Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.4 2015-12-15T20:39:08Z 2015-12-15T20:39:08Z David S. Miller davem@davemloft.net 2015-12-15T20:39:08Z urn:sha1:5233252fce714053f0151680933571a2da9cbfb4 Signed-off-by: David S. Miller <davem@davemloft.net> 2015-12-03T17:04:05Z David S. Miller davem@davemloft.net 2015-12-03T17:04:05Z urn:sha1:79aecc7216379788e0c6900ac50ea2d579190219 Johan Hedberg says: ==================== pull request: bluetooth 2015-12-01 Here's a Bluetooth fix for the 4.4-rc series that fixes a memory leak of the Security Manager L2CAP channel that'll happen for every LE connection. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2015-12-01T20:45:05Z Eric Dumazet edumazet@google.com 2015-11-30T04:03:10Z urn:sha1:9cd3e072b0be17446e37d7414eac8a3499e0601e This patch is a cleanup to make following patch easier to review. Goal is to move SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA from (struct socket)->flags to a (struct socket_wq)->flags to benefit from RCU protection in sock_wake_async() To ease backports, we rename both constants. Two new helpers, sk_set_bit(int nr, struct sock *sk) and sk_clear_bit(int net, struct sock *sk) are added so that following patch can change their implementation. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2015-11-11T22:48:34Z Johan Hedberg johan.hedberg@intel.com 2015-11-11T19:47:12Z urn:sha1:7883746bc663150e8acd7a57397fc889698b0b33 The L2CAP core expects channel implementations to manage the reference returned by the new_connection callback. With sockets this is already handled with each channel being tied to the corresponding socket. With SMP however there's no context to tie the pointer to in the smp_new_conn_cb function. The function can also not just drop the reference since it's the only one at that point. For fixed channels (like SMP) the code path inside the L2CAP core from new_connection() to ready() is short and straight-forwards. The crucial difference is that in ready() the implementation has access to the l2cap_conn that SMP needs associate its l2cap_chan. Instead of taking a new reference in smp_ready_cb() we can simply assume to already own the reference created in smp_new_conn_cb(), i.e. there is no need to call l2cap_chan_hold(). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org # 3.19+ 2015-11-05T03:04:15Z Johan Hedberg johan.hedberg@intel.com 2015-11-02T12:39:17Z urn:sha1:40624183c202278e7e0edd01d1273efc87ddd1f2 When receiving a connect response we should make sure that the DCID is within the valid range and that we don't already have another channel allocated for the same DCID. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 2015-11-05T03:04:07Z Johan Hedberg johan.hedberg@intel.com 2015-11-02T12:39:16Z urn:sha1:ab0c127fbb21c19adb34b78ba26b84748d0cd4de The 'dyn_end' value is also a valid CID so it should be included in the range of values checked. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 2015-11-05T03:04:00Z Johan Hedberg johan.hedberg@intel.com 2015-11-02T12:39:15Z urn:sha1:8a7889cc6e2dbbace114130f4efd9b77452069cd The core spec defines specific response codes for situations when the received CID is incorrect. Add the defines for these and return them as appropriate from the LE Connect Request handler function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 2015-11-05T03:03:21Z Marcel Holtmann marcel@holtmann.org 2015-11-01T08:39:48Z urn:sha1:2ab216a7a9ca89d77388ad3f22a31f752dec5897 The white list commands might not be implemented if the controller does not actually support the white list. So check the supported commands first before issuing these commands. Not supporting the white list is the same as supporting a white list with zero size. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> 2015-10-27T08:53:36Z Alexander Aring alex.aring@gmail.com 2015-10-27T07:35:24Z urn:sha1:324e786ee39c70ffbdc280c34b7d2b6da5c87879 Jukka reported about the following warning: "NOHZ: local_softirq_pending 08" I remember this warning and we had a similar issue when using workqueues and calling netif_rx. See commit 5ff3fec ("mac802154: fix NOHZ local_softirq_pending 08 warning"). This warning occurs when calling "netif_rx" inside the wrong context (non softirq context). The net core api offers "netif_rx_ni" to call netif_rx inside the correct softirq context. Reported-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Alexander Aring <alex.aring@gmail.com> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 2015-10-27T05:00:07Z Kuba Pawlak kubax.t.pawlak@intel.com 2015-10-26T16:17:14Z urn:sha1:2c501cdd6823a644cf35ac594c635310bf077125 Fix a crash that may happen when a connection is closed before it was fully established. Mapping conn->hcon was released by shutdown function, but it is still referenced in (not yet finished) connection established handling function. [ 4635.254073] BUG: unable to handle kernel NULL pointer dereference at 00000013 [ 4635.262058] IP: [<c11659f0>] memcmp+0xe/0x25 [ 4635.266835] *pdpt = 0000000024190001 *pde = 0000000000000000 [ 4635.273261] Oops: 0000 [#1] PREEMPT SMP [ 4635.277652] Modules linked in: evdev ecb vfat fat libcomposite usb2380 isofs zlib_inflate rfcomm(O) udc_core bnep(O) btusb(O) btbcm(O) btintel(O) bluetooth(O) cdc_acm arc4 uinput hid_mule [ 4635.321761] Pid: 363, comm: kworker/u:2H Tainted: G O 3.8.0-119.1-plk-adaptation-byt-ivi-brd #1 [ 4635.332642] EIP: 0060:[<c11659f0>] EFLAGS: 00010206 CPU: 0 [ 4635.338767] EIP is at memcmp+0xe/0x25 [ 4635.342852] EAX: e4720678 EBX: 00000000 ECX: 00000006 EDX: 00000013 [ 4635.349849] ESI: 00000000 EDI: fb85366c EBP: e40c7dc0 ESP: e40c7db4 [ 4635.356846] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 [ 4635.362873] CR0: 8005003b CR2: 00000013 CR3: 24191000 CR4: 001007f0 [ 4635.369869] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 4635.376865] DR6: ffff0ff0 DR7: 00000400 [ 4635.381143] Process kworker/u:2H (pid: 363, ti=e40c6000 task=e40c5510 task.ti=e40c6000) [ 4635.390080] Stack: [ 4635.392319] e4720400 00000000 fb85366c e40c7df4 fb842285 e40c7de2 fb853200 00000013 [ 4635.401003] e3f101c4 e4720678 e3f101c0 e403be0a e40c7dfc e416a000 e403be0a fb85366c [ 4635.409692] e40c7e1c fb820186 020f6c00 e47c49ac e47c4008 00000000 e416a000 e47c402c [ 4635.418380] Call Trace: [ 4635.421153] [<fb842285>] sco_connect_cfm+0xff/0x236 [bluetooth] [ 4635.427893] [<fb820186>] hci_sync_conn_complete_evt.clone.101+0x227/0x268 [bluetooth] [ 4635.436758] [<fb82370f>] hci_event_packet+0x1caa/0x21d3 [bluetooth] [ 4635.443859] [<c106231f>] ? trace_hardirqs_on+0xb/0xd [ 4635.449502] [<c1375b8a>] ? _raw_spin_unlock_irqrestore+0x42/0x59 [ 4635.456340] [<fb814b67>] hci_rx_work+0xb9/0x350 [bluetooth] [ 4635.462663] [<c1039f1e>] ? process_one_work+0x17b/0x2e6 [ 4635.468596] [<c1039f77>] process_one_work+0x1d4/0x2e6 [ 4635.474333] [<c1039f1e>] ? process_one_work+0x17b/0x2e6 [ 4635.480294] [<fb814aae>] ? hci_cmd_work+0xda/0xda [bluetooth] [ 4635.486810] [<c103a3fa>] worker_thread+0x171/0x20f [ 4635.492257] [<c10456c5>] ? complete+0x34/0x3e [ 4635.497219] [<c103ea06>] kthread+0x90/0x95 [ 4635.501888] [<c103a289>] ? manage_workers+0x1df/0x1df [ 4635.507628] [<c1376537>] ret_from_kernel_thread+0x1b/0x28 [ 4635.513755] [<c103e976>] ? __init_kthread_worker+0x42/0x42 [ 4635.519975] Code: 74 0d 3c 79 74 04 3c 59 75 0c c6 02 01 eb 03 c6 02 00 31 c0 eb 05 b8 ea ff ff ff 5d c3 55 89 e5 57 56 53 31 db eb 0e 0f b6 34 18 <0f> b6 3c 1a 43 29 fe 75 07 49 85 c9 7f [ 4635.541264] EIP: [<c11659f0>] memcmp+0xe/0x25 SS:ESP 0068:e40c7db4 [ 4635.548166] CR2: 0000000000000013 [ 4635.552177] ---[ end trace e05ce9b8ce6182f6 ]--- Signed-off-by: Kuba Pawlak <kubax.t.pawlak@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>