1. 07 Jul, 2014 2 commits
    • Andrea Merello's avatar
      rt2800usb: Don't perform DMA from stack · 2c4db12e
      Andrea Merello authored
      Function rt2800usb_autorun_detect() passes the address of a variable
      allocated onto the stack to be used for DMA by the USB layer. This has
      been caught by my debugging-enabled kernel.
      
      This patch change things in order to allocate that variable via
      kmalloc, and it adjusts things to handle the kmalloc failure case,
      propagating the error.
      
      [ 7363.238852] ------------[ cut here ]------------
      [ 7363.243529] WARNING: CPU: 1 PID: 5235 at lib/dma-debug.c:1153 check_for_stack+0xa4/0xf0()
      [ 7363.251759] ehci-pci 0000:00:04.1: DMA-API: device driver maps memory fromstack [addr=ffff88006b81bad4]
      [ 7363.261210] Modules linked in: rt2800usb(O+) rt2800lib(O) rt2x00usb(O) rt2x00lib(O) rtl818x_pci(O) rtl8187 led_class eeprom_93cx6 mac80211 cfg80211 [last unloaded: rt2x00lib]
      [ 7363.277143] CPU: 1 PID: 5235 Comm: systemd-udevd Tainted: G           O  3.16.0-rc3-wl+ #31
      [ 7363.285546] Hardware name: System manufacturer System Product Name/M3N78 PRO, BIOS ASUS M3N78 PRO ACPI BIOS Revision 1402 12/04/2009
      [ 7363.297511]  0000000000000009 ffff88006b81b710 ffffffff8175dcad ffff88006b81b758
      [ 7363.305062]  ffff88006b81b748 ffffffff8106d372 ffff88006cf10098 ffff88006cead6a0
      [ 7363.312622]  ffff88006b81bad4 ffffffff81c1e7c0 ffff88006cf10098 ffff88006b81b7a8
      [ 7363.320161] Call Trace:
      [ 7363.322661]  [<ffffffff8175dcad>] dump_stack+0x4d/0x6f
      [ 7363.327847]  [<ffffffff8106d372>] warn_slowpath_common+0x82/0xb0
      [ 7363.333893]  [<ffffffff8106d3e7>] warn_slowpath_fmt+0x47/0x50
      [ 7363.339686]  [<ffffffff813a93b4>] check_for_stack+0xa4/0xf0
      [ 7363.345298]  [<ffffffff813a995c>] debug_dma_map_page+0x10c/0x150
      [ 7363.351367]  [<ffffffff81521bd9>] usb_hcd_map_urb_for_dma+0x229/0x720
      [ 7363.357890]  [<ffffffff8152256d>] usb_hcd_submit_urb+0x2fd/0x930
      [ 7363.363929]  [<ffffffff810eac31>] ? irq_work_queue+0x71/0xd0
      [ 7363.369617]  [<ffffffff810ab5a7>] ? wake_up_klogd+0x37/0x50
      [ 7363.375219]  [<ffffffff810ab7a5>] ? console_unlock+0x1e5/0x420
      [ 7363.381081]  [<ffffffff810abc25>] ? vprintk_emit+0x245/0x530
      [ 7363.386773]  [<ffffffff81523d3c>] usb_submit_urb+0x30c/0x580
      [ 7363.392462]  [<ffffffff81524295>] usb_start_wait_urb+0x65/0xf0
      [ 7363.398325]  [<ffffffff815243ed>] usb_control_msg+0xcd/0x110
      [ 7363.404014]  [<ffffffffa005514d>] rt2x00usb_vendor_request+0xbd/0x170 [rt2x00usb]
      [ 7363.411544]  [<ffffffffa0074292>] rt2800usb_autorun_detect+0x32/0x50 [rt2800usb]
      [ 7363.418986]  [<ffffffffa0074aa1>] rt2800usb_read_eeprom+0x11/0x70 [rt2800usb]
      [ 7363.426168]  [<ffffffffa0063ffd>] rt2800_probe_hw+0x11d/0xf90 [rt2800lib]
      [ 7363.432989]  [<ffffffffa0074b7d>] rt2800usb_probe_hw+0xd/0x50 [rt2800usb]
      [ 7363.439808]  [<ffffffffa00453d8>] rt2x00lib_probe_dev+0x238/0x7c0 [rt2x00lib]
      [ 7363.446992]  [<ffffffffa00bfa48>] ? ieee80211_led_names+0xb8/0x100 [mac80211]
      [ 7363.454156]  [<ffffffffa0056116>] rt2x00usb_probe+0x156/0x1f0 [rt2x00usb]
      [ 7363.460971]  [<ffffffffa0074250>] rt2800usb_probe+0x10/0x20 [rt2800usb]
      [ 7363.467616]  [<ffffffff8152799e>] usb_probe_interface+0xce/0x1c0
      [ 7363.473651]  [<ffffffff81480c20>] really_probe+0x70/0x240
      [ 7363.479079]  [<ffffffff81480f01>] __driver_attach+0xa1/0xb0
      [ 7363.484682]  [<ffffffff81480e60>] ? __device_attach+0x70/0x70
      [ 7363.490461]  [<ffffffff8147eef3>] bus_for_each_dev+0x63/0xa0
      [ 7363.496146]  [<ffffffff814807c9>] driver_attach+0x19/0x20
      [ 7363.501570]  [<ffffffff81480468>] bus_add_driver+0x178/0x220
      [ 7363.507270]  [<ffffffff8148151b>] driver_register+0x5b/0xe0
      [ 7363.512874]  [<ffffffff815271b0>] usb_register_driver+0xa0/0x170
      [ 7363.518905]  [<ffffffffa007a000>] ? 0xffffffffa0079fff
      [ 7363.524074]  [<ffffffffa007a01e>] rt2800usb_driver_init+0x1e/0x20 [rt2800usb]
      [ 7363.531247]  [<ffffffff810002d4>] do_one_initcall+0x84/0x1b0
      [ 7363.536932]  [<ffffffff8113aa60>] ? kfree+0xd0/0x110
      [ 7363.541931]  [<ffffffff8112730a>] ? __vunmap+0xaa/0xf0
      [ 7363.547538]  [<ffffffff810ca07e>] load_module+0x1aee/0x2040
      [ 7363.553141]  [<ffffffff810c6f10>] ? store_uevent+0x50/0x50
      [ 7363.558676]  [<ffffffff810ca66e>] SyS_init_module+0x9e/0xc0
      [ 7363.564285]  [<ffffffff81764012>] system_call_fastpath+0x16/0x1b
      [ 7363.570338] ---[ end trace 01ef5f822bea9882 ]---
      Signed-off-by: default avatarAndrea Merello <andrea.merello@gmail.com>
      Acked-by: default avatarHelmut Schaa <helmut.schaa@googlemail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      2c4db12e
    • John W. Linville's avatar
  2. 03 Jul, 2014 3 commits
  3. 26 Jun, 2014 1 commit
  4. 25 Jun, 2014 5 commits
  5. 24 Jun, 2014 5 commits
  6. 23 Jun, 2014 4 commits
  7. 20 Jun, 2014 5 commits
    • Lukasz Rymanowski's avatar
      Bluetooth: Fix for ACL disconnect when pairing fails · 1d56dc4f
      Lukasz Rymanowski authored
      When pairing fails hci_conn refcnt drops below zero. This cause that
      ACL link is not disconnected when disconnect timeout fires.
      
      Probably this is because l2cap_conn_del calls l2cap_chan_del for each
      channel, and inside l2cap_chan_del conn is dropped. After that loop
      hci_chan_del is called which also drops conn.
      
      Anyway, as it is desrcibed in hci_core.h, it is known that refcnt
      drops below 0 sometimes and it should be fine. If so, let disconnect
      link when hci_conn_timeout fires and refcnt is 0 or below. This patch
      does it.
      
      This affects PTS test SM_TC_JW_BV_05_C
      
      Logs from scenario:
      
      [69713.706227] [6515] pair_device:
      [69713.706230] [6515] hci_conn_add: hci0 dst 00:1b:dc:06:06:22
      [69713.706233] [6515] hci_dev_hold: hci0 orig refcnt 8
      [69713.706235] [6515] hci_conn_init_sysfs: conn ffff88021f65a000
      [69713.706239] [6515] hci_req_add_ev: hci0 opcode 0x200d plen 25
      [69713.706242] [6515] hci_prepare_cmd: skb len 28
      [69713.706243] [6515] hci_req_run: length 1
      [69713.706248] [6515] hci_conn_hold: hcon ffff88021f65a000 orig refcnt 0
      [69713.706251] [6515] hci_dev_put: hci0 orig refcnt 9
      [69713.706281] [8909] hci_cmd_work: hci0 cmd_cnt 1 cmd queued 1
      [69713.706288] [8909] hci_send_frame: hci0 type 1 len 28
      [69713.706290] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 28
      [69713.706316] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.706382] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.711664] [8909] hci_rx_work: hci0
      [69713.711668] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 6
      [69713.711680] [8909] hci_rx_work: hci0 Event packet
      [69713.711683] [8909] hci_cs_le_create_conn: hci0 status 0x00
      [69713.711685] [8909] hci_sent_cmd_data: hci0 opcode 0x200d
      [69713.711688] [8909] hci_req_cmd_complete: opcode 0x200d status 0x00
      [69713.711690] [8909] hci_sent_cmd_data: hci0 opcode 0x200d
      [69713.711695] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.711744] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.818875] [8909] hci_rx_work: hci0
      [69713.818889] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 21
      [69713.818913] [8909] hci_rx_work: hci0 Event packet
      [69713.818917] [8909] hci_le_conn_complete_evt: hci0 status 0x00
      [69713.818922] [8909] hci_send_to_control: len 19
      [69713.818927] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.818938] [8909] hci_conn_add_sysfs: conn ffff88021f65a000
      [69713.818975] [6450] bt_sock_poll: sock ffff88005e758500, sk ffff88010323b800
      [69713.818981] [6515] hci_sock_recvmsg: sock ffff88005e75a080, sk ffff88010323ac00
      ...
      [69713.819021] [8909] hci_dev_hold: hci0 orig refcnt 10
      [69713.819025] [8909] l2cap_connect_cfm: hcon ffff88021f65a000 bdaddr 00:1b:dc:06:06:22 status 0
      [69713.819028] [8909] hci_chan_create: hci0 hcon ffff88021f65a000
      [69713.819031] [8909] l2cap_conn_add: hcon ffff88021f65a000 conn ffff880221005c00 hchan ffff88020d60b1c0
      [69713.819034] [8909] l2cap_conn_ready: conn ffff880221005c00
      [69713.819036] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.819037] [8909] smp_conn_security: conn ffff880221005c00 hcon ffff88021f65a000 level 0x02
      [69713.819039] [8909] smp_chan_create:
      [69713.819041] [8909] hci_conn_hold: hcon ffff88021f65a000 orig refcnt 1
      [69713.819043] [8909] smp_send_cmd: code 0x01
      [69713.819045] [8909] hci_send_acl: hci0 chan ffff88020d60b1c0 flags 0x0000
      [69713.819046] [5949] hci_sock_recvmsg: sock ffff8800941a9900, sk ffff88012bf4e800
      [69713.819049] [8909] hci_queue_acl: hci0 nonfrag skb ffff88005157c100 len 15
      [69713.819055] [5949] hci_sock_recvmsg: sock ffff8800941a9900, sk ffff88012bf4e800
      [69713.819057] [8909] l2cap_le_conn_ready:
      [69713.819064] [8909] l2cap_chan_create: chan ffff88005ede2c00
      [69713.819066] [8909] l2cap_chan_hold: chan ffff88005ede2c00 orig refcnt 1
      [69713.819069] [8909] l2cap_sock_init: sk ffff88005ede5800
      [69713.819072] [8909] bt_accept_enqueue: parent ffff880160356000, sk ffff88005ede5800
      [69713.819074] [8909] __l2cap_chan_add: conn ffff880221005c00, psm 0x00, dcid 0x0004
      [69713.819076] [8909] l2cap_chan_hold: chan ffff88005ede2c00 orig refcnt 2
      [69713.819078] [8909] hci_conn_hold: hcon ffff88021f65a000 orig refcnt 2
      [69713.819080] [8909] smp_conn_security: conn ffff880221005c00 hcon ffff88021f65a000 level 0x01
      [69713.819082] [8909] l2cap_sock_ready_cb: sk ffff88005ede5800, parent ffff880160356000
      [69713.819086] [8909] le_pairing_complete_cb: status 0
      [69713.819091] [8909] hci_tx_work: hci0 acl 10 sco 8 le 0
      [69713.819093] [8909] hci_sched_acl: hci0
      [69713.819094] [8909] hci_sched_sco: hci0
      [69713.819096] [8909] hci_sched_esco: hci0
      [69713.819098] [8909] hci_sched_le: hci0
      [69713.819099] [8909] hci_chan_sent: hci0
      [69713.819101] [8909] hci_chan_sent: chan ffff88020d60b1c0 quote 10
      [69713.819104] [8909] hci_sched_le: chan ffff88020d60b1c0 skb ffff88005157c100 len 15 priority 7
      [69713.819106] [8909] hci_send_frame: hci0 type 2 len 15
      [69713.819108] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 15
      [69713.819119] [8909] hci_chan_sent: hci0
      [69713.819121] [8909] hci_prio_recalculate: hci0
      [69713.819123] [8909] process_pending_rx:
      [69713.819226] [6450] hci_sock_recvmsg: sock ffff88005e758780, sk ffff88010323d400
      ...
      [69713.822022] [6450] l2cap_sock_accept: sk ffff880160356000 timeo 0
      [69713.822024] [6450] bt_accept_dequeue: parent ffff880160356000
      [69713.822026] [6450] bt_accept_unlink: sk ffff88005ede5800 state 1
      [69713.822028] [6450] l2cap_sock_accept: new socket ffff88005ede5800
      [69713.822368] [6450] l2cap_sock_getname: sock ffff8800941ab700, sk ffff88005ede5800
      [69713.822375] [6450] l2cap_sock_getsockopt: sk ffff88005ede5800
      [69713.822383] [6450] l2cap_sock_getname: sock ffff8800941ab700, sk ffff88005ede5800
      [69713.822414] [6450] bt_sock_poll: sock ffff8800941ab700, sk ffff88005ede5800
      ...
      [69713.823255] [6450] l2cap_sock_getname: sock ffff8800941ab700, sk ffff88005ede5800
      [69713.823259] [6450] l2cap_sock_getsockopt: sk ffff88005ede5800
      [69713.824322] [6450] l2cap_sock_getname: sock ffff8800941ab700, sk ffff88005ede5800
      [69713.824330] [6450] l2cap_sock_getsockopt: sk ffff88005ede5800
      [69713.825029] [6450] bt_sock_poll: sock ffff88005e758500, sk ffff88010323b800
      ...
      [69713.825187] [6450] l2cap_sock_sendmsg: sock ffff8800941ab700, sk ffff88005ede5800
      [69713.825189] [6450] bt_sock_wait_ready: sk ffff88005ede5800
      [69713.825192] [6450] l2cap_create_basic_pdu: chan ffff88005ede2c00 len 3
      [69713.825196] [6450] l2cap_do_send: chan ffff88005ede2c00, skb ffff880160b0b500 len 7 priority 0
      [69713.825199] [6450] hci_send_acl: hci0 chan ffff88020d60b1c0 flags 0x0000
      [69713.825201] [6450] hci_queue_acl: hci0 nonfrag skb ffff880160b0b500 len 11
      [69713.825210] [8909] hci_tx_work: hci0 acl 9 sco 8 le 0
      [69713.825213] [8909] hci_sched_acl: hci0
      [69713.825214] [8909] hci_sched_sco: hci0
      [69713.825216] [8909] hci_sched_esco: hci0
      [69713.825217] [8909] hci_sched_le: hci0
      [69713.825219] [8909] hci_chan_sent: hci0
      [69713.825221] [8909] hci_chan_sent: chan ffff88020d60b1c0 quote 9
      [69713.825223] [8909] hci_sched_le: chan ffff88020d60b1c0 skb ffff880160b0b500 len 11 priority 0
      [69713.825225] [8909] hci_send_frame: hci0 type 2 len 11
      [69713.825227] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 11
      [69713.825242] [8909] hci_chan_sent: hci0
      [69713.825253] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.825253] [8909] hci_prio_recalculate: hci0
      [69713.825292] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.825768] [6450] bt_sock_poll: sock ffff88005e758500, sk ffff88010323b800
      ...
      [69713.866902] [8909] hci_rx_work: hci0
      [69713.866921] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 7
      [69713.866928] [8909] hci_rx_work: hci0 Event packet
      [69713.866931] [8909] hci_num_comp_pkts_evt: hci0 num_hndl 1
      [69713.866937] [8909] hci_tx_work: hci0 acl 9 sco 8 le 0
      [69713.866939] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.866940] [8909] hci_sched_acl: hci0
      ...
      [69713.866944] [8909] hci_sched_le: hci0
      [69713.866953] [8909] hci_chan_sent: hci0
      [69713.866997] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.867840] [28074] hci_rx_work: hci0
      [69713.867844] [28074] hci_send_to_monitor: hdev ffff88021f0c7000 len 7
      [69713.867850] [28074] hci_rx_work: hci0 Event packet
      [69713.867853] [28074] hci_num_comp_pkts_evt: hci0 num_hndl 1
      [69713.867857] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69713.867858] [28074] hci_tx_work: hci0 acl 10 sco 8 le 0
      [69713.867860] [28074] hci_sched_acl: hci0
      [69713.867861] [28074] hci_sched_sco: hci0
      [69713.867862] [28074] hci_sched_esco: hci0
      [69713.867863] [28074] hci_sched_le: hci0
      [69713.867865] [28074] hci_chan_sent: hci0
      [69713.867888] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69714.145661] [8909] hci_rx_work: hci0
      [69714.145666] [8909] hci_send_to_monitor: hdev ffff88021f0c7000 len 10
      [69714.145676] [8909] hci_rx_work: hci0 ACL data packet
      [69714.145679] [8909] hci_acldata_packet: hci0 len 6 handle 0x002d flags 0x0002
      [69714.145681] [8909] hci_conn_enter_active_mode: hcon ffff88021f65a000 mode 0
      [69714.145683] [8909] l2cap_recv_acldata: conn ffff880221005c00 len 6 flags 0x2
      [69714.145693] [8909] l2cap_recv_frame: len 2, cid 0x0006
      [69714.145696] [8909] hci_send_to_control: len 14
      [69714.145710] [8909] smp_chan_destroy:
      [69714.145713] [8909] pairing_complete: status 3
      [69714.145714] [8909] cmd_complete: sock ffff88010323ac00
      [69714.145717] [8909] hci_conn_drop: hcon ffff88021f65a000 orig refcnt 3
      [69714.145719] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69714.145720] [6450] bt_sock_poll: sock ffff88005e758500, sk ffff88010323b800
      [69714.145722] [6515] hci_sock_recvmsg: sock ffff88005e75a080, sk ffff88010323ac00
      [69714.145724] [6450] bt_sock_poll: sock ffff8801db6b4f00, sk ffff880160351c00
      ...
      [69714.145735] [6515] hci_sock_recvmsg: sock ffff88005e75a080, sk ffff88010323ac00
      [69714.145737] [8909] hci_conn_drop: hcon ffff88021f65a000 orig refcnt 2
      [69714.145739] [8909] l2cap_conn_del: hcon ffff88021f65a000 conn ffff880221005c00, err 13
      [69714.145740] [6450] bt_sock_poll: sock ffff8801db6b5400, sk ffff88021e775000
      [69714.145743] [6450] bt_sock_poll: sock ffff8801db6b5e00, sk ffff880160356000
      [69714.145744] [8909] l2cap_chan_hold: chan ffff88005ede2c00 orig refcnt 3
      [69714.145746] [6450] bt_sock_poll: sock ffff8800941ab700, sk ffff88005ede5800
      [69714.145748] [8909] l2cap_chan_del: chan ffff88005ede2c00, conn ffff880221005c00, err 13
      [69714.145749] [8909] l2cap_chan_put: chan ffff88005ede2c00 orig refcnt 4
      [69714.145751] [8909] hci_conn_drop: hcon ffff88021f65a000 orig refcnt 1
      [69714.145754] [6450] bt_sock_poll: sock ffff8800941ab700, sk ffff88005ede5800
      [69714.145756] [8909] l2cap_chan_put: chan ffff88005ede2c00 orig refcnt 3
      [69714.145759] [8909] hci_chan_del: hci0 hcon ffff88021f65a000 chan ffff88020d60b1c0
      [69714.145766] [5949] hci_sock_recvmsg: sock ffff8800941a9680, sk ffff88012bf4d000
      [69714.145787] [6515] hci_sock_release: sock ffff88005e75a080 sk ffff88010323ac00
      [69714.146002] [6450] hci_sock_recvmsg: sock ffff88005e758780, sk ffff88010323d400
      [69714.150795] [6450] l2cap_sock_release: sock ffff8800941ab700, sk ffff88005ede5800
      [69714.150799] [6450] l2cap_sock_shutdown: sock ffff8800941ab700, sk ffff88005ede5800
      [69714.150802] [6450] l2cap_chan_close: chan ffff88005ede2c00 state BT_CLOSED
      [69714.150805] [6450] l2cap_sock_kill: sk ffff88005ede5800 state BT_CLOSED
      [69714.150806] [6450] l2cap_chan_put: chan ffff88005ede2c00 orig refcnt 2
      [69714.150808] [6450] l2cap_sock_destruct: sk ffff88005ede5800
      [69714.150809] [6450] l2cap_chan_put: chan ffff88005ede2c00 orig refcnt 1
      [69714.150811] [6450] l2cap_chan_destroy: chan ffff88005ede2c00
      [69714.150970] [6450] bt_sock_poll: sock ffff88005e758500, sk ffff88010323b800
      ...
      [69714.151991] [8909] hci_conn_drop: hcon ffff88021f65a000 orig refcnt 0
      [69716.150339] [8909] hci_conn_timeout: hcon ffff88021f65a000 state BT_CONNECTED, refcnt -1
      Signed-off-by: default avatarLukasz Rymanowski <lukasz.rymanowski@tieto.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      1d56dc4f
    • Johan Hedberg's avatar
      Bluetooth: Fix rejecting pairing in case of insufficient capabilities · 2ed8f65c
      Johan Hedberg authored
      If we need an MITM protected connection but the local and remote IO
      capabilities cannot provide it we should reject the pairing attempt in
      the appropriate way. This patch adds the missing checks for such a
      situation to the smp_cmd_pairing_req() and smp_cmd_pairing_rsp()
      functions.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      2ed8f65c
    • Johan Hedberg's avatar
      Bluetooth: Refactor authentication method lookup into its own function · 581370cc
      Johan Hedberg authored
      We'll need to do authentication method lookups from more than one place,
      so refactor the lookup into its own function.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      581370cc
    • Johan Hedberg's avatar
      Bluetooth: Fix overriding higher security level in SMP · c7262e71
      Johan Hedberg authored
      When we receive a pairing request or an internal request to start
      pairing we shouldn't blindly overwrite the existing pending_sec_level
      value as that may actually be higher than the new one. This patch fixes
      the SMP code to only overwrite the value in case the new one is higher
      than the old.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c7262e71
    • Marcel Holtmann's avatar
      Revert "Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012." · a2b23bac
      Marcel Holtmann authored
      This reverts commit ca58e594.
      
      For some unclear reason this patch tries to add suport for the
      product ID 0xe005, but it ends up adding product ID 0x3005 to
      all the tables. This is obviously wrong and causing multiple
      issues.
      
      The original patch seemed to be fine, but what ended up in 3.15
      is not what the patch intended. The commit 0a3658cc is
      already present and adds support for this hardware. This means
      only revert of this broken commit is requird.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Reported-by: default avatarAlexander Holler <holler@ahsoftware.de>
      Cc: stable@vger.kernel.org # 3.15.x
      a2b23bac
  8. 17 Jun, 2014 5 commits
  9. 16 Jun, 2014 8 commits
    • Rafał Miłecki's avatar
    • Stanislaw Gruszka's avatar
      rt2x00: disable TKIP on USB · 8edcb0ba
      Stanislaw Gruszka authored
      On USB we can not get atomically TKIP key. We have to disable support
      for TKIP acceleration on USB hardware to avoid bug as showed bellow.
      
      [  860.827243] BUG: scheduling while atomic: hostapd/3397/0x00000002
      <snip>
      [  860.827280] Call Trace:
      [  860.827282]  [<ffffffff81682ea6>] dump_stack+0x4d/0x66
      [  860.827284]  [<ffffffff8167eb9b>] __schedule_bug+0x47/0x55
      [  860.827285]  [<ffffffff81685bb3>] __schedule+0x733/0x7b0
      [  860.827287]  [<ffffffff81685c59>] schedule+0x29/0x70
      [  860.827289]  [<ffffffff81684f8a>] schedule_timeout+0x15a/0x2b0
      [  860.827291]  [<ffffffff8105ac50>] ? ftrace_raw_event_tick_stop+0xc0/0xc0
      [  860.827294]  [<ffffffff810c13c2>] ? __module_text_address+0x12/0x70
      [  860.827296]  [<ffffffff81686823>] wait_for_completion_timeout+0xb3/0x140
      [  860.827298]  [<ffffffff81080fc0>] ? wake_up_state+0x20/0x20
      [  860.827301]  [<ffffffff814d5b3d>] usb_start_wait_urb+0x7d/0x150
      [  860.827303]  [<ffffffff814d5cd5>] usb_control_msg+0xc5/0x110
      [  860.827305]  [<ffffffffa02fb0c6>] rt2x00usb_vendor_request+0xc6/0x160  [rt2x00usb]
      [  860.827307]  [<ffffffffa02fb215>] rt2x00usb_vendor_req_buff_lock+0x75/0x150 [rt2x00usb]
      [  860.827309]  [<ffffffffa02fb393>] rt2x00usb_vendor_request_buff+0xa3/0xe0 [rt2x00usb]
      [  860.827311]  [<ffffffffa023d1a3>] rt2x00usb_register_multiread+0x33/0x40 [rt2800usb]
      [  860.827314]  [<ffffffffa05805f9>] rt2800_get_tkip_seq+0x39/0x50  [rt2800lib]
      [  860.827321]  [<ffffffffa0480f88>] ieee80211_get_key+0x218/0x2a0  [mac80211]
      [  860.827322]  [<ffffffff815cc68c>] ? __nlmsg_put+0x6c/0x80
      [  860.827329]  [<ffffffffa051b02e>] nl80211_get_key+0x22e/0x360 [cfg80211]
      
      Cc: stable@vger.kernel.org
      Reported-and-tested-by: default avatarPeter Wu <lekensteyn@gmail.com>
      Reported-and-tested-by: default avatarPontus Fuchs <pontus.fuchs@gmail.com>
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      8edcb0ba
    • Chin-Ran Lo's avatar
      mwifiex: fix tx_info/rx_info overlap with PCIe dma_mapping · bca463e8
      Chin-Ran Lo authored
      On PCIe Tx data path, network interface specific tx_info
      parameters such as bss_num and bss_type are saved at
      "skb->cb + sizeof(dma_addr_t)" (returned by MWIFIEX_SKB_TXCB).
      Later mwifiex_map_pci_memory() called from
      mwifiex_pcie_send_data() will memcpy
      sizeof(struct mwifiex_dma_mapping) bytes to save PCIe DMA
      address and length information at beginning of skb->cb.
      This accidently overwrites bss_num and bss_type saved in skb->cb
      previously because bss_num/bss_type and mwifiex_dma_mapping data
      overlap.
      Similarly, on PCIe Rx data path, rx_info parameters overlaps
      with PCIe DMA address and length information too.
      
      Fix it by defining mwifiex_cb structure and having
      MWIFIEX_SKB_TXCB and MWIFIEX_SKB_RXCB return the correct address
      of tx_info/rx_info using the structure members.
      
      Also add a BUILD_BUG_ON to maks sure that mwifiex_cb structure
      doesn't exceed the size of skb->cb.
      Reviewed-by: default avatarAaron Durbin <adurbin@chromium.org>
      Signed-off-by: default avatarChin-Ran Lo <crlo@marvell.com>
      Signed-off-by: default avatarBing Zhao <bzhao@marvell.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      bca463e8
    • Rafał Miłecki's avatar
      b43: disable 5 GHz on G-PHY · f15ec345
      Rafał Miłecki authored
      This fixes regression introduced by adding some G-PHY devices to the
      list of dual band devices. There is simply no support for 5 GHz on
      G-PHY devices in b43. It results in:
      WARNING: CPU: 0 PID: 79 at drivers/net/wireless/b43/phy_g.c:75 b43_gphy_channel_switch+0x125/0x130 [b43]()
      b43-phy1 ERROR: PHY init: Channel switch to default failed
      
      Regression was introduced by the following commit:
      
      commit 773cfc50
      Author: Rafał Miłecki <zajec5@gmail.com>
      Date:   Mon May 19 23:18:55 2014 +0200
      
          b43: add more devices to the bands database
      Signed-off-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      f15ec345
    • Linus Torvalds's avatar
      Linux 3.16-rc1 · 7171511e
      Linus Torvalds authored
      7171511e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · a9be2242
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix checksumming regressions, from Tom Herbert.
      
       2) Undo unintentional permissions changes for SCTP rto_alpha and
          rto_beta sysfs knobs, from Denial Borkmann.
      
       3) VXLAN, like other IP tunnels, should advertize it's encapsulation
          size using dev->needed_headroom instead of dev->hard_header_len.
          From Cong Wang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        net: sctp: fix permissions for rto_alpha and rto_beta knobs
        vxlan: Checksum fixes
        net: add skb_pop_rcv_encapsulation
        udp: call __skb_checksum_complete when doing full checksum
        net: Fix save software checksum complete
        net: Fix GSO constants to match NETIF flags
        udp: ipv4: do not waste time in __udp4_lib_mcast_demux_lookup
        vxlan: use dev->needed_headroom instead of dev->hard_header_len
        MAINTAINERS: update cxgb4 maintainer
      a9be2242
    • Linus Torvalds's avatar
      Merge tag 'clk-for-linus-3.16-part2' of git://git.linaro.org/people/mike.turquette/linux · dd1845af
      Linus Torvalds authored
      Pull more clock framework updates from Mike Turquette:
       "This contains the second half the of the clk changes for 3.16.
      
        They are simply fixes and code refactoring for the OMAP clock drivers.
        The sunxi clock driver changes include splitting out the one
        mega-driver into several smaller pieces and adding support for the A31
        SoC clocks"
      
      * tag 'clk-for-linus-3.16-part2' of git://git.linaro.org/people/mike.turquette/linux: (25 commits)
        clk: sunxi: document PRCM clock compatible strings
        clk: sunxi: add PRCM (Power/Reset/Clock Management) clks support
        clk: sun6i: Protect SDRAM gating bit
        clk: sun6i: Protect CPU clock
        clk: sunxi: Rework clock protection code
        clk: sunxi: Move the GMAC clock to a file of its own
        clk: sunxi: Move the 24M oscillator to a file of its own
        clk: sunxi: Remove calls to clk_put
        clk: sunxi: document new A31 USB clock compatible
        clk: sunxi: Implement A31 USB clock
        ARM: dts: OMAP5/DRA7: use omap5-mpu-dpll-clock capable of dealing with higher frequencies
        CLK: TI: dpll: support OMAP5 MPU DPLL that need special handling for higher frequencies
        ARM: OMAP5+: dpll: support Duty Cycle Correction(DCC)
        CLK: TI: clk-54xx: Set the rate for dpll_abe_m2x2_ck
        CLK: TI: Driver for DRA7 ATL (Audio Tracking Logic)
        dt:/bindings: DRA7 ATL (Audio Tracking Logic) clock bindings
        ARM: dts: dra7xx-clocks: Correct name for atl clkin3 clock
        CLK: TI: gate: add composite interface clock to OMAP2 only build
        ARM: OMAP2: clock: add DT boot support for cpufreq_ck
        CLK: TI: OMAP2: add clock init support
        ...
      dd1845af
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/users/willy/linux-nvme · b55b3902
      Linus Torvalds authored
      Pull NVMe update from Matthew Wilcox:
       "Mostly bugfixes again for the NVMe driver.  I'd like to call out the
        exported tracepoint in the block layer; I believe Keith has cleared
        this with Jens.
      
        We've had a few reports from people who're really pounding on NVMe
        devices at scale, hence the timeout changes (and new module
        parameters), hotplug cpu deadlock, tracepoints, and minor performance
        tweaks"
      
      [ Jens hadn't seen that tracepoint thing, but is ok with it - it will
        end up going away when mq conversion happens ]
      
      * git://git.infradead.org/users/willy/linux-nvme: (22 commits)
        NVMe: Fix START_STOP_UNIT Scsi->NVMe translation.
        NVMe: Use Log Page constants in SCSI emulation
        NVMe: Define Log Page constants
        NVMe: Fix hot cpu notification dead lock
        NVMe: Rename io_timeout to nvme_io_timeout
        NVMe: Use last bytes of f/w rev SCSI Inquiry
        NVMe: Adhere to request queue block accounting enable/disable
        NVMe: Fix nvme get/put queue semantics
        NVMe: Delete NVME_GET_FEAT_TEMP_THRESH
        NVMe: Make admin timeout a module parameter
        NVMe: Make iod bio timeout a parameter
        NVMe: Prevent possible NULL pointer dereference
        NVMe: Fix the buffer size passed in GetLogPage(CDW10.NUMD)
        NVMe: Update data structures for NVMe 1.2
        NVMe: Enable BUILD_BUG_ON checks
        NVMe: Update namespace and controller identify structures to the 1.1a spec
        NVMe: Flush with data support
        NVMe: Configure support for block flush
        NVMe: Add tracepoints
        NVMe: Protect against badly formatted CQEs
        ...
      b55b3902
  10. 15 Jun, 2014 2 commits
    • Daniel Borkmann's avatar
      net: sctp: fix permissions for rto_alpha and rto_beta knobs · b58537a1
      Daniel Borkmann authored
      Commit 3fd091e7 ("[SCTP]: Remove multiple levels of msecs
      to jiffies conversions.") has silently changed permissions for
      rto_alpha and rto_beta knobs from 0644 to 0444. The purpose of
      this was to discourage users from tweaking rto_alpha and
      rto_beta knobs in production environments since they are key
      to correctly compute rtt/srtt.
      
      RFC4960 under section 6.3.1. RTO Calculation says regarding
      rto_alpha and rto_beta under rule C3 and C4:
      
        [...]
        C3)  When a new RTT measurement R' is made, set
      
             RTTVAR <- (1 - RTO.Beta) * RTTVAR + RTO.Beta * |SRTT - R'|
      
             and
      
             SRTT <- (1 - RTO.Alpha) * SRTT + RTO.Alpha * R'
      
             Note: The value of SRTT used in the update to RTTVAR
             is its value before updating SRTT itself using the
             second assignment. After the computation, update
             RTO <- SRTT + 4 * RTTVAR.
      
        C4)  When data is in flight and when allowed by rule C5
             below, a new RTT measurement MUST be made each round
             trip. Furthermore, new RTT measurements SHOULD be
             made no more than once per round trip for a given
             destination transport address. There are two reasons
             for this recommendation: First, it appears that
             measuring more frequently often does not in practice
             yield any significant benefit [ALLMAN99]; second,
             if measurements are made more often, then the values
             of RTO.Alpha and RTO.Beta in rule C3 above should be
             adjusted so that SRTT and RTTVAR still adjust to
             changes at roughly the same rate (in terms of how many
             round trips it takes them to reflect new values) as
             they would if making only one measurement per
             round-trip and using RTO.Alpha and RTO.Beta as given
             in rule C3. However, the exact nature of these
             adjustments remains a research issue.
        [...]
      
      While it is discouraged to adjust rto_alpha and rto_beta
      and not further specified how to adjust them, the RFC also
      doesn't explicitly forbid it, but rather gives a RECOMMENDED
      default value (rto_alpha=3, rto_beta=2). We have a couple
      of users relying on the old permissions before they got
      changed. That said, if someone really has the urge to adjust
      them, we could allow it with a warning in the log.
      
      Fixes: 3fd091e7 ("[SCTP]: Remove multiple levels of msecs to jiffies conversions.")
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Cc: Vlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b58537a1
    • David S. Miller's avatar
      Merge branch 'csum_fixes' · e4f7ae93
      David S. Miller authored
      Tom Herbert says:
      
      ====================
      Fixes related to some recent checksum modifications.
      
      - Fix GSO constants to match NETIF flags
      - Fix logic in saving checksum complete in __skb_checksum_complete
      - Call __skb_checksum_complete from UDP if we are checksumming over
        whole packet in order to save checksum.
      - Fixes to VXLAN to work correctly with checksum complete
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4f7ae93