Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (27 commits)
[Bluetooth] Add RFCOMM role switch support
[Bluetooth] Allow disabling of credit based flow control
[Bluetooth] Small cleanup of the L2CAP source code
[Bluetooth] Use real devices for host controllers
[Bluetooth] Add platform device for virtual and serial devices
[Bluetooth] Add automatic sniff mode support
[Bluetooth] Correct SCO buffer size on request
[Bluetooth] Add suspend/resume support to the HCI USB driver
[Bluetooth] Use raw mode for the Frontline sniffer device
[BRIDGE]: br_dump_ifinfo index fix
[ATM]: add+use poison defines
[NET]: add+use poison defines
[IOAT]: fix kernel-doc in source files
[IOAT]: fix header file kernel-doc
[TG3]: Add ipv6 TSO feature
[IPV6]: Fix ipv6 GSO payload length
[TIPC] Fixed sk_buff panic caused by tipc_link_bundle_buf (REVISED)
[NET]: Verify gso_type too in gso_segment
[IPVS]: Add sysctl documentation
[ROSE]: Try all routes when establishing a ROSE connections.
...

+1173 -478
+143
Documentation/networking/ipvs-sysctl.txt
··· 1 + /proc/sys/net/ipv4/vs/* Variables: 2 + 3 + am_droprate - INTEGER 4 + default 10 5 + 6 + It sets the always mode drop rate, which is used in the mode 3 7 + of the drop_rate defense. 8 + 9 + amemthresh - INTEGER 10 + default 1024 11 + 12 + It sets the available memory threshold (in pages), which is 13 + used in the automatic modes of defense. When there is no 14 + enough available memory, the respective strategy will be 15 + enabled and the variable is automatically set to 2, otherwise 16 + the strategy is disabled and the variable is set to 1. 17 + 18 + cache_bypass - BOOLEAN 19 + 0 - disabled (default) 20 + not 0 - enabled 21 + 22 + If it is enabled, forward packets to the original destination 23 + directly when no cache server is available and destination 24 + address is not local (iph->daddr is RTN_UNICAST). It is mostly 25 + used in transparent web cache cluster. 26 + 27 + debug_level - INTEGER 28 + 0 - transmission error messages (default) 29 + 1 - non-fatal error messages 30 + 2 - configuration 31 + 3 - destination trash 32 + 4 - drop entry 33 + 5 - service lookup 34 + 6 - scheduling 35 + 7 - connection new/expire, lookup and synchronization 36 + 8 - state transition 37 + 9 - binding destination, template checks and applications 38 + 10 - IPVS packet transmission 39 + 11 - IPVS packet handling (ip_vs_in/ip_vs_out) 40 + 12 or more - packet traversal 41 + 42 + Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG 43 + 44 + Higher debugging levels include the messages for lower debugging 45 + levels, so setting debug level 2, includes level 0, 1 and 2 46 + messages. Thus, logging becomes more and more verbose the higher 47 + the level. 48 + 49 + drop_entry - INTEGER 50 + 0 - disabled (default) 51 + 52 + The drop_entry defense is to randomly drop entries in the 53 + connection hash table, just in order to collect back some 54 + memory for new connections. In the current code, the 55 + drop_entry procedure can be activated every second, then it 56 + randomly scans 1/32 of the whole and drops entries that are in 57 + the SYN-RECV/SYNACK state, which should be effective against 58 + syn-flooding attack. 59 + 60 + The valid values of drop_entry are from 0 to 3, where 0 means 61 + that this strategy is always disabled, 1 and 2 mean automatic 62 + modes (when there is no enough available memory, the strategy 63 + is enabled and the variable is automatically set to 2, 64 + otherwise the strategy is disabled and the variable is set to 65 + 1), and 3 means that that the strategy is always enabled. 66 + 67 + drop_packet - INTEGER 68 + 0 - disabled (default) 69 + 70 + The drop_packet defense is designed to drop 1/rate packets 71 + before forwarding them to real servers. If the rate is 1, then 72 + drop all the incoming packets. 73 + 74 + The value definition is the same as that of the drop_entry. In 75 + the automatic mode, the rate is determined by the follow 76 + formula: rate = amemthresh / (amemthresh - available_memory) 77 + when available memory is less than the available memory 78 + threshold. When the mode 3 is set, the always mode drop rate 79 + is controlled by the /proc/sys/net/ipv4/vs/am_droprate. 80 + 81 + expire_nodest_conn - BOOLEAN 82 + 0 - disabled (default) 83 + not 0 - enabled 84 + 85 + The default value is 0, the load balancer will silently drop 86 + packets when its destination server is not available. It may 87 + be useful, when user-space monitoring program deletes the 88 + destination server (because of server overload or wrong 89 + detection) and add back the server later, and the connections 90 + to the server can continue. 91 + 92 + If this feature is enabled, the load balancer will expire the 93 + connection immediately when a packet arrives and its 94 + destination server is not available, then the client program 95 + will be notified that the connection is closed. This is 96 + equivalent to the feature some people requires to flush 97 + connections when its destination is not available. 98 + 99 + expire_quiescent_template - BOOLEAN 100 + 0 - disabled (default) 101 + not 0 - enabled 102 + 103 + When set to a non-zero value, the load balancer will expire 104 + persistent templates when the destination server is quiescent. 105 + This may be useful, when a user makes a destination server 106 + quiescent by setting its weight to 0 and it is desired that 107 + subsequent otherwise persistent connections are sent to a 108 + different destination server. By default new persistent 109 + connections are allowed to quiescent destination servers. 110 + 111 + If this feature is enabled, the load balancer will expire the 112 + persistence template if it is to be used to schedule a new 113 + connection and the destination server is quiescent. 114 + 115 + nat_icmp_send - BOOLEAN 116 + 0 - disabled (default) 117 + not 0 - enabled 118 + 119 + It controls sending icmp error messages (ICMP_DEST_UNREACH) 120 + for VS/NAT when the load balancer receives packets from real 121 + servers but the connection entries don't exist. 122 + 123 + secure_tcp - INTEGER 124 + 0 - disabled (default) 125 + 126 + The secure_tcp defense is to use a more complicated state 127 + transition table and some possible short timeouts of each 128 + state. In the VS/NAT, it delays the entering the ESTABLISHED 129 + until the real server starts to send data and ACK packet 130 + (after 3-way handshake). 131 + 132 + The value definition is the same as that of drop_entry or 133 + drop_packet. 134 + 135 + sync_threshold - INTEGER 136 + default 3 137 + 138 + It sets synchronization threshold, which is the minimum number 139 + of incoming packets that a connection needs to receive before 140 + the connection will be synchronized. A connection will be 141 + synchronized, every time the number of its incoming packets 142 + modulus 50 equals the threshold. The range of the threshold is 143 + from 0 to 49.
+2 -1
drivers/atm/ambassador.c
··· 31 31 #include <linux/atmdev.h> 32 32 #include <linux/delay.h> 33 33 #include <linux/interrupt.h> 34 + #include <linux/poison.h> 34 35 35 36 #include <asm/atomic.h> 36 37 #include <asm/io.h> ··· 1996 1995 } 1997 1996 i += 1; 1998 1997 } 1999 - if (*pointer == 0xdeadbeef) { 1998 + if (*pointer == ATM_POISON) { 2000 1999 return loader_start (lb, dev, ucode_start); 2001 2000 } else { 2002 2001 // cast needed as there is no %? for pointer differnces
+2 -1
drivers/atm/idt77252.c
··· 35 35 36 36 #include <linux/module.h> 37 37 #include <linux/pci.h> 38 + #include <linux/poison.h> 38 39 #include <linux/skbuff.h> 39 40 #include <linux/kernel.h> 40 41 #include <linux/vmalloc.h> ··· 3658 3657 writel(SAR_CMD_WRITE_SRAM | (0 << 2), SAR_REG_CMD); 3659 3658 3660 3659 for (addr = 0x4000; addr < 0x80000; addr += 0x4000) { 3661 - writel(0xdeadbeef, SAR_REG_DR0); 3660 + writel(ATM_POISON, SAR_REG_DR0); 3662 3661 writel(SAR_CMD_WRITE_SRAM | (addr << 2), SAR_REG_CMD); 3663 3662 3664 3663 writel(SAR_CMD_READ_SRAM | (0 << 2), SAR_REG_CMD);
+1
drivers/bluetooth/bluecard_cs.c
··· 739 739 740 740 hdev->type = HCI_PCCARD; 741 741 hdev->driver_data = info; 742 + SET_HCIDEV_DEV(hdev, &info->p_dev->dev); 742 743 743 744 hdev->open = bluecard_hci_open; 744 745 hdev->close = bluecard_hci_close;
+1
drivers/bluetooth/bt3c_cs.c
··· 582 582 583 583 hdev->type = HCI_PCCARD; 584 584 hdev->driver_data = info; 585 + SET_HCIDEV_DEV(hdev, &info->p_dev->dev); 585 586 586 587 hdev->open = bt3c_hci_open; 587 588 hdev->close = bt3c_hci_close;
+1
drivers/bluetooth/btuart_cs.c
··· 502 502 503 503 hdev->type = HCI_PCCARD; 504 504 hdev->driver_data = info; 505 + SET_HCIDEV_DEV(hdev, &info->p_dev->dev); 505 506 506 507 hdev->open = btuart_hci_open; 507 508 hdev->close = btuart_hci_close;
+1
drivers/bluetooth/dtl1_cs.c
··· 484 484 485 485 hdev->type = HCI_PCCARD; 486 486 hdev->driver_data = info; 487 + SET_HCIDEV_DEV(hdev, &info->p_dev->dev); 487 488 488 489 hdev->open = dtl1_hci_open; 489 490 hdev->close = dtl1_hci_close;
+80
drivers/bluetooth/hci_usb.c
··· 122 122 /* RTX Telecom based adapter with buggy SCO support */ 123 123 { USB_DEVICE(0x0400, 0x0807), .driver_info = HCI_BROKEN_ISOC }, 124 124 125 + /* Belkin F8T012 */ 126 + { USB_DEVICE(0x050d, 0x0012), .driver_info = HCI_WRONG_SCO_MTU }, 127 + 125 128 /* Digianswer devices */ 126 129 { USB_DEVICE(0x08fd, 0x0001), .driver_info = HCI_DIGIANSWER }, 127 130 { USB_DEVICE(0x08fd, 0x0002), .driver_info = HCI_IGNORE }, 128 131 129 132 /* CSR BlueCore Bluetooth Sniffer */ 130 133 { USB_DEVICE(0x0a12, 0x0002), .driver_info = HCI_SNIFFER }, 134 + 135 + /* Frontline ComProbe Bluetooth Sniffer */ 136 + { USB_DEVICE(0x16d3, 0x0002), .driver_info = HCI_SNIFFER }, 131 137 132 138 { } /* Terminating entry */ 133 139 }; ··· 990 984 if (reset || id->driver_info & HCI_RESET) 991 985 set_bit(HCI_QUIRK_RESET_ON_INIT, &hdev->quirks); 992 986 987 + if (id->driver_info & HCI_WRONG_SCO_MTU) 988 + set_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks); 989 + 993 990 if (id->driver_info & HCI_SNIFFER) { 994 991 if (le16_to_cpu(udev->descriptor.bcdDevice) > 0x997) 995 992 set_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks); ··· 1051 1042 hci_free_dev(hdev); 1052 1043 } 1053 1044 1045 + static int hci_usb_suspend(struct usb_interface *intf, pm_message_t message) 1046 + { 1047 + struct hci_usb *husb = usb_get_intfdata(intf); 1048 + struct list_head killed; 1049 + unsigned long flags; 1050 + int i; 1051 + 1052 + if (!husb || intf == husb->isoc_iface) 1053 + return 0; 1054 + 1055 + hci_suspend_dev(husb->hdev); 1056 + 1057 + INIT_LIST_HEAD(&killed); 1058 + 1059 + for (i = 0; i < 4; i++) { 1060 + struct _urb_queue *q = &husb->pending_q[i]; 1061 + struct _urb *_urb, *_tmp; 1062 + 1063 + while ((_urb = _urb_dequeue(q))) { 1064 + /* reset queue since _urb_dequeue sets it to NULL */ 1065 + _urb->queue = q; 1066 + usb_kill_urb(&_urb->urb); 1067 + list_add(&_urb->list, &killed); 1068 + } 1069 + 1070 + spin_lock_irqsave(&q->lock, flags); 1071 + 1072 + list_for_each_entry_safe(_urb, _tmp, &killed, list) { 1073 + list_move_tail(&_urb->list, &q->head); 1074 + } 1075 + 1076 + spin_unlock_irqrestore(&q->lock, flags); 1077 + } 1078 + 1079 + return 0; 1080 + } 1081 + 1082 + static int hci_usb_resume(struct usb_interface *intf) 1083 + { 1084 + struct hci_usb *husb = usb_get_intfdata(intf); 1085 + unsigned long flags; 1086 + int i, err = 0; 1087 + 1088 + if (!husb || intf == husb->isoc_iface) 1089 + return 0; 1090 + 1091 + for (i = 0; i < 4; i++) { 1092 + struct _urb_queue *q = &husb->pending_q[i]; 1093 + struct _urb *_urb; 1094 + 1095 + spin_lock_irqsave(&q->lock, flags); 1096 + 1097 + list_for_each_entry(_urb, &q->head, list) { 1098 + err = usb_submit_urb(&_urb->urb, GFP_ATOMIC); 1099 + if (err) 1100 + break; 1101 + } 1102 + 1103 + spin_unlock_irqrestore(&q->lock, flags); 1104 + 1105 + if (err) 1106 + return -EIO; 1107 + } 1108 + 1109 + hci_resume_dev(husb->hdev); 1110 + 1111 + return 0; 1112 + } 1113 + 1054 1114 static struct usb_driver hci_usb_driver = { 1055 1115 .name = "hci_usb", 1056 1116 .probe = hci_usb_probe, 1057 1117 .disconnect = hci_usb_disconnect, 1118 + .suspend = hci_usb_suspend, 1119 + .resume = hci_usb_resume, 1058 1120 .id_table = bluetooth_ids, 1059 1121 }; 1060 1122
+1
drivers/bluetooth/hci_usb.h
··· 35 35 #define HCI_SNIFFER 0x10 36 36 #define HCI_BCM92035 0x20 37 37 #define HCI_BROKEN_ISOC 0x40 38 + #define HCI_WRONG_SCO_MTU 0x80 38 39 39 40 #define HCI_MAX_IFACE_NUM 3 40 41
-1
drivers/bluetooth/hci_vhci.c
··· 277 277 278 278 hdev->type = HCI_VHCI; 279 279 hdev->driver_data = vhci; 280 - SET_HCIDEV_DEV(hdev, vhci_miscdev.dev); 281 280 282 281 hdev->open = vhci_open_dev; 283 282 hdev->close = vhci_close_dev;
+12 -8
drivers/dma/dmaengine.c
··· 166 166 } 167 167 168 168 /** 169 - * dma_client_chan_free - release a DMA channel 170 - * @chan: &dma_chan 169 + * dma_chan_cleanup - release a DMA channel's resources 170 + * @kref: kernel reference structure that contains the DMA channel device 171 171 */ 172 172 void dma_chan_cleanup(struct kref *kref) 173 173 { ··· 199 199 * dma_chans_rebalance - reallocate channels to clients 200 200 * 201 201 * When the number of DMA channel in the system changes, 202 - * channels need to be rebalanced among clients 202 + * channels need to be rebalanced among clients. 203 203 */ 204 204 static void dma_chans_rebalance(void) 205 205 { ··· 264 264 265 265 /** 266 266 * dma_async_client_unregister - unregister a client and free the &dma_client 267 - * @client: 267 + * @client: &dma_client to free 268 268 * 269 269 * Force frees any allocated DMA channels, frees the &dma_client memory 270 270 */ ··· 306 306 } 307 307 308 308 /** 309 - * dma_async_device_register - 309 + * dma_async_device_register - registers DMA devices found 310 310 * @device: &dma_device 311 311 */ 312 312 int dma_async_device_register(struct dma_device *device) ··· 348 348 } 349 349 350 350 /** 351 - * dma_async_device_unregister - 352 - * @device: &dma_device 351 + * dma_async_device_cleanup - function called when all references are released 352 + * @kref: kernel reference object 353 353 */ 354 354 static void dma_async_device_cleanup(struct kref *kref) 355 355 { ··· 359 359 complete(&device->done); 360 360 } 361 361 362 - void dma_async_device_unregister(struct dma_device* device) 362 + /** 363 + * dma_async_device_unregister - unregisters DMA devices 364 + * @device: &dma_device 365 + */ 366 + void dma_async_device_unregister(struct dma_device *device) 363 367 { 364 368 struct dma_chan *chan; 365 369 unsigned long flags;
+6 -4
drivers/dma/ioatdma.c
··· 217 217 218 218 /** 219 219 * do_ioat_dma_memcpy - actual function that initiates a IOAT DMA transaction 220 - * @chan: IOAT DMA channel handle 220 + * @ioat_chan: IOAT DMA channel handle 221 221 * @dest: DMA destination address 222 222 * @src: DMA source address 223 223 * @len: transaction length in bytes ··· 383 383 * @dest_off: offset into that page 384 384 * @src_pg: pointer to the page to copy from 385 385 * @src_off: offset into that page 386 - * @len: transaction length in bytes. This is guaranteed to not make a copy 386 + * @len: transaction length in bytes. This is guaranteed not to make a copy 387 387 * across a page boundary. 388 388 */ 389 389 ··· 407 407 } 408 408 409 409 /** 410 - * ioat_dma_memcpy_issue_pending - push potentially unrecognoized appended descriptors to hw 410 + * ioat_dma_memcpy_issue_pending - push potentially unrecognized appended descriptors to hw 411 411 * @chan: DMA channel handle 412 412 */ 413 413 ··· 510 510 * ioat_dma_is_complete - poll the status of a IOAT DMA transaction 511 511 * @chan: IOAT DMA channel handle 512 512 * @cookie: DMA transaction identifier 513 + * @done: if not %NULL, updated with last completed transaction 514 + * @used: if not %NULL, updated with last used transaction 513 515 */ 514 516 515 517 static enum dma_status ioat_dma_is_complete(struct dma_chan *chan, ··· 828 826 /* if forced, worst case is that rmmod hangs */ 829 827 __unsafe(THIS_MODULE); 830 828 831 - pci_module_init(&ioat_pci_drv); 829 + return pci_module_init(&ioat_pci_drv); 832 830 } 833 831 834 832 module_init(ioat_init_module);
+1 -1
drivers/dma/ioatdma_registers.h
··· 76 76 #define IOAT_CHANSTS_OFFSET 0x04 /* 64-bit Channel Status Register */ 77 77 #define IOAT_CHANSTS_OFFSET_LOW 0x04 78 78 #define IOAT_CHANSTS_OFFSET_HIGH 0x08 79 - #define IOAT_CHANSTS_COMPLETED_DESCRIPTOR_ADDR 0xFFFFFFFFFFFFFFC0 79 + #define IOAT_CHANSTS_COMPLETED_DESCRIPTOR_ADDR 0xFFFFFFFFFFFFFFC0UL 80 80 #define IOAT_CHANSTS_SOFT_ERR 0x0000000000000010 81 81 #define IOAT_CHANSTS_DMA_TRANSFER_STATUS 0x0000000000000007 82 82 #define IOAT_CHANSTS_DMA_TRANSFER_STATUS_ACTIVE 0x0
+1 -1
drivers/dma/iovlock.c
··· 31 31 #include <asm/io.h> 32 32 #include <asm/uaccess.h> 33 33 34 - int num_pages_spanned(struct iovec *iov) 34 + static int num_pages_spanned(struct iovec *iov) 35 35 { 36 36 return 37 37 ((PAGE_ALIGN((unsigned long)iov->iov_base + iov->iov_len) -
+24 -9
drivers/net/tg3.c
··· 68 68 69 69 #define DRV_MODULE_NAME "tg3" 70 70 #define PFX DRV_MODULE_NAME ": " 71 - #define DRV_MODULE_VERSION "3.61" 72 - #define DRV_MODULE_RELDATE "June 29, 2006" 71 + #define DRV_MODULE_VERSION "3.62" 72 + #define DRV_MODULE_RELDATE "June 30, 2006" 73 73 74 74 #define TG3_DEF_MAC_MODE 0 75 75 #define TG3_DEF_RX_MODE 0 ··· 3798 3798 goto out_unlock; 3799 3799 } 3800 3800 3801 - tcp_opt_len = ((skb->h.th->doff - 5) * 4); 3802 - ip_tcp_len = (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr); 3801 + if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6) 3802 + mss |= (skb_headlen(skb) - ETH_HLEN) << 9; 3803 + else { 3804 + tcp_opt_len = ((skb->h.th->doff - 5) * 4); 3805 + ip_tcp_len = (skb->nh.iph->ihl * 4) + 3806 + sizeof(struct tcphdr); 3807 + 3808 + skb->nh.iph->check = 0; 3809 + skb->nh.iph->tot_len = htons(mss + ip_tcp_len + 3810 + tcp_opt_len); 3811 + mss |= (ip_tcp_len + tcp_opt_len) << 9; 3812 + } 3803 3813 3804 3814 base_flags |= (TXD_FLAG_CPU_PRE_DMA | 3805 3815 TXD_FLAG_CPU_POST_DMA); 3806 3816 3807 - skb->nh.iph->check = 0; 3808 - skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len); 3809 - 3810 3817 skb->h.th->check = 0; 3811 3818 3812 - mss |= (ip_tcp_len + tcp_opt_len) << 9; 3813 3819 } 3814 3820 else if (skb->ip_summed == CHECKSUM_HW) 3815 3821 base_flags |= TXD_FLAG_TCPUDP_CSUM; ··· 7893 7887 return -EINVAL; 7894 7888 return 0; 7895 7889 } 7890 + if (tp->tg3_flags2 & TG3_FLG2_HW_TSO_2) { 7891 + if (value) 7892 + dev->features |= NETIF_F_TSO6; 7893 + else 7894 + dev->features &= ~NETIF_F_TSO6; 7895 + } 7896 7896 return ethtool_op_set_tso(dev, value); 7897 7897 } 7898 7898 #endif ··· 11519 11507 * Firmware TSO on older chips gives lower performance, so it 11520 11508 * is off by default, but can be enabled using ethtool. 11521 11509 */ 11522 - if (tp->tg3_flags2 & TG3_FLG2_HW_TSO) 11510 + if (tp->tg3_flags2 & TG3_FLG2_HW_TSO) { 11523 11511 dev->features |= NETIF_F_TSO; 11512 + if (tp->tg3_flags2 & TG3_FLG2_HW_TSO_2) 11513 + dev->features |= NETIF_F_TSO6; 11514 + } 11524 11515 11525 11516 #endif 11526 11517
+25 -18
include/linux/dmaengine.h
··· 44 44 }; 45 45 46 46 /** 47 - * typedef dma_cookie_t 47 + * typedef dma_cookie_t - an opaque DMA cookie 48 48 * 49 49 * if dma_cookie_t is >0 it's a DMA request cookie, <0 it's an error code 50 50 */ ··· 80 80 81 81 /** 82 82 * struct dma_chan - devices supply DMA channels, clients use them 83 - * @client: ptr to the client user of this chan, will be NULL when unused 84 - * @device: ptr to the dma device who supplies this channel, always !NULL 83 + * @client: ptr to the client user of this chan, will be %NULL when unused 84 + * @device: ptr to the dma device who supplies this channel, always !%NULL 85 85 * @cookie: last cookie value returned to client 86 - * @chan_id: 87 - * @class_dev: 86 + * @chan_id: channel ID for sysfs 87 + * @class_dev: class device for sysfs 88 88 * @refcount: kref, used in "bigref" slow-mode 89 - * @slow_ref: 90 - * @rcu: 89 + * @slow_ref: indicates that the DMA channel is free 90 + * @rcu: the DMA channel's RCU head 91 91 * @client_node: used to add this to the client chan list 92 92 * @device_node: used to add this to the device chan list 93 93 * @local: per-cpu pointer to a struct dma_chan_percpu ··· 162 162 * @chancnt: how many DMA channels are supported 163 163 * @channels: the list of struct dma_chan 164 164 * @global_node: list_head for global dma_device_list 165 - * @refcount: 166 - * @done: 167 - * @dev_id: 168 - * Other func ptrs: used to make use of this device's capabilities 165 + * @refcount: reference count 166 + * @done: IO completion struct 167 + * @dev_id: unique device ID 168 + * @device_alloc_chan_resources: allocate resources and return the 169 + * number of allocated descriptors 170 + * @device_free_chan_resources: release DMA channel's resources 171 + * @device_memcpy_buf_to_buf: memcpy buf pointer to buf pointer 172 + * @device_memcpy_buf_to_pg: memcpy buf pointer to struct page 173 + * @device_memcpy_pg_to_pg: memcpy struct page/offset to struct page/offset 174 + * @device_memcpy_complete: poll the status of an IOAT DMA transaction 175 + * @device_memcpy_issue_pending: push appended descriptors to hardware 169 176 */ 170 177 struct dma_device { 171 178 ··· 218 211 * Both @dest and @src must be mappable to a bus address according to the 219 212 * DMA mapping API rules for streaming mappings. 220 213 * Both @dest and @src must stay memory resident (kernel memory or locked 221 - * user space pages) 214 + * user space pages). 222 215 */ 223 216 static inline dma_cookie_t dma_async_memcpy_buf_to_buf(struct dma_chan *chan, 224 217 void *dest, void *src, size_t len) ··· 232 225 } 233 226 234 227 /** 235 - * dma_async_memcpy_buf_to_pg - offloaded copy 228 + * dma_async_memcpy_buf_to_pg - offloaded copy from address to page 236 229 * @chan: DMA channel to offload copy to 237 230 * @page: destination page 238 231 * @offset: offset in page to copy to ··· 257 250 } 258 251 259 252 /** 260 - * dma_async_memcpy_buf_to_pg - offloaded copy 253 + * dma_async_memcpy_pg_to_pg - offloaded copy from page to page 261 254 * @chan: DMA channel to offload copy to 262 - * @dest_page: destination page 255 + * @dest_pg: destination page 263 256 * @dest_off: offset in page to copy to 264 - * @src_page: source page 257 + * @src_pg: source page 265 258 * @src_off: offset in page to copy from 266 259 * @len: length 267 260 * 268 261 * Both @dest_page/@dest_off and @src_page/@src_off must be mappable to a bus 269 262 * address according to the DMA mapping API rules for streaming mappings. 270 263 * Both @dest_page/@dest_off and @src_page/@src_off must stay memory resident 271 - * (kernel memory or locked user space pages) 264 + * (kernel memory or locked user space pages). 272 265 */ 273 266 static inline dma_cookie_t dma_async_memcpy_pg_to_pg(struct dma_chan *chan, 274 267 struct page *dest_pg, unsigned int dest_off, struct page *src_pg, ··· 285 278 286 279 /** 287 280 * dma_async_memcpy_issue_pending - flush pending copies to HW 288 - * @chan: 281 + * @chan: target DMA channel 289 282 * 290 283 * This allows drivers to push copies to HW in batches, 291 284 * reducing MMIO writes where possible.
+5
include/linux/poison.h
··· 44 44 45 45 /********** drivers/atm/ **********/ 46 46 #define ATM_POISON_FREE 0x12 47 + #define ATM_POISON 0xdeadbeef 48 + 49 + /********** net/ **********/ 50 + #define NEIGHBOR_DEAD 0xdeadbeef 51 + #define NETFILTER_LINK_POISON 0xdead57ac 47 52 48 53 /********** kernel/mutexes **********/ 49 54 #define MUTEX_DEBUG_INIT 0x11
+15 -9
include/net/ax25.h
··· 182 182 183 183 typedef struct ax25_route { 184 184 struct ax25_route *next; 185 - atomic_t ref; 185 + atomic_t refcount; 186 186 ax25_address callsign; 187 187 struct net_device *dev; 188 188 ax25_digi *digipeat; 189 189 char ip_mode; 190 - struct timer_list timer; 191 190 } ax25_route; 191 + 192 + static inline void ax25_hold_route(ax25_route *ax25_rt) 193 + { 194 + atomic_inc(&ax25_rt->refcount); 195 + } 196 + 197 + extern void __ax25_put_route(ax25_route *ax25_rt); 198 + 199 + static inline void ax25_put_route(ax25_route *ax25_rt) 200 + { 201 + if (atomic_dec_and_test(&ax25_rt->refcount)) 202 + __ax25_put_route(ax25_rt); 203 + } 192 204 193 205 typedef struct { 194 206 char slave; /* slave_mode? */ ··· 360 348 extern void ax25_rt_device_down(struct net_device *); 361 349 extern int ax25_rt_ioctl(unsigned int, void __user *); 362 350 extern struct file_operations ax25_route_fops; 351 + extern ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev); 363 352 extern int ax25_rt_autobind(ax25_cb *, ax25_address *); 364 - extern ax25_route *ax25_rt_find_route(ax25_route *, ax25_address *, 365 - struct net_device *); 366 353 extern struct sk_buff *ax25_rt_build_path(struct sk_buff *, ax25_address *, ax25_address *, ax25_digi *); 367 354 extern void ax25_rt_free(void); 368 - 369 - static inline void ax25_put_route(ax25_route *ax25_rt) 370 - { 371 - atomic_dec(&ax25_rt->ref); 372 - } 373 355 374 356 /* ax25_std_in.c */ 375 357 extern int ax25_std_frame_in(ax25_cb *, struct sk_buff *, int);
+1 -1
include/net/bluetooth/bluetooth.h
··· 175 175 extern int bt_sysfs_init(void); 176 176 extern void bt_sysfs_cleanup(void); 177 177 178 - extern struct class bt_class; 178 + extern struct class *bt_class; 179 179 180 180 #endif /* __BLUETOOTH_H */
+58 -15
include/net/bluetooth/hci.h
··· 54 54 /* HCI device quirks */ 55 55 enum { 56 56 HCI_QUIRK_RESET_ON_INIT, 57 - HCI_QUIRK_RAW_DEVICE 57 + HCI_QUIRK_RAW_DEVICE, 58 + HCI_QUIRK_FIXUP_BUFFER_SIZE 58 59 }; 59 60 60 61 /* HCI device flags */ ··· 101 100 #define HCIINQUIRY _IOR('H', 240, int) 102 101 103 102 /* HCI timeouts */ 104 - #define HCI_CONN_TIMEOUT (HZ * 40) 105 - #define HCI_DISCONN_TIMEOUT (HZ * 2) 106 - #define HCI_CONN_IDLE_TIMEOUT (HZ * 60) 103 + #define HCI_CONNECT_TIMEOUT (40000) /* 40 seconds */ 104 + #define HCI_DISCONN_TIMEOUT (2000) /* 2 seconds */ 105 + #define HCI_IDLE_TIMEOUT (6000) /* 6 seconds */ 106 + #define HCI_INIT_TIMEOUT (10000) /* 10 seconds */ 107 107 108 108 /* HCI Packet types */ 109 109 #define HCI_COMMAND_PKT 0x01 ··· 146 144 #define LMP_TACCURACY 0x10 147 145 #define LMP_RSWITCH 0x20 148 146 #define LMP_HOLD 0x40 149 - #define LMP_SNIF 0x80 147 + #define LMP_SNIFF 0x80 150 148 151 149 #define LMP_PARK 0x01 152 150 #define LMP_RSSI 0x02 ··· 161 159 #define LMP_PSCHEME 0x02 162 160 #define LMP_PCONTROL 0x04 163 161 162 + #define LMP_SNIFF_SUBR 0x02 163 + 164 + /* Connection modes */ 165 + #define HCI_CM_ACTIVE 0x0000 166 + #define HCI_CM_HOLD 0x0001 167 + #define HCI_CM_SNIFF 0x0002 168 + #define HCI_CM_PARK 0x0003 169 + 164 170 /* Link policies */ 165 171 #define HCI_LP_RSWITCH 0x0001 166 172 #define HCI_LP_HOLD 0x0002 167 173 #define HCI_LP_SNIFF 0x0004 168 174 #define HCI_LP_PARK 0x0008 169 175 170 - /* Link mode */ 176 + /* Link modes */ 171 177 #define HCI_LM_ACCEPT 0x8000 172 178 #define HCI_LM_MASTER 0x0001 173 179 #define HCI_LM_AUTH 0x0002 ··· 201 191 } __attribute__ ((packed)); 202 192 203 193 #define OCF_READ_LOCAL_FEATURES 0x0003 204 - struct hci_rp_read_loc_features { 194 + struct hci_rp_read_local_features { 205 195 __u8 status; 206 196 __u8 features[8]; 207 197 } __attribute__ ((packed)); ··· 385 375 } __attribute__ ((packed)); 386 376 387 377 #define OCF_READ_REMOTE_FEATURES 0x001B 388 - struct hci_cp_read_rmt_features { 378 + struct hci_cp_read_remote_features { 389 379 __le16 handle; 390 380 } __attribute__ ((packed)); 391 381 392 382 #define OCF_READ_REMOTE_VERSION 0x001D 393 - struct hci_cp_read_rmt_version { 383 + struct hci_cp_read_remote_version { 394 384 __le16 handle; 395 385 } __attribute__ ((packed)); 396 386 397 387 /* Link Policy */ 398 - #define OGF_LINK_POLICY 0x02 388 + #define OGF_LINK_POLICY 0x02 389 + 390 + #define OCF_SNIFF_MODE 0x0003 391 + struct hci_cp_sniff_mode { 392 + __le16 handle; 393 + __le16 max_interval; 394 + __le16 min_interval; 395 + __le16 attempt; 396 + __le16 timeout; 397 + } __attribute__ ((packed)); 398 + 399 + #define OCF_EXIT_SNIFF_MODE 0x0004 400 + struct hci_cp_exit_sniff_mode { 401 + __le16 handle; 402 + } __attribute__ ((packed)); 403 + 399 404 #define OCF_ROLE_DISCOVERY 0x0009 400 405 struct hci_cp_role_discovery { 401 406 __le16 handle; ··· 431 406 __le16 policy; 432 407 } __attribute__ ((packed)); 433 408 434 - #define OCF_SWITCH_ROLE 0x000B 409 + #define OCF_SWITCH_ROLE 0x000B 435 410 struct hci_cp_switch_role { 436 411 bdaddr_t bdaddr; 437 412 __u8 role; ··· 445 420 struct hci_rp_write_link_policy { 446 421 __u8 status; 447 422 __le16 handle; 423 + } __attribute__ ((packed)); 424 + 425 + #define OCF_SNIFF_SUBRATE 0x0011 426 + struct hci_cp_sniff_subrate { 427 + __le16 handle; 428 + __le16 max_latency; 429 + __le16 min_remote_timeout; 430 + __le16 min_local_timeout; 448 431 } __attribute__ ((packed)); 449 432 450 433 /* Status params */ ··· 614 581 __u8 key_type; 615 582 } __attribute__ ((packed)); 616 583 617 - #define HCI_EV_RMT_FEATURES 0x0B 618 - struct hci_ev_rmt_features { 584 + #define HCI_EV_REMOTE_FEATURES 0x0B 585 + struct hci_ev_remote_features { 619 586 __u8 status; 620 587 __le16 handle; 621 588 __u8 features[8]; 622 589 } __attribute__ ((packed)); 623 590 624 - #define HCI_EV_RMT_VERSION 0x0C 625 - struct hci_ev_rmt_version { 591 + #define HCI_EV_REMOTE_VERSION 0x0C 592 + struct hci_ev_remote_version { 626 593 __u8 status; 627 594 __le16 handle; 628 595 __u8 lmp_ver; ··· 641 608 struct hci_ev_pscan_rep_mode { 642 609 bdaddr_t bdaddr; 643 610 __u8 pscan_rep_mode; 611 + } __attribute__ ((packed)); 612 + 613 + #define HCI_EV_SNIFF_SUBRATE 0x2E 614 + struct hci_ev_sniff_subrate { 615 + __u8 status; 616 + __le16 handle; 617 + __le16 max_tx_latency; 618 + __le16 max_rx_latency; 619 + __le16 max_remote_timeout; 620 + __le16 max_local_timeout; 644 621 } __attribute__ ((packed)); 645 622 646 623 /* Internal events generated by Bluetooth stack */
+33 -26
include/net/bluetooth/hci_core.h
··· 31 31 #define HCI_PROTO_L2CAP 0 32 32 #define HCI_PROTO_SCO 1 33 33 34 - #define HCI_INIT_TIMEOUT (HZ * 10) 35 - 36 34 /* HCI Core structures */ 37 - 38 35 struct inquiry_data { 39 36 bdaddr_t bdaddr; 40 37 __u8 pscan_rep_mode; ··· 78 81 __u16 link_policy; 79 82 __u16 link_mode; 80 83 84 + __u32 idle_timeout; 85 + __u16 sniff_min_interval; 86 + __u16 sniff_max_interval; 87 + 81 88 unsigned long quirks; 82 89 83 90 atomic_t cmd_cnt; ··· 124 123 125 124 atomic_t promisc; 126 125 127 - struct class_device class_dev; 126 + struct device *parent; 127 + struct device dev; 128 128 129 129 struct module *owner; 130 130 ··· 147 145 bdaddr_t dst; 148 146 __u16 handle; 149 147 __u16 state; 148 + __u8 mode; 150 149 __u8 type; 151 150 __u8 out; 152 151 __u8 dev_class[3]; 152 + __u8 features[8]; 153 + __u16 interval; 154 + __u16 link_policy; 153 155 __u32 link_mode; 156 + __u8 power_save; 154 157 unsigned long pend; 155 - 158 + 156 159 unsigned int sent; 157 - 160 + 158 161 struct sk_buff_head data_q; 159 162 160 - struct timer_list timer; 161 - 163 + struct timer_list disc_timer; 164 + struct timer_list idle_timer; 165 + 162 166 struct hci_dev *hdev; 163 167 void *l2cap_data; 164 168 void *sco_data; ··· 219 211 enum { 220 212 HCI_CONN_AUTH_PEND, 221 213 HCI_CONN_ENCRYPT_PEND, 222 - HCI_CONN_RSWITCH_PEND 214 + HCI_CONN_RSWITCH_PEND, 215 + HCI_CONN_MODE_CHANGE_PEND, 223 216 }; 224 217 225 218 static inline void hci_conn_hash_init(struct hci_dev *hdev) ··· 295 286 int hci_conn_change_link_key(struct hci_conn *conn); 296 287 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role); 297 288 298 - static inline void hci_conn_set_timer(struct hci_conn *conn, unsigned long timeout) 299 - { 300 - mod_timer(&conn->timer, jiffies + timeout); 301 - } 302 - 303 - static inline void hci_conn_del_timer(struct hci_conn *conn) 304 - { 305 - del_timer(&conn->timer); 306 - } 289 + void hci_conn_enter_active_mode(struct hci_conn *conn); 290 + void hci_conn_enter_sniff_mode(struct hci_conn *conn); 307 291 308 292 static inline void hci_conn_hold(struct hci_conn *conn) 309 293 { 310 294 atomic_inc(&conn->refcnt); 311 - hci_conn_del_timer(conn); 295 + del_timer(&conn->disc_timer); 312 296 } 313 297 314 298 static inline void hci_conn_put(struct hci_conn *conn) 315 299 { 316 300 if (atomic_dec_and_test(&conn->refcnt)) { 301 + unsigned long timeo; 317 302 if (conn->type == ACL_LINK) { 318 - unsigned long timeo = (conn->out) ? 319 - HCI_DISCONN_TIMEOUT : HCI_DISCONN_TIMEOUT * 2; 320 - hci_conn_set_timer(conn, timeo); 303 + timeo = msecs_to_jiffies(HCI_DISCONN_TIMEOUT); 304 + if (!conn->out) 305 + timeo *= 2; 306 + del_timer(&conn->idle_timer); 321 307 } else 322 - hci_conn_set_timer(conn, HZ / 100); 308 + timeo = msecs_to_jiffies(10); 309 + mod_timer(&conn->disc_timer, jiffies + timeo); 323 310 } 324 311 } 325 312 ··· 413 408 int hci_register_sysfs(struct hci_dev *hdev); 414 409 void hci_unregister_sysfs(struct hci_dev *hdev); 415 410 416 - #define SET_HCIDEV_DEV(hdev, pdev) ((hdev)->class_dev.dev = (pdev)) 411 + #define SET_HCIDEV_DEV(hdev, pdev) ((hdev)->parent = (pdev)) 417 412 418 413 /* ----- LMP capabilities ----- */ 419 - #define lmp_rswitch_capable(dev) (dev->features[0] & LMP_RSWITCH) 420 - #define lmp_encrypt_capable(dev) (dev->features[0] & LMP_ENCRYPT) 414 + #define lmp_rswitch_capable(dev) ((dev)->features[0] & LMP_RSWITCH) 415 + #define lmp_encrypt_capable(dev) ((dev)->features[0] & LMP_ENCRYPT) 416 + #define lmp_sniff_capable(dev) ((dev)->features[0] & LMP_SNIFF) 417 + #define lmp_sniffsubr_capable(dev) ((dev)->features[5] & LMP_SNIFF_SUBR) 421 418 422 419 /* ----- HCI protocols ----- */ 423 420 struct hci_proto {
+2 -1
net/atm/clip.c
··· 23 23 #include <linux/if.h> /* for IFF_UP */ 24 24 #include <linux/inetdevice.h> 25 25 #include <linux/bitops.h> 26 + #include <linux/poison.h> 26 27 #include <linux/proc_fs.h> 27 28 #include <linux/seq_file.h> 28 29 #include <linux/rcupdate.h> ··· 267 266 DPRINTK("clip_neigh_destroy (neigh %p)\n", neigh); 268 267 if (NEIGH2ENTRY(neigh)->vccs) 269 268 printk(KERN_CRIT "clip_neigh_destroy: vccs != NULL !!!\n"); 270 - NEIGH2ENTRY(neigh)->vccs = (void *) 0xdeadbeef; 269 + NEIGH2ENTRY(neigh)->vccs = (void *) NEIGHBOR_DEAD; 271 270 } 272 271 273 272 static void clip_neigh_solicit(struct neighbour *neigh, struct sk_buff *skb)
+15 -8
net/ax25/ax25_ip.c
··· 103 103 { 104 104 struct sk_buff *ourskb; 105 105 unsigned char *bp = skb->data; 106 - struct net_device *dev; 106 + ax25_route *route; 107 + struct net_device *dev = NULL; 107 108 ax25_address *src, *dst; 109 + ax25_digi *digipeat = NULL; 108 110 ax25_dev *ax25_dev; 109 - ax25_route _route, *route = &_route; 110 111 ax25_cb *ax25; 112 + char ip_mode = ' '; 111 113 112 114 dst = (ax25_address *)(bp + 1); 113 115 src = (ax25_address *)(bp + 8); ··· 117 115 if (arp_find(bp + 1, skb)) 118 116 return 1; 119 117 120 - route = ax25_rt_find_route(route, dst, NULL); 121 - dev = route->dev; 118 + route = ax25_get_route(dst, NULL); 119 + if (route) { 120 + digipeat = route->digipeat; 121 + dev = route->dev; 122 + ip_mode = route->ip_mode; 123 + }; 122 124 123 125 if (dev == NULL) 124 126 dev = skb->dev; ··· 132 126 } 133 127 134 128 if (bp[16] == AX25_P_IP) { 135 - if (route->ip_mode == 'V' || (route->ip_mode == ' ' && ax25_dev->values[AX25_VALUES_IPDEFMODE])) { 129 + if (ip_mode == 'V' || (ip_mode == ' ' && ax25_dev->values[AX25_VALUES_IPDEFMODE])) { 136 130 /* 137 131 * We copy the buffer and release the original thereby 138 132 * keeping it straight ··· 178 172 ourskb, 179 173 ax25_dev->values[AX25_VALUES_PACLEN], 180 174 &src_c, 181 - &dst_c, route->digipeat, dev); 175 + &dst_c, digipeat, dev); 182 176 if (ax25) { 183 177 ax25_cb_put(ax25); 184 178 } ··· 196 190 197 191 skb_pull(skb, AX25_KISS_HEADER_LEN); 198 192 199 - if (route->digipeat != NULL) { 193 + if (digipeat != NULL) { 200 194 if ((ourskb = ax25_rt_build_path(skb, src, dst, route->digipeat)) == NULL) { 201 195 kfree_skb(skb); 202 196 goto put; ··· 208 202 ax25_queue_xmit(skb, dev); 209 203 210 204 put: 211 - ax25_put_route(route); 205 + if (route) 206 + ax25_put_route(route); 212 207 213 208 return 1; 214 209 }
+8 -41
net/ax25/ax25_route.c
··· 41 41 static ax25_route *ax25_route_list; 42 42 static DEFINE_RWLOCK(ax25_route_lock); 43 43 44 - static ax25_route *ax25_get_route(ax25_address *, struct net_device *); 45 - 46 44 void ax25_rt_device_down(struct net_device *dev) 47 45 { 48 46 ax25_route *s, *t, *ax25_rt; ··· 113 115 return -ENOMEM; 114 116 } 115 117 116 - atomic_set(&ax25_rt->ref, 0); 118 + atomic_set(&ax25_rt->refcount, 1); 117 119 ax25_rt->callsign = route->dest_addr; 118 120 ax25_rt->dev = ax25_dev->dev; 119 121 ax25_rt->digipeat = NULL; ··· 138 140 return 0; 139 141 } 140 142 141 - static void ax25_rt_destroy(ax25_route *ax25_rt) 143 + void __ax25_put_route(ax25_route *ax25_rt) 142 144 { 143 - if (atomic_read(&ax25_rt->ref) == 0) { 144 - kfree(ax25_rt->digipeat); 145 - kfree(ax25_rt); 146 - return; 147 - } 148 - 149 - /* 150 - * Uh... Route is still in use; we can't yet destroy it. Retry later. 151 - */ 152 - init_timer(&ax25_rt->timer); 153 - ax25_rt->timer.data = (unsigned long) ax25_rt; 154 - ax25_rt->timer.function = (void *) ax25_rt_destroy; 155 - ax25_rt->timer.expires = jiffies + 5 * HZ; 156 - 157 - add_timer(&ax25_rt->timer); 145 + kfree(ax25_rt->digipeat); 146 + kfree(ax25_rt); 158 147 } 159 148 160 149 static int ax25_rt_del(struct ax25_routes_struct *route) ··· 162 177 ax25cmp(&route->dest_addr, &s->callsign) == 0) { 163 178 if (ax25_route_list == s) { 164 179 ax25_route_list = s->next; 165 - ax25_rt_destroy(s); 180 + ax25_put_route(s); 166 181 } else { 167 182 for (t = ax25_route_list; t != NULL; t = t->next) { 168 183 if (t->next == s) { 169 184 t->next = s->next; 170 - ax25_rt_destroy(s); 185 + ax25_put_route(s); 171 186 break; 172 187 } 173 188 } ··· 347 362 * 348 363 * Only routes with a reference count of zero can be destroyed. 349 364 */ 350 - static ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev) 365 + ax25_route *ax25_get_route(ax25_address *addr, struct net_device *dev) 351 366 { 352 367 ax25_route *ax25_spe_rt = NULL; 353 368 ax25_route *ax25_def_rt = NULL; ··· 377 392 ax25_rt = ax25_spe_rt; 378 393 379 394 if (ax25_rt != NULL) 380 - atomic_inc(&ax25_rt->ref); 395 + ax25_hold_route(ax25_rt); 381 396 382 397 read_unlock(&ax25_route_lock); 383 398 ··· 450 465 ax25_put_route(ax25_rt); 451 466 452 467 return 0; 453 - } 454 - 455 - ax25_route *ax25_rt_find_route(ax25_route * route, ax25_address *addr, 456 - struct net_device *dev) 457 - { 458 - ax25_route *ax25_rt; 459 - 460 - if ((ax25_rt = ax25_get_route(addr, dev))) 461 - return ax25_rt; 462 - 463 - route->next = NULL; 464 - atomic_set(&route->ref, 1); 465 - route->callsign = *addr; 466 - route->dev = dev; 467 - route->digipeat = NULL; 468 - route->ip_mode = ' '; 469 - 470 - return route; 471 468 } 472 469 473 470 struct sk_buff *ax25_rt_build_path(struct sk_buff *skb, ax25_address *src,
+14 -6
net/bluetooth/af_bluetooth.c
··· 48 48 #define BT_DBG(D...) 49 49 #endif 50 50 51 - #define VERSION "2.8" 51 + #define VERSION "2.10" 52 52 53 53 /* Bluetooth sockets */ 54 54 #define BT_MAX_PROTO 8 ··· 307 307 308 308 static int __init bt_init(void) 309 309 { 310 + int err; 311 + 310 312 BT_INFO("Core ver %s", VERSION); 311 313 312 - sock_register(&bt_sock_family_ops); 314 + err = bt_sysfs_init(); 315 + if (err < 0) 316 + return err; 317 + 318 + err = sock_register(&bt_sock_family_ops); 319 + if (err < 0) { 320 + bt_sysfs_cleanup(); 321 + return err; 322 + } 313 323 314 324 BT_INFO("HCI device and connection manager initialized"); 315 - 316 - bt_sysfs_init(); 317 325 318 326 hci_sock_init(); 319 327 ··· 332 324 { 333 325 hci_sock_cleanup(); 334 326 335 - bt_sysfs_cleanup(); 336 - 337 327 sock_unregister(PF_BLUETOOTH); 328 + 329 + bt_sysfs_cleanup(); 338 330 } 339 331 340 332 subsys_initcall(bt_init);
+89 -11
net/bluetooth/hci_conn.c
··· 115 115 116 116 static void hci_conn_timeout(unsigned long arg) 117 117 { 118 - struct hci_conn *conn = (void *)arg; 119 - struct hci_dev *hdev = conn->hdev; 118 + struct hci_conn *conn = (void *) arg; 119 + struct hci_dev *hdev = conn->hdev; 120 120 121 121 BT_DBG("conn %p state %d", conn, conn->state); 122 122 ··· 132 132 return; 133 133 } 134 134 135 - static void hci_conn_init_timer(struct hci_conn *conn) 135 + static void hci_conn_idle(unsigned long arg) 136 136 { 137 - init_timer(&conn->timer); 138 - conn->timer.function = hci_conn_timeout; 139 - conn->timer.data = (unsigned long)conn; 137 + struct hci_conn *conn = (void *) arg; 138 + 139 + BT_DBG("conn %p mode %d", conn, conn->mode); 140 + 141 + hci_conn_enter_sniff_mode(conn); 140 142 } 141 143 142 144 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) ··· 147 145 148 146 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 149 147 150 - if (!(conn = kmalloc(sizeof(struct hci_conn), GFP_ATOMIC))) 148 + conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC); 149 + if (!conn) 151 150 return NULL; 152 - memset(conn, 0, sizeof(struct hci_conn)); 153 151 154 152 bacpy(&conn->dst, dst); 155 - conn->type = type; 156 153 conn->hdev = hdev; 154 + conn->type = type; 155 + conn->mode = HCI_CM_ACTIVE; 157 156 conn->state = BT_OPEN; 158 157 158 + conn->power_save = 1; 159 + 159 160 skb_queue_head_init(&conn->data_q); 160 - hci_conn_init_timer(conn); 161 + 162 + init_timer(&conn->disc_timer); 163 + conn->disc_timer.function = hci_conn_timeout; 164 + conn->disc_timer.data = (unsigned long) conn; 165 + 166 + init_timer(&conn->idle_timer); 167 + conn->idle_timer.function = hci_conn_idle; 168 + conn->idle_timer.data = (unsigned long) conn; 161 169 162 170 atomic_set(&conn->refcnt, 0); 163 171 ··· 190 178 191 179 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle); 192 180 193 - hci_conn_del_timer(conn); 181 + del_timer(&conn->idle_timer); 182 + 183 + del_timer(&conn->disc_timer); 194 184 195 185 if (conn->type == SCO_LINK) { 196 186 struct hci_conn *acl = conn->link; ··· 377 363 return 0; 378 364 } 379 365 EXPORT_SYMBOL(hci_conn_switch_role); 366 + 367 + /* Enter active mode */ 368 + void hci_conn_enter_active_mode(struct hci_conn *conn) 369 + { 370 + struct hci_dev *hdev = conn->hdev; 371 + 372 + BT_DBG("conn %p mode %d", conn, conn->mode); 373 + 374 + if (test_bit(HCI_RAW, &hdev->flags)) 375 + return; 376 + 377 + if (conn->mode != HCI_CM_SNIFF || !conn->power_save) 378 + goto timer; 379 + 380 + if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 381 + struct hci_cp_exit_sniff_mode cp; 382 + cp.handle = __cpu_to_le16(conn->handle); 383 + hci_send_cmd(hdev, OGF_LINK_POLICY, 384 + OCF_EXIT_SNIFF_MODE, sizeof(cp), &cp); 385 + } 386 + 387 + timer: 388 + if (hdev->idle_timeout > 0) 389 + mod_timer(&conn->idle_timer, 390 + jiffies + msecs_to_jiffies(hdev->idle_timeout)); 391 + } 392 + 393 + /* Enter sniff mode */ 394 + void hci_conn_enter_sniff_mode(struct hci_conn *conn) 395 + { 396 + struct hci_dev *hdev = conn->hdev; 397 + 398 + BT_DBG("conn %p mode %d", conn, conn->mode); 399 + 400 + if (test_bit(HCI_RAW, &hdev->flags)) 401 + return; 402 + 403 + if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn)) 404 + return; 405 + 406 + if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF)) 407 + return; 408 + 409 + if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) { 410 + struct hci_cp_sniff_subrate cp; 411 + cp.handle = __cpu_to_le16(conn->handle); 412 + cp.max_latency = __constant_cpu_to_le16(0); 413 + cp.min_remote_timeout = __constant_cpu_to_le16(0); 414 + cp.min_local_timeout = __constant_cpu_to_le16(0); 415 + hci_send_cmd(hdev, OGF_LINK_POLICY, 416 + OCF_SNIFF_SUBRATE, sizeof(cp), &cp); 417 + } 418 + 419 + if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 420 + struct hci_cp_sniff_mode cp; 421 + cp.handle = __cpu_to_le16(conn->handle); 422 + cp.max_interval = __cpu_to_le16(hdev->sniff_max_interval); 423 + cp.min_interval = __cpu_to_le16(hdev->sniff_min_interval); 424 + cp.attempt = __constant_cpu_to_le16(4); 425 + cp.timeout = __constant_cpu_to_le16(1); 426 + hci_send_cmd(hdev, OGF_LINK_POLICY, 427 + OCF_SNIFF_MODE, sizeof(cp), &cp); 428 + } 429 + } 380 430 381 431 /* Drop all connection on the device */ 382 432 void hci_conn_hash_flush(struct hci_dev *hdev)
+26 -12
net/bluetooth/hci_core.c
··· 411 411 } 412 412 hci_dev_unlock_bh(hdev); 413 413 414 - timeo = ir.length * 2 * HZ; 414 + timeo = ir.length * msecs_to_jiffies(2000); 415 415 if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0) 416 416 goto done; 417 417 ··· 479 479 set_bit(HCI_INIT, &hdev->flags); 480 480 481 481 //__hci_request(hdev, hci_reset_req, 0, HZ); 482 - ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT); 482 + ret = __hci_request(hdev, hci_init_req, 0, 483 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 483 484 484 485 clear_bit(HCI_INIT, &hdev->flags); 485 486 } ··· 547 546 atomic_set(&hdev->cmd_cnt, 1); 548 547 if (!test_bit(HCI_RAW, &hdev->flags)) { 549 548 set_bit(HCI_INIT, &hdev->flags); 550 - __hci_request(hdev, hci_reset_req, 0, HZ/4); 549 + __hci_request(hdev, hci_reset_req, 0, 550 + msecs_to_jiffies(250)); 551 551 clear_bit(HCI_INIT, &hdev->flags); 552 552 } 553 553 ··· 621 619 hdev->acl_cnt = 0; hdev->sco_cnt = 0; 622 620 623 621 if (!test_bit(HCI_RAW, &hdev->flags)) 624 - ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT); 622 + ret = __hci_request(hdev, hci_reset_req, 0, 623 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 625 624 626 625 done: 627 626 tasklet_enable(&hdev->tx_task); ··· 660 657 661 658 switch (cmd) { 662 659 case HCISETAUTH: 663 - err = hci_request(hdev, hci_auth_req, dr.dev_opt, HCI_INIT_TIMEOUT); 660 + err = hci_request(hdev, hci_auth_req, dr.dev_opt, 661 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 664 662 break; 665 663 666 664 case HCISETENCRYPT: ··· 672 668 673 669 if (!test_bit(HCI_AUTH, &hdev->flags)) { 674 670 /* Auth must be enabled first */ 675 - err = hci_request(hdev, hci_auth_req, 676 - dr.dev_opt, HCI_INIT_TIMEOUT); 671 + err = hci_request(hdev, hci_auth_req, dr.dev_opt, 672 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 677 673 if (err) 678 674 break; 679 675 } 680 676 681 - err = hci_request(hdev, hci_encrypt_req, 682 - dr.dev_opt, HCI_INIT_TIMEOUT); 677 + err = hci_request(hdev, hci_encrypt_req, dr.dev_opt, 678 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 683 679 break; 684 680 685 681 case HCISETSCAN: 686 - err = hci_request(hdev, hci_scan_req, dr.dev_opt, HCI_INIT_TIMEOUT); 682 + err = hci_request(hdev, hci_scan_req, dr.dev_opt, 683 + msecs_to_jiffies(HCI_INIT_TIMEOUT)); 687 684 break; 688 685 689 686 case HCISETPTYPE: ··· 817 812 { 818 813 skb_queue_purge(&hdev->driver_init); 819 814 820 - /* will free via class release */ 821 - class_device_put(&hdev->class_dev); 815 + /* will free via device release */ 816 + put_device(&hdev->dev); 822 817 } 823 818 EXPORT_SYMBOL(hci_free_dev); 824 819 ··· 852 847 hdev->flags = 0; 853 848 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1); 854 849 hdev->link_mode = (HCI_LM_ACCEPT); 850 + 851 + hdev->idle_timeout = 0; 852 + hdev->sniff_max_interval = 800; 853 + hdev->sniff_min_interval = 80; 855 854 856 855 tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev); 857 856 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); ··· 1229 1220 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, &quote))) { 1230 1221 while (quote-- && (skb = skb_dequeue(&conn->data_q))) { 1231 1222 BT_DBG("skb %p len %d", skb, skb->len); 1223 + 1224 + hci_conn_enter_active_mode(conn); 1225 + 1232 1226 hci_send_frame(skb); 1233 1227 hdev->acl_last_tx = jiffies; 1234 1228 ··· 1309 1297 1310 1298 if (conn) { 1311 1299 register struct hci_proto *hp; 1300 + 1301 + hci_conn_enter_active_mode(conn); 1312 1302 1313 1303 /* Send to upper protocol */ 1314 1304 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) {
+183 -35
net/bluetooth/hci_event.c
··· 83 83 { 84 84 struct hci_conn *conn; 85 85 struct hci_rp_role_discovery *rd; 86 + struct hci_rp_write_link_policy *lp; 87 + void *sent; 86 88 87 89 BT_DBG("%s ocf 0x%x", hdev->name, ocf); 88 90 ··· 103 101 conn->link_mode &= ~HCI_LM_MASTER; 104 102 else 105 103 conn->link_mode |= HCI_LM_MASTER; 104 + } 105 + 106 + hci_dev_unlock(hdev); 107 + break; 108 + 109 + case OCF_WRITE_LINK_POLICY: 110 + sent = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY); 111 + if (!sent) 112 + break; 113 + 114 + lp = (struct hci_rp_write_link_policy *) skb->data; 115 + 116 + if (lp->status) 117 + break; 118 + 119 + hci_dev_lock(hdev); 120 + 121 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(lp->handle)); 122 + if (conn) { 123 + __le16 policy = get_unaligned((__le16 *) (sent + 2)); 124 + conn->link_policy = __le16_to_cpu(policy); 106 125 } 107 126 108 127 hci_dev_unlock(hdev); ··· 297 274 /* Command Complete OGF INFO_PARAM */ 298 275 static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb) 299 276 { 300 - struct hci_rp_read_loc_features *lf; 277 + struct hci_rp_read_local_features *lf; 301 278 struct hci_rp_read_buffer_size *bs; 302 279 struct hci_rp_read_bd_addr *ba; 303 280 ··· 305 282 306 283 switch (ocf) { 307 284 case OCF_READ_LOCAL_FEATURES: 308 - lf = (struct hci_rp_read_loc_features *) skb->data; 285 + lf = (struct hci_rp_read_local_features *) skb->data; 309 286 310 287 if (lf->status) { 311 288 BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status); ··· 342 319 } 343 320 344 321 hdev->acl_mtu = __le16_to_cpu(bs->acl_mtu); 345 - hdev->sco_mtu = bs->sco_mtu ? bs->sco_mtu : 64; 346 - hdev->acl_pkts = hdev->acl_cnt = __le16_to_cpu(bs->acl_max_pkt); 347 - hdev->sco_pkts = hdev->sco_cnt = __le16_to_cpu(bs->sco_max_pkt); 322 + hdev->sco_mtu = bs->sco_mtu; 323 + hdev->acl_pkts = __le16_to_cpu(bs->acl_max_pkt); 324 + hdev->sco_pkts = __le16_to_cpu(bs->sco_max_pkt); 325 + 326 + if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) { 327 + hdev->sco_mtu = 64; 328 + hdev->sco_pkts = 8; 329 + } 330 + 331 + hdev->acl_cnt = hdev->acl_pkts; 332 + hdev->sco_cnt = hdev->sco_pkts; 348 333 349 334 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name, 350 335 hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts); ··· 470 439 BT_DBG("%s ocf 0x%x", hdev->name, ocf); 471 440 472 441 switch (ocf) { 442 + case OCF_SNIFF_MODE: 443 + if (status) { 444 + struct hci_conn *conn; 445 + struct hci_cp_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_SNIFF_MODE); 446 + 447 + if (!cp) 448 + break; 449 + 450 + hci_dev_lock(hdev); 451 + 452 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 453 + if (conn) { 454 + clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 455 + } 456 + 457 + hci_dev_unlock(hdev); 458 + } 459 + break; 460 + 461 + case OCF_EXIT_SNIFF_MODE: 462 + if (status) { 463 + struct hci_conn *conn; 464 + struct hci_cp_exit_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_EXIT_SNIFF_MODE); 465 + 466 + if (!cp) 467 + break; 468 + 469 + hci_dev_lock(hdev); 470 + 471 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 472 + if (conn) { 473 + clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend); 474 + } 475 + 476 + hci_dev_unlock(hdev); 477 + } 478 + break; 479 + 473 480 default: 474 - BT_DBG("%s Command status: ogf HOST_POLICY ocf %x", hdev->name, ocf); 481 + BT_DBG("%s Command status: ogf LINK_POLICY ocf %x", hdev->name, ocf); 475 482 break; 476 483 } 477 484 } ··· 691 622 else 692 623 cp.role = 0x01; /* Remain slave */ 693 624 694 - hci_send_cmd(hdev, OGF_LINK_CTL, OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp); 625 + hci_send_cmd(hdev, OGF_LINK_CTL, 626 + OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp); 695 627 } else { 696 628 /* Connection rejected */ 697 629 struct hci_cp_reject_conn_req cp; 698 630 699 631 bacpy(&cp.bdaddr, &ev->bdaddr); 700 632 cp.reason = 0x0f; 701 - hci_send_cmd(hdev, OGF_LINK_CTL, OCF_REJECT_CONN_REQ, sizeof(cp), &cp); 633 + hci_send_cmd(hdev, OGF_LINK_CTL, 634 + OCF_REJECT_CONN_REQ, sizeof(cp), &cp); 702 635 } 703 636 } 704 637 ··· 708 637 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 709 638 { 710 639 struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data; 711 - struct hci_conn *conn = NULL; 640 + struct hci_conn *conn; 712 641 713 642 BT_DBG("%s", hdev->name); 714 643 ··· 730 659 if (test_bit(HCI_ENCRYPT, &hdev->flags)) 731 660 conn->link_mode |= HCI_LM_ENCRYPT; 732 661 662 + /* Get remote features */ 663 + if (conn->type == ACL_LINK) { 664 + struct hci_cp_read_remote_features cp; 665 + cp.handle = ev->handle; 666 + hci_send_cmd(hdev, OGF_LINK_CTL, 667 + OCF_READ_REMOTE_FEATURES, sizeof(cp), &cp); 668 + } 669 + 733 670 /* Set link policy */ 734 671 if (conn->type == ACL_LINK && hdev->link_policy) { 735 672 struct hci_cp_write_link_policy cp; 736 673 cp.handle = ev->handle; 737 674 cp.policy = __cpu_to_le16(hdev->link_policy); 738 - hci_send_cmd(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY, sizeof(cp), &cp); 675 + hci_send_cmd(hdev, OGF_LINK_POLICY, 676 + OCF_WRITE_LINK_POLICY, sizeof(cp), &cp); 739 677 } 740 678 741 679 /* Set packet type for incoming connection */ ··· 755 675 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK): 756 676 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK); 757 677 758 - hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp); 678 + hci_send_cmd(hdev, OGF_LINK_CTL, 679 + OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp); 759 680 } 760 681 } else 761 682 conn->state = BT_CLOSED; ··· 784 703 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 785 704 { 786 705 struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data; 787 - struct hci_conn *conn = NULL; 788 - __u16 handle = __le16_to_cpu(ev->handle); 706 + struct hci_conn *conn; 789 707 790 708 BT_DBG("%s status %d", hdev->name, ev->status); 791 709 ··· 793 713 794 714 hci_dev_lock(hdev); 795 715 796 - conn = hci_conn_hash_lookup_handle(hdev, handle); 716 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 797 717 if (conn) { 798 718 conn->state = BT_CLOSED; 799 719 hci_proto_disconn_ind(conn, ev->reason); ··· 850 770 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 851 771 { 852 772 struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data; 853 - struct hci_conn *conn = NULL; 773 + struct hci_conn *conn; 854 774 855 775 BT_DBG("%s status %d", hdev->name, ev->status); 856 776 ··· 873 793 hci_dev_unlock(hdev); 874 794 } 875 795 876 - /* Authentication Complete */ 877 - static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 796 + /* Mode Change */ 797 + static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 878 798 { 879 - struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data; 880 - struct hci_conn *conn = NULL; 881 - __u16 handle = __le16_to_cpu(ev->handle); 799 + struct hci_ev_mode_change *ev = (struct hci_ev_mode_change *) skb->data; 800 + struct hci_conn *conn; 882 801 883 802 BT_DBG("%s status %d", hdev->name, ev->status); 884 803 885 804 hci_dev_lock(hdev); 886 805 887 - conn = hci_conn_hash_lookup_handle(hdev, handle); 806 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 807 + if (conn) { 808 + conn->mode = ev->mode; 809 + conn->interval = __le16_to_cpu(ev->interval); 810 + 811 + if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) { 812 + if (conn->mode == HCI_CM_ACTIVE) 813 + conn->power_save = 1; 814 + else 815 + conn->power_save = 0; 816 + } 817 + } 818 + 819 + hci_dev_unlock(hdev); 820 + } 821 + 822 + /* Authentication Complete */ 823 + static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 824 + { 825 + struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data; 826 + struct hci_conn *conn; 827 + 828 + BT_DBG("%s status %d", hdev->name, ev->status); 829 + 830 + hci_dev_lock(hdev); 831 + 832 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 888 833 if (conn) { 889 834 if (!ev->status) 890 835 conn->link_mode |= HCI_LM_AUTH; ··· 924 819 cp.handle = __cpu_to_le16(conn->handle); 925 820 cp.encrypt = 1; 926 821 hci_send_cmd(conn->hdev, OGF_LINK_CTL, 927 - OCF_SET_CONN_ENCRYPT, 928 - sizeof(cp), &cp); 822 + OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp); 929 823 } else { 930 824 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend); 931 825 hci_encrypt_cfm(conn, ev->status, 0x00); ··· 939 835 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) 940 836 { 941 837 struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data; 942 - struct hci_conn *conn = NULL; 943 - __u16 handle = __le16_to_cpu(ev->handle); 838 + struct hci_conn *conn; 944 839 945 840 BT_DBG("%s status %d", hdev->name, ev->status); 946 841 947 842 hci_dev_lock(hdev); 948 843 949 - conn = hci_conn_hash_lookup_handle(hdev, handle); 844 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 950 845 if (conn) { 951 846 if (!ev->status) { 952 847 if (ev->encrypt) ··· 966 863 static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 967 864 { 968 865 struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data; 969 - struct hci_conn *conn = NULL; 970 - __u16 handle = __le16_to_cpu(ev->handle); 866 + struct hci_conn *conn; 971 867 972 868 BT_DBG("%s status %d", hdev->name, ev->status); 973 869 974 870 hci_dev_lock(hdev); 975 871 976 - conn = hci_conn_hash_lookup_handle(hdev, handle); 872 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 977 873 if (conn) { 978 874 if (!ev->status) 979 875 conn->link_mode |= HCI_LM_SECURE; ··· 1000 898 { 1001 899 } 1002 900 1003 - /* Clock Offset */ 1004 - static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 901 + /* Remote Features */ 902 + static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb) 1005 903 { 1006 - struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data; 1007 - struct hci_conn *conn = NULL; 1008 - __u16 handle = __le16_to_cpu(ev->handle); 904 + struct hci_ev_remote_features *ev = (struct hci_ev_remote_features *) skb->data; 905 + struct hci_conn *conn; 1009 906 1010 907 BT_DBG("%s status %d", hdev->name, ev->status); 1011 908 1012 909 hci_dev_lock(hdev); 1013 910 1014 - conn = hci_conn_hash_lookup_handle(hdev, handle); 911 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 912 + if (conn && !ev->status) { 913 + memcpy(conn->features, ev->features, sizeof(conn->features)); 914 + } 915 + 916 + hci_dev_unlock(hdev); 917 + } 918 + 919 + /* Clock Offset */ 920 + static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb) 921 + { 922 + struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data; 923 + struct hci_conn *conn; 924 + 925 + BT_DBG("%s status %d", hdev->name, ev->status); 926 + 927 + hci_dev_lock(hdev); 928 + 929 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 1015 930 if (conn && !ev->status) { 1016 931 struct inquiry_entry *ie; 1017 932 ··· 1054 935 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) { 1055 936 ie->data.pscan_rep_mode = ev->pscan_rep_mode; 1056 937 ie->timestamp = jiffies; 938 + } 939 + 940 + hci_dev_unlock(hdev); 941 + } 942 + 943 + /* Sniff Subrate */ 944 + static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb) 945 + { 946 + struct hci_ev_sniff_subrate *ev = (struct hci_ev_sniff_subrate *) skb->data; 947 + struct hci_conn *conn; 948 + 949 + BT_DBG("%s status %d", hdev->name, ev->status); 950 + 951 + hci_dev_lock(hdev); 952 + 953 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 954 + if (conn) { 1057 955 } 1058 956 1059 957 hci_dev_unlock(hdev); ··· 1124 988 hci_role_change_evt(hdev, skb); 1125 989 break; 1126 990 991 + case HCI_EV_MODE_CHANGE: 992 + hci_mode_change_evt(hdev, skb); 993 + break; 994 + 1127 995 case HCI_EV_AUTH_COMPLETE: 1128 996 hci_auth_complete_evt(hdev, skb); 1129 997 break; ··· 1152 1012 hci_link_key_notify_evt(hdev, skb); 1153 1013 break; 1154 1014 1015 + case HCI_EV_REMOTE_FEATURES: 1016 + hci_remote_features_evt(hdev, skb); 1017 + break; 1018 + 1155 1019 case HCI_EV_CLOCK_OFFSET: 1156 1020 hci_clock_offset_evt(hdev, skb); 1157 1021 break; 1158 1022 1159 1023 case HCI_EV_PSCAN_REP_MODE: 1160 1024 hci_pscan_rep_mode_evt(hdev, skb); 1025 + break; 1026 + 1027 + case HCI_EV_SNIFF_SUBRATE: 1028 + hci_sniff_subrate_evt(hdev, skb); 1161 1029 break; 1162 1030 1163 1031 case HCI_EV_CMD_STATUS:
+164 -63
net/bluetooth/hci_sysfs.c
··· 3 3 #include <linux/kernel.h> 4 4 #include <linux/init.h> 5 5 6 + #include <linux/platform_device.h> 7 + 6 8 #include <net/bluetooth/bluetooth.h> 7 9 #include <net/bluetooth/hci_core.h> 8 10 ··· 13 11 #define BT_DBG(D...) 14 12 #endif 15 13 16 - static ssize_t show_name(struct class_device *cdev, char *buf) 14 + static ssize_t show_name(struct device *dev, struct device_attribute *attr, char *buf) 17 15 { 18 - struct hci_dev *hdev = class_get_devdata(cdev); 16 + struct hci_dev *hdev = dev_get_drvdata(dev); 19 17 return sprintf(buf, "%s\n", hdev->name); 20 18 } 21 19 22 - static ssize_t show_type(struct class_device *cdev, char *buf) 20 + static ssize_t show_type(struct device *dev, struct device_attribute *attr, char *buf) 23 21 { 24 - struct hci_dev *hdev = class_get_devdata(cdev); 22 + struct hci_dev *hdev = dev_get_drvdata(dev); 25 23 return sprintf(buf, "%d\n", hdev->type); 26 24 } 27 25 28 - static ssize_t show_address(struct class_device *cdev, char *buf) 26 + static ssize_t show_address(struct device *dev, struct device_attribute *attr, char *buf) 29 27 { 30 - struct hci_dev *hdev = class_get_devdata(cdev); 28 + struct hci_dev *hdev = dev_get_drvdata(dev); 31 29 bdaddr_t bdaddr; 32 30 baswap(&bdaddr, &hdev->bdaddr); 33 31 return sprintf(buf, "%s\n", batostr(&bdaddr)); 34 32 } 35 33 36 - static ssize_t show_flags(struct class_device *cdev, char *buf) 34 + static ssize_t show_flags(struct device *dev, struct device_attribute *attr, char *buf) 37 35 { 38 - struct hci_dev *hdev = class_get_devdata(cdev); 36 + struct hci_dev *hdev = dev_get_drvdata(dev); 39 37 return sprintf(buf, "0x%lx\n", hdev->flags); 40 38 } 41 39 42 - static ssize_t show_inquiry_cache(struct class_device *cdev, char *buf) 40 + static ssize_t show_inquiry_cache(struct device *dev, struct device_attribute *attr, char *buf) 43 41 { 44 - struct hci_dev *hdev = class_get_devdata(cdev); 42 + struct hci_dev *hdev = dev_get_drvdata(dev); 45 43 struct inquiry_cache *cache = &hdev->inq_cache; 46 44 struct inquiry_entry *e; 47 45 int n = 0; ··· 63 61 return n; 64 62 } 65 63 66 - static CLASS_DEVICE_ATTR(name, S_IRUGO, show_name, NULL); 67 - static CLASS_DEVICE_ATTR(type, S_IRUGO, show_type, NULL); 68 - static CLASS_DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 69 - static CLASS_DEVICE_ATTR(flags, S_IRUGO, show_flags, NULL); 70 - static CLASS_DEVICE_ATTR(inquiry_cache, S_IRUGO, show_inquiry_cache, NULL); 64 + static ssize_t show_idle_timeout(struct device *dev, struct device_attribute *attr, char *buf) 65 + { 66 + struct hci_dev *hdev = dev_get_drvdata(dev); 67 + return sprintf(buf, "%d\n", hdev->idle_timeout); 68 + } 71 69 72 - static struct class_device_attribute *bt_attrs[] = { 73 - &class_device_attr_name, 74 - &class_device_attr_type, 75 - &class_device_attr_address, 76 - &class_device_attr_flags, 77 - &class_device_attr_inquiry_cache, 70 + static ssize_t store_idle_timeout(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 71 + { 72 + struct hci_dev *hdev = dev_get_drvdata(dev); 73 + char *ptr; 74 + __u32 val; 75 + 76 + val = simple_strtoul(buf, &ptr, 10); 77 + if (ptr == buf) 78 + return -EINVAL; 79 + 80 + if (val != 0 && (val < 500 || val > 3600000)) 81 + return -EINVAL; 82 + 83 + hdev->idle_timeout = val; 84 + 85 + return count; 86 + } 87 + 88 + static ssize_t show_sniff_max_interval(struct device *dev, struct device_attribute *attr, char *buf) 89 + { 90 + struct hci_dev *hdev = dev_get_drvdata(dev); 91 + return sprintf(buf, "%d\n", hdev->sniff_max_interval); 92 + } 93 + 94 + static ssize_t store_sniff_max_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 95 + { 96 + struct hci_dev *hdev = dev_get_drvdata(dev); 97 + char *ptr; 98 + __u16 val; 99 + 100 + val = simple_strtoul(buf, &ptr, 10); 101 + if (ptr == buf) 102 + return -EINVAL; 103 + 104 + if (val < 0x0002 || val > 0xFFFE || val % 2) 105 + return -EINVAL; 106 + 107 + if (val < hdev->sniff_min_interval) 108 + return -EINVAL; 109 + 110 + hdev->sniff_max_interval = val; 111 + 112 + return count; 113 + } 114 + 115 + static ssize_t show_sniff_min_interval(struct device *dev, struct device_attribute *attr, char *buf) 116 + { 117 + struct hci_dev *hdev = dev_get_drvdata(dev); 118 + return sprintf(buf, "%d\n", hdev->sniff_min_interval); 119 + } 120 + 121 + static ssize_t store_sniff_min_interval(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) 122 + { 123 + struct hci_dev *hdev = dev_get_drvdata(dev); 124 + char *ptr; 125 + __u16 val; 126 + 127 + val = simple_strtoul(buf, &ptr, 10); 128 + if (ptr == buf) 129 + return -EINVAL; 130 + 131 + if (val < 0x0002 || val > 0xFFFE || val % 2) 132 + return -EINVAL; 133 + 134 + if (val > hdev->sniff_max_interval) 135 + return -EINVAL; 136 + 137 + hdev->sniff_min_interval = val; 138 + 139 + return count; 140 + } 141 + 142 + static DEVICE_ATTR(name, S_IRUGO, show_name, NULL); 143 + static DEVICE_ATTR(type, S_IRUGO, show_type, NULL); 144 + static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); 145 + static DEVICE_ATTR(flags, S_IRUGO, show_flags, NULL); 146 + static DEVICE_ATTR(inquiry_cache, S_IRUGO, show_inquiry_cache, NULL); 147 + 148 + static DEVICE_ATTR(idle_timeout, S_IRUGO | S_IWUSR, 149 + show_idle_timeout, store_idle_timeout); 150 + static DEVICE_ATTR(sniff_max_interval, S_IRUGO | S_IWUSR, 151 + show_sniff_max_interval, store_sniff_max_interval); 152 + static DEVICE_ATTR(sniff_min_interval, S_IRUGO | S_IWUSR, 153 + show_sniff_min_interval, store_sniff_min_interval); 154 + 155 + static struct device_attribute *bt_attrs[] = { 156 + &dev_attr_name, 157 + &dev_attr_type, 158 + &dev_attr_address, 159 + &dev_attr_flags, 160 + &dev_attr_inquiry_cache, 161 + &dev_attr_idle_timeout, 162 + &dev_attr_sniff_max_interval, 163 + &dev_attr_sniff_min_interval, 78 164 NULL 79 165 }; 80 166 81 - #ifdef CONFIG_HOTPLUG 82 - static int bt_uevent(struct class_device *cdev, char **envp, int num_envp, char *buf, int size) 167 + struct class *bt_class = NULL; 168 + EXPORT_SYMBOL_GPL(bt_class); 169 + 170 + static struct bus_type bt_bus = { 171 + .name = "bluetooth", 172 + }; 173 + 174 + static struct platform_device *bt_platform; 175 + 176 + static void bt_release(struct device *dev) 83 177 { 84 - struct hci_dev *hdev = class_get_devdata(cdev); 85 - int n, i = 0; 86 - 87 - envp[i++] = buf; 88 - n = snprintf(buf, size, "INTERFACE=%s", hdev->name) + 1; 89 - buf += n; 90 - size -= n; 91 - 92 - if ((size <= 0) || (i >= num_envp)) 93 - return -ENOMEM; 94 - 95 - envp[i] = NULL; 96 - return 0; 97 - } 98 - #endif 99 - 100 - static void bt_release(struct class_device *cdev) 101 - { 102 - struct hci_dev *hdev = class_get_devdata(cdev); 103 - 178 + struct hci_dev *hdev = dev_get_drvdata(dev); 104 179 kfree(hdev); 105 180 } 106 181 107 - struct class bt_class = { 108 - .name = "bluetooth", 109 - .release = bt_release, 110 - #ifdef CONFIG_HOTPLUG 111 - .uevent = bt_uevent, 112 - #endif 113 - }; 114 - 115 - EXPORT_SYMBOL_GPL(bt_class); 116 - 117 182 int hci_register_sysfs(struct hci_dev *hdev) 118 183 { 119 - struct class_device *cdev = &hdev->class_dev; 184 + struct device *dev = &hdev->dev; 120 185 unsigned int i; 121 186 int err; 122 187 123 188 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 124 189 125 - cdev->class = &bt_class; 126 - class_set_devdata(cdev, hdev); 190 + dev->class = bt_class; 127 191 128 - strlcpy(cdev->class_id, hdev->name, BUS_ID_SIZE); 129 - err = class_device_register(cdev); 192 + if (hdev->parent) 193 + dev->parent = hdev->parent; 194 + else 195 + dev->parent = &bt_platform->dev; 196 + 197 + strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE); 198 + 199 + dev->release = bt_release; 200 + 201 + dev_set_drvdata(dev, hdev); 202 + 203 + err = device_register(dev); 130 204 if (err < 0) 131 205 return err; 132 206 133 207 for (i = 0; bt_attrs[i]; i++) 134 - class_device_create_file(cdev, bt_attrs[i]); 208 + device_create_file(dev, bt_attrs[i]); 135 209 136 210 return 0; 137 211 } 138 212 139 213 void hci_unregister_sysfs(struct hci_dev *hdev) 140 214 { 141 - struct class_device * cdev = &hdev->class_dev; 215 + struct device *dev = &hdev->dev; 142 216 143 217 BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type); 144 218 145 - class_device_del(cdev); 219 + device_del(dev); 146 220 } 147 221 148 222 int __init bt_sysfs_init(void) 149 223 { 150 - return class_register(&bt_class); 224 + int err; 225 + 226 + bt_platform = platform_device_register_simple("bluetooth", -1, NULL, 0); 227 + if (IS_ERR(bt_platform)) 228 + return PTR_ERR(bt_platform); 229 + 230 + err = bus_register(&bt_bus); 231 + if (err < 0) { 232 + platform_device_unregister(bt_platform); 233 + return err; 234 + } 235 + 236 + bt_class = class_create(THIS_MODULE, "bluetooth"); 237 + if (IS_ERR(bt_class)) { 238 + bus_unregister(&bt_bus); 239 + platform_device_unregister(bt_platform); 240 + return PTR_ERR(bt_class); 241 + } 242 + 243 + return 0; 151 244 } 152 245 153 246 void __exit bt_sysfs_cleanup(void) 154 247 { 155 - class_unregister(&bt_class); 248 + class_destroy(bt_class); 249 + 250 + bus_unregister(&bt_bus); 251 + 252 + platform_device_unregister(bt_platform); 156 253 }
+179 -182
net/bluetooth/l2cap.c
··· 63 63 .lock = RW_LOCK_UNLOCKED 64 64 }; 65 65 66 - static int l2cap_conn_del(struct hci_conn *conn, int err); 67 - 68 - static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent); 69 - static void l2cap_chan_del(struct sock *sk, int err); 70 - 71 66 static void __l2cap_sock_close(struct sock *sk, int reason); 72 67 static void l2cap_sock_close(struct sock *sk); 73 68 static void l2cap_sock_kill(struct sock *sk); ··· 104 109 sk->sk_timer.data = (unsigned long)sk; 105 110 } 106 111 112 + /* ---- L2CAP channels ---- */ 113 + static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 114 + { 115 + struct sock *s; 116 + for (s = l->head; s; s = l2cap_pi(s)->next_c) { 117 + if (l2cap_pi(s)->dcid == cid) 118 + break; 119 + } 120 + return s; 121 + } 122 + 123 + static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 124 + { 125 + struct sock *s; 126 + for (s = l->head; s; s = l2cap_pi(s)->next_c) { 127 + if (l2cap_pi(s)->scid == cid) 128 + break; 129 + } 130 + return s; 131 + } 132 + 133 + /* Find channel with given SCID. 134 + * Returns locked socket */ 135 + static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 136 + { 137 + struct sock *s; 138 + read_lock(&l->lock); 139 + s = __l2cap_get_chan_by_scid(l, cid); 140 + if (s) bh_lock_sock(s); 141 + read_unlock(&l->lock); 142 + return s; 143 + } 144 + 145 + static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 146 + { 147 + struct sock *s; 148 + for (s = l->head; s; s = l2cap_pi(s)->next_c) { 149 + if (l2cap_pi(s)->ident == ident) 150 + break; 151 + } 152 + return s; 153 + } 154 + 155 + static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 156 + { 157 + struct sock *s; 158 + read_lock(&l->lock); 159 + s = __l2cap_get_chan_by_ident(l, ident); 160 + if (s) bh_lock_sock(s); 161 + read_unlock(&l->lock); 162 + return s; 163 + } 164 + 165 + static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 166 + { 167 + u16 cid = 0x0040; 168 + 169 + for (; cid < 0xffff; cid++) { 170 + if(!__l2cap_get_chan_by_scid(l, cid)) 171 + return cid; 172 + } 173 + 174 + return 0; 175 + } 176 + 177 + static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 178 + { 179 + sock_hold(sk); 180 + 181 + if (l->head) 182 + l2cap_pi(l->head)->prev_c = sk; 183 + 184 + l2cap_pi(sk)->next_c = l->head; 185 + l2cap_pi(sk)->prev_c = NULL; 186 + l->head = sk; 187 + } 188 + 189 + static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk) 190 + { 191 + struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c; 192 + 193 + write_lock(&l->lock); 194 + if (sk == l->head) 195 + l->head = next; 196 + 197 + if (next) 198 + l2cap_pi(next)->prev_c = prev; 199 + if (prev) 200 + l2cap_pi(prev)->next_c = next; 201 + write_unlock(&l->lock); 202 + 203 + __sock_put(sk); 204 + } 205 + 206 + static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent) 207 + { 208 + struct l2cap_chan_list *l = &conn->chan_list; 209 + 210 + BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 211 + 212 + l2cap_pi(sk)->conn = conn; 213 + 214 + if (sk->sk_type == SOCK_SEQPACKET) { 215 + /* Alloc CID for connection-oriented socket */ 216 + l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 217 + } else if (sk->sk_type == SOCK_DGRAM) { 218 + /* Connectionless socket */ 219 + l2cap_pi(sk)->scid = 0x0002; 220 + l2cap_pi(sk)->dcid = 0x0002; 221 + l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 222 + } else { 223 + /* Raw socket can send/recv signalling messages only */ 224 + l2cap_pi(sk)->scid = 0x0001; 225 + l2cap_pi(sk)->dcid = 0x0001; 226 + l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 227 + } 228 + 229 + __l2cap_chan_link(l, sk); 230 + 231 + if (parent) 232 + bt_accept_enqueue(parent, sk); 233 + } 234 + 235 + /* Delete channel. 236 + * Must be called on the locked socket. */ 237 + static void l2cap_chan_del(struct sock *sk, int err) 238 + { 239 + struct l2cap_conn *conn = l2cap_pi(sk)->conn; 240 + struct sock *parent = bt_sk(sk)->parent; 241 + 242 + l2cap_sock_clear_timer(sk); 243 + 244 + BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 245 + 246 + if (conn) { 247 + /* Unlink from channel list */ 248 + l2cap_chan_unlink(&conn->chan_list, sk); 249 + l2cap_pi(sk)->conn = NULL; 250 + hci_conn_put(conn->hcon); 251 + } 252 + 253 + sk->sk_state = BT_CLOSED; 254 + sock_set_flag(sk, SOCK_ZAPPED); 255 + 256 + if (err) 257 + sk->sk_err = err; 258 + 259 + if (parent) { 260 + bt_accept_unlink(sk); 261 + parent->sk_data_ready(parent, 0); 262 + } else 263 + sk->sk_state_change(sk); 264 + } 265 + 107 266 /* ---- L2CAP connections ---- */ 108 267 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) 109 268 { 110 - struct l2cap_conn *conn; 269 + struct l2cap_conn *conn = hcon->l2cap_data; 111 270 112 - if ((conn = hcon->l2cap_data)) 271 + if (conn || status) 113 272 return conn; 114 273 115 - if (status) 116 - return conn; 117 - 118 - if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC))) 274 + conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC); 275 + if (!conn) 119 276 return NULL; 120 - memset(conn, 0, sizeof(struct l2cap_conn)); 121 277 122 278 hcon->l2cap_data = conn; 123 279 conn->hcon = hcon; 280 + 281 + BT_DBG("hcon %p conn %p", hcon, conn); 124 282 125 283 conn->mtu = hcon->hdev->acl_mtu; 126 284 conn->src = &hcon->hdev->bdaddr; ··· 282 134 spin_lock_init(&conn->lock); 283 135 rwlock_init(&conn->chan_list.lock); 284 136 285 - BT_DBG("hcon %p conn %p", hcon, conn); 286 137 return conn; 287 138 } 288 139 289 - static int l2cap_conn_del(struct hci_conn *hcon, int err) 140 + static void l2cap_conn_del(struct hci_conn *hcon, int err) 290 141 { 291 - struct l2cap_conn *conn; 142 + struct l2cap_conn *conn = hcon->l2cap_data; 292 143 struct sock *sk; 293 144 294 - if (!(conn = hcon->l2cap_data)) 295 - return 0; 145 + if (!conn) 146 + return; 296 147 297 148 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err); 298 149 ··· 308 161 309 162 hcon->l2cap_data = NULL; 310 163 kfree(conn); 311 - return 0; 312 164 } 313 165 314 166 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent) ··· 1071 925 return err; 1072 926 } 1073 927 1074 - /* ---- L2CAP channels ---- */ 1075 - static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid) 1076 - { 1077 - struct sock *s; 1078 - for (s = l->head; s; s = l2cap_pi(s)->next_c) { 1079 - if (l2cap_pi(s)->dcid == cid) 1080 - break; 1081 - } 1082 - return s; 1083 - } 1084 - 1085 - static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 1086 - { 1087 - struct sock *s; 1088 - for (s = l->head; s; s = l2cap_pi(s)->next_c) { 1089 - if (l2cap_pi(s)->scid == cid) 1090 - break; 1091 - } 1092 - return s; 1093 - } 1094 - 1095 - /* Find channel with given SCID. 1096 - * Returns locked socket */ 1097 - static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid) 1098 - { 1099 - struct sock *s; 1100 - read_lock(&l->lock); 1101 - s = __l2cap_get_chan_by_scid(l, cid); 1102 - if (s) bh_lock_sock(s); 1103 - read_unlock(&l->lock); 1104 - return s; 1105 - } 1106 - 1107 - static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 1108 - { 1109 - struct sock *s; 1110 - for (s = l->head; s; s = l2cap_pi(s)->next_c) { 1111 - if (l2cap_pi(s)->ident == ident) 1112 - break; 1113 - } 1114 - return s; 1115 - } 1116 - 1117 - static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident) 1118 - { 1119 - struct sock *s; 1120 - read_lock(&l->lock); 1121 - s = __l2cap_get_chan_by_ident(l, ident); 1122 - if (s) bh_lock_sock(s); 1123 - read_unlock(&l->lock); 1124 - return s; 1125 - } 1126 - 1127 - static u16 l2cap_alloc_cid(struct l2cap_chan_list *l) 1128 - { 1129 - u16 cid = 0x0040; 1130 - 1131 - for (; cid < 0xffff; cid++) { 1132 - if(!__l2cap_get_chan_by_scid(l, cid)) 1133 - return cid; 1134 - } 1135 - 1136 - return 0; 1137 - } 1138 - 1139 - static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk) 1140 - { 1141 - sock_hold(sk); 1142 - 1143 - if (l->head) 1144 - l2cap_pi(l->head)->prev_c = sk; 1145 - 1146 - l2cap_pi(sk)->next_c = l->head; 1147 - l2cap_pi(sk)->prev_c = NULL; 1148 - l->head = sk; 1149 - } 1150 - 1151 - static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk) 1152 - { 1153 - struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c; 1154 - 1155 - write_lock(&l->lock); 1156 - if (sk == l->head) 1157 - l->head = next; 1158 - 1159 - if (next) 1160 - l2cap_pi(next)->prev_c = prev; 1161 - if (prev) 1162 - l2cap_pi(prev)->next_c = next; 1163 - write_unlock(&l->lock); 1164 - 1165 - __sock_put(sk); 1166 - } 1167 - 1168 - static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent) 1169 - { 1170 - struct l2cap_chan_list *l = &conn->chan_list; 1171 - 1172 - BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid); 1173 - 1174 - l2cap_pi(sk)->conn = conn; 1175 - 1176 - if (sk->sk_type == SOCK_SEQPACKET) { 1177 - /* Alloc CID for connection-oriented socket */ 1178 - l2cap_pi(sk)->scid = l2cap_alloc_cid(l); 1179 - } else if (sk->sk_type == SOCK_DGRAM) { 1180 - /* Connectionless socket */ 1181 - l2cap_pi(sk)->scid = 0x0002; 1182 - l2cap_pi(sk)->dcid = 0x0002; 1183 - l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 1184 - } else { 1185 - /* Raw socket can send/recv signalling messages only */ 1186 - l2cap_pi(sk)->scid = 0x0001; 1187 - l2cap_pi(sk)->dcid = 0x0001; 1188 - l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU; 1189 - } 1190 - 1191 - __l2cap_chan_link(l, sk); 1192 - 1193 - if (parent) 1194 - bt_accept_enqueue(parent, sk); 1195 - } 1196 - 1197 - /* Delete channel. 1198 - * Must be called on the locked socket. */ 1199 - static void l2cap_chan_del(struct sock *sk, int err) 1200 - { 1201 - struct l2cap_conn *conn = l2cap_pi(sk)->conn; 1202 - struct sock *parent = bt_sk(sk)->parent; 1203 - 1204 - l2cap_sock_clear_timer(sk); 1205 - 1206 - BT_DBG("sk %p, conn %p, err %d", sk, conn, err); 1207 - 1208 - if (conn) { 1209 - /* Unlink from channel list */ 1210 - l2cap_chan_unlink(&conn->chan_list, sk); 1211 - l2cap_pi(sk)->conn = NULL; 1212 - hci_conn_put(conn->hcon); 1213 - } 1214 - 1215 - sk->sk_state = BT_CLOSED; 1216 - sock_set_flag(sk, SOCK_ZAPPED); 1217 - 1218 - if (err) 1219 - sk->sk_err = err; 1220 - 1221 - if (parent) { 1222 - bt_accept_unlink(sk); 1223 - parent->sk_data_ready(parent, 0); 1224 - } else 1225 - sk->sk_state_change(sk); 1226 - } 1227 - 1228 928 static void l2cap_conn_ready(struct l2cap_conn *conn) 1229 929 { 1230 930 struct l2cap_chan_list *l = &conn->chan_list; ··· 1826 1834 kfree_skb(skb); 1827 1835 1828 1836 done: 1829 - if (sk) bh_unlock_sock(sk); 1837 + if (sk) 1838 + bh_unlock_sock(sk); 1839 + 1830 1840 return 0; 1831 1841 } 1832 1842 ··· 1919 1925 1920 1926 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status) 1921 1927 { 1928 + struct l2cap_conn *conn; 1929 + 1922 1930 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status); 1923 1931 1924 1932 if (hcon->type != ACL_LINK) 1925 1933 return 0; 1926 1934 1927 1935 if (!status) { 1928 - struct l2cap_conn *conn; 1929 - 1930 1936 conn = l2cap_conn_add(hcon, status); 1931 1937 if (conn) 1932 1938 l2cap_conn_ready(conn); 1933 - } else 1939 + } else 1934 1940 l2cap_conn_del(hcon, bt_err(status)); 1935 1941 1936 1942 return 0; ··· 1944 1950 return 0; 1945 1951 1946 1952 l2cap_conn_del(hcon, bt_err(reason)); 1953 + 1947 1954 return 0; 1948 1955 } 1949 1956 1950 1957 static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status) 1951 1958 { 1952 1959 struct l2cap_chan_list *l; 1953 - struct l2cap_conn *conn; 1960 + struct l2cap_conn *conn = conn = hcon->l2cap_data; 1954 1961 struct l2cap_conn_rsp rsp; 1955 1962 struct sock *sk; 1956 1963 int result; 1957 1964 1958 - if (!(conn = hcon->l2cap_data)) 1965 + if (!conn) 1959 1966 return 0; 1967 + 1960 1968 l = &conn->chan_list; 1961 1969 1962 1970 BT_DBG("conn %p", conn); ··· 2001 2005 static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status) 2002 2006 { 2003 2007 struct l2cap_chan_list *l; 2004 - struct l2cap_conn *conn; 2008 + struct l2cap_conn *conn = hcon->l2cap_data; 2005 2009 struct l2cap_conn_rsp rsp; 2006 2010 struct sock *sk; 2007 2011 int result; 2008 2012 2009 - if (!(conn = hcon->l2cap_data)) 2013 + if (!conn) 2010 2014 return 0; 2015 + 2011 2016 l = &conn->chan_list; 2012 2017 2013 2018 BT_DBG("conn %p", conn); ··· 2216 2219 goto error; 2217 2220 } 2218 2221 2219 - class_create_file(&bt_class, &class_attr_l2cap); 2222 + class_create_file(bt_class, &class_attr_l2cap); 2220 2223 2221 2224 BT_INFO("L2CAP ver %s", VERSION); 2222 2225 BT_INFO("L2CAP socket layer initialized"); ··· 2230 2233 2231 2234 static void __exit l2cap_exit(void) 2232 2235 { 2233 - class_remove_file(&bt_class, &class_attr_l2cap); 2236 + class_remove_file(bt_class, &class_attr_l2cap); 2234 2237 2235 2238 if (bt_sock_unregister(BTPROTO_L2CAP) < 0) 2236 2239 BT_ERR("L2CAP socket unregistration failed");
+20 -7
net/bluetooth/rfcomm/core.c
··· 52 52 #define BT_DBG(D...) 53 53 #endif 54 54 55 - #define VERSION "1.7" 55 + #define VERSION "1.8" 56 56 57 + static int disable_cfc = 0; 57 58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 58 59 59 60 static struct task_struct *rfcomm_thread; ··· 534 533 s->sock = sock; 535 534 536 535 s->mtu = RFCOMM_DEFAULT_MTU; 537 - s->cfc = RFCOMM_CFC_UNKNOWN; 536 + s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 538 537 539 538 /* Do not increment module usage count for listening sessions. 540 539 * Otherwise we won't be able to unload the module. */ ··· 1150 1149 1151 1150 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1152 1151 { 1152 + struct sock *sk = d->session->sock->sk; 1153 + 1153 1154 BT_DBG("dlc %p", d); 1154 1155 1155 1156 rfcomm_send_ua(d->session, d->dlci); ··· 1160 1157 d->state = BT_CONNECTED; 1161 1158 d->state_change(d, 0); 1162 1159 rfcomm_dlc_unlock(d); 1160 + 1161 + if (d->link_mode & RFCOMM_LM_MASTER) 1162 + hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1163 1163 1164 1164 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1165 1165 } ··· 1228 1222 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1229 1223 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1230 1224 1231 - if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) { 1232 - d->cfc = s->cfc = RFCOMM_CFC_ENABLED; 1225 + if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1226 + pn->flow_ctrl == 0xe0) { 1227 + d->cfc = RFCOMM_CFC_ENABLED; 1233 1228 d->tx_credits = pn->credits; 1234 1229 } else { 1235 - d->cfc = s->cfc = RFCOMM_CFC_DISABLED; 1230 + d->cfc = RFCOMM_CFC_DISABLED; 1236 1231 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1237 1232 } 1233 + 1234 + if (s->cfc == RFCOMM_CFC_UNKNOWN) 1235 + s->cfc = d->cfc; 1238 1236 1239 1237 d->priority = pn->priority; 1240 1238 ··· 2045 2035 2046 2036 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2047 2037 2048 - class_create_file(&bt_class, &class_attr_rfcomm_dlc); 2038 + class_create_file(bt_class, &class_attr_rfcomm_dlc); 2049 2039 2050 2040 rfcomm_init_sockets(); 2051 2041 ··· 2060 2050 2061 2051 static void __exit rfcomm_exit(void) 2062 2052 { 2063 - class_remove_file(&bt_class, &class_attr_rfcomm_dlc); 2053 + class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2064 2054 2065 2055 hci_unregister_cb(&rfcomm_cb); 2066 2056 ··· 2082 2072 2083 2073 module_init(rfcomm_init); 2084 2074 module_exit(rfcomm_exit); 2075 + 2076 + module_param(disable_cfc, bool, 0644); 2077 + MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2085 2078 2086 2079 module_param(l2cap_mtu, uint, 0644); 2087 2080 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
+2 -2
net/bluetooth/rfcomm/sock.c
··· 944 944 if (err < 0) 945 945 goto error; 946 946 947 - class_create_file(&bt_class, &class_attr_rfcomm); 947 + class_create_file(bt_class, &class_attr_rfcomm); 948 948 949 949 BT_INFO("RFCOMM socket layer initialized"); 950 950 ··· 958 958 959 959 void __exit rfcomm_cleanup_sockets(void) 960 960 { 961 - class_remove_file(&bt_class, &class_attr_rfcomm); 961 + class_remove_file(bt_class, &class_attr_rfcomm); 962 962 963 963 if (bt_sock_unregister(BTPROTO_RFCOMM) < 0) 964 964 BT_ERR("RFCOMM socket layer unregistration failed");
+2 -2
net/bluetooth/sco.c
··· 969 969 goto error; 970 970 } 971 971 972 - class_create_file(&bt_class, &class_attr_sco); 972 + class_create_file(bt_class, &class_attr_sco); 973 973 974 974 BT_INFO("SCO (Voice Link) ver %s", VERSION); 975 975 BT_INFO("SCO socket layer initialized"); ··· 983 983 984 984 static void __exit sco_exit(void) 985 985 { 986 - class_remove_file(&bt_class, &class_attr_sco); 986 + class_remove_file(bt_class, &class_attr_sco); 987 987 988 988 if (bt_sock_unregister(BTPROTO_SCO) < 0) 989 989 BT_ERR("SCO socket unregistration failed");
+2 -1
net/bridge/br_netlink.c
··· 117 117 continue; 118 118 119 119 if (idx < s_idx) 120 - continue; 120 + goto cont; 121 121 122 122 err = br_fill_ifinfo(skb, p, NETLINK_CB(cb->skb).pid, 123 123 cb->nlh->nlmsg_seq, RTM_NEWLINK, NLM_F_MULTI); 124 124 if (err <= 0) 125 125 break; 126 + cont: 126 127 ++idx; 127 128 } 128 129 read_unlock(&dev_base_lock);
+11 -3
net/ipv4/af_inet.c
··· 1106 1106 int ihl; 1107 1107 int id; 1108 1108 1109 - if (!pskb_may_pull(skb, sizeof(*iph))) 1109 + if (unlikely(skb_shinfo(skb)->gso_type & 1110 + ~(SKB_GSO_TCPV4 | 1111 + SKB_GSO_UDP | 1112 + SKB_GSO_DODGY | 1113 + SKB_GSO_TCP_ECN | 1114 + 0))) 1115 + goto out; 1116 + 1117 + if (unlikely(!pskb_may_pull(skb, sizeof(*iph)))) 1110 1118 goto out; 1111 1119 1112 1120 iph = skb->nh.iph; ··· 1122 1114 if (ihl < sizeof(*iph)) 1123 1115 goto out; 1124 1116 1125 - if (!pskb_may_pull(skb, ihl)) 1117 + if (unlikely(!pskb_may_pull(skb, ihl))) 1126 1118 goto out; 1127 1119 1128 1120 skb->h.raw = __skb_pull(skb, ihl); ··· 1133 1125 1134 1126 rcu_read_lock(); 1135 1127 ops = rcu_dereference(inet_protos[proto]); 1136 - if (ops && ops->gso_segment) 1128 + if (likely(ops && ops->gso_segment)) 1137 1129 segs = ops->gso_segment(skb, features); 1138 1130 rcu_read_unlock(); 1139 1131
+12 -1
net/ipv4/tcp.c
··· 2170 2170 2171 2171 if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { 2172 2172 /* Packet is from an untrusted source, reset gso_segs. */ 2173 - int mss = skb_shinfo(skb)->gso_size; 2173 + int type = skb_shinfo(skb)->gso_type; 2174 + int mss; 2174 2175 2176 + if (unlikely(type & 2177 + ~(SKB_GSO_TCPV4 | 2178 + SKB_GSO_DODGY | 2179 + SKB_GSO_TCP_ECN | 2180 + SKB_GSO_TCPV6 | 2181 + 0) || 2182 + !(type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)))) 2183 + goto out; 2184 + 2185 + mss = skb_shinfo(skb)->gso_size; 2175 2186 skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss; 2176 2187 2177 2188 segs = NULL;
+10 -1
net/ipv6/ipv6_sockglue.c
··· 64 64 struct inet6_protocol *ops; 65 65 int proto; 66 66 67 + if (unlikely(skb_shinfo(skb)->gso_type & 68 + ~(SKB_GSO_UDP | 69 + SKB_GSO_DODGY | 70 + SKB_GSO_TCP_ECN | 71 + SKB_GSO_TCPV6 | 72 + 0))) 73 + goto out; 74 + 67 75 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) 68 76 goto out; 69 77 ··· 119 111 120 112 for (skb = segs; skb; skb = skb->next) { 121 113 ipv6h = skb->nh.ipv6h; 122 - ipv6h->payload_len = htons(skb->len - skb->mac_len); 114 + ipv6h->payload_len = htons(skb->len - skb->mac_len - 115 + sizeof(*ipv6h)); 123 116 } 124 117 125 118 out:
+2 -1
net/ipv6/netfilter/ip6_tables.c
··· 25 25 #include <linux/vmalloc.h> 26 26 #include <linux/netdevice.h> 27 27 #include <linux/module.h> 28 + #include <linux/poison.h> 28 29 #include <linux/icmpv6.h> 29 30 #include <net/ipv6.h> 30 31 #include <asm/uaccess.h> ··· 377 376 } while (!hotdrop); 378 377 379 378 #ifdef CONFIG_NETFILTER_DEBUG 380 - ((struct ip6t_entry *)table_base)->comefrom = 0xdead57ac; 379 + ((struct ip6t_entry *)table_base)->comefrom = NETFILTER_LINK_POISON; 381 380 #endif 382 381 read_unlock_bh(&table->lock); 383 382
+2 -2
net/netrom/af_netrom.c
··· 800 800 801 801 /* Now attach up the new socket */ 802 802 kfree_skb(skb); 803 - sk->sk_ack_backlog--; 803 + sk_acceptq_removed(sk); 804 804 newsock->sk = newsk; 805 805 806 806 out: ··· 985 985 nr_make->vr = 0; 986 986 nr_make->vl = 0; 987 987 nr_make->state = NR_STATE_3; 988 - sk->sk_ack_backlog++; 988 + sk_acceptq_added(sk); 989 989 990 990 nr_insert_socket(make); 991 991
+6 -1
net/rose/af_rose.c
··· 752 752 753 753 rose_insert_socket(sk); /* Finish the bind */ 754 754 } 755 - 755 + rose_try_next_neigh: 756 756 rose->dest_addr = addr->srose_addr; 757 757 rose->dest_call = addr->srose_call; 758 758 rose->rand = ((long)rose & 0xFFFF) + rose->lci; ··· 810 810 } 811 811 812 812 if (sk->sk_state != TCP_ESTABLISHED) { 813 + /* Try next neighbour */ 814 + rose->neighbour = rose_get_neigh(&addr->srose_addr, &cause, &diagnostic); 815 + if (rose->neighbour) 816 + goto rose_try_next_neigh; 817 + /* No more neighbour */ 813 818 sock->state = SS_UNCONNECTED; 814 819 return sock_error(sk); /* Always set at this point */ 815 820 }
+4 -1
net/rose/rose_dev.c
··· 59 59 struct net_device_stats *stats = netdev_priv(dev); 60 60 unsigned char *bp = (unsigned char *)skb->data; 61 61 struct sk_buff *skbn; 62 + unsigned int len; 62 63 63 64 #ifdef CONFIG_INET 64 65 if (arp_find(bp + 7, skb)) { ··· 76 75 77 76 kfree_skb(skb); 78 77 78 + len = skbn->len; 79 + 79 80 if (!rose_route_frame(skbn, NULL)) { 80 81 kfree_skb(skbn); 81 82 stats->tx_errors++; ··· 85 82 } 86 83 87 84 stats->tx_packets++; 88 - stats->tx_bytes += skbn->len; 85 + stats->tx_bytes += len; 89 86 #endif 90 87 return 1; 91 88 }
+4 -1
net/tipc/core.h
··· 297 297 * buf_acquire - creates a TIPC message buffer 298 298 * @size: message size (including TIPC header) 299 299 * 300 - * Returns a new buffer. Space is reserved for a data link header. 300 + * Returns a new buffer with data pointers set to the specified size. 301 + * 302 + * NOTE: Headroom is reserved to allow prepending of a data link header. 303 + * There may also be unrequested tailroom present at the buffer's end. 301 304 */ 302 305 303 306 static inline struct sk_buff *buf_acquire(u32 size)
+2
net/tipc/link.c
··· 998 998 return 0; 999 999 if (skb_tailroom(bundler) < (pad + size)) 1000 1000 return 0; 1001 + if (link_max_pkt(l_ptr) < (to_pos + size)) 1002 + return 0; 1001 1003 1002 1004 skb_put(bundler, pad + size); 1003 1005 memcpy(bundler->data + to_pos, buf->data, size);
+1 -1
net/unix/af_unix.c
··· 144 144 scm->seclen = *UNIXSECLEN(skb); 145 145 } 146 146 #else 147 - static void unix_get_peersec_dgram(struct sk_buff *skb) 147 + static inline void unix_get_peersec_dgram(struct sk_buff *skb) 148 148 { } 149 149 150 150 static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)