An error occurred fetching the project authors.
- 06 Oct, 2013 4 commits
-
-
Marcel Holtmann authored
The helper function mgmt_valid_hdev() is more obfuscating the code then it makes it easier to read. So intead of this helper, use the direct check for BR/EDR device type. Signed-off-by:
Marcel Holtmann <marcel@holtmann.org> Signed-off-by:
Johan Hedberg <johan.hedberg@intel.com>
-
Marcel Holtmann authored
The BR/EDR and LE setup procedures apply only to BR/EDR device types and so check for that explicitly. Checking that it is not an AMP controller is dangerous in case there will be ever a third device type. Signed-off-by:
-
Marcel Holtmann authored
In case of a single mode LE-only controller it is possible that no public address is used. These type of controllers require a random address to be configured. Without a configured static random address, such a controller is not functional. So reject powering on the controller in this case until it gets configured with a random address. The controller setup stage is still run since it is the only way to determinate if a public address is available or not. So it is similar on how RFKILL gets handled during initial setup of the controller. Signed-off-by:
-
Marcel Holtmann authored
The AMP controller status constants need to be actually used to avoid crypted hardcoded numbers. Signed-off-by:
-
- 05 Oct, 2013 1 commit
-
-
Johan Hedberg authored
This flag is used to indicate whether we want to have advertising enabled or not, so give it a more suitable name. Signed-off-by:
-
- 02 Oct, 2013 6 commits
-
-
Johan Hedberg authored
We shouldn't include the simultaneous LE & BR/EDR flags in the LE advertising data if BR/EDR is disabled on a dual-mode controller. This patch fixes this issue and ensures that the create_ad function generates the correct flags when BR/EDR is disabled. Signed-off-by:
-
Johan Hedberg authored
To allow treating dual-mode (BR/EDR/LE) controllers as single-mode ones (LE-only) we want to introduce a new HCI_BREDR_ENABLED flag to track whether BR/EDR is enabled or not (previously we simply looked at the feature bit with lmp_bredr_enabled). This patch add the new flag and updates the relevant places to test against it instead of using lmp_bredr_enabled. The flag is by default enabled when registering an adapter and only cleared if necessary once the local features have been read during the HCI init procedure. We cannot completely block BR/EDR usage in case user space uses raw HCI sockets but the patch tries to block this in places where possible, such as the various BR/EDR specific ioctls. Signed-off-by:
-
Johan Hedberg authored
When hci_sock.c calls hci_dev_open it needs to ensure that there isn't pending work in progress, such as that which is scheduled for the initial setup procedure or the one for automatically powering off after the setup procedure. This adds the necessary calls to ensure that any previously scheduled work is completed before attempting to call hci_dev_do_open. This patch fixes a race with old user space versions where we might receive a HCIDEVUP ioctl before the setup procedure has been completed. When that happens the setup procedures callback may fail early and leave the device in an inconsistent state, causing e.g. the setup callback to be (incorrectly) called more than once. Signed-off-by:
-
Johan Hedberg authored
The requirements of an external call to hci_dev_open from hci_sock.c are different to that from within hci_core.c. In the former case we want to flush any pending work in hdev->req_workqueue whereas in the latter we don't (since there we are already calling from within the workqueue itself). This patch does the necessary refactoring to a separate hci_dev_do_open function (analogous to hci_dev_do_close) but does not yet introduce the synchronizations relating to the workqueue usage. Signed-off-by:
-
Marcel Holtmann authored
Hiding the Bluetooth high speed support behind a module parameter is not really useful. This can be enabled and disabled at runtime via the management interface. This also has the advantage that this can now be changed per controller and not just global. This patch removes the module parameter and exposes the high speed setting of the management interface to all controllers. Signed-off-by:
-
Marcel Holtmann authored
The controller type is limited to BR/EDR/LE and AMP controllers. This can be easily encoded with just 2 bits and still leave enough room for future controller types. Signed-off-by:
-
- 19 Sep, 2013 2 commits
-
-
Johan Hedberg authored
For those controller that support the HCI_Set_Event_Mask_Page_2 command we should include it in the init sequence. This patch implements sending of the command and enables the events in it based on supported features (currently only CSB is checked). Signed-off-by:
Gustavo Padovan <gustavo.padovan@collabora.co.uk>
-
Johan Hedberg authored
This patch adds support for reading the synchronization train parameters for controllers that support the feature. Since the feature is detectable through the local features page 2, which is retreived only in stage 3 of the HCI init sequence, there is no other option than to add a fourth stage to the init sequence. For now the patch doesn't yet add storing of the parameters, but it is nevertheless convenient to have around to see what kind of parameters various controllers use by default (analyzable e.g. with the btmon user space tool). Signed-off-by:
-
- 18 Sep, 2013 2 commits
-
-
Johan Hedberg authored
We need to let the setup stage complete cleanly even when the HCI device is rfkilled. Otherwise the HCI device will stay in an undefined state and never get notified to user space through mgmt (even when it gets unblocked through rfkill). This patch makes sure that hci_dev_open() can be called in the HCI_SETUP stage, that blocking the device doesn't abort the setup stage, and that the device gets proper powered down as soon as the setup stage completes in case it was blocked meanwhile. The bug that this patch fixed can be very easily reproduced using e.g. the rfkill command line too. By running "rfkill block all" before inserting a Bluetooth dongle the resulting HCI device goes into a state where it is never announced over mgmt, not even when "rfkill unblock all" is run. Signed-off-by:
-
Johan Hedberg authored
This makes it more convenient to check for rfkill (no need to check for dev->rfkill before calling rfkill_blocked()) and also avoids potential races if the RFKILL state needs to be checked from within the rfkill callback. Signed-off-by:
-
- 16 Sep, 2013 4 commits
-
-
Marcel Holtmann authored
When the user channel is set and an user application has full control over the device, do not bother trying to schedule any queues except the raw queue. This is an optimization since with user channel, only the raw queue is in use. Signed-off-by:
-
Marcel Holtmann authored
There is no need to use GFP_ATOMIC with skb_clone() when the code is executed in a workqueue. Signed-off-by:
-
Marcel Holtmann authored
This patch introduces a new user channel flag that allows to give full control of a HCI device to a user application. The kernel will stay away from the device and does not allow any further modifications of the device states. The existing raw flag is not used since it has a bit of unclear meaning due to its legacy. Using a new flag makes the code clearer. A device with the user channel flag set can still be enumerate using the legacy API, but it does not longer enumerate using the new management interface used by BlueZ 5 and beyond. This is intentional to not confuse users of modern systems. Signed-off-by:
-
Marcel Holtmann authored
Even if this is legacy API, there is no reason to not report a proper error when trying to reset a HCI device that is down. Signed-off-by:
-
- 21 Aug, 2013 1 commit
-
-
Marcel Holtmann authored
In case of a Low Energy only controller it makes no sense to configure the full BR/EDR event mask. It will just enable events that can not be send anyway and there is no guarantee that such a controller will accept this value. Use event mask 0x90 0xe8 0x04 0x02 0x00 0x80 0x00 0x20 for LE-only controllers which enables the following events: Disconnection Complete Encryption Change Read Remote Version Information Complete Command Complete Command Status Hardware Error Number of Completed Packets Data Buffer Overflow Encryption Key Refresh Complete LE Meta This is according to Core Specification, Part E, Section 3. Signed-off-by:
-
- 29 Jul, 2013 2 commits
-
-
Johan Hedberg authored
In certain circumstances, such as an HCI driver using __hci_cmd_sync_ev with HCI_EV_CMD_COMPLETE as the expected completion event there is the chance that hci_event_packet will call hci_req_cmd_complete twice (once for the explicitly looked after event and another time in the actual handler of cmd_complete). In the case of __hci_cmd_sync_ev this introduces a race where the first call wakes up the blocking __hci_cmd_sync_ev and lets it complete. However, by the time that a second __hci_cmd_sync_ev call is already in progress the second hci_req_cmd_complete call (from the previous operation) will wake up the blocking function prematurely and cause it to fail, as witnessed by the following log: [ 639.232195] hci_rx_work: hci0 Event packet [ 639.232201] hci_req_cmd_complete: opcode 0xfc8e status 0x00 [ 639.232205] hci_sent_cmd_data: hci0 opcode 0xfc8e [ 639.232210] hci_req_sync_complete: hci0 result 0x00 [ 639.232220] hci_cmd_complete_evt: hci0 opcode 0xfc8e [ 639.232225] hci_req_cmd_complete: opcode 0xfc8e status 0x00 [ 639.232228] __hci_cmd_sync_ev: hci0 end: err 0 [ 639.232234] __hci_cmd_sync_ev: hci0 [ 639.232238] hci_req_add_ev: hci0 opcode 0xfc8e plen 250 [ 639.232242] hci_prepare_cmd: skb len 253 [ 639.232246] hci_req_run: length 1 [ 639.232250] hci_sent_cmd_data: hci0 opcode 0xfc8e [ 639.232255] hci_req_sync_complete: hci0 result 0x00 [ 639.232266] hci_cmd_work: hci0 cmd_cnt 1 cmd queued 1 [ 639.232271] __hci_cmd_sync_ev: hci0 end: err 0 [ 639.232276] Bluetooth: hci0 sending Intel patch command (0xfc8e) failed (-61) Signed-off-by:
-
Johan Hedberg authored
None of the BlueFRITZ! devices with manufacurer ID 31 (AVM Berlin) support HCI_Read_Local_Supported_Commands. It is safe to use the manufacturer ID (instead of e.g. a USB ID specific quirk) because the company never created any newer controllers. < HCI Command: Read Local Supported Comm.. (0x04|0x0002) plen 0 [hci0] 0.210014 > HCI Event: Command Status (0x0f) plen 4 [hci0] 0.217361 Read Local Supported Commands (0x04|0x0002) ncmd 1 Status: Unknown HCI Command (0x01) Reported-by:Jörg Esser <jackfritt@boh.de> Signed-off-by:
-
- 25 Jul, 2013 2 commits
-
-
Gustavo Padovan authored
If hci_dev_open() is called after hci_register_dev() added the device to the hci_dev_list but before the workqueue are created we could run into a NULL pointer dereference (see below). This bug is very unlikely to happen, systems using bluetoothd to manage their bluetooth devices will never see this happen. BUG: unable to handle kernel NULL pointer dereference 0100 IP: [<ffffffff81077502>] __queue_work+0x32/0x3d0 (...) Call Trace: [<ffffffff81077be5>] queue_work_on+0x45/0x50 [<ffffffffa016e8ff>] hci_req_run+0xbf/0xf0 [bluetooth] [<ffffffffa01709b0>] ? hci_init2_req+0x720/0x720 [bluetooth] [<ffffffffa016ea06>] __hci_req_sync+0xd6/0x1c0 [bluetooth] [<ffffffff8108ee10>] ? try_to_wake_up+0x2b0/0x2b0 [<ffffffff8150e3f0>] ? usb_autopm_put_interface+0x30/0x40 [<ffffffffa016fad5>] hci_dev_open+0x275/0x2e0 [bluetooth] [<ffffffffa0182752>] hci_sock_ioctl+0x1f2/0x3f0 [bluetooth] [<ffffffff815c6050>] sock_do_ioctl+0x30/0x70 [<ffffffff815c75f9>] sock_ioctl+0x79/0x2f0 [<ffffffff811a8046>] do_vfs_ioctl+0x96/0x560 [<ffffffff811a85a1>] SyS_ioctl+0x91/0xb0 [<ffffffff816d989d>] system_call_fastpath+0x1a/0x1f Reported-by:
Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by:
-
Marcel Holtmann authored
Signed-off-by:
-
- 03 Jul, 2013 1 commit
-
-
Kees Cook authored
For the workqueue creation interfaces that do not expect format strings, make sure they cannot accidently be parsed that way. Additionally, clean up calls made with a single parameter that would be handled as a format string. Many callers are passing potentially dynamic string content, so use "%s" in those cases to avoid any potential accidents. Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- 23 Jun, 2013 1 commit
-
-
Gustavo Padovan authored
Some Bluetooth controllers doesn't support this command so we first need to check for its support before sending it. This patch adds a lengthful commentary about this. Signed-off-by:
-
- 22 Jun, 2013 4 commits
-
-
Andre Guedes authored
This patch removes hci_do_inquiry and hci_cancel_inquiry helpers. We now use the HCI request framework in device discovery functionality and these helpers are no longer needed. Signed-off-by:
Andre Guedes <andre.guedes@openbossa.org> Acked-by:
-
Andre Guedes authored
This patch removes the LE scan helpers hci_le_scan and hci_cancel_ le_scan and all code related to it. We now use the HCI request framework in device discovery functionality and these helpers are no longer needed. Signed-off-by:
-
Andre Guedes authored
In order to have a better HCI error handling in interleaved discovery functionality, we should use the HCI request framework. This patch updates le_scan_disable_work function so it uses the HCI request framework instead of the hci_send_cmd helper. A complete callback is registered (le_scan_disable_work_complete function) so we are able to trigger the inquiry procedure (if we are running the interleaved discovery) or to stop the discovery procedure (if we are running LE-only discovery). This patch also removes the extra logic in hci_cc_le_set_scan_enable to trigger the inquiry procedure and the mgmt_interleaved_discovery function since they become useless. Signed-off-by:
-
Andre Guedes authored
In order to use HCI request framework in start_discovery, we'll need to call inquiry_cache_flush in mgmt.c. Therefore, this patch adds the hci_ prefix to inquiry_cache_flush and makes it non-static. Signed-off-by:
-
- 13 Jun, 2013 1 commit
-
-
Johan Hedberg authored
Even though the HCI_Delete_Stored_Link_Key command is mandatory for 1.1 and later controllers some controllers do not seem to support it properly as was witnessed by one Broadcom based controller: < HCI Command: Delete Stored Link Key (0x03|0x0012) plen 7 bdaddr 00:00:00:00:00:00 all 1 > HCI Event: Command Complete (0x0e) plen 4 Delete Stored Link Key (0x03|0x0012) ncmd 1 status 0x11 deleted 0 Error: Unsupported Feature or Parameter Value Luckily this same controller also doesn't list the command in its supported commands bit mask (counting from 0 bit 7 of octet 6): < HCI Command: Read Local Supported Commands (0x04|0x0002) plen 0 > HCI Event: Command Complete (0x0e) plen 68 Read Local Supported Commands (0x04|0x0002) ncmd 1 status 0x00 Commands: ffffffffffff1ffffffffffff30fffff3f Therefore, it makes sense to move sending of HCI_Delete_Stored_Link_Key to after receiving the supported commands response and to only send it if its respective bit in the mask is set. The downside of this is that we no longer send the HCI_Delete_Stored_Link_Key command for Bluetooth 1.1 controllers since HCI_Read_Local_Supported_Command was introduced in version 1.2, but this is an acceptable penalty as the command in question shouldn't affect critical behavior. Reported-by:Pavel Machek <pavel@ucw.cz> Signed-off-by:
John W. Linville <linville@tuxdriver.com>
-
- 12 Jun, 2013 1 commit
-
-
Johan Hedberg authored
If hci_dev_open fails we need to ensure that the corresponding mgmt_set_powered command gets an appropriate response. This patch fixes the missing response by adding a new mgmt_set_powered_failed function that's used to indicate a power on failure to mgmt. Since a situation with the device being rfkilled may require special handling in user space the patch uses a new dedicated mgmt status code for this. Signed-off-by:
-
- 23 Apr, 2013 2 commits
-
-
Fengguang Wu authored
There are new sparse warnings show up in tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next master head: a0b644b0385fa58ca578f6dce4473e8a8e6f6c38 commit: 75e84b7c Bluetooth: Add __hci_cmd_sync() helper function date: 13 days ago >> net/bluetooth/hci_core.c:82:16: sparse: symbol 'hci_get_cmd_complete' was not declared. Should it be static? Signed-off-by:
Fengguang Wu <fengguang.wu@intel.com> Acked-by:
-
Johan Hedberg authored
The Bluetooth Core Specification (4.0) defines the Write LE Host Supported HCI command as only available for controllers supporting BR/EDR. This is further reflected in the Read Local Extended Features HCI command also not being available for LE-only controllers. In other words, host-side LE support is implicit for single-mode LE controllers and doesn't have explicit HCI-level enablement. This patch ensures that the LE setting is always exposed as enabled through mgmt and returns a "rejected" response if user space tries to toggle the setting. The patch also ensures that Write LE Host Supported is never sent for LE-only controllers. Signed-off-by:
-
- 19 Apr, 2013 1 commit
-
-
Johan Hedberg authored
All HCI command send functions that take a pointer to the command parameters do not need to modify the content in any way (they merely copy the data to an skb). Therefore, the parameter type should be declared const. This also allows passing already const parameters to these APIs which previously would have generated a compiler warning. Signed-off-by:
-
- 18 Apr, 2013 4 commits
-
-
Andre Guedes authored
This patch renames LE_SCANNING_ENABLED and LE_SCANNING_DISABLED macros to LE_SCAN_ENABLE and LE_SCAN_DISABLE in order to keep the same prefix others LE scan macros have. It also fixes le_scan_enable_req function so it uses the LE_SCAN_ ENABLE macro instead of a magic number. Signed-off-by:
-
Andre Guedes authored
This patch adds macros for filter_duplicates parameter values from HCI LE Set Scan Enable command. It also fixes le_scan_enable_req function so it uses the LE_SCAN_FILTER_DUP_ENABLE macro instead of a magic number. The LE_SCAN_FILTER_DUP_DISABLE was also defined since it will be required to properly support the GAP Observer Role. Signed-off-by:
-
Andre Guedes authored
Define LE scanning timeout macros in jiffies just like we do for others timeout macros. Signed-off-by:
-
Johan Hedberg authored
With the introduction of CSA4 there is now also a features page number 2 available. This patch increments the maximum supported page number to 2 and adds code for reading all available pages (as long as we have support for them - indicated by HCI_MAX_PAGES). Signed-off-by:
-
- 04 Apr, 2013 1 commit
-
-
Marcel Holtmann authored
The driver init queue is no longer needed. This can be all handled inside the drivers now. So remove it. Signed-off-by:
-
