Eric Lee / smarc-fsl-linux-kernel

01 Aug, 2020

1 commit

  • 4bb540dbe   Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/blu… ... Browse Code »

    …etooth/bluetooth-next

    Johan Hedberg says:

    ====================
    pull request: bluetooth-next 2020-07-31

    Here's the main bluetooth-next pull request for 5.9:

    - Fix firmware filenames for Marvell chipsets
    - Several suspend-related fixes
    - Addedd mgmt commands for runtime configuration
    - Multiple fixes for Qualcomm-based controllers
    - Add new monitoring feature for mgmt
    - Fix handling of legacy cipher (E4) together with security level 4
    - Add support for Realtek 8822CE controller
    - Fix issues with Chinese controllers using fake VID/PID values
    - Multiple other smaller fixes & improvements
    ====================

    Signed-off-by: David S. Miller <davem@davemloft.net>

    David S. Miller
     

25 Jul, 2020

1 commit

  • a7b75c5a8   net: pass a sockptr_t into ->setsockopt ... Browse Code »

    Rework the remaining setsockopt code to pass a sockptr_t instead of a
    plain user pointer. This removes the last remaining set_fs(KERNEL_DS)
    outside of architecture specific code.

    Signed-off-by: Christoph Hellwig
    Acked-by: Stefan Schmidt [ieee802154]
    Acked-by: Matthieu Baerts
    Signed-off-by: David S. Miller

    Christoph Hellwig
     

11 Jul, 2020

1 commit

  • 19186c7b4   Bluetooth: core: Use fallthrough pseudo-keyword ... Browse Code »

    Replace the existing /* fall through */ comments and its variants with
    the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
    fall-through markings when it is the case.

    [1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through

    Signed-off-by: Gustavo A. R. Silva
    Signed-off-by: Marcel Holtmann

    Gustavo A. R. Silva
     

12 Jun, 2020

1 commit

11 May, 2020

1 commit

26 Jan, 2020

1 commit

  • 11eb85ec4   Bluetooth: Fix race condition in hci_release_sock() ... Browse Code »

    Syzbot managed to trigger a use after free "KASAN: use-after-free Write
    in hci_sock_bind". I have reviewed the code manually and one possibly
    cause I have found is that we are not holding lock_sock(sk) when we do
    the hci_dev_put(hdev) in hci_sock_release(). My theory is that the bind
    and the release are racing against each other which results in this use
    after free.

    Reported-by: syzbot+eba992608adf3d796bcc@syzkaller.appspotmail.com
    Signed-off-by: Dan Carpenter
    Signed-off-by: Johan Hedberg

    Dan Carpenter
     

25 Jan, 2020

1 commit

16 Jan, 2020

1 commit

23 Oct, 2019

1 commit

  • 7a6038b30   compat_ioctl: move hci_sock handlers into driver ... Browse Code »

    All these ioctl commands are compatible, so we can handle
    them with a trivial wrapper in hci_sock.c and remove
    the listing in fs/compat_ioctl.c.

    A few of the commands pass integer arguments instead of
    pointers, so for correctness skip the compat_ptr() conversion
    here.

    Acked-by: Marcel Holtmann
    Signed-off-by: Arnd Bergmann

    Arnd Bergmann
     

25 Feb, 2019

1 commit

  • e8b47b53a   Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/blu… ... Browse Code »

    …etooth/bluetooth-next

    Johan Hedberg says:

    ====================
    Here's the main bluetooth-next pull request for the 5.1 kernel.

    - Fixes & improvements to mediatek, hci_qca, btrtl, and btmrvl HCI drivers
    - Fixes to parsing invalid L2CAP config option sizes
    - Locking fix to bt_accept_enqueue()
    - Add support for new Marvel sd8977 chipset
    - Various other smaller fixes & cleanups
    ====================

    Signed-off-by: David S. Miller <davem@davemloft.net>

    David S. Miller
     

04 Feb, 2019

2 commits

  • e20a2e9c4   Bluetooth: Fix decrementing reference count twice in releasing socket ... Browse Code »

    When releasing socket, it is possible to enter hci_sock_release() and
    hci_sock_dev_event(HCI_DEV_UNREG) at the same time in different thread.
    The reference count of hdev should be decremented only once from one of
    them but if storing hdev to local variable in hci_sock_release() before
    detached from socket and setting to NULL in hci_sock_dev_event(),
    hci_dev_put(hdev) is unexpectedly called twice. This is resolved by
    referencing hdev from socket after bt_sock_unlink() in
    hci_sock_release().

    Reported-by: syzbot+fdc00003f4efff43bc5b@syzkaller.appspotmail.com
    Signed-off-by: Myungho Jung
    Signed-off-by: Marcel Holtmann

    Myungho Jung
     
  • 13c6ee2a9   socket: Use old_timeval types for socket timestamps ... Browse Code »

    As part of y2038 solution, all internal uses of
    struct timeval are replaced by struct __kernel_old_timeval
    and struct compat_timeval by struct old_timeval32.
    Make socket timestamps use these new types.

    This is mainly to be able to verify that the kernel build
    is y2038 safe when such non y2038 safe types are not
    supported anymore.

    Signed-off-by: Deepa Dinamani
    Acked-by: Willem de Bruijn
    Cc: isdn@linux-pingi.de
    Signed-off-by: David S. Miller

    Deepa Dinamani
     

29 Jun, 2018

1 commit

  • a11e1d432   Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL ... Browse Code »

    The poll() changes were not well thought out, and completely
    unexplained. They also caused a huge performance regression, because
    "->poll()" was no longer a trivial file operation that just called down
    to the underlying file operations, but instead did at least two indirect
    calls.

    Indirect calls are sadly slow now with the Spectre mitigation, but the
    performance problem could at least be largely mitigated by changing the
    "->get_poll_head()" operation to just have a per-file-descriptor pointer
    to the poll head instead. That gets rid of one of the new indirections.

    But that doesn't fix the new complexity that is completely unwarranted
    for the regular case. The (undocumented) reason for the poll() changes
    was some alleged AIO poll race fixing, but we don't make the common case
    slower and more complex for some uncommon special case, so this all
    really needs way more explanations and most likely a fundamental
    redesign.

    [ This revert is a revert of about 30 different commits, not reverted
    individually because that would just be unnecessarily messy - Linus ]

    Cc: Al Viro
    Cc: Christoph Hellwig
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

26 May, 2018

1 commit

13 Feb, 2018

1 commit

  • 9b2c45d47   net: make getname() functions return length rather than use int* parameter ... Browse Code »

    Changes since v1:
    Added changes in these files:
    drivers/infiniband/hw/usnic/usnic_transport.c
    drivers/staging/lustre/lnet/lnet/lib-socket.c
    drivers/target/iscsi/iscsi_target_login.c
    drivers/vhost/net.c
    fs/dlm/lowcomms.c
    fs/ocfs2/cluster/tcp.c
    security/tomoyo/network.c

    Before:
    All these functions either return a negative error indicator,
    or store length of sockaddr into "int *socklen" parameter
    and return zero on success.

    "int *socklen" parameter is awkward. For example, if caller does not
    care, it still needs to provide on-stack storage for the value
    it does not need.

    None of the many FOO_getname() functions of various protocols
    ever used old value of *socklen. They always just overwrite it.

    This change drops this parameter, and makes all these functions, on success,
    return length of sockaddr. It's always >= 0 and can be differentiated
    from an error.

    Tests in callers are changed from "if (err)" to "if (err < 0)", where needed.

    rpc_sockname() lost "int buflen" parameter, since its only use was
    to be passed to kernel_getsockname() as &buflen and subsequently
    not used in any way.

    Userspace API is not changed.

    text data bss dec hex filename
    30108430 2633624 873672 33615726 200ef6e vmlinux.before.o
    30108109 2633612 873672 33615393 200ee21 vmlinux.o

    Signed-off-by: Denys Vlasenko
    CC: David S. Miller
    CC: linux-kernel@vger.kernel.org
    CC: netdev@vger.kernel.org
    CC: linux-bluetooth@vger.kernel.org
    CC: linux-decnet-user@lists.sourceforge.net
    CC: linux-wireless@vger.kernel.org
    CC: linux-rdma@vger.kernel.org
    CC: linux-sctp@vger.kernel.org
    CC: linux-nfs@vger.kernel.org
    CC: linux-x25@vger.kernel.org
    Signed-off-by: David S. Miller

    Denys Vlasenko
     

30 Oct, 2017

1 commit

  • a9ee77af7   Bluetooth: avoid recursive locking in hci_send_to_channel() ... Browse Code »

    Mart reported a deadlock in -RT in the call path:
    hci_send_monitor_ctrl_event() -> hci_send_to_channel()

    because both functions acquire the same read lock hci_sk_list.lock. This
    is also a mainline issue because the qrwlock implementation is writer
    fair (the traditional rwlock implementation is reader biased).

    To avoid the deadlock there is now __hci_send_to_channel() which expects
    the readlock to be held.

    Fixes: 38ceaa00d02d ("Bluetooth: Add support for sending MGMT commands and events to monitor")
    Reported-by: Mart van de Wege
    Signed-off-by: Sebastian Andrzej Siewior
    Signed-off-by: Marcel Holtmann

    Sebastian Andrzej Siewior
     

29 Sep, 2017

1 commit

  • e49aa15ef   Revert "Bluetooth: Add option for disabling legacy ioctl interfaces" ... Browse Code »

    This reverts commit dbbccdc4ced015cdd4051299bd87fbe0254ad351.

    It turns out that the "legacy" users aren't so legacy at all, and that
    turning off the legacy ioctl will break the current Qt bluetooth stack
    for bluetooth LE devices that were released just a couple of months ago.

    So it's simply not true that this was a legacy interface that hasn't
    been needed and is only limited to old legacy BT devices. Because I
    actually read Kconfig help messages, and actively try to turn off
    features that I don't need, I turned the option off.

    Then I spent _way_ too much time debugging BLE issues until I realized
    that it wasn't the Qt and subsurface development that had broken one of
    my dive computer BLE downloads, but simply my broken kernel config.

    Maybe in a decade it will be true that this is a legacy interface. And
    maybe with a better help-text and correct dependencies, this kind of
    legacy removal might be acceptable. But as things are right now both
    the commit message and the Kconfig help text were misleading, and the
    Kconfig option had the wrong dependenencies.

    There's no reason to keep that broken Kconfig option in the tree.

    Cc: Marcel Holtmann
    Cc: Johan Hedberg
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

31 Aug, 2017

1 commit

16 Jun, 2017

4 commits

  • 634fef610   networking: add and use skb_put_u8() ... Browse Code »

    Joe and Bjørn suggested that it'd be nicer to not have the
    cast in the fairly common case of doing
    *(u8 *)skb_put(skb, 1) = c;

    Add skb_put_u8() for this case, and use it across the code,
    using the following spatch:

    @@
    expression SKB, C, S;
    typedef u8;
    identifier fn = {skb_put};
    fresh identifier fn2 = fn ## "_u8";
    @@
    - *(u8 *)fn(SKB, S) = C;
    + fn2(SKB, C);

    Note that due to the "S", the spatch isn't perfect, it should
    have checked that S is 1, but there's also places that use a
    sizeof expression like sizeof(var) or sizeof(u8) etc. Turns
    out that nobody ever did something like
    *(u8 *)skb_put(skb, 2) = c;

    which would be wrong anyway since the second byte wouldn't be
    initialized.

    Suggested-by: Joe Perches
    Suggested-by: Bjørn Mork
    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • d58ff3512   networking: make skb_push & __skb_push return void pointers ... Browse Code »

    It seems like a historic accident that these return unsigned char *,
    and in many places that means casts are required, more often than not.

    Make these functions return void * and remove all the casts across
    the tree, adding a (u8 *) cast only where the unsigned char pointer
    was used directly, all done with the following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

    @@
    expression SKB, LEN;
    identifier fn = { skb_push, __skb_push, skb_push_rcsum };
    @@
    - fn(SKB, LEN)[0]
    + *(u8 *)fn(SKB, LEN)

    Note that the last part there converts from push(...)[0] to the
    more idiomatic *(u8 *)push(...).

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • 4df864c1d   networking: make skb_put & friends return void pointers ... Browse Code »

    It seems like a historic accident that these return unsigned char *,
    and in many places that means casts are required, more often than not.

    Make these functions (skb_put, __skb_put and pskb_put) return void *
    and remove all the casts across the tree, adding a (u8 *) cast only
    where the unsigned char pointer was used directly, all done with the
    following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_put, __skb_put };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_put, __skb_put };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

    which actually doesn't cover pskb_put since there are only three
    users overall.

    A handful of stragglers were converted manually, notably a macro in
    drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
    instances in net/bluetooth/hci_sock.c. In the former file, I also
    had to fix one whitespace problem spatch introduced.

    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     
  • 59ae1d127   networking: introduce and use skb_put_data() ... Browse Code »

    A common pattern with skb_put() is to just want to memcpy()
    some data into the new space, introduce skb_put_data() for
    this.

    An spatch similar to the one for skb_put_zero() converts many
    of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

    (again, manually post-processed to retain some comments)

    Reviewed-by: Stephen Hemminger
    Signed-off-by: Johannes Berg
    Signed-off-by: David S. Miller

    Johannes Berg
     

30 Apr, 2017

1 commit

  • ab89f0bdd   Bluetooth: Fix user channel for 32bit userspace on 64bit kernel ... Browse Code »

    Running 32bit userspace on 64bit kernel results in MSG_CMSG_COMPAT being
    defined as 0x80000000. This results in sendmsg failure if used from 32bit
    userspace running on 64bit kernel. Fix this by accounting for MSG_CMSG_COMPAT
    in flags check in hci_sock_sendmsg.

    Signed-off-by: Szymon Janc
    Signed-off-by: Marko Kiiskila
    Signed-off-by: Marcel Holtmann
    Cc: stable@vger.kernel.org

    Szymon Janc
     

28 Feb, 2017

1 commit

  • 9332ef9db   scripts/spelling.txt: add "an user" pattern and fix typo instances ... Browse Code »

    Fix typos and add the following to the scripts/spelling.txt:

    an user||a user
    an userspace||a userspace

    I also added "userspace" to the list since it is a common word in Linux.
    I found some instances for "an userfaultfd", but I did not add it to the
    list. I felt it is endless to find words that start with "user" such as
    "userland" etc., so must draw a line somewhere.

    Link: http://lkml.kernel.org/r/1481573103-11329-4-git-send-email-yamada.masahiro@socionext.com
    Signed-off-by: Masahiro Yamada
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Masahiro Yamada
     

20 Sep, 2016

13 commits

26 Aug, 2016

1 commit

10 Jul, 2016

1 commit

  • ca8bee5dd   Bluetooth: Rename HCI_BREDR into HCI_PRIMARY ... Browse Code »

    The HCI_BREDR naming is confusing since it actually stands for Primary
    Bluetooth Controller. Which is a term that has been used in the latest
    standard. However from a legacy point of view there only really have
    been Basic Rate (BR) and Enhanced Data Rate (EDR). Recent versions of
    Bluetooth introduced Low Energy (LE) and made this terminology a little
    bit confused since Dual Mode Controllers include BR/EDR and LE. To
    simplify this the name HCI_PRIMARY stands for the Primary Controller
    which can be a single mode or dual mode controller.

    Signed-off-by: Marcel Holtmann
    Signed-off-by: Johan Hedberg

    Marcel Holtmann
     

08 Jul, 2016

1 commit

  • 83871f8cc   Bluetooth: Fix hci_sock_recvmsg return value ... Browse Code »

    If recvmsg is called with a destination buffer that is too small to
    receive the contents of skb in its entirety, the return value from
    recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM
    semantics.

    If destination buffer provided by userspace is too small (e.g. len <
    copied), then MSG_TRUNC flag is set and copied is returned. Instead, it
    should return the length of the message, which is consistent with how
    other datagram based sockets act. Quoting 'man recv':

    "All three calls return the length of the message on successful comple‐
    tion. If a message is too long to fit in the supplied buffer, excess
    bytes may be discarded depending on the type of socket the message is
    received from."

    and

    "MSG_TRUNC (since Linux 2.2)

    For raw (AF_PACKET), Internet datagram (since Linux
    2.4.27/2.6.8), netlink (since Linux 2.6.22), and UNIX datagram
    (since Linux 3.4) sockets: return the real length of the packet
    or datagram, even when it was longer than the passed buffer."

    Signed-off-by: Denis Kenzior
    Signed-off-by: Marcel Holtmann

    Denis Kenzior