summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2013-03-18Bluetooth: Fix updating page scan parameters when not necessaryJohan Hedberg
Now that the current page scan parameters are stored in struct hci_dev we should check against those values before sending new HCI commands to change them. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Update page scan parameters after successful write commandsJohan Hedberg
The page scan parameters (interval, window and type) stored in struct hci_dev should not only be updated after successful reads but also after successful writes. This patch adds the necessary handlers for the write command complete events and updates the stored values through them. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Add reading of page scan parametersJohan Hedberg
These parameters are related to the "fast connectable" mode that can be changed through the mgmt interface. Not all controllers properly reset these values with HCI_Reset so they need to be read in order to be able to verify whether the values are correct or not before enabling page scan. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Disable fast connectable when disabling connectableJohan Hedberg
When the connectable setting is disabled the fast connectable setting must also be disabled. This is so that we're consistent with the pre-requisites for enabling fast connectable, one of which is that the connectable setting is enabled. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Refactor fast connectable HCI commandsJohan Hedberg
This patch refactors the fast connectable HCI commands into their own HCI function. This is necessary so that the same function can be reused fo the fast connectable change required by disabling the connectable setting. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Add proper flag for fast connectable modeJohan Hedberg
In order to be able to represent fast connectable mode in the mgmt settings we need to have a HCI dev flag for it. This patch adds the flag and makes sure its value is changed whenever a mgmt_set_fast_connectable command completes. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix error response for simultaneous fast connectable commandsJohan Hedberg
If there's another pending mgmt_set_fast_connectable command we should return a "busy" error response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Limit fast connectable support to >= 1.2 controllersJohan Hedberg
The HCI commands that are necessary for fast connectable mode are only available from HCI specification version 1.2 onwards. This should be reflected in the supported settings as well as error response for the set_fast_connectable command when dealing with a < 1.2 capable controller. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix fast connectable response sendingJohan Hedberg
The mgmt_set_fast_connectable response should be sent only when all related HCI commands have completed. This patch fixes the issue by using an async request and sending the response to user space throught the complete callback of the request. The patch also fixes in the same go the return parameters of the command which should be the current settings. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Use an async request for mgmt_set_connectableJohan Hedberg
This patch changes the mgmt_set_connectable handler to use an async request for sending the required HCI command. This is necessary preparation for handling the fast connectable change that needs to be associated with disabling the connectable setting. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix setting local name to the existing valueJohan Hedberg
If user space attempts to set the local name to the same value that's already set we should simply return a direct command complete for this mgmt command. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix local name setting for LE-only controllersJohan Hedberg
This patch fixes the mgmt_set_local_name command to send the appropriate HCI commands based on BR/EDR support and LE support. Local name and EIR data should only be sent for BR/EDR capable controllers whereas an update to the AD should only happen for LE capable controllers. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Handle AD updating through an async requestJohan Hedberg
For proper control of the AD update and the related HCI commands it's best to run the AD update through an async request instead of a standalone HCI command. This patch changes the hci_update_ad() function to take a request pointer and updates its users appropriately. E.g. the function is no longer called after the init sequence but during stage 3 of the init sequence. The TX power is read during the init sequence, so we don't need an explicit update whenever it is read and the AD update based on the local name should be done through the local name mgmt handler. The only other user is the update based on enabling advertising. This part is still kept as there is no mgmt API to enable it. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix waiting for EIR update when setting local nameJohan Hedberg
We shouldn't respond to the mgmt_set_local_name command until all related HCI commands have completed. This patch fixes the issue by running the local name HCI command and the EIR update in the same asynchronous request, and returning the mgmt command complete through the complete callback of the request. The downside of this is that we must set hdev->dev_name before the local name HCI command has completed since otherwise the generated EIR command doesn't contain the new name. This means that we can no-longer reliably detect when the name has really changed and when not. Luckily this only affects scenarios where the mgmt interface is *not* used (e.g. hciconfig) so redundant mgmt_ev_local_name_changed events in these cases are an acceptable drawback. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix clearing flags on power off before notifying mgmtJohan Hedberg
When powering off the device the hdev->flags and hdev->dev_flags need to be cleared before calling mgmt_powered(). If this is not done the resulting events sent to user space may contain incorrect values. Note that the HCI_AUTO_OFF flag accessed right after this is part of the persistent flags, so it's unchanged by the hdev->dev_flags reset. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Clear non-persistent flags when closing HCI deviceJohan Hedberg
When hci_dev_do_close() is called we should make sure to clear all non-persistent flags in hci->dev_flags. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Add a define for the HCI persistent flags maskJohan Hedberg
We'll need to use this mask also when powering off the HCI device so it's better to have this in a single and visible place. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Remove useless HCI_PENDING_CLASS flagJohan Hedberg
Now that class related operations are tracked through asynchronous HCI requests this flag is no longer needed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix UUID/class mgmt command response synchronizationJohan Hedberg
We should only return a mgmt command complete once all HCI commands to a mgmt_set_dev_class or mgmt_add/remove_uuid command have completed. This patch fixes the issue by having a proper async request complete callback for these actions and responding to user space in the callback. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Fix busy condition testing for EIR and class updatesJohan Hedberg
The add/remove_uuid and set_dev_class mgmt commands can trigger both EIR and class HCI commands, so testing just for a pending class command is enough. The simplest way to monitor conflicts that should trigger "busy" error returns is to check for any pending mgmt command that can trigger these HCI commands. This patch adds a helper function for this (pending_eir_or_class) and uses it instead of the old HCI_PENDING_CLASS flag to test for busy conditions. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Wait for HCI command completion with mgmt_set_poweredJohan Hedberg
We should only notify user space that the adapter has been powered on after all HCI commands related to the action have completed. This patch fixes the issue by instating an async request complete callback for these HCI commands and only notifies user space in the callback. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Update mgmt powered HCI commands to use async requestsJohan Hedberg
This patch updates sending of HCI commands related to mgmt_set_powered (e.g. class, name and EIR data) to be sent using asynchronous requests. This is necessary since it's the only (well, at least the cleanest) way to keep the power on procedure synchronized and let user space know it has completed only when all HCI commands are completed (this actual fix is coming in a subsequent patch). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Move power on HCI command updates to their own functionJohan Hedberg
These commands will in a subsequent patch be performed in their own asynchronous request, so it's more readable (not just from a resulting code perspective but also the way the patches look like) to have them performed in their own function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Replaced kzalloc and memcpy with kmemdupAlexandru Gheorghiu
Replaced calls to kzalloc followed by memcpy with a single call to kmemdup. Signed-off-by: Alexandru Gheorghiu <gheorghiuandru@gmail.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-18Bluetooth: Use PTR_RET functionAlexandru Gheorghiu
Used PTR_RET function instead of IS_ERR and PTR_ERR. Patch found using coccinelle. Signed-off-by: Alexandru Gheorghiu <gheorghiuandru@gmail.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-15bluetooth: btmrvl_sdio: look for sd8688 firmware in proper locationLubomir Rintel
The firmware images are shared with libertas_sdio WiFi chip and used to be in libertas/ subtree in linux-firmware. As btmrvl_sdio used to look into the linux-firmware root, it ended up being unsuccessful. Since the firmware files are not specific to the libertas hardware, they're being moved into mrvl/ now. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Fix endianness handling of cmd_status/complete opcodesJohan Hedberg
The opcode in cmd_complete and cmd_status events is 16 bits, so we should only be comparing it after having converted it to the host endianness. There's already an opcode variable in both functions which is in host endiannes so the right fix is to just start using it instead of ev->opcode. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Check req->err in hci_req_addAndre Guedes
If req->err is set, there is no point in queueing the HCI command in HCI request command queue since it won't be sent anyway. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Make hci_req_add returning voidAndre Guedes
Since no one checks the returning value of hci_req_add and HCI request errors are now handled in hci_req_run, we can make hci_ req_add returning void. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: HCI request error handlingAndre Guedes
When we are building a HCI request with more than one HCI command and one of the hci_req_add calls fail, we should have some cleanup routine so the HCI commands already queued on HCI request can be deleted. Otherwise, we will face some memory leaks issues. This patch implements the HCI request error handling which is the following: If a hci_req_add fails, we save the error code in hci_ request. Once hci_req_run is called, we verify the error field. If it is different from zero, we delete all HCI commands already queued and return the error code. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Check hci_req_run returning value in __hci_req_syncAndre Guedes
Since hci_req_run will be returning more than one error code, we should check its returning value in __hci_req_sync. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Return ENODATA in hci_req_runAndre Guedes
In case the HCI request queue is empty, hci_req_run should return ENODATA instead of EINVAL. This way, hci_req_run returns a more meaningful error value. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-09Bluetooth: Fix __hci_req_syncAndre Guedes
If hci_req_run returns error, we erroneously leave the current process in TASK_INTERRUPTABLE state. If we leave the process in TASK_INTERRUPTABLE and it is preempted, this process will never be scheduled again. This patch fixes this issue by moving the preparation for scheduling (add to waitqueue and set process state) to just after the hci_req_run call. Signed-off-by: Andre Guedes <andre.guedes@openbossa.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Remove empty HCI event handlersJohan Hedberg
With the removal of hci_req_complete() several HCI event handlers have essentially become empty and can be removed. The only potential benefit of these could have been logging, but the hci_event, hci_cmd_complete and hci_cmd_status already provide a log for events which they do not have an explicit handler for. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Remove unused hdev->init_last_cmdJohan Hedberg
This variable is no longer needed (due to async HCI request support and the conversion of hci_req_sync to use it), so it can be safely removed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Use async requests internally in hci_req_syncJohan Hedberg
This patch converts the hci_req_sync() procedure to internaly use the asynchronous HCI requests. The hci_req_sync mechanism relies on hci_req_complete() calls from hci_event.c into hci_core.c whenever a HCI command completes. This is very similar to what asynchronous requests do and makes the conversion fairly straight forward by converting hci_req_complete into a request complete callback. By this change hci_req_complete (renamed to hci_req_sync_complete) becomes private to hci_core.c and all calls to it can be removed from hci_event.c. The commands in each hci_req_sync procedure are collected into their own request by passing the hci_request pointer to the request callback (instead of the hci_dev pointer). The one slight exception is the HCI init request which has the special handling of HCI driver specific initialization commands. These commands are run in their own request prior to the "main" init request. One other extra change that this patch must contain is the handling of spontaneous HCI reset complete events that some controllers exhibit. These were previously handled in the hci_req_complete function but the right place for them now becomes the hci_req_cmd_complete function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Add request cmd_complete and cmd_status functionsJohan Hedberg
This patch introduces functions to process the HCI request state when receiving HCI Command Status or Command Complete events. Some HCI commands, like Inquiry do not result in a Command complete event so special handling is needed for them. Inquiry is a particularly important one since it is the only forseeable "non-cmd_complete" command that will make good use of the request functionality, and its completion is either indicated by an Inquiry Complete event of a successful Command Complete for HCI_Inquiry_Cancel. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Fix stand-alone HCI command handlingJohan Hedberg
To have a consistent content for hdev->cmd_q all entries need to follow the semantics of asynchronous HCI requests. This means that even single commands need to be dressed as requests by having a request start indicator. This patch adds these indicators to the two places needing it (hci_send_cmd and hci_sock_sendmsg). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Introduce new hci_req_add functionJohan Hedberg
This function is analogous to hci_send_cmd() but instead of directly queuing the command to hdev->cmd_q it adds it to the local queue of the asynchronous HCI request being build (inside struct hci_request). This is the main function used for building asynchronous requests and there should be one or more calls to it between calls to hci_req_init and hci_req_run. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Refactor HCI command skb creationJohan Hedberg
This patch moves out the skb creation from hci_send_cmd() into its own prepare_cmd() function. This is essential so the same prepare_cmd() function can be easily reused for skb creation for asynchronous HCI requests. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Add initial skeleton for asynchronous HCI requestsJohan Hedberg
This patch adds the initial definitions and functions for asynchronous HCI requests. Asynchronous requests are essentially a group of HCI commands together with an optional completion callback. The request is tracked through the already existing command queue by having the necessary context information as part of the control buffer of each skb. The only information needed in the skb control buffer is a flag for indicating that the skb is the start of a request as well as the optional complete callback that should be used when the request is complete (this will be found in the last skb of the request). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Split HCI init sequence into three stagesJohan Hedberg
Having conditional command sending during a request has always been problematic and caused hacks like the hdev->init_last_cmd variable. This patch removes these conditionals and instead splits the init sequence into three stages, each with its own __hci_req_sync() call. This also paves the way to the upcoming asynchronous request support swhich will also benefit by having a simpler implementation if it doesn't need to cater for requests that change on the fly. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Fix __hci_req_sync() handling of empty requestsJohan Hedberg
If a request callback doesn't send any commands __hci_req_sync() should fail imediately instead of waiting for the inevitable timeout to occur. This is particularly important once we start creating requests with conditional command sending which can potentially result in no commands being sent at all. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Rename hci_request to hci_req_syncJohan Hedberg
We'll be introducing an async version of hci_request. To make things clear it makes sense to rename the existing API to have a _sync suffix. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Remove redundant RFCOMM BT_CLOSED settingsDean Jenkins
rfcomm_session_close() sets the RFCOMM session state to BT_CLOSED. However, in multiple places immediately before the function is called, the RFCOMM session is set to BT_CLOSED. Therefore, remove these unnecessary state settings. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Remove redundant call to rfcomm_send_discDean Jenkins
In rfcomm_session_del() remove the redundant call to rfcomm_send_disc() because it is not possible for the session to be in BT_CONNECTED state during deletion of the session. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Remove RFCOMM session refcntDean Jenkins
Previous commits have improved the handling of the RFCOMM session timer and the RFCOMM session pointers such that freed RFCOMM session structures should no longer be erroneously accessed. The RFCOMM session refcnt now has no purpose and will be deleted by this commit. Note that the RFCOMM session is now deleted as soon as the RFCOMM control channel link is no longer required. This makes the lifetime of the RFCOMM session deterministic and absolute. Previously with the refcnt, there was uncertainty about when the session structure would be deleted because the relative refcnt prevented the session structure from being deleted at will. It was noted that the refcnt could malfunction under very heavy real-time processor loading in embedded SMP environments. This could cause premature RFCOMM session deletion or double session deletion that could result in kernel crashes. Removal of the refcnt prevents this issue. There are 4 connection / disconnection RFCOMM session scenarios: host initiated control link ---> host disconnected control link host initiated ctrl link ---> remote device disconnected ctrl link remote device initiated ctrl link ---> host disconnected ctrl link remote device initiated ctrl link ---> remote device disc'ed ctrl link The control channel connection procedures are independent of the disconnection procedures. Strangely, the RFCOMM session refcnt was applying special treatment so erroneously combining connection and disconnection events. This commit fixes this issue by removing some session code that used the "initiator" member of the session structure that was intended for use with the data channels. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Return RFCOMM session ptrs to avoid freed sessionDean Jenkins
Unfortunately, the design retains local copies of the s RFCOMM session pointer in various code blocks and this invites the erroneous access to a freed RFCOMM session structure. Therefore, return the RFCOMM session pointer back up the call stack to avoid accessing a freed RFCOMM session structure. When the RFCOMM session is deleted, NULL is passed up the call stack. If active DLCs exist when the rfcomm session is terminating, avoid a memory leak of rfcomm_dlc structures by ensuring that rfcomm_session_close() is used instead of rfcomm_session_del(). Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Check rfcomm session and DLC exists on socket closeDean Jenkins
A race condition exists between near simultaneous asynchronous DLC data channel disconnection requests from the host and remote device. This causes the socket layer to request a socket shutdown at the same time the rfcomm core is processing the disconnect request from the remote device. The socket layer retains a copy of a struct rfcomm_dlc d pointer. The d pointer refers to a copy of a struct rfcomm_session. When the socket layer thread performs a socket shutdown, the thread may wait on a rfcomm lock in rfcomm_dlc_close(). This means that whilst the thread waits, the rfcomm_session and/or rfcomm_dlc structures pointed to by d maybe freed due to rfcomm core handling. Consequently, when the rfcomm lock becomes available and the thread runs, a malfunction could occur as a freed rfcomm_session structure and/or a freed rfcomm_dlc structure will be erroneously accessed. Therefore, after the rfcomm lock is acquired, check that the struct rfcomm_session is still valid by searching the rfcomm session list. If the session is valid then validate the d pointer by searching the rfcomm session list of active DLCs for the rfcomm_dlc structure pointed by d. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
2013-03-08Bluetooth: Avoid rfcomm_session_timeout using freed sessionDean Jenkins
Use del_timer_sync() instead of del_timer() as this ensures that rfcomm_session_timeout() is not running on a different CPU when rfcomm_session_put() is called. This avoids a race condition on SMP systems because potentially rfcomm_session_timeout() could reuse the freed RFCOMM session structure caused by the execution of rfcomm_session_put(). Note that this modification makes the reason for the RFCOMM session refcnt mechanism redundant. Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>