summaryrefslogtreecommitdiffstats
path: root/net/nfc/llcp
AgeCommit message (Collapse)Author
2012-09-27NFC: Fix sleeping in atomic when releasing socketSzymon Janc
nfc_llcp_socket_release is calling lock_sock/release_sock while holding write lock for rwlock. Use bh_lock/unlock_sock instead. BUG: sleeping function called from invalid context at net/core/sock.c:2138 in_atomic(): 1, irqs_disabled(): 0, pid: 56, name: kworker/1:1 4 locks held by kworker/1:1/56: Pid: 56, comm: kworker/1:1 Not tainted 3.5.0-999-nfc+ #7 Call Trace: [<ffffffff810952c5>] __might_sleep+0x145/0x200 [<ffffffff815d7686>] lock_sock_nested+0x36/0xa0 [<ffffffff81731569>] ? _raw_write_lock+0x49/0x50 [<ffffffffa04aa100>] ? nfc_llcp_socket_release+0x30/0x200 [nfc] [<ffffffffa04aa122>] nfc_llcp_socket_release+0x52/0x200 [nfc] [<ffffffffa04ab9f0>] nfc_llcp_mac_is_down+0x20/0x30 [nfc] [<ffffffffa04a6fea>] nfc_dep_link_down+0xaa/0xf0 [nfc] [<ffffffffa04a9bb5>] nfc_llcp_timeout_work+0x15/0x20 [nfc] [<ffffffff810825f7>] process_one_work+0x197/0x7c0 [<ffffffff81082596>] ? process_one_work+0x136/0x7c0 [<ffffffff8172fbc9>] ? __schedule+0x419/0x9c0 [<ffffffffa04a9ba0>] ? nfc_llcp_build_gb+0x1b0/0x1b0 [nfc] [<ffffffff81083090>] worker_thread+0x190/0x4c0 [<ffffffff81082f00>] ? rescuer_thread+0x2a0/0x2a0 [<ffffffff81088d1e>] kthread+0xae/0xc0 [<ffffffff810caafd>] ? trace_hardirqs_on+0xd/0x10 [<ffffffff8173acc4>] kernel_thread_helper+0x4/0x10 [<ffffffff81732174>] ? retint_restore_args+0x13/0x13 [<ffffffff81088c70>] ? flush_kthread_worker+0x150/0x150 [<ffffffff8173acc0>] ? gs_change+0x13/0x13 Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-27NFC: LLCP raw socket supportThierry Escande
This adds support for socket of type SOCK_RAW to LLCP. sk_buff are copied and sent to raw sockets with a 2 bytes extra header: The first byte header contains the nfc adapter index. The second one contains flags: - 0x01 - Direction (0=RX, 1=TX) - 0x02-0x80 - Reserved A raw socket has to be explicitly bound to a nfc adapter. This is achieved by specifying the adapter index to be bound to in the dev_idx field of the sockaddr_nfc_llcp struct passed to bind(). Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-27NFC: Use dynamic initialization for rwlocksSzymon Janc
If rwlock is dynamically allocated but statically initialized it is missing proper lockdep annotation. INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. Pid: 3352, comm: neard Not tainted 3.5.0-999-nfc+ #2 Call Trace: [<ffffffff810c8526>] __lock_acquire+0x8f6/0x1bf0 [<ffffffff81739045>] ? printk+0x4d/0x4f [<ffffffff810c9eed>] lock_acquire+0x9d/0x220 [<ffffffff81702bfe>] ? nfc_llcp_sock_from_sn+0x4e/0x160 [<ffffffff81746724>] _raw_read_lock+0x44/0x60 [<ffffffff81702bfe>] ? nfc_llcp_sock_from_sn+0x4e/0x160 [<ffffffff81702bfe>] nfc_llcp_sock_from_sn+0x4e/0x160 [<ffffffff817034a7>] nfc_llcp_get_sdp_ssap+0xa7/0x1b0 [<ffffffff81706353>] llcp_sock_bind+0x173/0x210 [<ffffffff815d9c94>] sys_bind+0xe4/0x100 [<ffffffff8139209e>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff8174ea69>] system_call_fastpath+0x16/0x1b Signed-off-by: Szymon Janc <szymon.janc@tieto.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-25NFC: Fix possible LLCP memory leakWei Yongjun
nfc_llcp_build_tlv() malloced the memory and should be free in nfc_llcp_build_gb() after used, and the same in the error handling case, otherwise it will cause memory leak. spatch with a semantic match is used to found this problem. (http://coccinelle.lip6.fr/) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-25NFC: Use system_nrt_wq instead of custom onesTejun Heo
NFC is using a number of custom ordered workqueues w/ WQ_MEM_RECLAIM. WQ_MEM_RECLAIM is unnecessary unless NFC is gonna be used as transport for storage device, and all use cases match one work item to one ordered workqueue - IOW, there's no actual ordering going on at all and using system_nrt_wq gives the same behavior. There's nothing to be gained by using custom workqueues. Use system_nrt_wq instead and drop all the custom ones. Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-09-25NFC: Remove repeated code for NULL checkSyam Sidhardhan
This patch remove the repeated code for checking llcp_sock & llcp_sock->dev against NULL. Signed-off-by: Syam Sidhardhan <s.syam@samsung.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Check for llcp_sock and its device from llcp_sock_getnameSamuel Ortiz
They both can potentially be NULL. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Dereference LLCP bind socket address after checking for it to be NULLSamuel Ortiz
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Remove warning from nfc_llcp_local_putSamuel Ortiz
The socket local pointer can be NULL when a socket is created but never bound or connected. Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Handle LLCP Disconnected Mode framesSamuel Ortiz
When receiving such frame, the sockets waiting for a connection to finish should be woken up. Connecting to an unbound LLCP service will trigger a DM as a response. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: LLCP late bindingSamuel Ortiz
With the LLCP 16 local SAPs we can potentially quickly run out of source SAPs for non well known services. With the so called late binding we will reserve an SAP only when we actually get a client connection for a local service. The SAP will be released once the last client is gone, leaving it available to other services. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Forbid SSAP binding to a not well known LLCP serviceSamuel Ortiz
With not Well Known Services there is no guarantees as to which SSAP the server will be listening on, so there is no reason to support binding to a specific source SAP. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Forbid LLCP service name reusingSamuel Ortiz
This patch fixes a typo and return the correct error when trying to bind 2 sockets to the same service name. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Release LLCP SAP when the owner is releasedSamuel Ortiz
The LLCP SAP should only be freed when the socket owning it is released. As long as the socket is alive, the SAP should be reserved in order to e.g. send the right wks array when bringing the MAC up. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Close listening LLCP sockets when the device is goneSamuel Ortiz
When the MAC link goes down, we should only keep the bound sockets alive. They will be closed by sock_release or when the underlying NFC device is moving away. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Build LLCP general bytes upon requestSamuel Ortiz
Drivers will need them before starting a poll or when being activated as targets. Mostly WKS can have changed between device registration and then so we need to re-build the whole array. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Fix LLCP getname socket opSamuel Ortiz
Set the right target index and use a better socket declaration routine. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09NFC: Update LLCP socket target index when getting a connectionSamuel Ortiz
Getting a valid CONNECT means we have a valid target index. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-07-09Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless Conflicts: net/mac80211/mlme.c
2012-07-09NFC: Prevent NULL deref when getting socket nameSasha Levin
llcp_sock_getname can be called without a device attached to the nfc_llcp_sock. This would lead to the following BUG: [ 362.341807] BUG: unable to handle kernel NULL pointer dereference at (null) [ 362.341815] IP: [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341818] PGD 31b35067 PUD 30631067 PMD 0 [ 362.341821] Oops: 0000 [#627] PREEMPT SMP DEBUG_PAGEALLOC [ 362.341826] CPU 3 [ 362.341827] Pid: 7816, comm: trinity-child55 Tainted: G D W 3.5.0-rc4-next-20120628-sasha-00005-g9f23eb7 #479 [ 362.341831] RIP: 0010:[<ffffffff836258e5>] [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341832] RSP: 0018:ffff8800304fde88 EFLAGS: 00010286 [ 362.341834] RAX: 0000000000000000 RBX: ffff880033cb8000 RCX: 0000000000000001 [ 362.341835] RDX: ffff8800304fdec4 RSI: ffff8800304fdec8 RDI: ffff8800304fdeda [ 362.341836] RBP: ffff8800304fdea8 R08: 7ebcebcb772b7ffb R09: 5fbfcb9c35bdfd53 [ 362.341838] R10: 4220020c54326244 R11: 0000000000000246 R12: ffff8800304fdec8 [ 362.341839] R13: ffff8800304fdec4 R14: ffff8800304fdec8 R15: 0000000000000044 [ 362.341841] FS: 00007effa376e700(0000) GS:ffff880035a00000(0000) knlGS:0000000000000000 [ 362.341843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 362.341844] CR2: 0000000000000000 CR3: 0000000030438000 CR4: 00000000000406e0 [ 362.341851] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 362.341856] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 362.341858] Process trinity-child55 (pid: 7816, threadinfo ffff8800304fc000, task ffff880031270000) [ 362.341858] Stack: [ 362.341862] ffff8800304fdea8 ffff880035156780 0000000000000000 0000000000001000 [ 362.341865] ffff8800304fdf78 ffffffff83183b40 00000000304fdec8 0000006000000000 [ 362.341868] ffff8800304f0027 ffffffff83729649 ffff8800304fdee8 ffff8800304fdf48 [ 362.341869] Call Trace: [ 362.341874] [<ffffffff83183b40>] sys_getpeername+0xa0/0x110 [ 362.341877] [<ffffffff83729649>] ? _raw_spin_unlock_irq+0x59/0x80 [ 362.341882] [<ffffffff810f342b>] ? do_setitimer+0x23b/0x290 [ 362.341886] [<ffffffff81985ede>] ? trace_hardirqs_on_thunk+0x3a/0x3f [ 362.341889] [<ffffffff8372a539>] system_call_fastpath+0x16/0x1b [ 362.341921] Code: 84 00 00 00 00 00 b8 b3 ff ff ff 48 85 db 74 54 66 41 c7 04 24 27 00 49 8d 7c 24 12 41 c7 45 00 60 00 00 00 48 8b 83 28 05 00 00 <8b> 00 41 89 44 24 04 0f b6 83 41 05 00 00 41 88 44 24 10 0f b6 [ 362.341924] RIP [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0 [ 362.341925] RSP <ffff8800304fde88> [ 362.341926] CR2: 0000000000000000 [ 362.341928] ---[ end trace 6d450e935ee18bf3 ]--- Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-12Merge branch 'master' of ↵John W. Linville
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless Conflicts: MAINTAINERS drivers/net/wireless/iwlwifi/pcie/trans.c
2012-06-08NFC: Fix possible NULL ptr deref when getting the name of a socketSasha Levin
llcp_sock_getname() might get called before the LLCP socket was created. This condition isn't checked, and llcp_sock_getname will simply deref a NULL ptr in that case. This exists starting with d646960 ("NFC: Initial LLCP support"). Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-06-04NFC: Destroy LLCP timout workqueue when releasing the linkSamuel Ortiz
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Send a receiver ready frame only to reply to an I frameSamuel Ortiz
Sending an RR as a reply to another RR is fine but not quite logical. We should send RRs only as a reply to I frames. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Requeue lost LLCP framesSamuel Ortiz
When receiving an I or RR frame telling us that some of the pending queues were not received, we should requeue them before the currently pending ones. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Don't hold a NULL connecting LLCP socket lockSamuel Ortiz
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Introduce target mode rx data callbackSamuel Ortiz
This routine will be called by drivers whenever they receive data in target mode. This should be unexpected events and as such should be handled by a standalone API (i.e. not as a callback pointer from an existing API). Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: LLCP's MIUX is 10 bytes long, not 7Samuel Ortiz
The mask is 0x7ff and not 0x7f and the return value is an u16. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Move LLCP MIU extension value to socket structureSamuel Ortiz
The MIU extension value can be received during the PAX or during the connection establishment process. It's definitely a connection related value rather than a link one. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Move LLCP receiver window value to socket structureSamuel Ortiz
RW can only be fetched from a CONNECT or a CC frame thus making it an end points specific value, not a link one. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Socket linked listSamuel Ortiz
Simplify the LLCP sockets structure by putting all the connected ones into a single linked list. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-06-04NFC: Take a reference on the LLCP local pointer when creating a socketSamuel Ortiz
LLCP sockets point to their local LLCP service, so they need to take a reference on it. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2012-05-16NFC: Queue I frame fragments to the LLCP sockets queue tailSamuel Ortiz
After testing our stack with large SNEP messages, we realized the fragments were arriving in reversed order. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-05-15NFC: Return the amount of LLCP bytes queued to sock_sendmsgSamuel Ortiz
Otherwise an LLCP send() always returns 0. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-05-15NFC: Update the LLCP poll maskSamuel Ortiz
Fix the poll mask depending on the socket state. POLLOUT was missing for example. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-05-15NFC: LLCP connect must wait for a CC frameSamuel Ortiz
Blocking sockets should sleep on a CC (Connection Complete) reception from the connect() call. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: Fix LLCP link timeout typoSamuel Ortiz
We were sending the LTO TLV as a version TLV instead of the actual link timeout one. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: Add MIUX to the local LLCP general bytesSamuel Ortiz
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: Call llcp_add_header properly when sending LLCP DM or DISCSamuel Ortiz
dsap and ssap were swapped when sending DN or DISC. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: Fix LLCP TLV building routineSamuel Ortiz
The if logic could lead to zero length TLVs. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: No need to apply twice the modulo op to LLCP's recv_nSamuel Ortiz
recv_n is set properly when receiving an HDLC frame. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-12NFC: Dump LLCP framesSamuel Ortiz
At KERN_DEBUG level. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-04-11NFC: Fix the LLCP Tx fragmentation loopSamuel Ortiz
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: LLCP code identation fixesSamuel Ortiz
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: Fix LLCP sockets releasing pathSamuel Ortiz
The socket local pointer needs to be set to NULL when the adapter is removed or the MAC goes down. If the socket release code is called after such an event, the socket reference count still needs to be decreased in order for the socket to eventually be freed. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: Remove the rf mode parameter from the DEP link up routineSamuel Ortiz
When calling nfc_dep_link_up, we implicitely are in initiator mode. Which means we also can provide the general bytes as a function argument, as all drivers will eventually request them. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: SN is not an invalid GT valueSamuel Ortiz
We just don't do anything with it when parsing the general bytes. We handle it from the CONNECT reception code. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: Unlink LLCP child sockets from llcp_sock_releaseSamuel Ortiz
The parent socket (the bound one) could be freed before its children, so we should unlink the children without trying to reach it through the parent. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: Fragment LLCP I framesSamuel Ortiz
Based on the receiver MIU, we have to fragment the frame to be transmitted. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2012-03-06NFC: Set MIU and RW values from CONNECT and CC LLCP framesSamuel Ortiz
We use the maximum values for the LLCP Maximum Information Unit and Receive Window Size. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>