- 12 6月, 2012 1 次提交
-
-
由 Szymon Janc 提交于
If remote device sends bogus RFC option with invalid length, undefined options values are used. Fix this by using defaults when remote misbehaves. This also fixes the following warning reported by gcc 4.7.0: net/bluetooth/l2cap_core.c: In function 'l2cap_config_rsp': net/bluetooth/l2cap_core.c:3302:13: warning: 'rfc.max_pdu_size' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.max_pdu_size' was declared here net/bluetooth/l2cap_core.c:3298:25: warning: 'rfc.monitor_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.monitor_timeout' was declared here net/bluetooth/l2cap_core.c:3297:25: warning: 'rfc.retrans_timeout' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.retrans_timeout' was declared here net/bluetooth/l2cap_core.c:3295:2: warning: 'rfc.mode' may be used uninitialized in this function [-Wmaybe-uninitialized] net/bluetooth/l2cap_core.c:3266:24: note: 'rfc.mode' was declared here Signed-off-by: NSzymon Janc <szymon.janc@tieto.com> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 08 6月, 2012 1 次提交
-
-
由 Johan Hedberg 提交于
The l2cap_conn_del function tries to cancel_sync the security timer, but when it's called from the timeout function itself a deadlock occurs. Subsequently the "hcon->l2cap_data = NULL" that's supposed to protect multiple calls to l2cap_conn_del never gets cleared and when the connection finally drops we double free's etc which will crash the kernel. This patch fixes the issue by using the HCI_CONN_LE_SMP_PEND for protecting against this. The same flag is also used for the same purpose in other places in the SMP code. Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com> Signed-off-by: NGustavo Padovan <gustavo.padovan@collabora.co.uk>
-
- 17 5月, 2012 6 次提交
-
-
由 Gustavo Padovan 提交于
defer_setup and suspended are now flags into bt_sk(). Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Mat Martineau 提交于
As the comment for l2cap_get_chan_by_scid indicated, the function used to return a locked socket. The lock for the socket was acquired while the channel list was also locked. When locking was moved over to the l2cap_chan structure, the channel lock was no longer acquired with the channel list still locked. This made it possible for the l2cap_chan to be deleted after conn->chan_lock was released but before l2cap_chan_lock was called. Making the call to l2cap_chan_lock before releasing conn->chan_lock makes it impossible for the l2cap_chan to be deleted at the wrong time. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Reviewed-by: NUlisses Furquim <ulisses@profusion.mobi> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
The L2CAP MTU for incoming data is verified differently depending on the L2CAP mode, so the check is best performed in a mode-specific context. Checking the incoming MTU before HCI fragment reassembly is a layer violation and assumes all bytes after the standard L2CAP header are L2CAP data. This approach causes issues with unsegmented ERTM or streaming mode frames, where there are additional enhanced or extended headers before the data payload and possible FCS bytes after the data payload. A valid frame could be as many as 10 bytes larger than the MTU. Removing this code is the best fix, because the MTU is checked later on for all L2CAP data frames (connectionless, basic, ERTM, and streaming). This also gets rid of outdated locking (socket instead of l2cap_chan) and an extra lookup of the channel ID. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Reviewed-by: NUlisses Furquim <ulisses@profusion.mobi> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Gustavo Padovan 提交于
Removes one indentation level. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Gustavo Padovan 提交于
When we add a fragment to a skb, len and data_len fields need to be updated. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Gustavo Padovan 提交于
If alloc() fails we let the frags linked list with garbage value (the err ptr value) in its last element. Reported-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
- 16 5月, 2012 1 次提交
-
-
由 Mat Martineau 提交于
Commit 105bdf9e introduced a regression in L2CAP streaming mode due to rearranged initialization code that is shared between ERTM and streaming mode. This change makes sure the transmit queue is initialized in both modes. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
- 15 5月, 2012 2 次提交
-
-
由 Mat Martineau 提交于
Commit 94122bbe introduced a problem where tx_send_head was not set to point to the first skb in the ERTM transmit queue, which stalled data transmission. This change sets that pointer when transmission is not already in progress. Reported-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Gustavo Padovan 提交于
It fixes L2CAP socket based security level elevation during a connection. The HID profile needs this (for keyboards) and it is the only way to achieve the security level elevation when using the management interface to talk to the kernel (hence the management enabling patch being the one that exposes this issue). It enables the userspace a security level change when the socket is already connected and create a way to notify the socket the result of the request. At the moment of the request the socket is made non writable, if the request fails the connections closes, otherwise the socket is made writable again, POLL_OUT is emmited. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com> Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
-
- 09 5月, 2012 27 次提交
-
-
由 Mat Martineau 提交于
Use more common code for ERTM and streaming mode segmentation and transmission, and begin using skb control block data for delaying extended or enhanced header generation until just before the packet is transmitted. This code is also better suited for resegmentation, which is needed when L2CAP links are reconfigured after an AMP channel move. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Reviewed-by: NUlisses Furquim <ulisses@profusion.mobi> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Andrei Emeltchenko 提交于
Remove magic number unneeded calculation since hlen = L2CAP_HDR_SIZE + L2CAP_PSMLEN_SIZE Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Gustavo Padovan 提交于
hlen has a fixed size of L2CAP_HDR_SIZE, use this instead. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Gustavo Padovan 提交于
hlen - L2CAP_HDR_SIZE = 0, so we don't need to add them in the calculation. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Mat Martineau 提交于
Adding Code Aurora Forum copyright information due to significant additions of code. Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
L2CAP sockets contain a pointer to l2cap_chan that needs to be reference counted in order to prevent a possible dangling pointer when the channel is freed. There were a few other cases where an l2cap_chan pointer on the stack was dereferenced after a call to l2cap_chan_del. Those pointers are also now reference counted. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
l2cap_get_chan_by_ident was not used, but didn't generate a compiler warning because it was an inline function. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
Structure members used by ERTM or streaming mode need to be initialized when an ERTM or streaming mode link is configured. Some duplicate code is also eliminated by moving in to the ERTM init function. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
Moving these functions simplifies future patches by eliminating forward declarations, makes future patches easier to review, and better preserves 'git blame' information. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
These values are now in the nested l2cap_ctrl struct. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Andre Guedes 提交于
In order to establish a LE connection we need the address type information. User-space already pass this information to kernel through struct sockaddr_l2. This patch adds the dst_type parameter to l2cap_chan_connect so we are able to pass the address type info from user-space down to hci_conn layer. Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org> Acked-by: NJohan Hedberg <johan.hedberg@intel.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Andre Guedes 提交于
This patch adds the dst_type parameter to hci_connect function. Instead of searching the address type in advertising cache, we use the dst_type parameter to establish LE connections. The dst_type is ignored for BR/EDR connection establishment. Signed-off-by: NAndre Guedes <andre.guedes@openbossa.org> Acked-by: NJohan Hedberg <johan.hedberg@intel.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Vinicius Costa Gomes 提交于
As most LE devices leave advertising mode when they enter the connected state, we may want to "pass" that connection to other users. The first user will be the pairing procedure, the connection is established without an associated socket, after the pairing is complete, userspace may want to discover via GATT what services the newly bonded device has. If userspace establishes the connection while the timeout still hasn't expired, the connection will be re-used. Signed-off-by: NVinicius Costa Gomes <vinicius.gomes@openbossa.org> Tested-by: NJoão Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Ido Yariv 提交于
The cid or psm and the source address might not be enough to uniquely identify a global channel, especially when the source address is our own. For instance, when trying to communicate with two LE devices in master mode, data received from the both devices is sent to the same socket. Fix this by taking the destination address into account when choosing the socket. Signed-off-by: NIdo Yariv <ido@wizery.com> Signed-off-by: NArik Nemtsov <arik@wizery.com> Tested-by: NJoão Paulo Rechi Vita <jprvita@openbossa.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Hemant Gupta 提交于
SMP Keys should only be distributeed when encryption is successful. Signed-off-by: NHemant Gupta <hemant.gupta@stericsson.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Mat Martineau 提交于
These functions encode or decode ERTM control fields (extended or enhanced) to or from the new l2cap_ctrl structure. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Mat Martineau 提交于
A sequence list is a data structure used to track frames that need to be retransmitted, and frames that have been requested for retransmission by the remote device. It can compactly represent a list of sequence numbers within the ERTM transmit window. Memory for the list is allocated once at connection time, and common operations in ERTM are O(1). Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo Padovan 提交于
Use ERR_PTR maginc instead. Signed-off-by: NGustavo Padovan <gustavo@padovan.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Andrei Emeltchenko 提交于
Some parameters in L2CAP chan are set to default similar way in socket based channels and A2MP channels. Adds common function which sets all defaults. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Gustavo Padovan 提交于
Following the separation if core and sock code this change avoid manipulation of sk inside l2cap_chan_create(). Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Andrei Emeltchenko 提交于
Remove sparse warnings below: ... net/bluetooth/l2cap_core.c:302:6: warning: symbol '__l2cap_chan_add' was not declared. Should it be static? net/bluetooth/l2cap_core.c:351:6: warning: symbol 'l2cap_chan_add' was not declared. Should it be static? ... Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Andrei Emeltchenko 提交于
set_chan_timer clears timer itself Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-
由 Andrei Emeltchenko 提交于
In L2CAP we use le16 format so change direction of conversion from le16_to_cpu to cpu_to_le16. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Andrei Emeltchenko 提交于
Create Chan Rsp shall put result and status in le format. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Andrei Emeltchenko 提交于
L2CAP channel id is used in host format in internal L2CAP code. Fix sparse warnings about wrong endian conversion. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Andrei Emeltchenko 提交于
cmd->len is in le format so convert it to host format before use. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
-
由 Andrei Emeltchenko 提交于
chan->psm is kept in __le16 format which was not always taken into account. Fix several bugs related to extra conversion. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 29 3月, 2012 1 次提交
-
-
由 David Howells 提交于
Remove all #inclusions of asm/system.h preparatory to splitting and killing it. Performed with the following command: perl -p -i -e 's!^#\s*include\s*<asm/system[.]h>.*\n!!' `grep -Irl '^#\s*include\s*<asm/system[.]h>' *` Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 28 3月, 2012 1 次提交
-
-
由 Andrei Emeltchenko 提交于
When we queue delayed work we hold(chan) and delayed work shall put(chan) after execution. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@intel.com> Signed-off-by: NGustavo Padovan <gustavo@padovan.org>
-