Commit Graph

41 Commits

Author SHA1 Message Date
Tomas Bortoli cf94da6f50 Bluetooth: Fix invalid-free in bcsp_close()
Syzbot reported an invalid-free that I introduced fixing a memleak.

bcsp_recv() also frees bcsp->rx_skb but never nullifies its value.
Nullify bcsp->rx_skb every time it is freed.

Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+a0d209a4676664613e76@syzkaller.appspotmail.com
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2019-11-04 15:19:02 +01:00
Tomas Bortoli 4ce9146e03 Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Syzkaller found that it is possible to provoke a memory leak by
never freeing rx_skb in struct bcsp_struct.

Fix by freeing in bcsp_close()

Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+98162c885993b72f19c4@syzkaller.appspotmail.com
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2019-07-06 13:02:38 +02:00
Thomas Gleixner 1a59d1b8e0 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation either version 2 of the license or at
  your option any later version this program is distributed in the
  hope that it will be useful but without any warranty without even
  the implied warranty of merchantability or fitness for a particular
  purpose see the gnu general public license for more details you
  should have received a copy of the gnu general public license along
  with this program if not write to the free software foundation inc
  59 temple place suite 330 boston ma 02111 1307 usa

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-or-later

has been chosen to replace the boilerplate/reference in 1334 file(s).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-30 11:26:35 -07:00
Kees Cook 0435605289 Bluetooth: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. As already done in hci_qca, add
struct hci_uart pointer to priv structure.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-06 20:37:11 +02:00
Johannes Berg 59ae1d127a networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.

An spatch similar to the one for skb_put_zero() converts many
of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

(again, manually post-processed to retain some comments)

Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:37 -04:00
Prasanna Karthik 6e5ffd0f45 Bluetooth: hci_bcsp: Use setup_timer Kernel API instead of init_timer
Replace init_timer function with setup_timer reported by coccinelle

Signed-off-by: Prasanna Karthik <pkarthik@intrinsyc.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-11-27 07:41:05 +01:00
Dean Jenkins 37332ddc14 Bluetooth: BCSP fails to ACK re-transmitted frames from the peer
Send an ACK frame with the current txack value in response to
every received reliable frame unless a TX reliable frame is being
sent. This modification allows re-transmitted frames from the remote
peer to be acknowledged rather than ignored. It means that the remote
peer knows which frame number to start re-transmitting from.

Without this modification, the recovery time to a missing frame
from the remote peer was unnecessarily being extended because the
headers of the out of order reliable frames were being discarded rather
than being processed. The frame headers of received frames will
indicate whether the local peer's transmissions have been
acknowledged by the remote peer. Therefore, the local peer may
unnecessarily re-transmit despite the remote peer already indicating
that the frame had been acknowledged in out of order reliable frame.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
Signed-off-by: Rajeev Kumar <rajeev_kumar@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-09-24 06:40:24 +02:00
Dean Jenkins 8083ad1cf9 Bluetooth: Tidy-up coding style in hci_bcsp.c
drivers/bluetooth/hci_bcsp.c contains some style issues as
highlighted by

./scripts/checkpatch.pl --strict -f drivers/bluetooth/hci_bcsp.c

a) comments - maintainer prefers network style comments
b) positioning of lines in multi-line statements
c) spaces after casts
d) missing blank lines after declarations

Therefore, tidy-up the above to make it easier to apply
future code changes that have conforming style.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-09-24 06:40:24 +02:00
Maxim Zhukov 8805eea249 Bluetooth: hci_bcsp: fix code style
This commit fixed:
trailing "*/"
trailing spaces
mixed indent
space between ~ and (

Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-04-08 23:01:36 +02:00
Marcel Holtmann 618e8bc228 Bluetooth: Use new hci_skb_pkt_* wrappers for drivers
The new hci_skb_pkt_* wrappers are mainly intented for drivers to
require less knowledge about bt_cb(sbk) handling. So after converting
the core packet handling, convert all drivers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-11-19 17:50:27 +01:00
Prasanna Karthik fe8de008ec Bluetooth: hci_bcsp: Clean up code Fix
Fix for spaces prohibited around that '->' reported by checkpatch and space prohibited
between function name and open parenthesis '('

Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-06-09 13:59:09 +02:00
Shailendra Verma bff6b89f86 Bluetooth: hci_uart: Change 1 to true for bool type variables assignments
The variables txcrc and hciextn are bool type. So assigning true
instead of 1.

Signed-off-by: Shailendra Verma <shailendra.capricorn@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-05-25 20:57:47 +02:00
Marcel Holtmann 788a675675 Bluetooth: hci_uart: Update version number driver
This version number is more cosmetic and for debugging purposes, but
since there has been a few changes lately, increase it now.

Two left-over and not used version constants that were never exposed
anywhere are removed since they have no actual value.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07 18:47:10 +02:00
Marcel Holtmann 01009eec70 Bluetooth: hci_uart: Remove the manual protocol init message
The init function for each HCI UART protocol prints the same on success
and failure. This information is so generic, remove it and let the main
HCI UART handling print it instead.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07 18:47:10 +02:00
Marcel Holtmann 7c40fb8db1 Bluetooth: hci_uart: Add name information to hci_uart_proto struct
This adds an extra name field to the hci_uart_proto struct that provides
a simple way of adding a string identifier to the protocol.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07 18:47:10 +02:00
Marcel Holtmann 4ee7ef1989 Bluetooth: hci_uart: Make struct hci_uart_proto always const
The usage of struct hci_uart_proto should always be const. Change the
function headers and individual protocol drivers.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07 18:47:10 +02:00
Marcel Holtmann 9d1c40ebb6 Bluetooth: hci_uart: Use const data pointer for received data
The TTY layer provides its data pointers as const, but the HCI UART
callbacks expect them as general data pointers. This is of course
wrong and instead of casting them, just fix the individual drivers
to actually take a const data pointer.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07 18:47:09 +02:00
Valentin Ilie a08b15e66e Bluetooth: Remove assignments in if-statements
Remove assignment in if-statements to be consistent with the coding
style.

Signed-off-by: Valentin Ilie <valentin.ilie@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-05 20:52:17 +02:00
Michael Knudsen c327cddd18 Bluetooth: Stop BCSP/H5 timer before cleaning up
When stopping BCSP/H5, stop the retransmission timer before proceeding
to clean up packet queues.  The previous code had a race condition where
the timer could trigger after the packet lists and protocol structure
had been removed which led to dereferencing NULL or use-after-free bugs.

Signed-off-by: Michael Knudsen <m.knudsen@samsung.com>
Reported-by: Kirill Tkhai <ktkhai@parallels.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-04 11:03:14 +02:00
Marcel Holtmann e1a2617069 Bluetooth: Provide hdev parameter to hci_recv_frame() driver callback
To avoid casting skb->dev into hdev, just let the drivers provide
the hdev directly when calling hci_recv_frame() function.

This patch also fixes up all drivers to provide the hdev.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2013-10-11 09:45:34 +02:00
Gustavo Padovan fc5fef615a Bluetooth: Remove 'register' usage from the subsystem
Let the compiler chooses what is best.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2012-06-05 06:34:07 +03:00
Johan Hedberg 46479e6985 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next.git
Conflicts:
	include/net/bluetooth/l2cap.h
	net/bluetooth/hci_conn.c
	net/bluetooth/l2cap_core.c
2012-02-16 14:25:34 +02:00
David Herrmann c063af346d Bluetooth: hci-uart-bcsp: Use GFP_ATOMIC in open()
The uart_proto open() callback is not called in atomic context so we can safely
sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler
and therefore can sleep.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-02-13 17:01:22 +02:00
Rusty Russell 90ab5ee941 module_param: make bool parameters really bool (drivers & misc)
module_param(bool) used to counter-intuitively take an int.  In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.

It's time to remove the int/unsigned int option.  For this version
it'll simply give a warning, but it'll break next kernel version.

Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-13 09:32:20 +10:30
Gustavo F. Padovan f2b94bb9e0 Bluetooth: Add __init and __exit marks to UART drivers
Those marks are useful to save space in the binary and in the memory.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2010-07-27 12:35:58 -07:00
David Howells dd1589a431 Bluetooth: Fix abuse of the preincrement operator
Fix abuse of the preincrement operator as detected when building with gcc
4.6.0:

	 CC [M]  drivers/bluetooth/hci_bcsp.o
	drivers/bluetooth/hci_bcsp.c: In function 'bcsp_prepare_pkt':
	drivers/bluetooth/hci_bcsp.c:247:20: warning: operation on 'bcsp->msgq_txseq' may be undefined

Reported-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-06-30 13:10:09 -07:00
Wending Weng d2e353f7c3 Bluetooth: Fix false errors from bcsp_pkt_cull function
The error message "Removed only %u out of %u pkts" is printed when multiple
to be acked packets are queued.

    if (i++ >= pkts_to_be_removed)
            break;

This will break out of the loop and increase the counter i when
i==pkts_to_be_removed and the loop ends up with i=pkts_to_be_removed+1.

The following line

    if (i != pkts_to_be_removed) {
            BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed);
    }

will then display the false message.

The counter i must not increase on the same statement.

Signed-off-by: Wending Weng <wweng@rheinmetall.ca>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2009-08-24 13:32:32 -07:00
Marcel Holtmann a418b893a6 Bluetooth: Enable per-module dynamic debug messages
With the introduction of CONFIG_DYNAMIC_PRINTK_DEBUG it is possible to
allow debugging without having to recompile the kernel. This patch turns
all BT_DBG() calls into pr_debug() to support dynamic debug messages.

As a side effect all CONFIG_BT_*_DEBUG statements are now removed and
some broken debug entries have been fixed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-11-30 12:17:28 +01:00
David S. Miller 8fc5387cb8 bluetooth: hci_bcsp: Use SKB list interfaces instead of home-grown stuff.
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-21 22:44:08 -07:00
Harvey Harrison c5ec514016 bluetooth: hci_bcsp.c small cleanups/api users
Use bitrev16 from lib/bitrev.c.

Use the get_unaligned_be16 to get the crc from the packet, create a
small helper function for this.

Fix a shadowed variable sparse warning:
drivers/bluetooth/hci_bcsp.c:218:26: warning: symbol 'hdr' shadows an earlier one
drivers/bluetooth/hci_bcsp.c:187:5: originally declared here

[akpm@linux-foundation.org: select CONFIG_BITREVERSE, noted by akinobu.mita@gmail.com]
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10 12:48:45 -07:00
Marcel Holtmann a9de924806 [Bluetooth] Switch from OGF+OCF to using only opcodes
The Bluetooth HCI commands are divided into logical OGF groups for
easier identification of their purposes. While this still makes sense
for the written specification, its makes the code only more complex
and harder to read. So instead of using separate OGF and OCF values
to identify the commands, use a common 16-bit opcode that combines
both values. As a side effect this also reduces the complexity of
OGF and OCF calculations during command header parsing.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-10-22 02:59:40 -07:00
Tim Schmielau cd354f1ae7 [PATCH] remove many unneeded #includes of sched.h
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there.  Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.

To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.

Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm.  I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).

Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de>
Acked-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-14 08:09:54 -08:00
Peter Zijlstra f89d75f224 [PATCH] lockdep: annotate bcsp driver
=============================================
    [ INFO: possible recursive locking detected ]
    2.6.18-1.2699.fc6 #1
    ---------------------------------------------
    swapper/0 is trying to acquire lock:
     (&list->lock#3){+...}, at: [<c05ad307>] skb_dequeue+0x12/0x43

    but task is already holding lock:
     (&list->lock#3){+...}, at: [<df98cd79>] bcsp_dequeue+0x6a/0x11e [hci_uart]

Two different list locks nest, annotate so.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-07 08:39:34 -08:00
Jörn Engel 6ab3d5624e Remove obsolete #include <linux/config.h>
Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-06-30 19:25:36 +02:00
Arjan van de Ven 858119e159 [PATCH] Unlinline a bunch of other functions
Remove the "inline" keyword from a bunch of big functions in the kernel with
the goal of shrinking it by 30kb to 40kb

Signed-off-by: Arjan van de Ven <arjan@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-14 18:27:06 -08:00
Deepak Saxena 089b1dbbde [PATCH] bluetooth: kmalloc + memset -> kzalloc conversion
Signed-off-by: Deepak Saxena <dsaxena@plexity.net>
Cc: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-07 07:54:00 -08:00
Marcel Holtmann 0372a6627f [Bluetooth] Cleanup of the HCI UART driver
This patch contains the big cleanup of the HCI UART driver. The uneeded
header files are removed and their structure declarations are moved into
the protocol implementations.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-10-28 19:20:45 +02:00
Marcel Holtmann 20dd6f59d6 [Bluetooth] Remove TXCRC compile option for BCSP driver
The TXCRC compile option is not really useful and thus change it
into a module parameter.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-10-28 19:20:40 +02:00
Marcel Holtmann 0d48d93947 [Bluetooth]: Move packet type into the SKB control buffer
This patch moves the usage of packet type into the SKB control
buffer. After this patch it is now possible to shrink the sk_buff
structure and redefine its pkt_type.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-29 15:55:13 -07:00
Marcel Holtmann 66e8b6c31b [Bluetooth] Remove unused functions and cleanup symbol exports
This patch removes the unused bt_dump() function and it also removes
its BT_DMP macro. It also unexports the hci_dev_get(), hci_send_cmd()
and hci_si_event() functions.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-08-06 12:36:51 +02:00
Linus Torvalds 1da177e4c3 Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.

Let it rip!
2005-04-16 15:20:36 -07:00