Commit 75d42b35 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge tag 'for-net-2023-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Luiz Augusto von Dentz says:

====================
bluetooth pull request for net:

 - Fix building with coredump disabled
 - Fix use-after-free in hci_remove_adv_monitor
 - Use RCU for hci_conn_params and iterate safely in hci_sync
 - Fix locking issues on ISO and SCO
 - Fix bluetooth on Intel Macbook 2014

* tag 'for-net-2023-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
  Bluetooth: MGMT: Use correct address for memcpy()
  Bluetooth: btusb: Fix bluetooth on Intel Macbook 2014
  Bluetooth: SCO: fix sco_conn related locking and validity issues
  Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
  Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()
  Bluetooth: coredump: fix building with coredump disabled
  Bluetooth: ISO: fix iso_conn related locking and validity issues
  Bluetooth: hci_event: call disconnect callback before deleting conn
  Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync
====================

Link: https://lore.kernel.org/r/20230720190201.446469-1-luiz.dentz@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 9b39f758 d1f0a981
...@@ -4104,6 +4104,7 @@ static int btusb_probe(struct usb_interface *intf, ...@@ -4104,6 +4104,7 @@ static int btusb_probe(struct usb_interface *intf,
BT_DBG("intf %p id %p", intf, id); BT_DBG("intf %p id %p", intf, id);
if ((id->driver_info & BTUSB_IFNUM_2) && if ((id->driver_info & BTUSB_IFNUM_2) &&
(intf->cur_altsetting->desc.bInterfaceNumber != 0) &&
(intf->cur_altsetting->desc.bInterfaceNumber != 2)) (intf->cur_altsetting->desc.bInterfaceNumber != 2))
return -ENODEV; return -ENODEV;
......
...@@ -593,9 +593,7 @@ struct hci_dev { ...@@ -593,9 +593,7 @@ struct hci_dev {
const char *fw_info; const char *fw_info;
struct dentry *debugfs; struct dentry *debugfs;
#ifdef CONFIG_DEV_COREDUMP
struct hci_devcoredump dump; struct hci_devcoredump dump;
#endif
struct device dev; struct device dev;
...@@ -822,6 +820,7 @@ struct hci_conn_params { ...@@ -822,6 +820,7 @@ struct hci_conn_params {
struct hci_conn *conn; struct hci_conn *conn;
bool explicit_connect; bool explicit_connect;
/* Accessed without hdev->lock: */
hci_conn_flags_t flags; hci_conn_flags_t flags;
u8 privacy_mode; u8 privacy_mode;
}; };
...@@ -1573,7 +1572,11 @@ struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev, ...@@ -1573,7 +1572,11 @@ struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
bdaddr_t *addr, u8 addr_type); bdaddr_t *addr, u8 addr_type);
void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type); void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type);
void hci_conn_params_clear_disabled(struct hci_dev *hdev); void hci_conn_params_clear_disabled(struct hci_dev *hdev);
void hci_conn_params_free(struct hci_conn_params *param);
void hci_pend_le_list_del_init(struct hci_conn_params *param);
void hci_pend_le_list_add(struct hci_conn_params *param,
struct list_head *list);
struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list, struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
bdaddr_t *addr, bdaddr_t *addr,
u8 addr_type); u8 addr_type);
......
...@@ -118,7 +118,7 @@ static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) ...@@ -118,7 +118,7 @@ static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
*/ */
params->explicit_connect = false; params->explicit_connect = false;
list_del_init(&params->action); hci_pend_le_list_del_init(params);
switch (params->auto_connect) { switch (params->auto_connect) {
case HCI_AUTO_CONN_EXPLICIT: case HCI_AUTO_CONN_EXPLICIT:
...@@ -127,10 +127,10 @@ static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) ...@@ -127,10 +127,10 @@ static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status)
return; return;
case HCI_AUTO_CONN_DIRECT: case HCI_AUTO_CONN_DIRECT:
case HCI_AUTO_CONN_ALWAYS: case HCI_AUTO_CONN_ALWAYS:
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
break; break;
case HCI_AUTO_CONN_REPORT: case HCI_AUTO_CONN_REPORT:
list_add(&params->action, &hdev->pend_le_reports); hci_pend_le_list_add(params, &hdev->pend_le_reports);
break; break;
default: default:
break; break;
...@@ -1426,8 +1426,8 @@ static int hci_explicit_conn_params_set(struct hci_dev *hdev, ...@@ -1426,8 +1426,8 @@ static int hci_explicit_conn_params_set(struct hci_dev *hdev,
if (params->auto_connect == HCI_AUTO_CONN_DISABLED || if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
params->auto_connect == HCI_AUTO_CONN_REPORT || params->auto_connect == HCI_AUTO_CONN_REPORT ||
params->auto_connect == HCI_AUTO_CONN_EXPLICIT) { params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
list_del_init(&params->action); hci_pend_le_list_del_init(params);
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
} }
params->explicit_connect = true; params->explicit_connect = true;
...@@ -1684,7 +1684,7 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, ...@@ -1684,7 +1684,7 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
if (!link) { if (!link) {
hci_conn_drop(acl); hci_conn_drop(acl);
hci_conn_drop(sco); hci_conn_drop(sco);
return NULL; return ERR_PTR(-ENOLINK);
} }
sco->setting = setting; sco->setting = setting;
...@@ -2254,7 +2254,7 @@ struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, ...@@ -2254,7 +2254,7 @@ struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
if (!link) { if (!link) {
hci_conn_drop(le); hci_conn_drop(le);
hci_conn_drop(cis); hci_conn_drop(cis);
return NULL; return ERR_PTR(-ENOLINK);
} }
/* If LE is already connected and CIS handle is already set proceed to /* If LE is already connected and CIS handle is already set proceed to
......
...@@ -1972,6 +1972,7 @@ static int hci_remove_adv_monitor(struct hci_dev *hdev, ...@@ -1972,6 +1972,7 @@ static int hci_remove_adv_monitor(struct hci_dev *hdev,
struct adv_monitor *monitor) struct adv_monitor *monitor)
{ {
int status = 0; int status = 0;
int handle;
switch (hci_get_adv_monitor_offload_ext(hdev)) { switch (hci_get_adv_monitor_offload_ext(hdev)) {
case HCI_ADV_MONITOR_EXT_NONE: /* also goes here when powered off */ case HCI_ADV_MONITOR_EXT_NONE: /* also goes here when powered off */
...@@ -1980,9 +1981,10 @@ static int hci_remove_adv_monitor(struct hci_dev *hdev, ...@@ -1980,9 +1981,10 @@ static int hci_remove_adv_monitor(struct hci_dev *hdev,
goto free_monitor; goto free_monitor;
case HCI_ADV_MONITOR_EXT_MSFT: case HCI_ADV_MONITOR_EXT_MSFT:
handle = monitor->handle;
status = msft_remove_monitor(hdev, monitor); status = msft_remove_monitor(hdev, monitor);
bt_dev_dbg(hdev, "%s remove monitor %d msft status %d", bt_dev_dbg(hdev, "%s remove monitor %d msft status %d",
hdev->name, monitor->handle, status); hdev->name, handle, status);
break; break;
} }
...@@ -2249,21 +2251,45 @@ struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev, ...@@ -2249,21 +2251,45 @@ struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
return NULL; return NULL;
} }
/* This function requires the caller holds hdev->lock */ /* This function requires the caller holds hdev->lock or rcu_read_lock */
struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list, struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
bdaddr_t *addr, u8 addr_type) bdaddr_t *addr, u8 addr_type)
{ {
struct hci_conn_params *param; struct hci_conn_params *param;
list_for_each_entry(param, list, action) { rcu_read_lock();
list_for_each_entry_rcu(param, list, action) {
if (bacmp(&param->addr, addr) == 0 && if (bacmp(&param->addr, addr) == 0 &&
param->addr_type == addr_type) param->addr_type == addr_type) {
rcu_read_unlock();
return param; return param;
}
} }
rcu_read_unlock();
return NULL; return NULL;
} }
/* This function requires the caller holds hdev->lock */
void hci_pend_le_list_del_init(struct hci_conn_params *param)
{
if (list_empty(&param->action))
return;
list_del_rcu(&param->action);
synchronize_rcu();
INIT_LIST_HEAD(&param->action);
}
/* This function requires the caller holds hdev->lock */
void hci_pend_le_list_add(struct hci_conn_params *param,
struct list_head *list)
{
list_add_rcu(&param->action, list);
}
/* This function requires the caller holds hdev->lock */ /* This function requires the caller holds hdev->lock */
struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev, struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
bdaddr_t *addr, u8 addr_type) bdaddr_t *addr, u8 addr_type)
...@@ -2297,14 +2323,15 @@ struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev, ...@@ -2297,14 +2323,15 @@ struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
return params; return params;
} }
static void hci_conn_params_free(struct hci_conn_params *params) void hci_conn_params_free(struct hci_conn_params *params)
{ {
hci_pend_le_list_del_init(params);
if (params->conn) { if (params->conn) {
hci_conn_drop(params->conn); hci_conn_drop(params->conn);
hci_conn_put(params->conn); hci_conn_put(params->conn);
} }
list_del(&params->action);
list_del(&params->list); list_del(&params->list);
kfree(params); kfree(params);
} }
...@@ -2342,8 +2369,7 @@ void hci_conn_params_clear_disabled(struct hci_dev *hdev) ...@@ -2342,8 +2369,7 @@ void hci_conn_params_clear_disabled(struct hci_dev *hdev)
continue; continue;
} }
list_del(&params->list); hci_conn_params_free(params);
kfree(params);
} }
BT_DBG("All LE disabled connection parameters were removed"); BT_DBG("All LE disabled connection parameters were removed");
......
...@@ -1564,7 +1564,7 @@ static u8 hci_cc_le_set_privacy_mode(struct hci_dev *hdev, void *data, ...@@ -1564,7 +1564,7 @@ static u8 hci_cc_le_set_privacy_mode(struct hci_dev *hdev, void *data,
params = hci_conn_params_lookup(hdev, &cp->bdaddr, cp->bdaddr_type); params = hci_conn_params_lookup(hdev, &cp->bdaddr, cp->bdaddr_type);
if (params) if (params)
params->privacy_mode = cp->mode; WRITE_ONCE(params->privacy_mode, cp->mode);
hci_dev_unlock(hdev); hci_dev_unlock(hdev);
...@@ -2784,6 +2784,9 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status) ...@@ -2784,6 +2784,9 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
hci_enable_advertising(hdev); hci_enable_advertising(hdev);
} }
/* Inform sockets conn is gone before we delete it */
hci_disconn_cfm(conn, HCI_ERROR_UNSPECIFIED);
goto done; goto done;
} }
...@@ -2804,8 +2807,8 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status) ...@@ -2804,8 +2807,8 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
case HCI_AUTO_CONN_DIRECT: case HCI_AUTO_CONN_DIRECT:
case HCI_AUTO_CONN_ALWAYS: case HCI_AUTO_CONN_ALWAYS:
list_del_init(&params->action); hci_pend_le_list_del_init(params);
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
break; break;
default: default:
...@@ -3423,8 +3426,8 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, void *data, ...@@ -3423,8 +3426,8 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, void *data,
case HCI_AUTO_CONN_DIRECT: case HCI_AUTO_CONN_DIRECT:
case HCI_AUTO_CONN_ALWAYS: case HCI_AUTO_CONN_ALWAYS:
list_del_init(&params->action); hci_pend_le_list_del_init(params);
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
hci_update_passive_scan(hdev); hci_update_passive_scan(hdev);
break; break;
...@@ -5962,7 +5965,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, ...@@ -5962,7 +5965,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
conn->dst_type); conn->dst_type);
if (params) { if (params) {
list_del_init(&params->action); hci_pend_le_list_del_init(params);
if (params->conn) { if (params->conn) {
hci_conn_drop(params->conn); hci_conn_drop(params->conn);
hci_conn_put(params->conn); hci_conn_put(params->conn);
......
...@@ -2160,15 +2160,23 @@ static int hci_le_del_accept_list_sync(struct hci_dev *hdev, ...@@ -2160,15 +2160,23 @@ static int hci_le_del_accept_list_sync(struct hci_dev *hdev,
return 0; return 0;
} }
struct conn_params {
bdaddr_t addr;
u8 addr_type;
hci_conn_flags_t flags;
u8 privacy_mode;
};
/* Adds connection to resolve list if needed. /* Adds connection to resolve list if needed.
* Setting params to NULL programs local hdev->irk * Setting params to NULL programs local hdev->irk
*/ */
static int hci_le_add_resolve_list_sync(struct hci_dev *hdev, static int hci_le_add_resolve_list_sync(struct hci_dev *hdev,
struct hci_conn_params *params) struct conn_params *params)
{ {
struct hci_cp_le_add_to_resolv_list cp; struct hci_cp_le_add_to_resolv_list cp;
struct smp_irk *irk; struct smp_irk *irk;
struct bdaddr_list_with_irk *entry; struct bdaddr_list_with_irk *entry;
struct hci_conn_params *p;
if (!use_ll_privacy(hdev)) if (!use_ll_privacy(hdev))
return 0; return 0;
...@@ -2203,6 +2211,16 @@ static int hci_le_add_resolve_list_sync(struct hci_dev *hdev, ...@@ -2203,6 +2211,16 @@ static int hci_le_add_resolve_list_sync(struct hci_dev *hdev,
/* Default privacy mode is always Network */ /* Default privacy mode is always Network */
params->privacy_mode = HCI_NETWORK_PRIVACY; params->privacy_mode = HCI_NETWORK_PRIVACY;
rcu_read_lock();
p = hci_pend_le_action_lookup(&hdev->pend_le_conns,
&params->addr, params->addr_type);
if (!p)
p = hci_pend_le_action_lookup(&hdev->pend_le_reports,
&params->addr, params->addr_type);
if (p)
WRITE_ONCE(p->privacy_mode, HCI_NETWORK_PRIVACY);
rcu_read_unlock();
done: done:
if (hci_dev_test_flag(hdev, HCI_PRIVACY)) if (hci_dev_test_flag(hdev, HCI_PRIVACY))
memcpy(cp.local_irk, hdev->irk, 16); memcpy(cp.local_irk, hdev->irk, 16);
...@@ -2215,7 +2233,7 @@ static int hci_le_add_resolve_list_sync(struct hci_dev *hdev, ...@@ -2215,7 +2233,7 @@ static int hci_le_add_resolve_list_sync(struct hci_dev *hdev,
/* Set Device Privacy Mode. */ /* Set Device Privacy Mode. */
static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev, static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev,
struct hci_conn_params *params) struct conn_params *params)
{ {
struct hci_cp_le_set_privacy_mode cp; struct hci_cp_le_set_privacy_mode cp;
struct smp_irk *irk; struct smp_irk *irk;
...@@ -2240,6 +2258,8 @@ static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev, ...@@ -2240,6 +2258,8 @@ static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev,
bacpy(&cp.bdaddr, &irk->bdaddr); bacpy(&cp.bdaddr, &irk->bdaddr);
cp.mode = HCI_DEVICE_PRIVACY; cp.mode = HCI_DEVICE_PRIVACY;
/* Note: params->privacy_mode is not updated since it is a copy */
return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PRIVACY_MODE, return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_PRIVACY_MODE,
sizeof(cp), &cp, HCI_CMD_TIMEOUT); sizeof(cp), &cp, HCI_CMD_TIMEOUT);
} }
...@@ -2249,7 +2269,7 @@ static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev, ...@@ -2249,7 +2269,7 @@ static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev,
* properly set the privacy mode. * properly set the privacy mode.
*/ */
static int hci_le_add_accept_list_sync(struct hci_dev *hdev, static int hci_le_add_accept_list_sync(struct hci_dev *hdev,
struct hci_conn_params *params, struct conn_params *params,
u8 *num_entries) u8 *num_entries)
{ {
struct hci_cp_le_add_to_accept_list cp; struct hci_cp_le_add_to_accept_list cp;
...@@ -2447,6 +2467,52 @@ struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev, ...@@ -2447,6 +2467,52 @@ struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev,
return __hci_cmd_sync_sk(hdev, opcode, 0, NULL, 0, HCI_CMD_TIMEOUT, sk); return __hci_cmd_sync_sk(hdev, opcode, 0, NULL, 0, HCI_CMD_TIMEOUT, sk);
} }
static struct conn_params *conn_params_copy(struct list_head *list, size_t *n)
{
struct hci_conn_params *params;
struct conn_params *p;
size_t i;
rcu_read_lock();
i = 0;
list_for_each_entry_rcu(params, list, action)
++i;
*n = i;
rcu_read_unlock();
p = kvcalloc(*n, sizeof(struct conn_params), GFP_KERNEL);
if (!p)
return NULL;
rcu_read_lock();
i = 0;
list_for_each_entry_rcu(params, list, action) {
/* Racing adds are handled in next scan update */
if (i >= *n)
break;
/* No hdev->lock, but: addr, addr_type are immutable.
* privacy_mode is only written by us or in
* hci_cc_le_set_privacy_mode that we wait for.
* We should be idempotent so MGMT updating flags
* while we are processing is OK.
*/
bacpy(&p[i].addr, &params->addr);
p[i].addr_type = params->addr_type;
p[i].flags = READ_ONCE(params->flags);
p[i].privacy_mode = READ_ONCE(params->privacy_mode);
++i;
}
rcu_read_unlock();
*n = i;
return p;
}
/* Device must not be scanning when updating the accept list. /* Device must not be scanning when updating the accept list.
* *
* Update is done using the following sequence: * Update is done using the following sequence:
...@@ -2466,11 +2532,12 @@ struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev, ...@@ -2466,11 +2532,12 @@ struct sk_buff *hci_read_local_oob_data_sync(struct hci_dev *hdev,
*/ */
static u8 hci_update_accept_list_sync(struct hci_dev *hdev) static u8 hci_update_accept_list_sync(struct hci_dev *hdev)
{ {
struct hci_conn_params *params; struct conn_params *params;
struct bdaddr_list *b, *t; struct bdaddr_list *b, *t;
u8 num_entries = 0; u8 num_entries = 0;
bool pend_conn, pend_report; bool pend_conn, pend_report;
u8 filter_policy; u8 filter_policy;
size_t i, n;
int err; int err;
/* Pause advertising if resolving list can be used as controllers /* Pause advertising if resolving list can be used as controllers
...@@ -2504,6 +2571,7 @@ static u8 hci_update_accept_list_sync(struct hci_dev *hdev) ...@@ -2504,6 +2571,7 @@ static u8 hci_update_accept_list_sync(struct hci_dev *hdev)
if (hci_conn_hash_lookup_le(hdev, &b->bdaddr, b->bdaddr_type)) if (hci_conn_hash_lookup_le(hdev, &b->bdaddr, b->bdaddr_type))
continue; continue;
/* Pointers not dereferenced, no locks needed */
pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns, pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
&b->bdaddr, &b->bdaddr,
b->bdaddr_type); b->bdaddr_type);
...@@ -2532,23 +2600,50 @@ static u8 hci_update_accept_list_sync(struct hci_dev *hdev) ...@@ -2532,23 +2600,50 @@ static u8 hci_update_accept_list_sync(struct hci_dev *hdev)
* available accept list entries in the controller, then * available accept list entries in the controller, then
* just abort and return filer policy value to not use the * just abort and return filer policy value to not use the
* accept list. * accept list.
*
* The list and params may be mutated while we wait for events,
* so make a copy and iterate it.
*/ */
list_for_each_entry(params, &hdev->pend_le_conns, action) {
err = hci_le_add_accept_list_sync(hdev, params, &num_entries); params = conn_params_copy(&hdev->pend_le_conns, &n);
if (err) if (!params) {
err = -ENOMEM;
goto done;
}
for (i = 0; i < n; ++i) {
err = hci_le_add_accept_list_sync(hdev, &params[i],
&num_entries);
if (err) {
kvfree(params);
goto done; goto done;
}
} }
kvfree(params);
/* After adding all new pending connections, walk through /* After adding all new pending connections, walk through
* the list of pending reports and also add these to the * the list of pending reports and also add these to the
* accept list if there is still space. Abort if space runs out. * accept list if there is still space. Abort if space runs out.
*/ */
list_for_each_entry(params, &hdev->pend_le_reports, action) {
err = hci_le_add_accept_list_sync(hdev, params, &num_entries); params = conn_params_copy(&hdev->pend_le_reports, &n);
if (err) if (!params) {
err = -ENOMEM;
goto done;
}
for (i = 0; i < n; ++i) {
err = hci_le_add_accept_list_sync(hdev, &params[i],
&num_entries);
if (err) {
kvfree(params);
goto done; goto done;
}
} }
kvfree(params);
/* Use the allowlist unless the following conditions are all true: /* Use the allowlist unless the following conditions are all true:
* - We are not currently suspending * - We are not currently suspending
* - There are 1 or more ADV monitors registered and it's not offloaded * - There are 1 or more ADV monitors registered and it's not offloaded
...@@ -4837,12 +4932,12 @@ static void hci_pend_le_actions_clear(struct hci_dev *hdev) ...@@ -4837,12 +4932,12 @@ static void hci_pend_le_actions_clear(struct hci_dev *hdev)
struct hci_conn_params *p; struct hci_conn_params *p;
list_for_each_entry(p, &hdev->le_conn_params, list) { list_for_each_entry(p, &hdev->le_conn_params, list) {
hci_pend_le_list_del_init(p);
if (p->conn) { if (p->conn) {
hci_conn_drop(p->conn); hci_conn_drop(p->conn);
hci_conn_put(p->conn); hci_conn_put(p->conn);
p->conn = NULL; p->conn = NULL;
} }
list_del_init(&p->action);
} }
BT_DBG("All LE pending actions cleared"); BT_DBG("All LE pending actions cleared");
......
...@@ -123,8 +123,11 @@ static struct iso_conn *iso_conn_add(struct hci_conn *hcon) ...@@ -123,8 +123,11 @@ static struct iso_conn *iso_conn_add(struct hci_conn *hcon)
{ {
struct iso_conn *conn = hcon->iso_data; struct iso_conn *conn = hcon->iso_data;
if (conn) if (conn) {
if (!conn->hcon)
conn->hcon = hcon;
return conn; return conn;
}
conn = kzalloc(sizeof(*conn), GFP_KERNEL); conn = kzalloc(sizeof(*conn), GFP_KERNEL);
if (!conn) if (!conn)
...@@ -300,14 +303,13 @@ static int iso_connect_bis(struct sock *sk) ...@@ -300,14 +303,13 @@ static int iso_connect_bis(struct sock *sk)
goto unlock; goto unlock;
} }
hci_dev_unlock(hdev); lock_sock(sk);
hci_dev_put(hdev);
err = iso_chan_add(conn, sk, NULL); err = iso_chan_add(conn, sk, NULL);
if (err) if (err) {
return err; release_sock(sk);
goto unlock;
lock_sock(sk); }
/* Update source addr of the socket */ /* Update source addr of the socket */
bacpy(&iso_pi(sk)->src, &hcon->src); bacpy(&iso_pi(sk)->src, &hcon->src);
...@@ -321,7 +323,6 @@ static int iso_connect_bis(struct sock *sk) ...@@ -321,7 +323,6 @@ static int iso_connect_bis(struct sock *sk)
} }
release_sock(sk); release_sock(sk);
return err;
unlock: unlock:
hci_dev_unlock(hdev); hci_dev_unlock(hdev);
...@@ -389,14 +390,13 @@ static int iso_connect_cis(struct sock *sk) ...@@ -389,14 +390,13 @@ static int iso_connect_cis(struct sock *sk)
goto unlock; goto unlock;
} }
hci_dev_unlock(hdev); lock_sock(sk);
hci_dev_put(hdev);
err = iso_chan_add(conn, sk, NULL); err = iso_chan_add(conn, sk, NULL);
if (err) if (err) {
return err; release_sock(sk);
goto unlock;
lock_sock(sk); }
/* Update source addr of the socket */ /* Update source addr of the socket */
bacpy(&iso_pi(sk)->src, &hcon->src); bacpy(&iso_pi(sk)->src, &hcon->src);
...@@ -413,7 +413,6 @@ static int iso_connect_cis(struct sock *sk) ...@@ -413,7 +413,6 @@ static int iso_connect_cis(struct sock *sk)
} }
release_sock(sk); release_sock(sk);
return err;
unlock: unlock:
hci_dev_unlock(hdev); hci_dev_unlock(hdev);
...@@ -1072,8 +1071,8 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, ...@@ -1072,8 +1071,8 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
size_t len) size_t len)
{ {
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct iso_conn *conn = iso_pi(sk)->conn;
struct sk_buff *skb, **frag; struct sk_buff *skb, **frag;
size_t mtu;
int err; int err;
BT_DBG("sock %p, sk %p", sock, sk); BT_DBG("sock %p, sk %p", sock, sk);
...@@ -1085,11 +1084,18 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, ...@@ -1085,11 +1084,18 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
if (msg->msg_flags & MSG_OOB) if (msg->msg_flags & MSG_OOB)
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (sk->sk_state != BT_CONNECTED) lock_sock(sk);
if (sk->sk_state != BT_CONNECTED) {
release_sock(sk);
return -ENOTCONN; return -ENOTCONN;
}
mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu;
release_sock(sk);
skb = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, skb = bt_skb_sendmsg(sk, msg, len, mtu, HCI_ISO_DATA_HDR_SIZE, 0);
HCI_ISO_DATA_HDR_SIZE, 0);
if (IS_ERR(skb)) if (IS_ERR(skb))
return PTR_ERR(skb); return PTR_ERR(skb);
...@@ -1102,8 +1108,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, ...@@ -1102,8 +1108,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg,
while (len) { while (len) {
struct sk_buff *tmp; struct sk_buff *tmp;
tmp = bt_skb_sendmsg(sk, msg, len, conn->hcon->hdev->iso_mtu, tmp = bt_skb_sendmsg(sk, msg, len, mtu, 0, 0);
0, 0);
if (IS_ERR(tmp)) { if (IS_ERR(tmp)) {
kfree_skb(skb); kfree_skb(skb);
return PTR_ERR(tmp); return PTR_ERR(tmp);
...@@ -1158,15 +1163,19 @@ static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, ...@@ -1158,15 +1163,19 @@ static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,
BT_DBG("sk %p", sk); BT_DBG("sk %p", sk);
if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
lock_sock(sk);
switch (sk->sk_state) { switch (sk->sk_state) {
case BT_CONNECT2: case BT_CONNECT2:
lock_sock(sk);
iso_conn_defer_accept(pi->conn->hcon); iso_conn_defer_accept(pi->conn->hcon);
sk->sk_state = BT_CONFIG; sk->sk_state = BT_CONFIG;
release_sock(sk); release_sock(sk);
return 0; return 0;
case BT_CONNECT: case BT_CONNECT:
release_sock(sk);
return iso_connect_cis(sk); return iso_connect_cis(sk);
default:
release_sock(sk);
break;
} }
} }
......
...@@ -1297,15 +1297,15 @@ static void restart_le_actions(struct hci_dev *hdev) ...@@ -1297,15 +1297,15 @@ static void restart_le_actions(struct hci_dev *hdev)
/* Needed for AUTO_OFF case where might not "really" /* Needed for AUTO_OFF case where might not "really"
* have been powered off. * have been powered off.
*/ */
list_del_init(&p->action); hci_pend_le_list_del_init(p);
switch (p->auto_connect) { switch (p->auto_connect) {
case HCI_AUTO_CONN_DIRECT: case HCI_AUTO_CONN_DIRECT:
case HCI_AUTO_CONN_ALWAYS: case HCI_AUTO_CONN_ALWAYS:
list_add(&p->action, &hdev->pend_le_conns); hci_pend_le_list_add(p, &hdev->pend_le_conns);
break; break;
case HCI_AUTO_CONN_REPORT: case HCI_AUTO_CONN_REPORT:
list_add(&p->action, &hdev->pend_le_reports); hci_pend_le_list_add(p, &hdev->pend_le_reports);
break; break;
default: default:
break; break;
...@@ -5169,7 +5169,7 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, ...@@ -5169,7 +5169,7 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
goto unlock; goto unlock;
} }
params->flags = current_flags; WRITE_ONCE(params->flags, current_flags);
status = MGMT_STATUS_SUCCESS; status = MGMT_STATUS_SUCCESS;
/* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
...@@ -7285,7 +7285,7 @@ static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err) ...@@ -7285,7 +7285,7 @@ static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
bt_dev_dbg(hdev, "err %d", err); bt_dev_dbg(hdev, "err %d", err);
memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr)); memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
status = mgmt_status(err); status = mgmt_status(err);
if (status == MGMT_STATUS_SUCCESS) { if (status == MGMT_STATUS_SUCCESS) {
...@@ -7580,7 +7580,7 @@ static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, ...@@ -7580,7 +7580,7 @@ static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
if (params->auto_connect == auto_connect) if (params->auto_connect == auto_connect)
return 0; return 0;
list_del_init(&params->action); hci_pend_le_list_del_init(params);
switch (auto_connect) { switch (auto_connect) {
case HCI_AUTO_CONN_DISABLED: case HCI_AUTO_CONN_DISABLED:
...@@ -7589,18 +7589,18 @@ static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, ...@@ -7589,18 +7589,18 @@ static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
* connect to device, keep connecting. * connect to device, keep connecting.
*/ */
if (params->explicit_connect) if (params->explicit_connect)
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
break; break;
case HCI_AUTO_CONN_REPORT: case HCI_AUTO_CONN_REPORT:
if (params->explicit_connect) if (params->explicit_connect)
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
else else
list_add(&params->action, &hdev->pend_le_reports); hci_pend_le_list_add(params, &hdev->pend_le_reports);
break; break;
case HCI_AUTO_CONN_DIRECT: case HCI_AUTO_CONN_DIRECT:
case HCI_AUTO_CONN_ALWAYS: case HCI_AUTO_CONN_ALWAYS:
if (!is_connected(hdev, addr, addr_type)) if (!is_connected(hdev, addr, addr_type))
list_add(&params->action, &hdev->pend_le_conns); hci_pend_le_list_add(params, &hdev->pend_le_conns);
break; break;
} }
...@@ -7823,9 +7823,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev, ...@@ -7823,9 +7823,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev,
goto unlock; goto unlock;
} }
list_del(&params->action); hci_conn_params_free(params);
list_del(&params->list);
kfree(params);
device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type); device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
} else { } else {
...@@ -7856,9 +7854,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev, ...@@ -7856,9 +7854,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev,
p->auto_connect = HCI_AUTO_CONN_EXPLICIT; p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
continue; continue;
} }
list_del(&p->action); hci_conn_params_free(p);
list_del(&p->list);
kfree(p);
} }
bt_dev_dbg(hdev, "All LE connection parameters were removed"); bt_dev_dbg(hdev, "All LE connection parameters were removed");
......
...@@ -126,8 +126,11 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) ...@@ -126,8 +126,11 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
struct hci_dev *hdev = hcon->hdev; struct hci_dev *hdev = hcon->hdev;
struct sco_conn *conn = hcon->sco_data; struct sco_conn *conn = hcon->sco_data;
if (conn) if (conn) {
if (!conn->hcon)
conn->hcon = hcon;
return conn; return conn;
}
conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL); conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
if (!conn) if (!conn)
...@@ -268,21 +271,21 @@ static int sco_connect(struct sock *sk) ...@@ -268,21 +271,21 @@ static int sco_connect(struct sock *sk)
goto unlock; goto unlock;
} }
hci_dev_unlock(hdev);
hci_dev_put(hdev);
conn = sco_conn_add(hcon); conn = sco_conn_add(hcon);
if (!conn) { if (!conn) {
hci_conn_drop(hcon); hci_conn_drop(hcon);
return -ENOMEM; err = -ENOMEM;
goto unlock;
} }
err = sco_chan_add(conn, sk, NULL);
if (err)
return err;
lock_sock(sk); lock_sock(sk);
err = sco_chan_add(conn, sk, NULL);
if (err) {
release_sock(sk);
goto unlock;
}
/* Update source addr of the socket */ /* Update source addr of the socket */
bacpy(&sco_pi(sk)->src, &hcon->src); bacpy(&sco_pi(sk)->src, &hcon->src);
...@@ -296,8 +299,6 @@ static int sco_connect(struct sock *sk) ...@@ -296,8 +299,6 @@ static int sco_connect(struct sock *sk)
release_sock(sk); release_sock(sk);
return err;
unlock: unlock:
hci_dev_unlock(hdev); hci_dev_unlock(hdev);
hci_dev_put(hdev); hci_dev_put(hdev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment