Age | Commit message (Collapse) | Author |
|
It should be the dst in the copy not src. 03a001948 introduced this bug.
Reported-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
When cancelling a delayed work (timer) in L2CAP we can not sleep holding
the sock mutex otherwise we might deadlock with an L2CAP timer handler.
This is possible because RX/TX and L2CAP timers run in different workqueues.
The scenario below illustrates the problem. Thus we are now avoiding to
sleep on the timers locks.
======================================================
[ INFO: possible circular locking dependency detected ]
3.1.0-05270-ga978dc7-dirty #239
-------------------------------------------------------
kworker/1:1/873 is trying to acquire lock:
(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}, at: [<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
but task is already holding lock:
((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 ((&(&chan->chan_timer)->work)){+.+...}:
[<ffffffff8106b276>] check_prevs_add+0xf6/0x170
[<ffffffff8106b903>] validate_chain+0x613/0x790
[<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
[<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
[<ffffffff81052a6f>] wait_on_work+0x4f/0x160
[<ffffffff81052ca3>] __cancel_work_timer+0x73/0x80
[<ffffffff81052cbd>] cancel_delayed_work_sync+0xd/0x10
[<ffffffffa002f2ed>] l2cap_chan_connect+0x22d/0x470 [bluetooth]
[<ffffffffa002fb51>] l2cap_sock_connect+0xb1/0x140 [bluetooth]
[<ffffffff8130811b>] kernel_connect+0xb/0x10
[<ffffffffa00cf98a>] rfcomm_session_create+0x12a/0x1c0 [rfcomm]
[<ffffffffa00cfbe7>] __rfcomm_dlc_open+0x1c7/0x240 [rfcomm]
[<ffffffffa00d07c2>] rfcomm_dlc_open+0x42/0x70 [rfcomm]
[<ffffffffa00d3b03>] rfcomm_sock_connect+0x103/0x150 [rfcomm]
[<ffffffff8130bd7e>] sys_connect+0xae/0xc0
[<ffffffff813368d2>] compat_sys_socketcall+0xb2/0x220
[<ffffffff813b2089>] sysenter_dispatch+0x7/0x30
-> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+...}:
[<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
[<ffffffff8106b276>] check_prevs_add+0xf6/0x170
[<ffffffff8106b903>] validate_chain+0x613/0x790
[<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
[<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
[<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
[<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
[<ffffffff81051ae4>] process_one_work+0x184/0x450
[<ffffffff8105276e>] worker_thread+0x15e/0x340
[<ffffffff81057bb6>] kthread+0x96/0xa0
[<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((&(&chan->chan_timer)->work));
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
lock((&(&chan->chan_timer)->work));
lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);
*** DEADLOCK ***
2 locks held by kworker/1:1/873:
#0: (events){.+.+.+}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450
#1: ((&(&chan->chan_timer)->work)){+.+...}, at: [<ffffffff81051a86>] process_one_work+0x126/0x450
stack backtrace:
Pid: 873, comm: kworker/1:1 Not tainted 3.1.0-05270-ga978dc7-dirty #239
Call Trace:
[<ffffffff813a0f6e>] print_circular_bug+0xd2/0xe3
[<ffffffff8106b16d>] check_prev_add+0x6cd/0x6e0
[<ffffffff8106b276>] check_prevs_add+0xf6/0x170
[<ffffffff8106b903>] validate_chain+0x613/0x790
[<ffffffff8106dfee>] __lock_acquire+0x4be/0xac0
[<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
[<ffffffff8106ea30>] ? lock_release_nested+0x100/0x110
[<ffffffff8130d8f6>] ? lock_sock_nested+0x66/0xa0
[<ffffffff8106ec2d>] lock_acquire+0x8d/0xb0
[<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
[<ffffffff8130d91a>] lock_sock_nested+0x8a/0xa0
[<ffffffffa002ceac>] ? l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
[<ffffffff81051a86>] ? process_one_work+0x126/0x450
[<ffffffffa002ceac>] l2cap_chan_timeout+0x3c/0xe0 [bluetooth]
[<ffffffff81051ae4>] process_one_work+0x184/0x450
[<ffffffff81051a86>] ? process_one_work+0x126/0x450
[<ffffffffa002ce70>] ? l2cap_security_cfm+0x4e0/0x4e0 [bluetooth]
[<ffffffff8105276e>] worker_thread+0x15e/0x340
[<ffffffff81052610>] ? manage_workers+0x110/0x110
[<ffffffff81057bb6>] kthread+0x96/0xa0
[<ffffffff813b1ef4>] kernel_thread_helper+0x4/0x10
[<ffffffff813af69d>] ? retint_restore_args+0xe/0xe
[<ffffffff81057b20>] ? __init_kthread_worker+0x70/0x70
[<ffffffff813b1ef0>] ? gs_change+0xb/0xb
Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
The struct hci_proto and all related register/unregister and dispatching
code was removed. HCI core code now call directly the SCO and L2CAP
event functions.
Signed-off-by: Ulisses Furquim <ulisses@profusion.mobi>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
It makes more sense this way, since info_timer is a timer using delayed
work API.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This one also needs to run in process context
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
It is the only place where it is used.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Conflicts:
net/bluetooth/l2cap_core.c
|
|
When configuring an ERTM or streaming mode connection, remote devices
are expected to send an RFC option in a successful config response. A
misbehaving remote device might not send an RFC option, and the L2CAP
code should not access uninitialized data in this case.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Add ProFUSION's copyright to some files I've been touching recently.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This list has much more reads than writes, so RCU makes senses here, also
it avoid deadlock against the socket lock.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This move some checking code that was in l2cap_sock_connect() to
l2cap_chan_connect(). Thus we can invert the lock calls, i.e., call
lock_sock() before hci_dev_lock() to avoid a deadlock scenario.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Another step of remove interrupt context from Bluetooth Core.
Use the system workqueue.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
spin lock doesn't fit ok anymore on the new code based on workqueues.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
We run everything in the same lock now. The backlog queue is useless now
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
We now run everything in process context, so the mutex lock is the best
option. But in some places we still need the bh_lock_sock()
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
L2CAP timers also need to run in process context. As the works in l2cap
are small we are using the system worqueue.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Now we run everything in HCI in process context, so it's a better idea use
mutex instead spin_lock. The macro remains hci_dev_lock() (and I got rid
of hci_dev_lock_bh()), of course.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
I did this as a part of a testing course at university, but it might be
useful upstream as well.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Fixes bluetooth compiling when CONFIG_BT_L2CAP is not enabled
net/built-in.o: In function `hci_dev_open':
(.text+0xdce9a): undefined reference to `enable_hs'
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Make __l2cap_global_chan_by_addr similar to other find functions.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This make it easier to see what is the real reason for loop to exit.
skb_queue_next return valid skb or garbage, not NULL.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Make it easier to see what is loop break condition.
skb_queue_next return valid skb or garbage, not NULL.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Due to ERTM reliability L2CAP channel needs to be disconnected if
adding to srej list failed.
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
rename to l2cap_chan_check_security() to make it consistent with other
l2cap_exported functions. This function will be exported in a later
commit.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next
Conflicts:
net/bluetooth/l2cap_sock.c
net/bluetooth/mgmt.c
|
|
Add parsing Extended Flow Specification in L2CAP Config Response.
Based upon haijun.liu <haijun.liu@atheros.com> series of patches
(sent Sun, 22 Aug 2010)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Use HCI error reasons instead of magic numbers.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
AMP channels can be moved between BR/EDR and AMP controllers using a
sequence of signals. Every attempted channel move involves a series of
four signals:
Move Initiator Move Responder
| |
| Move Channel Request |
| ----------------------------> |
| |
| Move Channel Response |
| <---------------------------- |
| |
| Move Channel Confirm |
| ----------------------------> |
| |
| Move Channel Confirm Response |
| <---------------------------- |
All four signals are sent even if the move fails.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
The A2MP fixed channel bit is only set when high-speed mode is enabled.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Handle both "create channel request" and "create channel response".
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Acked-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This implement priority based scheduler using skbuffer priority set via
SO_PRIORITY socket option.
It introduces hci_chan_hash (list of HCI Channel/hci_chan) per connection,
each item in this list refer to a L2CAP connection and it is used to
queue the data for transmission.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
This uses SO_PRIORITY to set the skbuffer priority field
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
l2cap_set_timer function prints sk instead of chan pointer.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
make code readable by removing magic numbers
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Add L2CAP Config Pending state for EFS. Currently after receiving
Config Response Pending respond with Config Response Success.
...
> ACL data: handle 1 flags 0x02 dlen 16
L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0040 result 0 status 0
Connection successful
> ACL data: handle 1 flags 0x02 dlen 45
L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33
RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 1009)
EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
AccLat 0xffffffff, FlushTO 0x0000ffff)
< ACL data: handle 1 flags 0x00 dlen 45
L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33
RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 498)
EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
AccLat 0xffffffff, FlushTO 0x0000ffff)
< ACL data: handle 1 flags 0x00 dlen 47
L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33
Pending
MTU 672
RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498)
EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
AccLat 0xffffffff, FlushTO 0x0000ffff)
> ACL data: handle 1 flags 0x02 dlen 47
L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 4 clen 33
Pending
MTU 672
RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 2000, MTo 12000, MPS 498)
EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
AccLat 0xffffffff, FlushTO 0x0000ffff)
> ACL data: handle 1 flags 0x02 dlen 14
L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
Success
< ACL data: handle 1 flags 0x00 dlen 14
L2CAP(s): Config rsp: scid 0x0040 flags 0x00 result 0 clen 0
Success
< ACL data: handle 1 flags 0x00 dlen 510
L2CAP(d): cid 0x0040 len 506 ext_ctrl 0x00010000 fcs 0xebe0 [psm 4113]
I-frame: Start (len 672) TxSeq 0 ReqSeq 0
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Timers set by __set_chan_timer() should use miliseconds instead of
jiffies. Commit 942ecc9c4643db5ce071562e0a23f99464d6b461 updated
l2cap_set_timer() so it expects timeout to be specified in msecs
instead of jiffies. This makes timeouts unreliable when CONFIG_HZ
is not set to 1000.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Add parsing Extended Flow Specification option in L2CAP Config Request
Based upon haijun.liu <haijun.liu@atheros.com> series of patches
(sent Sun, 22 Aug 2010)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Fix max_pdu_size calculationin for RFC. Change magic number to human readable
defines.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Remove magic numbers for FCS, SDU LEN and PSM LEN
when calculating packet payload.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Adds support for extended sequence numbers found in
extended control fields.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
There are three different Control Field formats: the Standard Control
Field, the Enhanced Control Field, and the Extended Control Field.
Patch adds function to handle all those fields seamlessly.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Add Extended Flow Specification option when building L2CAP
Configuration Request. EFS is added if both the local and
remote L2CAP entities have indicated support for the
Extended Flow Specification for BR/EDR.
...
< ACL data: handle 1 flags 0x00 dlen 10
L2CAP(s): Info req: type 2
> ACL data: handle 1 flags 0x02 dlen 16
L2CAP(s): Info rsp: type 2 result 0
Extended feature mask 0x01f8
Enhanced Retransmission mode
Streaming mode
FCS Option
Extended Flow Specification
Fixed Channels
Extended Window Size
...
< ACL data: handle 1 flags 0x00 dlen 45
L2CAP(s): Config req: dcid 0x0040 flags 0x00 clen 33
RFC 0x03 (Enhanced Retransmission, TxWin 63, MaxTx 3, RTo 0, MTo 0, MPS 498)
EFS (Id 0x01, SerType Best Effort, MaxSDU 0xffff, SDUitime 0xffffffff,
AccLat 0xffffffff, FlushTO 0x0000ffff)
...
Based upon haijun.liu <haijun.liu@atheros.com> series of patches
(sent Sun, 22 Aug 2010)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Assign default EFS values when creating L2CAP channel
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Recalculate length of L2CAP header based on Control field length.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
|
Handle POLL (P) bit in L2CAP ERTM using information about control field type.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|