1. 25 Mar, 2021 7 commits
  2. 24 Mar, 2021 1 commit
  3. 23 Mar, 2021 2 commits
    • Meng Yu's avatar
      Bluetooth: Remove trailing semicolon in macros · c29fb5f6
      Meng Yu authored
      remove trailing semicolon in macros and coding style fix.
      Signed-off-by: default avatarMeng Yu <yumeng18@huawei.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c29fb5f6
    • Archie Pusaka's avatar
      Bluetooth: check for zapped sk before connecting · 3af70b39
      Archie Pusaka authored
      There is a possibility of receiving a zapped sock on
      l2cap_sock_connect(). This could lead to interesting crashes, one
      such case is tearing down an already tore l2cap_sock as is happened
      with this call trace:
      
      __dump_stack lib/dump_stack.c:15 [inline]
      dump_stack+0xc4/0x118 lib/dump_stack.c:56
      register_lock_class kernel/locking/lockdep.c:792 [inline]
      register_lock_class+0x239/0x6f6 kernel/locking/lockdep.c:742
      __lock_acquire+0x209/0x1e27 kernel/locking/lockdep.c:3105
      lock_acquire+0x29c/0x2fb kernel/locking/lockdep.c:3599
      __raw_spin_lock_bh include/linux/spinlock_api_smp.h:137 [inline]
      _raw_spin_lock_bh+0x38/0x47 kernel/locking/spinlock.c:175
      spin_lock_bh include/linux/spinlock.h:307 [inline]
      lock_sock_nested+0x44/0xfa net/core/sock.c:2518
      l2cap_sock_teardown_cb+0x88/0x2fb net/bluetooth/l2cap_sock.c:1345
      l2cap_chan_del+0xa3/0x383 net/bluetooth/l2cap_core.c:598
      l2cap_chan_close+0x537/0x5dd net/bluetooth/l2cap_core.c:756
      l2cap_chan_timeout+0x104/0x17e net/bluetooth/l2cap_core.c:429
      process_one_work+0x7e3/0xcb0 kernel/workqueue.c:2064
      worker_thread+0x5a5/0x773 kernel/workqueue.c:2196
      kthread+0x291/0x2a6 kernel/kthread.c:211
      ret_from_fork+0x4e/0x80 arch/x86/entry/entry_64.S:604
      Signed-off-by: default avatarArchie Pusaka <apusaka@chromium.org>
      Reported-by: syzbot+abfc0f5e668d4099af73@syzkaller.appspotmail.com
      Reviewed-by: default avatarAlain Michaud <alainm@chromium.org>
      Reviewed-by: default avatarAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Reviewed-by: default avatarGuenter Roeck <groeck@chromium.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      3af70b39
  4. 22 Mar, 2021 5 commits
    • Arnd Bergmann's avatar
      Bluetooth: fix set_ecdh_privkey() prototype · 8ff0278d
      Arnd Bergmann authored
      gcc-11 points out that the declaration does not match the definition:
      
      net/bluetooth/ecdh_helper.c:122:55: error: argument 2 of type ‘const u8[32]’ {aka ‘const unsigned char[32]’} with mismatched bound [-Werror=array-parameter=]
        122 | int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 private_key[32])
            |                                              ~~~~~~~~~^~~~~~~~~~~~~~~
      In file included from net/bluetooth/ecdh_helper.c:23:
      net/bluetooth/ecdh_helper.h:28:56: note: previously declared as ‘const u8 *’ {aka ‘const unsigned char *’}
         28 | int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 *private_key);
            |                                              ~~~~~~~~~~^~~~~~~~~~~
      
      Change the declaration to contain the size of the array, rather than
      just a pointer.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      8ff0278d
    • Tetsuo Handa's avatar
      Bluetooth: initialize skb_queue_head at l2cap_chan_create() · be859723
      Tetsuo Handa authored
      syzbot is hitting "INFO: trying to register non-static key." message [1],
      for "struct l2cap_chan"->tx_q.lock spinlock is not yet initialized when
      l2cap_chan_del() is called due to e.g. timeout.
      
      Since "struct l2cap_chan"->lock mutex is initialized at l2cap_chan_create()
      immediately after "struct l2cap_chan" is allocated using kzalloc(), let's
      as well initialize "struct l2cap_chan"->{tx_q,srej_q}.lock spinlocks there.
      
      [1] https://syzkaller.appspot.com/bug?extid=fadfba6a911f6bf71842Reported-and-tested-by: default avatarsyzbot <syzbot+fadfba6a911f6bf71842@syzkaller.appspotmail.com>
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      be859723
    • Bhaskar Chowdhury's avatar
      Bluetooth: hci_qca: Mundane typo fix · 07528783
      Bhaskar Chowdhury authored
      s/packat/packet/
      Signed-off-by: default avatarBhaskar Chowdhury <unixbhaskar@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      07528783
    • Archie Pusaka's avatar
      Bluetooth: verify AMP hci_chan before amp_destroy · 5c4c8c95
      Archie Pusaka authored
      hci_chan can be created in 2 places: hci_loglink_complete_evt() if
      it is an AMP hci_chan, or l2cap_conn_add() otherwise. In theory,
      Only AMP hci_chan should be removed by a call to
      hci_disconn_loglink_complete_evt(). However, the controller might mess
      up, call that function, and destroy an hci_chan which is not initiated
      by hci_loglink_complete_evt().
      
      This patch adds a verification that the destroyed hci_chan must have
      been init'd by hci_loglink_complete_evt().
      
      Example crash call trace:
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xe3/0x144 lib/dump_stack.c:118
       print_address_description+0x67/0x22a mm/kasan/report.c:256
       kasan_report_error mm/kasan/report.c:354 [inline]
       kasan_report mm/kasan/report.c:412 [inline]
       kasan_report+0x251/0x28f mm/kasan/report.c:396
       hci_send_acl+0x3b/0x56e net/bluetooth/hci_core.c:4072
       l2cap_send_cmd+0x5af/0x5c2 net/bluetooth/l2cap_core.c:877
       l2cap_send_move_chan_cfm_icid+0x8e/0xb1 net/bluetooth/l2cap_core.c:4661
       l2cap_move_fail net/bluetooth/l2cap_core.c:5146 [inline]
       l2cap_move_channel_rsp net/bluetooth/l2cap_core.c:5185 [inline]
       l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5464 [inline]
       l2cap_sig_channel net/bluetooth/l2cap_core.c:5799 [inline]
       l2cap_recv_frame+0x1d12/0x51aa net/bluetooth/l2cap_core.c:7023
       l2cap_recv_acldata+0x2ea/0x693 net/bluetooth/l2cap_core.c:7596
       hci_acldata_packet net/bluetooth/hci_core.c:4606 [inline]
       hci_rx_work+0x2bd/0x45e net/bluetooth/hci_core.c:4796
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Allocated by task 38:
       set_track mm/kasan/kasan.c:460 [inline]
       kasan_kmalloc+0x8d/0x9a mm/kasan/kasan.c:553
       kmem_cache_alloc_trace+0x102/0x129 mm/slub.c:2787
       kmalloc include/linux/slab.h:515 [inline]
       kzalloc include/linux/slab.h:709 [inline]
       hci_chan_create+0x86/0x26d net/bluetooth/hci_conn.c:1674
       l2cap_conn_add.part.0+0x1c/0x814 net/bluetooth/l2cap_core.c:7062
       l2cap_conn_add net/bluetooth/l2cap_core.c:7059 [inline]
       l2cap_connect_cfm+0x134/0x852 net/bluetooth/l2cap_core.c:7381
       hci_connect_cfm+0x9d/0x122 include/net/bluetooth/hci_core.h:1404
       hci_remote_ext_features_evt net/bluetooth/hci_event.c:4161 [inline]
       hci_event_packet+0x463f/0x72fa net/bluetooth/hci_event.c:5981
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Freed by task 1732:
       set_track mm/kasan/kasan.c:460 [inline]
       __kasan_slab_free mm/kasan/kasan.c:521 [inline]
       __kasan_slab_free+0x106/0x128 mm/kasan/kasan.c:493
       slab_free_hook mm/slub.c:1409 [inline]
       slab_free_freelist_hook+0xaa/0xf6 mm/slub.c:1436
       slab_free mm/slub.c:3009 [inline]
       kfree+0x182/0x21e mm/slub.c:3972
       hci_disconn_loglink_complete_evt net/bluetooth/hci_event.c:4891 [inline]
       hci_event_packet+0x6a1c/0x72fa net/bluetooth/hci_event.c:6050
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      The buggy address belongs to the object at ffff8881d7af9180
       which belongs to the cache kmalloc-128 of size 128
      The buggy address is located 24 bytes inside of
       128-byte region [ffff8881d7af9180, ffff8881d7af9200)
      The buggy address belongs to the page:
      page:ffffea00075ebe40 count:1 mapcount:0 mapping:ffff8881da403200 index:0x0
      flags: 0x8000000000000200(slab)
      raw: 8000000000000200 dead000000000100 dead000000000200 ffff8881da403200
      raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8881d7af9080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
       ffff8881d7af9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
      >ffff8881d7af9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
       ffff8881d7af9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff8881d7af9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      Signed-off-by: default avatarArchie Pusaka <apusaka@chromium.org>
      Reported-by: syzbot+98228e7407314d2d4ba2@syzkaller.appspotmail.com
      Reviewed-by: default avatarAlain Michaud <alainm@chromium.org>
      Reviewed-by: default avatarAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      5c4c8c95
    • Archie Pusaka's avatar
      Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default · 3a9d54b1
      Archie Pusaka authored
      Currently l2cap_chan_set_defaults() reset chan->conf_state to zero.
      However, there is a flag CONF_NOT_COMPLETE which is set when
      creating the l2cap_chan. It is suggested that the flag should be
      cleared when l2cap_chan is ready, but when l2cap_chan_set_defaults()
      is called, l2cap_chan is not yet ready. Therefore, we must set this
      flag as the default.
      
      Example crash call trace:
      __dump_stack lib/dump_stack.c:15 [inline]
      dump_stack+0xc4/0x118 lib/dump_stack.c:56
      panic+0x1c6/0x38b kernel/panic.c:117
      __warn+0x170/0x1b9 kernel/panic.c:471
      warn_slowpath_fmt+0xc7/0xf8 kernel/panic.c:494
      debug_print_object+0x175/0x193 lib/debugobjects.c:260
      debug_object_assert_init+0x171/0x1bf lib/debugobjects.c:614
      debug_timer_assert_init kernel/time/timer.c:629 [inline]
      debug_assert_init kernel/time/timer.c:677 [inline]
      del_timer+0x7c/0x179 kernel/time/timer.c:1034
      try_to_grab_pending+0x81/0x2e5 kernel/workqueue.c:1230
      cancel_delayed_work+0x7c/0x1c4 kernel/workqueue.c:2929
      l2cap_clear_timer+0x1e/0x41 include/net/bluetooth/l2cap.h:834
      l2cap_chan_del+0x2d8/0x37e net/bluetooth/l2cap_core.c:640
      l2cap_chan_close+0x532/0x5d8 net/bluetooth/l2cap_core.c:756
      l2cap_sock_shutdown+0x806/0x969 net/bluetooth/l2cap_sock.c:1174
      l2cap_sock_release+0x64/0x14d net/bluetooth/l2cap_sock.c:1217
      __sock_release+0xda/0x217 net/socket.c:580
      sock_close+0x1b/0x1f net/socket.c:1039
      __fput+0x322/0x55c fs/file_table.c:208
      ____fput+0x17/0x19 fs/file_table.c:244
      task_work_run+0x19b/0x1d3 kernel/task_work.c:115
      exit_task_work include/linux/task_work.h:21 [inline]
      do_exit+0xe4c/0x204a kernel/exit.c:766
      do_group_exit+0x291/0x291 kernel/exit.c:891
      get_signal+0x749/0x1093 kernel/signal.c:2396
      do_signal+0xa5/0xcdb arch/x86/kernel/signal.c:737
      exit_to_usermode_loop arch/x86/entry/common.c:243 [inline]
      prepare_exit_to_usermode+0xed/0x235 arch/x86/entry/common.c:277
      syscall_return_slowpath+0x3a7/0x3b3 arch/x86/entry/common.c:348
      int_ret_from_sys_call+0x25/0xa3
      Signed-off-by: default avatarArchie Pusaka <apusaka@chromium.org>
      Reported-by: syzbot+338f014a98367a08a114@syzkaller.appspotmail.com
      Reviewed-by: default avatarAlain Michaud <alainm@chromium.org>
      Reviewed-by: default avatarAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Reviewed-by: default avatarGuenter Roeck <groeck@chromium.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      3a9d54b1
  5. 18 Mar, 2021 2 commits
  6. 17 Mar, 2021 1 commit
  7. 16 Mar, 2021 1 commit
    • Jiri Kosina's avatar
      Bluetooth: avoid deadlock between hci_dev->lock and socket lock · 17486960
      Jiri Kosina authored
      Commit eab2404b ("Bluetooth: Add BT_PHY socket option") added a
      dependency between socket lock and hci_dev->lock that could lead to
      deadlock.
      
      It turns out that hci_conn_get_phy() is not in any way relying on hdev
      being immutable during the runtime of this function, neither does it even
      look at any of the members of hdev, and as such there is no need to hold
      that lock.
      
      This fixes the lockdep splat below:
      
       ======================================================
       WARNING: possible circular locking dependency detected
       5.12.0-rc1-00026-g73d464503354 #10 Not tainted
       ------------------------------------------------------
       bluetoothd/1118 is trying to acquire lock:
       ffff8f078383c078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]
      
       but task is already holding lock:
       ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610
      
       which lock already depends on the new lock.
      
       the existing dependency chain (in reverse order) is:
      
       -> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:
              lock_sock_nested+0x72/0xa0
              l2cap_sock_ready_cb+0x18/0x70 [bluetooth]
              l2cap_config_rsp+0x27a/0x520 [bluetooth]
              l2cap_sig_channel+0x658/0x1330 [bluetooth]
              l2cap_recv_frame+0x1ba/0x310 [bluetooth]
              hci_rx_work+0x1cc/0x640 [bluetooth]
              process_one_work+0x244/0x5f0
              worker_thread+0x3c/0x380
              kthread+0x13e/0x160
              ret_from_fork+0x22/0x30
      
       -> #2 (&chan->lock#2/1){+.+.}-{3:3}:
              __mutex_lock+0xa3/0xa10
              l2cap_chan_connect+0x33a/0x940 [bluetooth]
              l2cap_sock_connect+0x141/0x2a0 [bluetooth]
              __sys_connect+0x9b/0xc0
              __x64_sys_connect+0x16/0x20
              do_syscall_64+0x33/0x80
              entry_SYSCALL_64_after_hwframe+0x44/0xae
      
       -> #1 (&conn->chan_lock){+.+.}-{3:3}:
              __mutex_lock+0xa3/0xa10
              l2cap_chan_connect+0x322/0x940 [bluetooth]
              l2cap_sock_connect+0x141/0x2a0 [bluetooth]
              __sys_connect+0x9b/0xc0
              __x64_sys_connect+0x16/0x20
              do_syscall_64+0x33/0x80
              entry_SYSCALL_64_after_hwframe+0x44/0xae
      
       -> #0 (&hdev->lock){+.+.}-{3:3}:
              __lock_acquire+0x147a/0x1a50
              lock_acquire+0x277/0x3d0
              __mutex_lock+0xa3/0xa10
              hci_conn_get_phy+0x1c/0x150 [bluetooth]
              l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]
              __sys_getsockopt+0xcc/0x200
              __x64_sys_getsockopt+0x20/0x30
              do_syscall_64+0x33/0x80
              entry_SYSCALL_64_after_hwframe+0x44/0xae
      
       other info that might help us debug this:
      
       Chain exists of:
         &hdev->lock --> &chan->lock#2/1 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP
      
        Possible unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
                                      lock(&chan->lock#2/1);
                                      lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
         lock(&hdev->lock);
      
        *** DEADLOCK ***
      
       1 lock held by bluetoothd/1118:
        #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]
      
       stack backtrace:
       CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10
       Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017
       Call Trace:
        dump_stack+0x7f/0xa1
        check_noncircular+0x105/0x120
        ? __lock_acquire+0x147a/0x1a50
        __lock_acquire+0x147a/0x1a50
        lock_acquire+0x277/0x3d0
        ? hci_conn_get_phy+0x1c/0x150 [bluetooth]
        ? __lock_acquire+0x2e1/0x1a50
        ? lock_is_held_type+0xb4/0x120
        ? hci_conn_get_phy+0x1c/0x150 [bluetooth]
        __mutex_lock+0xa3/0xa10
        ? hci_conn_get_phy+0x1c/0x150 [bluetooth]
        ? lock_acquire+0x277/0x3d0
        ? mark_held_locks+0x49/0x70
        ? mark_held_locks+0x49/0x70
        ? hci_conn_get_phy+0x1c/0x150 [bluetooth]
        hci_conn_get_phy+0x1c/0x150 [bluetooth]
        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]
        __sys_getsockopt+0xcc/0x200
        __x64_sys_getsockopt+0x20/0x30
        do_syscall_64+0x33/0x80
        entry_SYSCALL_64_after_hwframe+0x44/0xae
       RIP: 0033:0x7fb73df33eee
       Code: 48 8b 0d 85 0f 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 52 0f 0c 00 f7 d8 64 89 01 48
       RSP: 002b:00007fffcfbbbf08 EFLAGS: 00000203 ORIG_RAX: 0000000000000037
       RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00007fb73df33eee
       RDX: 000000000000000e RSI: 0000000000000112 RDI: 0000000000000018
       RBP: 0000000000000000 R08: 00007fffcfbbbf44 R09: 0000000000000000
       R10: 00007fffcfbbbf3c R11: 0000000000000203 R12: 0000000000000000
       R13: 0000000000000018 R14: 0000000000000000 R15: 0000556fcefc70d0
      
      Fixes: eab2404b ("Bluetooth: Add BT_PHY socket option")
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      17486960
  8. 15 Mar, 2021 3 commits
  9. 11 Mar, 2021 2 commits
  10. 08 Mar, 2021 4 commits
  11. 03 Mar, 2021 2 commits
  12. 02 Mar, 2021 1 commit
  13. 26 Feb, 2021 2 commits
    • mark-yw.chen's avatar
      Bluetooth: btusb: Fix incorrect type in assignment and uninitialized symbol · 201cf397
      mark-yw.chen authored
      Warnings: drivers/bluetooth/btusb.c:3775 btusb_mtk_setup() error:
      uninitialized symbol 'fw_version'.
      -> add initial value for fw_version.
      
      Warnings: sparse: sparse: incorrect type in assignment (different base
      types)
      -> add le32_to_cpu to fix incorrect type in assignment.
      Signed-off-by: default avatarmark-yw.chen <mark-yw.chen@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      201cf397
    • Rasmus Moorats's avatar
      Bluetooth: btusb: support 0cb5:c547 Realtek 8822CE device · 3edc5782
      Rasmus Moorats authored
      Some Xiaomi RedmiBook laptop models use the 0cb5:c547 USB identifier
      for their Bluetooth device, so load the appropriate firmware for
      Realtek 8822CE.
      
      -Device(0cb5:c547) from /sys/kernel/debug/usb/devices
      T:  Bus=01 Lev=01 Prnt=01 Port=03 Cnt=02 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cb5 ProdID=c547 Rev= 0.00
      S:  Manufacturer=Realtek
      S:  Product=Bluetooth Radio
      S:  SerialNumber=00e04c000001
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarRasmus Moorats <xx@nns.ee>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      3edc5782
  14. 21 Feb, 2021 7 commits
    • Linus Torvalds's avatar
      Merge tag 'perf-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d310ec03
      Linus Torvalds authored
      Pull performance event updates from Ingo Molnar:
      
       - Add CPU-PMU support for Intel Sapphire Rapids CPUs
      
       - Extend the perf ABI with PERF_SAMPLE_WEIGHT_STRUCT, to offer
         two-parameter sampling event feedback. Not used yet, but is intended
         for Golden Cove CPU-PMU, which can provide both the instruction
         latency and the cache latency information for memory profiling
         events.
      
       - Remove experimental, default-disabled perfmon-v4 counter_freezing
         support that could only be enabled via a boot option. The hardware is
         hopelessly broken, we'd like to make sure nobody starts relying on
         this, as it would only end in tears.
      
       - Fix energy/power events on Intel SPR platforms
      
       - Simplify the uprobes resume_execution() logic
      
       - Misc smaller fixes.
      
      * tag 'perf-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/rapl: Fix psys-energy event on Intel SPR platform
        perf/x86/rapl: Only check lower 32bits for RAPL energy counters
        perf/x86/rapl: Add msr mask support
        perf/x86/kvm: Add Cascade Lake Xeon steppings to isolation_ucodes[]
        perf/x86/intel: Support CPUID 10.ECX to disable fixed counters
        perf/x86/intel: Add perf core PMU support for Sapphire Rapids
        perf/x86/intel: Filter unsupported Topdown metrics event
        perf/x86/intel: Factor out intel_update_topdown_event()
        perf/core: Add PERF_SAMPLE_WEIGHT_STRUCT
        perf/intel: Remove Perfmon-v4 counter_freezing support
        x86/perf: Use static_call for x86_pmu.guest_get_msrs
        perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info
        perf/x86/intel/uncore: Store the logical die id instead of the physical die id.
        x86/kprobes: Do not decode opcode in resume_execution()
      d310ec03
    • Linus Torvalds's avatar
      Merge tag 'sched-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 657bd90c
      Linus Torvalds authored
      Pull scheduler updates from Ingo Molnar:
       "Core scheduler updates:
      
         - Add CONFIG_PREEMPT_DYNAMIC: this in its current form adds the
           preempt=none/voluntary/full boot options (default: full), to allow
           distros to build a PREEMPT kernel but fall back to close to
           PREEMPT_VOLUNTARY (or PREEMPT_NONE) runtime scheduling behavior via
           a boot time selection.
      
           There's also the /debug/sched_debug switch to do this runtime.
      
           This feature is implemented via runtime patching (a new variant of
           static calls).
      
           The scope of the runtime patching can be best reviewed by looking
           at the sched_dynamic_update() function in kernel/sched/core.c.
      
           ( Note that the dynamic none/voluntary mode isn't 100% identical,
             for example preempt-RCU is available in all cases, plus the
             preempt count is maintained in all models, which has runtime
             overhead even with the code patching. )
      
           The PREEMPT_VOLUNTARY/PREEMPT_NONE models, used by the vast
           majority of distributions, are supposed to be unaffected.
      
         - Fix ignored rescheduling after rcu_eqs_enter(). This is a bug that
           was found via rcutorture triggering a hang. The bug is that
           rcu_idle_enter() may wake up a NOCB kthread, but this happens after
           the last generic need_resched() check. Some cpuidle drivers fix it
           by chance but many others don't.
      
           In true 2020 fashion the original bug fix has grown into a 5-patch
           scheduler/RCU fix series plus another 16 RCU patches to address the
           underlying issue of missed preemption events. These are the initial
           fixes that should fix current incarnations of the bug.
      
         - Clean up rbtree usage in the scheduler, by providing & using the
           following consistent set of rbtree APIs:
      
             partial-order; less() based:
               - rb_add(): add a new entry to the rbtree
               - rb_add_cached(): like rb_add(), but for a rb_root_cached
      
             total-order; cmp() based:
               - rb_find(): find an entry in an rbtree
               - rb_find_add(): find an entry, and add if not found
      
               - rb_find_first(): find the first (leftmost) matching entry
               - rb_next_match(): continue from rb_find_first()
               - rb_for_each(): iterate a sub-tree using the previous two
      
         - Improve the SMP/NUMA load-balancer: scan for an idle sibling in a
           single pass. This is a 4-commit series where each commit improves
           one aspect of the idle sibling scan logic.
      
         - Improve the cpufreq cooling driver by getting the effective CPU
           utilization metrics from the scheduler
      
         - Improve the fair scheduler's active load-balancing logic by
           reducing the number of active LB attempts & lengthen the
           load-balancing interval. This improves stress-ng mmapfork
           performance.
      
         - Fix CFS's estimated utilization (util_est) calculation bug that can
           result in too high utilization values
      
        Misc updates & fixes:
      
         - Fix the HRTICK reprogramming & optimization feature
      
         - Fix SCHED_SOFTIRQ raising race & warning in the CPU offlining code
      
         - Reduce dl_add_task_root_domain() overhead
      
         - Fix uprobes refcount bug
      
         - Process pending softirqs in flush_smp_call_function_from_idle()
      
         - Clean up task priority related defines, remove *USER_*PRIO and
           USER_PRIO()
      
         - Simplify the sched_init_numa() deduplication sort
      
         - Documentation updates
      
         - Fix EAS bug in update_misfit_status(), which degraded the quality
           of energy-balancing
      
         - Smaller cleanups"
      
      * tag 'sched-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (51 commits)
        sched,x86: Allow !PREEMPT_DYNAMIC
        entry/kvm: Explicitly flush pending rcuog wakeup before last rescheduling point
        entry: Explicitly flush pending rcuog wakeup before last rescheduling point
        rcu/nocb: Trigger self-IPI on late deferred wake up before user resume
        rcu/nocb: Perform deferred wake up before last idle's need_resched() check
        rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers
        sched/features: Distinguish between NORMAL and DEADLINE hrtick
        sched/features: Fix hrtick reprogramming
        sched/deadline: Reduce rq lock contention in dl_add_task_root_domain()
        uprobes: (Re)add missing get_uprobe() in __find_uprobe()
        smp: Process pending softirqs in flush_smp_call_function_from_idle()
        sched: Harden PREEMPT_DYNAMIC
        static_call: Allow module use without exposing static_call_key
        sched: Add /debug/sched_preempt
        preempt/dynamic: Support dynamic preempt with preempt= boot option
        preempt/dynamic: Provide irqentry_exit_cond_resched() static call
        preempt/dynamic: Provide preempt_schedule[_notrace]() static calls
        preempt/dynamic: Provide cond_resched() and might_resched() static calls
        preempt: Introduce CONFIG_PREEMPT_DYNAMIC
        static_call: Provide DEFINE_STATIC_CALL_RET0()
        ...
      657bd90c
    • Linus Torvalds's avatar
      Merge tag 'core-mm-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7b15c27e
      Linus Torvalds authored
      Pull tlb gather updates from Ingo Molnar:
       "Theses fix MM (soft-)dirty bit management in the procfs code & clean
        up the TLB gather API"
      
      * tag 'core-mm-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/ldt: Use tlb_gather_mmu_fullmm() when freeing LDT page-tables
        tlb: arch: Remove empty __tlb_remove_tlb_entry() stubs
        tlb: mmu_gather: Remove start/end arguments from tlb_gather_mmu()
        tlb: mmu_gather: Introduce tlb_gather_mmu_fullmm()
        tlb: mmu_gather: Remove unused start/end arguments from tlb_finish_mmu()
        mm: proc: Invalidate TLB after clearing soft-dirty page state
      7b15c27e
    • Linus Torvalds's avatar
      Merge tag 'locking-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9eef0233
      Linus Torvalds authored
      Pull locking updates from Ingo Molnar:
       "Core locking primitives updates:
          - Remove mutex_trylock_recursive() from the API - no users left
          - Simplify + constify the futex code a bit
      
        Lockdep updates:
          - Teach lockdep about local_lock_t
          - Add CONFIG_DEBUG_IRQFLAGS=y debug config option to check for
            potentially unsafe IRQ mask restoration patterns. (I.e.
            calling raw_local_irq_restore() with IRQs enabled.)
          - Add wait context self-tests
          - Fix graph lock corner case corrupting internal data structures
          - Fix noinstr annotations
      
        LKMM updates:
          - Simplify the litmus tests
          - Documentation fixes
      
        KCSAN updates:
          - Re-enable KCSAN instrumentation in lib/random32.c
      
        Misc fixes:
          - Don't branch-trace static label APIs
          - DocBook fix
          - Remove stale leftover empty file"
      
      * tag 'locking-core-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits)
        checkpatch: Don't check for mutex_trylock_recursive()
        locking/mutex: Kill mutex_trylock_recursive()
        s390: Use arch_local_irq_{save,restore}() in early boot code
        lockdep: Noinstr annotate warn_bogus_irq_restore()
        locking/lockdep: Avoid unmatched unlock
        locking/rwsem: Remove empty rwsem.h
        locking/rtmutex: Add missing kernel-doc markup
        futex: Remove unneeded gotos
        futex: Change utime parameter to be 'const ... *'
        lockdep: report broken irq restoration
        jump_label: Do not profile branch annotations
        locking: Add Reviewers
        locking/selftests: Add local_lock inversion tests
        locking/lockdep: Exclude local_lock_t from IRQ inversions
        locking/lockdep: Clean up check_redundant() a bit
        locking/lockdep: Add a skip() function to __bfs()
        locking/lockdep: Mark local_lock_t
        locking/selftests: More granular debug_locks_verbose
        lockdep/selftest: Add wait context selftests
        tools/memory-model: Fix typo in klitmus7 compatibility table
        ...
      9eef0233
    • Linus Torvalds's avatar
      Merge tag 'core-rcu-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d089f48f
      Linus Torvalds authored
      Pull RCU updates from Ingo Molnar:
       "These are the latest RCU updates for v5.12:
      
         - Documentation updates.
      
         - Miscellaneous fixes.
      
         - kfree_rcu() updates: Addition of mem_dump_obj() to provide
           allocator return addresses to more easily locate bugs. This has a
           couple of RCU-related commits, but is mostly MM. Was pulled in with
           akpm's agreement.
      
         - Per-callback-batch tracking of numbers of callbacks, which enables
           better debugging information and smarter reactions to large numbers
           of callbacks.
      
         - The first round of changes to allow CPUs to be runtime switched
           from and to callback-offloaded state.
      
         - CONFIG_PREEMPT_RT-related changes.
      
         - RCU CPU stall warning updates.
      
         - Addition of polling grace-period APIs for SRCU.
      
         - Torture-test and torture-test scripting updates, including a
           "torture everything" script that runs rcutorture, locktorture,
           scftorture, rcuscale, and refscale. Plus does an allmodconfig
           build.
      
         - nolibc fixes for the torture tests"
      
      * tag 'core-rcu-2021-02-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (130 commits)
        percpu_ref: Dump mem_dump_obj() info upon reference-count underflow
        rcu: Make call_rcu() print mem_dump_obj() info for double-freed callback
        mm: Make mem_obj_dump() vmalloc() dumps include start and length
        mm: Make mem_dump_obj() handle vmalloc() memory
        mm: Make mem_dump_obj() handle NULL and zero-sized pointers
        mm: Add mem_dump_obj() to print source of memory block
        tools/rcutorture: Fix position of -lgcc in mkinitrd.sh
        tools/nolibc: Fix position of -lgcc in the documented example
        tools/nolibc: Emit detailed error for missing alternate syscall number definitions
        tools/nolibc: Remove incorrect definitions of __ARCH_WANT_*
        tools/nolibc: Get timeval, timespec and timezone from linux/time.h
        tools/nolibc: Implement poll() based on ppoll()
        tools/nolibc: Implement fork() based on clone()
        tools/nolibc: Make getpgrp() fall back to getpgid(0)
        tools/nolibc: Make dup2() rely on dup3() when available
        tools/nolibc: Add the definition for dup()
        rcutorture: Add rcutree.use_softirq=0 to RUDE01 and TASKS01
        torture: Maintain torture-specific set of CPUs-online books
        torture: Clean up after torture-test CPU hotplugging
        rcutorture: Make object_debug also double call_rcu() heap object
        ...
      d089f48f
    • Linus Torvalds's avatar
      Merge tag 'timers-core-2021-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3f6ec19f
      Linus Torvalds authored
      Pull timer updates from Thomas Gleixner:
       "Time and timer updates:
      
         - Instead of new drivers remove tango, sirf, u300 and atlas drivers
      
         - Add suspend/resume support for microchip pit64b
      
         - The usual fixes, improvements and cleanups here and there"
      
      * tag 'timers-core-2021-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timens: Delete no-op time_ns_init()
        alarmtimer: Update kerneldoc
        clocksource/drivers/timer-microchip-pit64b: Add clocksource suspend/resume
        clocksource/drivers/prima: Remove sirf prima driver
        clocksource/drivers/atlas: Remove sirf atlas driver
        clocksource/drivers/tango: Remove tango driver
        clocksource/drivers/u300: Remove the u300 driver
        dt-bindings: timer: nuvoton: Clarify that interrupt of timer 0 should be specified
        clocksource/drivers/davinci: Move pr_fmt() before the includes
        clocksource/drivers/efm32: Drop unused timer code
      3f6ec19f
    • Linus Torvalds's avatar
      Merge tag 'irq-core-2021-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b5183bc9
      Linus Torvalds authored
      Pull irq updates from Thomas Gleixner:
       "Updates for the irq subsystem:
      
         - The usual new irq chip driver (Realtek RTL83xx)
      
         - Removal of sirfsoc and tango irq chip drivers
      
         - Conversion of the sun6i chip support to hierarchical irq domains
      
         - The usual fixes, improvements and cleanups all over the place"
      
      * tag 'irq-core-2021-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/imx: IMX_INTMUX should not default to y, unconditionally
        irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap
        irqchip/csky-mpintc: Prevent selection on unsupported platforms
        irqchip: Add support for Realtek RTL838x/RTL839x interrupt controller
        dt-bindings: interrupt-controller: Add Realtek RTL838x/RTL839x support
        irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags
        genirq: Use new tasklet API for resend_tasklet
        dt-bindings: qcom,pdc: Add compatible for SM8350
        dt-bindings: qcom,pdc: Add compatible for SM8250
        irqchip/sun6i-r: Add wakeup support
        irqchip/sun6i-r: Use a stacked irqchip driver
        dt-bindings: irq: sun6i-r: Add a compatible for the H3
        dt-bindings: irq: sun6i-r: Split the binding from sun7i-nmi
        irqchip/gic-v3: Fix typos in PMR/RPR SCR_EL3.FIQ handling explanation
        irqchip: Remove sirfsoc driver
        irqchip: Remove sigma tango driver
      b5183bc9