lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1391997564-1805-1-git-send-email-peter@hurleysoftware.com>
Date:	Sun,  9 Feb 2014 20:59:00 -0500
From:	Peter Hurley <peter@...leysoftware.com>
To:	Marcel Holtmann <marcel@...tmann.org>
Cc:	Gustavo Padovan <gustavo@...ovan.org>,
	Johan Hedberg <johan.hedberg@...il.com>,
	Gianluca Anzolin <gianluca@...tospazio.it>,
	Alexander Holler <holler@...oftware.de>,
	Andrey Vihrov <andrey.vihrov@...il.com>,
	Sander Eikelenboom <linux@...elenboom.it>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
	Peter Hurley <peter@...leysoftware.com>
Subject: [PATCH 00/24] rfcomm fixes

Marcel,

This patch series addresses a number of previously unknown issues
with the RFCOMM tty device implementation, in addition to
addressing the locking regression recently reported [1].

As Gianluca suggested and I agree, this series first reverts
3 of the 4 patches of 3.14-rc1 for bluetooth/rfcomm/tty.c.

The reasoning is detailed in the changelog for
  Revert "Bluetooth: Always wait for a connection on RFCOMM open()"
but the short answer is that it re-implements a long-standing
bug by blocking on a non-blocking open.

This patch series corrects the reported regressions from 3.13
(to the extent that correction is required). Specifically,
the ModemManager regression reported by Gianluca Anzolin [2]
and the rfcomm bind with wvdial reported by Andrey Vihrov [3].

tty: Fix ref counting for port krefs
Bluetooth: Fix racy acquire of rfcomm_dev reference
Bluetooth: Exclude released devices from RFCOMMGETDEVLIST ioctl
Bluetooth: Release rfcomm_dev only once
Bluetooth: Fix unreleased rfcomm_dev reference
   These first 5 patches after the reverts
   fix 4 different rfcomm_dev ref count mishandling bugs.

Bluetooth: Fix RFCOMM tty teardown race and
Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls
   Fix races which occur due to the design of the rfcomm ioctls
   (note that buses don't have these kinds of races).

Bluetooth: Verify dlci not in use before rfcomm_dev create
Bluetooth: Simplify RFCOMM session state eval
Bluetooth: Refactor deferred setup test in rfcomm_dlc_close()
Bluetooth: Refactor dlc disconnect logic in rfcomm_dlc_close()
Bluetooth: Directly close dlc for not yet started RFCOMM session
   These 5 patches fix issues with reusing the dlci after
   closing the tty (found by unit test).

Bluetooth: Fix unsafe RFCOMM device parenting
Bluetooth: Fix RFCOMM parent device for reused dlc
   These 2 patches fix the ModemManager regression.

Bluetooth: Refactor rfcomm_dev_add()
Bluetooth: Cleanup RFCOMM device registration error handling
   These 2 patches fix an unreleased module reference while
   error handling.

Bluetooth: Rename __rfcomm_dev_get() to __rfcomm_dev_lookup()
   This is a trivial naming patch with no functional impact.

Bluetooth: Force -EIO from tty read/write if .activate() fails
   The tty core provides an existing mechanism for failing
   reads/writes if device activation fails (like an error
   allocating the dlc).

Bluetooth: Don't fail RFCOMM tty writes
   This patch implements buffered writes even if the device
   is not connected.

While unit testing this, I discovered a serious defect in
the way available space is computed that under-utilizes
rfcomm i/o and may even halt further tx on that link, which
is fixed by:
  Bluetooth: Refactor write_room() calculation
  Bluetooth: Fix write_room() calculation


Note that this series does not fix the naively inefficient
method of packetizing tty output; packetizing should be
done on the krfcommd thread to take advantage of aggregating
multiple tty writes into 1 or more packets. Look at any
line-by-line console output to realize how under-utilized
the rfcomm tty packeting is.

[1] http://www.spinics.net/lists/linux-wireless/msg117818.html
[2] http://www.spinics.net/lists/linux-bluetooth/msg42075.html
[3] http://www.spinics.net/lists/linux-bluetooth/msg42057.html


Regards,


Peter Hurley (24):
  Revert "Bluetooth: Remove rfcomm_carrier_raised()"
  Revert "Bluetooth: Always wait for a connection on RFCOMM open()"
  Revert "Bluetooth: Move rfcomm_get_device() before
    rfcomm_dev_activate()"
  tty: Fix ref counting for port krefs
  Bluetooth: Fix racy acquire of rfcomm_dev reference
  Bluetooth: Exclude released devices from RFCOMMGETDEVLIST ioctl
  Bluetooth: Release rfcomm_dev only once
  Bluetooth: Fix unreleased rfcomm_dev reference
  Bluetooth: Fix RFCOMM tty teardown race
  Bluetooth: Verify dlci not in use before rfcomm_dev create
  Bluetooth: Simplify RFCOMM session state eval
  Bluetooth: Refactor deferred setup test in rfcomm_dlc_close()
  Bluetooth: Refactor dlc disconnect logic in rfcomm_dlc_close()
  Bluetooth: Directly close dlc for not yet started RFCOMM session
  Bluetooth: Fix unsafe RFCOMM device parenting
  Bluetooth: Fix RFCOMM parent device for reused dlc
  Bluetooth: Rename __rfcomm_dev_get() to __rfcomm_dev_lookup()
  Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls
  Bluetooth: Refactor rfcomm_dev_add()
  Bluetooth: Cleanup RFCOMM device registration error handling
  Bluetooth: Force -EIO from tty read/write if .activate() fails
  Bluetooth: Don't fail RFCOMM tty writes
  Bluetooth: Refactor write_room() calculation
  Bluetooth: Fix write_room() calculation

 include/linux/tty.h            |   6 +-
 include/net/bluetooth/rfcomm.h |   9 +-
 net/bluetooth/rfcomm/core.c    |  88 ++++++++++----
 net/bluetooth/rfcomm/tty.c     | 262 ++++++++++++++++++++++-------------------
 4 files changed, 223 insertions(+), 142 deletions(-)

-- 
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ