16 Oct, 2012
1 commit
13 Oct, 2012
1 commit
-
With user namespace support enabled building bluetooth generated the warning.
net/bluetooth/af_bluetooth.c: In function ‘bt_seq_show’:
net/bluetooth/af_bluetooth.c:598:7: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 7 has type ‘kuid_t’ [-Wformat]Convert sock_i_uid from a kuid_t to a uid_t before printing, to avoid
this problem.Reported-by: Fengguang Wu
Cc: Masatake YAMATO
Cc: Gustavo Padovan
Signed-off-by: "Eric W. Biederman"
12 Oct, 2012
1 commit
-
When sending a pairing request or response we should not just blindly
copy the value that the remote device sent. Instead we should at least
make sure to mask out any unknown bits. This is particularly critical
from the upcoming LE Secure Connections feature perspective as
incorrectly indicating support for it (by copying the remote value)
would cause a failure to pair with devices that support it.Signed-off-by: Johan Hedberg
Cc: stable@kernel.org
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan
03 Oct, 2012
1 commit
-
Pull networking changes from David Miller:
1) GRE now works over ipv6, from Dmitry Kozlov.
2) Make SCTP more network namespace aware, from Eric Biederman.
3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.
4) Make openvswitch network namespace aware, from Pravin B Shelar.
5) IPV6 NAT implementation, from Patrick McHardy.
6) Server side support for TCP Fast Open, from Jerry Chu and others.
7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel
Borkmann.8) Increate the loopback default MTU to 64K, from Eric Dumazet.
9) Use a per-task rather than per-socket page fragment allocator for
outgoing networking traffic. This benefits processes that have very
many mostly idle sockets, which is quite common.From Eric Dumazet.
10) Use up to 32K for page fragment allocations, with fallbacks to
smaller sizes when higher order page allocations fail. Benefits are
a) less segments for driver to process b) less calls to page
allocator c) less waste of space.From Eric Dumazet.
11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.
12) VXLAN device driver, one way to handle VLAN issues such as the
limitation of 4096 VLAN IDs yet still have some level of isolation.
From Stephen Hemminger.13) As usual there is a large boatload of driver changes, with the scale
perhaps tilted towards the wireless side this time around.Fix up various fairly trivial conflicts, mostly caused by the user
namespace changes.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)
hyperv: Add buffer for extended info after the RNDIS response message.
hyperv: Report actual status in receive completion packet
hyperv: Remove extra allocated space for recv_pkt_list elements
hyperv: Fix page buffer handling in rndis_filter_send_request()
hyperv: Fix the missing return value in rndis_filter_set_packet_filter()
hyperv: Fix the max_xfer_size in RNDIS initialization
vxlan: put UDP socket in correct namespace
vxlan: Depend on CONFIG_INET
sfc: Fix the reported priorities of different filter types
sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP
sfc: Fix loopback self-test with separate_tx_channels=1
sfc: Fix MCDI structure field lookup
sfc: Add parentheses around use of bitfield macro arguments
sfc: Fix null function pointer in efx_sriov_channel_type
vxlan: virtual extensible lan
igmp: export symbol ip_mc_leave_group
netlink: add attributes to fdb interface
tg3: unconditionally select HWMON support when tg3 is enabled.
Revert "net: ti cpsw ethernet: allow reading phy interface mode from DT"
gre: fix sparse warning
...
02 Oct, 2012
1 commit
-
Pull TTY changes from Greg Kroah-Hartman:
"As we skipped the merge window for 3.6-rc1 for the tty tree,
everything is now settled down and working properly, so we are ready
for 3.7-rc1. Here's the patchset, it's big, but the large changes are
removing a firmware file and adding a staging tty driver (it depended
on the tty core changes, so it's going through this tree instead of
the staging tree.)All of these patches have been in the linux-next tree for a while.
Signed-off-by: Greg Kroah-Hartman "
Fix up more-or-less trivial conflicts in
- drivers/char/pcmcia/synclink_cs.c:
tty NULL dereference fix vs tty_port_cts_enabled() helper function
- drivers/staging/{Kconfig,Makefile}:
add-add conflict (dgrp driver added close to other staging drivers)
- drivers/staging/ipack/devices/ipoctal.c:
"split ipoctal_channel from iopctal" vs "TTY: use tty_port_register_device"* tag 'tty-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (235 commits)
tty/serial: Add kgdb_nmi driver
tty/serial/amba-pl011: Quiesce interrupts in poll_get_char
tty/serial/amba-pl011: Implement poll_init callback
tty/serial/core: Introduce poll_init callback
kdb: Turn KGDB_KDB=n stubs into static inlines
kdb: Implement disable_nmi command
kernel/debug: Mask KGDB NMI upon entry
serial: pl011: handle corruption at high clock speeds
serial: sccnxp: Make 'default' choice in switch last
serial: sccnxp: Remove mask termios caps for SW flow control
serial: sccnxp: Report actual baudrate back to core
serial: samsung: Add poll_get_char & poll_put_char
Powerpc 8xx CPM_UART setting MAXIDL register proportionaly to baud rate
Powerpc 8xx CPM_UART maxidl should not depend on fifo size
Powerpc 8xx CPM_UART too many interrupts
Powerpc 8xx CPM_UART desynchronisation
serial: set correct baud_base for EXSYS EX-41092 Dual 16950
serial: omap: fix the reciever line error case
8250: blacklist Winbond CIR port
8250_pnp: do pnp probe before legacy probe
...
30 Sep, 2012
1 commit
-
John W. Linville says:
====================
Here is another batch of updates intended for 3.7...Highlights include an hci_connect re-write in Bluetooth, HCI/LLC
layer separation in NFC, removal of the raw pn544 NFC driver, NFC LLCP
raw sockets support, improved IBSS auth frame handling in mac80211,
full-MAC AP mode notification support in mac80211, a lot of attention
paid to brcmfmac, and the usual level of updates to iwlwifi, ath9k,
mwifiex, and rt2x00, and various other updates.
====================Signed-off-by: David S. Miller
29 Sep, 2012
1 commit
-
Conflicts:
drivers/net/team/team.c
drivers/net/usb/qmi_wwan.c
net/batman-adv/bat_iv_ogm.c
net/ipv4/fib_frontend.c
net/ipv4/route.c
net/l2tp/l2tp_netlink.cThe team, fib_frontend, route, and l2tp_netlink conflicts were simply
overlapping changes.qmi_wwan and bat_iv_ogm were of the "use HEAD" variety.
With help from Antonio Quartulli.
Signed-off-by: David S. Miller
28 Sep, 2012
1 commit
-
…wireless-next into for-davem
Conflicts:
net/nfc/netlink.cSigned-off-by: John W. Linville <linville@tuxdriver.com>
25 Sep, 2012
1 commit
23 Sep, 2012
1 commit
-
…wireless into for-davem
22 Sep, 2012
1 commit
-
Change return value from -EACCES to -EPERM when the permission check fails.
Signed-off-by: Zhao Hongjiang
Signed-off-by: David S. Miller
19 Sep, 2012
6 commits
-
For each kernel release where commands or events are added to the
management interface, the revision field should be increment by one.The increment should only happen once per kernel release and not
for every command/event that gets added. The revision value is for
informational purposes only, but this simple policy would make any
future debugging a lot simple.Signed-off-by: Johan Hedberg
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo Padovan -
This patch adds support for Secure Simple Pairing with devices that have
KeyboardOnly as their IO capability. Such devices will cause a passkey
notification on our side and optionally also keypress notifications.
Without this patch some keyboards cannot be paired using the mgmt
interface.Signed-off-by: Johan Hedberg
Cc: stable@vger.kernel.org
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan -
For example, when a usb reset is received (I could reproduce it
running something very similar to this[1] in a loop) it could be
that the device is unregistered while the power_off delayed work
is still scheduled to run.Backtrace:
WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
Hardware name: To Be Filled By O.E.M.
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x26
Modules linked in: nouveau mxm_wmi btusb wmi bluetooth ttm coretemp drm_kms_helper
Pid: 2114, comm: usb-reset Not tainted 3.5.0bt-next #2
Call Trace:
[] ? free_obj_work+0x57/0x91
[] warn_slowpath_common+0x7e/0x97
[] warn_slowpath_fmt+0x41/0x43
[] debug_print_object+0x7c/0x8d
[] ? __queue_work+0x259/0x259
[] ? debug_check_no_obj_freed+0x6f/0x1b5
[] debug_check_no_obj_freed+0x98/0x1b5
[] ? bt_host_release+0x10/0x1e [bluetooth]
[] kfree+0x90/0xe6
[] bt_host_release+0x10/0x1e [bluetooth]
[] device_release+0x4a/0x7e
[] kobject_release+0x11d/0x154
[] kobject_put+0x4a/0x4f
[] put_device+0x12/0x14
[] hci_free_dev+0x22/0x26 [bluetooth]
[] btusb_disconnect+0x96/0x9f [btusb]
[] usb_unbind_interface+0x57/0x106
[] __device_release_driver+0x83/0xd6
[] device_release_driver+0x20/0x2d
[] usb_driver_release_interface+0x44/0x7b
[] usb_forced_unbind_intf+0x45/0x4e
[] usb_reset_device+0xa6/0x12e
[] usbdev_do_ioctl+0x319/0xe20
[] ? avc_has_perm_flags+0xc9/0x12e
[] ? avc_has_perm_flags+0x25/0x12e
[] ? do_page_fault+0x31e/0x3a1
[] usbdev_ioctl+0x9/0xd
[] vfs_ioctl+0x21/0x34
[] do_vfs_ioctl+0x408/0x44b
[] ? file_has_perm+0x76/0x81
[] sys_ioctl+0x51/0x76
[] system_call_fastpath+0x16/0x1b[1] http://cpansearch.perl.org/src/DPAVLIN/Biblio-RFID-0.03/examples/usbreset.c
Signed-off-by: Vinicius Costa Gomes
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo Padovan -
When releasing L2CAP socket which is in BT_CONFIG state l2cap_chan_close
invokes l2cap_send_disconn_req which cancel delayed works which are only
set in BT_CONNECTED state with l2cap_ertm_init. Add state check before
cancelling those works....
[ 9668.574372] [21085] l2cap_sock_release: sock cd065200, sk f073e800
[ 9668.574399] [21085] l2cap_sock_shutdown: sock cd065200, sk f073e800
[ 9668.574411] [21085] l2cap_chan_close: chan f073ec00 state BT_CONFIG sk f073e800
[ 9668.574421] [21085] l2cap_send_disconn_req: chan f073ec00 conn ecc16600
[ 9668.574441] INFO: trying to register non-static key.
[ 9668.574443] the code is fine but needs lockdep annotation.
[ 9668.574446] turning off the locking correctness validator.
[ 9668.574450] Pid: 21085, comm: obex-client Tainted: G O 3.5.0+ #57
[ 9668.574452] Call Trace:
[ 9668.574463] [] __lock_acquire+0x12e3/0x1700
[ 9668.574468] [] ? trace_hardirqs_on+0xb/0x10
[ 9668.574476] [] ? printk+0x4d/0x4f
[ 9668.574479] [] lock_acquire+0x88/0x130
[ 9668.574487] [] ? try_to_del_timer_sync+0x60/0x60
[ 9668.574491] [] del_timer_sync+0x50/0xc0
[ 9668.574495] [] ? try_to_del_timer_sync+0x60/0x60
[ 9668.574515] [] l2cap_send_disconn_req+0xe3/0x160 [bluetooth]
...Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
When new BT USB adapter is plugged in it's configured while still being powered
off (HCI_AUTO_OFF flag is set), thus Set LE will only set dev_flags but won't
write changes to controller. As a result it's not possible to start device
discovery session on LE controller as it uses interleaved discovery which
requires LE Supported Host flag in extended features.This patch ensures HCI Write LE Host Supported is sent when Set Powered is
called to power on controller and clear HCI_AUTO_OFF flag.Signed-off-by: Andrzej Kaczmarek
Cc: stable@vger.kernel.org
Acked-by: Johan Hedberg
Signed-off-by: Gustavo Padovan -
When new BT USB adapter is plugged in it's configured while still being powered
off (HCI_AUTO_OFF flag is set), thus Set SSP will only set dev_flags but won't
write changes to controller. As a result remote devices won't use Secure Simple
Pairing with our device due to SSP Host Support flag disabled in extended
features and may also reject SSP attempt from our side (with possible fallback
to legacy pairing).This patch ensures HCI Write Simple Pairing Mode is sent when Set Powered is
called to power on controller and clear HCI_AUTO_OFF flag.Signed-off-by: Andrzej Kaczmarek
Cc: stable@vger.kernel.org
Acked-by: Johan Hedberg
Signed-off-by: Gustavo Padovan
17 Sep, 2012
1 commit
-
This pulls in the fixes in 3.6-rc6
Signed-off-by: Greg Kroah-Hartman
15 Sep, 2012
1 commit
-
Conflicts:
net/netfilter/nfnetlink_log.c
net/netfilter/xt_LOG.cRather easy conflict resolution, the 'net' tree had bug fixes to make
sure we checked if a socket is a time-wait one or not and elide the
logging code if so.Whereas on the 'net-next' side we are calculating the UID and GID from
the creds using different interfaces due to the user namespace changes
from Eric Biederman.Signed-off-by: David S. Miller
09 Sep, 2012
4 commits
-
Add Read Data Block Size HCI cmd to AMP initialization, then it
makes possible to send data.Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
Return code is not needed in hci_chan_del
Signed-off-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
hdev is allocated with kzalloc so zero initialization is not needed.
Signed-off-by: Andrei Emeltchenko
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan
08 Sep, 2012
2 commits
-
…wireless into for-davem
John W. Linville says:
====================
Please pull these fixes intended for 3.6. There are more commits
here than I would like -- I got a bit behind while I was stalking
Steven Rostedt in San Diego last week... I'll slow it down after this!There are a couple of pulls here. One is from Johannes:
"Please pull (according to the below information) to get a few fixes.
* a fix to properly disconnect in the driver when authentication or
association fails
* a fix to prevent invalid information about mesh paths being reported
to userspace
* a memory leak fix in an nl80211 error path"The other comes via Gustavo:
"A few updates for the 3.6 kernel. There are two btusb patches to add
more supported devices through the new USB_VENDOR_AND_INTEFACE_INFO()
macro and another one that add a new device id for a Sony Vaio laptop,
one fix for a user-after-free and, finally, two patches from Vinicius
to fix a issue in SMP pairing."Along with those...
Arend van Spriel provides a fix for a use-after-free bug in brcmfmac.
Daniel Drake avoids a hang by not trying to touch the libertas hardware
duing suspend if it is already powered-down.Felix Fietkau provides a batch of ath9k fixes that adress some
potential problems with power settings, as well as a fix to avoid a
potential interrupt storm.Gertjan van Wingerde provides a register-width fix for rt2x00, and
a rt2x00 fix to prevent incorrectly detecting the rfkill status.
He also provides a device ID patch.Hante Meuleman gives us three brcmfmac fixes, one that properly
initializes a command structure, one that fixes a race condition that
could lose usb requests, and one that removes some log spam.Marc Kleine-Budde offers an rt2x00 fix for a voltage setting on some
specific devices.Mohammed Shafi Shajakhan sent an ath9k fix to avoid a crash related to
using timers that aren't allocated when 2 wire bluetooth coexistence
hardware is in use.Sergei Poselenov changes rt2800usb to do some validity checking for
received packets, avoiding crashes on an ARM Soc.Stone Piao gives us an mwifiex fix for an incorrectly set skb length
value for a command buffer.All of these are localized to their specific drivers, and relatively
small. The power-related patches from Felix are bigger than I would
like, but I merged them in consideration of their isolation to ath9k
and the sensitive nature of power settings in wireless devices.
====================Signed-off-by: David S. Miller <davem@davemloft.net>
27 Aug, 2012
3 commits
-
In the case that the link is already in the connected state and a
Pairing request arrives from the mgmt interface, hci_conn_security()
would be called but it was not considering LE links.Reported-by: João Paulo Rechi Vita
Signed-off-by: Vinicius Costa Gomes
Signed-off-by: Gustavo Padovan -
To make it clear that it may be called from contexts that may not have
any knowledge of L2CAP, we change the connection parameter, to receive
a hci_conn.This also makes it clear that it is checking the security of the link.
Signed-off-by: Vinicius Costa Gomes
Signed-off-by: Gustavo Padovan -
This picks up all of the different fixes in Linus's tree that we also need here.
Signed-off-by: Greg Kroah-Hartman
23 Aug, 2012
1 commit
22 Aug, 2012
6 commits
-
Commit 4cd2d98340b4f03d5532c30fdaeb451b035429cb "Bluetooth: Simplify
the connection type handling" broke the creation of ESCO links.This patch adds a type parameter to hci_connect_sco() so it creates
the connection of the right kind.Signed-off-by: Vinicius Costa Gomes
Signed-off-by: Gustavo Padovan -
This patch changes the struct l2cap_chan and associated code to use
kref api for object refcounting and freeing.Suggested-by: Andrei Emeltchenko
Signed-off-by: Jaganath Kanakkassery
Signed-off-by: Syam Sidhardhan
Signed-off-by: Gustavo Padovan -
Earlier we were printing chan->psm before assigning any value.
Signed-off-by: Syam Sidhardhan
Acked-by: Andrei Emeltchenko
Signed-off-by: Gustavo Padovan -
MGMT_EV_DEVICE_DISCONNECTED will now expose the disconnection reason to
userland, distinguishing four possible values:0x00 Reason not known or unspecified
0x01 Connection timeout
0x02 Connection terminated by local host
0x03 Connection terminated by remote hostNote that the local/remote distinction just determines which side
terminated the low-level connection, regardless of the disconnection of
the higher-level profiles.This can sometimes be misleading and thus must be used with care. For
example, some hardware combinations would report a locally initiated
disconnection even if the user turned Bluetooth off in the remote side.Signed-off-by: Mikel Astiz
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan -
Replace the status checks with the short form of the boolean expression.
Signed-off-by: Mikel Astiz
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan -
Use standard bluetooth way to check NULL pointer !var instead of
var == NULL.Signed-off-by: Andrei Emeltchenko
Acked-by: Marcel Holtmann
Signed-off-by: Gustavo Padovan
16 Aug, 2012
5 commits
-
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.Signed-off-by: Mathias Krause
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Signed-off-by: David S. Miller -
The RFCOMM code fails to initialize the trailing padding byte of struct
sockaddr_rc added for alignment. It that for leaks one byte kernel stack
via the getsockname() syscall. Add an explicit memset(0) before filling
the structure to avoid the info leak.Signed-off-by: Mathias Krause
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Signed-off-by: David S. Miller -
The RFCOMM code fails to initialize the two padding bytes of struct
rfcomm_dev_list_req inserted for alignment before copying it to
userland. Additionally there are two padding bytes in each instance of
struct rfcomm_dev_info. The ioctl() that for disclosures two bytes plus
dev_num times two bytes uninitialized kernel heap memory.Allocate the memory using kzalloc() to fix this issue.
Signed-off-by: Mathias Krause
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Signed-off-by: David S. Miller -
The RFCOMM code fails to initialize the key_size member of struct
bt_security before copying it to userland -- that for leaking one
byte kernel stack. Initialize key_size with 0 to avoid the info
leak.Signed-off-by: Mathias Krause
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Signed-off-by: David S. Miller -
The HCI code fails to initialize the hci_channel member of struct
sockaddr_hci and that for leaks two bytes kernel stack via the
getsockname() syscall. Initialize hci_channel with 0 to avoid the
info leak.Signed-off-by: Mathias Krause
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Johan Hedberg
Signed-off-by: David S. Miller
