1. 30 Apr, 2017 6 commits
    • Dean Jenkins's avatar
      Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() · 2d6f1da1
      Dean Jenkins authored
      Before attempting to schedule a work-item onto hu->write_work in
      hci_uart_tx_wakeup(), check that the Data Link protocol layer is
      still bound to the HCI UART driver.
      
      Failure to perform this protocol check causes a race condition between
      the work queue hu->write_work running hci_uart_write_work() and the
      Data Link protocol layer being unbound (closed) in hci_uart_tty_close().
      
      Note hci_uart_tty_close() does have a "cancel_work_sync(&hu->write_work)"
      but it is ineffective because it cannot prevent work-items being added
      to hu->write_work after cancel_work_sync() has run.
      
      Therefore, add a check for HCI_UART_PROTO_READY into hci_uart_tx_wakeup()
      which prevents scheduling of the work queue when HCI_UART_PROTO_READY
      is in the clear state. However, note a small race condition remains
      because the hci_uart_tx_wakeup() thread can run in parallel with the
      hci_uart_tty_close() thread so it is possible that a schedule of
      hu->write_work can occur when HCI_UART_PROTO_READY is cleared. A complete
      solution needs locking of the threads which is implemented in a future
      commit.
      Signed-off-by: default avatarDean Jenkins <Dean_Jenkins@mentor.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      2d6f1da1
    • Dean Jenkins's avatar
      Bluetooth: hci_ldisc: Add protocol check to hci_uart_dequeue() · 048e1bd3
      Dean Jenkins authored
      Before attempting to dequeue a Data Link protocol encapsulated message,
      check that the Data Link protocol is still bound to the HCI UART driver.
      This makes the code consistent with the usage of the other proto
      function pointers.
      
      Therefore, add a check for HCI_UART_PROTO_READY into hci_uart_dequeue()
      and return NULL if the Data Link protocol is not bound.
      
      This is needed for robustness as there is a scheduling race condition.
      hci_uart_write_work() is scheduled to run via work queue hu->write_work
      from hci_uart_tx_wakeup(). Therefore, there is a delay between
      scheduling hci_uart_write_work() to run and hci_uart_dequeue() running
      whereby the Data Link protocol layer could become unbound during the
      scheduling delay. In this case, without the check, the call to the
      unbound Data Link protocol layer dequeue function can crash.
      
      It is noted that hci_uart_tty_close() has a
      "cancel_work_sync(&hu->write_work)" statement but this only reduces
      the window of the race condition because it is possible for a new
      work-item to be added to work queue hu->write_work after the call to
      cancel_work_sync(). For example, Data Link layer retransmissions can
      be added to the work queue after the cancel_work_sync() has finished.
      Signed-off-by: default avatarDean Jenkins <Dean_Jenkins@mentor.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      048e1bd3
    • Dean Jenkins's avatar
      Bluetooth: hci_ldisc: Add protocol check to hci_uart_send_frame() · ab00f89f
      Dean Jenkins authored
      Before attempting to send a HCI message, check that the Data Link
      protocol is still bound to the HCI UART driver. This makes the code
      consistent with the usage of the other proto function pointers.
      
      Therefore, add a check for HCI_UART_PROTO_READY into hci_uart_send_frame()
      and return -EUNATCH if the Data Link protocol is not bound.
      
      This also allows hci_send_frame() to report the error of an unbound
      Data Link protocol layer. Therefore, it assists with diagnostics into
      why HCI messages are being sent when the Data Link protocol is not
      bound and avoids potential crashes.
      Signed-off-by: default avatarDean Jenkins <Dean_Jenkins@mentor.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      ab00f89f
    • Frédéric Danis's avatar
      Bluetooth: Add module license for HCI UART Nokia H4+ · 377a6eac
      Frédéric Danis authored
      Fix the following error preventing to load Nokia H4+ module:
        kernel: [  826.461619] hci_nokia: module license 'unspecified' taints kernel.
        kernel: [  826.461629] Disabling lock debugging due to kernel taint
        kernel: [  826.461836] hci_nokia: Unknown symbol gpiod_get_value_cansleep (err 0)
        kernel: [  826.461876] hci_nokia: Unknown symbol devm_kmalloc (err 0)
        kernel: [  826.461908] hci_nokia: Unknown symbol gpiod_set_value (err 0)
        kernel: [  826.461937] hci_nokia: Unknown symbol serdev_device_set_baudrate (err 0)
        kernel: [  826.461994] hci_nokia: Unknown symbol gpiod_set_value_cansleep (err 0)
        kernel: [  826.462021] hci_nokia: Unknown symbol hci_uart_tx_wakeup (err 0)
        kernel: [  826.462043] hci_nokia: Unknown symbol serdev_device_set_flow_control (err 0)
        kernel: [  826.462064] hci_nokia: Unknown symbol gpiod_to_irq (err 0)
        kernel: [  826.462085] hci_nokia: Unknown symbol serdev_device_open (err 0)
        kernel: [  826.462106] hci_nokia: Unknown symbol gpiod_get_value (err 0)
        kernel: [  826.462150] hci_nokia: Unknown symbol clk_prepare (err 0)
        kernel: [  826.462182] hci_nokia: Unknown symbol pm_runtime_enable (err 0)
        kernel: [  826.462204] hci_nokia: Unknown symbol h4_recv_buf (err 0)
        kernel: [  826.462246] hci_nokia: Unknown symbol serdev_device_write_flush (err 0)
        kernel: [  826.462268] hci_nokia: Unknown symbol serdev_device_get_tiocm (err 0)
        kernel: [  826.462298] hci_nokia: Unknown symbol driver_unregister (err 0)
        kernel: [  826.462318] hci_nokia: Unknown symbol serdev_device_wait_until_sent (err 0)
        kernel: [  826.462347] hci_nokia: Unknown symbol __serdev_device_driver_register (err 0)
        kernel: [  826.462384] hci_nokia: Unknown symbol serdev_device_set_tiocm (err 0)
        kernel: [  826.462417] hci_nokia: Unknown symbol clk_get_rate (err 0)
        kernel: [  826.462454] hci_nokia: Unknown symbol __pm_runtime_resume (err 0)
        kernel: [  826.462486] hci_nokia: Unknown symbol serdev_device_close (err 0)
        kernel: [  826.462524] hci_nokia: Unknown symbol cancel_work_sync (err 0)
        kernel: [  826.462546] hci_nokia: Unknown symbol btbcm_set_bdaddr (err 0)
        kernel: [  826.462567] hci_nokia: Unknown symbol clk_disable (err 0)
        kernel: [  826.462610] hci_nokia: Unknown symbol __pm_runtime_disable (err 0)
        kernel: [  826.462632] hci_nokia: Unknown symbol hci_uart_register_device (err 0)
        kernel: [  826.462653] hci_nokia: Unknown symbol clk_enable (err 0)
        kernel: [  826.462675] hci_nokia: Unknown symbol __pm_runtime_idle (err 0)
        kernel: [  826.462700] hci_nokia: Unknown symbol clk_unprepare (err 0)
      Signed-off-by: default avatarFrédéric Danis <frederic.danis.oss@gmail.com>
      Acked-by: default avatarSebastian Reichel <sre@kernel.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      377a6eac
    • Szymon Janc's avatar
      Bluetooth: Fix user channel for 32bit userspace on 64bit kernel · ab89f0bd
      Szymon Janc authored
      Running 32bit userspace on 64bit kernel results in MSG_CMSG_COMPAT being
      defined as 0x80000000. This results in sendmsg failure if used from 32bit
      userspace running on 64bit kernel. Fix this by accounting for MSG_CMSG_COMPAT
      in flags check in hci_sock_sendmsg.
      Signed-off-by: default avatarSzymon Janc <szymon.janc@codecoup.pl>
      Signed-off-by: default avatarMarko Kiiskila <marko@runtime.io>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org
      ab89f0bd
    • Salvatore Benedetto's avatar
      Bluetooth: allocate data for kpp on heap · 763d9a30
      Salvatore Benedetto authored
      Bluetooth would crash when computing ECDH keys with kpp
      if VMAP_STACK is enabled. Fix by allocating data passed
      to kpp on heap.
      
      Fixes: 58771c1c ("Bluetooth: convert smp and selftest to crypto kpp
      API")
      Signed-off-by: default avatarSalvatore Benedetto <salvatore.benedetto@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      763d9a30
  2. 25 Apr, 2017 1 commit
  3. 24 Apr, 2017 33 commits