OSDN Git Service
Robert Love [Tue, 14 Oct 2008 14:00:47 +0000 (10:00 -0400)]
ashmem for 2.6.27.
Forward port of ashmem to 2.6.27.
Signed-off-by: Robert Love <rlove@google.com>
Robert Love [Wed, 15 Oct 2008 19:34:49 +0000 (15:34 -0400)]
Add android_aid.h
Add <linux/android_aid.h>, our mapping of AID defines to gid numbers.
Signed-off-by: Robert Love <rlove@google.com>
Rebecca Schultz [Thu, 24 Jul 2008 18:22:53 +0000 (11:22 -0700)]
pmem: Add pmem driver
Signed-off-by: Rebecca Schultz <rschultz@google.com>
pmem: Use the thread group leader insted of the current thread.
Instead of keeping track of the current thread, use the thread group leader
Signed-off-by: Rebecca Schultz <rschultz@google.com>
pmem: Add some apis to reference and flush pmem files by file struct
The api to refer to pmem files by fd should be depricated, it can
cause problems if a processes fd table changes while the kernel is processing
data in a pmem file. This change adds the safer api.
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
pmem: Remove unused depricated fd api to pmem.
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
pmem: Remove error message when calling get_pmem_addr
This call is used from the mdp driver to determine if the memory
is in pmem or in the fb. We will encounter this case during normal operation
so this error message should be removed.
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
Mike Lockwood [Tue, 14 Oct 2008 16:50:16 +0000 (12:50 -0400)]
switch: switch class and GPIO drivers.
switch: Export symbol switch_set_state.
Signed-off-by: Mike Lockwood <lockwood@android.com>
switch: gpio: Don't call request_irq with interrupts disabled
Signed-off-by: Arve Hjønnevåg <arve@android.com>
switch: Use device_create instead of device_create_drvdata.
device_create_drvdata is obsolete.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
switch_gpio: Add missing #include <linux/interrupt.h>
Signed-off-by: Mike Lockwood <lockwood@android.com>
Arve Hjønnevåg [Mon, 31 Mar 2008 04:47:13 +0000 (21:47 -0700)]
ledtrig-sleep: Add led trigger for sleep debugging.
Signed-off-by: Brian Swetland <swetland@google.com>
Arve Hjønnevåg [Sat, 26 Jul 2008 03:58:15 +0000 (20:58 -0700)]
rtc: Try to prevent RTC errors from accumulating.
When we resume we only know how many whole seconds has elapsed.
These errors would accumulate in delta. We now only set the delta
if it would change by more than two seconds. If we drift back by
by more than a second add one in resume.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Wed, 15 Oct 2008 00:38:04 +0000 (17:38 -0700)]
rtc: Add android alarm driver.
Rebecca Schultz [Fri, 18 Jul 2008 01:14:55 +0000 (18:14 -0700)]
PM: earlysuspend: Removing dependence on console.
Rather than signaling a full update of the display from userspace via a
console switch, this patch introduces 2 files int /sys/power,
wait_for_fb_sleep and wait_for_fb_wake. Reading these files will block
until the requested state has been entered. When a read from
wait_for_fb_sleep returns userspace should stop drawing. When
wait_for_fb_wake returns, it should do a full update. If either are called
when the fb driver is already in the requested state, they will return
immediately.
Signed-off-by: Rebecca Schultz <rschultz@google.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Thu, 16 Oct 2008 00:52:20 +0000 (17:52 -0700)]
PM: earlysuspend: Add console switch when user requested sleep state changes.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 14 Oct 2008 23:02:39 +0000 (16:02 -0700)]
PM: wakelock: Abort task freezing if a wake lock is held.
Avoids a problem where the device sometimes hangs for 20 seconds
before the screen is turned on.
Arve Hjønnevåg [Fri, 10 Oct 2008 04:01:46 +0000 (21:01 -0700)]
PM: Add user-space wake lock api.
This adds /sys/power/wake_lock and /sys/power/wake_unlock.
Writing a string to wake_lock creates a wake lock the
first time is sees a string and locks it. Optionally, the
string can be followed by a timeout.
To unlock the wake lock, write the same string to wake_unlock.
Arve Hjønnevåg [Fri, 10 Oct 2008 02:17:11 +0000 (19:17 -0700)]
PM: Enable early suspend through /sys/power/state
If EARLYSUSPEND is enabled then writes to /sys/power/state no longer
blocks, and the kernel will try to enter the requested state every
time no wakelocks are held. Write "on" to resume normal operation.
Arve Hjønnevåg [Wed, 8 Oct 2008 03:48:01 +0000 (20:48 -0700)]
PM: Implement early suspend api
Arve Hjønnevåg [Wed, 10 Sep 2008 05:14:34 +0000 (22:14 -0700)]
PM: Implement wakelock api.
PM: wakelock: Replace expire work with a timer
The expire work function did not work in the normal case.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Sat, 27 Sep 2008 05:10:56 +0000 (22:10 -0700)]
PM: Add early suspend api.
Arve Hjønnevåg [Sat, 27 Sep 2008 05:10:56 +0000 (22:10 -0700)]
PM: Add wake lock api.
Mike Chan [Wed, 11 Feb 2009 01:24:37 +0000 (17:24 -0800)]
cpufreq: Governor poll frequency tuneables exported in config.
Signed-off-by: Mike Chan <mike@android.com>
Arve Hjønnevåg [Sun, 2 Dec 2007 02:34:14 +0000 (18:34 -0800)]
[ARM] armv6 dcc tty driver
Signed-off-by: Brian Swetland <swetland@google.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Mon, 31 Mar 2008 04:36:29 +0000 (21:36 -0700)]
[ARM] Save thread registers in coredumps
Signed-off-by: Brian Swetland <swetland@google.com>
Arve Hjønnevåg [Mon, 9 Apr 2007 10:13:02 +0000 (17:13 +0700)]
[ARM] Add code to prevent system calls from being restarted muliple times before returning from the kernel.
Fixes crashes with thumb syscalls.
Robert Love [Tue, 29 Apr 2008 20:44:10 +0000 (16:44 -0400)]
Make /dev/mem configurable, as we don't want it.
Signed-off-by: Brian Swetland <swetland@google.com>
Arve Hjønnevåg [Thu, 11 Dec 2008 04:06:28 +0000 (20:06 -0800)]
sched: Enable might_sleep before initializing drivers.
This allows detection of init bugs in built-in drivers.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 8 May 2007 08:39:13 +0000 (15:39 +0700)]
Add build option to to set the default panic timeout.
Arve Hjønnevåg [Thu, 19 Mar 2009 00:27:31 +0000 (17:27 -0700)]
mm: Check if any page in a pageblock is reserved before marking it MIGRATE_RESERVE
This fixes a problem where the first pageblock got marked MIGRATE_RESERVE even
though it only had a few free pages. This in turn caused no contiguous memory
to be reserved and frequent kswapd wakeups that emptied the caches to get more
contiguous memory.
Arve Hjønnevåg [Tue, 17 Feb 2009 22:51:02 +0000 (14:51 -0800)]
mm: Add min_free_order_shift tunable.
By default the kernel tries to keep half as much memory free at each
order as it does for one order below. This can be too agressive when
running without swap.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Mike Lockwood [Mon, 12 Jan 2009 18:25:05 +0000 (13:25 -0500)]
timed_gpio: Separate timed_output class into a separate driver.
Signed-off-by: Mike Lockwood <lockwood@android.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 27 Jan 2009 03:22:19 +0000 (19:22 -0800)]
lowmemorykiller: Don't count free space unless it meets the specified limit by itself
This allows processes to be killed when the kernel evict cache pages in
an attempt to get more contiguous free memory.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 27 Jan 2009 03:13:47 +0000 (19:13 -0800)]
lowmemorykiller: Only iterate over process list when needed.
Use NR_ACTIVE plus NR_INACTIVE as a size estimate for our fake cache
instead the sum of rss. Neither method is accurate.
Also skip the process scan, if the amount of memory available is above
the largest threshold set.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Fri, 3 Apr 2009 04:22:08 +0000 (21:22 -0700)]
binder: Defer flush and release operations to avoid deadlocks.
If a transaction that contains a file descriptor fails on a later object,
the new file descriptor needs to be closed. If this is a binder file
descriptor we would deadlock in flush. If there were no other references to
the file at this point release would also be called.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Fri, 3 Apr 2009 02:07:31 +0000 (19:07 -0700)]
binder: Prevent the wrong thread from adding a transaction to the stack.
If a thread is part of a transaction stack, it is only allowed to make
another call if it was the target of the top transaction on the stack.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Thu, 2 Apr 2009 00:36:23 +0000 (17:36 -0700)]
binder: Cast to uintptr_t instead of size_t when aligning pointers
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Wed, 1 Apr 2009 03:45:09 +0000 (20:45 -0700)]
binder: Keep a reference to the files_struct while the driver is mmapped
This prevents breaking fget_light if a single threaded application allows
incoming file descriptors (in replies or on nodes).
Should also prevent inserting a file in the wrong files_struct if the
receving process execs in the middle of a transaction (between
task_get_unused_fd_flags and task_fd_install).
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 31 Mar 2009 05:14:47 +0000 (22:14 -0700)]
binder: Add more offset validation.
Check that datasize is not smaller than one flat_binder_object.
Check that offsets are aligned.
Check that offsets_size is aligned.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 31 Mar 2009 04:07:24 +0000 (21:07 -0700)]
binder: mmap fixes.
Only allow a binder file pointer to be mmapped once. The buffer management
code cannot deal with more then one area.
Also remove leftover mutex_unlock if mmap fails.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Tue, 31 Mar 2009 03:43:29 +0000 (20:43 -0700)]
binder: Don't create two proc entries with the same name if the driver is opened twice in one process.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Arve Hjønnevåg [Mon, 30 Mar 2009 23:35:02 +0000 (16:35 -0700)]
binder: Remove VM_EXEC check.
Many platforms do not support mappings without VM_EXEC.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Nick Pelly [Tue, 24 Mar 2009 01:17:16 +0000 (18:17 -0700)]
Bluetooth: Fallback from eSCO to SCO on error code 0x1f (unspecified error).
Kyocera ED-8800 headset returns this error code when eSCO is attempted.
Signed-off-by: Nick Pelly <npelly@google.com>
Tony Lindgren [Mon, 9 May 2005 21:10:26 +0000 (14:10 -0700)]
ARM: Make low-level printk work
Makes low-level printk work.
Signed-off-by: Tony Lindgren <tony@atomide.com>
Randy Dunlap [Tue, 17 Feb 2009 17:38:41 +0000 (09:38 -0800)]
Staging: Android: fix more printk formats
Fix more android ram_console printk format warnings:
drivers/staging/android/ram_console.c:238: warning: format '%d' expects type 'int', but argument 3 has type 'size_t'
drivers/staging/android/ram_console.c:238: warning: format '%d' expects type 'int', but argument 4 has type 'size_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Randy Dunlap [Wed, 11 Feb 2009 21:16:37 +0000 (13:16 -0800)]
Staging: android: ram_console: fix printk format warning
Fix android printk format warnings:
linux-next-
20090209/drivers/staging/android/ram_console.c:228: warning: format '%d' expects type 'int', but argument 3 has type 'size_t'
linux-next-
20090209/drivers/staging/android/ram_console.c:228: warning: format '%d' expects type 'int', but argument 4 has type 'size_t'
linux-next-
20090209/drivers/staging/android/ram_console.c:326: warning: format '%x' expects type 'unsigned int', but argument 2 has type 'size_t'
linux-next-
20090209/drivers/staging/android/ram_console.c:326: warning: format '%x' expects type 'unsigned int', but argument 3 has type 'size_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Randy Dunlap [Wed, 11 Feb 2009 21:15:39 +0000 (13:15 -0800)]
Staging: android: binder: fix printk format warnings
Fix printk format warnings in android binder:
drivers/staging/android/binder.c:2652: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
drivers/staging/android/binder.c:2659: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
drivers/staging/android/binder.c:2680: warning: format '%lx' expects type 'long unsigned int', but argument 7 has type 'pgprotval_t'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Wei Yongjun [Wed, 25 Feb 2009 10:09:33 +0000 (18:09 +0800)]
Bluetooth: Remove some pointless conditionals before kfree_skb()
Remove some pointless conditionals before kfree_skb().
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Wei Yongjun [Wed, 25 Feb 2009 10:29:52 +0000 (18:29 +0800)]
Bluetooth: Remove some pointless conditionals before kfree_skb()
Remove some pointless conditionals before kfree_skb().
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Dave Young [Sat, 21 Feb 2009 08:13:34 +0000 (16:13 +0800)]
Bluetooth: Move hci_conn_del_sysfs() back to avoid device destruct too early
The following commit introduce a regression:
commit
7d0db0a373195385a2e0b19d1f5e4b186fdcffac
Author: Marcel Holtmann <marcel@holtmann.org>
Date: Mon Jul 14 20:13:51 2008 +0200
[Bluetooth] Use a more unique bus name for connections
I get panic as following (by netconsole):
[ 2709.344034] usb 5-1: new full speed USB device using uhci_hcd and address 4
[ 2709.505776] usb 5-1: configuration #1 chosen from 1 choice
[ 2709.569207] Bluetooth: Generic Bluetooth USB driver ver 0.4
[ 2709.570169] usbcore: registered new interface driver btusb
[ 2845.742781] BUG: unable to handle kernel paging request at
6b6b6c2f
[ 2845.742958] IP: [<
c015515c>] __lock_acquire+0x6c/0xa80
[ 2845.743087] *pde =
00000000
[ 2845.743206] Oops: 0002 [#1] SMP
[ 2845.743377] last sysfs file: /sys/class/bluetooth/hci0/hci0:6/type
[ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev
[ 2845.743742]
[ 2845.743742] Pid: 0, comm: swapper Not tainted (2.6.29-rc5-smp #54) Dell DM051
[ 2845.743742] EIP: 0060:[<
c015515c>] EFLAGS:
00010002 CPU: 0
[ 2845.743742] EIP is at __lock_acquire+0x6c/0xa80
[ 2845.743742] EAX:
00000046 EBX:
00000046 ECX:
6b6b6b6b EDX:
00000002
[ 2845.743742] ESI:
6b6b6b6b EDI:
00000000 EBP:
c064fd14 ESP:
c064fcc8
[ 2845.743742] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 2845.743742] Process swapper (pid: 0, ti=
c064e000 task=
c05d1400 task.ti=
c064e000)
[ 2845.743742] Stack:
[ 2845.743742]
c05d1400 00000002 c05d1400 00000001 00000002 00000000 f65388dc c05d1400
[ 2845.743742]
6b6b6b6b 00000292 c064fd0c c0153732 00000000 00000000 00000001 f700fa50
[ 2845.743742]
00000046 00000000 00000000 c064fd40 c0155be6 00000000 00000002 00000001
[ 2845.743742] Call Trace:
[ 2845.743742] [<
c0153732>] ? trace_hardirqs_on_caller+0x72/0x1c0
[ 2845.743742] [<
c0155be6>] ? lock_acquire+0x76/0xa0
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c046c885>] ? _spin_lock_irqsave+0x45/0x80
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1f94>] ? skb_queue_purge+0x14/0x20
[ 2845.743742] [<
f8171f5a>] ? hci_conn_del+0x10a/0x1c0 [bluetooth]
[ 2845.743742] [<
f81399c9>] ? l2cap_disconn_ind+0x59/0xb0 [l2cap]
[ 2845.743742] [<
f81795ce>] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth]
[ 2845.743742] [<
f8175758>] ? hci_event_packet+0x5f8/0x31c0 [bluetooth]
[ 2845.743742] [<
c03dfe19>] ? sock_def_readable+0x59/0x80
[ 2845.743742] [<
c046c14d>] ? _read_unlock+0x1d/0x20
[ 2845.743742] [<
f8178aa9>] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth]
[ 2845.743742] [<
c015388b>] ? trace_hardirqs_on+0xb/0x10
[ 2845.743742] [<
f816fa6a>] ? hci_rx_task+0x2ba/0x490 [bluetooth]
[ 2845.743742] [<
c0133661>] ? tasklet_action+0x31/0xc0
[ 2845.743742] [<
c013367c>] ? tasklet_action+0x4c/0xc0
[ 2845.743742] [<
c0132eb7>] ? __do_softirq+0xa7/0x170
[ 2845.743742] [<
c0116dec>] ? ack_apic_level+0x5c/0x1c0
[ 2845.743742] [<
c0132fd7>] ? do_softirq+0x57/0x60
[ 2845.743742] [<
c01333dc>] ? irq_exit+0x7c/0x90
[ 2845.743742] [<
c01055bb>] ? do_IRQ+0x4b/0x90
[ 2845.743742] [<
c01333d5>] ? irq_exit+0x75/0x90
[ 2845.743742] [<
c010392c>] ? common_interrupt+0x2c/0x34
[ 2845.743742] [<
c010a14f>] ? mwait_idle+0x4f/0x70
[ 2845.743742] [<
c0101c05>] ? cpu_idle+0x65/0xb0
[ 2845.743742] [<
c045731e>] ? rest_init+0x4e/0x60
[ 2845.743742] Code: 0f 84 69 02 00 00 83 ff 07 0f 87 1e 06 00 00 85 ff 0f 85 08 05 00 00 8b 4d cc 8b 49 04 85 c9 89 4d d4 0f 84 f7 04 00 00 8b 75 d4 <f0> ff 86 c4 00 00 00 89 f0 e8 56 a9 ff ff 85 c0 0f 85 6e 03 00
[ 2845.743742] EIP: [<
c015515c>] __lock_acquire+0x6c/0xa80 SS:ESP 0068:
c064fcc8
[ 2845.743742] ---[ end trace
4c985b38f022279f ]---
[ 2845.743742] Kernel panic - not syncing: Fatal exception in interrupt
[ 2845.743742] ------------[ cut here ]------------
[ 2845.743742] WARNING: at kernel/smp.c:329 smp_call_function_many+0x151/0x200()
[ 2845.743742] Hardware name: Dell DM051
[ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev
[ 2845.743742] Pid: 0, comm: swapper Tainted: G D 2.6.29-rc5-smp #54
[ 2845.743742] Call Trace:
[ 2845.743742] [<
c012e076>] warn_slowpath+0x86/0xa0
[ 2845.743742] [<
c015041b>] ? trace_hardirqs_off+0xb/0x10
[ 2845.743742] [<
c0146384>] ? up+0x14/0x40
[ 2845.743742] [<
c012e661>] ? release_console_sem+0x31/0x1e0
[ 2845.743742] [<
c046c8ab>] ? _spin_lock_irqsave+0x6b/0x80
[ 2845.743742] [<
c015041b>] ? trace_hardirqs_off+0xb/0x10
[ 2845.743742] [<
c046c900>] ? _read_lock_irqsave+0x40/0x80
[ 2845.743742] [<
c012e7f2>] ? release_console_sem+0x1c2/0x1e0
[ 2845.743742] [<
c0146384>] ? up+0x14/0x40
[ 2845.743742] [<
c015041b>] ? trace_hardirqs_off+0xb/0x10
[ 2845.743742] [<
c046a3d7>] ? __mutex_unlock_slowpath+0x97/0x160
[ 2845.743742] [<
c046a563>] ? mutex_trylock+0xb3/0x180
[ 2845.743742] [<
c046a4a8>] ? mutex_unlock+0x8/0x10
[ 2845.743742] [<
c015b991>] smp_call_function_many+0x151/0x200
[ 2845.743742] [<
c010a1a0>] ? stop_this_cpu+0x0/0x40
[ 2845.743742] [<
c015ba61>] smp_call_function+0x21/0x30
[ 2845.743742] [<
c01137ae>] native_smp_send_stop+0x1e/0x50
[ 2845.743742] [<
c012e0f5>] panic+0x55/0x110
[ 2845.743742] [<
c01065a8>] oops_end+0xb8/0xc0
[ 2845.743742] [<
c010668f>] die+0x4f/0x70
[ 2845.743742] [<
c011a8c9>] do_page_fault+0x269/0x610
[ 2845.743742] [<
c011a660>] ? do_page_fault+0x0/0x610
[ 2845.743742] [<
c046cbaf>] error_code+0x77/0x7c
[ 2845.743742] [<
c015515c>] ? __lock_acquire+0x6c/0xa80
[ 2845.743742] [<
c0153732>] ? trace_hardirqs_on_caller+0x72/0x1c0
[ 2845.743742] [<
c0155be6>] lock_acquire+0x76/0xa0
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c046c885>] _spin_lock_irqsave+0x45/0x80
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1aad>] skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1f94>] skb_queue_purge+0x14/0x20
[ 2845.743742] [<
f8171f5a>] hci_conn_del+0x10a/0x1c0 [bluetooth]
[ 2845.743742] [<
f81399c9>] ? l2cap_disconn_ind+0x59/0xb0 [l2cap]
[ 2845.743742] [<
f81795ce>] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth]
[ 2845.743742] [<
f8175758>] hci_event_packet+0x5f8/0x31c0 [bluetooth]
[ 2845.743742] [<
c03dfe19>] ? sock_def_readable+0x59/0x80
[ 2845.743742] [<
c046c14d>] ? _read_unlock+0x1d/0x20
[ 2845.743742] [<
f8178aa9>] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth]
[ 2845.743742] [<
c015388b>] ? trace_hardirqs_on+0xb/0x10
[ 2845.743742] [<
f816fa6a>] hci_rx_task+0x2ba/0x490 [bluetooth]
[ 2845.743742] [<
c0133661>] ? tasklet_action+0x31/0xc0
[ 2845.743742] [<
c013367c>] tasklet_action+0x4c/0xc0
[ 2845.743742] [<
c0132eb7>] __do_softirq+0xa7/0x170
[ 2845.743742] [<
c0116dec>] ? ack_apic_level+0x5c/0x1c0
[ 2845.743742] [<
c0132fd7>] do_softirq+0x57/0x60
[ 2845.743742] [<
c01333dc>] irq_exit+0x7c/0x90
[ 2845.743742] [<
c01055bb>] do_IRQ+0x4b/0x90
[ 2845.743742] [<
c01333d5>] ? irq_exit+0x75/0x90
[ 2845.743742] [<
c010392c>] common_interrupt+0x2c/0x34
[ 2845.743742] [<
c010a14f>] ? mwait_idle+0x4f/0x70
[ 2845.743742] [<
c0101c05>] cpu_idle+0x65/0xb0
[ 2845.743742] [<
c045731e>] rest_init+0x4e/0x60
[ 2845.743742] ---[ end trace
4c985b38f02227a0 ]---
[ 2845.743742] ------------[ cut here ]------------
[ 2845.743742] WARNING: at kernel/smp.c:226 smp_call_function_single+0x8e/0x110()
[ 2845.743742] Hardware name: Dell DM051
[ 2845.743742] Modules linked in: btusb netconsole snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss rfcomm l2cap bluetooth vfat fuse snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm pl2303 snd_timer psmouse usbserial snd 3c59x e100 serio_raw soundcore i2c_i801 intel_agp mii agpgart snd_page_alloc rtc_cmos rtc_core thermal processor rtc_lib button thermal_sys sg evdev
[ 2845.743742] Pid: 0, comm: swapper Tainted: G D W 2.6.29-rc5-smp #54
[ 2845.743742] Call Trace:
[ 2845.743742] [<
c012e076>] warn_slowpath+0x86/0xa0
[ 2845.743742] [<
c012e000>] ? warn_slowpath+0x10/0xa0
[ 2845.743742] [<
c015041b>] ? trace_hardirqs_off+0xb/0x10
[ 2845.743742] [<
c0146384>] ? up+0x14/0x40
[ 2845.743742] [<
c012e661>] ? release_console_sem+0x31/0x1e0
[ 2845.743742] [<
c046c8ab>] ? _spin_lock_irqsave+0x6b/0x80
[ 2845.743742] [<
c015041b>] ? trace_hardirqs_off+0xb/0x10
[ 2845.743742] [<
c046c900>] ? _read_lock_irqsave+0x40/0x80
[ 2845.743742] [<
c012e7f2>] ? release_console_sem+0x1c2/0x1e0
[ 2845.743742] [<
c0146384>] ? up+0x14/0x40
[ 2845.743742] [<
c015b7be>] smp_call_function_single+0x8e/0x110
[ 2845.743742] [<
c010a1a0>] ? stop_this_cpu+0x0/0x40
[ 2845.743742] [<
c026d23f>] ? cpumask_next_and+0x1f/0x40
[ 2845.743742] [<
c015b95a>] smp_call_function_many+0x11a/0x200
[ 2845.743742] [<
c010a1a0>] ? stop_this_cpu+0x0/0x40
[ 2845.743742] [<
c015ba61>] smp_call_function+0x21/0x30
[ 2845.743742] [<
c01137ae>] native_smp_send_stop+0x1e/0x50
[ 2845.743742] [<
c012e0f5>] panic+0x55/0x110
[ 2845.743742] [<
c01065a8>] oops_end+0xb8/0xc0
[ 2845.743742] [<
c010668f>] die+0x4f/0x70
[ 2845.743742] [<
c011a8c9>] do_page_fault+0x269/0x610
[ 2845.743742] [<
c011a660>] ? do_page_fault+0x0/0x610
[ 2845.743742] [<
c046cbaf>] error_code+0x77/0x7c
[ 2845.743742] [<
c015515c>] ? __lock_acquire+0x6c/0xa80
[ 2845.743742] [<
c0153732>] ? trace_hardirqs_on_caller+0x72/0x1c0
[ 2845.743742] [<
c0155be6>] lock_acquire+0x76/0xa0
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c046c885>] _spin_lock_irqsave+0x45/0x80
[ 2845.743742] [<
c03e1aad>] ? skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1aad>] skb_dequeue+0x1d/0x70
[ 2845.743742] [<
c03e1f94>] skb_queue_purge+0x14/0x20
[ 2845.743742] [<
f8171f5a>] hci_conn_del+0x10a/0x1c0 [bluetooth]
[ 2845.743742] [<
f81399c9>] ? l2cap_disconn_ind+0x59/0xb0 [l2cap]
[ 2845.743742] [<
f81795ce>] ? hci_conn_del_sysfs+0x8e/0xd0 [bluetooth]
[ 2845.743742] [<
f8175758>] hci_event_packet+0x5f8/0x31c0 [bluetooth]
[ 2845.743742] [<
c03dfe19>] ? sock_def_readable+0x59/0x80
[ 2845.743742] [<
c046c14d>] ? _read_unlock+0x1d/0x20
[ 2845.743742] [<
f8178aa9>] ? hci_send_to_sock+0xe9/0x1d0 [bluetooth]
[ 2845.743742] [<
c015388b>] ? trace_hardirqs_on+0xb/0x10
[ 2845.743742] [<
f816fa6a>] hci_rx_task+0x2ba/0x490 [bluetooth]
[ 2845.743742] [<
c0133661>] ? tasklet_action+0x31/0xc0
[ 2845.743742] [<
c013367c>] tasklet_action+0x4c/0xc0
[ 2845.743742] [<
c0132eb7>] __do_softirq+0xa7/0x170
[ 2845.743742] [<
c0116dec>] ? ack_apic_level+0x5c/0x1c0
[ 2845.743742] [<
c0132fd7>] do_softirq+0x57/0x60
[ 2845.743742] [<
c01333dc>] irq_exit+0x7c/0x90
[ 2845.743742] [<
c01055bb>] do_IRQ+0x4b/0x90
[ 2845.743742] [<
c01333d5>] ? irq_exit+0x75/0x90
[ 2845.743742] [<
c010392c>] common_interrupt+0x2c/0x34
[ 2845.743742] [<
c010a14f>] ? mwait_idle+0x4f/0x70
[ 2845.743742] [<
c0101c05>] cpu_idle+0x65/0xb0
[ 2845.743742] [<
c045731e>] rest_init+0x4e/0x60
[ 2845.743742] ---[ end trace
4c985b38f02227a1 ]---
[ 2845.743742] Rebooting in 3 seconds..
My logitec bluetooth mouse trying connect to pc, but
pc side reject the connection again and again. then panic happens.
The reason is due to hci_conn_del_sysfs now called in hci_event_packet,
the del work is done in a workqueue, so it's possible done before
skb_queue_purge called.
I move the hci_conn_del_sysfs after skb_queue_purge just as that before
marcel's commit.
Remove the hci_conn_del_sysfs in hci_conn_hash_flush as well due to
hci_conn_del will deal with the work.
Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 20 Feb 2009 19:54:06 +0000 (20:54 +0100)]
Bluetooth: Permit BT_SECURITY also for L2CAP raw sockets
Userspace pairing code can be simplified if it doesn't have to fall
back to using L2CAP_LM in the case of L2CAP raw sockets. This patch
allows the BT_SECURITY socket option to be used for these sockets.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Tue, 17 Feb 2009 20:49:33 +0000 (21:49 +0100)]
Bluetooth: Fix RFCOMM usage of in-kernel L2CAP sockets
The CID value of L2CAP sockets need to be set to zero. All userspace
applications do this via memset() on the sockaddr_l2 structure. The
RFCOMM implementation uses in-kernel L2CAP sockets and so it has to
make sure that l2_cid is set to zero.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 16 Feb 2009 02:20:31 +0000 (03:20 +0100)]
Bluetooth: Disallow usage of L2CAP CID setting for now
In the future the L2CAP layer will have full support for fixed channels
and right now it already can export the channel assignment, but for the
functions bind() and connect() the usage of only CID 0 is allowed. This
allows an easy detection if the kernel supports fixed channels or not,
because otherwise it would impossible for application to tell.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 16 Feb 2009 01:59:49 +0000 (02:59 +0100)]
Bluetooth: Change RFCOMM to use BT_CONNECT2 for BT_DEFER_SETUP
When BT_DEFER_SETUP is enabled on a RFCOMM socket, then switch its
current state from BT_OPEN to BT_CONNECT2. This gives the Bluetooth
core a unified way to handle L2CAP and RFCOMM sockets. The BT_CONNECT2
state is designated for incoming connections.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 16 Feb 2009 01:57:30 +0000 (02:57 +0100)]
Bluetooth: Fix poll() misbehavior when using BT_DEFER_SETUP
When BT_DEFER_SETUP has been enabled on a Bluetooth socket it keeps
signaling POLLIN all the time. This is a wrong behavior. The POLLIN
should only be signaled if the client socket is in BT_CONNECT2 state
and the parent has been BT_DEFER_SETUP enabled.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 12 Feb 2009 15:23:03 +0000 (16:23 +0100)]
Bluetooth: Set authentication requirement before requesting it
The authentication requirement got only updated when the security level
increased. This is a wrong behavior. The authentication requirement is
read by the Bluetooth daemon to make proper decisions when handling the
IO capabilities exchange. So set the value that is currently expected by
the higher layers like L2CAP and RFCOMM.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 12 Feb 2009 15:19:45 +0000 (16:19 +0100)]
Bluetooth: Fix authentication requirements for L2CAP security check
The L2CAP layer can trigger the authentication via an ACL connection or
later on to increase the security level. When increasing the security
level it didn't use the same authentication requirements when triggering
a new ACL connection. Make sure that exactly the same authentication
requirements are used. The only exception here are the L2CAP raw sockets
which are only used for dedicated bonding.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 12 Feb 2009 13:02:50 +0000 (14:02 +0100)]
Bluetooth: Ask upper layers for HCI disconnect reason
Some of the qualification tests demand that in case of failures in L2CAP
the HCI disconnect should indicate a reason why L2CAP fails. This is a
bluntly layer violation since multiple L2CAP connections could be using
the same ACL and thus forcing a disconnect reason is not a good idea.
To comply with the Bluetooth test specification, the disconnect reason
is now stored in the L2CAP connection structure and every time a new
L2CAP channel is added it will set back to its default. So only in the
case where the L2CAP channel with the disconnect reason is really the
last one, it will propagated to the HCI layer.
The HCI layer has been extended with a disconnect indication that allows
it to ask upper layers for a disconnect reason. The upper layer must not
support this callback and in that case it will nicely default to the
existing behavior. If an upper layer like L2CAP can provide a disconnect
reason that one will be used to disconnect the ACL or SCO link.
No modification to the ACL disconnect timeout have been made. So in case
of Linux to Linux connection the initiator will disconnect the ACL link
before the acceptor side can signal the specific disconnect reason. That
is perfectly fine since Linux doesn't make use of this value anyway. The
L2CAP layer has a perfect valid error code for rejecting connection due
to a security violation. It is unclear why the Bluetooth specification
insists on having specific HCI disconnect reason.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 12 Feb 2009 04:07:45 +0000 (05:07 +0100)]
Bluetooth: Add CID field to L2CAP socket address structure
In preparation for L2CAP fixed channel support, the CID value of a
L2CAP connection needs to be accessible via the socket interface. The
CID is the connection identifier and exists as source and destination
value. So extend the L2CAP socket address structure with this field and
change getsockname() and getpeername() to fill it in.
The bind() and connect() functions have been modified to handle L2CAP
socket address structures of variable sizes. This makes them future
proof if additional fields need to be added.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 9 Feb 2009 08:18:02 +0000 (09:18 +0100)]
Bluetooth: Request L2CAP fixed channel list if available
If the extended features mask indicates support for fixed channels,
request the list of available fixed channels. This also enables the
fixed channel features bit so remote implementations can request
information about it. Currently only the signal channel will be
listed.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 9 Feb 2009 02:55:28 +0000 (03:55 +0100)]
Bluetooth: Don't enforce authentication for L2CAP PSM 1 and 3
The recommendation for the L2CAP PSM 1 (SDP) is to not use any kind
of authentication or encryption. So don't trigger authentication
for incoming and outgoing SDP connections.
For L2CAP PSM 3 (RFCOMM) there is no clear requirement, but with
Bluetooth 2.1 the initiator is required to enable authentication
and encryption first and this gets enforced. So there is no need
to trigger an additional authentication step. The RFCOMM service
security will make sure that a secure enough link key is present.
When the encryption gets enabled after the SDP connection setup,
then switch the security level from SDP to low security.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 6 Feb 2009 22:56:36 +0000 (23:56 +0100)]
Bluetooth: Fix double L2CAP connection request
If the remote L2CAP server uses authentication pending stage and
encryption is enabled it can happen that a L2CAP connection request is
sent twice due to a race condition in the connection state machine.
When the remote side indicates any kind of connection pending, then
track this state and skip sending of L2CAP commands for this period.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 6 Feb 2009 22:35:19 +0000 (23:35 +0100)]
Bluetooth: Fix race condition with L2CAP information request
When two L2CAP connections are requested quickly after the ACL link has
been established there exists a window for a race condition where a
connection request is sent before the information response has been
received. Any connection request should only be sent after an exchange
of the extended features mask has been finished.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 6 Feb 2009 18:45:36 +0000 (19:45 +0100)]
Bluetooth: Set authentication requirements if not available
When no authentication requirements are selected, but an outgoing or
incoming connection has requested any kind of security enforcement,
then set these authentication requirements.
This ensures that the userspace always gets informed about the
authentication requirements (if available). Only when no security
enforcement has happened, the kernel will signal invalid requirements.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 9 Feb 2009 01:48:38 +0000 (02:48 +0100)]
Bluetooth: Use general bonding whenever possible
When receiving incoming connection to specific services, always use
general bonding. This ensures that the link key gets stored and can be
used for further authentications.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 6 Feb 2009 08:13:37 +0000 (09:13 +0100)]
Bluetooth: Add SCO fallback for eSCO connection attempts
When attempting to setup eSCO connections it can happen that some link
manager implementations fail to properly negotiate the eSCO parameters
and thus fail the eSCO setup. Normally the link manager is responsible
for the negotiation of the parameters and actually fallback to SCO if
no agreement can be reached. In cases where the link manager is just too
stupid, then at least try to establish a SCO link if eSCO fails.
For the Bluetooth devices with EDR support this includes handling packet
types of EDR basebands. This is particular tricky since for the EDR the
logic of enabling/disabling one specific packet type is turned around.
This fix contains an extra bitmask to disable eSCO EDR packet when
trying to fallback to a SCO connection.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Wed, 4 Feb 2009 20:07:19 +0000 (21:07 +0100)]
Bluetooth: Don't check encryption for L2CAP raw sockets
For L2CAP sockets with medium and high security requirement a missing
encryption will enforce the closing of the link. For the L2CAP raw
sockets this is not needed, so skip that check.
This fixes a crash when pairing Bluetooth 2.0 (and earlier) devices
since the L2CAP state machine got confused and then locked up the whole
system.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Wed, 4 Feb 2009 16:41:38 +0000 (17:41 +0100)]
Bluetooth: Submit bulk URBs along with interrupt URBs
Submitting the bulk URBs for ACL data transfers only on demand has no
real benefit compared to just submit them when a Bluetooth device gets
opened. So when submitting the interrupt URBs for HCI events, just
submit the bulk URBs, too.
This solves a problem with some Bluetooth USB dongles that has been
reported over the last few month. These devices require that the bulk
URBs are actually present. These devices are really broken, but there
is nothing we can do about it.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Jaikumar Ganesh [Tue, 3 Feb 2009 02:03:57 +0000 (18:03 -0800)]
Bluetooth: When encryption is dropped, do not send RFCOMM packets
During a role change with pre-Bluetooth 2.1 devices, the remote side drops
the encryption of the RFCOMM connection. We allow a grace period for the
encryption to be re-established, before dropping the connection. During
this grace period, the RFCOMM_SEC_PENDING flag is set. Check this flag
before sending RFCOMM packets.
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Andre Haupt [Mon, 2 Feb 2009 22:45:11 +0000 (14:45 -0800)]
Bluetooth: Eliminate a sparse warning in bt3c driver
This eliminates a sparse warning that symbol 'stat' shadows an earlier one.
Signed-off-by: Andre Haupt <andre@bitwigglers.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Dave Young [Sat, 31 Jan 2009 05:51:15 +0000 (13:51 +0800)]
Bluetooth: Remove CONFIG_DEBUG_LOCK_ALLOC ifdefs
Due to lockdep changes, the CONFIG_DEBUG_LOCK_ALLOC ifdef is not needed
now. So just remove it here.
The following commit fixed the !lockdep build warnings:
commit
e8f6fbf62de37cbc2e179176ac7010d5f4396b67
Author: Ingo Molnar <mingo@elte.hu>
Date: Wed Nov 12 01:38:36 2008 +0000
lockdep: include/linux/lockdep.h - fix warning in net/bluetooth/af_bluetooth.c
Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 16 Jan 2009 09:09:50 +0000 (10:09 +0100)]
Bluetooth: Update version numbers
With the support for the enhanced security model and the support for
deferring connection setup, it is a good idea to increase various
version numbers.
This is purely cosmetic and has no effect on the behavior, but can
be really helpful when debugging problems in different kernel versions.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 16 Jan 2009 09:06:13 +0000 (10:06 +0100)]
Bluetooth: Restrict application of socket options
The new socket options should only be evaluated for SOL_BLUETOOTH level
and not for every other level. Previously this causes some minor issues
when detecting if a kernel with certain features is available.
Also restrict BT_SECURITY to SOCK_SEQPACKET for L2CAP and SOCK_STREAM for
the RFCOMM protocol.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:58:44 +0000 (21:58 +0100)]
Bluetooth: Disconnect L2CAP connections without encryption
For L2CAP connections with high security setting, the link will be
immediately dropped when the encryption gets disabled. For L2CAP
connections with medium security there will be grace period where
the remote device has the chance to re-enable encryption. If it
doesn't happen then the link will also be disconnected.
The requirement for the grace period with medium security comes from
Bluetooth 2.0 and earlier devices that require role switching.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Fri, 16 Jan 2009 07:17:51 +0000 (08:17 +0100)]
Bluetooth: Pause RFCOMM TX when encryption drops
A role switch with devices following the Bluetooth pre-2.1 standards
or without Encryption Pause and Resume support is not possible if
encryption is enabled. Most newer headsets require the role switch,
but also require that the connection is encrypted.
For connections with a high security mode setting, the link will be
immediately dropped. When the connection uses medium security mode
setting, then a grace period is introduced where the TX is halted and
the remote device gets a change to re-enable encryption after the
role switch. If not re-enabled the link will be dropped.
Based on initial work by Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:58:40 +0000 (21:58 +0100)]
Bluetooth: Replace RFCOMM link mode with security level
Change the RFCOMM internals to use the new security levels and remove
the link mode details.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:58:38 +0000 (21:58 +0100)]
Bluetooth: Replace L2CAP link mode with security level
Change the L2CAP internals to use the new security levels and remove
the link mode details.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:58:04 +0000 (21:58 +0100)]
Bluetooth: Add enhanced security model for Simple Pairing
The current security model is based around the flags AUTH, ENCRYPT and
SECURE. Starting with support for the Bluetooth 2.1 specification this is
no longer sufficient. The different security levels are now defined as
SDP, LOW, MEDIUM and SECURE.
Previously it was possible to set each security independently, but this
actually doesn't make a lot of sense. For Bluetooth the encryption depends
on a previous successful authentication. Also you can only update your
existing link key if you successfully created at least one before. And of
course the update of link keys without having proper encryption in place
is a security issue.
The new security levels from the Bluetooth 2.1 specification are now
used internally. All old settings are mapped to the new values and this
way it ensures that old applications still work. The only limitation
is that it is no longer possible to set authentication without also
enabling encryption. No application should have done this anyway since
this is actually a security issue. Without encryption the integrity of
the authentication can't be guaranteed.
As default for a new L2CAP or RFCOMM connection, the LOW security level
is used. The only exception here are the service discovery sessions on
PSM 1 where SDP level is used. To have similar security strength as with
a Bluetooth 2.0 and before combination key, the MEDIUM level should be
used. This is according to the Bluetooth specification. The MEDIUM level
will not require any kind of man-in-the-middle (MITM) protection. Only
the HIGH security level will require this.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:57:03 +0000 (21:57 +0100)]
Bluetooth: Fix SCO state handling for incoming connections
When the remote device supports only SCO connections, on receipt of
the HCI_EV_CONN_COMPLETE event packet, the connect state is changed to
BT_CONNECTED, but the socket state is not updated. Hence, the connect()
call times out even though the SCO connection has been successfully
established.
Based on a report by Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:57:02 +0000 (21:57 +0100)]
Bluetooth: Reject incoming SCO connections without listeners
All SCO and eSCO connection are auto-accepted no matter if there is a
corresponding listening socket for them. This patch changes this and
connection requests for SCO and eSCO without any socket are rejected.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:57:00 +0000 (21:57 +0100)]
Bluetooth: Add support for deferring L2CAP connection setup
In order to decide if listening L2CAP sockets should be accept()ed
the BD_ADDR of the remote device needs to be known. This patch adds
a socket option which defines a timeout for deferring the actual
connection setup.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:56:48 +0000 (21:56 +0100)]
Bluetooth: Add support for deferring RFCOMM connection setup
In order to decide if listening RFCOMM sockets should be accept()ed
the BD_ADDR of the remote device needs to be known. This patch adds
a socket option which defines a timeout for deferring the actual
connection setup.
The connection setup is done after reading from the socket for the
first time. Until then writing to the socket returns ENOTCONN.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:52:16 +0000 (21:52 +0100)]
Bluetooth: Add global deferred socket parameter
The L2CAP and RFCOMM applications require support for authorization
and the ability of rejecting incoming connection requests. The socket
interface is not really able to support this.
This patch does the ground work for a socket option to defer connection
setup. Setting this option allows calling of accept() and then the
first read() will trigger the final connection setup. Calling close()
would reject the connection.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Thu, 15 Jan 2009 20:52:14 +0000 (21:52 +0100)]
Bluetooth: Preparation for usage of SOL_BLUETOOTH
The socket option levels SOL_L2CAP, SOL_RFOMM and SOL_SCO are currently
in use by various Bluetooth applications. Going forward the common
option level SOL_BLUETOOTH should be used. This patch prepares the clean
split of the old and new option levels while keeping everything backward
compatibility.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Victor Shcherbatyuk [Thu, 15 Jan 2009 20:52:12 +0000 (21:52 +0100)]
Bluetooth: Fix issue with return value of rfcomm_sock_sendmsg()
In case of connection failures the rfcomm_sock_sendmsg() should return
an error and not a 0 value.
Signed-off-by: Victor Shcherbatyuk <victor.shcherbatyuk@tomtom.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Linus Torvalds [Mon, 23 Mar 2009 23:12:14 +0000 (16:12 -0700)]
Linux 2.6.29
Kyle McMartin [Mon, 23 Mar 2009 19:25:49 +0000 (15:25 -0400)]
Build with -fno-dwarf2-cfi-asm
With a sufficiently new compiler and binutils, code which wasn't
previously generating .eh_frame sections has begun to. Certain
architectures (powerpc, in this case) may generate unexpected relocation
formats in response to this, preventing modules from loading.
While the new relocation types should probably be handled, revert to the
previous behaviour with regards to generation of .eh_frame sections.
(This was reported against Fedora, which appears to be the only distro
doing any building against gcc-4.4 at present: RH bz#486545.)
Signed-off-by: Kyle McMartin <kyle@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Cc: Alexandre Oliva <aoliva@redhat.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jody McIntyre [Mon, 23 Mar 2009 17:13:34 +0000 (13:13 -0400)]
trivial: fix orphan dates in ext2 documentation
Revert the change to the orphan dates of Windows 95, DOS, compression.
Add a new orphan date for OS/2.
Signed-off-by: Jody McIntyre <scjody@sun.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 23 Mar 2009 16:25:58 +0000 (09:25 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits)
ucc_geth: Fix oops when using fixed-link support
dm9000: locking bugfix
net: update dnet.c for bus_id removal
dnet: DNET should depend on HAS_IOMEM
dca: add missing copyright/license headers
nl80211: Check that function pointer != NULL before using it
sungem: missing net_device_ops
be2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle
be2net: replenish when posting to rx-queue is starved in out of mem conditions
bas_gigaset: correctly allocate USB interrupt transfer buffer
smsc911x: reset last known duplex and carrier on open
sh_eth: Fix mistake of the address of SH7763
sh_eth: Change handling of IRQ
netns: oops in ip[6]_frag_reasm incrementing stats
net: kfree(napi->skb) => kfree_skb
net: fix sctp breakage
ipv6: fix display of local and remote sit endpoints
net: Document /proc/sys/net/core/netdev_budget
tulip: fix crash on iface up with shirq debug
virtio_net: Make virtio_net support carrier detection
...
Linus Torvalds [Mon, 23 Mar 2009 16:25:24 +0000 (09:25 -0700)]
Merge git://git./linux/kernel/git/davem/sparc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Fix crash with /proc/iomem
sparc64: Reschedule KGDB capture to a software interrupt.
sbus: Auto-load openprom module when device opened.
Miklos Szeredi [Mon, 23 Mar 2009 15:07:24 +0000 (16:07 +0100)]
fix ptrace slowness
This patch fixes bug #12208:
Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=12208
Subject : uml is very slow on 2.6.28 host
This turned out to be not a scheduler regression, but an already
existing problem in ptrace being triggered by subtle scheduler
changes.
The problem is this:
- task A is ptracing task B
- task B stops on a trace event
- task A is woken up and preempts task B
- task A calls ptrace on task B, which does ptrace_check_attach()
- this calls wait_task_inactive(), which sees that task B is still on the runq
- task A goes to sleep for a jiffy
- ...
Since UML does lots of the above sequences, those jiffies quickly add
up to make it slow as hell.
This patch solves this by not rescheduling in read_unlock() after
ptrace_stop() has woken up the tracer.
Thanks to Oleg Nesterov and Ingo Molnar for the feedback.
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 23 Mar 2009 15:03:09 +0000 (08:03 -0700)]
Merge branch 'merge' of git://git./linux/kernel/git/galak/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/galak/powerpc:
powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines
Kumar Gala [Sat, 14 Mar 2009 14:23:03 +0000 (09:23 -0500)]
powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines
Grant picked up the wrong version of "Respect _PAGE_COHERENT on classic
ppc32 SW" (commit
a4bd6a93c3f14691c8a29e53eb04dc734b27f0db)
It was missing the code to actually deal with the fixup of
_PAGE_COHERENT based on the CPU feature.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Anton Vorontsov [Mon, 23 Mar 2009 04:30:52 +0000 (21:30 -0700)]
ucc_geth: Fix oops when using fixed-link support
commit
b1c4a9dddf09fe99b8f88252718ac5b357363dc4 ("ucc_geth: Change
uec phy id to the same format as gianfar's") introduced a regression
in the ucc_geth driver that causes this oops when fixed-link is used:
Unable to handle kernel paging request for data at address 0x00000000
Faulting instruction address: 0xc0151270
Oops: Kernel access of bad area, sig: 11 [#1]
TMCUTU
NIP:
c0151270 LR:
c0151270 CTR:
c0017760
REGS:
cf81fa60 TRAP: 0300 Not tainted (2.6.29-rc8)
MSR:
00009032 <EE,ME,IR,DR> CR:
24024042 XER:
20000000
DAR:
00000000, DSISR:
20000000
TASK =
cf81cba0[1] 'swapper' THREAD:
cf81e000
GPR00:
c0151270 cf81fb10 cf81cba0 00000000 c0272e20 c025f354 00001e80
cf86b08c
GPR08:
d1068200 cffffb74 06000000 d106c200 42024042 10085148 0fffd000
0ffc81a0
GPR16:
00000001 00000001 00000000 007ffeb0 00000000 0000c000 cf83f36c
cf83f000
GPR24:
00000030 cf83f360 cf81fb20 00000000 d106c200 20000000 00001e80
cf83f360
NIP [
c0151270] ucc_geth_open+0x330/0x1efc
LR [
c0151270] ucc_geth_open+0x330/0x1efc
Call Trace:
[
cf81fb10] [
c0151270] ucc_geth_open+0x330/0x1efc (unreliable)
[
cf81fba0] [
c0187638] dev_open+0xbc/0x12c
[
cf81fbc0] [
c0187e38] dev_change_flags+0x8c/0x1b0
This patch fixes the issue by removing offending (and somewhat
duplicate) code from init_phy() routine, and changes _probe()
function to use uec_mdio_bus_name().
Also, since we fully construct phy_bus_id in the _probe() routine,
we no longer need ->phy_address and ->mdio_bus fields in
ucc_geth_info structure.
I wish the patch would be a bit shorter, but it seems like the only
way to fix the issue in a sane way. Luckily, the patch has been
tested with real PHYs and fixed-link, so no further regressions
expected.
Reported-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Tested-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Brownell [Mon, 23 Mar 2009 04:28:39 +0000 (21:28 -0700)]
dm9000: locking bugfix
This fixes a locking bug in the dm9000 driver. It calls
request_irq() without setting IRQF_DISABLED ... which is
correct for handlers that support IRQ sharing, since that
behavior is not guaranteed for shared IRQs. However, its
IRQ handler then wrongly assumes that IRQs are blocked.
So the fix just uses the right spinlock primitives in the
IRQ handler.
NOTE: this is a classic example of the type of bug which
lockdep currently masks by forcibly setting IRQF_DISABLED
on IRQ handlers that did not request that flag.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stephen Rothwell [Mon, 23 Mar 2009 04:22:48 +0000 (21:22 -0700)]
net: update dnet.c for bus_id removal
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 22 Mar 2009 18:41:02 +0000 (11:41 -0700)]
Merge git://git./linux/kernel/git/sam/kbuild-fixes
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
kconfig: improve seed in randconfig
kconfig: fix randconfig for choice blocks
Linus Torvalds [Sun, 22 Mar 2009 18:38:57 +0000 (11:38 -0700)]
Merge branch 'fix-includes' of git://git./linux/kernel/git/gerg/m68knommu
* 'fix-includes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: merge the non-MMU and MMU versions of siginfo.h
m68k: use the MMU version of unistd.h for all m68k platforms
m68k: merge the non-MMU and MMU versions of signal.h
m68k: merge the non-MMU and MMU versions of ptrace.h
m68k: use MMU version of setup.h for both MMU and non-MMU
m68k: merge the non-MMU and MMU versions of sigcontext.h
m68k: merge the non-MMU and MMU versions of swab.h
m68k: merge the non-MMU and MMU versions of param.h
Gertjan van Wingerde [Sat, 21 Mar 2009 22:18:57 +0000 (23:18 +0100)]
Update my email address
Update all previous incarnations of my email address to the correct one.
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tyler Hicks [Fri, 20 Mar 2009 07:23:57 +0000 (02:23 -0500)]
eCryptfs: NULL crypt_stat dereference during lookup
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference of crypt_stat
was possible during lookup.
This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.
Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Cc: Dan Carpenter <error27@gmail.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tyler Hicks [Fri, 20 Mar 2009 06:25:09 +0000 (01:25 -0500)]
eCryptfs: Allocate a variable number of pages for file headers
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.
ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.
This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().
Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Dustin Kirkland <kirkland@canonical.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Eugene Teo <eugeneteo@kernel.sg>
Cc: Greg KH <greg@kroah.com>
Cc: dann frazier <dannf@dannf.org>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Florian Streibelt <florian@f-streibelt.de>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Benjamin Herrenschmidt [Thu, 19 Mar 2009 22:22:30 +0000 (09:22 +1100)]
radeonfb: Whack the PCI PM register until it sticks
This fixes a regression introduced when we switched to using the core
pci_set_power_state(). The chip seems to need the state to be written
over and over again until it sticks, so we do that.
Note that the code is a bit blunt, without timeout, etc... but that's
pretty much because I put back in there the code exactly as it used to
be before the regression. I still add a call to pci_set_power_state()
at the end so that ACPI gets called appropriately on x86.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Tested-by: Raymond Wooninck <tittiatcoke@gmail.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ilya Yanok [Sat, 21 Mar 2009 23:58:47 +0000 (16:58 -0700)]
dnet: DNET should depend on HAS_IOMEM
Signed-off-by: Ilya Yanok <yanok@emcraft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Maciej Sosnowski [Sat, 21 Mar 2009 20:31:23 +0000 (13:31 -0700)]
dca: add missing copyright/license headers
In two dca files copyright and license headers are missing.
This patch adds them there.
Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 20 Mar 2009 21:53:36 +0000 (14:53 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6
Jouni Malinen [Fri, 20 Mar 2009 15:57:36 +0000 (17:57 +0200)]
nl80211: Check that function pointer != NULL before using it
NL80211_CMD_GET_MESH_PARAMS and NL80211_CMD_SET_MESH_PARAMS handlers
did not verify whether a function pointer is NULL (not supported by
the driver) before trying to call the function. The former nl80211
command is available for unprivileged users, too, so this can
potentially allow normal users to kill networking (or worse..) if
mac80211 is built without CONFIG_MAC80211_MESH=y.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>