diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2016-01-26 14:31:31 -0500 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2016-01-29 05:47:24 -0500 |
| commit | cff10ce7b4f02718ffd25e3914e60559f5ef6ca0 (patch) | |
| tree | d16e8c0b4420e75f8c496d3cf102bd80cde4ea2e /net | |
| parent | a2342c5fe5f2810b8ef6a0826bd584aa709dd2c6 (diff) | |
Bluetooth: Fix incorrect removing of IRKs
The commit cad20c278085d893ebd616cd20c0747a8e9d53c7 was supposed to
fix handling of devices first using public addresses and then
switching to RPAs after pairing. Unfortunately it missed a couple of
key places in the code.
1. When evaluating which devices should be removed from the existing
white list we also need to consider whether we have an IRK for them or
not, i.e. a call to hci_find_irk_by_addr() is needed.
2. In smp_notify_keys() we should not be requiring the knowledge of
the RPA, but should simply keep the IRK around if the other conditions
require it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.4+
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_request.c | 28 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 16 |
2 files changed, 18 insertions, 26 deletions
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c index 41b5f3813f02..c78ee2dc9323 100644 --- a/net/bluetooth/hci_request.c +++ b/net/bluetooth/hci_request.c | |||
| @@ -688,21 +688,29 @@ static u8 update_white_list(struct hci_request *req) | |||
| 688 | * command to remove it from the controller. | 688 | * command to remove it from the controller. |
| 689 | */ | 689 | */ |
| 690 | list_for_each_entry(b, &hdev->le_white_list, list) { | 690 | list_for_each_entry(b, &hdev->le_white_list, list) { |
| 691 | struct hci_cp_le_del_from_white_list cp; | 691 | /* If the device is neither in pend_le_conns nor |
| 692 | * pend_le_reports then remove it from the whitelist. | ||
| 693 | */ | ||
| 694 | if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, | ||
| 695 | &b->bdaddr, b->bdaddr_type) && | ||
| 696 | !hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 697 | &b->bdaddr, b->bdaddr_type)) { | ||
| 698 | struct hci_cp_le_del_from_white_list cp; | ||
| 699 | |||
| 700 | cp.bdaddr_type = b->bdaddr_type; | ||
| 701 | bacpy(&cp.bdaddr, &b->bdaddr); | ||
| 692 | 702 | ||
| 693 | if (hci_pend_le_action_lookup(&hdev->pend_le_conns, | 703 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, |
| 694 | &b->bdaddr, b->bdaddr_type) || | 704 | sizeof(cp), &cp); |
| 695 | hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 696 | &b->bdaddr, b->bdaddr_type)) { | ||
| 697 | white_list_entries++; | ||
| 698 | continue; | 705 | continue; |
| 699 | } | 706 | } |
| 700 | 707 | ||
| 701 | cp.bdaddr_type = b->bdaddr_type; | 708 | if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { |
| 702 | bacpy(&cp.bdaddr, &b->bdaddr); | 709 | /* White list can not be used with RPAs */ |
| 710 | return 0x00; | ||
| 711 | } | ||
| 703 | 712 | ||
| 704 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, | 713 | white_list_entries++; |
| 705 | sizeof(cp), &cp); | ||
| 706 | } | 714 | } |
| 707 | 715 | ||
| 708 | /* Since all no longer valid white list entries have been | 716 | /* Since all no longer valid white list entries have been |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index ffed8a1d4f27..4b175df35184 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -1072,22 +1072,6 @@ static void smp_notify_keys(struct l2cap_conn *conn) | |||
| 1072 | hcon->dst_type = smp->remote_irk->addr_type; | 1072 | hcon->dst_type = smp->remote_irk->addr_type; |
| 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); | 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); |
| 1074 | } | 1074 | } |
| 1075 | |||
| 1076 | /* When receiving an indentity resolving key for | ||
| 1077 | * a remote device that does not use a resolvable | ||
| 1078 | * private address, just remove the key so that | ||
| 1079 | * it is possible to use the controller white | ||
| 1080 | * list for scanning. | ||
| 1081 | * | ||
| 1082 | * Userspace will have been told to not store | ||
| 1083 | * this key at this point. So it is safe to | ||
| 1084 | * just remove it. | ||
| 1085 | */ | ||
| 1086 | if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { | ||
| 1087 | list_del_rcu(&smp->remote_irk->list); | ||
| 1088 | kfree_rcu(smp->remote_irk, rcu); | ||
| 1089 | smp->remote_irk = NULL; | ||
| 1090 | } | ||
| 1091 | } | 1075 | } |
| 1092 | 1076 | ||
| 1093 | if (smp->csrk) { | 1077 | if (smp->csrk) { |