platform/kernel/linux-starfive.git
9 years agoBluetooth: mgmt: multi adv for get_adv_instance_flags()
Florian Grandel [Thu, 18 Jun 2015 01:16:40 +0000 (03:16 +0200)]
Bluetooth: mgmt: multi adv for get_adv_instance_flags()

The get_adv_instance_flags() would not work with instance identifiers
other than 0x01. This is being fixed so that arbitrary instance
identifiers can be dealt with while still correctly dealing with the
special case of the 0x00 identifier.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: mgmt: multi adv for get_current_adv_instance()
Florian Grandel [Thu, 18 Jun 2015 01:16:39 +0000 (03:16 +0200)]
Bluetooth: mgmt: multi adv for get_current_adv_instance()

Replaces the hard coded instance identifier in
get_current_adv_instance() with the actual current instance identifier
so that this method is prepared to work with more than one advertising
instance.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: mgmt: multi adv for read_adv_features()
Florian Grandel [Thu, 18 Jun 2015 01:16:38 +0000 (03:16 +0200)]
Bluetooth: mgmt: multi adv for read_adv_features()

The read_adv_features() method had a single instance identifier hard
coded. Refer to the advertising instance list instead to return a
dynamically generated list of instance identifiers.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: mgmt: rename update_*_data_for_instance()
Florian Grandel [Thu, 18 Jun 2015 01:16:37 +0000 (03:16 +0200)]
Bluetooth: mgmt: rename update_*_data_for_instance()

The ...for_instance function name is quite long and does not follow the
..._inst_... convention followed elsewhere in the code. This patch
renames the ...for_instance functions to their shorter ..._inst_...
version.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: mgmt: dry update_scan_rsp_data()
Florian Grandel [Thu, 18 Jun 2015 01:16:36 +0000 (03:16 +0200)]
Bluetooth: mgmt: dry update_scan_rsp_data()

update_scan_rsp_data() duplicates code from get_current_adv_instance().
This is being fixed by letting the former make use of the latter.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_core/mgmt: move adv timeout to hdev
Florian Grandel [Thu, 18 Jun 2015 01:16:35 +0000 (03:16 +0200)]
Bluetooth: hci_core/mgmt: move adv timeout to hdev

Currently the delayed work managing advertising duration and timeout is
part of the advertising instance structure. This is not correct as only
a single instance can be advertised at any given time. To implement
round robin advertising a single delayed work structure is needed.

To fix this the delayed work structure is being moved to the hci_dev
structure. The instance specific variable is renamed to "remaining_time"
to make it clear that this is the remaining lifetime of the instance and
not the current advertising timeout.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_core/mgmt: Introduce multi-adv list
Florian Grandel [Thu, 18 Jun 2015 01:16:34 +0000 (03:16 +0200)]
Bluetooth: hci_core/mgmt: Introduce multi-adv list

The current hci dev structure only supports a single advertising
instance. To support multi-instance advertising it is necessary to
introduce a linked list of advertising instances so that multiple
advertising instances can be dynamically added and/or removed.

In a first step, the existing adv_instance member of the hci_dev
struct is supplemented by a linked list of advertising instances.
This patch introduces the list and supporting list management
infrastructure. The list is not being used yet.

Signed-off-by: Florian Grandel <fgrandel@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: bt3c_cs: Fix coding style -- clean up
Prasanna Karthik [Thu, 18 Jun 2015 13:51:11 +0000 (13:51 +0000)]
Bluetooth: bt3c_cs: Fix coding style -- clean up

Fix for braces {} are not necessary for single statement blocks
reported by checkpatch

Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Fix speed selection
Frederic Danis [Thu, 18 Jun 2015 10:43:27 +0000 (12:43 +0200)]
Bluetooth: hci_uart: Fix speed selection

hu->proto->*speed will always be used for all device where it is set.
But hu->*speed should be used if exist, so the test should be swapped.

The equivalent change is needed in bcm_setup() of hci_bcm.c.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Add new line discipline enhancements
Ilya Faenson [Wed, 17 Jun 2015 21:30:56 +0000 (17:30 -0400)]
Bluetooth: hci_uart: Add new line discipline enhancements

Added the ability to flow control the UART, improved the UART baud
rate setting, transferred the speeds into line discipline from the
protocol and introduced the tty init function.

Signed-off-by: Ilya Faenson <ifaenson@broadcom.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: 6lowpan: Fix module refcount
Glenn Ruben Bakke [Wed, 17 Jun 2015 14:32:27 +0000 (07:32 -0700)]
Bluetooth: 6lowpan: Fix module refcount

This patch removes the additional module_put() in disconnect_all_peers()
making a correct module refcount so that the module can be removed after
disabling 6lowpan through debugfs.

Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: 6lowpan: Fix double kfree of netdev priv
Glenn Ruben Bakke [Wed, 17 Jun 2015 14:32:26 +0000 (07:32 -0700)]
Bluetooth: 6lowpan: Fix double kfree of netdev priv

This patch removes the kfree of the netdev priv in device_event() upon
NETDEV_UNREGISTER event. The freeing of memory is taken care of by the
netdev destructor.

Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: 6lowpan: Move netdev sysfs device reference
Glenn Ruben Bakke [Wed, 17 Jun 2015 14:32:25 +0000 (07:32 -0700)]
Bluetooth: 6lowpan: Move netdev sysfs device reference

This patch moves the sysfs device used by the netdev from the device of
the first connected peer to the hci sysfs device. Using the sysfs device
of hci instead of the first connected device fixes this issue such that
the sysfs group of tx-0 and bt0 kobject are still present after the last
peer has been deleted and all sysfs entries can be removed.

Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: 6lowpan: Rename ambiguous variable
Glenn Ruben Bakke [Wed, 17 Jun 2015 14:32:24 +0000 (07:32 -0700)]
Bluetooth: 6lowpan: Rename ambiguous variable

This patch renames the variable used to trigger scheduling of
delete_netdev. Changed to infinitiv in order to describe the action
to be done.

Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: 6lowpan: Enable delete_netdev to be scheduled when last peer is deleted
Glenn Ruben Bakke [Wed, 17 Jun 2015 14:32:23 +0000 (07:32 -0700)]
Bluetooth: 6lowpan: Enable delete_netdev to be scheduled when last peer is deleted

This patch fixes an issue with the netdev not being unregistered when
the last peer is deleted. Removing the logical negation operator on the
boolean solves this issue. If the last peer is removed the condition
will be true, and the delete_netdev() is scheduled.

Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btbcm: Support the BCM4354 Bluetooth UART device
Ilya Faenson [Wed, 17 Jun 2015 15:42:46 +0000 (11:42 -0400)]
Bluetooth: btbcm: Support the BCM4354 Bluetooth UART device

Support the BCM4354 chip and introduce vendor specific command
parameter definitions.

Signed-off-by: Ilya Faenson <ifaenson@broadcom.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: iface: cleanup stack variable
Alexander Aring [Wed, 17 Jun 2015 13:35:18 +0000 (15:35 +0200)]
mac802154: iface: cleanup stack variable

There is no need to init res with zero, res can be unused but then we
returning zero and not res.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: iface: fix order while interface up
Alexander Aring [Wed, 17 Jun 2015 13:35:17 +0000 (15:35 +0200)]
mac802154: iface: fix order while interface up

This patch moves the hardware setting before calling the driver start
callback which activates the receive handling. The hardware setup
contains settings like address filtering which should be setup before
activate the receive handling on the transceiver. These setting are
protected by ieee802154_check_concurrent_iface check. This means we
need to set these registers once before calling drv_start and can't
be overwritten by other interfaces.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btusb: Add routine for applying Intel DDC parameters
Tedd Ho-Jeong An [Fri, 12 Jun 2015 23:20:05 +0000 (16:20 -0700)]
Bluetooth: btusb: Add routine for applying Intel DDC parameters

This patch adds the routine to apply the DDC parameter from device
specific ddc file.

Once the device is rest to operational mode, optionally, it can
download the device specific configration (DDC) parameters before
the BlueZ starts the stack initialization.

It opens the DDC file based on HW_VARIANT and DEV_REVISION and
send ID/Value with HCI_Intel_Write_DDC command.

Format of DDC file
DDC file contains one or more number of DDC structure.

DDC Structure
It has 'Length' field of one octet, DDC 'ID' field of
two octets followed by the array of DDC 'Value' that gives
the value of parameters itself.
'Length' contains the length of DDC 'ID' and DDC 'Value'.

+------------+----------+
| Size(byte) |    Name  |
+------------+----------+
|      1     | Length   |
+------------+----------+
|      2     | ID       |
+------------+----------+
| Length - 2 | Value    |
+------------+----------+

Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Fix dereferencing of ERR_PTR
Chan-yeol Park [Wed, 17 Jun 2015 12:10:39 +0000 (21:10 +0900)]
Bluetooth: hci_uart: Fix dereferencing of ERR_PTR

If h4_recv_buf() return ERR_PTR instead sk_buff pointer, it should be
cleared once PTR_ERR is completed for the further dereference such as
h4_recv(), or h4_close().

Signed-off-by: Chan-yeol Park <chanyeol.park@samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoat86rf230: cleanup start and stop callbacks
Alexander Aring [Tue, 16 Jun 2015 09:07:44 +0000 (11:07 +0200)]
at86rf230: cleanup start and stop callbacks

This code cleanups the start and stop callbacks by removing hw->priv and
using the already dereferenced variable lp which is the same.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoat86rf230: add recommended csma backoffs settings
Alexander Aring [Tue, 16 Jun 2015 09:07:43 +0000 (11:07 +0200)]
at86rf230: add recommended csma backoffs settings

This patch adds support for a new random csma backoffs settings when
going into sleep state. This is recommended according at86rf2xx
datasheets.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoat86rf230: fix phy settings while sleeping
Alexander Aring [Tue, 16 Jun 2015 09:07:42 +0000 (11:07 +0200)]
at86rf230: fix phy settings while sleeping

While in sleep state then we can't access the at86rf2xx registers. This
patch checks if the transceiver is in sleep state before sending spi
messages via regmap. Regmap is used on every driver ops callback except
for receive and xmit handling, but while receive and xmit handling the
phy should not be inside the sleep state.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agofakelb: add xmit_async after stop testcase
Alexander Aring [Sun, 14 Jun 2015 14:48:44 +0000 (16:48 +0200)]
fakelb: add xmit_async after stop testcase

This patch adds a suspended testcase into the xmit_async functionality.
In the hope that we can found race conditions when xmit_async is called
after an ieee802154_ops stop. This should never happen.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoat86rf230: add support for sleep state
Alexander Aring [Sat, 13 Jun 2015 20:15:54 +0000 (22:15 +0200)]
at86rf230: add support for sleep state

This patch adds support for sleep state when between stop and start
period. In this period the transceiver isn't used by the subsystem, in
this time we disable the irq and going into the sleep state.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoat86rf230: use level high as fallback default
Alexander Aring [Sat, 13 Jun 2015 20:15:53 +0000 (22:15 +0200)]
at86rf230: use level high as fallback default

This patch use high level interrupt type as fallback handling when no
irq type is given.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: iface: flush workqueue before stop
Alexander Aring [Sat, 13 Jun 2015 20:15:52 +0000 (22:15 +0200)]
mac802154: iface: flush workqueue before stop

This patch flushs the workqueue which is currently used for xmit_sync
callback before calling stop driver-ops. Flush the queue will ensure all
pending tx frames are transmitted.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: iface: fix hrtimer cancel on ifdown
Alexander Aring [Sat, 13 Jun 2015 20:15:51 +0000 (22:15 +0200)]
mac802154: iface: fix hrtimer cancel on ifdown

The interframe spacing timer is a per phy definition and is part of a
ieee802154_local structure. If we have possible multiple interfaces
ifdown one interface then the timer should not be cancled. First if the
last interface is down and the receive handling is stopped we should be
sure that the interframe spacing timer isn't run anymore.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: rx packet handle cleanup
Varka Bhadram [Fri, 12 Jun 2015 07:14:24 +0000 (12:44 +0530)]
mac802154: rx packet handle cleanup

This patch replaces !netif_running(sdata->dev) with
!ieee802154_sdata_running(sdata) and also devide the
code two separate if branches.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Remove redundant check for ACL_LINK
Johan Hedberg [Fri, 12 Jun 2015 10:04:47 +0000 (13:04 +0300)]
Bluetooth: Remove redundant check for ACL_LINK

The encryption key size is read only for BR/EDR (ACL_LINK) connections
so there's no need to check for it in the read_enc_key_size_complete()
callback.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: fix flags BIT definitions order
Alexander Aring [Fri, 12 Jun 2015 07:24:00 +0000 (09:24 +0200)]
mac802154: fix flags BIT definitions order

This patch fixes commits ("mac802154: cleanup ieee802154 hardware flags")
bcbfd2078d9b11277d9c9ce0c30ba73c750503c9 and ("mac802154: cleanup address
filtering flags") 6b70a43c7e0202cf285c864bc9f20f607c42e432 by starting
the flags definitions at BIT(0) which is same like the previous behaviour.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: cleanup llsec param flags
Varka Bhadram [Fri, 12 Jun 2015 03:43:49 +0000 (09:13 +0530)]
mac802154: cleanup llsec param flags

This patch changes the setting of llsec param flag with the BIT macro.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Use actual encryption key size for SMP over BR/EDR
Johan Hedberg [Thu, 11 Jun 2015 10:52:30 +0000 (13:52 +0300)]
Bluetooth: Use actual encryption key size for SMP over BR/EDR

When pairing over SMP over BR/EDR the generated LTK has by default the
same key size as the BR/EDR Link Key. Make sure we don't set our
Pairing Request/Response max value to anything higher than that.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Read encryption key size for BR/EDR connections
Johan Hedberg [Thu, 11 Jun 2015 10:52:29 +0000 (13:52 +0300)]
Bluetooth: Read encryption key size for BR/EDR connections

Since Bluetooth 3.0 there's a HCI command available for reading the
encryption key size of an BR/EDR connection. This information is
essential e.g. for generating an LTK using SMP over BR/EDR, so store
it as part of struct hci_conn.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Move SC-only check outside of BT_CONFIG branch
Johan Hedberg [Thu, 11 Jun 2015 10:52:28 +0000 (13:52 +0300)]
Bluetooth: Move SC-only check outside of BT_CONFIG branch

Checking for SC-only mode requirements when we get an encrypt change
event shouldn't be limited to the BT_CONFIG state but done any time
encryption changes.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Add debugfs support for min LE encryption key size
Johan Hedberg [Thu, 11 Jun 2015 10:52:27 +0000 (13:52 +0300)]
Bluetooth: Add debugfs support for min LE encryption key size

This patch adds a debugfs control to set a different minimum LE
encryption key size. This is useful for testing that implementation of
the encryption key size handling is behaving correctly (e.g. that we
get appropriate 'Encryption Key Size' error responses when necessary).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Add debugfs support for max LE encryption key size
Johan Hedberg [Thu, 11 Jun 2015 10:52:26 +0000 (13:52 +0300)]
Bluetooth: Add debugfs support for max LE encryption key size

This patch adds a debugfs control to set a different maximum LE
encryption key size. This is useful for testing that implementation of
the encryption key size handling is behaving correctly.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Stop sabotaging list poisoning
Alexey Dobriyan [Wed, 10 Jun 2015 17:28:33 +0000 (20:28 +0300)]
Bluetooth: Stop sabotaging list poisoning

list_del() poisons pointers with special values, no need to overwrite them.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agonl802154: fix misspelled enum
Christoffer Holmstedt [Wed, 10 Jun 2015 09:03:59 +0000 (11:03 +0200)]
nl802154: fix misspelled enum

Signed-off-by: Christoffer Holmstedt <christoffer@christofferholmstedt.se>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Fix exposing full value of shortened LTKs
Johan Hedberg [Wed, 10 Jun 2015 08:11:20 +0000 (11:11 +0300)]
Bluetooth: Fix exposing full value of shortened LTKs

When we notify user space of a new LTK or distribute an LTK to the
remote peer the value passed should be the shortened version so that
it's easy to compare values in various traces. The core spec also sets
the requirements for the shortening/masking as:

"The masking shall be done after generation and before being
distributed, used or stored."

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Add bcm_set_baudrate()
Frederic Danis [Tue, 9 Jun 2015 14:15:37 +0000 (16:15 +0200)]
Bluetooth: hci_uart: Add bcm_set_baudrate()

Add vendor specific command to change controller device speed.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154: cc2520: check for return values in cc2520_filter()
Stefan Schmidt [Tue, 9 Jun 2015 09:49:27 +0000 (11:49 +0200)]
ieee802154: cc2520: check for return values in cc2520_filter()

neither ram nor register write return values have been checked here.
Checking both now. Assign ret with 0 as all other assignments are inside
if blocks and might not happen before we return ret.

CID: 1230469
Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Acked-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_bcsp: Clean up code Fix
Prasanna Karthik [Tue, 9 Jun 2015 11:51:53 +0000 (11:51 +0000)]
Bluetooth: hci_bcsp: Clean up code Fix

Fix for spaces prohibited around that '->' reported by checkpatch and space prohibited
between function name and open parenthesis '('

Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Move SCO support under BT_BREDR config option
Arron Wang [Tue, 9 Jun 2015 09:47:23 +0000 (17:47 +0800)]
Bluetooth: Move SCO support under BT_BREDR config option

SCO/eSCO link is supported by BR/EDR controller, it is
suitable to move them under BT_BREDR config option

Signed-off-by: Arron Wang <arron.wang@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Make l2cap_recv_acldata() and sco_recv_scodata() return void
Arron Wang [Tue, 9 Jun 2015 09:47:22 +0000 (17:47 +0800)]
Bluetooth: Make l2cap_recv_acldata() and sco_recv_scodata() return void

The return value of l2cap_recv_acldata() and sco_recv_scodata()
are not used, then change it to return void

Signed-off-by: Arron Wang <arron.wang@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Don't call shutdown when leaving user channel
Loic Poulain [Tue, 9 Jun 2015 09:46:30 +0000 (11:46 +0200)]
Bluetooth: Don't call shutdown when leaving user channel

Don't interfere with the user channel exclusive access.

Signed-off-by: Loic Poulain <loic.poulain@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154/mrf24j40: make sure we do not override return values
Stefan Schmidt [Tue, 9 Jun 2015 08:52:26 +0000 (10:52 +0200)]
ieee802154/mrf24j40: make sure we do not override return values

If we run into an error during rx we set the the error code in ret, but override
it afterwards. Using a different variable for the extra case avoids this
situation.

CID: 1226982, 1226983
Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Cc: Alan Ott <alan@signal11.us>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154/iface: remove superfluous WARN_ON call in slave_open()
Stefan Schmidt [Mon, 8 Jun 2015 20:06:40 +0000 (22:06 +0200)]
mac802154/iface: remove superfluous WARN_ON call in slave_open()

This call was used before we aligned our code with the wireless code base. We
are wanted to handle this in the err: code path. Which would actually not work
because the WARN_ON() macro would reset the res value to 0 and thus we would
never hit err:. Removing it makes the code do what we actually intend.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btusb: Fix secure send command length alignment on Intel 8260
Marcel Holtmann [Sun, 7 Jun 2015 07:47:08 +0000 (09:47 +0200)]
Bluetooth: btusb: Fix secure send command length alignment on Intel 8260

This patch fixes the command length alignment issue for Intel Bluetooth
8260.

The length of parameters in the firmware downloading command must be
multiplication of 4. If not, the command must append Intel_NOP command
with extra parameters, zeros, at the end, and the firmware file is
already included Intel_NOP command for alignment.

This patch checks the next command and if the next command is Intel_NOP
command, it reads the Intel_NOP command and send them together.

For example, if the data from the firmware file looks like this:
8E FC 03 11 22 33 02 FC 03 00 00 00

Previously, btusb sends two commands:
09 FC 06 8E FC 03 11 22 33
09 FC 06 02 FC 03 00 00 00

This won't work because the length of parameters are 6 which violates
the 4 byte alignment.

This patch will append them together and send as one command:
09 FC 0C 8E FC 03 11 22 33 02 FC 03 00 00 00

Based on previous work from Tedd Ho-Jeong An <tedd.an@intel.com>

Reported-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Tested-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
9 years agoBluetooth: Fix encryption key size handling for LTKs
Johan Hedberg [Mon, 8 Jun 2015 15:14:39 +0000 (18:14 +0300)]
Bluetooth: Fix encryption key size handling for LTKs

The encryption key size for LTKs is supposed to be applied only at the
moment of encryption. When generating a Link Key (using LE SC) from
the LTK the full non-shortened value should be used. This patch
modifies the code to always keep the full value around and only apply
the key size when passing the value to HCI.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btusb: Correct typo in Roper Class 1 Bluetooth Dongle
Aleksei Volkov [Mon, 8 Jun 2015 09:02:10 +0000 (12:02 +0300)]
Bluetooth: btusb: Correct typo in Roper Class 1 Bluetooth Dongle

That patch corrects the typo in usb vendor id for Roper Class 1 Bluetooth
Dongle. Problem with typo is present since 4.0 kernel.

Content /sys/kernel/debug/usb/devices for these dongle:

T:  Bus=05 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=1310 ProdID=0001 Rev=15.00
S:  Manufacturer=SiW
S:  Product=SiW
S:  SerialNumber=E7BB050D0B00
C:* #Ifs= 2 Cfg#= 1 Atr=a0 MxPwr= 50mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms

Signed-off-by: Aleksei Volkov <info@dv2c.ru>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.0.x
9 years agoBluetooth: btusb: Remove unneeded btusb_read_local_version function
Marcel Holtmann [Sun, 7 Jun 2015 08:01:02 +0000 (10:01 +0200)]
Bluetooth: btusb: Remove unneeded btusb_read_local_version function

The btusb_read_local_version function has only a single user and with
that just move its functionality in place where it belongs.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
9 years agoBluetooth: btusb: Remove double error check from local version command
Marcel Holtmann [Sun, 7 Jun 2015 08:01:01 +0000 (10:01 +0200)]
Bluetooth: btusb: Remove double error check from local version command

The __hci_cmd_sync function already handles the command status and
command complete errors. No need to check the status field again.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
9 years agoBluetooth: btusb: Fix memory leak in Intel setup routine
Marcel Holtmann [Sun, 7 Jun 2015 07:42:19 +0000 (09:42 +0200)]
Bluetooth: btusb: Fix memory leak in Intel setup routine

The SKB returned from the Intel specific version information command is
missing a kfree_skb.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
9 years agoBluetooth: Fix race condition with user channel and setup stage
Marcel Holtmann [Sat, 6 Jun 2015 04:06:49 +0000 (06:06 +0200)]
Bluetooth: Fix race condition with user channel and setup stage

During the initial setup stage of a controller, the low-level transport
is actually active. This means that HCI_UP is true. To avoid toggling
the transport off and back on again for normal operation the kernel
holds a grace period with HCI_AUTO_OFF that will turn the low-level
transport off in case no user is present.

The idea of the grace period is important to avoid having to initialize
all of the controller twice. So legacy ioctl and the new management
interface knows how to clear this grace period and then start normal
operation.

For the user channel operation this grace period has not been taken into
account which results in the problem that HCI_UP and HCI_AUTO_OFF are
set and the kernel will return EBUSY. However from a system point of
view the controller is ready to be grabbed by either the ioctl, the
management interface or the user channel.

This patch brings the user channel to the same level as the other two
entries for operating a controller.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Cc: stable@vger.kernel.org
9 years agoath3k: add support of 13d3:3474 AR3012 device
Dmitry Tunin [Sat, 6 Jun 2015 17:29:25 +0000 (20:29 +0300)]
ath3k: add support of 13d3:3474 AR3012 device

BugLink: https://bugs.launchpad.net/bugs/1427680
This device requires new firmware files
 AthrBT_0x11020100.dfu and ramps_0x11020100_40.dfu added to
/lib/firmware/ar3k/ that are not included in linux-firmware yet.

T: Bus=01 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 4 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=13d3 ProdID=3474 Rev=00.01
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
9 years agoath3k: Add support of 0489:e076 AR3012 device
Dmitry Tunin [Sat, 6 Jun 2015 17:25:40 +0000 (20:25 +0300)]
ath3k: Add support of 0489:e076 AR3012 device

BugLink: https://bugs.launchpad.net/bugs/1462614
This device requires new firmware files
 AthrBT_0x11020100.dfu and ramps_0x11020100_40.dfu added to
/lib/firmware/ar3k/ that are not included in linux-firmware yet.

T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=06 Dev#= 7 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e076 Rev= 0.01
C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
9 years agomac802154: change pan_coord type to bool
Alexander Aring [Sat, 6 Jun 2015 15:30:53 +0000 (17:30 +0200)]
mac802154: change pan_coord type to bool

To indicate if it's a coordinator or not a bool is enough. There should
no more values available which represent some other state.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: add missing structure comments
Alexander Aring [Sat, 6 Jun 2015 15:30:52 +0000 (17:30 +0200)]
mac802154: add missing structure comments

This patch add missing comments to internal mac802154 structures.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: rearrange attribute in ieee802154_hw
Alexander Aring [Sat, 6 Jun 2015 15:30:51 +0000 (17:30 +0200)]
mac802154: rearrange attribute in ieee802154_hw

This patch removes the priv attribute in ieee802154_hw to the right
section which is commented by attributes which needs to be filled by
driver layer.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: remove unused hw_filt attribute
Alexander Aring [Sat, 6 Jun 2015 15:30:50 +0000 (17:30 +0200)]
mac802154: remove unused hw_filt attribute

This patch removed an attribute from ieee802154_hw structure which is
never used inside kernel. Address information are stored inside wpan_dev
nowadays.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: cleanup ieee802154 hardware flags
Alexander Aring [Sat, 6 Jun 2015 15:30:49 +0000 (17:30 +0200)]
mac802154: cleanup ieee802154 hardware flags

This patch changes the ieee802154 hardware flags to enums and setting the
flag values with the BIT macro. Additional this patch changes the
commenting style for matching usual kernel style.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: remove aack hw flag
Alexander Aring [Sat, 6 Jun 2015 15:30:48 +0000 (17:30 +0200)]
mac802154: remove aack hw flag

This patch removes the hardware auto acknowdledge flag which indicates
that the transceiver supports this handling. This flag is never
evaluated inside mac802154 and all transceivers should support this
handling by default per hardware.

Suggested-by: Lennert Buytenhek <buytenh@wantstofly.org>
Cc: Alan Ott <alan@signal11.us>
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Stefan Schmidt <stefan@osg.samsung.com>
Acked-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: cleanup address filtering flags
Alexander Aring [Sat, 6 Jun 2015 15:30:47 +0000 (17:30 +0200)]
mac802154: cleanup address filtering flags

This patch changes the address filtering flags to enums and setting the
flag values with the BIT macro. Additional this patch changes the
commenting style for matching usual kernel style.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agomac802154: remove unneeded vif struct
Alexander Aring [Sat, 6 Jun 2015 15:30:46 +0000 (17:30 +0200)]
mac802154: remove unneeded vif struct

This patch removes the virtual interface structure from sub if data
struct, because it isn't used anywhere. This structure could be useful
for give per interface information at softmac driver layer. Nevertheless
there exist no use case currently and it contains the interface type
information currently. This information is also stored inside wpan dev
which is now used to check on the wpan dev interface type.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Varka Bhadram <varkabhadram@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Reorder HCI user channel socket release
Loic Poulain [Thu, 21 May 2015 14:46:41 +0000 (16:46 +0200)]
Bluetooth: Reorder HCI user channel socket release

The hci close method needs to know if we are in user channel context.
Only add the index to mgmt once close is performed.

Signed-off-by: Loic Poulain <loic.poulain@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: Fix potential NULL dereference in RFCOMM bind callback
Jaganath Kanakkassery [Thu, 14 May 2015 07:28:08 +0000 (12:58 +0530)]
Bluetooth: Fix potential NULL dereference in RFCOMM bind callback

addr can be NULL and it should not be dereferenced before NULL checking.

Signed-off-by: Jaganath Kanakkassery <jaganath.k@samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Update Broadcom UART setup
Frederic Danis [Thu, 28 May 2015 09:25:05 +0000 (11:25 +0200)]
Bluetooth: hci_uart: Update Broadcom UART setup

Use btbcm helpers to perform controller setup.
Perform host UART reset to init speed between btbcm_patchram() and
btbcm_finalize(). This may be need because firmware loading may have
reseted controller UART to init speed.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btbcm: Add helper functions for UART setup
Frederic Danis [Thu, 28 May 2015 09:25:04 +0000 (11:25 +0200)]
Bluetooth: btbcm: Add helper functions for UART setup

Firmware loading may reset the controller UART speed and needs to set
host UART speed back to init speed.

UART drivers setup is split in 3 parts:
- btbcm_initialize() resets the controller and returns the firmware
  name based on controller revision and sub_version.
- btbtcm_patchram() (already existing and public), which takes the
  firmware name as parameter, requests the firmware and loads it to
  the controller.
- btbcm_finalize() which resets the controller, reads local version
  and checks if the controller address is a default one or not.

Remove firmware name retrieval for UART controllers from
btbcm_setup_patchram().

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: hci_uart: Support operational speed during setup
Frederic Danis [Thu, 28 May 2015 09:25:03 +0000 (11:25 +0200)]
Bluetooth: hci_uart: Support operational speed during setup

Add initial and operational speeds.
Change to operational speed as soon as possible. If controller
set_baudrate() fails, continue at initial speed.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btbcm: Add BCM4324B3 UART device
Frederic Danis [Thu, 28 May 2015 09:25:02 +0000 (11:25 +0200)]
Bluetooth: btbcm: Add BCM4324B3 UART device

Add "waiting for configuration" address.
Add lmp_subver and firmware name for BCM4324B3 controller.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: btbcm: Move request/release_firmware()
Frederic Danis [Thu, 28 May 2015 09:25:01 +0000 (11:25 +0200)]
Bluetooth: btbcm: Move request/release_firmware()

Move request/release_firmware() out of btbcm_patchram().
This allows a better error management, if request_firmware() returns an
error then the controller will be used without firmware loading and 0 is
returned.
This will imply to change btbcm_patchram() to accept a firmware instead
of firmware name.

Signed-off-by: Frederic Danis <frederic.danis@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agonl802154: export supported commands
Varka Bhadram [Thu, 4 Jun 2015 07:37:36 +0000 (13:07 +0530)]
nl802154: export supported commands

This patch will export the supported commands by the devices
to the userspace. This will be useful to check if HardMAC
drivers can support a specific command or not.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154: Fix sockaddr_ieee802154 implicit padding information leak.
Lennert Buytenhek [Wed, 3 Jun 2015 07:50:19 +0000 (10:50 +0300)]
ieee802154: Fix sockaddr_ieee802154 implicit padding information leak.

The AF_IEEE802154 sockaddr looks like this:

struct sockaddr_ieee802154 {
sa_family_t family; /* AF_IEEE802154 */
struct ieee802154_addr_sa addr;
};

struct ieee802154_addr_sa {
int addr_type;
u16 pan_id;
union {
u8 hwaddr[IEEE802154_ADDR_LEN];
u16 short_addr;
};
};

On most architectures there will be implicit structure padding here,
in two different places:

* In struct sockaddr_ieee802154, two bytes of padding between 'family'
  (unsigned short) and 'addr', so that 'addr' starts on a four byte
  boundary.

* In struct ieee802154_addr_sa, two bytes at the end of the structure,
  to make the structure 16 bytes.

When calling recvmsg(2) on a PF_IEEE802154 SOCK_DGRAM socket, the
ieee802154 stack constructs a struct sockaddr_ieee802154 on the
kernel stack without clearing these padding fields, and, depending
on the addr_type, between four and ten bytes of uncleared kernel
stack will be copied to userspace.

We can't just insert two 'u16 __pad's in the right places and zero
those before copying an address to userspace, as not all architectures
insert this implicit padding -- from a quick test it seems that avr32,
cris and m68k don't insert this padding, while every other architecture
that I have cross compilers for does insert this padding.

The easiest way to plug the leak is to just memset the whole struct
sockaddr_ieee802154 before filling in the fields we want to fill in,
and that's what this patch does.

Cc: stable@vger.kernel.org
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocfg802154: fix rdev-ops naming convension and format specifiers
Varka Bhadram [Wed, 3 Jun 2015 03:51:47 +0000 (09:21 +0530)]
cfg802154: fix rdev-ops naming convension and format specifiers

This patch make to use the same naming convention that mac802154
tracing follows and fixes the format specifier for extended addr.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoBluetooth: vhci: Clean up coding style fix
Prasanna Karthik [Tue, 2 Jun 2015 10:50:15 +0000 (10:50 +0000)]
Bluetooth: vhci: Clean up coding style fix

Fix spaces required around that '=' reported by checkpatch.

Signed-off-by: Prasanna Karthik <mkarthi3@visteon.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
9 years agomac802154: add trace functionality for driver ops
Varka Bhadram [Mon, 1 Jun 2015 08:52:26 +0000 (14:22 +0530)]
mac802154: add trace functionality for driver ops

This patch adds trace events for driver operations.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154: 6lowpan: set ackreq when needed
Alexander Aring [Tue, 2 Jun 2015 13:55:17 +0000 (15:55 +0200)]
ieee802154: 6lowpan: set ackreq when needed

This patch sets the acknowledge request bit inside the 802.15.4 mac
header when frame retries is 0 or above. The other frame retries value
which is -1 indicates that the transmitter doesn't care about an
acknowledge frame which will be ignored after transmitting if the node
sends anyway an ack frame after receiving. This is currently unnecessary
traffic if the max frame retries parameter is -1.

Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Reviewed-by: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocc2520: update current channel
Varka Bhadram [Fri, 29 May 2015 05:26:58 +0000 (10:56 +0530)]
cc2520: update current channel

This patch updates the current channel to 11. This is the default
value on reset.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocc2520: update initial transmit power value
Varka Bhadram [Fri, 29 May 2015 05:26:57 +0000 (10:56 +0530)]
cc2520: update initial transmit power value

CC2520 has the default 0dBm transmit power level  on reset.
This patch update initial value of transmit power with 0dBm value.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Cc: Brad Campbell <bradjc5@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocc2520: add set transmit power setting support
Varka Bhadram [Fri, 29 May 2015 05:26:56 +0000 (10:56 +0530)]
cc2520: add set transmit power setting support

This patch adds support for seeting tx power values for cc2520
and also for the combination of CC2520-CC2591.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Cc: Brad Campbell <bradjc5@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocc2520: fix CC2591 handling
Varka Bhadram [Fri, 29 May 2015 05:26:55 +0000 (10:56 +0530)]
cc2520: fix CC2591 handling

This patch changes tha way of handling of cc2591-cc2520 combination
by moving amplified variable from platform data to private data.
This will be useful in other sections like tx power support.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Cc: Brad Campbell <bradjc5@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agocc2520: fix in default tx power setting
Varka Bhadram [Fri, 29 May 2015 05:26:54 +0000 (10:56 +0530)]
cc2520: fix in default tx power setting

Initially we dont have the tx power settings from the user-space.
Now we have the support for seeting the tx power level.

So lets use the default tx power setting for the radio.

Signed-off-by: Varka Bhadram <varkab@cdac.in>
Cc: Brad Campbell <bradjc5@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoMAINTAINERS: Add myself as maintainer for the atusb driver
Stefan Schmidt [Fri, 29 May 2015 08:51:28 +0000 (10:51 +0200)]
MAINTAINERS: Add myself as maintainer for the atusb driver

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154/atusb: Add .set_promiscuous_mode driver operation
Stefan Schmidt [Fri, 29 May 2015 08:51:27 +0000 (10:51 +0200)]
ieee802154/atusb: Add .set_promiscuous_mode driver operation

Allow monitor mode operation with disabled AACK in hardware.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154/atusb: Add .set_txpower operation to the driver
Stefan Schmidt [Fri, 29 May 2015 08:51:26 +0000 (10:51 +0200)]
ieee802154/atusb: Add .set_txpower operation to the driver

Atusb uses the at86rf231 transceiver so we can use the same calculation
for txpower settings for it.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154/atusb: Add function for partial register writes
Stefan Schmidt [Fri, 29 May 2015 08:51:25 +0000 (10:51 +0200)]
ieee802154/atusb: Add function for partial register writes

With this function we can set individual bits in the registers if needed.
With the old SR_VALUE macro we could only set one bit in the register
which was ok for some scenarios but not for all. With this subreg write
function we can now set more bits defined by the mask while not touching
the rest.

We start using it for the current SR_VALUE use case and will use it more
in upcoming patches.

Signed-off-by: Stefan Schmidt <stefan@osg.samsung.com>
Reviewed-by: Varka Bhadram <varkabhadram@gmail.com>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154: Fix EUI-64 station address validation.
Lennert Buytenhek [Thu, 28 May 2015 12:38:43 +0000 (15:38 +0300)]
ieee802154: Fix EUI-64 station address validation.

Refuse to allow setting an EUI-64 group address as an interface
address, as those are not valid station addresses.

Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoieee802154: Fix generation of random EUI-64 addresses.
Lennert Buytenhek [Thu, 28 May 2015 12:38:32 +0000 (15:38 +0300)]
ieee802154: Fix generation of random EUI-64 addresses.

Currently, ieee802154_random_extended_addr() has a 50% chance of
generating a group (multicast) address, while this function is used
for generating station addresses (which can't be group addresses)
for interfaces that don't have a hardware-provided address.

Also, in case get_random_bytes() generates the EUI-64 address
00:00:00:00:00:00:00:00 (extremely unlikely), which is an invalid
address, ieee802154_random_extended_addr() reacts by changing it
to 01:00:00:00:00:00:00:00, which is an invalid station address as
well, as it is a group address.

This patch changes the address generation procedure to grab eight
random bytes, treat that as an EUI-64, and then clear the Group
address bit and set the Locally Administered bit, which is in
line with how eth_random_addr() generates random EUI-48s.

Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Acked-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
9 years agoMerge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge
David S. Miller [Sun, 31 May 2015 08:07:06 +0000 (01:07 -0700)]
Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge

Antonio Quartulli says:

====================
Included changes:
- checkpatch fixes
- code cleanup
- debugfs component is now compiled only if DEBUG_FS is selected
- update copyright years
- disable by default not-so-user-safe features
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agobpf: add missing rcu protection when releasing programs from prog_array
Alexei Starovoitov [Fri, 29 May 2015 02:26:02 +0000 (19:26 -0700)]
bpf: add missing rcu protection when releasing programs from prog_array

Normally the program attachment place (like sockets, qdiscs) takes
care of rcu protection and calls bpf_prog_put() after a grace period.
The programs stored inside prog_array may not be attached anywhere,
so prog_array needs to take care of preserving rcu protection.
Otherwise bpf_tail_call() will race with bpf_prog_put().
To solve that introduce bpf_prog_put_rcu() helper function and use
it in 3 places where unattached program can decrement refcnt:
closing program fd, deleting/replacing program in prog_array.

Fixes: 04fd61ab36ec ("bpf: allow bpf programs to tail-call other bpf programs")
Reported-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'hv_netvsc-next'
David S. Miller [Sun, 31 May 2015 07:23:11 +0000 (00:23 -0700)]
Merge branch 'hv_netvsc-next'

K. Y. Srinivasan says:

====================
hv_netvsc: Implement NUMA aware memory allocation

Allocate both receive buffer and send buffer from the NUMA node assigned to the
primary channel.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agohv_netvsc: Allocate the sendbuf in a NUMA aware way
K. Y. Srinivasan [Fri, 29 May 2015 00:08:07 +0000 (17:08 -0700)]
hv_netvsc: Allocate the sendbuf in a NUMA aware way

Allocate the send buffer in a NUMA aware way.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agohv_netvsc: Allocate the receive buffer from the correct NUMA node
K. Y. Srinivasan [Fri, 29 May 2015 00:08:06 +0000 (17:08 -0700)]
hv_netvsc: Allocate the receive buffer from the correct NUMA node

Allocate the receive bufer from the NUMA node assigned to the primary
channel.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonetevent: remove automatic variable in register_netevent_notifier()
Wang Long [Fri, 29 May 2015 01:02:08 +0000 (01:02 +0000)]
netevent: remove automatic variable in register_netevent_notifier()

Remove automatic variable 'err' in register_netevent_notifier() and
return the result of atomic_notifier_chain_register() directly.

Signed-off-by: Wang Long <long.wanglong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
David S. Miller [Sun, 31 May 2015 07:02:30 +0000 (00:02 -0700)]
Merge git://git./linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for net-next, they are:

1) default CONFIG_NETFILTER_INGRESS to y for easier compile-testing of all
   options.

2) Allow to bind a table to net_device. This introduces the internal
   NFT_AF_NEEDS_DEV flag to perform a mandatory check for this binding.
   This is required by the next patch.

3) Add the 'netdev' table family, this new table allows you to create ingress
   filter basechains. This provides access to the existing nf_tables features
   from ingress.

4) Kill unused argument from compat_find_calc_{match,target} in ip_tables
   and ip6_tables, from Florian Westphal.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'systemport-next'
David S. Miller [Sun, 31 May 2015 06:51:37 +0000 (23:51 -0700)]
Merge branch 'systemport-next'

Florian Fainelli says:

====================
net: systemport: misc improvements

These patches are highly inspired by changes from Petri on bcmgenet, last patch
is a misc fix that I had pending for a while, but is not a candidate for 'net'
at this point.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: systemport: Add a check for oversized packets
Florian Fainelli [Thu, 28 May 2015 22:24:44 +0000 (15:24 -0700)]
net: systemport: Add a check for oversized packets

Occasionnaly we may get oversized packets from the hardware which exceed
the nomimal 2KiB buffer size we allocate SKBs with. Add an early check
which drops the packet to avoid invoking skb_over_panic() and move on to
processing the next packet.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: systemport: rewrite bcm_sysport_rx_refill
Florian Fainelli [Thu, 28 May 2015 22:24:43 +0000 (15:24 -0700)]
net: systemport: rewrite bcm_sysport_rx_refill

Currently, bcm_sysport_desc_rx() calls bcm_sysport_rx_refill() at the end of Rx
packet processing loop, after the current Rx packet has already been passed to
napi_gro_receive(). However, bcm_sysport_rx_refill() might fail to allocate a new
Rx skb, thus leaving a hole on the Rx queue where no valid Rx buffer exists.

To eliminate this situation:

1. Rewrite bcm_sysport_rx_refill() to retain the current Rx skb on the
Rx queue if a new replacement Rx skb can't be allocated and DMA-mapped.
In this case, the data on the current Rx skb is effectively dropped.

2. Modify bcm_sysport_desc_rx() to call bcm_sysport_rx_refill() at the
top of Rx packet processing loop, so that the new replacement Rx skb is
already in place before the current Rx skb is processed.

This is loosely inspired from d6707bec5986 ("net: bcmgenet: rewrite
bcmgenet_rx_refill()")

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: systemport: Pre-calculate and utilize cb->bd_addr
Florian Fainelli [Thu, 28 May 2015 22:24:42 +0000 (15:24 -0700)]
net: systemport: Pre-calculate and utilize cb->bd_addr

There is a 1:1 mapping between the software maintained control block in
priv->rx_cbs and the buffer address in priv->rx_bds, such that there is
no need to keep computing the buffer address when refiling a control
block.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>