1. 13 5月, 2016 1 次提交
    • L
      Bluetooth: Add USB ID 13D3:3487 to ath3k · 72f9f8b5
      Lauro Costa 提交于
      Add hw id to ath3k usb device list and btusb blacklist
      
      T:  Bus=01 Lev=01 Prnt=01 Port=08 Cnt=02 Dev#=  4 Spd=12  MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=13d3 ProdID=3487 Rev=00.02
      C:  #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:  If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      I:  If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      
      Requires these firmwares:
      ar3k/AthrBT_0x11020100.dfu and ar3k/ramps_0x11020100_40.dfu
      Firmwares are available in linux-firmware.
      
      Device found in a laptop ASUS model N552VW. It's an Atheros AR9462 chip.
      Signed-off-by: NLauro Costa <lauro@polilinux.com.br>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      72f9f8b5
  2. 07 5月, 2016 1 次提交
    • T
      Bluetooth: Add support for Intel Bluetooth device 8265 [8087:0a2b] · a0af53b5
      Tedd Ho-Jeong An 提交于
      This patch adds support for Intel Bluetooth device 8265 also known
      as Windstorm Peak (WsP).
      
      T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#=  6 Spd=12   MxCh= 0
      D:  Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=8087 ProdID=0a2b Rev= 0.10
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  64 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: NTedd Ho-Jeong An <tedd.an@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a0af53b5
  3. 03 5月, 2016 2 次提交
  4. 22 4月, 2016 1 次提交
  5. 20 4月, 2016 1 次提交
    • T
      Bluetooth: vhci: Fix race at creating hci device · c7c999cb
      Takashi Iwai 提交于
      hci_vhci driver creates a hci device object dynamically upon each
      HCI_VENDOR_PKT write.  Although it checks the already created object
      and returns an error, it's still racy and may build multiple hci_dev
      objects concurrently when parallel writes are performed, as the device
      tracks only a single hci_dev object.
      
      This patch introduces a mutex to protect against the concurrent device
      creations.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      c7c999cb
  6. 09 4月, 2016 5 次提交
    • M
      Bluetooth: hci_bcsp: fix code style · 8805eea2
      Maxim Zhukov 提交于
      This commit fixed:
      trailing "*/"
      trailing spaces
      mixed indent
      space between ~ and (
      Signed-off-by: NMaxim Zhukov <mussitantesmortem@gmail.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      8805eea2
    • J
      Bluetooth: vhci: purge unhandled skbs · 13407376
      Jiri Slaby 提交于
      The write handler allocates skbs and queues them into data->readq.
      Read side should read them, if there is any. If there is none, skbs
      should be dropped by hdev->flush. But this happens only if the device
      is HCI_UP, i.e. hdev->power_on work was triggered already. When it was
      not, skbs stay allocated in the queue when /dev/vhci is closed. So
      purge the queue in ->release.
      
      Program to reproduce:
      	#include <err.h>
      	#include <fcntl.h>
      	#include <stdio.h>
      	#include <unistd.h>
      
      	#include <sys/stat.h>
      	#include <sys/types.h>
      	#include <sys/uio.h>
      
      	int main()
      	{
      		char buf[] = { 0xff, 0 };
      		struct iovec iov = {
      			.iov_base = buf,
      			.iov_len = sizeof(buf),
      		};
      		int fd;
      
      		while (1) {
      			fd = open("/dev/vhci", O_RDWR);
      			if (fd < 0)
      				err(1, "open");
      
      			usleep(50);
      
      			if (writev(fd, &iov, 1) < 0)
      				err(1, "writev");
      
      			usleep(50);
      
      			close(fd);
      		}
      
      		return 0;
      	}
      
      Result:
      kmemleak: 4609 new suspected memory leaks
      unreferenced object 0xffff88059f4d5440 (size 232):
        comm "vhci", pid 1084, jiffies 4294912542 (age 37569.296s)
        hex dump (first 32 bytes):
          20 f0 23 87 05 88 ff ff 20 f0 23 87 05 88 ff ff   .#..... .#.....
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
      ...
          [<ffffffff81ece010>] __alloc_skb+0x0/0x5a0
          [<ffffffffa021886c>] vhci_create_device+0x5c/0x580 [hci_vhci]
          [<ffffffffa0219436>] vhci_write+0x306/0x4c8 [hci_vhci]
      
      Fixes: 23424c0d (Bluetooth: Add support creating virtual AMP controllers)
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Cc: stable 3.13+ <stable@vger.kernel.org>
      13407376
    • J
      Bluetooth: vhci: fix open_timeout vs. hdev race · 373a32c8
      Jiri Slaby 提交于
      Both vhci_get_user and vhci_release race with open_timeout work. They
      both contain cancel_delayed_work_sync, but do not test whether the
      work actually created hdev or not. Since the work can be in progress
      and _sync will wait for finishing it, we can have data->hdev allocated
      when cancel_delayed_work_sync returns. But the call sites do 'if
      (data->hdev)' *before* cancel_delayed_work_sync.
      
      As a result:
      * vhci_get_user allocates a second hdev and puts it into
        data->hdev. The former is leaked.
      * vhci_release does not release data->hdev properly as it thinks there
        is none.
      
      Fix both cases by moving the actual test *after* the call to
      cancel_delayed_work_sync.
      
      This can be hit by this program:
      	#include <err.h>
      	#include <fcntl.h>
      	#include <stdio.h>
      	#include <stdlib.h>
      	#include <time.h>
      	#include <unistd.h>
      
      	#include <sys/stat.h>
      	#include <sys/types.h>
      
      	int main(int argc, char **argv)
      	{
      		int fd;
      
      		srand(time(NULL));
      
      		while (1) {
      			const int delta = (rand() % 200 - 100) * 100;
      
      			fd = open("/dev/vhci", O_RDWR);
      			if (fd < 0)
      				err(1, "open");
      
      			usleep(1000000 + delta);
      
      			close(fd);
      		}
      
      		return 0;
      	}
      
      And the result is:
      BUG: KASAN: use-after-free in skb_queue_tail+0x13e/0x150 at addr ffff88006b0c1228
      Read of size 8 by task kworker/u13:1/32068
      =============================================================================
      BUG kmalloc-192 (Tainted: G            E     ): kasan: bad access detected
      -----------------------------------------------------------------------------
      
      Disabling lock debugging due to kernel taint
      INFO: Allocated in vhci_open+0x50/0x330 [hci_vhci] age=260 cpu=3 pid=32040
      ...
      	kmem_cache_alloc_trace+0x150/0x190
      	vhci_open+0x50/0x330 [hci_vhci]
      	misc_open+0x35b/0x4e0
      	chrdev_open+0x23b/0x510
      ...
      INFO: Freed in vhci_release+0xa4/0xd0 [hci_vhci] age=9 cpu=2 pid=32040
      ...
      	__slab_free+0x204/0x310
      	vhci_release+0xa4/0xd0 [hci_vhci]
      ...
      INFO: Slab 0xffffea0001ac3000 objects=16 used=13 fp=0xffff88006b0c1e00 flags=0x5fffff80004080
      INFO: Object 0xffff88006b0c1200 @offset=4608 fp=0xffff88006b0c0600
      Bytes b4 ffff88006b0c11f0: 09 df 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
      Object ffff88006b0c1200: 00 06 0c 6b 00 88 ff ff 00 00 00 00 00 00 00 00  ...k............
      Object ffff88006b0c1210: 10 12 0c 6b 00 88 ff ff 10 12 0c 6b 00 88 ff ff  ...k.......k....
      Object ffff88006b0c1220: c0 46 c2 6b 00 88 ff ff c0 46 c2 6b 00 88 ff ff  .F.k.....F.k....
      Object ffff88006b0c1230: 01 00 00 00 01 00 00 00 e0 ff ff ff 0f 00 00 00  ................
      Object ffff88006b0c1240: 40 12 0c 6b 00 88 ff ff 40 12 0c 6b 00 88 ff ff  @..k....@..k....
      Object ffff88006b0c1250: 50 0d 6e a0 ff ff ff ff 00 02 00 00 00 00 ad de  P.n.............
      Object ffff88006b0c1260: 00 00 00 00 00 00 00 00 ab 62 02 00 01 00 00 00  .........b......
      Object ffff88006b0c1270: 90 b9 19 81 ff ff ff ff 38 12 0c 6b 00 88 ff ff  ........8..k....
      Object ffff88006b0c1280: 03 00 20 00 ff ff ff ff ff ff ff ff 00 00 00 00  .. .............
      Object ffff88006b0c1290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      Object ffff88006b0c12a0: 00 00 00 00 00 00 00 00 00 80 cd 3d 00 88 ff ff  ...........=....
      Object ffff88006b0c12b0: 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00  . ..............
      Redzone ffff88006b0c12c0: bb bb bb bb bb bb bb bb                          ........
      Padding ffff88006b0c13f8: 00 00 00 00 00 00 00 00                          ........
      CPU: 3 PID: 32068 Comm: kworker/u13:1 Tainted: G    B       E      4.4.6-0-default #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20151112_172657-sheep25 04/01/2014
      Workqueue: hci0 hci_cmd_work [bluetooth]
       00000000ffffffff ffffffff81926cfa ffff88006be37c68 ffff88006bc27180
       ffff88006b0c1200 ffff88006b0c1234 ffffffff81577993 ffffffff82489320
       ffff88006bc24240 0000000000000046 ffff88006a100000 000000026e51eb80
      Call Trace:
      ...
       [<ffffffff81ec8ebe>] ? skb_queue_tail+0x13e/0x150
       [<ffffffffa06e027c>] ? vhci_send_frame+0xac/0x100 [hci_vhci]
       [<ffffffffa0c61268>] ? hci_send_frame+0x188/0x320 [bluetooth]
       [<ffffffffa0c61515>] ? hci_cmd_work+0x115/0x310 [bluetooth]
       [<ffffffff811a1375>] ? process_one_work+0x815/0x1340
       [<ffffffff811a1f85>] ? worker_thread+0xe5/0x11f0
       [<ffffffff811a1ea0>] ? process_one_work+0x1340/0x1340
       [<ffffffff811b3c68>] ? kthread+0x1c8/0x230
      ...
      Memory state around the buggy address:
       ffff88006b0c1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff88006b0c1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      >ffff88006b0c1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                        ^
       ffff88006b0c1280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
       ffff88006b0c1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      
      Fixes: 23424c0d (Bluetooth: Add support creating virtual AMP controllers)
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: stable 3.13+ <stable@vger.kernel.org>
      373a32c8
    • L
      Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data · 84cb3df0
      Loic Poulain 提交于
      HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we
      receive data from tty layer during this procedure, proto pointer may
      not be assigned yet, leading to null pointer dereference in rx method
      hci_uart_tty_receive.
      
      This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in
      order to avoid any proto operation before proto opening and assignment.
      Signed-off-by: NLoic Poulain <loic.poulain@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      84cb3df0
    • L
      Bluetooth: hci_bcm: Add BCM2E71 ACPI ID · 1dbfc59a
      Loic Poulain 提交于
      This ID is used at least by Asus T100-CHI.
      Signed-off-by: NLoic Poulain <loic.poulain@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1dbfc59a
  7. 11 3月, 2016 3 次提交
  8. 01 3月, 2016 1 次提交
  9. 29 2月, 2016 1 次提交
  10. 24 2月, 2016 8 次提交
  11. 06 1月, 2016 2 次提交
  12. 05 1月, 2016 3 次提交
    • C
      Bluetooth: btmrvl: fix hung task warning dump · 86f7ac77
      Chin-Ran Lo 提交于
      It's been observed that when bluetooth driver fails to
      activate the firmware, below hung task warning dump is
      displayed after 120 seconds.
      
      [   36.461022] Bluetooth: vendor=0x2df, device=0x912e, class=255, fn=2
      [   56.512128] Bluetooth: FW failed to be active in time!
      [   56.517264] Bluetooth: Downloading firmware failed!
      [  240.252176] INFO: task kworker/3:2:129 blocked for more than 120 seconds.
      [  240.258931]       Not tainted 3.18.0 #254
      [  240.262972] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      [  240.270751] kworker/3:2     D ffffffc000205760     0   129      2 0x00000000
      [  240.277825] Workqueue: events request_firmware_work_func
      [  240.283134] Call trace:
      [  240.285581] [<ffffffc000205760>] __switch_to+0x80/0x8c
      [  240.290693] [<ffffffc00088dae0>] __schedule+0x540/0x7b8
      [  240.295921] [<ffffffc00088ddd0>] schedule+0x78/0x84
      [  240.300764] [<ffffffc0006dfd48>] __mmc_claim_host+0xe8/0x1c8
      [  240.306395] [<ffffffc0006edd6c>] sdio_claim_host+0x74/0x84
      [  240.311840] [<ffffffbffc163d08>] 0xffffffbffc163d08
      [  240.316685] [<ffffffbffc165104>] 0xffffffbffc165104
      [  240.321524] [<ffffffbffc130cf8>] mwifiex_dnld_fw+0x98/0x110 [mwifiex]
      [  240.327918] [<ffffffbffc12ee88>] mwifiex_remove_card+0x2c4/0x5fc [mwifiex]
      [  240.334741] [<ffffffc000596780>] request_firmware_work_func+0x44/0x80
      [  240.341127] [<ffffffc00023b934>] process_one_work+0x2ec/0x50c
      [  240.346831] [<ffffffc00023c6a0>] worker_thread+0x350/0x470
      [  240.352272] [<ffffffc0002419bc>] kthread+0xf0/0xfc
      [  240.357019] 2 locks held by kworker/3:2/129:
      [  240.361248]  #0:  ("events"){.+.+.+}, at: [<ffffffc00023b840>] process_one_work+0x1f8/0x50c
      [  240.369562]  #1:  ((&fw_work->work)){+.+.+.}, at: [<ffffffc00023b840>] process_one_work+0x1f8/0x50c
      [  240.378589]   task                        PC stack   pid father
      [  240.384501] kworker/1:1     D ffffffc000205760     0    40      2 0x00000000
      [  240.391524] Workqueue: events mtk_atomic_work
      [  240.395884] Call trace:
      [  240.398317] [<ffffffc000205760>] __switch_to+0x80/0x8c
      [  240.403448] [<ffffffc00027279c>] lock_acquire+0x128/0x164
      [  240.408821] kworker/3:2     D ffffffc000205760     0   129      2 0x00000000
      [  240.415867] Workqueue: events request_firmware_work_func
      [  240.421138] Call trace:
      [  240.423589] [<ffffffc000205760>] __switch_to+0x80/0x8c
      [  240.428688] [<ffffffc00088dae0>] __schedule+0x540/0x7b8
      [  240.433886] [<ffffffc00088ddd0>] schedule+0x78/0x84
      [  240.438732] [<ffffffc0006dfd48>] __mmc_claim_host+0xe8/0x1c8
      [  240.444361] [<ffffffc0006edd6c>] sdio_claim_host+0x74/0x84
      [  240.449801] [<ffffffbffc163d08>] 0xffffffbffc163d08
      [  240.454649] [<ffffffbffc165104>] 0xffffffbffc165104
      [  240.459486] [<ffffffbffc130cf8>] mwifiex_dnld_fw+0x98/0x110 [mwifiex]
      [  240.465882] [<ffffffbffc12ee88>] mwifiex_remove_card+0x2c4/0x5fc [mwifiex]
      [  240.472705] [<ffffffc000596780>] request_firmware_work_func+0x44/0x80
      [  240.479090] [<ffffffc00023b934>] process_one_work+0x2ec/0x50c
      [  240.484794] [<ffffffc00023c6a0>] worker_thread+0x350/0x470
      [  240.490231] [<ffffffc0002419bc>] kthread+0xf0/0xfc
      
      This patch adds missing sdio_release_host() call so that wlan driver
      thread can claim sdio host.
      
      Fixes: 4863e4cc ("Bluetooth: btmrvl: release sdio bus after firmware is up")
      Signed-off-by: NChin-Ran Lo <crlo@marvell.com>
      Signed-off-by: NAmitkumar Karwar <akarwar@marvell.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      86f7ac77
    • H
      Bluetooth: hci_bcm: new ACPI IDs · adbdeae5
      Heikki Krogerus 提交于
      These are used at least by Acer with BCM43241.
      Signed-off-by: NHeikki Krogerus <heikki.krogerus@linux.intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      adbdeae5
    • H
      Bluetooth: hci_bcm: move all Broadcom ACPI IDs to BCM HCI driver · d3d20725
      Heikki Krogerus 提交于
      The IDs should all be for Broadcom BCM43241 module, and
      hci_bcm is now the proper driver for them. This removes one
      of two different ways of handling PM with the module.
      
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NHeikki Krogerus <heikki.krogerus@linux.intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      d3d20725
  13. 22 12月, 2015 3 次提交
  14. 20 12月, 2015 1 次提交
  15. 11 12月, 2015 1 次提交
  16. 10 12月, 2015 6 次提交
新手
引导
客服 返回
顶部