* [PATCH 07/24] Bluetooth: Release rfcomm_dev only once
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
No logic prevents an rfcomm_dev from being released multiple
times. For example, if the rfcomm_dev ref count is large due
to pending tx, then multiple RFCOMMRELEASEDEV ioctls may
mistakenly release the rfcomm_dev too many times. Note that
concurrent ioctls are not required to create this condition.
Introduce RFCOMM_DEV_RELEASED status bit which guarantees the
rfcomm_dev can only be released once.
NB: Since the flags are exported to userspace, introduce the status
field to track state for which userspace should not be aware.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
include/net/bluetooth/rfcomm.h | 6 +++++-
net/bluetooth/rfcomm/tty.c | 11 +++++++++--
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
index 486213a..29d9727 100644
--- a/include/net/bluetooth/rfcomm.h
+++ b/include/net/bluetooth/rfcomm.h
@@ -323,11 +323,15 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel,
#define RFCOMMGETDEVINFO _IOR('R', 211, int)
#define RFCOMMSTEALDLC _IOW('R', 220, int)
+/* rfcomm_dev.flags bit definitions */
#define RFCOMM_REUSE_DLC 0
#define RFCOMM_RELEASE_ONHUP 1
#define RFCOMM_HANGUP_NOW 2
#define RFCOMM_TTY_ATTACHED 3
-#define RFCOMM_TTY_RELEASED 4
+#define RFCOMM_DEFUNCT_BIT4 4 /* don't reuse this bit - userspace visible */
+
+/* rfcomm_dev.status bit definitions */
+#define RFCOMM_DEV_RELEASED 0
struct rfcomm_dev_req {
s16 dev_id;
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index b385d99..d9d4bc8 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -51,6 +51,8 @@ struct rfcomm_dev {
unsigned long flags;
int err;
+ unsigned long status; /* don't export to userspace */
+
bdaddr_t src;
bdaddr_t dst;
u8 channel;
@@ -423,6 +425,12 @@ static int rfcomm_release_dev(void __user *arg)
return -EPERM;
}
+ /* only release once */
+ if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) {
+ tty_port_put(&dev->port);
+ return -EALREADY;
+ }
+
if (req.flags & (1 << RFCOMM_HANGUP_NOW))
rfcomm_dlc_close(dev->dlc, 0);
@@ -433,8 +441,7 @@ static int rfcomm_release_dev(void __user *arg)
tty_kref_put(tty);
}
- if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags) &&
- !test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags))
+ if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
tty_port_put(&dev->port);
tty_port_put(&dev->port);
--
1.8.1.2
^ permalink raw reply related
* [PATCH 06/24] Bluetooth: Exclude released devices from RFCOMMGETDEVLIST ioctl
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
When enumerating RFCOMM devices in the rfcomm_dev_list, holding
the rfcomm_dev_lock only guarantees the existence of the enumerated
rfcomm_dev in memory, and not safe access to its state. Testing
the device state (such as RFCOMM_TTY_RELEASED) does not guarantee
the device will remain in that state for the subsequent access
to the rfcomm_dev's fields, nor guarantee that teardown has not
commenced.
Obtain an rfcomm_dev reference for the duration of rfcomm_dev
access.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
net/bluetooth/rfcomm/tty.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 7cf193f..b385d99 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -468,7 +468,7 @@ static int rfcomm_get_dev_list(void __user *arg)
spin_lock(&rfcomm_dev_lock);
list_for_each_entry(dev, &rfcomm_dev_list, list) {
- if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
+ if (!tty_port_get(&dev->port))
continue;
(di + n)->id = dev->id;
(di + n)->flags = dev->flags;
@@ -476,6 +476,7 @@ static int rfcomm_get_dev_list(void __user *arg)
(di + n)->channel = dev->channel;
bacpy(&(di + n)->src, &dev->src);
bacpy(&(di + n)->dst, &dev->dst);
+ tty_port_put(&dev->port);
if (++n >= dev_num)
break;
}
--
1.8.1.2
^ permalink raw reply related
* [PATCH 05/24] Bluetooth: Fix racy acquire of rfcomm_dev reference
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley, Jiri Slaby,
Greg Kroah-Hartman
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
rfcomm_dev_get() can return a rfcomm_dev reference for a
device for which destruction may be commencing. This can happen
on tty destruction, which calls rfcomm_tty_cleanup(), the last
port reference may have been released but RFCOMM_TTY_RELEASED
was not set. The following race is also possible:
CPU 0 | CPU 1
| rfcomm_release_dev
rfcomm_dev_get | .
spin_lock | .
dev = __rfcomm_dev_get | .
if dev | .
if test_bit(TTY_RELEASED) | .
| !test_and_set_bit(TTY_RELEASED)
| tty_port_put <<<< last reference
else |
tty_port_get |
The reference acquire is bogus because destruction will commence
with the release of the last reference.
Ignore the external state change of TTY_RELEASED and instead rely
on the reference acquire itself to determine if the reference is
valid.
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
net/bluetooth/rfcomm/tty.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index a535ef1..7cf193f 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -157,12 +157,8 @@ static struct rfcomm_dev *rfcomm_dev_get(int id)
dev = __rfcomm_dev_get(id);
- if (dev) {
- if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags))
- dev = NULL;
- else
- tty_port_get(&dev->port);
- }
+ if (dev && !tty_port_get(&dev->port))
+ dev = NULL;
spin_unlock(&rfcomm_dev_lock);
--
1.8.1.2
^ permalink raw reply related
* [PATCH 04/24] tty: Fix ref counting for port krefs
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley, Jiri Slaby,
Greg Kroah-Hartman
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
The tty core supports two models for handling tty_port lifetimes;
the tty_port can use the kref supplied by tty_port (which will
automatically destruct the tty_port when the ref count drops to
zero) or it can destruct the tty_port manually.
For tty drivers that choose to use the port kref to manage the
tty_port lifetime, it is not possible to safely acquire a port
reference conditionally. If the last reference is released after
evaluating the condition but before acquiring the reference, a
bogus reference will be held while the tty_port destruction
commences.
Rather, only acquire a port reference if the ref count is non-zero
and allow the caller to distinguish if a reference has successfully
been acquired.
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
include/linux/tty.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 90b4fdc..4781d7b 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -518,9 +518,9 @@ extern void tty_port_put(struct tty_port *port);
static inline struct tty_port *tty_port_get(struct tty_port *port)
{
- if (port)
- kref_get(&port->kref);
- return port;
+ if (port && kref_get_unless_zero(&port->kref))
+ return port;
+ return NULL;
}
/* If the cts flow control is enabled, return true. */
--
1.8.1.2
^ permalink raw reply related
* [PATCH 03/24] Revert "Bluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()"
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
This reverts commit e228b63390536f5b737056059a9a04ea016b1abf.
This is the third of a 3-patch revert, together with
Revert "Bluetooth: Remove rfcomm_carrier_raised()" and
Revert "Bluetooth: Always wait for a connection on RFCOMM open()".
Commit 4a2fb3ecc7467c775b154813861f25a0ddc11aa0,
"Bluetooth: Always wait for a connection on RFCOMM open()" open-codes
blocking on tty open(), rather than using the default behavior
implemented by the tty port.
The reasons for reverting that patch are detailed in that changelog;
this patch restores required functionality for that revert.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
net/bluetooth/rfcomm/tty.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 32ef9f9..a535ef1 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -103,22 +103,6 @@ static void rfcomm_dev_destruct(struct tty_port *port)
module_put(THIS_MODULE);
}
-static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
-{
- struct hci_dev *hdev;
- struct hci_conn *conn;
-
- hdev = hci_get_route(&dev->dst, &dev->src);
- if (!hdev)
- return NULL;
-
- conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
-
- hci_dev_put(hdev);
-
- return conn ? &conn->dev : NULL;
-}
-
/* device-specific initialization: open the dlc */
static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
{
@@ -185,6 +169,22 @@ static struct rfcomm_dev *rfcomm_dev_get(int id)
return dev;
}
+static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
+{
+ struct hci_dev *hdev;
+ struct hci_conn *conn;
+
+ hdev = hci_get_route(&dev->dst, &dev->src);
+ if (!hdev)
+ return NULL;
+
+ conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
+
+ hci_dev_put(hdev);
+
+ return conn ? &conn->dev : NULL;
+}
+
static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf)
{
struct rfcomm_dev *dev = dev_get_drvdata(tty_dev);
--
1.8.1.2
^ permalink raw reply related
* [PATCH 02/24] Revert "Bluetooth: Always wait for a connection on RFCOMM open()"
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
This reverts commit 4a2fb3ecc7467c775b154813861f25a0ddc11aa0.
This is the second of a 3-patch revert, together with
Revert "Bluetooth: Remove rfcomm_carrier_raised()" and
Revert "Bluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()".
Before commit cad348a17e170451ea8688b532a6ca3e98c63b60,
Bluetooth: Implement .activate, .shutdown and .carrier_raised methods,
tty_port_block_til_ready() was open-coded in rfcomm_tty_install() as
part of the RFCOMM tty open().
Unfortunately, it did not implement non-blocking open nor CLOCAL open,
but rather always blocked for carrier. This is not the expected or
typical behavior for ttys, and prevents several common terminal
programming idioms from working (eg., opening in non-blocking
mode to initialize desired termios settings then re-opening for
connection).
Commit cad348a17e170451ea8688b532a6ca3e98c63b60,
Bluetooth: Implement .activate, .shutdown and .carrier_raised methods,
added the necessary tty_port methods to use the default tty_port_open().
However, this triggered two important user-space regressions.
The first regression involves the complicated mechanism for reparenting
the rfcomm tty device to the ACL link device which represents an
open link to a specific bluetooth host. This regression causes ModemManager
to conclude the rfcomm tty device does not front a modem so it makes
no attempt to initialize an attached modem. This regression is
caused by the lack of a device_move() if the dlc is already open (and
not specifically related to the open-coded block_til_ready()).
A more appropriate solution is submitted in
"Bluetooth: Fix unsafe RFCOMM device parenting" and
"Bluetooth: Fix RFCOMM parent device for reused dlc"
The second regression involves "rfcomm bind" and wvdial (a ppp dialer).
rfcomm bind creates a device node for a /dev/rfcomm<n>. wvdial opens
that device in non-blocking mode (because it expects the connection
to have already been established). In addition, subsequent writes
to the rfcomm tty device fail (because the link is not yet connected;
rfcomm connection begins with the actual tty open()).
However, restoring the original behavior (in the patch which
this reverts) was undesirable.
Firstly, the original reporter notes that a trivial userspace
"workaround" already exists: rfcomm connect, which creates the
device node and establishes the expected connection.
Secondly, the failed writes occur because the rfcomm tty driver
does not buffer writes to an unconnected device; this contrasts with
the dozen of other tty drivers (in fact, all of them) that do just
that. The submitted patch "Bluetooth: Don't fail RFCOMM tty writes"
corrects this.
Thirdly, it was a long-standing bug to block on non-blocking open,
which is re-fixed by revert.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
net/bluetooth/rfcomm/tty.c | 46 ++++++++--------------------------------------
1 file changed, 8 insertions(+), 38 deletions(-)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index aeabade..32ef9f9 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -58,7 +58,6 @@ struct rfcomm_dev {
uint modem_status;
struct rfcomm_dlc *dlc;
- wait_queue_head_t conn_wait;
struct device *tty_dev;
@@ -124,40 +123,8 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
{
struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
- DEFINE_WAIT(wait);
- int err;
-
- err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
- if (err)
- return err;
-
- while (1) {
- prepare_to_wait(&dev->conn_wait, &wait, TASK_INTERRUPTIBLE);
- if (dev->dlc->state == BT_CLOSED) {
- err = -dev->err;
- break;
- }
-
- if (dev->dlc->state == BT_CONNECTED)
- break;
-
- if (signal_pending(current)) {
- err = -ERESTARTSYS;
- break;
- }
-
- tty_unlock(tty);
- schedule();
- tty_lock(tty);
- }
- finish_wait(&dev->conn_wait, &wait);
-
- if (!err)
- device_move(dev->tty_dev, rfcomm_get_device(dev),
- DPM_ORDER_DEV_AFTER_PARENT);
-
- return err;
+ return rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel);
}
/* we block the open until the dlc->state becomes BT_CONNECTED */
@@ -184,6 +151,7 @@ static const struct tty_port_operations rfcomm_port_ops = {
.destruct = rfcomm_dev_destruct,
.activate = rfcomm_dev_activate,
.shutdown = rfcomm_dev_shutdown,
+ .carrier_raised = rfcomm_dev_carrier_raised,
};
static struct rfcomm_dev *__rfcomm_dev_get(int id)
@@ -290,7 +258,6 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
tty_port_init(&dev->port);
dev->port.ops = &rfcomm_port_ops;
- init_waitqueue_head(&dev->conn_wait);
skb_queue_head_init(&dev->pending);
@@ -609,9 +576,12 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err)
BT_DBG("dlc %p dev %p err %d", dlc, dev, err);
dev->err = err;
- wake_up_interruptible(&dev->conn_wait);
+ if (dlc->state == BT_CONNECTED) {
+ device_move(dev->tty_dev, rfcomm_get_device(dev),
+ DPM_ORDER_DEV_AFTER_PARENT);
- if (dlc->state == BT_CLOSED)
+ wake_up_interruptible(&dev->port.open_wait);
+ } else if (dlc->state == BT_CLOSED)
tty_port_tty_hangup(&dev->port, false);
}
@@ -1133,7 +1103,7 @@ int __init rfcomm_init_ttys(void)
rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL;
rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV;
rfcomm_tty_driver->init_termios = tty_std_termios;
- rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
+ rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL;
rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON;
tty_set_operations(rfcomm_tty_driver, &rfcomm_ops);
--
1.8.1.2
^ permalink raw reply related
* [PATCH 01/24] Revert "Bluetooth: Remove rfcomm_carrier_raised()"
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
In-Reply-To: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
This reverts commit f86772af6a0f643d3e13eb3f4f9213ae0c333ee4.
This is the first of a 3-patch revert, together with
Revert "Bluetooth: Always wait for a connection on RFCOMM open()" and
Revert "Bluetooth: Move rfcomm_get_device() before rfcomm_dev_activate()".
Commit 4a2fb3ecc7467c775b154813861f25a0ddc11aa0,
"Bluetooth: Always wait for a connection on RFCOMM open()" open-codes
blocking on tty open(), rather than using the default behavior
implemented by the tty port.
The reasons for reverting that patch are detailed in that changelog;
this patch restores required functionality for that revert.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
---
net/bluetooth/rfcomm/tty.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index f9c0980a..aeabade 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -160,6 +160,14 @@ static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty)
return err;
}
+/* we block the open until the dlc->state becomes BT_CONNECTED */
+static int rfcomm_dev_carrier_raised(struct tty_port *port)
+{
+ struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port);
+
+ return (dev->dlc->state == BT_CONNECTED);
+}
+
/* device-specific cleanup: close the dlc */
static void rfcomm_dev_shutdown(struct tty_port *port)
{
--
1.8.1.2
^ permalink raw reply related
* [PATCH 00/24] rfcomm fixes
From: Peter Hurley @ 2014-02-10 1:59 UTC (permalink / raw)
To: Marcel Holtmann
Cc: Gustavo Padovan, Johan Hedberg, Gianluca Anzolin,
Alexander Holler, Andrey Vihrov, Sander Eikelenboom,
linux-bluetooth, linux-kernel, Peter Hurley
Marcel,
This patch series addresses a number of previously unknown issues
with the RFCOMM tty device implementation, in addition to
addressing the locking regression recently reported [1].
As Gianluca suggested and I agree, this series first reverts
3 of the 4 patches of 3.14-rc1 for bluetooth/rfcomm/tty.c.
The reasoning is detailed in the changelog for
Revert "Bluetooth: Always wait for a connection on RFCOMM open()"
but the short answer is that it re-implements a long-standing
bug by blocking on a non-blocking open.
This patch series corrects the reported regressions from 3.13
(to the extent that correction is required). Specifically,
the ModemManager regression reported by Gianluca Anzolin [2]
and the rfcomm bind with wvdial reported by Andrey Vihrov [3].
tty: Fix ref counting for port krefs
Bluetooth: Fix racy acquire of rfcomm_dev reference
Bluetooth: Exclude released devices from RFCOMMGETDEVLIST ioctl
Bluetooth: Release rfcomm_dev only once
Bluetooth: Fix unreleased rfcomm_dev reference
These first 5 patches after the reverts
fix 4 different rfcomm_dev ref count mishandling bugs.
Bluetooth: Fix RFCOMM tty teardown race and
Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls
Fix races which occur due to the design of the rfcomm ioctls
(note that buses don't have these kinds of races).
Bluetooth: Verify dlci not in use before rfcomm_dev create
Bluetooth: Simplify RFCOMM session state eval
Bluetooth: Refactor deferred setup test in rfcomm_dlc_close()
Bluetooth: Refactor dlc disconnect logic in rfcomm_dlc_close()
Bluetooth: Directly close dlc for not yet started RFCOMM session
These 5 patches fix issues with reusing the dlci after
closing the tty (found by unit test).
Bluetooth: Fix unsafe RFCOMM device parenting
Bluetooth: Fix RFCOMM parent device for reused dlc
These 2 patches fix the ModemManager regression.
Bluetooth: Refactor rfcomm_dev_add()
Bluetooth: Cleanup RFCOMM device registration error handling
These 2 patches fix an unreleased module reference while
error handling.
Bluetooth: Rename __rfcomm_dev_get() to __rfcomm_dev_lookup()
This is a trivial naming patch with no functional impact.
Bluetooth: Force -EIO from tty read/write if .activate() fails
The tty core provides an existing mechanism for failing
reads/writes if device activation fails (like an error
allocating the dlc).
Bluetooth: Don't fail RFCOMM tty writes
This patch implements buffered writes even if the device
is not connected.
While unit testing this, I discovered a serious defect in
the way available space is computed that under-utilizes
rfcomm i/o and may even halt further tx on that link, which
is fixed by:
Bluetooth: Refactor write_room() calculation
Bluetooth: Fix write_room() calculation
Note that this series does not fix the naively inefficient
method of packetizing tty output; packetizing should be
done on the krfcommd thread to take advantage of aggregating
multiple tty writes into 1 or more packets. Look at any
line-by-line console output to realize how under-utilized
the rfcomm tty packeting is.
[1] http://www.spinics.net/lists/linux-wireless/msg117818.html
[2] http://www.spinics.net/lists/linux-bluetooth/msg42075.html
[3] http://www.spinics.net/lists/linux-bluetooth/msg42057.html
Regards,
Peter Hurley (24):
Revert "Bluetooth: Remove rfcomm_carrier_raised()"
Revert "Bluetooth: Always wait for a connection on RFCOMM open()"
Revert "Bluetooth: Move rfcomm_get_device() before
rfcomm_dev_activate()"
tty: Fix ref counting for port krefs
Bluetooth: Fix racy acquire of rfcomm_dev reference
Bluetooth: Exclude released devices from RFCOMMGETDEVLIST ioctl
Bluetooth: Release rfcomm_dev only once
Bluetooth: Fix unreleased rfcomm_dev reference
Bluetooth: Fix RFCOMM tty teardown race
Bluetooth: Verify dlci not in use before rfcomm_dev create
Bluetooth: Simplify RFCOMM session state eval
Bluetooth: Refactor deferred setup test in rfcomm_dlc_close()
Bluetooth: Refactor dlc disconnect logic in rfcomm_dlc_close()
Bluetooth: Directly close dlc for not yet started RFCOMM session
Bluetooth: Fix unsafe RFCOMM device parenting
Bluetooth: Fix RFCOMM parent device for reused dlc
Bluetooth: Rename __rfcomm_dev_get() to __rfcomm_dev_lookup()
Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls
Bluetooth: Refactor rfcomm_dev_add()
Bluetooth: Cleanup RFCOMM device registration error handling
Bluetooth: Force -EIO from tty read/write if .activate() fails
Bluetooth: Don't fail RFCOMM tty writes
Bluetooth: Refactor write_room() calculation
Bluetooth: Fix write_room() calculation
include/linux/tty.h | 6 +-
include/net/bluetooth/rfcomm.h | 9 +-
net/bluetooth/rfcomm/core.c | 88 ++++++++++----
net/bluetooth/rfcomm/tty.c | 262 ++++++++++++++++++++++-------------------
4 files changed, 223 insertions(+), 142 deletions(-)
--
1.8.1.2
^ permalink raw reply
* Bluez 5, A2DP headphones
From: Pavel Volkov @ 2014-02-09 20:37 UTC (permalink / raw)
To: linux-bluetooth
I'm having trouble connecting to my headphones after upgrading from Bluez 4 to
Bluez 5 with a few more people.
Link to Gentoo Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=499908
Summary:
I'm not using PulseAudio and this is the error from system journal:
2月 09 15:01:54 melforce bluetoothd[12825]: a2dp-sink profile connect failed for
00:02:3C:31:96:12: Protocol not available
It appears when I try to connect to it from bluedevil (KDE's Bluetooth stack)
or when mplayer2 tries to open the ALSA device.
Do you have any clues?
^ permalink raw reply
* Some patches applied on Fedora that maybe should be considered for being applied upstream
From: Pacho Ramos @ 2014-02-09 8:53 UTC (permalink / raw)
To: BlueZ development
Hello
I was looking at bluez package and found some patches that maybe could
be upstreamed. Also, I would like to know the reasons for not accepting
them to ensure they are safe to be applied downstream by us too :)
http://pkgs.fedoraproject.org/cgit/bluez.git/tree/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch -> Does this cause any issues with systemd --user setups?
http://pkgs.fedoraproject.org/cgit/bluez.git/tree/0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
http://pkgs.fedoraproject.org/cgit/bluez.git/tree/0002-autopair-Don-t-handle-the-iCade.patch
http://pkgs.fedoraproject.org/cgit/bluez.git/tree/0004-agent-Assert-possible-infinite-loop.patch
-> Any reason for not applying it upstream too?
http://pkgs.fedoraproject.org/cgit/bluez.git/tree/0001-work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch
-> Taking care this looks to be a really old issue, maybe using the
workaround would be the only option for now :/
Thanks a lot for your thoughts :)
^ permalink raw reply
* RE: possible bug in blueZ 5.8 gatt tool or library
From: Caleb Reinhold @ 2014-02-07 23:34 UTC (permalink / raw)
To: 'Anderson Lizardo'; +Cc: 'BlueZ development'
In-Reply-To: <CAJdJm_OeMUO5Qj3Amg7ADtkJRsRBpoixD2MEBBWHUA3V1M1OqA@mail.gmail.com>
Hi Anderson,
>If I remember correctly, the issue is in the kernel: if connect() is called
when security level is medium,
>the socket only gets POLLOUT once SMP pairing finishes, and any ATT PDU
received during that time is lost.
This is useful and interesting to know.
>Note that it's almost certain that your device is sending the indication
without requiring encryption.
>Otherwise, it would have sent a Security Request (which triggers a Pairing
Request from the Linux side)
>and wait for the encryption to be enabled before sending the indication. If
that was the case,
>the kernel would deliver the ATT PDU to gatttool after encryption is
enabled and it would work as expected.
It seems our device is indeed sending the indication without requiring
encryption. The suggestion of updating the central device to start with low
security and then change to medium security is producing the desired
behavior. Thank you for your time and assistance.
Regards,
Caleb Reinhold
^ permalink raw reply
* [PATCH 5/5] rctest: Fix memory leak
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812125-19594-1-git-send-email-andre.guedes@openbossa.org>
---
tools/rctest.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/rctest.c b/tools/rctest.c
index 77fa03c..9281392 100644
--- a/tools/rctest.c
+++ b/tools/rctest.c
@@ -466,8 +466,11 @@ static void save_mode(int sk)
while ((len = read(sk, b, data_size)) > 0) {
ret = write(save_fd, b, len);
if (ret < 0)
- return;
+ goto done;
}
+
+done:
+ free(b);
}
static void recv_mode(int sk)
--
1.8.5.3
^ permalink raw reply related
* [PATCH 4/5] amptest: Fix memory leak
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812125-19594-1-git-send-email-andre.guedes@openbossa.org>
---
tools/amptest.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/tools/amptest.c b/tools/amptest.c
index 16f15bc..6192f7e 100644
--- a/tools/amptest.c
+++ b/tools/amptest.c
@@ -496,6 +496,7 @@ static bool find_amp_controller(void)
struct hci_dev_list_req *dl;
struct hci_dev_req *dr;
int fd, i;
+ bool result;
fd = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
if (fd < 0) {
@@ -515,8 +516,8 @@ static bool find_amp_controller(void)
if (ioctl(fd, HCIGETDEVLIST, (void *) dl) < 0) {
perror("Failed to get HCI device list");
- close(fd);
- return false;
+ result = false;
+ goto done;
}
for (i = 0; i< dl->dev_num; i++) {
@@ -541,9 +542,12 @@ static bool find_amp_controller(void)
}
}
- close(fd);
+ result = true;
- return true;
+done:
+ free(dl);
+ close(fd);
+ return result;
}
int main(int argc ,char *argv[])
--
1.8.5.3
^ permalink raw reply related
* [PATCH 3/5] cltest: Fix memory leak
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812125-19594-1-git-send-email-andre.guedes@openbossa.org>
---
tools/cltest.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/cltest.c b/tools/cltest.c
index 16b7553..4ddb98a 100644
--- a/tools/cltest.c
+++ b/tools/cltest.c
@@ -205,8 +205,8 @@ static bool find_controllers(void)
dl = malloc(HCI_MAX_DEV * sizeof(struct hci_dev_req) + sizeof(uint16_t));
if (!dl) {
perror("Failed allocate HCI device request memory");
- result = false;
- goto done;
+ close(fd);
+ return false;
}
dl->dev_num = HCI_MAX_DEV;
@@ -243,6 +243,7 @@ static bool find_controllers(void)
}
done:
+ free(dl);
close(fd);
return result;
}
--
1.8.5.3
^ permalink raw reply related
* [PATCH 2/5] hcidump: Fix memory leak
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812125-19594-1-git-send-email-andre.guedes@openbossa.org>
Memory pointed by frm.data variable was not freed in both failure and
success flows.
---
tools/hcidump.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/hcidump.c b/tools/hcidump.c
index 50123d2..2bbc207 100644
--- a/tools/hcidump.c
+++ b/tools/hcidump.c
@@ -309,7 +309,7 @@ static void read_dump(int fd)
if (err < 0)
goto failed;
if (!err)
- return;
+ goto done;
if (parser.flags & DUMP_PKTLOG) {
switch (ph.type) {
@@ -407,7 +407,7 @@ static void read_dump(int fd)
if (err < 0)
goto failed;
if (!err)
- return;
+ goto done;
frm.ptr = frm.data;
frm.len = frm.data_len;
@@ -432,8 +432,13 @@ static void read_dump(int fd)
parse(&frm);
}
+done:
+ free(frm.data);
+ return;
+
failed:
perror("Read failed");
+ free(frm.data);
exit(1);
}
--
1.8.5.3
^ permalink raw reply related
* [PATCH 1/5] hcitool: Fix memory leak in cmd_info
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812125-19594-1-git-send-email-andre.guedes@openbossa.org>
Free memory pointed by cr variable after it is used.
---
tools/hcitool.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/hcitool.c b/tools/hcitool.c
index 8a92067..c2df8e3 100644
--- a/tools/hcitool.c
+++ b/tools/hcitool.c
@@ -961,6 +961,7 @@ static void cmd_info(int dev_id, int argc, char **argv)
htobs(di.pkt_type & ACL_PTYPE_MASK),
0, 0x01, &handle, 25000) < 0) {
perror("Can't create connection");
+ free(cr);
close(dd);
exit(1);
}
@@ -969,6 +970,8 @@ static void cmd_info(int dev_id, int argc, char **argv)
} else
handle = htobs(cr->conn_info->handle);
+ free(cr);
+
printf("\tBD Address: %s\n", argv[0]);
comp = batocomp(&bdaddr);
--
1.8.5.3
^ permalink raw reply related
* [PATCH 0/5] Fixes for memory leaks
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
Hi all,
This patch set fixes some memory leaks reported by clang static analyzer.
There is no relation between patches of this set so they can be applied
independently.
BR,
Andre
Andre Guedes (5):
hcitool: Fix memory leak in cmd_info
hcidump: Fix memory leak
cltest: Fix memory leak
amptest: Fix memory leak
rctest: Fix memory leak
tools/amptest.c | 12 ++++++++----
tools/cltest.c | 5 +++--
tools/hcidump.c | 9 +++++++--
tools/hcitool.c | 3 +++
tools/rctest.c | 5 ++++-
5 files changed, 25 insertions(+), 9 deletions(-)
--
1.8.5.3
^ permalink raw reply
* [PATCH] gitignore: Add cscope files
From: Andre Guedes @ 2014-02-07 22:28 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812080-19529-1-git-send-email-andre.guedes@openbossa.org>
---
.gitignore | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.gitignore b/.gitignore
index b86deae..fe6636e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -121,3 +121,7 @@ android/android-tester
android/ipc-tester
android/bluetoothd-snoop
android/test-ipc
+
+cscope.in.out
+cscope.out
+cscope.po.out
--
1.8.5.3
^ permalink raw reply related
* [PATCH] btsnoop: Remove unused local function and macro
From: Andre Guedes @ 2014-02-07 22:27 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391812080-19529-1-git-send-email-andre.guedes@openbossa.org>
---
tools/btsnoop.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/tools/btsnoop.c b/tools/btsnoop.c
index a65d8c5..260dfdb 100644
--- a/tools/btsnoop.c
+++ b/tools/btsnoop.c
@@ -40,19 +40,6 @@
#include "monitor/btsnoop.h"
-static inline uint64_t ntoh64(uint64_t n)
-{
- uint64_t h;
- uint64_t tmp = ntohl(n & 0x00000000ffffffff);
-
- h = ntohl(n >> 32);
- h |= tmp << 32;
-
- return h;
-}
-
-#define hton64(x) ntoh64(x)
-
struct btsnoop_hdr {
uint8_t id[8]; /* Identification Pattern */
uint32_t version; /* Version Number = 1 */
--
1.8.5.3
^ permalink raw reply related
* [PATCH] health: Fix HealthDevice dbus registration
From: Andre Guedes @ 2014-02-07 22:27 UTC (permalink / raw)
To: linux-bluetooth
For some reason, HealthDevice property table wasn't been registered.
---
profiles/health/hdp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c
index 622d95b..48dad52 100644
--- a/profiles/health/hdp.c
+++ b/profiles/health/hdp.c
@@ -2145,7 +2145,8 @@ static struct hdp_device *create_health_device(struct btd_device *device)
if (!g_dbus_register_interface(btd_get_dbus_connection(),
path, HEALTH_DEVICE,
health_device_methods,
- health_device_signals, NULL,
+ health_device_signals,
+ health_device_properties,
dev, health_device_destroy)) {
error("D-Bus failed to register %s interface", HEALTH_DEVICE);
goto fail;
--
1.8.5.3
^ permalink raw reply related
* [PATCH BlueZ 3/3] lib/sdp: Fix printing of multiple record fields
From: Anderson Lizardo @ 2014-02-07 20:14 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1391804086-14428-1-git-send-email-anderson.lizardo@openbossa.org>
If there are multiple fields to print, sdp_record_print() was missing a
newline between entries.
---
lib/sdp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 0a7cb6f..e5e4622 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -1605,13 +1605,13 @@ void sdp_record_print(const sdp_record_t *rec)
{
sdp_data_t *d = sdp_data_get(rec, SDP_ATTR_SVCNAME_PRIMARY);
if (d && SDP_IS_TEXT_STR(d->dtd))
- printf("Service Name: %.*s", d->unitSize, d->val.str);
+ printf("Service Name: %.*s\n", d->unitSize, d->val.str);
d = sdp_data_get(rec, SDP_ATTR_SVCDESC_PRIMARY);
if (d && SDP_IS_TEXT_STR(d->dtd))
- printf("Service Description: %.*s", d->unitSize, d->val.str);
+ printf("Service Description: %.*s\n", d->unitSize, d->val.str);
d = sdp_data_get(rec, SDP_ATTR_PROVNAME_PRIMARY);
if (d && SDP_IS_TEXT_STR(d->dtd))
- printf("Service Provider: %.*s", d->unitSize, d->val.str);
+ printf("Service Provider: %.*s\n", d->unitSize, d->val.str);
}
#ifdef SDP_DEBUG
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/3] tools/sdptool: Fix output formatting
From: Anderson Lizardo @ 2014-02-07 20:14 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1391804086-14428-1-git-send-email-anderson.lizardo@openbossa.org>
Print 8-bit and 16-bit integers with in a more readable format.
---
tools/sdptool.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/sdptool.c b/tools/sdptool.c
index d6b7006..1600c3e 100644
--- a/tools/sdptool.c
+++ b/tools/sdptool.c
@@ -1048,7 +1048,7 @@ static void print_service_desc(void *value, void *user)
if (proto == RFCOMM_UUID)
printf(" Channel: %d\n", p->val.uint8);
else
- printf(" uint8: 0x%x\n", p->val.uint8);
+ printf(" uint8: 0x%02x\n", p->val.uint8);
break;
case SDP_UINT16:
if (proto == L2CAP_UUID) {
@@ -1060,9 +1060,9 @@ static void print_service_desc(void *value, void *user)
if (i == 1)
printf(" Version: 0x%04x\n", p->val.uint16);
else
- printf(" uint16: 0x%x\n", p->val.uint16);
+ printf(" uint16: 0x%04x\n", p->val.uint16);
else
- printf(" uint16: 0x%x\n", p->val.uint16);
+ printf(" uint16: 0x%04x\n", p->val.uint16);
break;
case SDP_SEQ16:
printf(" SEQ16:");
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/3] lib/sdp: Add missing Service Class ID for GAP
From: Anderson Lizardo @ 2014-02-07 20:14 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
Also reorder last ID so the list remains ordered.
---
lib/sdp.c | 3 ++-
lib/sdp.h | 7 ++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index 3b26ec3..0a7cb6f 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -181,8 +181,9 @@ static struct tupla ServiceClass[] = {
{ HDP_SVCLASS_ID, "HDP" },
{ HDP_SOURCE_SVCLASS_ID, "HDP Source" },
{ HDP_SINK_SVCLASS_ID, "HDP Sink" },
- { APPLE_AGENT_SVCLASS_ID, "Apple Agent" },
+ { GENERIC_ACCESS_SVCLASS_ID, "Generic Access" },
{ GENERIC_ATTRIB_SVCLASS_ID, "Generic Attribute" },
+ { APPLE_AGENT_SVCLASS_ID, "Apple Agent" },
{ 0 }
};
diff --git a/lib/sdp.h b/lib/sdp.h
index c6dfc27..516d75d 100644
--- a/lib/sdp.h
+++ b/lib/sdp.h
@@ -150,8 +150,9 @@ extern "C" {
#define HDP_SVCLASS_ID 0x1400
#define HDP_SOURCE_SVCLASS_ID 0x1401
#define HDP_SINK_SVCLASS_ID 0x1402
-#define APPLE_AGENT_SVCLASS_ID 0x2112
+#define GENERIC_ACCESS_SVCLASS_ID 0x1800
#define GENERIC_ATTRIB_SVCLASS_ID 0x1801
+#define APPLE_AGENT_SVCLASS_ID 0x2112
/*
* Standard profile descriptor identifiers; note these
@@ -224,9 +225,9 @@ extern "C" {
#define HDP_PROFILE_ID HDP_SVCLASS_ID
#define HDP_SOURCE_PROFILE_ID HDP_SOURCE_SVCLASS_ID
#define HDP_SINK_PROFILE_ID HDP_SINK_SVCLASS_ID
-#define APPLE_AGENT_PROFILE_ID APPLE_AGENT_SVCLASS_ID
-#define GENERIC_ACCESS_PROFILE_ID 0x1800
+#define GENERIC_ACCESS_PROFILE_ID GENERIC_ACCESS_SVCLASS_ID
#define GENERIC_ATTRIB_PROFILE_ID GENERIC_ATTRIB_SVCLASS_ID
+#define APPLE_AGENT_PROFILE_ID APPLE_AGENT_SVCLASS_ID
/*
* Compatibility macros for the old MDP acronym
--
1.7.9.5
^ permalink raw reply related
* [PATCH] avrcp: Avoids unneeded memory allocation
From: Andrei Emeltchenko @ 2014-02-07 13:27 UTC (permalink / raw)
To: linux-bluetooth
From: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Allocate as much memory as we need since we know this in advance.
Simplifies also length calculation.
---
profiles/audio/avrcp.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/profiles/audio/avrcp.c b/profiles/audio/avrcp.c
index be67fe5..7c7de38 100644
--- a/profiles/audio/avrcp.c
+++ b/profiles/audio/avrcp.c
@@ -2263,11 +2263,9 @@ done:
static void avrcp_list_items(struct avrcp *session, uint32_t start,
uint32_t end)
{
- uint8_t buf[AVRCP_BROWSING_HEADER_LENGTH + 10 +
- AVRCP_MEDIA_ATTRIBUTE_LAST * sizeof(uint32_t)];
+ uint8_t buf[AVRCP_BROWSING_HEADER_LENGTH + 10 + sizeof(uint32_t)];
struct avrcp_player *player = session->controller->player;
struct avrcp_browsing_header *pdu = (void *) buf;
- uint16_t length = AVRCP_BROWSING_HEADER_LENGTH + 10;
uint32_t attribute;
memset(buf, 0, sizeof(buf));
@@ -2287,9 +2285,7 @@ static void avrcp_list_items(struct avrcp *session, uint32_t start,
attribute = htonl(AVRCP_MEDIA_ATTRIBUTE_TITLE);
memcpy(&pdu->params[10], &attribute, sizeof(uint32_t));
- length += sizeof(uint32_t);
-
- avctp_send_browsing_req(session->conn, buf, length,
+ avctp_send_browsing_req(session->conn, buf, sizeof(buf),
avrcp_list_items_rsp, session);
}
--
1.8.3.2
^ permalink raw reply related
* [PATCH 4/4] bnep: Calculate ifindex after NULL check
From: Andrei Emeltchenko @ 2014-02-07 12:11 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1391775078-25010-1-git-send-email-Andrei.Emeltchenko.news@gmail.com>
From: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
---
profiles/network/bnep.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/profiles/network/bnep.c b/profiles/network/bnep.c
index 1aa0783..ece979f 100644
--- a/profiles/network/bnep.c
+++ b/profiles/network/bnep.c
@@ -523,13 +523,15 @@ static int bnep_add_to_bridge(const char *devname, const char *bridge)
static int bnep_del_from_bridge(const char *devname, const char *bridge)
{
- int ifindex = if_nametoindex(devname);
+ int ifindex;
struct ifreq ifr;
int sk, err;
if (!devname || !bridge)
return -EINVAL;
+ ifindex = if_nametoindex(devname);
+
sk = socket(AF_INET, SOCK_STREAM, 0);
if (sk < 0)
return -1;
--
1.8.3.2
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox