Commit Graph

63 Commits

Author SHA1 Message Date
Maksim Yevmenkin
c18a1440f0 Mark AVM USB Bluetooth-Adapter BlueFritz! as "broken". This device is not
supported by ng_ubt(4) driver and needs its own driver.

PR:		kern/76205
Submitted by:	Tim Hemel < bsd AT timit DOT nl >
MFC after:	1 week
2005-05-10 16:25:58 +00:00
Peter Wemm
e76ce25370 Change the embedded module name from "bluetooth" to "ng_bluetooth" to match
the rest of the names assigned to this object.
2005-04-08 05:13:53 +00:00
Maksim Yevmenkin
dc612cfc34 Correct typo that could cause FIFO overflow.
PR:		kern/78431
MFC after:	3 days
2005-04-06 22:09:32 +00:00
Maksim Yevmenkin
aa9e985aed Remove PR_ATOMIC flag in ng_btsocket_protosw[] for BLUETOOTH_PROTO_RFCOMM
protocol. RFCOMM is a SOCK_STREAM protocol not SOCK_SEQPACKET. This was a
serious bug caused by cut-and-paste. I'm surprised it did not bite me before.
Dunce hat goes to me.

MFC after:	3 days
2005-04-06 20:54:05 +00:00
Maksim Yevmenkin
f93b258c94 In ng_btsocket_rfcomm_receive_frame() correctly set length variable when
EA bit is set in hdr->length (16-bit length). This currently has no effect
on the rest of the code. It just fixes the debug message.

MFC After:	3 weeks
2005-04-06 18:55:58 +00:00
Sam Leffler
81c95c5292 move ptr use down to after null check
Noticed by:	Coverity Prevent analysis tool
Reviewed by:	emax
2005-02-26 02:31:34 +00:00
Robert Watson
0daccb9c94 In the current world order, solisten() implements the state transition of
a socket from a regular socket to a listening socket able to accept new
connections.  As part of this state transition, solisten() calls into the
protocol to update protocol-layer state.  There were several bugs in this
implementation that could result in a race wherein a TCP SYN received
in the interval between the protocol state transition and the shortly
following socket layer transition would result in a panic in the TCP code,
as the socket would be in the TCPS_LISTEN state, but the socket would not
have the SO_ACCEPTCONN flag set.

This change does the following:

- Pushes the socket state transition from the socket layer solisten() to
  to socket "library" routines called from the protocol.  This permits
  the socket routines to be called while holding the protocol mutexes,
  preventing a race exposing the incomplete socket state transition to TCP
  after the TCP state transition has completed.  The check for a socket
  layer state transition is performed by solisten_proto_check(), and the
  actual transition is performed by solisten_proto().

- Holds the socket lock for the duration of the socket state test and set,
  and over the protocol layer state transition, which is now possible as
  the socket lock is acquired by the protocol layer, rather than vice
  versa.  This prevents additional state related races in the socket
  layer.

This permits the dual transition of socket layer and protocol layer state
to occur while holding locks for both layers, making the two changes
atomic with respect to one another.  Similar changes are likely require
elsewhere in the socket/protocol code.

Reported by:		Peter Holm <peter@holm.cc>
Review and fixes from:	emax, Antoine Brodin <antoine.brodin@laposte.net>
Philosophical head nod:	gnn
2005-02-21 21:58:17 +00:00
Gleb Smirnoff
c00e2d15b7 - Use ng_callout() instead of home-grown implementation.
Submitted by:	emax
2005-01-11 11:55:56 +00:00
Maksim Yevmenkin
980b8b89eb Make default RFCOMM session MTU match default L2CAP MTU.
This is just a workaround for a know problem with Motorola E1000
phone. Something is wrong with the configuration of L2CAP/RFCOMM
channel. Even though we set L2CAP MTU to 132 bytes (default RFCOMM
MTU 127 + 5 bytes RFCOMM frame header) and the phone accepts it,
the phone still sends oversized L2CAP packets. It appears that the
phone wants to use bigger (667 bytes) RFCOMM frames, but it does
not segment them according to the configured L2CAP MTU. The 667
bytes RFCOMM frame size corresponds to the default L2CAP MTU of
672 bytes (667 + 5 bytes RFCOMM frame header).

This problem only appears if connection was initiated from the
phone. I'm not sure who is at fault here, so for now just put
workaround in place. Quick look at the spec did not reveal any
anwser.

Tested by:	Jes < jjess at freebsd dot polarhome dot com >
MFC after:	3 days
2005-01-11 01:39:53 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Maksim Yevmenkin
6a2dbfa47f Rename 'class' field to 'uclass' in the ng_hci_inquiry_response structure.
class is a reserved word in C++

Submitted by:	Markus Brueffer < markus AT brueffer DOT de >
MFC after:	3 days
2005-01-04 20:13:48 +00:00
Gleb Smirnoff
f9d9e1b4ec Mechanically rename s/ng_timeout/ng_callout/g, s/ng_untimeout/ng_uncallout/g.
This is done to keep both versions in RELENG_5 and support both APIs.

Reviewed by:	scottl
Approved by:	julian (mentor), implicitly
2004-12-01 11:56:32 +00:00
Max Laier
4f240aff01 Move ng_socket and ng_btsocket initialization to SI_SUB_PROTO_DOMAIN as they
call net_add_domain(). Calling this function too early (or late) breaks
assertations about the global domains list.
Actually it should be forbidden to call net_add_domain() outside of
SI_SUB_PROTO_DOMAIN completely as there are many places where we traverse
the domains list unprotected, but for now we allow late calls (mostly to
support netgraph). In order to really fix this we have to lock the domains
list in all places or find another way to ensure that we can safely walk the
list while another thread might be adding a new domain.

Spotted by:	se
Reviewed by:	julian, glebius
PR:		kern/73321	(partly)
2004-11-30 22:28:50 +00:00
Maksim Yevmenkin
bb50f99e30 Correct typo. Return ENXIO instead of EIO. 2004-11-19 18:54:54 +00:00
Poul-Henning Kamp
756d52a195 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
Maksim Yevmenkin
b81d7730f3 Fix kernel build (caused by recent ng_{un}timeout API change)
Submitted by:	glebius
2004-11-03 18:00:49 +00:00
Maksim Yevmenkin
cff5b6df1c Fix broken ng_h4(4). Basically, do not abuse t_sc field and use new t_lsc
field created for line disciplne drivers private use. Also add NET_NEEDS_GIANT
warning. For whatever reason ng_tty(4) was fixed but ng_h4(4) was not :(
2004-11-02 20:01:42 +00:00
Robert Watson
81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
Maksim Yevmenkin
01c5ea585c Get rid of device nodes interface. It is useless and confusing.
The original idea was to use it for firmware upgrading and similar
operations. In real life almost all Bluetooth USB devices do not
need firmware download. If device does require firmware download
then ugen(4) (or specialized driver like ubtbcmfw(8)) should be
used instead.

MFC after:	3 days
2004-10-12 23:33:46 +00:00
Julian Elischer
f036d4081d Align netgraph message fields ready for 64-bit (and 128 bit :-) machines.
requires a recompile of netgraph users.
Also change the size of a field in the bluetooth code
that was waiting for the next change that needed recompiles so
it could piggyback its way in.

Submitted by:	jdp, maksim
MFC after:	2 days
2004-08-20 01:24:23 +00:00
Maksim Yevmenkin
b25877a384 Introduce ng_hci_inquiry_response structure and use it in the hccontrol(8) 2004-08-10 00:38:50 +00:00
Warner Losh
107af8f9eb MFp4: Last references to dev/usb/usbdevs.h converted. 2004-06-27 16:51:01 +00:00
Lukas Ertl
f3617a3396 Catch up with usbd_get_string_desc() change.
Spotted by:  Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw>
2004-06-26 13:24:29 +00:00
Poul-Henning Kamp
4776c07426 Fix line discipline switching issues: If opening a new ldisc fails,
we have to revert to TTYDISC which we know will successfully open
rather than try the previous ldisc which might also fail to open.

Do not let ldisc implementations muck about with ->t_line, and remove
code which checks for reopens, it should never happen.

Move ldisc->l_hotchar to tty->t_hotchar and have ldisc implementation
initialize it in their open routines.  Reset to zero when we enter
TTYDISC.  ("no" should really be -1 since zero could be a valid
hotchar for certain old european mainframe protocols.)
2004-06-26 08:44:04 +00:00
Maksim Yevmenkin
21da572743 Add '#include <sys/mbuf.h>' to fix the kernel build. 2004-06-25 23:03:33 +00:00
Robert Watson
68548aa4c6 Correct merge-o: make sure to unlock symmetrically socket buffer
locks on bluetooth sockets when clearing upcall flags.

Submitted by:	emax
2004-06-18 05:09:42 +00:00
Robert Watson
9535efc00d Merge additional socket buffer locking from rwatson_netperf:
- Lock down low hanging fruit use of sb_flags with socket buffer
  lock.

- Lock down low hanging fruit use of so_state with socket lock.

- Lock down low hanging fruit use of so_options.

- Lock down low-hanging fruit use of sb_lowwat and sb_hiwat with
  socket buffer lock.

- Annotate situations in which we unlock the socket lock and then
  grab the receive socket buffer lock, which are currently actually
  the same lock.  Depending on how we want to play our cards, we
  may want to coallesce these lock uses to reduce overhead.

- Convert a if()->panic() into a KASSERT relating to so_state in
  soaccept().

- Remove a number of splnet()/splx() references.

More complex merging of socket and socket buffer locking to
follow.
2004-06-17 22:48:11 +00:00
Poul-Henning Kamp
f3732fd15b Second half of the dev_t cleanup.
The big lines are:
	NODEV -> NULL
	NOUDEV -> NODEV
	udev_t -> dev_t
	udev2dev() -> findcdev()

Various minor adjustments including handling of userland access to kernel
space struct cdev etc.
2004-06-17 17:16:53 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Robert Watson
c0b99ffa02 The socket field so_state is used to hold a variety of socket related
flags relating to several aspects of socket functionality.  This change
breaks out several bits relating to send and receive operation into a
new per-socket buffer field, sb_state, in order to facilitate locking.
This is required because, in order to provide more granular locking of
sockets, different state fields have different locking properties.  The
following fields are moved to sb_state:

  SS_CANTRCVMORE            (so_state)
  SS_CANTSENDMORE           (so_state)
  SS_RCVATMARK              (so_state)

Rename respectively to:

  SBS_CANTRCVMORE           (so_rcv.sb_state)
  SBS_CANTSENDMORE          (so_snd.sb_state)
  SBS_RCVATMARK             (so_rcv.sb_state)

This facilitates locking by isolating fields to be located with other
identically locked fields, and permits greater granularity in socket
locking by avoiding storing fields with different locking semantics in
the same short (avoiding locking conflicts).  In the future, we may
wish to coallesce sb_state and sb_flags; for the time being I leave
them separate and there is no additional memory overhead due to the
packing/alignment of shorts in the socket buffer structure.
2004-06-14 18:16:22 +00:00
Robert Watson
395a08c904 Extend coverage of SOCK_LOCK(so) to include so_count, the socket
reference count:

- Assert SOCK_LOCK(so) macros that directly manipulate so_count:
  soref(), sorele().

- Assert SOCK_LOCK(so) in macros/functions that rely on the state of
  so_count: sofree(), sotryfree().

- Acquire SOCK_LOCK(so) before calling these functions or macros in
  various contexts in the stack, both at the socket and protocol
  layers.

- In some cases, perform soisdisconnected() before sotryfree(), as
  this could result in frobbing of a non-present socket if
  sotryfree() actually frees the socket.

- Note that sofree()/sotryfree() will release the socket lock even if
  they don't free the socket.

Submitted by:	sam
Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS
2004-06-12 20:47:32 +00:00
Robert Watson
2658b3bb8e Integrate accept locking from rwatson_netperf, introducing a new
global mutex, accept_mtx, which serializes access to the following
fields across all sockets:

          so_qlen          so_incqlen         so_qstate
          so_comp          so_incomp          so_list
          so_head

While providing only coarse granularity, this approach avoids lock
order issues between sockets by avoiding ownership of the fields
by a specific socket and its per-socket mutexes.

While here, rewrite soclose(), sofree(), soaccept(), and
sonewconn() to add assertions, close additional races and  address
lock order concerns.  In particular:

- Reorganize the optimistic concurrency behavior in accept1() to
  always allocate a file descriptor with falloc() so that if we do
  find a socket, we don't have to encounter the "Oh, there wasn't
  a socket" race that can occur if falloc() sleeps in the current
  code, which broke inbound accept() ordering, not to mention
  requiring backing out socket state changes in a way that raced
  with the protocol level.  We may want to add a lockless read of
  the queue state if polling of empty queues proves to be important
  to optimize.

- In accept1(), soref() the socket while holding the accept lock
  so that the socket cannot be free'd in a race with the protocol
  layer.  Likewise in netgraph equivilents of the accept1() code.

- In sonewconn(), loop waiting for the queue to be small enough to
  insert our new socket once we've committed to inserting it, or
  races can occur that cause the incomplete socket queue to
  overfill.  In the previously implementation, it was sufficient
  to simply tested once since calling soabort() didn't release
  synchronization permitting another thread to insert a socket as
  we discard a previous one.

- In soclose()/sofree()/et al, it is the responsibility of the
  caller to remove a socket from the incomplete connection queue
  before calling soabort(), which prevents soabort() from having
  to walk into the accept socket to release the socket from its
  queue, and avoids races when releasing the accept mutex to enter
  soabort(), permitting soabort() to avoid lock ordering issues
  with the caller.

- Generally cluster accept queue related operations together
  throughout these functions in order to facilitate locking.

Annotate new locking in socketvar.h.
2004-06-02 04:15:39 +00:00
Robert Watson
36568179e3 The SS_COMP and SS_INCOMP flags in the so_state field indicate whether
the socket is on an accept queue of a listen socket.  This change
renames the flags to SQ_COMP and SQ_INCOMP, and moves them to a new
state field on the socket, so_qstate, as the locking for these flags
is substantially different for the locking on the remainder of the
flags in so_state.
2004-06-01 02:42:56 +00:00
Poul-Henning Kamp
5dba30f15a add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
Julian Elischer
3eb483729e Missed these in the last commit.
Change to C99 structure initialisation for the type method structure.
2004-05-29 07:16:49 +00:00
Julian Elischer
f8aae7776f Switch to using C99 sparse initialisers for the type methods array.
Should make no binary difference.

Submitted by:	Gleb Smirnoff <glebius@cell.sick.ru>
Reviewed by:	Harti Brandt <harti@freebsd.org>
MFC after:	1 week
2004-05-29 00:51:19 +00:00
Warner Losh
dba6dd177b Move to generating pccarddevs.h on the fly, both for the kernel and
the modules.

Also generate usbdevs.h automatically now, but a non-kernel file is
stopping that at the moment.
2004-05-26 00:53:10 +00:00
Maksim Yevmenkin
73a4a9a759 Mode few Bluetooth defines into system include files
Reviewed by:	imp
2004-05-10 02:24:56 +00:00
Maksim Yevmenkin
b84b10f92f Address few style issues pointed out by bde
Reviewed by:	bde, ru
2004-04-27 16:38:15 +00:00
Maksim Yevmenkin
48bd0712bc Make sure RFCOMM multiplexor channel does not hang in DISCONNECTING
state. Apparently it happens when both devices try to disconnect RFCOMM
multiplexor channel at the same time.

The scenario is as follows:

- local device initiates RFCOMM connection to the remote device. This
  creates both RFCOMM multiplexor channel and data channel;

- remote device terminates RFCOMM data channel (inactivity timeout);

- local device acknowledges RFCOMM data channel termination. Because
  there is no more active data channels and local device has initiated
  connection it terminates RFCOMM multiplexor channel;

- remote device does not acknowledges RFCOMM multiplexor channel
  termination. Instead it sends its own request to terminate RFCOMM
  multiplexor channel. Even though local device acknowledges RFCOMM
  multiplexor channel termination the remote device still keeps
  L2CAP connection open.

Because of hanging RFCOMM multiplexor channel subsequent RFCOMM
connections between local and remote devices will fail.

Reported by:	Johann Hugo <jhugo@icomtek.csir.co.za>
2004-04-23 20:21:17 +00:00
Maksim Yevmenkin
4ae439a316 Make sure Bluetooth stuff can be compiled on amd64
Submitted by:	ps
2004-04-09 23:01:42 +00:00
Nate Lawson
5f96beb9e0 Convert callers to the new bus_alloc_resource_any(9) API.
Submitted by:	Mark Santcroos <marks@ripe.net>
Reviewed by:	imp, dfr, bde
2004-03-17 17:50:55 +00:00
Robert Watson
746e5bf09b Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
Poul-Henning Kamp
dc08ffec87 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
Poul-Henning Kamp
c9c7976f7f Device megapatch 1/6:
Free approx 86 major numbers with a mostly automatically generated patch.

A number of strategic drivers have been left behind by caution, and a few
because they still (ab)use their major number.
2004-02-21 19:42:58 +00:00
Hartmut Brandt
bbee16c0b9 Replace deprecated NG_NODELEN with the new NG_NODESIZ. There is one
problem here still to be solved: the sockaddr_hci has still a 16 byte
field for the node name. The code currently does not correctly use the
length field in the sockaddr to handle the address length, so
node names get truncated to 15 characters when put into a sockaddr_hci.
2004-01-26 15:19:43 +00:00
Alfred Perlstein
b9fe2d6cc2 NULL -> 0 where appropriate. 2003-12-24 18:51:01 +00:00
Robert Watson
a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
Maksim Yevmenkin
f21fff6cf2 Change double include protection style in headers to match
the rest of Netgraph code.

Reviewed by: imp, ru
Approved by: imp (mentor)
2003-11-14 03:45:29 +00:00
Maksim Yevmenkin
0986ab12e4 Update Bluetooth code.
Reviewed by: M. Warner Losh <imp@bsdimp.com>; John Hay <jhay@freebsd.org>
Approved by: M. Warner Losh <imp@bsdimp.com> (mentor)
2003-10-12 22:04:24 +00:00