- 02 12月, 2010 2 次提交
-
-
由 Andrei Emeltchenko 提交于
In timer context we might delete l2cap channel used by krfcommd. The check makes sure that sk is not owned. If sk is owned we restart timer for HZ/5. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Andrei Emeltchenko 提交于
Check that socket sk is not locked in user process before removing l2cap connection handler. lock_sock and release_sock do not hold a normal spinlock directly but instead hold the owner field. This means bh_lock_sock can still execute even if the socket is "locked". More info can be found here: http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks krfcommd kernel thread may be preempted with l2cap tasklet which remove l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply (like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens. ... [ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 694.184936] pgd = c0004000 [ 694.187683] [00000000] *pgd=00000000 [ 694.191711] Internal error: Oops: 5 [#1] PREEMPT [ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading [ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1) [ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap] [ 694.270721] LR is at 0xd7017303 ... [ 694.525085] Backtrace: [ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8) [ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80) Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 09 11月, 2010 2 次提交
-
-
由 Gustavo F. Padovan 提交于
Last commit added a wrong endianness conversion. Fixing that. Reported-by: NHarvey Harrison <harvey.harrison@gmail.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 steven miao 提交于
In function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of opt->val sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes access will cause data misalignment exeception. Use get_unaligned_le16/32 and put_unaligned_le16/32 function to avoid data misalignment execption. Signed-off-by: Nsteven miao <realmz6@gmail.com> Signed-off-by: NMike Frysinger <vapier@gentoo.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 18 10月, 2010 1 次提交
-
-
由 Nathan Holstein 提交于
In error cases when the ACL is insecure or we fail to allocate a new struct sock, we jump to the "response" label. If so, "sk" will be null and the kernel crashes. Signed-off-by: NNathan Holstein <nathan.holstein@gmail.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 12 10月, 2010 6 次提交
-
-
由 Haijun Liu 提交于
Update conf_state with L2CAP_CONF_REQ_SENT before send config_req out in l2cap_config_req(). Signed-off-by: NHaijun Liu <haijun.liu@atheros.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Gustavo F. Padovan 提交于
&err points to the proper error set by bt_skb_send_alloc() when it fails. Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Andrei Emeltchenko 提交于
BLUETOOTH SPECIFICATION Version 4.0 [Vol 3] page 36 mentioned "Note: Start Fragments always begin with the Basic L2CAP header of a PDU." Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Andrei Emeltchenko 提交于
Current Bluetooth code assembles fragments of big L2CAP packets in l2cap_recv_acldata and then checks allowed L2CAP size in assemled L2CAP packet (pi->imtu < skb->len). The patch moves allowed L2CAP size check to the early stage when we receive the first fragment of L2CAP packet. We do not need to reserve and keep L2CAP fragments for bad packets. Updated version after comments from Mat Martineau <mathewm@codeaurora.org> and Gustavo Padovan <padovan@profusion.mobi>. Trace below is received when using stress tools sending big fragmented L2CAP packets. ... [ 1712.798492] swapper: page allocation failure. order:4, mode:0x4020 [ 1712.804809] [<c0031870>] (unwind_backtrace+0x0/0xdc) from [<c00a1f70>] (__alloc_pages_nodemask+0x4) [ 1712.814666] [<c00a1f70>] (__alloc_pages_nodemask+0x47c/0x4d4) from [<c00a1fd8>] (__get_free_pages+) [ 1712.824645] [<c00a1fd8>] (__get_free_pages+0x10/0x3c) from [<c026eb5c>] (__alloc_skb+0x4c/0xfc) [ 1712.833465] [<c026eb5c>] (__alloc_skb+0x4c/0xfc) from [<bf28c738>] (l2cap_recv_acldata+0xf0/0x1f8 ) [ 1712.843322] [<bf28c738>] (l2cap_recv_acldata+0xf0/0x1f8 [l2cap]) from [<bf0094ac>] (hci_rx_task+0x) ... Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Mat Martineau 提交于
L2CAP ERTM sockets can be opened with the SOCK_STREAM socket type, which is a mandatory request for ERTM mode. However, these sockets still have SOCK_SEQPACKET read semantics when bt_sock_recvmsg() is used to pull data from the receive queue. If the application is only reading part of a frame, then the unread portion of the frame is discarded. If the application requests more bytes than are in the current frame, only the current frame's data is returned. This patch utilizes common code derived from RFCOMM's recvmsg() function to make L2CAP SOCK_STREAM reads behave like RFCOMM reads (and other SOCK_STREAM sockets in general). The application may read one byte at a time from the input stream and not lose any data, and may also read across L2CAP frame boundaries. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Mat Martineau 提交于
Valid L2CAP PSMs are odd numbers, and the least significant bit of the most significant byte must be 0. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Acked-by: NMarcel Holtmann <marcel@holtmann.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 05 10月, 2010 1 次提交
-
-
由 Gustavo F. Padovan 提交于
L2CAP doesn't permit change like MTU, FCS, TxWindow values while the connection is alive, we can only set that before the connection/configuration process. That can lead to bugs in the L2CAP operation. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 30 9月, 2010 4 次提交
-
-
由 Gustavo F. Padovan 提交于
This reverts commit 8cb8e6f1. That commit introduced a regression with the Bluetooth Profile Tuning Suite(PTS), Reverting this make sure that L2CAP is in a qualificable state. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Gustavo F. Padovan 提交于
As we don't have any error control on the Streaming mode, i.e., we don't need to keep a copy of the skb for later resending we don't need to call skb_clone() on it. Then we can go one further here, and dequeue the skb before sending it, that also means we don't need to look to sk->sk_send_head anymore. The patch saves memory and time when sending Streaming mode data, so it is good to mainline. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Andrei Emeltchenko 提交于
When receiving L2CAP negative configuration response with respect to MTU parameter we modify wrong field. MTU here means proposed value of MTU that the remote device intends to transmit. So for local L2CAP socket it is pi->imtu. Signed-off-by: NAndrei Emeltchenko <andrei.emeltchenko@nokia.com> Acked-by: NVille Tervo <ville.tervo@nokia.com> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
由 Mat Martineau 提交于
This fixes a bug which caused the FCS setting to show L2CAP_FCS_CRC16 with L2CAP modes other than ERTM or streaming. At present, this only affects the FCS value shown with getsockopt() for basic mode. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi>
-
- 10 8月, 2010 2 次提交
-
-
由 Mat Martineau 提交于
remote_tx_win is intended to be set on receipt of an L2CAP configuration request. The value is used to determine the size of the transmit window on the remote side of an ERTM connection, so L2CAP can stop sending frames when that remote window is full. An incorrect remote_tx_win value will cause the stack to not fully utilize the tx window (performance impact), or to overfill the remote tx window (causing dropped frames or a disconnect). This patch removes an extra setting of remote_tx_win when a configuration response is received. The transmit window has a different meaning in a response - it is an informational value less than or equal to the local tx_win. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Mat Martineau 提交于
Incoming configuration values must be converted to native CPU order before use. This fixes a bug where a little-endian MPS value is compared to a native CPU value. On big-endian processors, this can cause ERTM and streaming mode segmentation to produce PDUs that are larger than the remote stack is expecting, or that would produce fragmented skbs that the current FCS code cannot handle. Signed-off-by: NMat Martineau <mathewm@codeaurora.org> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
- 04 8月, 2010 2 次提交
-
-
由 Ville Tervo 提交于
Check result code of L2CAP information response. Otherwise it would read invalid feature mask and access invalid memory. Signed-off-by: NVille Tervo <ville.tervo@nokia.com> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
If the remote side doesn't support Enhanced Retransmission Mode neither Streaming Mode, we shall not send the RFC option. Some devices that only supports Basic Mode do not understanding the RFC option. This patch fixes the regression found with these devices. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
- 22 7月, 2010 20 次提交
-
-
由 Gustavo F. Padovan 提交于
Change the enable_ertm param to disable_ertm and default value to 0. That means that L2CAP Extended features are enabled by default now. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
We did some changes on the L2CAP configuration process and its behaviour is bit different now. That justifies a updated on the L2CAP version. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Copyright for the time I worked on L2CAP during the Google Summer of Code program. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Purely a cosmetic change, it doesn't change the code flow. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Probably a typo error. We were using the wrong struct to get size. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
The extended L2CAP features requires that one should initiate a ConfigReq after send the ConnectionRsp. This patch changes the behaviour of the configuration process of our stack. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
L2CAP only deals with ACL links. EINVAL should be returned otherwise. Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
When the socket is in a bad state EBADFD is more appropriate then EINVAL. Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
When we try to send a message bigger than the outgoing MTU value EMSGSIZE (message too long) should be returned. Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
It doesn't make sense to have a return value since we always set it to 0. Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 João Paulo Rechi Vita 提交于
Return a proper error value if socket is already connected. Signed-off-by: NJoão Paulo Rechi Vita <jprvita@profusion.mobi> Acked-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Now we also check if can push skb userspace just after receive a new skb instead of only wait the l2cap_busy_work wake up from time to time to check the local busy condition. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
backlog queue is the canonical mechanism to avoid race conditions due interrupts in bottom half context. After the socket lock is released the net core take care of push all skb in its backlog queue. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Using a lock to deal with the ERTM race condition - interruption with new data from the hci layer - is wrong. We should use the native skb backlog queue. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
If such event happens we shall reply with a Command Reject, because we are not expecting any configure request. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
When mode is mandatory we shall not send connect request and report this to the userspace as well. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-
由 Gustavo F. Padovan 提交于
Since now we have checks for the supported mode before on l2cap_info_rsp we can remove the check for it here. Signed-off-by: NGustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
-