1. 10 Sep, 2012 1 commit
  2. 05 Sep, 2012 21 commits
  3. 04 Sep, 2012 2 commits
  4. 27 Aug, 2012 3 commits
  5. 23 Aug, 2012 1 commit
  6. 22 Aug, 2012 2 commits
  7. 21 Aug, 2012 5 commits
  8. 15 Aug, 2012 2 commits
    • Yevgeniy Melnichuk's avatar
      Bluetooth: Add support for Sony Vaio T-Series · bc21fde2
      Yevgeniy Melnichuk authored
      Add Sony Vaio T-Series Bluetooth Module( 0x489:0xE036) to
      the blacklist of btusb module and add it to the ath3k module.
      
      output of cat /sys/kernel/debug/usb/devices
      
      T:  Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#=  5 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0489 ProdID=e036 Rev= 0.02
      S:  Manufacturer=Atheros Communications
      S:  Product=Bluetooth USB Host Controller
      S:  SerialNumber=Alaska Day 2006
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarYevgeniy Melnichuk <yevgeniy.melnichuk@googlemail.com>
      Signed-off-by: default avatarMohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
      Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      bc21fde2
    • Andre Guedes's avatar
      Bluetooth: Fix use-after-free bug in SMP · 61a0cfb0
      Andre Guedes authored
      If SMP fails, we should always cancel security_timer delayed work.
      Otherwise, security_timer function may run after l2cap_conn object
      has been freed.
      
      This patch fixes the following warning reported by ODEBUG:
      
      WARNING: at lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
      Hardware name: Bochs
      ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x27
      Modules linked in: btusb bluetooth
      Pid: 440, comm: kworker/u:2 Not tainted 3.5.0-rc1+ #4
      Call Trace:
       [<ffffffff81174600>] ? free_obj_work+0x4a/0x7f
       [<ffffffff81023eb8>] warn_slowpath_common+0x7e/0x97
       [<ffffffff81023f65>] warn_slowpath_fmt+0x41/0x43
       [<ffffffff811746b1>] debug_print_object+0x7c/0x8d
       [<ffffffff810394f0>] ? __queue_work+0x241/0x241
       [<ffffffff81174fdd>] debug_check_no_obj_freed+0x92/0x159
       [<ffffffff810ac08e>] slab_free_hook+0x6f/0x77
       [<ffffffffa0019145>] ? l2cap_conn_del+0x148/0x157 [bluetooth]
       [<ffffffff810ae408>] kfree+0x59/0xac
       [<ffffffffa0019145>] l2cap_conn_del+0x148/0x157 [bluetooth]
       [<ffffffffa001b9a2>] l2cap_recv_frame+0xa77/0xfa4 [bluetooth]
       [<ffffffff810592f9>] ? trace_hardirqs_on_caller+0x112/0x1ad
       [<ffffffffa001c86c>] l2cap_recv_acldata+0xe2/0x264 [bluetooth]
       [<ffffffffa0002b2f>] hci_rx_work+0x235/0x33c [bluetooth]
       [<ffffffff81038dc3>] ? process_one_work+0x126/0x2fe
       [<ffffffff81038e22>] process_one_work+0x185/0x2fe
       [<ffffffff81038dc3>] ? process_one_work+0x126/0x2fe
       [<ffffffff81059f2e>] ? lock_acquired+0x1b5/0x1cf
       [<ffffffffa00028fa>] ? le_scan_work+0x11d/0x11d [bluetooth]
       [<ffffffff81036fb6>] ? spin_lock_irq+0x9/0xb
       [<ffffffff81039209>] worker_thread+0xcf/0x175
       [<ffffffff8103913a>] ? rescuer_thread+0x175/0x175
       [<ffffffff8103cfe0>] kthread+0x95/0x9d
       [<ffffffff812c5054>] kernel_threadi_helper+0x4/0x10
       [<ffffffff812c36b0>] ? retint_restore_args+0x13/0x13
       [<ffffffff8103cf4b>] ? flush_kthread_worker+0xdb/0xdb
       [<ffffffff812c5050>] ? gs_change+0x13/0x13
      
      This bug can be reproduced using hctool lecc or l2test tools and
      bluetoothd not running.
      Signed-off-by: default avatarAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      61a0cfb0
  9. 13 Aug, 2012 2 commits
    • Bob Copeland's avatar
      ath5k: fix spin_lock_irqsave/spin_lock_bh nesting in mesh · 7dd6753f
      Bob Copeland authored
      Lockdep found an inconsistent lock state when joining a mesh with
      ath5k.  The problem is that ath5k takes the lock for its beacon state,
      ah->block, with spin_lock_irqsave(), while mesh internally takes the
      sync_offset_lock with spin_lock_bh() in mesh_sync_offset_adjust_tbtt(),
      which in turn is called under ah->block.
      
      This could deadlock if the beacon tasklet was run on the processor
      that held the beacon lock during the do_softirq() in spin_unlock_bh().
      
      We probably shouldn't hold the lock around the callbacks, but the
      easiest fix is to switch to spin_lock_bh for ah->block: it doesn't
      need interrupts disabled anyway as the data in question is only accessed
      in softirq or process context.
      
      Fixes the following lockdep warning:
      
      [  446.892304] WARNING: at kernel/softirq.c:159 _local_bh_enable_ip+0x38/0xa6()
      [  446.892306] Hardware name: MacBook1,1
      [  446.892309] Modules linked in: tcp_lp fuse sunrpc cpufreq_ondemand acpi_cpufreq mperf ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 ip6table_filter nf_defrag_ipv4 xt_state nf_conntrack ip6_tables ext2 arc4 btusb bluetooth snd_hda_codec_idt snd_hda_intel carl9170 snd_hda_codec coretemp joydev ath5k snd_hwdep snd_seq isight_firmware ath snd_seq_device snd_pcm applesmc appletouch mac80211 input_polldev snd_timer microcode cfg80211 snd lpc_ich pcspkr i2c_i801 mfd_core soundcore rfkill snd_page_alloc sky2 tpm_infineon virtio_net kvm_intel kvm i915 drm_kms_helper drm i2c_algo_bit i2c_core video
      [  446.892385] Pid: 1892, comm: iw Not tainted 3.6.0-rc1-wl+ #296
      [  446.892387] Call Trace:
      [  446.892394]  [<c0432958>] warn_slowpath_common+0x7c/0x91
      [  446.892398]  [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
      [  446.892403]  [<c04399d7>] ? _local_bh_enable_ip+0x38/0xa6
      [  446.892459]  [<f7f9ae3b>] ? mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  446.892464]  [<c043298f>] warn_slowpath_null+0x22/0x24
      [  446.892468]  [<c04399d7>] _local_bh_enable_ip+0x38/0xa6
      [  446.892473]  [<c0439a52>] local_bh_enable_ip+0xd/0xf
      [  446.892479]  [<c088004f>] _raw_spin_unlock_bh+0x34/0x37
      [  446.892527]  [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  446.892569]  [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
      [  446.892575]  [<c047ceeb>] ? trace_hardirqs_on_caller+0x10e/0x13f
      [  446.892591]  [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
      [  446.892597]  [<c047ad67>] ? lock_acquired+0x1f5/0x21e
      [  446.892612]  [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
      [  446.892617]  [<c087f9ea>] ? _raw_spin_lock_irqsave+0x78/0x82
      [  446.892632]  [<f7fdf9fb>] ? ath5k_bss_info_changed+0x167/0x1b2 [ath5k]
      [  446.892647]  [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
      [  446.892651]  [<c0479dd4>] ? lock_is_held+0x73/0x7b
      [  446.892662]  [<c0458fd5>] ? __might_sleep+0xa7/0x17a
      [  446.892698]  [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
      [  446.892703]  [<c0449875>] ? queue_work+0x24/0x32
      [  446.892718]  [<f7fdf894>] ? ath5k_configure_filter+0x163/0x163 [ath5k]
      [  446.892766]  [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
      [  446.892806]  [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
      [  446.892834]  [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
      [  446.892855]  [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
      [  446.892875]  [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
      [  446.892908]  [<f7a8db99>] ? nl80211_set_wiphy+0x4cf/0x4cf [cfg80211]
      [  446.892919]  [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
      [  446.892940]  [<c07cf861>] ? genl_rcv+0x25/0x25
      [  446.892946]  [<c07cf009>] netlink_rcv_skb+0x37/0x78
      [  446.892950]  [<c07cf85a>] genl_rcv+0x1e/0x25
      [  446.892955]  [<c07cebf3>] netlink_unicast+0xc3/0x12d
      [  446.892959]  [<c07cee46>] netlink_sendmsg+0x1e9/0x213
      [  446.892966]  [<c079f282>] sock_sendmsg+0x79/0x96
      [  446.892972]  [<c04eb90d>] ? might_fault+0x9d/0xa3
      [  446.892978]  [<c07a81d8>] ? copy_from_user+0x8/0xa
      [  446.892983]  [<c07a852c>] ? verify_iovec+0x43/0x77
      [  446.892987]  [<c079f4d8>] __sys_sendmsg+0x180/0x215
      [  446.892993]  [<c045f107>] ? sched_clock_cpu+0x134/0x144
      [  446.892997]  [<c047992f>] ? trace_hardirqs_off+0xb/0xd
      [  446.893002]  [<c047bf88>] ? __lock_acquire+0x46b/0xb6e
      [  446.893006]  [<c047992f>] ? trace_hardirqs_off+0xb/0xd
      [  446.893010]  [<c045f149>] ? local_clock+0x32/0x49
      [  446.893015]  [<c0479ec1>] ? lock_release_holdtime.part.9+0x4b/0x51
      [  446.893020]  [<c0479dd4>] ? lock_is_held+0x73/0x7b
      [  446.893025]  [<c050d127>] ? fcheck_files+0x97/0xcd
      [  446.893029]  [<c050d4df>] ? fget_light+0x2d/0x81
      [  446.893034]  [<c07a01f3>] sys_sendmsg+0x3b/0x52
      [  446.893038]  [<c07a07b4>] sys_socketcall+0x238/0x2a2
      [  446.893044]  [<c0885edf>] sysenter_do_call+0x12/0x38
      [  446.893047] ---[ end trace a9af5998f929270f ]---
      [  447.627222]
      [  447.627232] =================================
      [  447.627237] [ INFO: inconsistent lock state ]
      [  447.627244] 3.6.0-rc1-wl+ #296 Tainted: G        W
      [  447.627248] ---------------------------------
      [  447.627253] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
      [  447.627260] swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
      [  447.627264]  (&(&ah->block)->rlock){+.?...}, at: [<f7fdd2d1>] ath5k_tasklet_beacon+0x91/0xa7 [ath5k]
      [  447.627299] {SOFTIRQ-ON-W} state was registered at:
      [  447.627304]   [<c047cdbf>] mark_held_locks+0x59/0x77
      [  447.627316]   [<c047ceeb>] trace_hardirqs_on_caller+0x10e/0x13f
      [  447.627324]   [<c047cf27>] trace_hardirqs_on+0xb/0xd
      [  447.627332]   [<c0439a3d>] _local_bh_enable_ip+0x9e/0xa6
      [  447.627342]   [<c0439a52>] local_bh_enable_ip+0xd/0xf
      [  447.627349]   [<c088004f>] _raw_spin_unlock_bh+0x34/0x37
      [  447.627359]   [<f7f9ae3b>] mesh_sync_offset_adjust_tbtt+0x95/0x99 [mac80211]
      [  447.627451]   [<f7f7650f>] ieee80211_beacon_get_tim+0x28f/0x4e0 [mac80211]
      [  447.627526]   [<f7fdc541>] ath5k_beacon_update+0x40/0x26b [ath5k]
      [  447.627547]   [<f7fdfa09>] ath5k_bss_info_changed+0x175/0x1b2 [ath5k]
      [  447.627569]   [<f7f5d8f7>] ieee80211_bss_info_change_notify+0x1ed/0x21a [mac80211]
      [  447.627628]   [<f7f95fa4>] ieee80211_start_mesh+0xb9/0xbd [mac80211]
      [  447.627712]   [<f7f6e610>] ieee80211_join_mesh+0x10c/0x116 [mac80211]
      [  447.627782]   [<f7a96b90>] __cfg80211_join_mesh+0x176/0x1b3 [cfg80211]
      [  447.627816]   [<f7a96c1c>] cfg80211_join_mesh+0x4f/0x6a [cfg80211]
      [  447.627845]   [<f7a89891>] nl80211_join_mesh+0x1de/0x1ed [cfg80211]
      [  447.627872]   [<c07cfa36>] genl_rcv_msg+0x1d5/0x1f3
      [  447.627881]   [<c07cf009>] netlink_rcv_skb+0x37/0x78
      [  447.627891]   [<c07cf85a>] genl_rcv+0x1e/0x25
      [  447.627898]   [<c07cebf3>] netlink_unicast+0xc3/0x12d
      [  447.627907]   [<c07cee46>] netlink_sendmsg+0x1e9/0x213
      [  447.627915]   [<c079f282>] sock_sendmsg+0x79/0x96
      [  447.627926]   [<c079f4d8>] __sys_sendmsg+0x180/0x215
      [  447.627934]   [<c07a01f3>] sys_sendmsg+0x3b/0x52
      [  447.627941]   [<c07a07b4>] sys_socketcall+0x238/0x2a2
      [  447.627949]   [<c0885edf>] sysenter_do_call+0x12/0x38
      [  447.627959] irq event stamp: 1929200
      [  447.627963] hardirqs last  enabled at (1929200): [<c043a0e9>] tasklet_hi_action+0x3e/0xbf
      [  447.627972] hardirqs last disabled at (1929199): [<c043a0c0>] tasklet_hi_action+0x15/0xbf
      [  447.627981] softirqs last  enabled at (1929196): [<c043999d>] _local_bh_enable+0x12/0x14
      [  447.627989] softirqs last disabled at (1929197): [<c040443b>] do_softirq+0x63/0xb8
      [  447.627999]
      [  447.627999] other info that might help us debug this:
      [  447.628004]  Possible unsafe locking scenario:
      [  447.628004]
      [  447.628009]        CPU0
      [  447.628012]        ----
      [  447.628016]   lock(&(&ah->block)->rlock);
      [  447.628023]   <Interrupt>
      [  447.628027]     lock(&(&ah->block)->rlock);
      [  447.628034]
      [  447.628034]  *** DEADLOCK ***
      Signed-off-by: default avatarBob Copeland <me@bobcopeland.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      7dd6753f
    • Lorenzo Bianconi's avatar
      ath9k: fix decrypt_error initialization in ath_rx_tasklet() · e1352fde
      Lorenzo Bianconi authored
      ath_rx_tasklet() calls ath9k_rx_skb_preprocess() and ath9k_rx_skb_postprocess()
      in a loop over the received frames. The decrypt_error flag is
      initialized to false
      just outside ath_rx_tasklet() loop. ath9k_rx_accept(), called by
      ath9k_rx_skb_preprocess(),
      only sets decrypt_error to true and never to false.
      Then ath_rx_tasklet() calls ath9k_rx_skb_postprocess() and passes
      decrypt_error to it.
      So, after a decryption error, in ath9k_rx_skb_postprocess(), we can
      have a leftover value
      from another processed frame. In that case, the frame will not be marked with
      RX_FLAG_DECRYPTED even if it is decrypted correctly.
      When using CCMP encryption this issue can lead to connection stuck
      because of CCMP
      PN corruption and a waste of CPU time since mac80211 tries to decrypt an already
      deciphered frame with ieee80211_aes_ccm_decrypt.
      Fix the issue initializing decrypt_error flag at the begging of the
      ath_rx_tasklet() loop.
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo.bianconi83@gmail.com>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      e1352fde
  10. 10 Aug, 2012 1 commit