2019-05-27 09:55:05 +03:00
// SPDX-License-Identifier: GPL-2.0-or-later
2005-04-17 02:20:36 +04:00
/*
*
2005-10-28 21:20:45 +04:00
* Bluetooth HCI UART driver
*
* Copyright ( C ) 2000 - 2001 Qualcomm Incorporated
* Copyright ( C ) 2002 - 2003 Maxim Krasnyansky < maxk @ qualcomm . com >
* Copyright ( C ) 2004 - 2005 Marcel Holtmann < marcel @ holtmann . org >
2005-04-17 02:20:36 +04:00
*/
# include <linux/module.h>
# include <linux/kernel.h>
# include <linux/init.h>
# include <linux/types.h>
# include <linux/fcntl.h>
# include <linux/interrupt.h>
# include <linux/ptrace.h>
# include <linux/poll.h>
# include <linux/slab.h>
# include <linux/tty.h>
# include <linux/errno.h>
# include <linux/string.h>
# include <linux/signal.h>
# include <linux/ioctl.h>
# include <linux/skbuff.h>
2015-05-28 12:25:01 +03:00
# include <linux/firmware.h>
2017-10-04 21:43:35 +03:00
# include <linux/serdev.h>
2005-04-17 02:20:36 +04:00
# include <net/bluetooth/bluetooth.h>
# include <net/bluetooth/hci_core.h>
2015-04-06 10:52:14 +03:00
# include "btintel.h"
2015-04-06 08:52:12 +03:00
# include "btbcm.h"
2005-04-17 02:20:36 +04:00
# include "hci_uart.h"
2015-04-05 08:36:04 +03:00
# define VERSION "2.3"
2005-10-28 21:20:45 +04:00
2015-04-05 08:11:43 +03:00
static const struct hci_uart_proto * hup [ HCI_UART_MAX_PROTO ] ;
2005-04-17 02:20:36 +04:00
2015-04-05 08:11:43 +03:00
int hci_uart_register_proto ( const struct hci_uart_proto * p )
2005-04-17 02:20:36 +04:00
{
if ( p - > id > = HCI_UART_MAX_PROTO )
return - EINVAL ;
if ( hup [ p - > id ] )
return - EEXIST ;
hup [ p - > id ] = p ;
2005-10-28 21:20:45 +04:00
2015-04-05 08:27:35 +03:00
BT_INFO ( " HCI UART protocol %s registered " , p - > name ) ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
2015-04-05 08:11:43 +03:00
int hci_uart_unregister_proto ( const struct hci_uart_proto * p )
2005-04-17 02:20:36 +04:00
{
if ( p - > id > = HCI_UART_MAX_PROTO )
return - EINVAL ;
if ( ! hup [ p - > id ] )
return - EINVAL ;
hup [ p - > id ] = NULL ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
return 0 ;
}
2015-04-05 08:11:43 +03:00
static const struct hci_uart_proto * hci_uart_get_proto ( unsigned int id )
2005-04-17 02:20:36 +04:00
{
if ( id > = HCI_UART_MAX_PROTO )
return NULL ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
return hup [ id ] ;
}
static inline void hci_uart_tx_complete ( struct hci_uart * hu , int pkt_type )
{
struct hci_dev * hdev = hu - > hdev ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
/* Update HCI stat counters */
switch ( pkt_type ) {
case HCI_COMMAND_PKT :
hdev - > stat . cmd_tx + + ;
break ;
case HCI_ACLDATA_PKT :
hdev - > stat . acl_tx + + ;
break ;
case HCI_SCODATA_PKT :
2010-10-07 23:57:10 +04:00
hdev - > stat . sco_tx + + ;
2005-04-17 02:20:36 +04:00
break ;
}
}
static inline struct sk_buff * hci_uart_dequeue ( struct hci_uart * hu )
{
struct sk_buff * skb = hu - > tx_skb ;
2005-10-28 21:20:45 +04:00
2017-04-28 15:57:25 +03:00
if ( ! skb ) {
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_down_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2017-04-28 15:57:25 +03:00
if ( test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) )
skb = hu - > proto - > dequeue ( hu ) ;
2017-05-05 18:27:06 +03:00
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2017-04-28 15:57:25 +03:00
} else {
2005-04-17 02:20:36 +04:00
hu - > tx_skb = NULL ;
2017-04-28 15:57:25 +03:00
}
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
return skb ;
}
int hci_uart_tx_wakeup ( struct hci_uart * hu )
{
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
/* This may be called in an IRQ context, so we can't sleep. Therefore
* we try to acquire the lock only , and if that fails we assume the
* tty is being closed because that is the only time the write lock is
* acquired . If , however , at some point in the future the write lock
* is also acquired in other situations , then this must be revisited .
*/
if ( ! percpu_down_read_trylock ( & hu - > proto_lock ) )
return 0 ;
2017-05-05 18:27:06 +03:00
2017-04-28 15:57:26 +03:00
if ( ! test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) )
2017-05-05 18:27:06 +03:00
goto no_schedule ;
2017-04-28 15:57:26 +03:00
2005-04-17 02:20:36 +04:00
if ( test_and_set_bit ( HCI_UART_SENDING , & hu - > tx_state ) ) {
set_bit ( HCI_UART_TX_WAKEUP , & hu - > tx_state ) ;
2017-05-05 18:27:06 +03:00
goto no_schedule ;
2005-04-17 02:20:36 +04:00
}
BT_DBG ( " " ) ;
2014-04-23 18:58:26 +04:00
schedule_work ( & hu - > write_work ) ;
2017-05-05 18:27:06 +03:00
no_schedule :
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2014-04-23 18:58:26 +04:00
return 0 ;
}
2017-03-28 18:59:37 +03:00
EXPORT_SYMBOL_GPL ( hci_uart_tx_wakeup ) ;
2014-04-23 18:58:26 +04:00
static void hci_uart_write_work ( struct work_struct * work )
{
struct hci_uart * hu = container_of ( work , struct hci_uart , write_work ) ;
struct tty_struct * tty = hu - > tty ;
struct hci_dev * hdev = hu - > hdev ;
struct sk_buff * skb ;
/* REVISIT: should we cope with bad skbs or ->write() returning
* and error value ?
*/
2005-04-17 02:20:36 +04:00
restart :
clear_bit ( HCI_UART_TX_WAKEUP , & hu - > tx_state ) ;
while ( ( skb = hci_uart_dequeue ( hu ) ) ) {
int len ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
set_bit ( TTY_DO_WRITE_WAKEUP , & tty - > flags ) ;
2008-04-30 11:54:13 +04:00
len = tty - > ops - > write ( tty , skb - > data , skb - > len ) ;
2005-04-17 02:20:36 +04:00
hdev - > stat . byte_tx + = len ;
skb_pull ( skb , len ) ;
if ( skb - > len ) {
hu - > tx_skb = skb ;
break ;
}
2005-10-28 21:20:45 +04:00
2015-11-05 09:33:56 +03:00
hci_uart_tx_complete ( hu , hci_skb_pkt_type ( skb ) ) ;
2005-04-17 02:20:36 +04:00
kfree_skb ( skb ) ;
2005-10-28 21:20:45 +04:00
}
2005-04-17 02:20:36 +04:00
if ( test_bit ( HCI_UART_TX_WAKEUP , & hu - > tx_state ) )
goto restart ;
clear_bit ( HCI_UART_SENDING , & hu - > tx_state ) ;
2019-06-14 10:23:49 +03:00
wake_up_bit ( & hu - > tx_state , HCI_UART_SENDING ) ;
2005-04-17 02:20:36 +04:00
}
2018-05-27 22:04:53 +03:00
void hci_uart_init_work ( struct work_struct * work )
2012-07-16 17:12:11 +04:00
{
struct hci_uart * hu = container_of ( work , struct hci_uart , init_ready ) ;
int err ;
2017-04-20 20:06:40 +03:00
struct hci_dev * hdev ;
2012-07-16 17:12:11 +04:00
if ( ! test_and_clear_bit ( HCI_UART_INIT_PENDING , & hu - > hdev_flags ) )
return ;
err = hci_register_dev ( hu - > hdev ) ;
if ( err < 0 ) {
BT_ERR ( " Can't register HCI device " ) ;
2019-02-06 20:54:16 +03:00
clear_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ;
hu - > proto - > close ( hu ) ;
2017-04-20 20:06:40 +03:00
hdev = hu - > hdev ;
2012-07-16 17:12:11 +04:00
hu - > hdev = NULL ;
2017-04-20 20:06:40 +03:00
hci_free_dev ( hdev ) ;
2017-04-20 20:06:39 +03:00
return ;
2012-07-16 17:12:11 +04:00
}
set_bit ( HCI_UART_REGISTERED , & hu - > flags ) ;
}
int hci_uart_init_ready ( struct hci_uart * hu )
{
if ( ! test_bit ( HCI_UART_INIT_PENDING , & hu - > hdev_flags ) )
return - EALREADY ;
schedule_work ( & hu - > init_ready ) ;
return 0 ;
}
2019-06-14 10:23:49 +03:00
int hci_uart_wait_until_sent ( struct hci_uart * hu )
{
return wait_on_bit_timeout ( & hu - > tx_state , HCI_UART_SENDING ,
TASK_INTERRUPTIBLE ,
msecs_to_jiffies ( 2000 ) ) ;
}
2005-04-17 02:20:36 +04:00
/* ------- Interface to HCI layer ------ */
/* Reset device */
static int hci_uart_flush ( struct hci_dev * hdev )
{
2012-02-10 00:58:32 +04:00
struct hci_uart * hu = hci_get_drvdata ( hdev ) ;
2005-04-17 02:20:36 +04:00
struct tty_struct * tty = hu - > tty ;
BT_DBG ( " hdev %p tty %p " , hdev , tty ) ;
if ( hu - > tx_skb ) {
kfree_skb ( hu - > tx_skb ) ; hu - > tx_skb = NULL ;
}
/* Flush any pending characters in the driver and discipline. */
tty_ldisc_flush ( tty ) ;
2008-04-30 11:54:13 +04:00
tty_driver_flush_buffer ( tty ) ;
2005-04-17 02:20:36 +04:00
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_down_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2016-04-04 11:48:13 +03:00
if ( test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) )
2005-04-17 02:20:36 +04:00
hu - > proto - > flush ( hu ) ;
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2005-04-17 02:20:36 +04:00
return 0 ;
}
2018-05-27 22:04:51 +03:00
/* Initialize device */
static int hci_uart_open ( struct hci_dev * hdev )
{
BT_DBG ( " %s %p " , hdev - > name , hdev ) ;
/* Undo clearing this from hci_uart_close() */
hdev - > flush = hci_uart_flush ;
return 0 ;
}
2005-04-17 02:20:36 +04:00
/* Close device */
static int hci_uart_close ( struct hci_dev * hdev )
{
BT_DBG ( " hdev %p " , hdev ) ;
hci_uart_flush ( hdev ) ;
hci_ldisc: fix null pointer deref
Arjan:
With the help of kerneloops.org I've spotted a nice little interaction
between the TTY layer and the bluetooth code, however the tty layer is not
something I'm all too familiar with so I rather ask than brute-force fix the
code incorrectly.
The raw details are at:
http://www.kerneloops.org/search.php?search=uart_flush_buffer
What happens is that, on closing the bluetooth tty, the tty layer goes
into the release_dev() function, which first does a bunch of stuff, then
sets the file->private_data to NULL, does some more stuff and then calls the
ldisc close function. Which in this case, is hci_uart_tty_close().
Now, hci_uart_tty_close() calls hci_uart_close() which clears some
internal bit, and then calls hci_uart_flush()... which calls back to the
tty layers' uart_flush_buffer() function. (in drivers/bluetooth/hci_tty.c
around line 194) Which then WARN_ON()'s because that's not allowed/supposed
to be called this late in the shutdown of the port....
Should the bluetooth driver even call this flush function at all??
David:
This seems to be what happens: Hci_uart_close() flushes using
hci_uart_flush(). Subsequently, in hci_dev_do_close(), (one step in
hci_unregister_dev()), hci_uart_flush() is called again. The comment in
uart_flush_buffer(), relating to the WARN_ON(), indicates you can't flush
after the port is closed; which sounds reasonable. I think hci_uart_close()
should set hdev->flush to NULL before returning. Hci_dev_do_close() does
check for this. The code path is rather involved and I'm not entirely clear
of all steps, but I think that's what should be done.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-12 08:41:30 +03:00
hdev - > flush = NULL ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
/* Send frames from HCI layer */
2013-10-11 17:19:18 +04:00
static int hci_uart_send_frame ( struct hci_dev * hdev , struct sk_buff * skb )
2005-04-17 02:20:36 +04:00
{
2013-10-11 18:01:03 +04:00
struct hci_uart * hu = hci_get_drvdata ( hdev ) ;
2005-04-17 02:20:36 +04:00
2015-11-05 09:33:56 +03:00
BT_DBG ( " %s: type %d len %d " , hdev - > name , hci_skb_pkt_type ( skb ) ,
skb - > len ) ;
2005-04-17 02:20:36 +04:00
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_down_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
if ( ! test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ) {
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2017-04-28 15:57:24 +03:00
return - EUNATCH ;
2017-05-05 18:27:06 +03:00
}
2017-04-28 15:57:24 +03:00
2005-04-17 02:20:36 +04:00
hu - > proto - > enqueue ( hu , skb ) ;
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2005-04-17 02:20:36 +04:00
hci_uart_tx_wakeup ( hu ) ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
return 0 ;
}
2019-07-30 12:33:45 +03:00
/* Check the underlying device or tty has flow control support */
bool hci_uart_has_flow_control ( struct hci_uart * hu )
{
/* serdev nodes check if the needed operations are present */
if ( hu - > serdev )
return true ;
if ( hu - > tty - > driver - > ops - > tiocmget & & hu - > tty - > driver - > ops - > tiocmset )
return true ;
return false ;
}
2015-06-18 00:30:56 +03:00
/* Flow control or un-flow control the device */
void hci_uart_set_flow_control ( struct hci_uart * hu , bool enable )
{
struct tty_struct * tty = hu - > tty ;
struct ktermios ktermios ;
int status ;
unsigned int set = 0 ;
unsigned int clear = 0 ;
2017-10-04 21:43:35 +03:00
if ( hu - > serdev ) {
serdev_device_set_flow_control ( hu - > serdev , ! enable ) ;
serdev_device_set_rts ( hu - > serdev , ! enable ) ;
return ;
}
2015-06-18 00:30:56 +03:00
if ( enable ) {
/* Disable hardware flow control */
ktermios = tty - > termios ;
ktermios . c_cflag & = ~ CRTSCTS ;
status = tty_set_termios ( tty , & ktermios ) ;
BT_DBG ( " Disabling hardware flow control: %s " ,
status ? " failed " : " success " ) ;
/* Clear RTS to prevent the device from sending */
/* Most UARTs need OUT2 to enable interrupts */
status = tty - > driver - > ops - > tiocmget ( tty ) ;
BT_DBG ( " Current tiocm 0x%x " , status ) ;
set & = ~ ( TIOCM_OUT2 | TIOCM_RTS ) ;
clear = ~ set ;
set & = TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
TIOCM_OUT2 | TIOCM_LOOP ;
clear & = TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
TIOCM_OUT2 | TIOCM_LOOP ;
status = tty - > driver - > ops - > tiocmset ( tty , set , clear ) ;
BT_DBG ( " Clearing RTS: %s " , status ? " failed " : " success " ) ;
} else {
/* Set RTS to allow the device to send again */
status = tty - > driver - > ops - > tiocmget ( tty ) ;
BT_DBG ( " Current tiocm 0x%x " , status ) ;
set | = ( TIOCM_OUT2 | TIOCM_RTS ) ;
clear = ~ set ;
set & = TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
TIOCM_OUT2 | TIOCM_LOOP ;
clear & = TIOCM_DTR | TIOCM_RTS | TIOCM_OUT1 |
TIOCM_OUT2 | TIOCM_LOOP ;
status = tty - > driver - > ops - > tiocmset ( tty , set , clear ) ;
BT_DBG ( " Setting RTS: %s " , status ? " failed " : " success " ) ;
/* Re-enable hardware flow control */
ktermios = tty - > termios ;
ktermios . c_cflag | = CRTSCTS ;
status = tty_set_termios ( tty , & ktermios ) ;
BT_DBG ( " Enabling hardware flow control: %s " ,
status ? " failed " : " success " ) ;
}
}
void hci_uart_set_speeds ( struct hci_uart * hu , unsigned int init_speed ,
unsigned int oper_speed )
{
hu - > init_speed = init_speed ;
hu - > oper_speed = oper_speed ;
}
2015-05-28 12:25:03 +03:00
void hci_uart_set_baudrate ( struct hci_uart * hu , unsigned int speed )
{
struct tty_struct * tty = hu - > tty ;
struct ktermios ktermios ;
ktermios = tty - > termios ;
ktermios . c_cflag & = ~ CBAUD ;
tty_termios_encode_baud_rate ( & ktermios , speed , speed ) ;
/* tty_set_termios() return not checked as it is always 0 */
tty_set_termios ( tty , & ktermios ) ;
2015-06-18 00:30:56 +03:00
BT_DBG ( " %s: New tty speeds: %d/%d " , hu - > hdev - > name ,
tty - > termios . c_ispeed , tty - > termios . c_ospeed ) ;
2015-05-28 12:25:03 +03:00
}
2015-03-25 17:19:30 +03:00
static int hci_uart_setup ( struct hci_dev * hdev )
{
struct hci_uart * hu = hci_get_drvdata ( hdev ) ;
2015-04-05 02:13:01 +03:00
struct hci_rp_read_local_version * ver ;
struct sk_buff * skb ;
2015-06-18 00:30:56 +03:00
unsigned int speed ;
2015-05-28 12:25:03 +03:00
int err ;
2015-06-18 00:30:56 +03:00
/* Init speed if any */
2015-06-18 13:43:27 +03:00
if ( hu - > init_speed )
2015-06-18 00:30:56 +03:00
speed = hu - > init_speed ;
2015-06-18 13:43:27 +03:00
else if ( hu - > proto - > init_speed )
speed = hu - > proto - > init_speed ;
2015-06-18 00:30:56 +03:00
else
speed = 0 ;
if ( speed )
hci_uart_set_baudrate ( hu , speed ) ;
/* Operational speed if any */
2015-06-18 13:43:27 +03:00
if ( hu - > oper_speed )
2015-06-18 00:30:56 +03:00
speed = hu - > oper_speed ;
2015-06-18 13:43:27 +03:00
else if ( hu - > proto - > oper_speed )
speed = hu - > proto - > oper_speed ;
2015-06-18 00:30:56 +03:00
else
speed = 0 ;
2015-05-28 12:25:03 +03:00
2015-06-18 00:30:56 +03:00
if ( hu - > proto - > set_baudrate & & speed ) {
err = hu - > proto - > set_baudrate ( hu , speed ) ;
2015-05-28 12:25:03 +03:00
if ( ! err )
2015-06-18 00:30:56 +03:00
hci_uart_set_baudrate ( hu , speed ) ;
2015-05-28 12:25:03 +03:00
}
2015-03-25 17:19:30 +03:00
if ( hu - > proto - > setup )
return hu - > proto - > setup ( hu ) ;
2015-04-05 02:13:01 +03:00
if ( ! test_bit ( HCI_UART_VND_DETECT , & hu - > hdev_flags ) )
return 0 ;
skb = __hci_cmd_sync ( hdev , HCI_OP_READ_LOCAL_VERSION , 0 , NULL ,
HCI_INIT_TIMEOUT ) ;
if ( IS_ERR ( skb ) ) {
BT_ERR ( " %s: Reading local version information failed (%ld) " ,
hdev - > name , PTR_ERR ( skb ) ) ;
return 0 ;
}
if ( skb - > len ! = sizeof ( * ver ) ) {
BT_ERR ( " %s: Event length mismatch for version information " ,
hdev - > name ) ;
goto done ;
}
ver = ( struct hci_rp_read_local_version * ) skb - > data ;
switch ( le16_to_cpu ( ver - > manufacturer ) ) {
2015-04-05 02:13:02 +03:00
# ifdef CONFIG_BT_HCIUART_INTEL
case 2 :
2015-04-06 10:52:14 +03:00
hdev - > set_bdaddr = btintel_set_bdaddr ;
btintel_check_bdaddr ( hdev ) ;
2015-04-05 02:13:02 +03:00
break ;
2015-04-05 02:13:03 +03:00
# endif
# ifdef CONFIG_BT_HCIUART_BCM
case 15 :
2015-04-06 08:52:12 +03:00
hdev - > set_bdaddr = btbcm_set_bdaddr ;
btbcm_check_bdaddr ( hdev ) ;
2015-04-05 02:13:03 +03:00
break ;
2015-04-05 02:13:02 +03:00
# endif
2018-04-26 01:36:29 +03:00
default :
break ;
2015-04-05 02:13:01 +03:00
}
done :
kfree_skb ( skb ) ;
2015-03-25 17:19:30 +03:00
return 0 ;
}
2005-04-17 02:20:36 +04:00
/* ------ LDISC part ------ */
/* hci_uart_tty_open
2013-04-02 16:24:23 +04:00
*
2005-04-17 02:20:36 +04:00
* Called when line discipline changed to HCI_UART .
*
* Arguments :
* tty pointer to tty info structure
2013-04-02 16:24:23 +04:00
* Return Value :
2005-04-17 02:20:36 +04:00
* 0 if success , otherwise error code
*/
static int hci_uart_tty_open ( struct tty_struct * tty )
{
2012-10-19 00:26:34 +04:00
struct hci_uart * hu ;
2005-04-17 02:20:36 +04:00
BT_DBG ( " tty %p " , tty ) ;
2010-10-22 17:11:26 +04:00
/* Error if the tty has no write op instead of leaving an exploitable
2017-07-22 04:47:07 +03:00
* hole
*/
2010-10-22 17:11:26 +04:00
if ( tty - > ops - > write = = NULL )
return - EOPNOTSUPP ;
2013-08-12 19:46:00 +04:00
hu = kzalloc ( sizeof ( struct hci_uart ) , GFP_KERNEL ) ;
if ( ! hu ) {
2006-09-21 18:23:19 +04:00
BT_ERR ( " Can't allocate control structure " ) ;
2005-04-17 02:20:36 +04:00
return - ENFILE ;
}
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
tty - > disc_data = hu ;
hu - > tty = tty ;
[PATCH] TTY layer buffering revamp
The API and code have been through various bits of initial review by
serial driver people but they definitely need to live somewhere for a
while so the unconverted drivers can get knocked into shape, existing
drivers that have been updated can be better tuned and bugs whacked out.
This replaces the tty flip buffers with kmalloc objects in rings. In the
normal situation for an IRQ driven serial port at typical speeds the
behaviour is pretty much the same, two buffers end up allocated and the
kernel cycles between them as before.
When there are delays or at high speed we now behave far better as the
buffer pool can grow a bit rather than lose characters. This also means
that we can operate at higher speeds reliably.
For drivers that receive characters in blocks (DMA based, USB and
especially virtualisation) the layer allows a lot of driver specific
code that works around the tty layer with private secondary queues to be
removed. The IBM folks need this sort of layer, the smart serial port
people do, the virtualisers do (because a virtualised tty typically
operates at infinite speed rather than emulating 9600 baud).
Finally many drivers had invalid and unsafe attempts to avoid buffer
overflows by directly invoking tty methods extracted out of the innards
of work queue structs. These are no longer needed and all go away. That
fixes various random hangs with serial ports on overflow.
The other change in here is to optimise the receive_room path that is
used by some callers. It turns out that only one ldisc uses receive room
except asa constant and it updates it far far less than the value is
read. We thus make it a variable not a function call.
I expect the code to contain bugs due to the size alone but I'll be
watching and squashing them and feeding out new patches as it goes.
Because the buffers now dynamically expand you should only run out of
buffering when the kernel runs out of memory for real. That means a lot of
the horrible hacks high performance drivers used to do just aren't needed any
more.
Description:
tty_insert_flip_char is an old API and continues to work as before, as does
tty_flip_buffer_push() [this is why many drivers dont need modification]. It
does now also return the number of chars inserted
There are also
tty_buffer_request_room(tty, len)
which asks for a buffer block of the length requested and returns the space
found. This improves efficiency with hardware that knows how much to
transfer.
and tty_insert_flip_string_flags(tty, str, flags, len)
to insert a string of characters and flags
For a smart interface the usual code is
len = tty_request_buffer_room(tty, amount_hardware_says);
tty_insert_flip_string(tty, buffer_from_card, len);
More description!
At the moment tty buffers are attached directly to the tty. This is causing a
lot of the problems related to tty layer locking, also problems at high speed
and also with bursty data (such as occurs in virtualised environments)
I'm working on ripping out the flip buffers and replacing them with a pool of
dynamically allocated buffers. This allows both for old style "byte I/O"
devices and also helps virtualisation and smart devices where large blocks of
data suddenely materialise and need storing.
So far so good. Lots of drivers reference tty->flip.*. Several of them also
call directly and unsafely into function pointers it provides. This will all
break. Most drivers can use tty_insert_flip_char which can be kept as an API
but others need more.
At the moment I've added the following interfaces, if people think more will
be needed now is a good time to say
int tty_buffer_request_room(tty, size)
Try and ensure at least size bytes are available, returns actual room (may be
zero). At the moment it just uses the flipbuf space but that will change.
Repeated calls without characters being added are not cumulative. (ie if you
call it with 1, 1, 1, and then 4 you'll have four characters of space. The
other functions will also try and grow buffers in future but this will be a
more efficient way when you know block sizes.
int tty_insert_flip_char(tty, ch, flag)
As before insert a character if there is room. Now returns 1 for success, 0
for failure.
int tty_insert_flip_string(tty, str, len)
Insert a block of non error characters. Returns the number inserted.
int tty_prepare_flip_string(tty, strptr, len)
Adjust the buffer to allow len characters to be added. Returns a buffer
pointer in strptr and the length available. This allows for hardware that
needs to use functions like insl or mencpy_fromio.
Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Paul Fulghum <paulkf@microgate.com>
Signed-off-by: Hirokazu Takata <takata@linux-m32r.org>
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: John Hawkes <hawkes@sgi.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-01-10 07:54:13 +03:00
tty - > receive_room = 65536 ;
2005-04-17 02:20:36 +04:00
2017-03-28 18:59:34 +03:00
/* disable alignment support by default */
hu - > alignment = 1 ;
hu - > padding = 0 ;
2012-07-16 17:12:11 +04:00
INIT_WORK ( & hu - > init_ready , hci_uart_init_work ) ;
2014-04-23 18:58:26 +04:00
INIT_WORK ( & hu - > write_work , hci_uart_write_work ) ;
2012-07-16 17:12:11 +04:00
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_init_rwsem ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2015-11-28 00:39:00 +03:00
/* Flush any pending characters in the driver */
2008-04-30 11:54:13 +04:00
tty_driver_flush_buffer ( tty ) ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
/* hci_uart_tty_close()
*
* Called when the line discipline is changed to something
* else , the tty is closed , or the tty detects a hangup .
*/
static void hci_uart_tty_close ( struct tty_struct * tty )
{
2015-04-05 05:57:21 +03:00
struct hci_uart * hu = tty - > disc_data ;
2012-07-16 17:12:10 +04:00
struct hci_dev * hdev ;
2005-04-17 02:20:36 +04:00
BT_DBG ( " tty %p " , tty ) ;
/* Detach from the tty */
tty - > disc_data = NULL ;
2012-07-16 17:12:10 +04:00
if ( ! hu )
return ;
2007-05-09 11:15:40 +04:00
2012-07-16 17:12:10 +04:00
hdev = hu - > hdev ;
if ( hdev )
hci_uart_close ( hdev ) ;
2005-04-17 02:20:36 +04:00
2017-05-05 18:27:06 +03:00
if ( test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ) {
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_down_write ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
clear_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ;
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_write ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
2017-10-26 08:15:19 +03:00
cancel_work_sync ( & hu - > write_work ) ;
2012-07-16 17:12:10 +04:00
if ( hdev ) {
2012-07-16 17:12:11 +04:00
if ( test_bit ( HCI_UART_REGISTERED , & hu - > flags ) )
hci_unregister_dev ( hdev ) ;
2012-07-16 17:12:10 +04:00
hci_free_dev ( hdev ) ;
2005-04-17 02:20:36 +04:00
}
2012-07-16 17:12:10 +04:00
hu - > proto - > close ( hu ) ;
2005-04-17 02:20:36 +04:00
}
2016-04-04 11:48:13 +03:00
clear_bit ( HCI_UART_PROTO_SET , & hu - > flags ) ;
2012-07-16 17:12:10 +04:00
2018-08-28 04:48:30 +03:00
percpu_free_rwsem ( & hu - > proto_lock ) ;
2012-07-16 17:12:10 +04:00
kfree ( hu ) ;
2005-04-17 02:20:36 +04:00
}
/* hci_uart_tty_wakeup()
*
* Callback for transmit wakeup . Called when low level
* device driver can accept more send data .
*
* Arguments : tty pointer to associated tty instance data
* Return Value : None
*/
static void hci_uart_tty_wakeup ( struct tty_struct * tty )
{
2015-04-05 05:57:21 +03:00
struct hci_uart * hu = tty - > disc_data ;
2005-04-17 02:20:36 +04:00
BT_DBG ( " " ) ;
if ( ! hu )
return ;
clear_bit ( TTY_DO_WRITE_WAKEUP , & tty - > flags ) ;
if ( tty ! = hu - > tty )
return ;
2016-04-04 11:48:13 +03:00
if ( test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) )
2005-04-17 02:20:36 +04:00
hci_uart_tx_wakeup ( hu ) ;
}
/* hci_uart_tty_receive()
2013-04-02 16:24:23 +04:00
*
2005-04-17 02:20:36 +04:00
* Called by tty low level driver when receive data is
* available .
2013-04-02 16:24:23 +04:00
*
2005-04-17 02:20:36 +04:00
* Arguments : tty pointer to tty isntance data
* data pointer to received data
* flags pointer to flags for data
* count count of received data in bytes
2013-04-02 16:24:23 +04:00
*
2011-06-04 01:33:24 +04:00
* Return Value : None
2005-04-17 02:20:36 +04:00
*/
2015-04-05 05:57:22 +03:00
static void hci_uart_tty_receive ( struct tty_struct * tty , const u8 * data ,
char * flags , int count )
2005-04-17 02:20:36 +04:00
{
2015-04-05 05:57:21 +03:00
struct hci_uart * hu = tty - > disc_data ;
2005-10-28 21:20:45 +04:00
2005-04-17 02:20:36 +04:00
if ( ! hu | | tty ! = hu - > tty )
2011-06-04 01:33:24 +04:00
return ;
2005-04-17 02:20:36 +04:00
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_down_read ( & hu - > proto_lock ) ;
2017-05-05 18:27:06 +03:00
if ( ! test_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ) {
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2011-06-04 01:33:24 +04:00
return ;
2017-05-05 18:27:06 +03:00
}
2005-10-28 21:20:45 +04:00
2015-09-23 19:18:10 +03:00
/* It does not need a lock here as it is already protected by a mutex in
* tty caller
*/
2015-04-05 06:59:41 +03:00
hu - > proto - > recv ( hu , data , count ) ;
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc:
Use rwlocking to avoid closing proto races") introduced locks in
hci_ldisc that are held while calling the proto functions. These locks
are rwlock's, and hence do not allow sleeping while they are held.
However, the proto functions that hci_bcm registers use mutexes and
hence need to be able to sleep.
In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both
acquire the rwlock, after which they call proto->recv() and
proto->dequeue(), respectively. In the case of hci_bcm these point to
bcm_recv() and bcm_dequeue(). The latter both acquire the
bcm_device_lock, which is a mutex, so doing so results in a call to
might_sleep(). But since we're holding a rwlock in hci_ldisc, that
results in the following BUG (this for the dequeue case - a similar
one for the receive case is omitted for brevity):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c
in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3
INFO: lockdep is turned off.
CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17
Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8
Workqueue: events hci_uart_write_work [hci_uart]
Call Trace:
dump_stack+0x8e/0xd6
___might_sleep+0x164/0x250
__might_sleep+0x4a/0x80
__mutex_lock+0x59/0xa00
? lock_acquire+0xa3/0x1f0
? lock_acquire+0xa3/0x1f0
? hci_uart_write_work+0xd3/0x160 [hci_uart]
mutex_lock_nested+0x1b/0x20
? mutex_lock_nested+0x1b/0x20
bcm_dequeue+0x21/0xc0 [hci_uart]
hci_uart_write_work+0xe6/0x160 [hci_uart]
process_one_work+0x253/0x6a0
worker_thread+0x4d/0x3b0
kthread+0x133/0x150
We can't replace the mutex in hci_bcm, because there are other calls
there that might sleep. Therefore this replaces the rwlock's in
hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer
approach anyway as it reduces the restrictions on the proto callbacks.
Also, because acquiring write-lock is very rare compared to acquiring
the read-lock, the percpu variant of rw_semaphore is used.
Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context,
we can't block (sleep) while trying acquire the read lock there, so we
use the trylock variant.
Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2017-10-26 08:14:53 +03:00
percpu_up_read ( & hu - > proto_lock ) ;
2013-04-02 16:24:22 +04:00
if ( hu - > hdev )
hu - > hdev - > stat . byte_rx + = count ;
2008-04-30 11:54:18 +04:00
tty_unthrottle ( tty ) ;
2005-04-17 02:20:36 +04:00
}
static int hci_uart_register_dev ( struct hci_uart * hu )
{
struct hci_dev * hdev ;
2019-02-06 20:54:16 +03:00
int err ;
2005-04-17 02:20:36 +04:00
BT_DBG ( " " ) ;
/* Initialize and register HCI device */
hdev = hci_alloc_dev ( ) ;
if ( ! hdev ) {
BT_ERR ( " Can't allocate HCI device " ) ;
return - ENOMEM ;
}
hu - > hdev = hdev ;
2010-02-08 17:27:07 +03:00
hdev - > bus = HCI_UART ;
2012-02-10 00:58:32 +04:00
hci_set_drvdata ( hdev , hu ) ;
2005-04-17 02:20:36 +04:00
2015-10-20 22:30:45 +03:00
/* Only when vendor specific setup callback is provided, consider
* the manufacturer information valid . This avoids filling in the
* value for Ericsson when nothing is specified .
*/
if ( hu - > proto - > setup )
hdev - > manufacturer = hu - > proto - > manufacturer ;
2005-04-17 02:20:36 +04:00
hdev - > open = hci_uart_open ;
hdev - > close = hci_uart_close ;
hdev - > flush = hci_uart_flush ;
hdev - > send = hci_uart_send_frame ;
2015-03-25 17:19:30 +03:00
hdev - > setup = hci_uart_setup ;
2012-03-09 18:53:42 +04:00
SET_HCIDEV_DEV ( hdev , hu - > tty - > dev ) ;
2005-04-17 02:20:36 +04:00
2010-07-12 18:37:04 +04:00
if ( test_bit ( HCI_UART_RAW_DEVICE , & hu - > hdev_flags ) )
set_bit ( HCI_QUIRK_RAW_DEVICE , & hdev - > quirks ) ;
2014-07-11 09:12:58 +04:00
if ( test_bit ( HCI_UART_EXT_CONFIG , & hu - > hdev_flags ) )
set_bit ( HCI_QUIRK_EXTERNAL_CONFIG , & hdev - > quirks ) ;
2012-02-24 20:12:24 +04:00
if ( ! test_bit ( HCI_UART_RESET_ON_INIT , & hu - > hdev_flags ) )
2012-05-23 14:35:46 +04:00
set_bit ( HCI_QUIRK_RESET_ON_CLOSE , & hdev - > quirks ) ;
2012-02-24 20:12:24 +04:00
2012-02-24 20:09:38 +04:00
if ( test_bit ( HCI_UART_CREATE_AMP , & hu - > hdev_flags ) )
hdev - > dev_type = HCI_AMP ;
else
2016-07-05 15:30:14 +03:00
hdev - > dev_type = HCI_PRIMARY ;
2012-02-24 20:09:38 +04:00
2019-02-06 20:54:16 +03:00
/* Only call open() for the protocol after hdev is fully initialized as
* open ( ) ( or a timer / workqueue it starts ) may attempt to reference it .
*/
err = hu - > proto - > open ( hu ) ;
if ( err ) {
hu - > hdev = NULL ;
hci_free_dev ( hdev ) ;
return err ;
}
2012-07-16 17:12:11 +04:00
if ( test_bit ( HCI_UART_INIT_PENDING , & hu - > hdev_flags ) )
return 0 ;
2005-04-17 02:20:36 +04:00
if ( hci_register_dev ( hdev ) < 0 ) {
BT_ERR ( " Can't register HCI device " ) ;
2019-02-06 20:54:16 +03:00
hu - > proto - > close ( hu ) ;
2017-04-20 20:06:40 +03:00
hu - > hdev = NULL ;
2005-04-17 02:20:36 +04:00
hci_free_dev ( hdev ) ;
return - ENODEV ;
}
2012-07-16 17:12:11 +04:00
set_bit ( HCI_UART_REGISTERED , & hu - > flags ) ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
static int hci_uart_set_proto ( struct hci_uart * hu , int id )
{
2015-04-05 08:11:43 +03:00
const struct hci_uart_proto * p ;
2005-10-28 21:20:45 +04:00
int err ;
2005-04-17 02:20:36 +04:00
p = hci_uart_get_proto ( id ) ;
if ( ! p )
return - EPROTONOSUPPORT ;
hu - > proto = p ;
err = hci_uart_register_dev ( hu ) ;
if ( err ) {
return err ;
}
2005-10-28 21:20:45 +04:00
2019-02-23 07:33:27 +03:00
set_bit ( HCI_UART_PROTO_READY , & hu - > flags ) ;
2005-04-17 02:20:36 +04:00
return 0 ;
}
2014-07-11 09:12:57 +04:00
static int hci_uart_set_flags ( struct hci_uart * hu , unsigned long flags )
{
unsigned long valid_flags = BIT ( HCI_UART_RAW_DEVICE ) |
BIT ( HCI_UART_RESET_ON_INIT ) |
BIT ( HCI_UART_CREATE_AMP ) |
2014-07-11 09:12:58 +04:00
BIT ( HCI_UART_INIT_PENDING ) |
2015-04-05 02:13:01 +03:00
BIT ( HCI_UART_EXT_CONFIG ) |
BIT ( HCI_UART_VND_DETECT ) ;
2014-07-11 09:12:57 +04:00
2015-04-01 23:51:51 +03:00
if ( flags & ~ valid_flags )
2014-07-11 09:12:57 +04:00
return - EINVAL ;
hu - > hdev_flags = flags ;
return 0 ;
}
2005-04-17 02:20:36 +04:00
/* hci_uart_tty_ioctl()
*
* Process IOCTL system call for the tty device .
*
* Arguments :
*
* tty pointer to tty instance data
* file pointer to open file object for device
* cmd IOCTL command code
* arg argument for IOCTL call ( cmd dependent )
*
* Return Value : Command dependent
*/
2015-04-05 05:57:22 +03:00
static int hci_uart_tty_ioctl ( struct tty_struct * tty , struct file * file ,
unsigned int cmd , unsigned long arg )
2005-04-17 02:20:36 +04:00
{
2015-04-05 05:57:21 +03:00
struct hci_uart * hu = tty - > disc_data ;
2005-04-17 02:20:36 +04:00
int err = 0 ;
BT_DBG ( " " ) ;
/* Verify the status of the device */
if ( ! hu )
return - EBADF ;
switch ( cmd ) {
case HCIUARTSETPROTO :
if ( ! test_and_set_bit ( HCI_UART_PROTO_SET , & hu - > flags ) ) {
err = hci_uart_set_proto ( hu , arg ) ;
2016-09-23 20:56:28 +03:00
if ( err )
2005-04-17 02:20:36 +04:00
clear_bit ( HCI_UART_PROTO_SET , & hu - > flags ) ;
2005-10-28 21:20:45 +04:00
} else
2016-09-23 20:56:28 +03:00
err = - EBUSY ;
2007-05-09 11:15:45 +04:00
break ;
2005-04-17 02:20:36 +04:00
case HCIUARTGETPROTO :
if ( test_bit ( HCI_UART_PROTO_SET , & hu - > flags ) )
2016-09-23 20:56:28 +03:00
err = hu - > proto - > id ;
else
err = - EUNATCH ;
break ;
2005-10-28 21:20:45 +04:00
2007-05-09 11:15:35 +04:00
case HCIUARTGETDEVICE :
2014-07-12 19:00:29 +04:00
if ( test_bit ( HCI_UART_REGISTERED , & hu - > flags ) )
2016-09-23 20:56:28 +03:00
err = hu - > hdev - > id ;
else
err = - EUNATCH ;
break ;
2007-05-09 11:15:35 +04:00
2010-07-12 18:37:04 +04:00
case HCIUARTSETFLAGS :
if ( test_bit ( HCI_UART_PROTO_SET , & hu - > flags ) )
2016-09-23 20:56:28 +03:00
err = - EBUSY ;
else
err = hci_uart_set_flags ( hu , arg ) ;
2010-07-12 18:37:04 +04:00
break ;
case HCIUARTGETFLAGS :
2016-09-23 20:56:28 +03:00
err = hu - > hdev_flags ;
break ;
2010-07-12 18:37:04 +04:00
2005-04-17 02:20:36 +04:00
default :
2008-10-13 13:44:17 +04:00
err = n_tty_ioctl_helper ( tty , file , cmd , arg ) ;
2005-04-17 02:20:36 +04:00
break ;
2012-09-07 19:24:39 +04:00
}
2005-04-17 02:20:36 +04:00
return err ;
}
/*
* We don ' t provide read / write / poll interface for user space .
*/
2005-10-28 21:20:45 +04:00
static ssize_t hci_uart_tty_read ( struct tty_struct * tty , struct file * file ,
2015-04-05 05:57:22 +03:00
unsigned char __user * buf , size_t nr )
2005-04-17 02:20:36 +04:00
{
return 0 ;
}
2005-10-28 21:20:45 +04:00
static ssize_t hci_uart_tty_write ( struct tty_struct * tty , struct file * file ,
2015-04-05 05:57:22 +03:00
const unsigned char * data , size_t count )
2005-04-17 02:20:36 +04:00
{
return 0 ;
}
2005-10-28 21:20:45 +04:00
2017-07-03 13:39:46 +03:00
static __poll_t hci_uart_tty_poll ( struct tty_struct * tty ,
2015-04-05 05:57:22 +03:00
struct file * filp , poll_table * wait )
2005-04-17 02:20:36 +04:00
{
return 0 ;
}
static int __init hci_uart_init ( void )
{
2008-07-17 00:53:12 +04:00
static struct tty_ldisc_ops hci_uart_ldisc ;
2005-04-17 02:20:36 +04:00
int err ;
BT_INFO ( " HCI UART driver ver %s " , VERSION ) ;
/* Register the tty discipline */
2015-07-23 14:08:52 +03:00
memset ( & hci_uart_ldisc , 0 , sizeof ( hci_uart_ldisc ) ) ;
2005-10-28 21:20:45 +04:00
hci_uart_ldisc . magic = TTY_LDISC_MAGIC ;
hci_uart_ldisc . name = " n_hci " ;
hci_uart_ldisc . open = hci_uart_tty_open ;
hci_uart_ldisc . close = hci_uart_tty_close ;
hci_uart_ldisc . read = hci_uart_tty_read ;
hci_uart_ldisc . write = hci_uart_tty_write ;
hci_uart_ldisc . ioctl = hci_uart_tty_ioctl ;
2018-09-14 05:12:15 +03:00
hci_uart_ldisc . compat_ioctl = hci_uart_tty_ioctl ;
2005-10-28 21:20:45 +04:00
hci_uart_ldisc . poll = hci_uart_tty_poll ;
hci_uart_ldisc . receive_buf = hci_uart_tty_receive ;
hci_uart_ldisc . write_wakeup = hci_uart_tty_wakeup ;
hci_uart_ldisc . owner = THIS_MODULE ;
2005-04-17 02:20:36 +04:00
2013-08-12 19:46:00 +04:00
err = tty_register_ldisc ( N_HCI , & hci_uart_ldisc ) ;
if ( err ) {
2005-04-17 02:20:36 +04:00
BT_ERR ( " HCI line discipline registration failed. (%d) " , err ) ;
return err ;
}
# ifdef CONFIG_BT_HCIUART_H4
h4_init ( ) ;
# endif
# ifdef CONFIG_BT_HCIUART_BCSP
bcsp_init ( ) ;
# endif
2007-10-20 15:42:36 +04:00
# ifdef CONFIG_BT_HCIUART_LL
ll_init ( ) ;
# endif
2010-07-19 11:04:07 +04:00
# ifdef CONFIG_BT_HCIUART_ATH3K
ath_init ( ) ;
# endif
2012-07-16 17:12:02 +04:00
# ifdef CONFIG_BT_HCIUART_3WIRE
h5_init ( ) ;
# endif
2015-07-01 13:20:26 +03:00
# ifdef CONFIG_BT_HCIUART_INTEL
intel_init ( ) ;
# endif
2015-04-06 08:52:18 +03:00
# ifdef CONFIG_BT_HCIUART_BCM
bcm_init ( ) ;
# endif
2015-08-11 00:24:17 +03:00
# ifdef CONFIG_BT_HCIUART_QCA
qca_init ( ) ;
# endif
2016-02-22 12:48:03 +03:00
# ifdef CONFIG_BT_HCIUART_AG6XX
ag6xx_init ( ) ;
# endif
2016-09-19 17:29:27 +03:00
# ifdef CONFIG_BT_HCIUART_MRVL
mrvl_init ( ) ;
# endif
2007-10-20 15:42:36 +04:00
2005-04-17 02:20:36 +04:00
return 0 ;
}
static void __exit hci_uart_exit ( void )
{
int err ;
# ifdef CONFIG_BT_HCIUART_H4
h4_deinit ( ) ;
# endif
# ifdef CONFIG_BT_HCIUART_BCSP
bcsp_deinit ( ) ;
# endif
2007-10-20 15:42:36 +04:00
# ifdef CONFIG_BT_HCIUART_LL
ll_deinit ( ) ;
# endif
2010-07-19 11:04:07 +04:00
# ifdef CONFIG_BT_HCIUART_ATH3K
ath_deinit ( ) ;
# endif
2012-07-16 17:12:02 +04:00
# ifdef CONFIG_BT_HCIUART_3WIRE
h5_deinit ( ) ;
# endif
2015-07-01 13:20:26 +03:00
# ifdef CONFIG_BT_HCIUART_INTEL
intel_deinit ( ) ;
# endif
2015-04-06 08:52:18 +03:00
# ifdef CONFIG_BT_HCIUART_BCM
bcm_deinit ( ) ;
# endif
2015-08-11 00:24:17 +03:00
# ifdef CONFIG_BT_HCIUART_QCA
qca_deinit ( ) ;
# endif
2016-02-22 12:48:03 +03:00
# ifdef CONFIG_BT_HCIUART_AG6XX
ag6xx_deinit ( ) ;
# endif
2016-09-19 17:29:27 +03:00
# ifdef CONFIG_BT_HCIUART_MRVL
mrvl_deinit ( ) ;
# endif
2005-04-17 02:20:36 +04:00
/* Release tty registration of line discipline */
2013-08-12 19:46:00 +04:00
err = tty_unregister_ldisc ( N_HCI ) ;
if ( err )
2005-04-17 02:20:36 +04:00
BT_ERR ( " Can't unregister HCI line discipline (%d) " , err ) ;
}
module_init ( hci_uart_init ) ;
module_exit ( hci_uart_exit ) ;
2008-08-18 15:23:53 +04:00
MODULE_AUTHOR ( " Marcel Holtmann <marcel@holtmann.org> " ) ;
2005-04-17 02:20:36 +04:00
MODULE_DESCRIPTION ( " Bluetooth HCI UART driver ver " VERSION ) ;
MODULE_VERSION ( VERSION ) ;
MODULE_LICENSE ( " GPL " ) ;
MODULE_ALIAS_LDISC ( N_HCI ) ;