summaryrefslogtreecommitdiff
path: root/drivers/bluetooth/hci_bcsp.c
AgeCommit message (Collapse)AuthorFilesLines
2019-11-28Bluetooth: Fix invalid-free in bcsp_close()Tomas Bortoli1-0/+3
commit cf94da6f502d8caecabd56b194541c873c8a7a3c upstream. Syzbot reported an invalid-free that I introduced fixing a memleak. bcsp_recv() also frees bcsp->rx_skb but never nullifies its value. Nullify bcsp->rx_skb every time it is freed. Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+a0d209a4676664613e76@syzkaller.appspotmail.com Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: Alexander Potapenko <glider@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-08-04Bluetooth: hci_bcsp: Fix memory leak in rx_skbTomas Bortoli1-0/+5
[ Upstream commit 4ce9146e0370fcd573f0372d9b4e5a211112567c ] Syzkaller found that it is possible to provoke a memory leak by never freeing rx_skb in struct bcsp_struct. Fix by freeing in bcsp_close() Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com> Reported-by: syzbot+98162c885993b72f19c4@syzkaller.appspotmail.com Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
2016-09-24Bluetooth: BCSP fails to ACK re-transmitted frames from the peerDean Jenkins1-34/+51
Send an ACK frame with the current txack value in response to every received reliable frame unless a TX reliable frame is being sent. This modification allows re-transmitted frames from the remote peer to be acknowledged rather than ignored. It means that the remote peer knows which frame number to start re-transmitting from. Without this modification, the recovery time to a missing frame from the remote peer was unnecessarily being extended because the headers of the out of order reliable frames were being discarded rather than being processed. The frame headers of received frames will indicate whether the local peer's transmissions have been acknowledged by the remote peer. Therefore, the local peer may unnecessarily re-transmit despite the remote peer already indicating that the frame had been acknowledged in out of order reliable frame. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Jiada Wang <jiada_wang@mentor.com> Signed-off-by: Rajeev Kumar <rajeev_kumar@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-09-24Bluetooth: Tidy-up coding style in hci_bcsp.cDean Jenkins1-26/+29
drivers/bluetooth/hci_bcsp.c contains some style issues as highlighted by ./scripts/checkpatch.pl --strict -f drivers/bluetooth/hci_bcsp.c a) comments - maintainer prefers network style comments b) positioning of lines in multi-line statements c) spaces after casts d) missing blank lines after declarations Therefore, tidy-up the above to make it easier to apply future code changes that have conforming style. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2016-04-09Bluetooth: hci_bcsp: fix code styleMaxim Zhukov1-26/+31
This commit fixed: trailing "*/" trailing spaces mixed indent space between ~ and ( Signed-off-by: Maxim Zhukov <mussitantesmortem@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-11-19Bluetooth: Use new hci_skb_pkt_* wrappers for driversMarcel Holtmann1-10/+15
The new hci_skb_pkt_* wrappers are mainly intented for drivers to require less knowledge about bt_cb(sbk) handling. So after converting the core packet handling, convert all drivers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-06-09Bluetooth: hci_bcsp: Clean up code FixPrasanna Karthik1-8/+8
Fix for spaces prohibited around that '->' reported by checkpatch and space prohibited between function name and open parenthesis '(' Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-05-25Bluetooth: hci_uart: Change 1 to true for bool type variables assignmentsShailendra Verma1-2/+2
The variables txcrc and hciextn are bool type. So assigning true instead of 1. Signed-off-by: Shailendra Verma <shailendra.capricorn@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2015-04-07Bluetooth: hci_uart: Update version number driverMarcel Holtmann1-2/+0
This version number is more cosmetic and for debugging purposes, but since there has been a few changes lately, increase it now. Two left-over and not used version constants that were never exposed anywhere are removed since they have no actual value. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07Bluetooth: hci_uart: Remove the manual protocol init messageMarcel Holtmann1-8/+1
The init function for each HCI UART protocol prints the same on success and failure. This information is so generic, remove it and let the main HCI UART handling print it instead. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07Bluetooth: hci_uart: Add name information to hci_uart_proto structMarcel Holtmann1-0/+1
This adds an extra name field to the hci_uart_proto struct that provides a simple way of adding a string identifier to the protocol. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07Bluetooth: hci_uart: Make struct hci_uart_proto always constMarcel Holtmann1-1/+1
The usage of struct hci_uart_proto should always be const. Change the function headers and individual protocol drivers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2015-04-07Bluetooth: hci_uart: Use const data pointer for received dataMarcel Holtmann1-2/+2
The TTY layer provides its data pointers as const, but the HCI UART callbacks expect them as general data pointers. This is of course wrong and instead of casting them, just fix the individual drivers to actually take a const data pointer. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-05Bluetooth: Remove assignments in if-statementsValentin Ilie1-11/+16
Remove assignment in if-statements to be consistent with the coding style. Signed-off-by: Valentin Ilie <valentin.ilie@gmail.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-04Bluetooth: Stop BCSP/H5 timer before cleaning upMichael Knudsen1-1/+3
When stopping BCSP/H5, stop the retransmission timer before proceeding to clean up packet queues. The previous code had a race condition where the timer could trigger after the packet lists and protocol structure had been removed which led to dereferencing NULL or use-after-free bugs. Signed-off-by: Michael Knudsen <m.knudsen@samsung.com> Reported-by: Kirill Tkhai <ktkhai@parallels.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2013-10-11Bluetooth: Provide hdev parameter to hci_recv_frame() driver callbackMarcel Holtmann1-3/+2
To avoid casting skb->dev into hdev, just let the drivers provide the hdev directly when calling hci_recv_frame() function. This patch also fixes up all drivers to provide the hdev. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-06-05Bluetooth: Remove 'register' usage from the subsystemGustavo Padovan1-1/+1
Let the compiler chooses what is best. Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2012-02-16Merge branch 'master' of ↵Johan Hedberg1-2/+2
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next.git Conflicts: include/net/bluetooth/l2cap.h net/bluetooth/hci_conn.c net/bluetooth/l2cap_core.c
2012-02-13Bluetooth: hci-uart-bcsp: Use GFP_ATOMIC in open()David Herrmann1-1/+1
The uart_proto open() callback is not called in atomic context so we can safely sleep here. The caller hci_uart_set_proto() in hci_ldisc.c is an ioctl-handler and therefore can sleep. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2012-01-13module_param: make bool parameters really bool (drivers & misc)Rusty Russell1-2/+2
module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2010-07-27Bluetooth: Add __init and __exit marks to UART driversGustavo F. Padovan1-2/+2
Those marks are useful to save space in the binary and in the memory. Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2010-07-01Bluetooth: Fix abuse of the preincrement operatorDavid Howells1-1/+1
Fix abuse of the preincrement operator as detected when building with gcc 4.6.0: CC [M] drivers/bluetooth/hci_bcsp.o drivers/bluetooth/hci_bcsp.c: In function 'bcsp_prepare_pkt': drivers/bluetooth/hci_bcsp.c:247:20: warning: operation on 'bcsp->msgq_txseq' may be undefined Reported-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-25Bluetooth: Fix false errors from bcsp_pkt_cull functionWending Weng1-1/+2
The error message "Removed only %u out of %u pkts" is printed when multiple to be acked packets are queued. if (i++ >= pkts_to_be_removed) break; This will break out of the loop and increase the counter i when i==pkts_to_be_removed and the loop ends up with i=pkts_to_be_removed+1. The following line if (i != pkts_to_be_removed) { BT_ERR("Removed only %u out of %u pkts", i, pkts_to_be_removed); } will then display the false message. The counter i must not increase on the same statement. Signed-off-by: Wending Weng <wweng@rheinmetall.ca> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-11-30Bluetooth: Enable per-module dynamic debug messagesMarcel Holtmann1-5/+0
With the introduction of CONFIG_DYNAMIC_PRINTK_DEBUG it is possible to allow debugging without having to recompile the kernel. This patch turns all BT_DBG() calls into pr_debug() to support dynamic debug messages. As a side effect all CONFIG_BT_*_DEBUG statements are now removed and some broken debug entries have been fixed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-22bluetooth: hci_bcsp: Use SKB list interfaces instead of home-grown stuff.David S. Miller1-9/+9
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-10bluetooth: hci_bcsp.c small cleanups/api usersHarvey Harrison1-31/+13
Use bitrev16 from lib/bitrev.c. Use the get_unaligned_be16 to get the crc from the packet, create a small helper function for this. Fix a shadowed variable sparse warning: drivers/bluetooth/hci_bcsp.c:218:26: warning: symbol 'hdr' shadows an earlier one drivers/bluetooth/hci_bcsp.c:187:5: originally declared here [akpm@linux-foundation.org: select CONFIG_BITREVERSE, noted by akinobu.mita@gmail.com] Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-22[Bluetooth] Switch from OGF+OCF to using only opcodesMarcel Holtmann1-1/+2
The Bluetooth HCI commands are divided into logical OGF groups for easier identification of their purposes. While this still makes sense for the written specification, its makes the code only more complex and harder to read. So instead of using separate OGF and OCF values to identify the commands, use a common 16-bit opcode that combines both values. As a side effect this also reduces the complexity of OGF and OCF calculations during command header parsing. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-14[PATCH] remove many unneeded #includes of sched.hTim Schmielau1-1/+0
After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006-12-07[PATCH] lockdep: annotate bcsp driverPeter Zijlstra1-2/+2
============================================= [ INFO: possible recursive locking detected ] 2.6.18-1.2699.fc6 #1 --------------------------------------------- swapper/0 is trying to acquire lock: (&list->lock#3){+...}, at: [<c05ad307>] skb_dequeue+0x12/0x43 but task is already holding lock: (&list->lock#3){+...}, at: [<df98cd79>] bcsp_dequeue+0x6a/0x11e [hci_uart] Two different list locks nest, annotate so. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Marcel Holtmann <marcel@holtmann.org> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-06-30Remove obsolete #include <linux/config.h>Jörn Engel1-1/+0
Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-01-15[PATCH] Unlinline a bunch of other functionsArjan van de Ven1-1/+1
Remove the "inline" keyword from a bunch of big functions in the kernel with the goal of shrinking it by 30kb to 40kb Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Jeff Garzik <jgarzik@pobox.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-07[PATCH] bluetooth: kmalloc + memset -> kzalloc conversionDeepak Saxena1-2/+1
Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Cc: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-28[Bluetooth] Cleanup of the HCI UART driverMarcel Holtmann1-42/+78
This patch contains the big cleanup of the HCI UART driver. The uneeded header files are removed and their structure declarations are moved into the protocol implementations. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-10-28[Bluetooth] Remove TXCRC compile option for BCSP driverMarcel Holtmann1-19/+23
The TXCRC compile option is not really useful and thus change it into a module parameter. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-08-30[Bluetooth]: Move packet type into the SKB control bufferMarcel Holtmann1-9/+9
This patch moves the usage of packet type into the SKB control buffer. After this patch it is now possible to shrink the sk_buff structure and redefine its pkt_type. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-06[Bluetooth] Remove unused functions and cleanup symbol exportsMarcel Holtmann1-2/+0
This patch removes the unused bt_dump() function and it also removes its BT_DMP macro. It also unexports the hci_dev_get(), hci_send_cmd() and hci_si_event() functions. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-04-17Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+749
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!