- 25 Jan, 2019 5 commits
-
-
Colin Ian King authored
Don't populate the const array hw_err on the stack but instead make it static. Makes the object code smaller by 45 bytes: Before: text data bss dec hex filename 100880 21090 1088 123058 1e0b2 linux/net/bluetooth/hci_core.o After: text data bss dec hex filename 100739 21186 1088 123013 1e085 linux/net/bluetooth/hci_core.o (gcc version 8.2.0 x86_64) Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Rajat Jain authored
If the platform provides it, use the reset gpio to reset the Intel BT chip, as part of cmd_timeout handling. This has been found helpful on Intel bluetooth controllers where the firmware gets stuck and the only way out is a hard reset pin provided by the platform. Signed-off-by: Rajat Jain <rajatja@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Rajat Jain authored
Add a hook to allow the BT driver to do device or command specific handling in case of timeouts. This is to be used by Intel driver to reset the device after certain number of timeouts. Signed-off-by: Rajat Jain <rajatja@google.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Dmitry Torokhov authored
USB devices permanently connected to USB ports may be described in ACPI tables and share ACPI devices with ports they are connected to. See [1] for details. This will allow us to describe sideband resources for devices, such as, for example, hard reset line for BT USB controllers. [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/other-acpi-namespace-objects#acpi-namespace-hierarchy-and-adr-for-embedded-usb-devicesSigned-off-by: Dmitry Torokhov <dtor@chromium.org> Signed-off-by: Rajat Jain <rajatja@google.com> (changed how we get the usb_port) Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tested-by: Sukumar Ghorai <sukumar.ghorai@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Dmitry Torokhov authored
In preparation for handling embedded USB devices let's split usb_acpi_find_companion() into usb_acpi_find_companion_for_device() and usb_acpi_find_companion_for_port(). Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Signed-off-by: Rajat Jain <rajatja@google.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tested-by: Sukumar Ghorai <sukumar.ghorai@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 23 Jan, 2019 3 commits
-
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This patch fixes the following warnings: net/bluetooth/rfcomm/core.c:479:6: warning: this statement may fall through [-Wimplicit-fallthrough=] net/bluetooth/l2cap_core.c:4223:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Warning level 3 was used: -Wimplicit-fallthrough=3 This patch is part of the ongoing efforts to enabling -Wimplicit-fallthrough. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Marcel Holtmann authored
The function l2cap_get_conf_opt will return L2CAP_CONF_OPT_SIZE + opt->len as length value. The opt->len however is in control over the remote user and can be used by an attacker to gain access beyond the bounds of the actual packet. To prevent any potential leak of heap memory, it is enough to check that the resulting len calculation after calling l2cap_get_conf_opt is not below zero. A well formed packet will always return >= 0 here and will end with the length value being zero after the last option has been parsed. In case of malformed packets messing with the opt->len field the length value will become negative. If that is the case, then just abort and ignore the option. In case an attacker uses a too short opt->len value, then garbage will be parsed, but that is protected by the unknown option handling and also the option parameter size checks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
Marcel Holtmann authored
When doing option parsing for standard type values of 1, 2 or 4 octets, the value is converted directly into a variable instead of a pointer. To avoid being tricked into being a pointer, check that for these option types that sizes actually match. In L2CAP every option is fixed size and thus it is prudent anyway to ensure that the remote side sends us the right option size along with option paramters. If the option size is not matching the option type, then that option is silently ignored. It is a protocol violation and instead of trying to give the remote attacker any further hints just pretend that option is not present and proceed with the default values. Implementation following the specification and its qualification procedures will always use the correct size and thus not being impacted here. To keep the code readable and consistent accross all options, a few cosmetic changes were also required. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-
- 22 Jan, 2019 9 commits
-
-
Linus Walleij authored
I can't see that these drivers use the old GPIO inlcudes in any way, drop <linux/gpio.h> and <linux/of_gpio.h>. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Matthias Kaehlcke authored
With commit e1633762 ("Bluetooth: Handle bt_accept_enqueue() socket atomically") lock_sock[_nested]() is used to acquire the socket lock before manipulating the socket. lock_sock[_nested]() may block, which is problematic since bt_accept_enqueue() can be called in bottom half context (e.g. from rfcomm_connect_ind()): [<ffffff80080d81ec>] __might_sleep+0x4c/0x80 [<ffffff800876c7b0>] lock_sock_nested+0x24/0x58 [<ffffff8000d7c27c>] bt_accept_enqueue+0x48/0xd4 [bluetooth] [<ffffff8000e67d8c>] rfcomm_connect_ind+0x190/0x218 [rfcomm] Add a parameter to bt_accept_enqueue() to indicate whether the function is called from BH context, and acquire the socket lock with bh_lock_sock_nested() if that's the case. Also adapt all callers of bt_accept_enqueue() to pass the new parameter: - l2cap_sock_new_connection_cb() - uses lock_sock() to lock the parent socket => process context - rfcomm_connect_ind() - acquires the parent socket lock with bh_lock_sock() => BH context - __sco_chan_add() - called from sco_chan_add(), which is called from sco_connect(). parent is NULL, hence bt_accept_enqueue() isn't called in this code path and we can ignore it - also called from sco_conn_ready(). uses bh_lock_sock() to acquire the parent lock => BH context Fixes: e1633762 ("Bluetooth: Handle bt_accept_enqueue() socket atomically") Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Reviewed-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
-
Hemantkumar Suthar authored
This patch adds support for 8977 chipset to mwifiex with SDIO interface. Register offsets and supported feature flags are updated. Firmware image used will be mrvl/sd8977_uapsta.bin. Signed-off-by: Hemantkumar Suthar <shemant@marvell.com> Signed-off-by: Rakesh Parmar <rakeshp@marvell.com> Signed-off-by: Cathy Luo <cluo@marvell.com> Signed-off-by: Ganapathi Bhat <gbhat@marvell.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Myungho Jung authored
h4_recv_buf() callers store the return value to socket buffer and recursively pass the buffer to h4_recv_buf() without protection. So, ERR_PTR returned from h4_recv_buf() can be dereferenced, if called again before setting the socket buffer to NULL from previous error. Check if skb is ERR_PTR in h4_recv_buf(). Reported-by: syzbot+017a32f149406df32703@syzkaller.appspotmail.com Signed-off-by: Myungho Jung <mhjungk@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Stefan Agner authored
The platform specific wake-up interrupt is optional. Don't print an error message in case it is missing, merely inform the user in this case. Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Stefan Agner authored
Use dev_* variants to print messages in drivers. Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
YueHaibing authored
Use DEFINE_DEBUGFS_ATTRIBUTE rather than DEFINE_SIMPLE_ATTRIBUTE for debugfs files. Semantic patch information: Rationale: DEFINE_SIMPLE_ATTRIBUTE + debugfs_create_file() imposes some significant overhead as compared to DEFINE_DEBUGFS_ATTRIBUTE + debugfs_create_file_unsafe(). Generated by: scripts/coccinelle/api/debugfs/debugfs_simple_attr.cocci Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
YueHaibing authored
Use DEFINE_DEBUGFS_ATTRIBUTE rather than DEFINE_SIMPLE_ATTRIBUTE for debugfs files. Semantic patch information: Rationale: DEFINE_SIMPLE_ATTRIBUTE + debugfs_create_file() imposes some significant overhead as compared to DEFINE_DEBUGFS_ATTRIBUTE + debugfs_create_file_unsafe(). Generated by: scripts/coccinelle/api/debugfs/debugfs_simple_attr.cocci Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
Balakrishna Godavarthi authored
This patch add qca_set_bdaddr() to set the device address for latest Qualcomm Bluetooth chipset wcn3990 and above. Signed-off-by: Balakrishna Godavarthi <bgodavar@codeaurora.org> Reviewed-by: Matthias Kaehlcke <mka@chromium.org> Tested-by: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-
- 21 Jan, 2019 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Completely minor snmp doc conflict. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linuxLinus Torvalds authored
Pull pstore fixes from Kees Cook: - Fix console ramoops to show the previous boot logs (Sai Prakash Ranjan) - Avoid allocation and leak of platform data * tag 'pstore-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore/ram: Avoid allocation and leak of platform data pstore/ram: Fix console ramoops to show the previous boot logs
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linuxLinus Torvalds authored
Pull gcc-plugins fixes from Kees Cook: "Fix ARM per-task stack protector plugin under GCC 9 (Ard Biesheuvel)" * tag 'gcc-plugins-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask
-
- 20 Jan, 2019 19 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix endless loop in nf_tables, from Phil Sutter. 2) Fix cross namespace ip6_gre tunnel hash list corruption, from Olivier Matz. 3) Don't be too strict in phy_start_aneg() otherwise we might not allow restarting auto negotiation. From Heiner Kallweit. 4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue. 5) Memory leak in act_tunnel_key, from Davide Caratti. 6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn. 7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet. 8) Missing udplite rehash callbacks, from Alexey Kodanev. 9) Log dirty pages properly in vhost, from Jason Wang. 10) Use consume_skb() in neigh_probe() as this is a normal free not a drop, from Yang Wei. Likewise in macvlan_process_broadcast(). 11) Missing device_del() in mdiobus_register() error paths, from Thomas Petazzoni. 12) Fix checksum handling of short packets in mlx5, from Cong Wang. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits) bpf: in __bpf_redirect_no_mac pull mac only if present virtio_net: bulk free tx skbs net: phy: phy driver features are mandatory isdn: avm: Fix string plus integer warning from Clang net/mlx5e: Fix cb_ident duplicate in indirect block register net/mlx5e: Fix wrong (zero) TX drop counter indication for representor net/mlx5e: Fix wrong error code return on FEC query failure net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames tools: bpftool: Cleanup license mess bpf: fix inner map masking to prevent oob under speculation bpf: pull in pkt_sched.h header for tooling to fix bpftool build selftests: forwarding: Add a test case for externally learned FDB entries selftests: mlxsw: Test FDB offload indication mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky net: bridge: Mark FDB entries that were added by user as such mlxsw: spectrum_fid: Update dummy FID index mlxsw: pci: Return error on PCI reset timeout mlxsw: pci: Increase PCI SW reset timeout mlxsw: pci: Ring CQ's doorbell before RDQ's MAINTAINERS: update email addresses of liquidio driver maintainers ...
-
Kees Cook authored
Yue Hu noticed that when parsing device tree the allocated platform data was never freed. Since it's not used beyond the function scope, this switches to using a stack variable instead. Reported-by: Yue Hu <huyue2@yulong.com> Fixes: 35da6094 ("pstore/ram: add Device Tree bindings") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
-
Ard Biesheuvel authored
GCC 9 reworks the way the references to the stack canary are emitted, to prevent the value from being spilled to the stack before the final comparison in the epilogue, defeating the purpose, given that the spill slot is under control of the attacker that we are protecting ourselves from. Since our canary value address is obtained without accessing memory (as opposed to pre-v7 code that will obtain it from a literal pool), it is unlikely (although not guaranteed) that the compiler will spill the canary value in the same way, so let's just disable this improvement when building with GCC9+. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Kees Cook <keescook@chromium.org>
-
Ard Biesheuvel authored
The ARM per-task stack protector GCC plugin hits an assert in the compiler in some case, due to the fact the the SP mask expression is not sign-extended as it should be. So fix that. Suggested-by: Kugan Vivekanandarajah <kugan.vivekanandarajah@linaro.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Kees Cook <keescook@chromium.org>
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: spectrum_router: Add GRE tunnel support for Spectrum-2 Nir says: In Spectrum-2, HW implementation of layer 3 tunnels differs from Spectrum-1 when it comes to the underlay routing table selection. Spectrum-2 uses a dedicated RIF that points to the virtual router used for forwarding the encapsulated packets, while Spectrum-1 explicitly specifies the virtual router itself. Patches #1 and #2 add additional fields in RITR - Router interface table register and RTDP - Routing tunnel decap properties respectively, the fields are required for the new underlay RIF needed for Spectrum-2. Patches #3-4 allow different set of RIF operations per ASIC type. The first patch splits the operations and the following patch sets RIF ops according to ASIC type. Patches #5-9 introduce small changes to existing code to allow existence of a dedicated underlay RIF along with the underlay virtual router, and to support that new type of RIF that has no device. Patch #10 takes care of updating the tunnel decap properties egress underlay RIF required for Spectrum-2. Patch #11 adds the implementation of Spectrum-2 specific RIF operations and essentially enables layer 3 GRE tunnels on Spectrum-2. Finally patches #12-18 add tests for GRE IP-in-IP tunnels, both in flat and hierarchical topologies. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, where an ikey/okey pair is set. This test is based on hierarchical topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, where a key is set. This test is based on hierarchical topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, based on hierarchical topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, where an ikey/okey pair is set. This test is based on flat topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, where a key is set. This test is based on flat topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel, based on flat topology described in file ipip_lib.sh. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Add a library with helper functions, to be used in testing IP-in-IP and GRE tunnels, both in flat and in hierarchical topologies. The topologies used in this library cover the three scenarios of tunnels - a tunel with no bound device, a tunnel with bound device in the same VRF and a tunnel with a bound device in a different VRF. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Spectrum-2 GRE tunnel implementation requires a specific underlay RIF that points to the virtual router used for forwarding the encapsulated packet. Add Spectrum-2 specific loopback router interface creation methods which may create or reuse the dedicated underlay RIF. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Spectrum-2 requires to specify the egress RIF when setting tunnel decap properties. Add a method for accessing the underlay RIF index and then use it when setting decap properties. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Spectrum-2 underlay RIF is merely an auxiliary RIF that points to the virtual router used for encapsulated packets lookup. It exists only when its overlay RIF exists but may be shared with other overlay RIFs. Hence it is undesired to mark any device as related to it. Therefore allow usage of NULL device when allocating RIF. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
For the sake of Spectrum-2 GRE support, as ul_vr_id field is reserved for Spectrum-2, Change mlxsw_sp_ipip_lb_ul_vr_id() implementation not to use the reserved field. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
Spectrum-2 GRE tunnels underlay should be given not only the virtual router information for an encapsulated packet lookup, but also an underlay RIF object which belongs to a virtual router. Therefore add ul_rif_id field in struct mlxsw_sp_rif_ipip_lb, to be used later in Spectrum-2 underlay RIF implementation. This field complements ul_vr_id field, already present and defined as reserved for Spectrum-2. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
The presence of an allocated RIF in mlxsw_sp->router->rifs[rif_index] marks that rif_index as taken. Set the marking of a taken RIF to happen before calling ops->create in order to allow creation of a GRE underlay RIF, which may be allocated and created as part of an overlay RIF creation. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Nir Dotan authored
In Spectrum-2, the underlay routing table is pointed by an underlay router interface in contrary to Spectrum where only an underlay virtual router should be set. That makes the underlay virtual router field in RITR reserved for Spectrum-2. Change loopback RIF creation function to support the new underlay RIF field, however leave this field reserved for Spectrum-1 updates. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-