- 25 Apr, 2023 14 commits
-
-
Gerhard Engleder authored
Move queue enable and disable code to separate functions. This way the activation and deactivation of the queues are defined actions, which can be used in future execution paths. This functions will be used for the queue reconfiguration at runtime, which is necessary for XSK zero-copy support. Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com> Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Gerhard Engleder authored
Make initialization of TX and RX queues less dynamic by moving some initialization from netdev open/close to device probing. Additionally, move some initialization code to separate functions to enable future use in other execution paths. This is done as preparation for queue reconfigure at runtime, which is necessary for XSK zero-copy support. Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com> Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Gerhard Engleder authored
TX/RX ring size is static and power of 2 to enable compiler to optimize modulo operation to mask operation. Make this optimization already in the code and don't rely on the compiler. CPU utilisation during high packet rate has not changed. So no performance improvement has been measured. But it is best practice to prevent modulo operations. Suggested-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com> Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com> Reviewed-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Alexander Stein authored
Up to 4 LEDs can be attached to the PHY, add support for setting brightness manually. Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://lore.kernel.org/r/20230424134625.303957-1-alexander.stein@ew.tq-group.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Alexander Stein authored
'reg' is always encoded in 32 bits, thus it has to be read using the function with the corresponding bit width. Fixes: 01e5b728 ("net: phy: Add a binding for PHY LEDs") Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Link: https://lore.kernel.org/r/20230424141648.317944-1-alexander.stein@ew.tq-group.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jianuo Kuang authored
Smatch complains that: nfcsim_debugfs_init_dev() warn: 'dev_dir' is an error pointer or valid According to the documentation of the debugfs_create_dir() function, there is no need to check the return value of this function. Just delete the dead code. Signed-off-by: Jianuo Kuang <u202110722@hust.edu.cn> Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20230424024140.34607-1-u202110722@hust.edu.cnSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
wuych authored
Pointer variables of void * type do not require type cast. Signed-off-by: wuych <yunchuan@nfschina.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://lore.kernel.org/r/20230424101550.664319-1-yunchuan@nfschina.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
SET_COALESCE may change operation mode and parameters in one call. Changing operation mode may cause the driver to reset the parameter values to what is a reasonable default for new operation mode. Since driver does not know which parameters come from user and which are echoed back from ->get, driver may ignore the parameters when switching operation modes. This used to be inevitable for ioctl() but in netlink we know which parameters are actually specified by the user. We could inform which parameters were set by the user but this would lead to a lot of code duplication in the drivers. Instead try to call the drivers twice if both mode and params are changed. The set method already checks if any params need updating so in case the driver did the right thing the first time around - there will be no second call to it's ->set method (only an extra call to ->get()). For mlx5 for example before this patch we'd see: # ethtool -C eth0 adaptive-rx on adaptive-tx on # ethtool -C eth0 adaptive-rx off adaptive-tx off \ tx-usecs 123 rx-usecs 123 Adaptive RX: off TX: off rx-usecs: 3 rx-frames: 32 tx-usecs: 16 tx-frames: 32 [...] After the change: # ethtool -C eth0 adaptive-rx on adaptive-tx on # ethtool -C eth0 adaptive-rx off adaptive-tx off \ tx-usecs 123 rx-usecs 123 Adaptive RX: off TX: off rx-usecs: 123 rx-frames: 32 tx-usecs: 123 tx-frames: 32 [...] This only works for netlink, so it's a small discrepancy between netlink and ioctl(). Since we anticipate most users to move to netlink I believe it's worth making their lives easier. Link: https://lore.kernel.org/r/20230420233302.944382-1-kuba@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Haiyang Zhang says: ==================== Update coding style and check alloc_frag Follow up patches for the jumbo frame support. As suggested by Jakub Kicinski, update coding style, and check napi_alloc_frag for possible fallback to single pages. ==================== Link: https://lore.kernel.org/r/1682096818-30056-1-git-send-email-haiyangz@microsoft.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Haiyang Zhang authored
netdev/napi_alloc_frag() may fall back to single page which is smaller than the requested size. Add error checking to avoid memory overwritten. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Haiyang Zhang authored
Rename mana_refill_rxoob for naming consistency. And remove some empty lines between function call and error checking. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Lorenzo Bianconi says: ==================== add page_pool support for page recycling in veth driver Introduce page_pool support in veth driver in order to recycle pages in veth_convert_skb_to_xdp_buff routine and avoid reallocating the skb through the page allocator when we run a xdp program on the device and we receive skbs from the stack. ==================== Link: https://lore.kernel.org/r/cover.1682188837.git.lorenzo@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Lorenzo Bianconi authored
Introduce page_pool stats support to report info about local page_pool through ethtool Tested-by: Maryam Tahhan <mtahhan@redhat.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Lorenzo Bianconi authored
Introduce page_pool support in veth driver in order to recycle pages in veth_convert_skb_to_xdp_buff routine and avoid reallocating the skb through the page allocator. The patch has been tested sending tcp traffic to a veth pair where the remote peer is running a simple xdp program just returning xdp_pass: veth upstream codebase: MTU 1500B: ~ 8Gbps MTU 8000B: ~ 13.9Gbps veth upstream codebase + pp support: MTU 1500B: ~ 9.2Gbps MTU 8000B: ~ 16.2Gbps Tested-by: Maryam Tahhan <mtahhan@redhat.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 24 Apr, 2023 26 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextJakub Kicinski authored
Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next 1) Reduce jumpstack footprint: Stash chain in last rule marker in blob for tracing. Remove last rule and chain from jumpstack. From Florian Westphal. 2) nf_tables validates all tables before committing the new rules. Unfortunately, this has two drawbacks: - Since addition of the transaction mutex pernet state gets written to outside of the locked section from the cleanup callback, this is wrong so do this cleanup directly after table has passed all checks. - Revalidate tables that saw no changes. This can be avoided by keeping the validation state per table, not per netns. From Florian Westphal. 3) Get rid of a few redundant pointers in the traceinfo structure. The three removed pointers are used in the expression evaluation loop, so gcc keeps them in registers. Passing them to the (inlined) helpers thus doesn't increase nft_do_chain text size, while stack is reduced by another 24 bytes on 64bit arches. From Florian Westphal. 4) IPVS cleanups in several ways without implementing any functional changes, aside from removing some debugging output: - Update width of source for ip_vs_sync_conn_options The operation is safe, use an annotation to describe it properly. - Consistently use array_size() in ip_vs_conn_init() It seems better to use helpers consistently. - Remove {Enter,Leave}Function. These seem to be well past their use-by date. - Correct spelling in comments. From Simon Horman. 5) Extended netlink error report for netdevice in flowtables and netdev/chains. Allow for incrementally add/delete devices to netdev basechain. Allow to create netdev chain without device. * tag 'nf-next-23-04-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next: netfilter: nf_tables: allow to create netdev chain without device netfilter: nf_tables: support for deleting devices in an existing netdev chain netfilter: nf_tables: support for adding new devices to an existing netdev chain netfilter: nf_tables: rename function to destroy hook list netfilter: nf_tables: do not send complete notification of deletions netfilter: nf_tables: extended netlink error reporting for netdevice ipvs: Correct spelling in comments ipvs: Remove {Enter,Leave}Function ipvs: Consistently use array_size() in ip_vs_conn_init() ipvs: Update width of source for ip_vs_sync_conn_options netfilter: nf_tables: do not store rule in traceinfo structure netfilter: nf_tables: do not store verdict in traceinfo structure netfilter: nf_tables: do not store pktinfo in traceinfo structure netfilter: nf_tables: remove unneeded conditional netfilter: nf_tables: make validation state per table netfilter: nf_tables: don't write table validation state without mutex netfilter: nf_tables: don't store chain address on jump netfilter: nf_tables: don't store address of last rule on jump netfilter: nf_tables: merge nft_rules_old structure and end of ruleblob marker ==================== Link: https://lore.kernel.org/r/20230421235021.216950-1-pablo@netfilter.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
David S. Miller authored
Merge tag 'for-net-next-2023-04-23' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next bluetooth-next pull request for net-next: - Introduce devcoredump support - Add support for Realtek RTL8821CS, RTL8851B, RTL8852BS - Add support for Mediatek MT7663, MT7922 - Add support for NXP w8997 - Add support for Actions Semi ATS2851 - Add support for QTI WCN6855 - Add support for Marvell 88W8997
-
Luiz Augusto von Dentz authored
This makes sure hci_cmd_sync_queue only queue new work if HCI_RUNNING has been set otherwise there is a risk of commands being sent while turning off. Because hci_cmd_sync_queue can no longer queue work while HCI_RUNNING is not set it cannot be used to power on adapters so instead hci_cmd_sync_submit is introduced which bypass the HCI_RUNNING check, so it behaves like the old implementation. Link: https://lore.kernel.org/all/CAB4PzUpDMvdc8j2MdeSAy1KkAE-D3woprCwAdYWeOc-3v3c9Sw@mail.gmail.com/Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Tim Jiang authored
WCN6855 will report memdump via ACL data or HCI event when it get crashed, so we collect memdump to debug firmware. Signed-off-by: Tim Jiang <quic_tjiang@quicinc.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Neeraj Sanjay Kale authored
This enables flow control before checking for bootloader signature and deciding whether FW download is needed or not. In case of V1 bootloader chips w8987 and w8997, it is observed that if WLAN FW is downloaded first and power save is enabled in wlan core, bootloader signatures are not emitted by the BT core when the chip is put to sleep. As a result, the driver skips FW download and subsequent HCI commands get timeout errors in dmesg as shown below: [ 112.898867] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 114.914865] Bluetooth: hci0: Setting baudrate failed (-110) [ 116.930856] Bluetooth: hci0: Setting wake-up method failed (-110) By enabling the flow control, the host enables its RTS pin, and an interrupt in chip's UART peripheral causes the bootloader to wake up, enabling the bootloader signatures, which then helps in downloading the bluetooth FW file. This changes all instances of 0/1 for serdev_device_set_flow_control() to false/true. Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Archie Pusaka authored
Some of the sync commands might take a long time to complete, e.g. LE Create Connection when the peer device isn't responding might take 20 seconds before it times out. If suspend command is issued during this time, it will need to wait for completion since both commands are using the same sync lock. This patch cancel any running sync commands before attempting to suspend or adapter power off. Signed-off-by: Archie Pusaka <apusaka@chromium.org> Reviewed-by: Ying Hsu <yinghsu@chromium.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Max Chou authored
Add the support for RTL8851B BT controller on USB interface. The necessary firmware will be submitted to linux-firmware project. Note that the Bluetooth devices WITH the VID=0x0bda would be set the feature quirk in btrtl_setup_realtek(). It's able to ignore the feature flag set for the specific VID and PID in blacklist_table[] of btusb.c. (check [1]) If Realtek Bluetooth chips WITHOUT the VID=0x0bda, it shall be added the feature flag for the specific VID and PID in blacklist_table[] of btusb.c. (check [2]) [1] '9ab9235f ("Bluetooth: btrtl: Enable WBS for the specific Realtek devices")' [2] '73280f13 ("Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE")' The device info from /sys/kernel/debug/usb/devices as below. T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 33 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=b851 Rev= 0.00 S: Manufacturer=Realtek S: Product=802.11ax WLAN Adapter S: SerialNumber=00E04C885A01 C:* #Ifs= 3 Cfg#= 1 Atr=80 MxPwr=500mA A: FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=01 I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 8 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=0b(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=0c(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: Max Chou <max.chou@realtek.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Luiz Augusto von Dentz authored
This fixes the following sparse warnings: drivers/bluetooth/btnxpuart.c:681:23: sparse: sparse: restricted __le16 degrades to integer drivers/bluetooth/btnxpuart.c:690:82: sparse: sparse: incorrect type in argument 2 (different base types) @@ expected unsigned short [usertype] req_len @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:690:82: sparse: expected unsigned short [usertype] req_len drivers/bluetooth/btnxpuart.c:690:82: sparse: got restricted __le16 [usertype] len drivers/bluetooth/btnxpuart.c:694:84: sparse: sparse: incorrect type in argument 2 (different base types) @@ expected unsigned short [usertype] req_len @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:694:84: sparse: expected unsigned short [usertype] req_len drivers/bluetooth/btnxpuart.c:694:84: sparse: got restricted __le16 [usertype] len drivers/bluetooth/btnxpuart.c:708:23: sparse: sparse: incorrect type in assignment (different base types) @@ expected unsigned int [usertype] requested_len @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:708:23: sparse: expected unsigned int [usertype] requested_len drivers/bluetooth/btnxpuart.c:708:23: sparse: got restricted __le16 [usertype] len drivers/bluetooth/btnxpuart.c:787:78: sparse: sparse: incorrect type in argument 2 (different base types) @@ expected unsigned short [usertype] chipid @@ got restricted __le16 [usertype] chip_id @@ drivers/bluetooth/btnxpuart.c:787:78: sparse: expected unsigned short [usertype] chipid drivers/bluetooth/btnxpuart.c:787:78: sparse: got restricted __le16 [usertype] chip_id drivers/bluetooth/btnxpuart.c:810:74: sparse: sparse: incorrect type in argument 2 (different base types) @@ expected unsigned short [usertype] req_len @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:810:74: sparse: expected unsigned short [usertype] req_len drivers/bluetooth/btnxpuart.c:810:74: sparse: got restricted __le16 [usertype] len drivers/bluetooth/btnxpuart.c:815:76: sparse: sparse: incorrect type in argument 2 (different base types) @@ expected unsigned short [usertype] req_len @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:815:76: sparse: expected unsigned short [usertype] req_len drivers/bluetooth/btnxpuart.c:815:76: sparse: got restricted __le16 [usertype] len drivers/bluetooth/btnxpuart.c:834:16: sparse: sparse: restricted __le32 degrades to integer drivers/bluetooth/btnxpuart.c:843:55: sparse: sparse: restricted __le32 degrades to integer drivers/bluetooth/btnxpuart.c:844:36: sparse: sparse: incorrect type in argument 3 (different base types) @@ expected unsigned long [usertype] @@ got restricted __le16 [usertype] len @@ drivers/bluetooth/btnxpuart.c:844:36: sparse: expected unsigned long [usertype] drivers/bluetooth/btnxpuart.c:844:36: sparse: got restricted __le16 [usertype] len Reported-by: kernel test robot <lkp@intel.com> Link: https://lore.kernel.org/oe-kbuild-all/202304160736.Tsa0zTBU-lkp@intel.com/Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Max Chou authored
Realtek changed the format of the firmware file as v2. The driver should implement the patch to extract the firmware data from the firmware file. The future chips must apply this patch for firmware loading. This patch is compatible with the both previous format and v2 as well. Signed-off-by: Allen Chen <allen_chen@realsil.com.cn> Signed-off-by: Alex Lu <alex_lu@realsil.com.cn> Tested-by: Hilda Wu <hildawu@realtek.com> Signed-off-by: Max Chou <max.chou@realtek.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Zijun Hu authored
API hci_devcd_init() stores its u32 type parameter @dump_size into skb, but it does not specify which byte order is used to store the integer, let us take little endian to store and parse the integer. Fixes: f5cc609d09d4 ("Bluetooth: Add support for hci devcoredump") Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Ruihan Li authored
Previously, capability was checked using capable(), which verified that the caller of the ioctl system call had the required capability. In addition, the result of the check would be stored in the HCI_SOCK_TRUSTED flag, making it persistent for the socket. However, malicious programs can abuse this approach by deliberately sharing an HCI socket with a privileged task. The HCI socket will be marked as trusted when the privileged task occasionally makes an ioctl call. This problem can be solved by using sk_capable() to check capability, which ensures that not only the current task but also the socket opener has the specified capability, thus reducing the risk of privilege escalation through the previously identified vulnerability. Cc: stable@vger.kernel.org Fixes: f81f5b2d ("Bluetooth: Send control open and close messages for HCI raw sockets") Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Min Li authored
conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered. Reported-by: syzbot+9519d6b5b79cf7787cf3@syzkaller.appspotmail.com Link: https://lore.kernel.org/all/000000000000894f5f05f95e9f4d@google.com/Signed-off-by: Min Li <lm0963hack@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Ruihan Li authored
Previously, channel open messages were always sent to monitors on the first ioctl() call for unbound HCI sockets, even if the command and arguments were completely invalid. This can leave an exploitable hole with the abuse of invalid ioctl calls. This commit hardens the ioctl processing logic by first checking if the command is valid, and immediately returning with an ENOIOCTLCMD error code if it is not. This ensures that ioctl calls with invalid commands are free of side effects, and increases the difficulty of further exploitation by forcing exploitation to find a way to pass a valid command first. Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn> Co-developed-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Liu Jian authored
This reverts commit 1e9ac114. This patch introduces a possible null-ptr-def problem. Revert it. And the fixed bug by this patch have resolved by commit 73f7b171 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition"). Fixes: 1e9ac114 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work") Signed-off-by: Liu Jian <liujian56@huawei.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Raul Cheleguini authored
The ATS2851 based controller advertises support for command "LE Set Random Private Address Timeout" but does not actually implement it, impeding the controller initialization. Add the quirk HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT to unblock the controller initialization. < HCI Command: LE Set Resolvable Private... (0x08|0x002e) plen 2 Timeout: 900 seconds > HCI Event: Command Status (0x0f) plen 4 LE Set Resolvable Private Address Timeout (0x08|0x002e) ncmd 1 Status: Unknown HCI Command (0x01) Co-developed-by: imoc <wzj9912@gmail.com> Signed-off-by: imoc <wzj9912@gmail.com> Signed-off-by: Raul Cheleguini <raul.cheleguini@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Luiz Augusto von Dentz authored
When submitting HCI_OP_LE_CREATE_CIS the code shall wait for HCI_EVT_LE_CIS_ESTABLISHED thus enforcing the serialization of HCI_OP_LE_CREATE_CIS as the Core spec does not allow to send them in parallel: BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 2566: If the Host issues this command before all the HCI_LE_CIS_Established events from the previous use of the command have been generated, the Controller shall return the error code Command Disallowed (0x0C). Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Luiz Augusto von Dentz authored
This fixes only matching CIS by address which prevents creating new hcon if upper layer is requesting a specific CIS ID. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Luiz Augusto von Dentz authored
Since it is required for some configurations to have multiple CIS with the same peer which is now covered by iso-tester in the following test cases: ISO AC 6(i) - Success ISO AC 7(i) - Success ISO AC 8(i) - Success ISO AC 9(i) - Success ISO AC 11(i) - Success Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Dan Carpenter authored
There are a number of bugs here: 1) If "count" is less than sizeof(dump_data.data) then it copies uninitialized data. 2) If simple_write_to_buffer() returns -EFAULT then we run into a problem "ret < count" comparison. "count" is an unsigned long so the comparison is type promoted to unsigned long and the negative returns become high positive values. That also results in copying uninitialized data. 3) If "*ppos" is non-zero then the first part of the dump_data buffer is uninitialized. Using copy_from_user() instead of simple_write_to_buffer() is more appropriate here. Fixes: d5d5df6da0aa ("Bluetooth: Add vhci devcoredump support") Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Steev Klimaszewski authored
The driver can be compile tested with !CONFIG_OF making certain data unused. Signed-off-by: Steev Klimaszewski <steev@kali.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Iulia Tanasescu authored
Remove extra line setting the broadcast code parameter of the hci_cp_le_create_big struct to 0. The broadcast code is copied from the QoS struct. Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Lanzhe Li authored
Fixed a wrong indentation before "return".This line uses a 7 space indent instead of a tab. Signed-off-by: Lanzhe Li <u202212060@hust.edu.cn> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Neeraj Sanjay Kale authored
We can never assume the uart will deliver a complete packet to the BT layer at once, the expected packet may be divided into several parts by uart as uart doesn't know the received packet size, the received data count may mismatch with the expected packet size, so here is_valid_bootloader_signature() check may always return false. Even we remove the count check in is_valid_bootloader_signature(), then the first part of the data which includes the packet type can pass the is_valid_bootloader_signature() check, but the remaining parts don't have the packet type data still cannot pass the check, here return directly will cause the data loss. So need to remove the received bootloader signature check here, the h4_recv_buf() can help us combine the different data received into one packet. If any out-of-sync or incomplete bootloader signature is received, it is safe to ignore and discard it, and process the next bootloader signature. Co-developed-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Sherry Sun <sherry.sun@nxp.com> Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Neeraj Sanjay Kale authored
This sets the default power save mode setting to disabled. With this setting, this driver will behave like a normal h4 driver. If user needs to use the power save feature, it can be enabled using the following vendor command: hcitool cmd 3f 23 02 00 00 (HCI_NXP_AUTO_SLEEP_MODE) Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Neeraj Sanjay Kale authored
This adds a call to ps_wakeup() before closing the serdev device, to de-assert UART break. Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-
Neeraj Sanjay Kale authored
This adds support to download helper FW file for the legacy NXP chipset 88w8997 for the btnxpuart driver. This helper FW file is necessary to set the bootloader baudrate to 3000000 after which the actual BT FW file can be downloaded. This change helps bring the FW download time from around 10 sec to less than 2 sec for 88w8997 chip. For newer chipsets, both V1 and V3 bootloader, driver sends the cmd5 and cmd7 to the chip bootloader, and does not need a helper FW file. Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
-