Doug / smarc-fsl-linux-kernel

24 Oct, 2012

1 commit

20 Oct, 2012

1 commit

15 Oct, 2012

2 commits

  • 2dc4e5105   Bluetooth: Add chan->ops->defer() ... Browse Code »

    When DEFER_SETUP is set defer() will trigger an authorization
    request to the userspace.

    l2cap_chan_no_defer() is meant to be used when one does not want to
    support DEFER_SETUP (A2MP for example).

    Acked-by: Marcel Holtmann
    Signed-off-by: Gustavo Padovan

    Gustavo Padovan
     
  • 644912e18   Bluetooth: Move bt_accept_enqueue() to l2cap_sock.c ... Browse Code »

    This is part of the move the parent socket usage to l2cap_sock.c

    The change is safe when it comes to locking, bt_accept_enqueue() is still
    protected by the parent socket lock inside the
    l2cap_sock_new_connection_cb() code.

    Acked-by: Marcel Holtmann
    Signed-off-by: Gustavo Padovan

    Gustavo Padovan
     

12 Oct, 2012

1 commit

11 Oct, 2012

1 commit

09 Oct, 2012

1 commit

  • 23d3a8694   Bluetooth: don't attempt to free a channel that wasn't created ... Browse Code »

    We may currently attempt to free a channel which wasn't created due to
    an error in the initialization path, this would cause a NULL ptr deref.

    This would cause the following oops:

    [ 12.919073] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
    [ 12.919131] IP: [] l2cap_chan_put+0x34/0x50
    [ 12.919135] PGD 0
    [ 12.919138] Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
    [ 12.919193] Dumping ftrace buffer:
    [ 12.919242] (ftrace buffer empty)
    [ 12.919314] Modules linked in:
    [ 12.919318] CPU 1
    [ 12.919319] Pid: 6210, comm: krfcommd Tainted: G W 3.6.0-next-20121004-sasha-00005-gb010653-dirty #30
    [ 12.919374] RIP: 0010:[] [] l2cap_chan_put+0x34/0x50
    [ 12.919377] RSP: 0000:ffff880066933c38 EFLAGS: 00010246
    [ 12.919378] RAX: ffffffff8366c780 RBX: 0000000000000000 RCX: 6666666666666667
    [ 12.919379] RDX: 0000000000000fa0 RSI: ffffffff84d3f79e RDI: 0000000000000010
    [ 12.919381] RBP: ffff880066933c48 R08: ffffffff859989f8 R09: 0000000000000001
    [ 12.919382] R10: 0000000000000000 R11: 7fffffffffffffff R12: 0000000000000000
    [ 12.919383] R13: ffff88009b00a200 R14: ffff88009b00a200 R15: 0000000000000001
    [ 12.919385] FS: 0000000000000000(0000) GS:ffff880033600000(0000) knlGS:0000000000000000
    [ 12.919437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 12.919440] CR2: 0000000000000010 CR3: 0000000005026000 CR4: 00000000000406e0
    [ 12.919446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [ 12.919451] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    [ 12.919504] Process krfcommd (pid: 6210, threadinfo ffff880066932000, task ffff880065c4b000)
    [ 12.919506] Stack:
    [ 12.919510] ffff88009b00a200 ffff880032084000 ffff880066933c68 ffffffff8366c7bc
    [ 12.919513] 7fffffffffffffff ffff880032084000 ffff880066933c98 ffffffff833ae0ae
    [ 12.919516] ffff880066933ca8 0000000000000000 0000000000000000 ffff88009b00a200
    [ 12.919517] Call Trace:
    [ 12.919522] [] l2cap_sock_destruct+0x3c/0x80
    [ 12.919527] [] __sk_free+0x1e/0x1f0
    [ 12.919530] [] sk_free+0x17/0x20
    [ 12.919585] [] l2cap_sock_alloc.constprop.5+0x9e/0xd0
    [ 12.919591] [] l2cap_sock_create+0x7e/0x100
    [ 12.919652] [] ? _raw_read_lock+0x6a/0x80
    [ 12.919658] [] ? bt_sock_create+0x74/0x110
    [ 12.919660] [] bt_sock_create+0xb8/0x110
    [ 12.919664] [] __sock_create+0x282/0x3b0
    [ 12.919720] [] ? __sock_create+0x100/0x3b0
    [ 12.919725] [] ? rfcomm_process_sessions+0x17e0/0x17e0
    [ 12.919779] [] sock_create_kern+0x1f/0x30
    [ 12.919784] [] rfcomm_l2sock_create+0x44/0x70
    [ 12.919787] [] ? rfcomm_process_sessions+0x17e0/0x17e0
    [ 12.919790] [] rfcomm_run+0x4e/0x1f0
    [ 12.919846] [] ? rfcomm_process_sessions+0x17e0/0x17e0
    [ 12.919852] [] kthread+0xe3/0xf0
    [ 12.919908] [] ? put_lock_stats.isra.14+0xe/0x40
    [ 12.919914] [] ? flush_kthread_work+0x1f0/0x1f0
    [ 12.919968] [] ret_from_fork+0x7c/0x90
    [ 12.919973] [] ? flush_kthread_work+0x1f0/0x1f0
    [ 12.920161] Code: 83 ec 08 f6 05 ff 58 44 02 04 74 1b 8b 4f 10 48 89 fa 48 c7 c6 d9 d7 d4 84 48 c7 c7 80 9e aa 85 31 c0 e8 80
    ac 3a fe 48 8d 7b 10 83 6b 10 01 0f 94 c0 84 c0 74 05 e8 8b e0 ff ff 48 83 c4 08
    [ 12.920165] RIP [] l2cap_chan_put+0x34/0x50
    [ 12.920166] RSP
    [ 12.920167] CR2: 0000000000000010
    [ 12.920417] ---[ end trace 5a9114e8a158ab84 ]---

    Introduced in commit 61d6ef3e ("Bluetooth: Make better use of l2cap_chan
    reference counting").

    Signed-off-by: Sasha Levin
    Signed-off-by: Gustavo Padovan

    Sasha Levin
     

08 Oct, 2012

1 commit

15 Sep, 2012

1 commit

  • b48b63a1f   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net ... Browse Code »

    Conflicts:
    net/netfilter/nfnetlink_log.c
    net/netfilter/xt_LOG.c

    Rather easy conflict resolution, the 'net' tree had bug fixes to make
    sure we checked if a socket is a time-wait one or not and elide the
    logging code if so.

    Whereas on the 'net-next' side we are calculating the UID and GID from
    the creds using different interfaces due to the user namespace changes
    from Eric Biederman.

    Signed-off-by: David S. Miller

    David S. Miller
     

08 Sep, 2012

2 commits

  • fac805f8c   Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless Browse Code »
    John W. Linville
     
  • 777bf135b   Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/… ... Browse Code »

    …wireless into for-davem

    John W. Linville says:

    ====================
    Please pull these fixes intended for 3.6. There are more commits
    here than I would like -- I got a bit behind while I was stalking
    Steven Rostedt in San Diego last week... I'll slow it down after this!

    There are a couple of pulls here. One is from Johannes:

    "Please pull (according to the below information) to get a few fixes.

    * a fix to properly disconnect in the driver when authentication or
    association fails
    * a fix to prevent invalid information about mesh paths being reported
    to userspace
    * a memory leak fix in an nl80211 error path"

    The other comes via Gustavo:

    "A few updates for the 3.6 kernel. There are two btusb patches to add
    more supported devices through the new USB_VENDOR_AND_INTEFACE_INFO()
    macro and another one that add a new device id for a Sony Vaio laptop,
    one fix for a user-after-free and, finally, two patches from Vinicius
    to fix a issue in SMP pairing."

    Along with those...

    Arend van Spriel provides a fix for a use-after-free bug in brcmfmac.

    Daniel Drake avoids a hang by not trying to touch the libertas hardware
    duing suspend if it is already powered-down.

    Felix Fietkau provides a batch of ath9k fixes that adress some
    potential problems with power settings, as well as a fix to avoid a
    potential interrupt storm.

    Gertjan van Wingerde provides a register-width fix for rt2x00, and
    a rt2x00 fix to prevent incorrectly detecting the rfkill status.
    He also provides a device ID patch.

    Hante Meuleman gives us three brcmfmac fixes, one that properly
    initializes a command structure, one that fixes a race condition that
    could lose usb requests, and one that removes some log spam.

    Marc Kleine-Budde offers an rt2x00 fix for a voltage setting on some
    specific devices.

    Mohammed Shafi Shajakhan sent an ath9k fix to avoid a crash related to
    using timers that aren't allocated when 2 wire bluetooth coexistence
    hardware is in use.

    Sergei Poselenov changes rt2800usb to do some validity checking for
    received packets, avoiding crashes on an ARM Soc.

    Stone Piao gives us an mwifiex fix for an incorrectly set skb length
    value for a command buffer.

    All of these are localized to their specific drivers, and relatively
    small. The power-related patches from Felix are bigger than I would
    like, but I merged them in consideration of their isolation to ath9k
    and the sensitive nature of power settings in wireless devices.
    ====================

    Signed-off-by: David S. Miller <davem@davemloft.net>

    John W. Linville
     

27 Aug, 2012

1 commit

23 Aug, 2012

1 commit

16 Aug, 2012

1 commit

  • 792039c73   Bluetooth: L2CAP - Fix info leak via getsockname() ... Browse Code »

    The L2CAP code fails to initialize the l2_bdaddr_type member of struct
    sockaddr_l2 and the padding byte added for alignment. It that for leaks
    two bytes kernel stack via the getsockname() syscall. Add an explicit
    memset(0) before filling the structure to avoid the info leak.

    Signed-off-by: Mathias Krause
    Cc: Marcel Holtmann
    Cc: Gustavo Padovan
    Cc: Johan Hedberg
    Signed-off-by: David S. Miller

    Mathias Krause
     

07 Aug, 2012

3 commits

05 Jun, 2012

8 commits

17 May, 2012

4 commits

15 May, 2012

1 commit

  • a7d7723ae   Bluetooth: notify userspace of security level change ... Browse Code »

    It fixes L2CAP socket based security level elevation during a
    connection. The HID profile needs this (for keyboards) and it is the only
    way to achieve the security level elevation when using the management
    interface to talk to the kernel (hence the management enabling patch
    being the one that exposes this issue).

    It enables the userspace a security level change when the socket is
    already connected and create a way to notify the socket the result of the
    request. At the moment of the request the socket is made non writable, if
    the request fails the connections closes, otherwise the socket is made
    writable again, POLL_OUT is emmited.

    Signed-off-by: Gustavo Padovan
    Acked-by: Marcel Holtmann
    Signed-off-by: Johan Hedberg
    Signed-off-by: John W. Linville

    Gustavo Padovan
     

09 May, 2012

7 commits

28 Mar, 2012

1 commit

08 Mar, 2012

1 commit

02 Mar, 2012

1 commit