfcomm endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH]: bnep endianness annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-02[BLUETOOTH] bnep endianness bug: filtering by packet typeAl Viro
<= and => don't work well on net-endian... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-11-22WorkStruct: make allyesconfigDavid Howells
Fix up for make allyesconfig. Signed-Off-By: David Howells <dhowells@redhat.com>
2006-11-21[BLUETOOTH]: Fix unaligned access in hci_send_to_sock.David S. Miller
The "u16 *" derefs of skb->data need to be wrapped inside of a get_unaligned(). Thanks to Gustavo Zacarias for the bug report. Signed-off-by: David S. Miller <davem@davemloft.net>
2006-11-21[Bluetooth] Ignore L2CAP config requests on disconnectMarcel Holtmann
Any L2CAP connection in disconnecting state shall not response to any further config requests from the remote side. So in case such a request is received, ignore it. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21[Bluetooth] Always include MTU in L2CAP config responsesMarcel Holtmann
When sending a positive config response it shall include the actual MTU to be used on this channel. This differs from the Bluetooth 1.1 specification where it was enough to acknowledge the config request. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21[Bluetooth] Check if RFCOMM session is still attached to the TTYMarcel Holtmann
If the RFCOMM session is no longer attached to the TTY device, then it makes no sense to go through with changing the termios settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21[Bluetooth] Handling pending connect attempts after inquiryMarcel Holtmann
After an inquiry completed or got canceled the Bluetooth core should check for any pending connect attempts. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-11-21[Bluetooth] Attach low-level connections to the Bluetooth busMarcel Holtmann
To receive uvents for the low-level ACL and SCO links, they must be assigned to a subsystem. It is enough to attach them to the already established Bluetooth bus. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-20[Bluetooth] Fix HID disconnect NULL pointer dereferenceMarcel Holtmann
The latest HID disconnect sequence change introduced a NULL pointer dereference. For the quirk to handle buggy remote HID implementations, it is enough to wait for a potential control channel disconnect from the remote side and it is also enough to wait only 500 msecs. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Add locking for bt_proto array manipulationMarcel Holtmann
The bt_proto array needs to be protected by some kind of locking to prevent a race condition between bt_sock_create and bt_sock_register. And in addition all calls to sk_alloc need to be made GFP_ATOMIC now. Signed-off-by: Masatake YAMATO <jet@gyve.org> Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Check if DLC is still attached to the TTYMarcel Holtmann
If the DLC device is no longer attached to the TTY device, then it makes no sense to go through with changing the termios settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Fix reference count when connection lookup failsMarcel Holtmann
When the connection lookup for the device structure fails, the reference count for the HCI device needs to be decremented. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Disconnect HID interrupt channel firstMarcel Holtmann
The Bluetooth HID specification demands that the interrupt channel shall be disconnected first. This is needed to pass the qualification tests. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Support concurrent connect requestsMarcel Holtmann
Most Bluetooth chips don't support concurrent connect requests, because this would involve a multiple baseband page with only one radio. In the case an upper layer like L2CAP requests a concurrent connect these chips return the error "Command Disallowed" for the second request. If this happens it the responsibility of the Bluetooth core to queue the request and try again after the previous connect attempt has been completed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Make use of virtual devices treeMarcel Holtmann
The Bluetooth subsystem currently uses a platform device for devices with no parent. It is a better idea to use the new virtual devices tree for these. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-10-15[Bluetooth] Handle return values from driver core functionsMarcel Holtmann
Some return values of the driver core register and create functions are not handled and so might cause unexpected problems. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>