diff options
| author | Szymon Janc <szymon.janc@codecoup.pl> | 2018-04-03 07:40:06 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2018-04-03 10:12:56 -0400 |
| commit | 082f2300cfa1a3d9d5221c38c5eba85d4ab98bd8 (patch) | |
| tree | 2eab6fd3fe8bc4c5bc37c3c012e550e53650b953 /net/bluetooth | |
| parent | b5dbc28762fd3fd40ba76303be0c7f707826f982 (diff) | |
Bluetooth: Fix connection if directed advertising and privacy is used
Local random address needs to be updated before creating connection if
RPA from LE Direct Advertising Report was resolved in host. Otherwise
remote device might ignore connection request due to address mismatch.
This was affecting following qualification test cases:
GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C
Before patch:
< HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216
Address: 56:BC:E8:24:11:68 (Resolvable)
Identity type: Random (0x01)
Identity: F2:F1:06:3D:9C:42 (Static)
> HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022
LE Set Random Address (0x08|0x0005) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
Own address type: Random (0x01)
Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02)
> HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387
LE Direct Advertising Report (0x0b)
Num reports: 1
Event type: Connectable directed - ADV_DIRECT_IND (0x01)
Address type: Random (0x01)
Address: 53:38:DA:46:8C:45 (Resolvable)
Identity type: Public (0x00)
Identity: 11:22:33:44:55:66 (OUI 11-22-33)
Direct address type: Random (0x01)
Direct address: 7C:D6:76:8C:DF:82 (Resolvable)
Identity type: Random (0x01)
Identity: F2:F1:06:3D:9C:42 (Static)
RSSI: -74 dBm (0xb6)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: White list is not used (0x00)
Peer address type: Random (0x01)
Peer address: 53:38:DA:46:8C:45 (Resolvable)
Identity type: Public (0x00)
Identity: 11:22:33:44:55:66 (OUI 11-22-33)
Own address type: Random (0x01)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385
> HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014
LE Create Connection Cancel (0x08|0x000e) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074
LE Connection Complete (0x01)
Status: Unknown Connection Identifier (0x02)
Handle: 0
Role: Master (0x00)
Peer address type: Public (0x00)
Peer address: 00:00:00:00:00:00 (OUI 00-00-00)
Connection interval: 0.00 msec (0x0000)
Connection latency: 0 (0x0000)
Supervision timeout: 0 msec (0x0000)
Master clock accuracy: 0x00
After patch:
< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
Own address type: Random (0x01)
Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02)
> HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613
LE Set Scan Parameters (0x08|0x000b) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704
Scanning: Enabled (0x01)
Filter duplicates: Enabled (0x01)
> HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619
LE Direct Advertising Report (0x0b)
Num reports: 1
Event type: Connectable directed - ADV_DIRECT_IND (0x01)
Address type: Random (0x01)
Address: 50:52:D9:A6:48:A0 (Resolvable)
Identity type: Public (0x00)
Identity: 11:22:33:44:55:66 (OUI 11-22-33)
Direct address type: Random (0x01)
Direct address: 7C:C1:57:A5:B7:A8 (Resolvable)
Identity type: Random (0x01)
Identity: F4:28:73:5D:38:B0 (Static)
RSSI: -70 dBm (0xba)
< HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704
Scanning: Disabled (0x00)
Filter duplicates: Disabled (0x00)
> HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599
LE Set Scan Enable (0x08|0x000c) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645
Address: 7C:C1:57:A5:B7:A8 (Resolvable)
Identity type: Random (0x01)
Identity: F4:28:73:5D:38:B0 (Static)
> HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590
LE Set Random Address (0x08|0x0005) ncmd 1
Status: Success (0x00)
< HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613
Scan interval: 60.000 msec (0x0060)
Scan window: 60.000 msec (0x0060)
Filter policy: White list is not used (0x00)
Peer address type: Random (0x01)
Peer address: 50:52:D9:A6:48:A0 (Resolvable)
Identity type: Public (0x00)
Identity: 11:22:33:44:55:66 (OUI 11-22-33)
Own address type: Random (0x01)
Min connection interval: 30.00 msec (0x0018)
Max connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Min connection length: 0.000 msec (0x0000)
Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558
LE Create Connection (0x08|0x000d) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 0
Role: Master (0x00)
Peer address type: Random (0x01)
Peer address: 50:52:D9:A6:48:A0 (Resolvable)
Identity type: Public (0x00)
Identity: 11:22:33:44:55:66 (OUI 11-22-33)
Connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x07
@ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996
LE Address: 11:22:33:44:55:66 (OUI 11-22-33)
Flags: 0x00000000
Data length: 0
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/hci_conn.c | 29 | ||||
| -rw-r--r-- | net/bluetooth/hci_event.c | 15 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 2 |
3 files changed, 33 insertions, 13 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a9682534c377..45ff5dc124cc 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
| @@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) | |||
| 749 | } | 749 | } |
| 750 | 750 | ||
| 751 | static void hci_req_add_le_create_conn(struct hci_request *req, | 751 | static void hci_req_add_le_create_conn(struct hci_request *req, |
| 752 | struct hci_conn *conn) | 752 | struct hci_conn *conn, |
| 753 | bdaddr_t *direct_rpa) | ||
| 753 | { | 754 | { |
| 754 | struct hci_cp_le_create_conn cp; | 755 | struct hci_cp_le_create_conn cp; |
| 755 | struct hci_dev *hdev = conn->hdev; | 756 | struct hci_dev *hdev = conn->hdev; |
| 756 | u8 own_addr_type; | 757 | u8 own_addr_type; |
| 757 | 758 | ||
| 758 | /* Update random address, but set require_privacy to false so | 759 | /* If direct address was provided we use it instead of current |
| 759 | * that we never connect with an non-resolvable address. | 760 | * address. |
| 760 | */ | 761 | */ |
| 761 | if (hci_update_random_address(req, false, conn_use_rpa(conn), | 762 | if (direct_rpa) { |
| 762 | &own_addr_type)) | 763 | if (bacmp(&req->hdev->random_addr, direct_rpa)) |
| 763 | return; | 764 | hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, |
| 765 | direct_rpa); | ||
| 766 | |||
| 767 | /* direct address is always RPA */ | ||
| 768 | own_addr_type = ADDR_LE_DEV_RANDOM; | ||
| 769 | } else { | ||
| 770 | /* Update random address, but set require_privacy to false so | ||
| 771 | * that we never connect with an non-resolvable address. | ||
| 772 | */ | ||
| 773 | if (hci_update_random_address(req, false, conn_use_rpa(conn), | ||
| 774 | &own_addr_type)) | ||
| 775 | return; | ||
| 776 | } | ||
| 764 | 777 | ||
| 765 | memset(&cp, 0, sizeof(cp)); | 778 | memset(&cp, 0, sizeof(cp)); |
| 766 | 779 | ||
| @@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, | |||
| 825 | 838 | ||
| 826 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, | 839 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
| 827 | u8 dst_type, u8 sec_level, u16 conn_timeout, | 840 | u8 dst_type, u8 sec_level, u16 conn_timeout, |
| 828 | u8 role) | 841 | u8 role, bdaddr_t *direct_rpa) |
| 829 | { | 842 | { |
| 830 | struct hci_conn_params *params; | 843 | struct hci_conn_params *params; |
| 831 | struct hci_conn *conn; | 844 | struct hci_conn *conn; |
| @@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, | |||
| 940 | hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); | 953 | hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); |
| 941 | } | 954 | } |
| 942 | 955 | ||
| 943 | hci_req_add_le_create_conn(&req, conn); | 956 | hci_req_add_le_create_conn(&req, conn, direct_rpa); |
| 944 | 957 | ||
| 945 | create_conn: | 958 | create_conn: |
| 946 | err = hci_req_run(&req, create_le_conn_complete); | 959 | err = hci_req_run(&req, create_le_conn_complete); |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index cd3bbb766c24..139707cd9d35 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -4648,7 +4648,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, | |||
| 4648 | /* This function requires the caller holds hdev->lock */ | 4648 | /* This function requires the caller holds hdev->lock */ |
| 4649 | static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, | 4649 | static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, |
| 4650 | bdaddr_t *addr, | 4650 | bdaddr_t *addr, |
| 4651 | u8 addr_type, u8 adv_type) | 4651 | u8 addr_type, u8 adv_type, |
| 4652 | bdaddr_t *direct_rpa) | ||
| 4652 | { | 4653 | { |
| 4653 | struct hci_conn *conn; | 4654 | struct hci_conn *conn; |
| 4654 | struct hci_conn_params *params; | 4655 | struct hci_conn_params *params; |
| @@ -4699,7 +4700,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, | |||
| 4699 | } | 4700 | } |
| 4700 | 4701 | ||
| 4701 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, | 4702 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, |
| 4702 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); | 4703 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, |
| 4704 | direct_rpa); | ||
| 4703 | if (!IS_ERR(conn)) { | 4705 | if (!IS_ERR(conn)) { |
| 4704 | /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned | 4706 | /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned |
| 4705 | * by higher layer that tried to connect, if no then | 4707 | * by higher layer that tried to connect, if no then |
| @@ -4808,8 +4810,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, | |||
| 4808 | bdaddr_type = irk->addr_type; | 4810 | bdaddr_type = irk->addr_type; |
| 4809 | } | 4811 | } |
| 4810 | 4812 | ||
| 4811 | /* Check if we have been requested to connect to this device */ | 4813 | /* Check if we have been requested to connect to this device. |
| 4812 | conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); | 4814 | * |
| 4815 | * direct_addr is set only for directed advertising reports (it is NULL | ||
| 4816 | * for advertising reports) and is already verified to be RPA above. | ||
| 4817 | */ | ||
| 4818 | conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, | ||
| 4819 | direct_addr); | ||
| 4813 | if (conn && type == LE_ADV_IND) { | 4820 | if (conn && type == LE_ADV_IND) { |
| 4814 | /* Store report for later inclusion by | 4821 | /* Store report for later inclusion by |
| 4815 | * mgmt_device_connected | 4822 | * mgmt_device_connected |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc6615d59165..9b7907ebfa01 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | |||
| 7156 | hcon = hci_connect_le(hdev, dst, dst_type, | 7156 | hcon = hci_connect_le(hdev, dst, dst_type, |
| 7157 | chan->sec_level, | 7157 | chan->sec_level, |
| 7158 | HCI_LE_CONN_TIMEOUT, | 7158 | HCI_LE_CONN_TIMEOUT, |
| 7159 | HCI_ROLE_SLAVE); | 7159 | HCI_ROLE_SLAVE, NULL); |
| 7160 | else | 7160 | else |
| 7161 | hcon = hci_connect_le_scan(hdev, dst, dst_type, | 7161 | hcon = hci_connect_le_scan(hdev, dst, dst_type, |
| 7162 | chan->sec_level, | 7162 | chan->sec_level, |