1. 13 May, 2022 36 commits
    • Luiz Augusto von Dentz's avatar
      Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan · 3b420553
      Luiz Augusto von Dentz authored
      When suspending the passive scanning _must_ have its filter_policy set
      to 0x01 to use the accept list otherwise _any_ advertise report would
      end up waking up the system.
      
      In order to fix the filter_policy the code now checks for
      hdev->suspended && HCI_CONN_FLAG_REMOTE_WAKEUP
      first, since the MGMT_OP_SET_DEVICE_FLAGS will reject any attempt to
      set HCI_CONN_FLAG_REMOTE_WAKEUP when it cannot be programmed in the
      acceptlist, so it can return success causing the proper filter_policy
      to be used.
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      3b420553
    • Luiz Augusto von Dentz's avatar
      Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP · a9a34765
      Luiz Augusto von Dentz authored
      HCI_CONN_FLAG_REMOTE_WAKEUP can only be set if device can be programmed
      in the allowlist which in case of device using RPA requires LL Privacy
      support to be enabled.
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      a9a34765
    • Sean Wang's avatar
      Bluetooth: btmtksdio: fix the reset takes too long · baabb7f5
      Sean Wang authored
      Sending WMT command during the reset in progress is invalid and would get
      no response from firmware until the reset is complete, so we ignore the WMT
      command here to resolve the issue which causes the whole reset process
      taking too long.
      
      Fixes: 8fafe702 ("Bluetooth: mt7921s: support bluetooth reset mechanism")
      Co-developed-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarSean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      baabb7f5
    • Sean Wang's avatar
      Bluetooth: btmtksdio: fix possible FW initialization failure · 74697205
      Sean Wang authored
      According to FW advised sequence, mt7921s need to re-acquire privilege
      immediately after the firmware download is complete before normal running.
      Otherwise, it is still possible the bus may be stuck in an abnormal status
      that causes FW initialization failure in the current driver.
      
      Fixes: 752aea58 ("Bluetooth: mt7921s: fix bus hang with wrong privilege")
      Co-developed-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarSean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      74697205
    • Sean Wang's avatar
      Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event · 0fab6361
      Sean Wang authored
      We should not access skb buffer data anymore after hci_recv_frame was
      called.
      
      [   39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0
      [   39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker
      [   39.634962] Call trace:
      [   39.634974]  dump_backtrace+0x0/0x3b8
      [   39.634999]  show_stack+0x20/0x2c
      [   39.635016]  dump_stack_lvl+0x60/0x78
      [   39.635040]  print_address_description+0x70/0x2f0
      [   39.635062]  kasan_report+0x154/0x194
      [   39.635079]  __asan_report_load1_noabort+0x44/0x50
      [   39.635099]  btmtksdio_recv_event+0x1b0/0x1c4
      [   39.635129]  btmtksdio_txrx_work+0x6cc/0xac4
      [   39.635157]  process_one_work+0x560/0xc5c
      [   39.635177]  worker_thread+0x7ec/0xcc0
      [   39.635195]  kthread+0x2d0/0x3d0
      [   39.635215]  ret_from_fork+0x10/0x20
      [   39.635247] Allocated by task 0:
      [   39.635260] (stack is not available)
      [   39.635281] Freed by task 2392:
      [   39.635295]  kasan_save_stack+0x38/0x68
      [   39.635319]  kasan_set_track+0x28/0x3c
      [   39.635338]  kasan_set_free_info+0x28/0x4c
      [   39.635357]  ____kasan_slab_free+0x104/0x150
      [   39.635374]  __kasan_slab_free+0x18/0x28
      [   39.635391]  slab_free_freelist_hook+0x114/0x248
      [   39.635410]  kfree+0xf8/0x2b4
      [   39.635427]  skb_free_head+0x58/0x98
      [   39.635447]  skb_release_data+0x2f4/0x410
      [   39.635464]  skb_release_all+0x50/0x60
      [   39.635481]  kfree_skb+0xc8/0x25c
      [   39.635498]  hci_event_packet+0x894/0xca4 [bluetooth]
      [   39.635721]  hci_rx_work+0x1c8/0x68c [bluetooth]
      [   39.635925]  process_one_work+0x560/0xc5c
      [   39.635951]  worker_thread+0x7ec/0xcc0
      [   39.635970]  kthread+0x2d0/0x3d0
      [   39.635990]  ret_from_fork+0x10/0x20
      [   39.636021] The buggy address belongs to the object at ffffff80cf28a600
                      which belongs to the cache kmalloc-512 of size 512
      [   39.636039] The buggy address is located 13 bytes inside of
                      512-byte region [ffffff80cf28a600, ffffff80cf28a800)
      
      Fixes: 9aebfd4a ("Bluetooth: mediatek: add support for MediaTek MT7663S and MT7668S SDIO devices")
      Co-developed-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarSean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      0fab6361
    • Tim Harvey's avatar
      Bluetooth: btbcm: Add entry for BCM4373A0 UART Bluetooth · 0d37ddfc
      Tim Harvey authored
      This patch adds the device ID for the BCM4373A0 module, found e.g. in
      the Infineon (Cypress) CYW4373E chip. The required firmware file is
      named 'BCM4373A0.hcd'.
      Signed-off-by: default avatarTim Harvey <tharvey@gateworks.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      0d37ddfc
    • Sean Wang's avatar
      Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 · 23fcb27b
      Sean Wang authored
      Add VID 0489 & PID e0c8 for MediaTek MT7921 USB Bluetooth chip.
      
      The information in /sys/kernel/debug/usb/devices about the Bluetooth
      device is listed as the below.
      
      T:  Bus=01 Lev=01 Prnt=01 Port=13 Cnt=03 Dev#=  4 Spd=480  MxCh= 0
      D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0489 ProdID=e0c8 Rev= 1.00
      S:  Manufacturer=MediaTek Inc.
      S:  Product=Wireless_Device
      S:  SerialNumber=000000000
      C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=100mA
      A:  FirstIf#= 0 IfCount= 3 Cls=e0(wlcon) Sub=01 Prot=01
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=125us
      E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      I:* If#= 2 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
      E:  Ad=8a(I) Atr=03(Int.) MxPS=  64 Ivl=125us
      E:  Ad=0a(O) Atr=03(Int.) MxPS=  64 Ivl=125us
      I:  If#= 2 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
      E:  Ad=8a(I) Atr=03(Int.) MxPS= 512 Ivl=125us
      E:  Ad=0a(O) Atr=03(Int.) MxPS= 512 Ivl=125us
      Signed-off-by: default avatarSean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      23fcb27b
    • Ismael Luceno's avatar
      Bluetooth: btusb: Add 0x0bda:0x8771 Realtek 8761BUV devices · c77a592b
      Ismael Luceno authored
      Identifies as just "Realtek Semiconductor Corp. Bluetooth Radio"; it's
      used in many adapters, e.g.:
      
      - UGREEN CM390
      - C-TECH BTD-01
      - Orico BTA-508
      - KS-is KS-457
      
      Device description at /sys/kernel/debug/usb/devices:
      
      T:  Bus=03 Lev=01 Prnt=01 Port=05 Cnt=02 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0bda ProdID=8771 Rev= 2.00
      S:  Manufacturer=Realtek
      S:  Product=Bluetooth Radio
      S:  SerialNumber=00E04C239987
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarIsmael Luceno <ismael@iodev.co.uk>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c77a592b
    • Zijun Hu's avatar
      Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA · 247f226a
      Zijun Hu authored
      Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA controllers since
      they answer HCI_OP_READ_DEF_ERR_DATA_REPORTING with error code
      "UNKNOWN HCI COMMAND" as shown below:
      
      [  580.517552] Bluetooth: hci0: unexpected cc 0x0c5a length: 1 < 2
      [  580.517660] Bluetooth: hci0: Opcode 0x c5a failed: -38
      
      hcitool -i hci0 cmd 0x03 0x5a
      < HCI Command: ogf 0x03, ocf 0x005a, plen 0
      > HCI Event: 0x0e plen 4
        01 5A 0C 01
      
      btmon log:
      < HCI Command: Read Default Erroneous Data Reporting (0x03|0x005a) plen 0
      > HCI Event: Command Complete (0x0e) plen 4
            Read Default Erroneous Data Reporting (0x03|0x005a) ncmd 1
              Status: Unknown HCI Command (0x01)
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      247f226a
    • Vasyl Vavrychuk's avatar
      Bluetooth: core: Fix missing power_on work cancel on HCI close · ff7f2926
      Vasyl Vavrychuk authored
      Move power_on work cancel to hci_dev_close_sync to ensure that power_on
      work is canceled after HCI interface down, power off, rfkill, etc.
      
      For example, if
      
          hciconfig hci0 down
      
      is done early enough during boot, it may run before power_on work.
      Then, power_on work will actually bring up interface despite above
      hciconfig command.
      Signed-off-by: default avatarVasyl Vavrychuk <vasyl.vavrychuk@opensynergy.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      ff7f2926
    • Zijun Hu's avatar
      Bluetooth: btusb: add support for Qualcomm WCN785x · 46225947
      Zijun Hu authored
      Qualcomm WCN785x has PID/VID 0cf3/e700 as shown by
      /sys/kernel/debug/usb/devices:
      
      T:  Bus=02 Lev=02 Prnt=02 Port=01 Cnt=02 Dev#=  8 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=e700 Rev= 0.01
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      I:  If#= 1 Alt= 7 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  65 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  65 Ivl=1ms
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      46225947
    • Niels Dossche's avatar
      Bluetooth: protect le accept and resolv lists with hdev->lock · 5e2b6064
      Niels Dossche authored
      Concurrent operations from events on le_{accept,resolv}_list are
      currently unprotected by hdev->lock.
      Most existing code do already protect the lists with that lock.
      This can be observed in hci_debugfs and hci_sync.
      Add the protection for these events too.
      
      Fixes: b950aa88 ("Bluetooth: Add definitions and track LE resolve list modification")
      Fixes: 0f36b589 ("Bluetooth: Track LE white list modification via HCI commands")
      Signed-off-by: default avatarNiels Dossche <dossche.niels@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      5e2b6064
    • Niels Dossche's avatar
      Bluetooth: use hdev lock for accept_list and reject_list in conn req · fb048cae
      Niels Dossche authored
      All accesses (both reads and modifications) to
      hdev->{accept,reject}_list are protected by hdev lock,
      except the ones in hci_conn_request_evt. This can cause a race
      condition in the form of a list corruption.
      The solution is to protect these lists in hci_conn_request_evt as well.
      
      I was unable to find the exact commit that introduced the issue for the
      reject list, I was only able to find it for the accept list.
      
      Fixes: a55bd29d ("Bluetooth: Add white list lookup for incoming connection requests")
      Signed-off-by: default avatarNiels Dossche <dossche.niels@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      fb048cae
    • Niels Dossche's avatar
      Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring · 50a3633a
      Niels Dossche authored
      hci_is_adv_monitoring's function documentation states that it must be
      called under the hdev lock. Paths that leads to an unlocked call are:
      discov_update => start_discovery => interleaved_discov => active_scan
      and: discov_update => start_discovery => active_scan
      
      The solution is to take the lock in active_scan during the duration of
      the call to hci_is_adv_monitoring.
      
      Fixes: c32d6246 ("Bluetooth: disable filter dup when scan for adv monitor")
      Signed-off-by: default avatarNiels Dossche <dossche.niels@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      50a3633a
    • Max Chou's avatar
      Bluetooth: btrtl: Add support for RTL8852C · 8b1d66b5
      Max Chou authored
      Add the support for RTL8852C BT controller on USB interface.
      The necessary firmware file will be submitted to linux-firmware.
      Signed-off-by: default avatarMax Chou <max.chou@realtek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      8b1d66b5
    • Luiz Augusto von Dentz's avatar
      Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN for QCA · d44e1dbd
      Luiz Augusto von Dentz authored
      This sets HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN for QCA controllers
      since SCO appear to not work when using HCI_OP_ENHANCED_SETUP_SYNC_CONN.
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=215576Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      d44e1dbd
    • Luiz Augusto von Dentz's avatar
      Bluetooth: Print broken quirks · 6b5c1cda
      Luiz Augusto von Dentz authored
      This prints warnings for controllers setting broken quirks to increase
      their visibility and warn about broken controllers firmware that
      probably needs updates to behave properly.
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      6b5c1cda
    • Luiz Augusto von Dentz's avatar
      Bluetooth: HCI: Add HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN quirk · 05abad85
      Luiz Augusto von Dentz authored
      This adds HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN quirk which can be
      used to mark HCI_Enhanced_Setup_Synchronous_Connection as broken even
      if its support command bit are set since some controller report it as
      supported but the command don't work properly with some configurations
      (e.g. BT_VOICE_TRANSPARENT/mSBC).
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      05abad85
    • Steven Rostedt's avatar
      Bluetooth: hci_qca: Use del_timer_sync() before freeing · 72ef9844
      Steven Rostedt authored
      While looking at a crash report on a timer list being corrupted, which
      usually happens when a timer is freed while still active. This is
      commonly triggered by code calling del_timer() instead of
      del_timer_sync() just before freeing.
      
      One possible culprit is the hci_qca driver, which does exactly that.
      
      Eric mentioned that wake_retrans_timer could be rearmed via the work
      queue, so also move the destruction of the work queue before
      del_timer_sync().
      
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: stable@vger.kernel.org
      Fixes: 0ff252c1 ("Bluetooth: hciuart: Add support QCA chipset for UART")
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      72ef9844
    • Rikard Falkeborn's avatar
      Bluetooth: btintel: Constify static struct regmap_bus · bf7380e2
      Rikard Falkeborn authored
      The only usage of regmap_ibt is to (after the regmap_init() macro is
      expanded), pass its address to __regmap_init(), which takes a pointer to
      const struct regmap_bus as input. Make it const to allow the compiler to
      put it in read-only memory.
      Signed-off-by: default avatarRikard Falkeborn <rikard.falkeborn@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      bf7380e2
    • Brian Gix's avatar
      Bluetooth: Keep MGMT pending queue ordered FIFO · 31396dd5
      Brian Gix authored
      Small change to add new commands to tail of the list, and find/remove them
      from the head of the list.
      Signed-off-by: default avatarBrian Gix <brian.gix@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      31396dd5
    • Ying Hsu's avatar
      Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout · 7aa1e7d1
      Ying Hsu authored
      Connecting the same socket twice consecutively in sco_sock_connect()
      could lead to a race condition where two sco_conn objects are created
      but only one is associated with the socket. If the socket is closed
      before the SCO connection is established, the timer associated with the
      dangling sco_conn object won't be canceled. As the sock object is being
      freed, the use-after-free problem happens when the timer callback
      function sco_sock_timeout() accesses the socket. Here's the call trace:
      
      dump_stack+0x107/0x163
      ? refcount_inc+0x1c/
      print_address_description.constprop.0+0x1c/0x47e
      ? refcount_inc+0x1c/0x7b
      kasan_report+0x13a/0x173
      ? refcount_inc+0x1c/0x7b
      check_memory_region+0x132/0x139
      refcount_inc+0x1c/0x7b
      sco_sock_timeout+0xb2/0x1ba
      process_one_work+0x739/0xbd1
      ? cancel_delayed_work+0x13f/0x13f
      ? __raw_spin_lock_init+0xf0/0xf0
      ? to_kthread+0x59/0x85
      worker_thread+0x593/0x70e
      kthread+0x346/0x35a
      ? drain_workqueue+0x31a/0x31a
      ? kthread_bind+0x4b/0x4b
      ret_from_fork+0x1f/0x30
      
      Link: https://syzkaller.appspot.com/bug?extid=2bef95d3ab4daa10155b
      Reported-by: syzbot+2bef95d3ab4daa10155b@syzkaller.appspotmail.com
      Fixes: e1dee2c1 ("Bluetooth: fix repeated calls to sco_sock_kill")
      Signed-off-by: default avatarYing Hsu <yinghsu@chromium.org>
      Reviewed-by: default avatarJoseph Hwang <josephsih@chromium.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      7aa1e7d1
    • Sean Wang's avatar
      Bluetooth: mt7921s: Fix the incorrect pointer check · 789f6b8a
      Sean Wang authored
      Fix the incorrect pointer check on ven_data.
      
      Fixes: f41b91fa ("Bluetooth: mt7921s: Add .btmtk_get_codec_config_data")
      Co-developed-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarYake Yang <yake.yang@mediatek.com>
      Signed-off-by: default avatarSean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      789f6b8a
    • Linus Walleij's avatar
      Bluetooth: btbcm: Support per-board firmware variants · 63fac334
      Linus Walleij authored
      There are provedly different firmware variants for the different
      phones using some of these chips. These were extracted from a few
      Samsung phones:
      
      37446 BCM4334B0.samsung,codina-tmo.hcd
      37366 BCM4334B0.samsung,golden.hcd
      37403 BCM4334B0.samsung,kyle.hcd
      37366 BCM4334B0.samsung,skomer.hcd
      
      This patch supports the above naming schedule with inserting
      [.board_name] between the firmware name and ".hcd". This scheme
      is the same as used by the companion BRCM wireless chips
      as can be seen in
      drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
      or just by looking at the firmwares in linux-firmware/brcm.
      
      Currently we only support board variants using the device
      tree compatible string as board type, but other schemes are
      possible.
      
      This makes it possible to successfully load a few unique
      firmware variants for some Samsung phones.
      
      Cc: phone-devel@vger.kernel.org
      Cc: Markuss Broks <markuss.broks@gmail.com>
      Cc: Stephan Gerhold <stephan@gerhold.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      63fac334
    • Amit Cohen's avatar
      selftests: fib_nexthops: Make the test more robust · 49bb39bd
      Amit Cohen authored
      Rarely some of the test cases fail. Make the test more robust by increasing
      the timeout of ping commands to 5 seconds.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      49bb39bd
    • David S. Miller's avatar
      Merge branch 'lan95xx-no-polling' · b7da9c6b
      David S. Miller authored
      Lukas Wunner says:
      
      ====================
      Polling be gone on LAN95xx
      
      Do away with link status polling on LAN95xx USB Ethernet
      and rely on interrupts instead, thereby reducing bus traffic,
      CPU overhead and improving interface bringup latency.
      
      Link to v2:
      https://lore.kernel.org/netdev/cover.1651574194.git.lukas@wunner.de/
      
      Only change since v2:
      
      * Patch [5/7]:
        * Drop call to __irq_enter_raw() which worked around a warning in
          generic_handle_domain_irq().  That warning is gone since
          792ea6a0 (queued on tip.git/irq/urgent).
          (Marc Zyngier, Thomas Gleixner)
      ====================
      b7da9c6b
    • Lukas Wunner's avatar
      net: phy: smsc: Cope with hot-removal in interrupt handler · 1e7b81ed
      Lukas Wunner authored
      If reading the Interrupt Source Flag register fails with -ENODEV, then
      the PHY has been hot-removed and the correct response is to bail out
      instead of throwing a WARN splat and attempting to suspend the PHY.
      The PHY should be stopped in due course anyway as the kernel
      asynchronously tears down the device.
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1e7b81ed
    • Lukas Wunner's avatar
      net: phy: smsc: Cache interrupt mask · 7e8b617e
      Lukas Wunner authored
      Cache the interrupt mask to avoid re-reading it from the PHY upon every
      interrupt.
      
      This will simplify a subsequent commit which detects hot-removal in the
      interrupt handler and bails out.
      
      Analyzing and debugging PHY transactions also becomes simpler if such
      redundant reads are avoided.
      
      Last not least, interrupt overhead and latency is slightly improved.
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e8b617e
    • Lukas Wunner's avatar
      usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling · 1ce8b372
      Lukas Wunner authored
      Link status of SMSC LAN95xx chips is polled once per second, even though
      they're capable of signaling PHY interrupts through the MAC layer.
      
      Forward those interrupts to the PHY driver to avoid polling.  Benefits
      are reduced bus traffic, reduced CPU overhead and quicker interface
      bringup.
      
      Polling was introduced in 2016 by commit d69d1694 ("usbnet:
      smsc95xx: fix link detection for disabled autonegotiation").
      Back then, the LAN95xx driver neglected to enable the ENERGYON interrupt,
      hence couldn't detect link-up events when auto-negotiation was disabled.
      The proper solution would have been to enable the ENERGYON interrupt
      instead of polling.
      
      Since then, PHY handling was moved from the LAN95xx driver to the SMSC
      PHY driver with commit 05b35e7e ("smsc95xx: add phylib support").
      That PHY driver is capable of link detection with auto-negotiation
      disabled because it enables the ENERGYON interrupt.
      
      Note that signaling interrupts through the MAC layer not only works with
      the integrated PHY, but also with an external PHY, provided its
      interrupt pin is attached to LAN95xx's nPHY_INT pin.
      
      In the unlikely event that the interrupt pin of an external PHY is
      attached to a GPIO of the SoC (or not connected at all), the driver can
      be amended to retrieve the irq from the PHY's of_node.
      
      To forward PHY interrupts to phylib, it is not sufficient to call
      phy_mac_interrupt().  Instead, the PHY's interrupt handler needs to run
      so that PHY interrupts are cleared.  That's because according to page
      119 of the LAN950x datasheet, "The source of this interrupt is a level.
      The interrupt persists until it is cleared in the PHY."
      
      https://www.microchip.com/content/dam/mchp/documents/UNG/ProductDocuments/DataSheets/LAN950x-Data-Sheet-DS00001875D.pdf
      
      Therefore, create an IRQ domain with a single IRQ for the PHY.  In the
      future, the IRQ domain may be extended to support the 11 GPIOs on the
      LAN95xx.
      
      Normally the PHY interrupt should be masked until the PHY driver has
      cleared it.  However masking requires a (sleeping) USB transaction and
      interrupts are received in (non-sleepable) softirq context.  I decided
      not to mask the interrupt at all (by using the dummy_irq_chip's noop
      ->irq_mask() callback):  The USB interrupt endpoint is polled in 1 msec
      intervals and normally that's sufficient to wake the PHY driver's IRQ
      thread and have it clear the interrupt.  If it does take longer, worst
      thing that can happen is the IRQ thread is woken again.  No big deal.
      
      Because PHY interrupts are now perpetually enabled, there's no need to
      selectively enable them on suspend.  So remove all invocations of
      smsc95xx_enable_phy_wakeup_interrupts().
      
      In smsc95xx_resume(), move the call of phy_init_hw() before
      usbnet_resume() (which restarts the status URB) to ensure that the PHY
      is fully initialized when an interrupt is handled.
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Reviewed-by: Andrew Lunn <andrew@lunn.ch> # from a PHY perspective
      Cc: Andre Edich <andre.edich@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ce8b372
    • Lukas Wunner's avatar
      usbnet: smsc95xx: Avoid link settings race on interrupt reception · 8960f878
      Lukas Wunner authored
      When a PHY interrupt is signaled, the SMSC LAN95xx driver updates the
      MAC full duplex mode and PHY flow control registers based on cached data
      in struct phy_device:
      
        smsc95xx_status()                 # raises EVENT_LINK_RESET
          usbnet_deferred_kevent()
            smsc95xx_link_reset()         # uses cached data in phydev
      
      Simultaneously, phylib polls link status once per second and updates
      that cached data:
      
        phy_state_machine()
          phy_check_link_status()
            phy_read_status()
              lan87xx_read_status()
                genphy_read_status()      # updates cached data in phydev
      
      If smsc95xx_link_reset() wins the race against genphy_read_status(),
      the registers may be updated based on stale data.
      
      E.g. if the link was previously down, phydev->duplex is set to
      DUPLEX_UNKNOWN and that's what smsc95xx_link_reset() will use, even
      though genphy_read_status() may update it to DUPLEX_FULL afterwards.
      
      PHY interrupts are currently only enabled on suspend to trigger wakeup,
      so the impact of the race is limited, but we're about to enable them
      perpetually.
      
      Avoid the race by delaying execution of smsc95xx_link_reset() until
      phy_state_machine() has done its job and calls back via
      smsc95xx_handle_link_change().
      
      Signaling EVENT_LINK_RESET on wakeup is not necessary because phylib
      picks up link status changes through polling.  So drop the declaration
      of a ->link_reset() callback.
      
      Note that the semicolon on a line by itself added in smsc95xx_status()
      is a placeholder for a function call which will be added in a subsequent
      commit.  That function call will actually handle the INT_ENP_PHY_INT_
      interrupt.
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8960f878
    • Lukas Wunner's avatar
      usbnet: smsc95xx: Don't reset PHY behind PHY driver's back · 14021da6
      Lukas Wunner authored
      smsc95xx_reset() resets the PHY behind the PHY driver's back, which
      seems like a bad idea generally.  Remove that portion of the function.
      
      We're about to use PHY interrupts instead of polling to detect link
      changes on SMSC LAN95xx chips.  Because smsc95xx_reset() is called from
      usbnet_open(), PHY interrupt settings are lost whenever the net_device
      is brought up.
      
      There are two other callers of smsc95xx_reset(), namely smsc95xx_bind()
      and smsc95xx_reset_resume(), and both may indeed benefit from a PHY
      reset.  However they already perform one through their calls to
      phy_connect_direct() and phy_init_hw().
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Cc: Martyn Welch <martyn.welch@collabora.com>
      Cc: Gabriel Hojda <ghojda@yo2urs.ro>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      14021da6
    • Lukas Wunner's avatar
      usbnet: smsc95xx: Don't clear read-only PHY interrupt · 3108871f
      Lukas Wunner authored
      Upon receiving data from the Interrupt Endpoint, the SMSC LAN95xx driver
      attempts to clear the signaled interrupts by writing "all ones" to the
      Interrupt Status Register.
      
      However the driver only ever enables a single type of interrupt, namely
      the PHY Interrupt.  And according to page 119 of the LAN950x datasheet,
      its bit in the Interrupt Status Register is read-only.  There's no other
      way to clear it than in a separate PHY register:
      
      https://www.microchip.com/content/dam/mchp/documents/UNG/ProductDocuments/DataSheets/LAN950x-Data-Sheet-DS00001875D.pdf
      
      Consequently, writing "all ones" to the Interrupt Status Register is
      pointless and can be dropped.
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3108871f
    • Lukas Wunner's avatar
      usbnet: Run unregister_netdev() before unbind() again · d1408f6b
      Lukas Wunner authored
      Commit 2c9d6c2b ("usbnet: run unbind() before unregister_netdev()")
      sought to fix a use-after-free on disconnect of USB Ethernet adapters.
      
      It turns out that a different fix is necessary to address the issue:
      https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/
      
      So the commit was not necessary.
      
      The commit made binding and unbinding of USB Ethernet asymmetrical:
      Before, usbnet_probe() first invoked the ->bind() callback and then
      register_netdev().  usbnet_disconnect() mirrored that by first invoking
      unregister_netdev() and then ->unbind().
      
      Since the commit, the order in usbnet_disconnect() is reversed and no
      longer mirrors usbnet_probe().
      
      One consequence is that a PHY disconnected (and stopped) in ->unbind()
      is afterwards stopped once more by unregister_netdev() as it closes the
      netdev before unregistering.  That necessitates a contortion in ->stop()
      because the PHY may only be stopped if it hasn't already been
      disconnected.
      
      Reverting the commit allows making the call to phy_stop() unconditional
      in ->stop().
      
      Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> # LAN9514/9512/9500
      Tested-by: Ferry Toth <fntoth@gmail.com> # LAN9514
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Acked-by: default avatarOliver Neukum <oneukum@suse.com>
      Cc: Martyn Welch <martyn.welch@collabora.com>
      Cc: Andrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1408f6b
    • Yang Li's avatar
      net: ethernet: fix platform_no_drv_owner.cocci warning · 7b8b8222
      Yang Li authored
      Remove .owner field if calls are used which set it automatically.
      ./drivers/net/ethernet/sunplus/spl2sw_driver.c:569:3-8: No need to set
      .owner here. The core will do it.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Signed-off-by: default avatarYang Li <yang.lee@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7b8b8222
    • Jie Wang's avatar
      net: page_pool: add page allocation stats for two fast page allocate path · 0f6deac3
      Jie Wang authored
      Currently If use page pool allocation stats to analysis a RX performance
      degradation problem. These stats only count for pages allocate from
      page_pool_alloc_pages. But nic drivers such as hns3 use
      page_pool_dev_alloc_frag to allocate pages, so page stats in this API
      should also be counted.
      Signed-off-by: default avatarJie Wang <wangjie125@huawei.com>
      Signed-off-by: default avatarGuangbin Huang <huangguangbin2@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0f6deac3
    • Jiapeng Chong's avatar
      net: ethernet: Use swap() instead of open coding it · a19cef45
      Jiapeng Chong authored
      Clean the following coccicheck warning:
      
      ./drivers/net/ethernet/sunplus/spl2sw_driver.c:217:27-28: WARNING
      opportunity for swap().
      
      ./drivers/net/ethernet/sunplus/spl2sw_driver.c:222:27-28: WARNING
      opportunity for swap().
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Signed-off-by: default avatarJiapeng Chong <jiapeng.chong@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a19cef45
  2. 12 May, 2022 4 commits
    • Jakub Kicinski's avatar
      Merge branch 'net-inet-retire-port-only-listening_hash' · b67fd3d9
      Jakub Kicinski authored
      Martin KaFai Lau says:
      
      ====================
      net: inet: Retire port only listening_hash
      
      This series is to retire the port only listening_hash.
      
      The listen sk is currently stored in two hash tables,
      listening_hash (hashed by port) and lhash2 (hashed by port and address).
      
      After commit 0ee58dad ("net: tcp6: prefer listeners bound to an address")
      and commit d9fbc7f6 ("net: tcp: prefer listeners bound to an address"),
      the TCP-SYN lookup fast path does not use listening_hash.
      
      The commit 05c0b357 ("tcp: seq_file: Replace listening_hash with lhash2")
      also moved the seq_file (/proc/net/tcp) iteration usage from
      listening_hash to lhash2.
      
      There are still a few listening_hash usages left.
      One of them is inet_reuseport_add_sock() which uses the listening_hash
      to search a listen sk during the listen() system call.  This turns
      out to be very slow on use cases that listen on many different
      VIPs at a popular port (e.g. 443).  [ On top of the slowness in
      adding to the tail in the IPv6 case ]. A latter patch has a
      selftest to demonstrate this case.
      
      This series takes this chance to move all remaining listening_hash
      usages to lhash2 and then retire listening_hash.
      ====================
      
      Link: https://lore.kernel.org/r/20220512000546.188616-1-kafai@fb.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b67fd3d9
    • Martin KaFai Lau's avatar
      net: selftests: Stress reuseport listen · ec8cb4f6
      Martin KaFai Lau authored
      This patch adds a test that has 300 VIPs listening on port 443.
      Each VIP:443 will have 80 listening socks by using SO_REUSEPORT.
      Thus, it will have 24000 listening socks.
      
      Before removing the port only listening_hash, all socks will be in the
      same port 443 bucket and inet_reuseport_add_sock() spends much time to
      walk through the bucket.  After removing the port only listening_hash
      and move all usage to the port+addr lhash2, each bucket in the
      ideal case has 80 sk which is much smaller than before.
      
      Here is the test result from a qemu:
      Before: listen 24000 socks took 210.210485362 (~210s)
       After: listen 24000 socks took 0.207173      (~210ms)
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ec8cb4f6
    • Martin KaFai Lau's avatar
      net: inet: Retire port only listening_hash · cae3873c
      Martin KaFai Lau authored
      The listen sk is currently stored in two hash tables,
      listening_hash (hashed by port) and lhash2 (hashed by port and address).
      
      After commit 0ee58dad ("net: tcp6: prefer listeners bound to an address")
      and commit d9fbc7f6 ("net: tcp: prefer listeners bound to an address"),
      the TCP-SYN lookup fast path does not use listening_hash.
      
      The commit 05c0b357 ("tcp: seq_file: Replace listening_hash with lhash2")
      also moved the seq_file (/proc/net/tcp) iteration usage from
      listening_hash to lhash2.
      
      There are still a few listening_hash usages left.
      One of them is inet_reuseport_add_sock() which uses the listening_hash
      to search a listen sk during the listen() system call.  This turns
      out to be very slow on use cases that listen on many different
      VIPs at a popular port (e.g. 443).  [ On top of the slowness in
      adding to the tail in the IPv6 case ].  The latter patch has a
      selftest to demonstrate this case.
      
      This patch takes this chance to move all remaining listening_hash
      usages to lhash2 and then retire listening_hash.
      
      Since most changes need to be done together, it is hard to cut
      the listening_hash to lhash2 switch into small patches.  The
      changes in this patch is highlighted here for the review
      purpose.
      
      1. Because of the listening_hash removal, lhash2 can use the
         sk->sk_nulls_node instead of the icsk->icsk_listen_portaddr_node.
         This will also keep the sk_unhashed() check to work as is
         after stop adding sk to listening_hash.
      
         The union is removed from inet_listen_hashbucket because
         only nulls_head is needed.
      
      2. icsk->icsk_listen_portaddr_node and its helpers are removed.
      
      3. The current lhash2 users needs to iterate with sk_nulls_node
         instead of icsk_listen_portaddr_node.
      
         One case is in the inet[6]_lhash2_lookup().
      
         Another case is the seq_file iterator in tcp_ipv4.c.
         One thing to note is sk_nulls_next() is needed
         because the old inet_lhash2_for_each_icsk_continue()
         does a "next" first before iterating.
      
      4. Move the remaining listening_hash usage to lhash2
      
         inet_reuseport_add_sock() which this series is
         trying to improve.
      
         inet_diag.c and mptcp_diag.c are the final two
         remaining use cases and is moved to lhash2 now also.
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      cae3873c
    • Martin KaFai Lau's avatar
      net: inet: Open code inet_hash2 and inet_unhash2 · e8d00590
      Martin KaFai Lau authored
      This patch folds lhash2 related functions into __inet_hash and
      inet_unhash.  This will make the removal of the listening_hash
      in a latter patch easier to review.
      
      First, this patch folds inet_hash2 into __inet_hash.
      
      For unhash, the current call sequence is like
      inet_unhash() => __inet_unhash() => inet_unhash2().
      The specific testing cases in __inet_unhash() are mostly related
      to TCP_LISTEN sk and its caller inet_unhash() already has
      the TCP_LISTEN test, so this patch folds both __inet_unhash() and
      inet_unhash2() into inet_unhash().
      
      Note that all listening_hash users also have lhash2 initialized,
      so the !h->lhash2 check is no longer needed.
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e8d00590