* [PATCH 1/4] Sim Access Profile API
From: Waldemar Rymarkiewicz @ 2010-11-03 13:34 UTC (permalink / raw)
To: linux-bluetooth
Cc: suraj, Johan Hedberg, joakim.xj.ceder, Waldemar Rymarkiewicz
In-Reply-To: <1288791271-13857-1-git-send-email-waldemar.rymarkiewicz@tieto.com>
New API for Sim Access Profile.
---
Makefile.am | 2 +-
doc/sap-api.txt | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 1 deletions(-)
create mode 100644 doc/sap-api.txt
diff --git a/Makefile.am b/Makefile.am
index 873f2df..e1183de 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -352,7 +352,7 @@ EXTRA_DIST += doc/manager-api.txt \
doc/service-api.txt doc/agent-api.txt doc/attribute-api.txt \
doc/serial-api.txt doc/network-api.txt \
doc/input-api.txt doc/audio-api.txt doc/control-api.txt \
- doc/hfp-api.txt doc/assigned-numbers.txt
+ doc/hfp-api.txt doc/assigned-numbers.txt doc/sap-api.txt
AM_YFLAGS = -d
diff --git a/doc/sap-api.txt b/doc/sap-api.txt
new file mode 100644
index 0000000..7951f56
--- /dev/null
+++ b/doc/sap-api.txt
@@ -0,0 +1,57 @@
+BlueZ D-Bus Sim Access Profile API description
+***********************************
+
+Copyright (C) 2010 ST-Ericsson SA
+
+
+Sim Access Profile hierarchy
+============================
+
+Service org.bluez
+Interface org.bluez.SimAccess
+Object path [variable prefix]/{hci0,hci1,...}
+
+Methods void Enable()
+
+ Start up SAP server and register SDP record for it.
+
+ Possible errors: org.bluez.Error.Failed
+
+ void Disable()
+
+ Shudown SAP server and remove the SDP record.
+
+ Possible errors: org.bluez.Error.Failed
+
+ void Disconnect(boolean type)
+
+ Disconnect SAP client from the server. The 'type'
+ parameter indicates disconnection type.
+
+ True - gracefull disconnection
+ False - immediate disconnection
+
+ Possible errors: org.bluez.Error.Failed
+
+ dict GetProperties()
+
+ Return all properties for the interface. See the
+ properties section for available properties.
+
+ Possible Errors: org.bluez.Error.Failed
+
+Signals PropertyChanged(string name, variant value)
+
+ This signal indicates a changed value of the given
+ property.
+
+
+Properties boolean Enabled [readonly]
+
+ Indicates the state of the server. True if the server
+ is enabled and False otherwise.
+
+ boolean Connected [readonly]
+
+ Indicates if SAP client is connected to the server.
+
--
1.7.0.4
^ permalink raw reply related
* [PATCH 0/4] Sim Access Profile
From: Waldemar Rymarkiewicz @ 2010-11-03 13:34 UTC (permalink / raw)
To: linux-bluetooth
Cc: suraj, Johan Hedberg, joakim.xj.ceder, Waldemar Rymarkiewicz
Hi,
I fixed some issues raised by Johan.
I will send patches in seperate emails.
@Johan: If there is no more comments could you consider to push it upstream?
Regards,
/Waldek
Waldemar Rymarkiewicz (4):
Sim Access Profile API
Sim Access Profile Manager
Sim Access Profile Server
Sim Access Profile dummy driver
.gitignore | 1 +
Makefile.am | 21 +-
acinclude.m4 | 12 +
doc/sap-api.txt | 57 ++
sap/main.c | 54 ++
sap/manager.c | 94 ++++
sap/manager.h | 21 +
sap/sap-dummy.c | 304 +++++++++++
sap/sap.h | 187 +++++++
sap/server.c | 1514 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
sap/server.h | 25 +
11 files changed, 2288 insertions(+), 2 deletions(-)
create mode 100644 doc/sap-api.txt
create mode 100644 sap/main.c
create mode 100644 sap/manager.c
create mode 100644 sap/manager.h
create mode 100644 sap/sap-dummy.c
create mode 100644 sap/sap.h
create mode 100644 sap/server.c
create mode 100644 sap/server.h
^ permalink raw reply
* Re: [PATCH v2] Add support for sending small data through obex
From: Anderson Lizardo @ 2010-11-03 11:44 UTC (permalink / raw)
To: Radoslaw Jablonski; +Cc: linux-bluetooth
In-Reply-To: <1288689911-18507-1-git-send-email-ext-jablonski.radoslaw@nokia.com>
On Tue, Nov 2, 2010 at 5:25 AM, Radoslaw Jablonski
<ext-jablonski.radoslaw@nokia.com> wrote:
> @@ -642,18 +642,39 @@ static int obex_write_stream(struct obex_session *os,
> goto add_header;
> }
>
> - len = os->driver->read(os->object, os->buf, os->tx_mtu, &hi);
> - if (len < 0) {
> - error("read(): %s (%zd)", strerror(-len), -len);
> - if (len == -EAGAIN)
> - return len;
> - else if (len == -ENOSTR)
> - return 0;
> + /* Copying data from source until we reach end of the stream. Sending
> + * data only if MTU will be filled in 100% or we reach end of data.
> + * Remaining data in buffer will be sent with next amount of data
> + * from source.*/
> + do {
> + r_len = os->driver->read(os->object, os->buf + os->pending,
> + os->tx_mtu - os->pending, &hi);
>
> - g_free(os->buf);
> - os->buf = NULL;
> - return len;
> - }
> + if (r_len == 0)
> + break;
> + else if (r_len < 0) {
> + error("read(): %s (%zd)", strerror(-r_len), -r_len);
> +
> + switch(r_len) {
Small coding style issue above: a missing space between "switch" and "(".
Regards,
--
Anderson Lizardo
OpenBossa Labs - INdT
Manaus - Brazil
^ permalink raw reply
* [PATCHv4 2/2] Bluetooth: timer check sk is not owned before freeing
From: Emeltchenko Andrei @ 2010-11-03 10:32 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288780365-32099-1-git-send-email-Andrei.Emeltchenko.news@gmail.com>
From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
In timer context we might delete l2cap channel used by krfcommd.
The check makes sure that sk is not owned. If sk is owned we
restart timer for HZ/5.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
---
net/bluetooth/l2cap.c | 32 ++++++++++++++++++++------------
1 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index b5436f7..b2f309d 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -83,6 +83,18 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
/* ---- L2CAP timers ---- */
+static void l2cap_sock_set_timer(struct sock *sk, long timeout)
+{
+ BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
+ sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
+}
+
+static void l2cap_sock_clear_timer(struct sock *sk)
+{
+ BT_DBG("sock %p state %d", sk, sk->sk_state);
+ sk_stop_timer(sk, &sk->sk_timer);
+}
+
static void l2cap_sock_timeout(unsigned long arg)
{
struct sock *sk = (struct sock *) arg;
@@ -92,6 +104,14 @@ static void l2cap_sock_timeout(unsigned long arg)
bh_lock_sock(sk);
+ if (sock_owned_by_user(sk)) {
+ /* sk is owned by user. Try again later */
+ l2cap_sock_set_timer(sk, HZ / 5);
+ bh_unlock_sock(sk);
+ sock_put(sk);
+ return;
+ }
+
if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
reason = ECONNREFUSED;
else if (sk->sk_state == BT_CONNECT &&
@@ -108,18 +128,6 @@ static void l2cap_sock_timeout(unsigned long arg)
sock_put(sk);
}
-static void l2cap_sock_set_timer(struct sock *sk, long timeout)
-{
- BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
- sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
-}
-
-static void l2cap_sock_clear_timer(struct sock *sk)
-{
- BT_DBG("sock %p state %d", sk, sk->sk_state);
- sk_stop_timer(sk, &sk->sk_timer);
-}
-
/* ---- L2CAP channels ---- */
static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
{
--
1.7.0.4
^ permalink raw reply related
* [PATCHv4 1/2] Bluetooth: Check sk is not owned before freeing l2cap_conn
From: Emeltchenko Andrei @ 2010-11-03 10:32 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288780365-32099-1-git-send-email-Andrei.Emeltchenko.news@gmail.com>
From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Check that socket sk is not locked in user process before removing
l2cap connection handler.
lock_sock and release_sock do not hold a normal spinlock directly but
instead hold the owner field. This means bh_lock_sock can still execute
even if the socket is "locked". More info can be found here:
http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks
krfcommd kernel thread may be preempted with l2cap tasklet which remove
l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply
(like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens.
...
[ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 694.184936] pgd = c0004000
[ 694.187683] [00000000] *pgd=00000000
[ 694.191711] Internal error: Oops: 5 [#1] PREEMPT
[ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading
[ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1)
[ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap]
[ 694.270721] LR is at 0xd7017303
...
[ 694.525085] Backtrace:
[ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8)
[ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
---
net/bluetooth/l2cap.c | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6f931cc..b5436f7 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3078,6 +3078,14 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
break;
default:
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ break;
+ }
+
l2cap_chan_del(sk, ECONNREFUSED);
break;
}
@@ -3283,6 +3291,15 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
sk->sk_shutdown = SHUTDOWN_MASK;
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ bh_unlock_sock(sk);
+ return 0;
+ }
+
l2cap_chan_del(sk, ECONNRESET);
bh_unlock_sock(sk);
@@ -3305,6 +3322,15 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
if (!sk)
return 0;
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ bh_unlock_sock(sk);
+ return 0;
+ }
+
l2cap_chan_del(sk, 0);
bh_unlock_sock(sk);
--
1.7.0.4
^ permalink raw reply related
* [PATCHv4 0/2] Fix kernel crash in rfcomm/l2cap
From: Emeltchenko Andrei @ 2010-11-03 10:32 UTC (permalink / raw)
To: linux-bluetooth
From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Yet another version of patches fixing kernel crash in RFCOMM / L2CAP.
*v4: taken Gustavo comments about timer HZ -> HZ/5
Do not delete l2cap channel and socket sk when sk is owned by user.
To delete l2cap channel standard timer is used.
lock_sock and release_sock do not hold a normal spinlock directly but
instead hold the owner field. This means bh_lock_sock can still execute
even if the socket is "locked". More info can be found here:
http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks
When sending following sequence:
...
No. Time Source Destination Protocol Info
89 1.951202 RFCOMM Rcvd DISC DLCI=20
90 1.951324 RFCOMM Sent UA DLCI=20
91 1.959381 HCI_EVT Number of Completed Packets
92 1.966461 RFCOMM Rcvd DISC DLCI=0
93 1.966492 L2CAP Rcvd Disconnect Request
94 1.972595 L2CAP Sent Disconnect Response
...
krfcommd kernel thread is preempted with l2cap tasklet which remove l2cap_conn
(L2CAP connection handler structure). Then rfcomm thread tries to send RFCOMM
UA which is reply to RFCOMM DISC and when de-referencing l2cap_conn crash
happens.
Andrei Emeltchenko (2):
Bluetooth: Check sk is not owned before freeing l2cap_conn
Bluetooth: timer check sk is not owned before freeing
net/bluetooth/l2cap.c | 58 ++++++++++++++++++++++++++++++++++++++----------
1 files changed, 46 insertions(+), 12 deletions(-)
^ permalink raw reply
* [PATCH] Fix folder listing not able to use name header to list sub folders
From: Luiz Augusto von Dentz @ 2010-11-03 9:56 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
---
plugins/ftp.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/plugins/ftp.c b/plugins/ftp.c
index 007fe4a..91c77a3 100644
--- a/plugins/ftp.c
+++ b/plugins/ftp.c
@@ -171,9 +171,6 @@ static int get_by_type(struct ftp_session *ftp, const char *type)
if (g_strcmp0(type, CAP_TYPE) == 0)
return obex_get_stream_start(os, capability);
- if (g_strcmp0(type, LST_TYPE) == 0)
- return obex_get_stream_start(os, ftp->folder);
-
path = g_build_filename(ftp->folder, name, NULL);
err = obex_get_stream_start(os, path);
--
1.7.1
^ permalink raw reply related
* [PATCHv4 1/2] Bluetooth: Check sk is not owned before freeing l2cap_conn
From: Emeltchenko Andrei @ 2010-11-03 7:47 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288770478-22978-1-git-send-email-Andrei.Emeltchenko.news@gmail.com>
From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Check that socket sk is not locked in user process before removing
l2cap connection handler.
lock_sock and release_sock do not hold a normal spinlock directly but
instead hold the owner field. This means bh_lock_sock can still execute
even if the socket is "locked". More info can be found here:
http://www.linuxfoundation.org/collaborate/workgroups/networking/socketlocks
krfcommd kernel thread may be preempted with l2cap tasklet which remove
l2cap_conn structure. If krfcommd is in process of sending of RFCOMM reply
(like "RFCOMM UA" reply to "RFCOMM DISC") then kernel crash happens.
...
[ 694.175933] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 694.184936] pgd = c0004000
[ 694.187683] [00000000] *pgd=00000000
[ 694.191711] Internal error: Oops: 5 [#1] PREEMPT
[ 694.196350] last sysfs file: /sys/devices/platform/hci_h4p/firmware/hci_h4p/loading
[ 694.260375] CPU: 0 Not tainted (2.6.32.10 #1)
[ 694.265106] PC is at l2cap_sock_sendmsg+0x43c/0x73c [l2cap]
[ 694.270721] LR is at 0xd7017303
...
[ 694.525085] Backtrace:
[ 694.527587] [<bf266be0>] (l2cap_sock_sendmsg+0x0/0x73c [l2cap]) from [<c02f2cc8>] (sock_sendmsg+0xb8/0xd8)
[ 694.537292] [<c02f2c10>] (sock_sendmsg+0x0/0xd8) from [<c02f3044>] (kernel_sendmsg+0x48/0x80)
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
---
net/bluetooth/l2cap.c | 26 ++++++++++++++++++++++++++
1 files changed, 26 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6f931cc..b5436f7 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -3078,6 +3078,14 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
break;
default:
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ break;
+ }
+
l2cap_chan_del(sk, ECONNREFUSED);
break;
}
@@ -3283,6 +3291,15 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd
sk->sk_shutdown = SHUTDOWN_MASK;
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ bh_unlock_sock(sk);
+ return 0;
+ }
+
l2cap_chan_del(sk, ECONNRESET);
bh_unlock_sock(sk);
@@ -3305,6 +3322,15 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd
if (!sk)
return 0;
+ /* don't delete l2cap channel if sk is owned by user */
+ if (sock_owned_by_user(sk)) {
+ sk->sk_state = BT_DISCONN;
+ l2cap_sock_clear_timer(sk);
+ l2cap_sock_set_timer(sk, HZ / 5);
+ bh_unlock_sock(sk);
+ return 0;
+ }
+
l2cap_chan_del(sk, 0);
bh_unlock_sock(sk);
--
1.7.0.4
^ permalink raw reply related
* Re: [PATCH] Cleanup set_mode code
From: Johan Hedberg @ 2010-11-02 22:25 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <1288709056-7551-1-git-send-email-luiz.dentz@gmail.com>
Hi Luiz,
On Tue, Nov 02, 2010, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
>
> Now that MODE_LIMITED was removed there is no need to compare string mode
> to determine if scan mode will change or not.
> ---
> src/adapter.c | 21 +++++----------------
> 1 files changed, 5 insertions(+), 16 deletions(-)
Pushed upstream. Thanks.
Johan
^ permalink raw reply
* RE: [RFC] LE connections and advertising management
From: Brian Redding @ 2010-11-02 20:23 UTC (permalink / raw)
To: 'Mike Tsai', 'Claudio Takahasi'
Cc: 'BlueZ development'
In-Reply-To: <35B17FE5076C7040809188FBE7913F983F847B44A8@SC1EXMB-MBCL.global.atheros.com>
> [Claudio]
> Is it allowed duplicated UUIDs for the same primary service? We are
> not handling this right now.
> It seems that you already have a proprietary implementation ;-)
>
> [Mike Tsai] I think it is probably not allowed to duplicate
> characteristic within the same primary services. However, there may be
> duplicated primary services within a server or duplicated included
> service within a server, or same characteristic inside 2 different
> primary services. So I don't know if you have any mechanism to let
> GAttrib get the correct characteristic within all these duplicated
> services by just passing the 128 bits UUID?
The GATT places no limitation on multiple instances of characteristics or
services. The recommendation to profile writers when duplicate
characteristics exist within a service is that each characteristic has a
characteristic presentation descriptor that distinguishes each instance of
the characteristic. The same would apply to multiple instances of a
service. There are other methods to distinguish multiple instances of
services and characteristics including different UUIDs so there isn't a
single approach. The approach though is specified by the profile.
Brian
---
Brian A. Redding
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum
^ permalink raw reply
* Re: >net-wireless/bluez-4.63 unable to connect audio streams due commit
From: Peter Hurley @ 2010-11-02 17:25 UTC (permalink / raw)
To: pacho
Cc: Uwe Kleine-König, Luiz Augusto von Dentz, Johan Hedberg,
linux-bluetooth
In-Reply-To: <1288524358.2654.4.camel@localhost.localdomain>
Hi Pacho,
On Sun, 2010-10-31 at 12:25 +0100, Pacho Ramos wrote:
> El lun, 18-10-2010 a las 20:24 +0200, Pacho Ramos escribió:
> > El lun, 04-10-2010 a las 14:35 +0200, Uwe Kleine-König escribió:
> > > Hello Pacho,
> > >
> > > On Mon, Oct 04, 2010 at 12:25:46PM +0200, Pacho Ramos wrote:
> > > > > I would say this was because of double authentication request, but it
> > > > > seems it is not the case, actually ssp doesn't seems to be used at all
> > > > > here so this must be something else, maybe you should try this:
> > > > >
> > > > > http://thread.gmane.org/gmane.linux.bluez.kernel/7256
> > > > >
> > > >
> > > > Thanks but, how should I try to apply that patch? Looks like
> > > > net/bluetooth/rfcomm/core.c is not present on bluez-4.72 sources
> > > I guess this is a patch to apply to your kernel, not bluez.
> > >
> > > Best regards
> > > Uwe
> > >
> >
> > Downstream affected reported told me it's still failing even with the
> > patch:
> >
> > http://bugs.gentoo.org/show_bug.cgi?id=327705#c19
> >
> > Attached is the new hcidump output
> >
> > Thanks a lot for your help :-)
> >
>
> There is no possible solution to this? :-(
>
> Thanks
The hcidump output reported is unfortunately insufficient to determine
the actual cause of failure. The indicated cause of failure appears to
be an error return from the Set Connection Encryption cmd (as indicated
by the absence of an Encryption Change evt). The actual error code is
not indicated in the hcidump output -- really, 'hcidump -tVx' is more
helpful for troubleshooting remotely.
The "Function not implemented (38)" message (which is in the bluetoothd
output capture in the downstream report) is the kernel bt stack's
translation to errno for bluetooth error codes primarily associated with
piconet errors (like Reserved Slot Violation(s), LMP Response Timeout,
etc. Actually, it's a catchall for errors the kernel bt stack thinks it
can't really do anything about).
Although I'd be happy to take a look at a more complete hcidump, the
reality is that there are bluetooth device incompatibilities/bugs that
are often unfixable - even when the hardware's available. My own bt
dongle reports that it's eSCO capable but hangs the LM when actually
attempting to negotiate an eSCO connection.
Hope that helps,
Peter Hurley
^ permalink raw reply
* Re: Downstream patches
From: Marcel Holtmann @ 2010-11-02 15:39 UTC (permalink / raw)
To: Johan Hedberg; +Cc: Bastien Nocera, BlueZ development
In-Reply-To: <20101027221627.GA24756@jh-x301>
Hi Bastien,
> > 0001-systemd-install-systemd-unit-files.patch installs a systemd unit,
> > which, when systemd is used, replaces the udev rule to launch
> > bluetoothd. This was pretty heavily tested as part of the alpha for
> > Fedora 14, though systemd was not included in the end.
> >
> > This patch is used in Fedora 15 now.
>
> I'll let Marcel comment on this since IIRC he had previously some issues
> with systemd related patches.
I still have the systemd patches in my queue. I wanna do some proper
cleanup to move over to systemd full scale. And just remove everything
else from the source repository and the packages.
Regards
Marcel
^ permalink raw reply
* Re: [PATCH 3/6] MacBookAir3,1(3,2) btusb support
From: Marcel Holtmann @ 2010-11-02 15:38 UTC (permalink / raw)
To: Dmitry Torokhov; +Cc: linux-bluetooth, linux-kernel, gimli
In-Reply-To: <20101102152454.GC11778@core.coreip.homeip.net>
Hi Dmitry,
> Not sure of you guys monitor LKML...
not on a regular basis.
> > This patch add support for the MacBookAir3,1 and MacBookAir3,2 to the btusb
> > driver.
> >
> > Signed-off-by: Edgar (gimli) Hucek <gimli@dark-green.com>
>
> > --- a/drivers/bluetooth/btusb.c 2010-10-30 21:08:45.170492002 +0200
> > +++ b/drivers/bluetooth/btusb.c 2010-10-30 21:18:11.820492000 +0200
> > @@ -62,6 +62,9 @@
> > /* Apple iMac11,1 */
> > { USB_DEVICE(0x05ac, 0x8215) },
> >
> > + /* Apple MacBookAir3,1, MacBookAir3,2 */
> > + { USB_DEVICE(0x05ac, 0x821b) },
> > +
> > /* AVM BlueFRITZ! USB v2.0 */
> > { USB_DEVICE(0x057c, 0x3800) },
patch looks fine to me, but it should be send to linux-bluetooth mailing
list.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply
* Re: [PATCH] bluetooth: hidp: fix information leak to userland
From: Marcel Holtmann @ 2010-11-02 15:36 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: kernel-janitors, Gustavo F. Padovan, David S. Miller, Jiri Kosina,
Michael Poole, Bastien Nocera, linux-bluetooth, netdev,
linux-kernel
In-Reply-To: <1288448791-6009-1-git-send-email-segooon@gmail.com>
Hi Vasiliy,
> Structure hidp_conninfo is copied to userland with version, product,
> vendor and name fields unitialized if both session->input and session->hid
> are NULL. It leads to leaking of contents of kernel stack memory.
>
> Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply
* Re: [PATCH] bluetooth: cmtp: fix information leak to userland
From: Marcel Holtmann @ 2010-11-02 15:35 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: kernel-janitors, Gustavo F. Padovan, David S. Miller,
Eric Dumazet, linux-bluetooth, netdev, linux-kernel
In-Reply-To: <1288448787-5848-1-git-send-email-segooon@gmail.com>
Hi Vasiliy,
> Structure cmtp_conninfo is copied to userland with some padding fields
> unitialized. It leads to leaking of contents of kernel stack memory.
>
> Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply
* Re: [PATCH] bluetooth: bnep: fix information leak to userland
From: Marcel Holtmann @ 2010-11-02 15:35 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: kernel-janitors, Gustavo F. Padovan, David S. Miller,
Eric Dumazet, Thadeu Lima de Souza Cascardo, Tejun Heo,
Jiri Kosina, linux-bluetooth, netdev, linux-kernel
In-Reply-To: <1288448782-5582-1-git-send-email-segooon@gmail.com>
Hi Vasiiy,
> Structure bnep_conninfo is copied to userland with the field "device"
> that has the last elements unitialized. It leads to leaking of
> contents of kernel stack memory.
>
> Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply
* Re: [PATCH 3/6] MacBookAir3,1(3,2) btusb support
From: Dmitry Torokhov @ 2010-11-02 15:24 UTC (permalink / raw)
To: linux-bluetooth; +Cc: linux-kernel, gimli, Marcel Holtmann
In-Reply-To: <9e7738c0461aa509dd55fe470df3855e@mognix.dark-green.com>
Not sure of you guys monitor LKML...
On Tue, Nov 02, 2010 at 08:19:43AM +0100, gimli wrote:
> This patch add support for the MacBookAir3,1 and MacBookAir3,2 to the btusb
> driver.
>
> Signed-off-by: Edgar (gimli) Hucek <gimli@dark-green.com>
> --- a/drivers/bluetooth/btusb.c 2010-10-30 21:08:45.170492002 +0200
> +++ b/drivers/bluetooth/btusb.c 2010-10-30 21:18:11.820492000 +0200
> @@ -62,6 +62,9 @@
> /* Apple iMac11,1 */
> { USB_DEVICE(0x05ac, 0x8215) },
>
> + /* Apple MacBookAir3,1, MacBookAir3,2 */
> + { USB_DEVICE(0x05ac, 0x821b) },
> +
> /* AVM BlueFRITZ! USB v2.0 */
> { USB_DEVICE(0x057c, 0x3800) },
>
--
Dmitry
^ permalink raw reply
* Re: [PATCHv3 2/2] Bluetooth: timer check sk is not owned before freeing
From: Gustavo F. Padovan @ 2010-11-02 15:15 UTC (permalink / raw)
To: Andrei Emeltchenko; +Cc: linux-bluetooth
In-Reply-To: <AANLkTiksc7jKPqxkFEZqvgBJ5ATvGh0nurWS9SZcdtit@mail.gmail.com>
Hi Andrei,
* Andrei Emeltchenko <andrei.emeltchenko.news@gmail.com> [2010-11-01 16:20:15 +0200]:
> Hi Gustavo
>
> On Sat, Oct 30, 2010 at 12:17 AM, Gustavo F. Padovan
> <padovan@profusion.mobi> wrote:
> > Hi Andrei,
> >
> > * Emeltchenko Andrei <Andrei.Emeltchenko.news@gmail.com> [2010-10-29 16:43:01 +0300]:
> >
> >> From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
> >>
> >> In timer context we might delete l2cap channel used by krfcommd.
> >> The check makes sure that sk is not owned. If sk is owned we
> >> restart timer for HZ/5.
> >>
> >> Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
> >> ---
> >> net/bluetooth/l2cap.c | 32 ++++++++++++++++++++------------
> >> 1 files changed, 20 insertions(+), 12 deletions(-)
> >>
> >> diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
> >> index b1344d8..c67b3c6 100644
> >> --- a/net/bluetooth/l2cap.c
> >> +++ b/net/bluetooth/l2cap.c
> >> @@ -83,6 +83,18 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
> >> static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
> >>
> >> /* ---- L2CAP timers ---- */
> >> +static void l2cap_sock_set_timer(struct sock *sk, long timeout)
> >> +{
> >> + BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
> >> + sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
> >> +}
> >> +
> >> +static void l2cap_sock_clear_timer(struct sock *sk)
> >> +{
> >> + BT_DBG("sock %p state %d", sk, sk->sk_state);
> >> + sk_stop_timer(sk, &sk->sk_timer);
> >> +}
> >> +
> >> static void l2cap_sock_timeout(unsigned long arg)
> >> {
> >> struct sock *sk = (struct sock *) arg;
> >> @@ -92,6 +104,14 @@ static void l2cap_sock_timeout(unsigned long arg)
> >>
> >> bh_lock_sock(sk);
> >>
> >> + if (sock_owned_by_user(sk)) {
> >> + /* sk is owned by user. Try again later */
> >> + l2cap_sock_set_timer(sk, HZ / 5);
> >> + bh_unlock_sock(sk);
> >> + sock_put(sk);
> >
> > You can't do a sock_put() here, you have to keep the referencee to the
> > socket while the timer is enabled.
>
> sk_reset_timer is holding sock when timer restarts. The same way done
> in TCP code in function:
> static void tcp_delack_timer(unsigned long data)
Yes, I got confused, you're right.
--
Gustavo F. Padovan
ProFUSION embedded systems - http://profusion.mobi
^ permalink raw reply
* [PATCH 7/7] Bluetooth: Fix not returning proper error in RFCOMM
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-6-git-send-email-padovan@profusion.mobi>
Return 0 in that situation could lead to errors in the caller.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/rfcomm/sock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index e48fbca..cd7e27a 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -930,7 +930,7 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
/* Check if we have socket listening on channel */
parent = rfcomm_get_sock_by_channel(BT_LISTEN, channel, &src);
if (!parent)
- return 0;
+ return -EINVAL;
bh_lock_sock(parent);
--
1.7.3.1
^ permalink raw reply related
* [PATCH 6/7] Bluetooth: Fix not returning proper error in SCO
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-5-git-send-email-padovan@profusion.mobi>
Return 0 in that situation could lead to errors in the caller.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/sco.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 85b5498..f031b62 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -880,7 +880,7 @@ static int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
int lm = 0;
if (type != SCO_LINK && type != ESCO_LINK)
- return 0;
+ return -EINVAL;
BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
@@ -906,7 +906,7 @@ static int sco_connect_cfm(struct hci_conn *hcon, __u8 status)
BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
- return 0;
+ return -EINVAL;
if (!status) {
struct sco_conn *conn;
@@ -925,7 +925,7 @@ static int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason)
BT_DBG("hcon %p reason %d", hcon, reason);
if (hcon->type != SCO_LINK && hcon->type != ESCO_LINK)
- return 0;
+ return -EINVAL;
sco_conn_del(hcon, bt_err(reason));
--
1.7.3.1
^ permalink raw reply related
* [PATCH 5/7] Bluetooth: Get ride of __rfcomm_get_sock_by_channel()
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-4-git-send-email-padovan@profusion.mobi>
rfcomm_get_sock_by_channel() was the only user of this function, so I merged
both into rfcomm_get_sock_by_channel(). The socket lock now should be hold
outside of rfcomm_get_sock_by_channel() once we hold and release it inside the
same function now.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/rfcomm/sock.c | 19 +++++++------------
1 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 4ed9499..e48fbca 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -142,11 +142,13 @@ static struct sock *rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
/* Find socket with channel and source bdaddr.
* Returns closest match.
*/
-static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
+static struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
{
struct sock *sk = NULL, *sk1 = NULL;
struct hlist_node *node;
+ read_lock(&rfcomm_sk_list.lock);
+
sk_for_each(sk, node, &rfcomm_sk_list.head) {
if (state && sk->sk_state != state)
continue;
@@ -161,19 +163,10 @@ static struct sock *__rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t
sk1 = sk;
}
}
- return node ? sk : sk1;
-}
-/* Find socket with given address (channel, src).
- * Returns locked socket */
-static inline struct sock *rfcomm_get_sock_by_channel(int state, u8 channel, bdaddr_t *src)
-{
- struct sock *s;
- read_lock(&rfcomm_sk_list.lock);
- s = __rfcomm_get_sock_by_channel(state, channel, src);
- if (s) bh_lock_sock(s);
read_unlock(&rfcomm_sk_list.lock);
- return s;
+
+ return node ? sk : sk1;
}
static void rfcomm_sock_destruct(struct sock *sk)
@@ -939,6 +932,8 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
if (!parent)
return 0;
+ bh_lock_sock(parent);
+
/* Check for backlog size */
if (sk_acceptq_is_full(parent)) {
BT_DBG("backlog full %d", parent->sk_ack_backlog);
--
1.7.3.1
^ permalink raw reply related
* [PATCH 4/7] Bluetooth: Get ride of __l2cap_get_sock_by_psm()
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-3-git-send-email-padovan@profusion.mobi>
l2cap_get_sock_by_psm() was the only user of this function, so I merged
both into l2cap_get_sock_by_psm(). The socket lock now should be hold
outside of l2cap_get_sock_by_psm() once we hold and release it inside the
same function now.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 22 +++++++++-------------
1 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 3d48867..27199bc 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -746,11 +746,13 @@ found:
/* Find socket with psm and source bdaddr.
* Returns closest match.
*/
-static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
+static struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
{
struct sock *sk = NULL, *sk1 = NULL;
struct hlist_node *node;
+ read_lock(&l2cap_sk_list.lock);
+
sk_for_each(sk, node, &l2cap_sk_list.head) {
if (state && sk->sk_state != state)
continue;
@@ -765,20 +767,10 @@ static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src
sk1 = sk;
}
}
- return node ? sk : sk1;
-}
-/* Find socket with given address (psm, src).
- * Returns locked socket */
-static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
-{
- struct sock *s;
- read_lock(&l2cap_sk_list.lock);
- s = __l2cap_get_sock_by_psm(state, psm, src);
- if (s)
- bh_lock_sock(s);
read_unlock(&l2cap_sk_list.lock);
- return s;
+
+ return node ? sk : sk1;
}
static void l2cap_sock_destruct(struct sock *sk)
@@ -2921,6 +2913,8 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
goto sendresp;
}
+ bh_lock_sock(parent);
+
/* Check if the ACL is secure enough (if not SDP) */
if (psm != cpu_to_le16(0x0001) &&
!hci_conn_check_link_mode(conn->hcon)) {
@@ -4425,6 +4419,8 @@ static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, str
if (!sk)
goto drop;
+ bh_lock_sock(sk);
+
BT_DBG("sk %p, len %d", sk, skb->len);
if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
--
1.7.3.1
^ permalink raw reply related
* [PATCH 3/7] Bluetooth: Hold the lock inside rfcomm_get_sock_by_addr()
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-2-git-send-email-padovan@profusion.mobi>
It also have to change the name of the function to
rfcomm_get_sock_by_addr() because we do hold the lock inside it now.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/rfcomm/sock.c | 16 +++++-----------
1 files changed, 5 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index aec505f..4ed9499 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -123,16 +123,18 @@ static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err)
}
/* ---- Socket functions ---- */
-static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
+static struct sock *rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src)
{
struct sock *sk = NULL;
struct hlist_node *node;
+ write_lock_bh(&rfcomm_sk_list.lock);
sk_for_each(sk, node, &rfcomm_sk_list.head) {
if (rfcomm_pi(sk)->channel == channel &&
!bacmp(&bt_sk(sk)->src, src))
break;
}
+ write_unlock_bh(&rfcomm_sk_list.lock);
return node ? sk : NULL;
}
@@ -374,9 +376,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
goto done;
}
- write_lock_bh(&rfcomm_sk_list.lock);
-
- if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
+ if (sa->rc_channel && rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) {
err = -EADDRINUSE;
} else {
/* Save source address */
@@ -385,8 +385,6 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr
sk->sk_state = BT_BOUND;
}
- write_unlock_bh(&rfcomm_sk_list.lock);
-
done:
release_sock(sk);
return err;
@@ -459,17 +457,13 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog)
err = -EINVAL;
- write_lock_bh(&rfcomm_sk_list.lock);
-
for (channel = 1; channel < 31; channel++)
- if (!__rfcomm_get_sock_by_addr(channel, src)) {
+ if (!rfcomm_get_sock_by_addr(channel, src)) {
rfcomm_pi(sk)->channel = channel;
err = 0;
break;
}
- write_unlock_bh(&rfcomm_sk_list.lock);
-
if (err < 0)
goto done;
}
--
1.7.3.1
^ permalink raw reply related
* [PATCH 2/7] Bluetooth: Hold the lock inside sco_get_sock_by_addr()
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1288710198-6108-1-git-send-email-padovan@profusion.mobi>
It also have to change the name of the function to
sco_get_sock_by_addr() because we do hold the lock inside it now.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/sco.c | 10 ++++------
1 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index d0927d1..85b5498 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -276,16 +276,18 @@ drop:
}
/* -------- Socket interface ---------- */
-static struct sock *__sco_get_sock_by_addr(bdaddr_t *ba)
+static struct sock *sco_get_sock_by_addr(bdaddr_t *ba)
{
struct sock *sk;
struct hlist_node *node;
+ write_lock_bh(&sco_sk_list.lock);
sk_for_each(sk, node, &sco_sk_list.head)
if (!bacmp(&bt_sk(sk)->src, ba))
goto found;
sk = NULL;
found:
+ write_unlock_bh(&sco_sk_list.lock);
return sk;
}
@@ -469,9 +471,7 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
goto done;
}
- write_lock_bh(&sco_sk_list.lock);
-
- if (bacmp(src, BDADDR_ANY) && __sco_get_sock_by_addr(src)) {
+ if (bacmp(src, BDADDR_ANY) && sco_get_sock_by_addr(src)) {
err = -EADDRINUSE;
} else {
/* Save source address */
@@ -479,8 +479,6 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
sk->sk_state = BT_BOUND;
}
- write_unlock_bh(&sco_sk_list.lock);
-
done:
release_sock(sk);
return err;
--
1.7.3.1
^ permalink raw reply related
* [PATCH 1/7] Bluetooth: Hold the lock inside l2cap_get_sock_by_addr()
From: Gustavo F. Padovan @ 2010-11-02 15:03 UTC (permalink / raw)
To: linux-bluetooth
It also have to change the name of the function to
l2cap_get_sock_by_addr() because we do hold the lock inside it now.
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
---
net/bluetooth/l2cap.c | 17 ++++++-----------
1 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 6f931cc..3d48867 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -728,15 +728,18 @@ static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, stru
}
/* ---- Socket interface ---- */
-static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
+static struct sock *l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
{
struct sock *sk;
struct hlist_node *node;
+
+ write_lock_bh(&l2cap_sk_list.lock);
sk_for_each(sk, node, &l2cap_sk_list.head)
if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
goto found;
sk = NULL;
found:
+ write_unlock_bh(&l2cap_sk_list.lock);
return sk;
}
@@ -1024,9 +1027,7 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
}
}
- write_lock_bh(&l2cap_sk_list.lock);
-
- if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
+ if (la.l2_psm && l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
err = -EADDRINUSE;
} else {
/* Save source address */
@@ -1040,8 +1041,6 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
}
- write_unlock_bh(&l2cap_sk_list.lock);
-
done:
release_sock(sk);
return err;
@@ -1257,18 +1256,14 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
err = -EINVAL;
- write_lock_bh(&l2cap_sk_list.lock);
-
for (psm = 0x1001; psm < 0x1100; psm += 2)
- if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
+ if (!l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
l2cap_pi(sk)->psm = cpu_to_le16(psm);
l2cap_pi(sk)->sport = cpu_to_le16(psm);
err = 0;
break;
}
- write_unlock_bh(&l2cap_sk_list.lock);
-
if (err < 0)
goto done;
}
--
1.7.3.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox