- 06 Jan, 2014 1 commit
-
-
Johan Hedberg authored
When disconnecting it is possible that the l2cap_conn pointer is already NULL when bt_6lowpan_del_conn() is entered. Looking at l2cap_conn_del also verifies this as there's a NULL check there too. This patch adds the missing NULL check without which the following bug may occur: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a *pde = 00000000 Oops: 0000 [#1] SMP CPU: 1 PID: 52 Comm: kworker/u5:1 Not tainted 3.12.0+ #196 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Workqueue: hci0 hci_rx_work task: f6259b00 ti: f48c0000 task.ti: f48c0000 EIP: 0060:[<c131e9c7>] EFLAGS: 00010282 CPU: 1 EIP is at bt_6lowpan_del_conn+0x19/0x12a EAX: 00000000 EBX: ef094e10 ECX: 00000000 EDX: 00000016 ESI: 00000000 EDI: f48c1e60 EBP: f48c1e50 ESP: f48c1e34 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 8005003b CR2: 00000000 CR3: 30c65000 CR4: 00000690 Stack: f4d38000 00000000 f4d38000 00000002 ef094e10 00000016 f48c1e60 f48c1e70 c1316bed f48c1e84 c1316bed 00000000 00000001 ef094e10 f48c1e84 f48c1ed0 c1303cc6 c1303c7b f31f331a c1303cc6 f6e7d1c0 f3f8ea16 f3f8f380 f4d38008 Call Trace: [<c1316bed>] l2cap_disconn_cfm+0x3f/0x5b [<c1316bed>] ? l2cap_disconn_cfm+0x3f/0x5b [<c1303cc6>] hci_event_packet+0x645/0x2117 [<c1303c7b>] ? hci_event_packet+0x5fa/0x2117 [<c1303cc6>] ? hci_event_packet+0x645/0x2117 [<c12681bd>] ? __kfree_skb+0x65/0x68 [<c12681eb>] ? kfree_skb+0x2b/0x2e [<c130d3fb>] ? hci_send_to_sock+0x18d/0x199 [<c12fa327>] hci_rx_work+0xf9/0x295 [<c12fa327>] ? hci_rx_work+0xf9/0x295 [<c1036d25>] process_one_work+0x128/0x1df [<c1346a39>] ? _raw_spin_unlock_irq+0x8/0x12 [<c1036d25>] ? process_one_work+0x128/0x1df [<c103713a>] worker_thread+0x127/0x1c4 [<c1037013>] ? rescuer_thread+0x216/0x216 [<c103aec6>] kthread+0x88/0x8d [<c1040000>] ? task_rq_lock+0x37/0x6e [<c13474b7>] ret_from_kernel_thread+0x1b/0x28 [<c103ae3e>] ? __kthread_parkme+0x50/0x50 Code: 05 b8 f4 ff ff ff 8d 65 f4 5b 5e 5f 5d 8d 67 f8 5f c3 57 8d 7c 24 08 83 e4 f8 ff 77 fc 55 89 e5 57 56f EIP: [<c131e9c7>] bt_6lowpan_del_conn+0x19/0x12a SS:ESP 0068:f48c1e34 CR2: 0000000000000000 Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 04 Jan, 2014 2 commits
-
-
Marcel Holtmann authored
There exists a set of Bluetooth USB devices that show up on the USB bus as 0a12:0001 and identify themselves as devices from CSR. However they are not. When sending Read Local Version command they now have a split personality and say they are from Broadcom. < HCI Command: Read Local Version Information (0x04|0x0001) plen 0 > HCI Event: Command Complete (0x0e) plen 12 Read Local Version Information (0x04|0x0001) ncmd 1 status 0x00 HCI Version: 2.0 (0x3) HCI Revision: 0x3000 LMP Version: 2.0 (0x3) LMP Subversion: 0x420b Manufacturer: Broadcom Corporation (15) The assumption is that they are neither CSR nor Broadcom based devices and that they are designed and manufactured by someone else. For the most parts they follow the Bluetooth HCI specification and can be used as standard Bluetooth devices. However they have the minor problem that the Delete Stored Link Key command is not working as it should. During the Bluetooth controller setup, this command is needed if stored link keys are supported. For these devices it has to be assumed that this is broken and so just set a quirk to clearly indicate the behavior. After that the setup can just proceed. Now the trick part is to detect these faulty devices since we do not want to punish all CSR and all Broadcom devices. The original devices do actually work according to the specification. What is known so far is that these broken devices set the USB bcdDevice revision information to 1.0 or less. T: Bus=02 Lev=01 Prnt=01 Port=08 Cnt=03 Dev#= 9 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0a12 ProdID=0001 Rev= 1.00 S: Manufacturer=Bluetooth v2.0 S: Product=Bluetooth V2.0 Dongle T: Bus=05 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0a12 ProdID=0001 Rev= 0.07 In case of CSR devices, the bcdDevice revision contains the firmware build ID and that is normally a higher value. If the bcdDevice revision is 1.0 or less, then an extra setup stage is checking if Read Local Version returns CSR manufacturer information. If not then it will be assumed that this is a broken device and the Delete Stored Link Key command will be marked as broken. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
Marcel Holtmann authored
Some controller pretend they support the Delete Stored Link Key command, but in reality they really don't support it. < HCI Command: Delete Stored Link Key (0x03|0x0012) plen 7 bdaddr 00:00:00:00:00:00 all 1 > HCI Event: Command Complete (0x0e) plen 4 Delete Stored Link Key (0x03|0x0012) ncmd 1 status 0x11 deleted 0 Error: Unsupported Feature or Parameter Value Not correctly supporting this command causes the controller setup to fail and will make a device not work. However sending the command for controller that handle stored link keys is important. This quirk allows a driver to disable the command if it knows that this command handling is broken. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 29 Dec, 2013 2 commits
-
-
Marcel Holtmann authored
The register for setting the SDIO card mode of a Type-B Bluetooth card is called MD SET. The MD STAT register is used for reading the current mode back. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
Marcel Holtmann authored
The Bluetooth virtual HCI driver is using a misc character device to allow emulation of HCI devices from userspace. This change enables the support for vectored writes. Previously this was failing with EINVAL since no complete H:4 packet was written. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 23 Dec, 2013 1 commit
-
-
Marcel Holtmann authored
The Socket Bluetooth SDIO cards are branded versions of Toshiba SD-BT2 and they do not support sending HCI_Reset as first command. To make this card work the HCI_QUIRK_RESET_ON_CLOSE quirk needs to be set before registering the controller. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 17 Dec, 2013 8 commits
-
-
Alexander Aring authored
This patch remove unnecessary casts and brackets in compress_udp_header function. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
Cleanup code to handle both calculation in the same way. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
Cleanup the lowpan_uncompress_udp_header function to use the lowpan_fetch_skb function. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
Bit 5 of "UDP LOWPAN_NHC Format" indicate that the checksum can be elided. The host need to calculate the udp checksum afterwards but this isn't supported right now. See: http://tools.ietf.org/html/rfc6282#section-4.3.3Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
The incoming udp header in lowpan_compress_udp_header function is already in network byte order. Everytime we read this values for source and destination port we need to convert this value to host byte order. In the outcoming header we need to set this value in network byte order which the upcoming process assumes. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
In case ((ntohs(uh->source) & LOWPAN_NHC_UDP_8BIT_MASK) the order of uncompression is wrong. It's always first source port then destination port as second. See: http://tools.ietf.org/html/rfc6282#section-4.3.3 "Fields carried in-line (in part or in whole) appear in the same order as they do in the UDP header format" Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
This patch uses the lowpan_push_hc_data to generate iphc header. The current implementation has some wrong pointer arithmetic issues and works in a random case only. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Alexander Aring authored
This patch introduce the lowpan_push_hc_data function to set data in the iphc buffer. It's a common case to set data and increase the buffer pointer. This helper function can be used many times in header_compress function to generate the iphc header. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 14 Dec, 2013 2 commits
-
-
Wei Yongjun authored
In case of error, the function bt_skb_alloc() returns NULL pointer not ERR_PTR(). The IS_ERR() test in the return value check should be replaced with NULL test. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Wei Yongjun authored
Remove including <linux/version.h> that don't need it. Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 12 Dec, 2013 3 commits
-
-
Alexander Aring authored
There are several issues on current debug behaviour. This patch fix the following issues: - Fix debug printout only if DEBUG is defined. - Move debug functions of 6LoWPAN code into 6lowpan header. - Cleanup codestyle of debug functions. Signed-off-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
The condition wouldn't have previously caused -ENOENT to be returned if dev was NULL. The proper condition should be if (!dev || !dev->netdev). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
The 6lowpan.c file was missing an #include statement for 6lowpan.h. Without it we get the following type of warnings: net/bluetooth/6lowpan.c:320:5: warning: symbol 'bt_6lowpan_recv' was not declared. Should it be static? net/bluetooth/6lowpan.c:737:5: warning: symbol 'bt_6lowpan_add_conn' was not declared. Should it be static? net/bluetooth/6lowpan.c:805:5: warning: symbol 'bt_6lowpan_del_conn' was not declared. Should it be static? net/bluetooth/6lowpan.c:878:5: warning: symbol 'bt_6lowpan_init' was not declared. Should it be static? net/bluetooth/6lowpan.c:883:6: warning: symbol 'bt_6lowpan_cleanup' was not declared. Should it be static? Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 11 Dec, 2013 5 commits
-
-
Jukka Rissanen authored
This is a temporary patch where user can manually enable or disable BT 6LoWPAN functionality between devices. Eventually the connection is established automatically if the devices are advertising suitable capability and this patch can be removed. Before connecting the devices do this echo Y > /sys/kernel/debug/bluetooth/hci0/6lowpan This enables 6LoWPAN support and creates the bt0 interface automatically when devices are finally connected. Rebooting or unloading the bluetooth kernel module will also clear the settings from the kernel. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Jukka Rissanen authored
This is initial version of http://tools.ietf.org/html/draft-ietf-6lo-btle-00 By default the 6LoWPAN support is not activated and user needs to tweak /sys/kernel/debug/bluetooth/hci0/6lowpan file. The kernel needs IPv6 support before 6LoWPAN is usable. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Jukka Rissanen authored
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Jukka Rissanen authored
Used for IPv6 over LoWPAN networks. Example of this is Bluetooth 6LoWPAN network. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Jukka Rissanen authored
Because the IEEE 802154 and Bluetooth share the IP header compression and uncompression code, the common code is moved to 6lowpan_iphc.c file. Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Acked-by: Alexander Aring <alex.aring@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 10 Dec, 2013 1 commit
-
-
Johan Hedberg authored
If we receive an L2CAP command reject message over LE we should take appropriate action on the corresponding channel. This is particularly important when trying to interact with a remote pre-4.1 system using LE CoC signaling messages. If we don't react to the command reject the corresponding socket would not be notified until a connection timeout occurs. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 08 Dec, 2013 1 commit
-
-
Marcel Holtmann authored
Add the LMP feature constants for connectionless slave broadcast and use them for capability testing. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 07 Dec, 2013 1 commit
-
-
Marcel Holtmann authored
With the addition of L2CAP Connection Oriented Channels for Bluetooth Low Energy connections, it makes sense to increase the minor version of the Bluetooth core module. The module version is not used anywhere, but it gives a nice extra hint for debugging purposes. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 06 Dec, 2013 2 commits
-
-
Johan Hedberg authored
The range of valid LE PSMs is 0x0001-0x00ff so the check should be for "less than or equal to" instead of "less than". Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
Since there's a nice convenient helper for calculating the minimum of two values, let's use that one. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 05 Dec, 2013 11 commits
-
-
Johan Hedberg authored
The values in l2cap_chan that are used for actually transmitting data only need to be initialized right after we've received an L2CAP Connect Request or just before we send one. The only thing that we need to initialize though bind() and connect() is the chan->mode value. This way all other initializations can be done in the l2cap_le_flowctl_init function (which now becomes private to l2cap_core.c) and the l2cap_le_flowctl_start function can be completely removed. Also, since the l2cap_sock_init function initializes the imtu and omtu to adequate values these do not need to be part of l2cap_le_flowctl_init. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
This patch adds entries to debugfs to control the values used for the MPS and Credits for LE Flow Control Mode. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
LE PSM values have different ranges than those for BR/EDR. The valid ranges for fixed, SIG assigned values is 0x0001-0x007f and for dynamic PSM values 0x0080-0x00ff. We need to ensure that bind() and connect() calls conform to these ranges when operating on LE CoC sockets. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
LE CoC used differend CIC ranges than BR/EDR L2CAP. The start of the range is the same (0x0040) but the range ends at 0x007f (unlike BR/EDR where it goes all the way to 0xffff). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
The outgoing MTU should only be set upon channel creation to the initial minimum value (23) or from a remote connect req/rsp PDU. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
It doesn't make sense to have an MPS value greater than the configured MTU value since we will then not be able to fill up the packets to their full possible size. We need to set the MPS both in flowctl_init() as well as flowctl_start() since the imtu may change after init() but start() is only called after we've sent the LE Connection Request PDU which depends on having a valid MPS value. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
If the peer gives us zero credits in its connection request or response we must call the suspend channel callback so the BT_SK_SUSPEND flag gets set and user space is blocked from sending data to the socket. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
Unlike BR/EDR, for LE when we're in the BT_CONNECT state we may or may not have already have sent the Connect Request. This means that we need some extra tracking of the request. This patch adds an extra channel flag to prevent the request from being sent a second time. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
When receiving fragments over an LE Connection oriented Channel they need to be collected up and eventually merged into a single SDU. This patch adds the necessary code for collecting up the fragment skbs to the channel context and passing them to the recv() callback when the entire SDU has been received. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
This patch adds segmentation support for outgoing data packets. Packets are segmented based on the MTU and MPS values. The l2cap_chan struct already contains many helpful variables from BR/EDR Enhanced L2CAP which can be used for this. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Johan Hedberg authored
Setting the BT_SK_SUSPEND socket flag from the L2CAP core is causing a dependency on the socket. So instead of doing that, use a channel callback into the socket handling to suspend. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-