diff options
| author | David S. Miller <davem@davemloft.net> | 2016-01-30 18:32:42 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-01-30 18:32:42 -0500 |
| commit | 53729eb174c1589f9185340ffe8c10b3f39f3ef3 (patch) | |
| tree | f72309f53abf3a5b99d1e56270291c6abaeede3d /net | |
| parent | 99b4dd9f2423130875ac486fe587cd103c64f753 (diff) | |
| parent | cff10ce7b4f02718ffd25e3914e60559f5ef6ca0 (diff) | |
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Johan Hedberg says:
====================
pull request: bluetooth 2016-01-30
Here's a set of important Bluetooth fixes for the 4.5 kernel:
- Two fixes to 6LoWPAN code (one fixing a potential crash)
- Fix LE pairing with devices using both public and random addresses
- Fix allocation of dynamic LE PSM values
- Fix missing COMPATIBLE_IOCTL for UART line discipline
Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/6lowpan.c | 7 | ||||
| -rw-r--r-- | net/bluetooth/hci_request.c | 28 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 14 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_sock.c | 12 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 16 |
5 files changed, 42 insertions, 35 deletions
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index d040365ba98e..8a4cc2f7f0db 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c | |||
| @@ -307,6 +307,9 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 307 | 307 | ||
| 308 | /* check that it's our buffer */ | 308 | /* check that it's our buffer */ |
| 309 | if (lowpan_is_ipv6(*skb_network_header(skb))) { | 309 | if (lowpan_is_ipv6(*skb_network_header(skb))) { |
| 310 | /* Pull off the 1-byte of 6lowpan header. */ | ||
| 311 | skb_pull(skb, 1); | ||
| 312 | |||
| 310 | /* Copy the packet so that the IPv6 header is | 313 | /* Copy the packet so that the IPv6 header is |
| 311 | * properly aligned. | 314 | * properly aligned. |
| 312 | */ | 315 | */ |
| @@ -317,6 +320,7 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 317 | 320 | ||
| 318 | local_skb->protocol = htons(ETH_P_IPV6); | 321 | local_skb->protocol = htons(ETH_P_IPV6); |
| 319 | local_skb->pkt_type = PACKET_HOST; | 322 | local_skb->pkt_type = PACKET_HOST; |
| 323 | local_skb->dev = dev; | ||
| 320 | 324 | ||
| 321 | skb_set_transport_header(local_skb, sizeof(struct ipv6hdr)); | 325 | skb_set_transport_header(local_skb, sizeof(struct ipv6hdr)); |
| 322 | 326 | ||
| @@ -335,6 +339,8 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 335 | if (!local_skb) | 339 | if (!local_skb) |
| 336 | goto drop; | 340 | goto drop; |
| 337 | 341 | ||
| 342 | local_skb->dev = dev; | ||
| 343 | |||
| 338 | ret = iphc_decompress(local_skb, dev, chan); | 344 | ret = iphc_decompress(local_skb, dev, chan); |
| 339 | if (ret < 0) { | 345 | if (ret < 0) { |
| 340 | kfree_skb(local_skb); | 346 | kfree_skb(local_skb); |
| @@ -343,7 +349,6 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 343 | 349 | ||
| 344 | local_skb->protocol = htons(ETH_P_IPV6); | 350 | local_skb->protocol = htons(ETH_P_IPV6); |
| 345 | local_skb->pkt_type = PACKET_HOST; | 351 | local_skb->pkt_type = PACKET_HOST; |
| 346 | local_skb->dev = dev; | ||
| 347 | 352 | ||
| 348 | if (give_skb_to_upper(local_skb, dev) | 353 | if (give_skb_to_upper(local_skb, dev) |
| 349 | != NET_RX_SUCCESS) { | 354 | != NET_RX_SUCCESS) { |
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c index 41b5f3813f02..c78ee2dc9323 100644 --- a/net/bluetooth/hci_request.c +++ b/net/bluetooth/hci_request.c | |||
| @@ -688,21 +688,29 @@ static u8 update_white_list(struct hci_request *req) | |||
| 688 | * command to remove it from the controller. | 688 | * command to remove it from the controller. |
| 689 | */ | 689 | */ |
| 690 | list_for_each_entry(b, &hdev->le_white_list, list) { | 690 | list_for_each_entry(b, &hdev->le_white_list, list) { |
| 691 | struct hci_cp_le_del_from_white_list cp; | 691 | /* If the device is neither in pend_le_conns nor |
| 692 | * pend_le_reports then remove it from the whitelist. | ||
| 693 | */ | ||
| 694 | if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, | ||
| 695 | &b->bdaddr, b->bdaddr_type) && | ||
| 696 | !hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 697 | &b->bdaddr, b->bdaddr_type)) { | ||
| 698 | struct hci_cp_le_del_from_white_list cp; | ||
| 699 | |||
| 700 | cp.bdaddr_type = b->bdaddr_type; | ||
| 701 | bacpy(&cp.bdaddr, &b->bdaddr); | ||
| 692 | 702 | ||
| 693 | if (hci_pend_le_action_lookup(&hdev->pend_le_conns, | 703 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, |
| 694 | &b->bdaddr, b->bdaddr_type) || | 704 | sizeof(cp), &cp); |
| 695 | hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 696 | &b->bdaddr, b->bdaddr_type)) { | ||
| 697 | white_list_entries++; | ||
| 698 | continue; | 705 | continue; |
| 699 | } | 706 | } |
| 700 | 707 | ||
| 701 | cp.bdaddr_type = b->bdaddr_type; | 708 | if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { |
| 702 | bacpy(&cp.bdaddr, &b->bdaddr); | 709 | /* White list can not be used with RPAs */ |
| 710 | return 0x00; | ||
| 711 | } | ||
| 703 | 712 | ||
| 704 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, | 713 | white_list_entries++; |
| 705 | sizeof(cp), &cp); | ||
| 706 | } | 714 | } |
| 707 | 715 | ||
| 708 | /* Since all no longer valid white list entries have been | 716 | /* Since all no longer valid white list entries have been |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 39a5149f3010..eb4f5f24cbe3 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -197,10 +197,20 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) | |||
| 197 | chan->sport = psm; | 197 | chan->sport = psm; |
| 198 | err = 0; | 198 | err = 0; |
| 199 | } else { | 199 | } else { |
| 200 | u16 p; | 200 | u16 p, start, end, incr; |
| 201 | |||
| 202 | if (chan->src_type == BDADDR_BREDR) { | ||
| 203 | start = L2CAP_PSM_DYN_START; | ||
| 204 | end = L2CAP_PSM_AUTO_END; | ||
| 205 | incr = 2; | ||
| 206 | } else { | ||
| 207 | start = L2CAP_PSM_LE_DYN_START; | ||
| 208 | end = L2CAP_PSM_LE_DYN_END; | ||
| 209 | incr = 1; | ||
| 210 | } | ||
| 201 | 211 | ||
| 202 | err = -EINVAL; | 212 | err = -EINVAL; |
| 203 | for (p = 0x1001; p < 0x1100; p += 2) | 213 | for (p = start; p <= end; p += incr) |
| 204 | if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) { | 214 | if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) { |
| 205 | chan->psm = cpu_to_le16(p); | 215 | chan->psm = cpu_to_le16(p); |
| 206 | chan->sport = cpu_to_le16(p); | 216 | chan->sport = cpu_to_le16(p); |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 1bb551527044..e4cae72895a7 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
| @@ -58,7 +58,7 @@ static int l2cap_validate_bredr_psm(u16 psm) | |||
| 58 | return -EINVAL; | 58 | return -EINVAL; |
| 59 | 59 | ||
| 60 | /* Restrict usage of well-known PSMs */ | 60 | /* Restrict usage of well-known PSMs */ |
| 61 | if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) | 61 | if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE)) |
| 62 | return -EACCES; | 62 | return -EACCES; |
| 63 | 63 | ||
| 64 | return 0; | 64 | return 0; |
| @@ -67,11 +67,11 @@ static int l2cap_validate_bredr_psm(u16 psm) | |||
| 67 | static int l2cap_validate_le_psm(u16 psm) | 67 | static int l2cap_validate_le_psm(u16 psm) |
| 68 | { | 68 | { |
| 69 | /* Valid LE_PSM ranges are defined only until 0x00ff */ | 69 | /* Valid LE_PSM ranges are defined only until 0x00ff */ |
| 70 | if (psm > 0x00ff) | 70 | if (psm > L2CAP_PSM_LE_DYN_END) |
| 71 | return -EINVAL; | 71 | return -EINVAL; |
| 72 | 72 | ||
| 73 | /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ | 73 | /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ |
| 74 | if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) | 74 | if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE)) |
| 75 | return -EACCES; | 75 | return -EACCES; |
| 76 | 76 | ||
| 77 | return 0; | 77 | return 0; |
| @@ -125,6 +125,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
| 125 | goto done; | 125 | goto done; |
| 126 | } | 126 | } |
| 127 | 127 | ||
| 128 | bacpy(&chan->src, &la.l2_bdaddr); | ||
| 129 | chan->src_type = la.l2_bdaddr_type; | ||
| 130 | |||
| 128 | if (la.l2_cid) | 131 | if (la.l2_cid) |
| 129 | err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); | 132 | err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); |
| 130 | else | 133 | else |
| @@ -156,9 +159,6 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
| 156 | break; | 159 | break; |
| 157 | } | 160 | } |
| 158 | 161 | ||
| 159 | bacpy(&chan->src, &la.l2_bdaddr); | ||
| 160 | chan->src_type = la.l2_bdaddr_type; | ||
| 161 | |||
| 162 | if (chan->psm && bdaddr_type_is_le(chan->src_type)) | 162 | if (chan->psm && bdaddr_type_is_le(chan->src_type)) |
| 163 | chan->mode = L2CAP_MODE_LE_FLOWCTL; | 163 | chan->mode = L2CAP_MODE_LE_FLOWCTL; |
| 164 | 164 | ||
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index ffed8a1d4f27..4b175df35184 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -1072,22 +1072,6 @@ static void smp_notify_keys(struct l2cap_conn *conn) | |||
| 1072 | hcon->dst_type = smp->remote_irk->addr_type; | 1072 | hcon->dst_type = smp->remote_irk->addr_type; |
| 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); | 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); |
| 1074 | } | 1074 | } |
| 1075 | |||
| 1076 | /* When receiving an indentity resolving key for | ||
| 1077 | * a remote device that does not use a resolvable | ||
| 1078 | * private address, just remove the key so that | ||
| 1079 | * it is possible to use the controller white | ||
| 1080 | * list for scanning. | ||
| 1081 | * | ||
| 1082 | * Userspace will have been told to not store | ||
| 1083 | * this key at this point. So it is safe to | ||
| 1084 | * just remove it. | ||
| 1085 | */ | ||
| 1086 | if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { | ||
| 1087 | list_del_rcu(&smp->remote_irk->list); | ||
| 1088 | kfree_rcu(smp->remote_irk, rcu); | ||
| 1089 | smp->remote_irk = NULL; | ||
| 1090 | } | ||
| 1091 | } | 1075 | } |
| 1092 | 1076 | ||
| 1093 | if (smp->csrk) { | 1077 | if (smp->csrk) { |