aboutsummaryrefslogtreecommitdiff
path: root/drivers/bluetooth/hci_ldisc.c
AgeCommit message (Collapse)Author
2008-02-12hci_ldisc: fix null pointer derefDavid Newall
Arjan: With the help of kerneloops.org I've spotted a nice little interaction between the TTY layer and the bluetooth code, however the tty layer is not something I'm all too familiar with so I rather ask than brute-force fix the code incorrectly. The raw details are at: http://www.kerneloops.org/search.php?search=uart_flush_buffer What happens is that, on closing the bluetooth tty, the tty layer goes into the release_dev() function, which first does a bunch of stuff, then sets the file->private_data to NULL, does some more stuff and then calls the ldisc close function. Which in this case, is hci_uart_tty_close(). Now, hci_uart_tty_close() calls hci_uart_close() which clears some internal bit, and then calls hci_uart_flush()... which calls back to the tty layers' uart_flush_buffer() function. (in drivers/bluetooth/hci_tty.c around line 194) Which then WARN_ON()'s because that's not allowed/supposed to be called this late in the shutdown of the port.... Should the bluetooth driver even call this flush function at all?? David: This seems to be what happens: Hci_uart_close() flushes using hci_uart_flush(). Subsequently, in hci_dev_do_close(), (one step in hci_unregister_dev()), hci_uart_flush() is called again. The comment in uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush after the port is closed; which sounds reasonable. I think hci_uart_close() should set hdev->flush to NULL before returning. Hci_dev_do_close() does check for this. The code path is rather involved and I'm not entirely clear of all steps, but I think that's what should be done. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-22[Bluetooth] Add UART driver for Texas Instruments' BRF63xx chipsOhad Ben-Cohen
Add support for Texas Instruments' HCI Low Level (HCILL) Bluetooth protocol, which is a power management extension to H4. The HCILL is widely used by TI's BRF63xx Bluetooth chips. Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-10[Bluetooth] Fix unintentional fall-through in HCI line disciplineMarcel Holtmann
A trivial fix to (what looks like) an unintentional fall-through in the HCI line discipline. Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-10[Bluetooth] Fix NULL pointer dereference in HCI line disciplineMarcel Holtmann
Normally a serial Bluetooth device is opened, TIOSETD'ed to N_HCI line discipline, HCIUARTSETPROTO'ed and finally closed. In case the device fails to HCIUARTSETPROTO, closing it produces a NULL pointer dereference. Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-10[Bluetooth] Add HCIUARTGETDEVICE support for HCI line disciplineMarcel Holtmann
Adding HCIUARTGETDEVICE makes it possible to get the HCI device number that is attached to a given serial device. This is required during the initialization process of some Bluetooth chips. Signed-off-by: Ohad Ben-Cohen <ohad@bencohen.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-14[PATCH] remove many unneeded #includes of sched.hTim Schmielau
After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2006-09-28[Bluetooth] Code cleanup for the HCI UART driverMarcel Holtmann
This patch cleans up the Bluetooth HCI UART driver a bit. Signed-off-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-07-12[Bluetooth] Avoid NULL pointer dereference with tty->driverMarcel Holtmann
This patch checks for tty->driver before trying to call flush_buffer(). Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2006-06-30Remove obsolete #include <linux/config.h>Jörn Engel
Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
2006-01-10[PATCH] TTY layer buffering revampAlan Cox
The API and code have been through various bits of initial review by serial driver people but they definitely need to live somewhere for a while so the unconverted drivers can get knocked into shape, existing drivers that have been updated can be better tuned and bugs whacked out. This replaces the tty flip buffers with kmalloc objects in rings. In the normal situation for an IRQ driven serial port at typical speeds the behaviour is pretty much the same, two buffers end up allocated and the kernel cycles between them as before. When there are delays or at high speed we now behave far better as the buffer pool can grow a bit rather than lose characters. This also means that we can operate at higher speeds reliably. For drivers that receive characters in blocks (DMA based, USB and especially virtualisation) the layer allows a lot of driver specific code that works around the tty layer with private secondary queues to be removed. The IBM folks need this sort of layer, the smart serial port people do, the virtualisers do (because a virtualised tty typically operates at infinite speed rather than emulating 9600 baud). Finally many drivers had invalid and unsafe attempts to avoid buffer overflows by directly invoking tty methods extracted out of the innards of work queue structs. These are no longer needed and all go away. That fixes various random hangs with serial ports on overflow. The other change in here is to optimise the receive_room path that is used by some callers. It turns out that only one ldisc uses receive room except asa constant and it updates it far far less than the value is read. We thus make it a variable not a function call. I expect the code to contain bugs due to the size alone but I'll be watching and squashing them and feeding out new patches as it goes. Because the buffers now dynamically expand you should only run out of buffering when the kernel runs out of memory for real. That means a lot of the horrible hacks high performance drivers used to do just aren't needed any more. Description: tty_insert_flip_char is an old API and continues to work as before, as does tty_flip_buffer_push() [this is why many drivers dont need modification]. It does now also return the number of chars inserted There are also tty_buffer_request_room(tty, len) which asks for a buffer block of the length requested and returns the space found. This improves efficiency with hardware that knows how much to transfer. and tty_insert_flip_string_flags(tty, str, flags, len) to insert a string of characters and flags For a smart interface the usual code is len = tty_request_buffer_room(tty, amount_hardware_says); tty_insert_flip_string(tty, buffer_from_card, len); More description! At the moment tty buffers are attached directly to the tty. This is causing a lot of the problems related to tty layer locking, also problems at high speed and also with bursty data (such as occurs in virtualised environments) I'm working on ripping out the flip buffers and replacing them with a pool of dynamically allocated buffers. This allows both for old style "byte I/O" devices and also helps virtualisation and smart devices where large blocks of data suddenely materialise and need storing. So far so good. Lots of drivers reference tty->flip.*. Several of them also call directly and unsafely into function pointers it provides. This will all break. Most drivers can use tty_insert_flip_char which can be kept as an API but others need more. At the moment I've added the following interfaces, if people think more will be needed now is a good time to say int tty_buffer_request_room(tty, size) Try and ensure at least size bytes are available, returns actual room (may be zero). At the moment it just uses the flipbuf space but that will change. Repeated calls without characters being added are not cumulative. (ie if you call it with 1, 1, 1, and then 4 you'll have four characters of space. The other functions will also try and grow buffers in future but this will be a more efficient way when you know block sizes. int tty_insert_flip_char(tty, ch, flag) As before insert a character if there is room. Now returns 1 for success, 0 for failure. int tty_insert_flip_string(tty, str, len) Insert a block of non error characters. Returns the number inserted. int tty_prepare_flip_string(tty, strptr, len) Adjust the buffer to allow len characters to be added. Returns a buffer pointer in strptr and the length available. This allows for hardware that needs to use functions like insl or mencpy_fromio. Signed-off-by: Alan Cox <alan@redhat.com> Cc: Paul Fulghum <paulkf@microgate.com> Signed-off-by: Hirokazu Takata <takata@linux-m32r.org> Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: John Hawkes <hawkes@sgi.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-07[PATCH] bluetooth: kmalloc + memset -> kzalloc conversionDeepak Saxena
Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Cc: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-10-28[Bluetooth] Cleanup of the HCI UART driverMarcel Holtmann
This patch contains the big cleanup of the HCI UART driver. The uneeded header files are removed and their structure declarations are moved into the protocol implementations. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-10-28[Bluetooth] Remove TXCRC compile option for BCSP driverMarcel Holtmann
The TXCRC compile option is not really useful and thus change it into a module parameter. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-08-29[Bluetooth]: Move packet type into the SKB control bufferMarcel Holtmann
This patch moves the usage of packet type into the SKB control buffer. After this patch it is now possible to shrink the sk_buff structure and redefine its pkt_type. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-06[Bluetooth] Remove unused functions and cleanup symbol exportsMarcel Holtmann
This patch removes the unused bt_dump() function and it also removes its BT_DMP macro. It also unexports the hci_dev_get(), hci_send_cmd() and hci_si_event() functions. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2005-06-23[PATCH] Convert users to tty_unregister_ldisc()Alexey Dobriyan
tty_register_ldisc(N_FOO, NULL) => tty_unregister_ldisc(N_FOO) Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-16Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!