12 Sep, 2007
1 commit
-
Signed-off-by: David S. Miller
09 Sep, 2007
3 commits
-
On device initialization the event filters are cleared. In case of
clearing the filters the extra condition type shall be omitted.Signed-off-by: Marcel Holtmann
-
This patch updates the HCI security filter with support for the
Bluetooth 2.1 commands and events.Signed-off-by: Marcel Holtmann
-
The timestamp structure needs special handling in case of compat
programs. Use the same wrapping method the network core uses.Signed-off-by: Marcel Holtmann
31 Jul, 2007
5 commits
-
Since nobody uses it after we convert it to host-endian,
no need to do that at all. At that point l2cap is endian-clean.Signed-off-by: Al Viro
Signed-off-by: Marcel Holtmann
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: Marcel Holtmann
Signed-off-by: David S. Miller -
no code changes, just documenting existing types
Signed-off-by: Al Viro
Signed-off-by: Marcel Holtmann
Signed-off-by: David S. Miller -
We loop through psm values, calling __l2cap_get_sock_by_addr(psm, ...)
until we get NULL; then we set ->psm of our socket to htobs(psm).
IOW, we find unused psm value and put it into our socket. So far, so
good, but... __l2cap_get_sock_by_addr() compares its argument with
->psm of sockets. IOW, the entire thing works correctly only on
little-endian. On big-endian we'll get "no socket with such psm"
on the first iteration, since we won't find a socket with ->psm == 0x1001.
We will happily conclude that 0x1001 is unused and slap htobs(0x1001)
(i.e. 0x110) into ->psm of our socket. Of course, the next time around
the same thing will repeat and we'll just get a fsckload of sockets
with the same ->psm assigned.Fix: pass htobs(psm) to __l2cap_get_sock_by_addr() there. All other
callers are already passing little-endian values and all places that
store something in ->psm are storing little-endian.Signed-off-by: Al Viro
Signed-off-by: Marcel Holtmann
Signed-off-by: David S. Miller -
Adrian Bunk wrote:
> Commit 8de0a15483b357d0f0b821330ec84d1660cadc4e added the following
> use-after-free in net/bluetooth/rfcomm/tty.c:
>
>
>
> ...
> static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
> {
> ...
> if (IS_ERR(dev->tty_dev)) {
> list_del(&dev->list);
> kfree(dev);
> return PTR_ERR(dev->tty_dev);
> }
> ...
>
>
>
> Spotted by the Coverity checker.really good catch. I fully overlooked that one. The attached patch
should fix it.Signed-off-by: Marcel Holtmann
Signed-off-by: David S. Miller
19 Jul, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
18 Jul, 2007
1 commit
-
Currently, the freezer treats all tasks as freezable, except for the kernel
threads that explicitly set the PF_NOFREEZE flag for themselves. This
approach is problematic, since it requires every kernel thread to either
set PF_NOFREEZE explicitly, or call try_to_freeze(), even if it doesn't
care for the freezing of tasks at all.It seems better to only require the kernel threads that want to or need to
be frozen to use some freezer-related code and to remove any
freezer-related code from the other (nonfreezable) kernel threads, which is
done in this patch.The patch causes all kernel threads to be nonfreezable by default (ie. to
have PF_NOFREEZE set by default) and introduces the set_freezable()
function that should be called by the freezable kernel threads in order to
unset PF_NOFREEZE. It also makes all of the currently freezable kernel
threads call set_freezable(), so it shouldn't cause any (intentional)
change of behaviour to appear. Additionally, it updates documentation to
describe the freezing of tasks more accurately.[akpm@linux-foundation.org: build fixes]
Signed-off-by: Rafael J. Wysocki
Acked-by: Nigel Cunningham
Cc: Pavel Machek
Cc: Oleg Nesterov
Cc: Gautham R Shenoy
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Jul, 2007
4 commits
-
To better support and handle eSCO links in the future a bunch of
constants needs to be added and some basic routines need to be
updated. This is the initial step.Signed-off-by: Marcel Holtmann
-
This patch changes the RFCOMM TTY release process so that the TTY is kept
on the list until it is really freed. A new device flag is used to keep
track of released TTYs.Signed-off-by: Ville Tervo
Signed-off-by: Marcel Holtmann -
The core problem is that RFCOMM socket layer ioctl can release
rfcomm_dev struct while RFCOMM TTY layer is still actively using
it. Calling tty_vhangup() is needed for a synchronous hangup before
rfcomm_dev is freed.Addresses the oops at http://bugzilla.kernel.org/show_bug.cgi?id=7509
Acked-by: Alan Cox
Signed-off-by: Marcel Holtmann -
Most drivers must handle fragmented HCI data packets and events. This
patch adds a generic function for their reassembly to the Bluetooth
core layer and thus allows to shrink the complexity of the drivers.Signed-off-by: Marcel Holtmann
08 Jul, 2007
1 commit
-
When cleaning up HIDP sessions, we currently close the ACL connection
before deregistering the input device. Closing the ACL connection
schedules a workqueue to remove the associated objects from sysfs, but
the input device still refers to them -- and if the workqueue happens to
run before the input device removal, the kernel will oops when trying to
look up PHYSDEVPATH for the removed input device.Fix this by deregistering the input device before closing the
connections.Signed-off-by: David Woodhouse
Acked-by: Marcel Holtmann
Signed-off-by: Linus Torvalds
24 May, 2007
1 commit
-
The L2CAP configuration parameter handling was missing the support
for rejecting unknown options. The capability to reject unknown
options is mandatory since the Bluetooth 1.2 specification. This
patch implements its and also simplifies the parameter parsing.Signed-off-by: Marcel Holtmann
18 May, 2007
1 commit
-
We presently use lock_sock() to acquire a lock on a socket in
hci_sock_dev_event(), but this goes BUG because lock_sock()
can sleep and we're already holding a read-write spinlock at
that point. So, we must use the non-sleeping BH version,
bh_lock_sock().However, hci_sock_dev_event() is called from user context and
hence using simply bh_lock_sock() will deadlock against a
concurrent softirq that tries to acquire a lock on the same
socket. Hence, disabling BH's before acquiring the socket lock
and enable them afterwards, is the proper solution to fix
socket locking in hci_sock_dev_event().Signed-off-by: Satyam Sharma
Signed-off-by: Marcel Holtmann
Signed-off-by: Jiri Kosina
Signed-off-by: David S. Miller
12 May, 2007
1 commit
-
* 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid:
USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release()
HID: add hooks for getkeycode() and setkeycode() methods
HID: switch to using input_dev->dev.parent
USB HID: Logitech wheel 0x046d/0xc294 needs HID_QUIRK_NOGET quirk
USB HID: usb_buffer_free() cleanup
USB HID: report descriptor of Cypress USB barcode readers needs fixup
Bluetooth HID: HIDP - don't initialize force feedback
USB HID: update CONFIG_USB_HIDINPUT_POWERBOOK description
HID: add input mappings for non-working keys on Logitech S510 remote
11 May, 2007
1 commit
-
In preparation for struct class_device -> struct device input core
conversion, switch to using input_dev->dev.parent when specifying
device position in sysfs tree.Also, do not access input_dev->private directly, use helpers and
do not use kfree() on input device, use input_free_device() instead.Signed-off-by: Dmitry Torokhov
Signed-off-by: Marcel Holtmann
10 May, 2007
1 commit
-
Disable some more menus in the configuration files that are of no
interest to a s390 machine.Signed-off-by: Martin Schwidefsky
09 May, 2007
2 commits
-
The current implementation of force feedback for HID devices is
USB-transport only and therefore calling hid_ff_init() from hidp code is
not going to work (plus it creates unwanted dependency of hidp on usbhid).
Remove the hid_ff_init() until either the hid-ff is made
transport-independent, or at least support for bluetooth transport is
added.Signed-off-by: Jiri Kosina
Signed-off-by: Marcel Holtmann -
Remove includes of where it is not used/needed.
Suggested by Al Viro.Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
08 May, 2007
1 commit
-
More fallout from the removal of "struct subsystem" from the core device
model.Signed-off-by: Linus Torvalds
05 May, 2007
5 commits
-
The RFCOMM specification says that the device closing the last DLC on
a particular session is responsible for closing the multiplexer by
closing the corresponding L2CAP channel.Signed-off-by: Ville Tervo
Signed-off-by: Marcel Holtmann -
If RFCOMM_RELEASE_ONHUP flag is on and rfcomm_release_dev is called
before connection is closed, rfcomm_dev is deleted twice from the
rfcomm_dev_list and refcount is messed up. This patch adds a check
before deleting device that the device actually is listed.Signed-off-by: Ville Tervo
Signed-off-by: Marcel Holtmann -
The kernel provides a new convenient way to access the sockets API for
in-kernel users. It is a good idea to actually use it.Signed-off-by: Marcel Holtmann
-
The Bluetooth host adapters are attached to the Bluetooth class and the
low-level connections are children of these class devices. Having class
devices as parent of bus devices breaks a lot of reasonable assumptions
about sysfs. The host adapters should be attached to the Bluetooth bus
to simplify the dependency resolving. For compatibility an additional
symlink from the Bluetooth class will be used.Signed-off-by: Marcel Holtmann
-
The L2CAP and HCI setsockopt() implementations have a small information
leak that makes it possible to leak kernel stack memory to userspace.If the optlen parameter is 0, no data will be copied by copy_from_user(),
but the uninitialized stack buffer will be read and stored later. A call
to getsockopt() can now retrieve the leaked information.To fix this problem the stack buffer given to copy_from_user() must be
initialized with the current settings.Signed-off-by: Marcel Holtmann
26 Apr, 2007
10 commits
-
Set TASK_INTERRUPTIBLE prior to testing the flag to avoid missed wakeups.
Signed-off-by: Andrew Morton
Acked-by: Marcel Holtmann
Signed-off-by: David S. Miller -
Spring cleaning time...
There seems to be a lot of places in the network code that have
extra bogus semicolons after conditionals. Most commonly is a
bogus semicolon after: switch() { }Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
To clearly state the intent of copying from linear sk_buffs, _offset being a
overly long variant but interesting for the sake of saving some bytes.Signed-off-by: Arnaldo Carvalho de Melo
-
So that it is also an offset from skb->head, reduces its size from 8 to 4 bytes
on 64bit architectures, allowing us to combine the 4 bytes hole left by the
layer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4
64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN...
:-)Many calculations that previously required that skb->{transport,network,
mac}_header be first converted to a pointer now can be done directly, being
meaningful as offsets or pointers.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the places where we need a pointer to the transport header, it is
still legal to touch skb->h.raw directly if just adding to,
subtracting from or setting it to another layer header.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the common, open coded 'skb->h.raw = skb->data' operation, so that we can
later turn skb->h.raw into a offset, reducing the size of struct sk_buff in
64bit land while possibly keeping it as a pointer on 32bit.This one touches just the most simple cases:
skb->h.raw = skb->data;
skb->h.raw = {skb_push|[__]skb_pull}()The next ones will handle the slightly more "complex" cases.
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the places where we need a pointer to the mac header, it is still legal to
touch skb->mac.raw directly if just adding to, subtracting from or setting it
to another layer header.This one also converts some more cases to skb_reset_mac_header() that my
regex missed as it had no spaces before nor after '=', ugh.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
For the common, open coded 'skb->mac.raw = skb->data' operation, so that we can
later turn skb->mac.raw into a offset, reducing the size of struct sk_buff in
64bit land while possibly keeping it as a pointer on 32bit.This one touches just the most simple case, next will handle the slightly more
"complex" cases.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
One less thing for drivers writers to worry about.
Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
29 Mar, 2007
1 commit
-
I have a bugreport that scrollwheel of bluetooth version of apple
mightymouse doesn't work. The USB version of mightymouse works, as there
is a quirk for handling scrollwheel in hid/usbhid for it.Now that bluetooth git tree is hooked to generic hid layer, it could easily
use the quirks which are already present in generic hid parser, hid-input,
etc.Below is a simple patch against bluetooth git tree, which adds quirk
handling to current bluetooth hidp code, and sets quirk flags for device
0x05ac/0x030c, which is the bluetooth version of the apple mightymouse.Signed-off-by: Jiri Kosina
Signed-off-by: Marcel Holtmann
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds