Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Conflicts: net/bluetooth/hci_event.c
author: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-11 21:36:42 -0400
committer: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2012-06-11 21:36:42 -0400
commit: cbe461c526e1e0f8b55f91180df64f02d8daed45 (patch)
tree: e0d785c63d550d81cb42960ac490aebef4bc965c /net/bluetooth
parent: 1d0c4da8f717937aeda47a72bc769d80f8776795 (diff)
parent: 1c2e004183178e1947882cd2e74f37826f45230e (diff)
4 files changed, 79 insertions, 5 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 47656beee14c..1ba929c05d0d 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3040,6 +3040,50 @@ static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
        hci_dev_unlock(hdev);
 }
+static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
+                                         struct sk_buff *skb)
+{
+        struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
+        struct hci_conn *conn;
+        BT_DBG("%s status %u handle %u", hdev->name, ev->status,
+               __le16_to_cpu(ev->handle));
+        hci_dev_lock(hdev);
+        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
+        if (!conn)
+                goto unlock;
+        if (!ev->status)
+                conn->sec_level = conn->pending_sec_level;
+        clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
+        if (ev->status && conn->state == BT_CONNECTED) {
+                hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
+                hci_conn_put(conn);
+                goto unlock;
+        }
+        if (conn->state == BT_CONFIG) {
+                if (!ev->status)
+                        conn->state = BT_CONNECTED;
+                hci_proto_connect_cfm(conn, ev->status);
+                hci_conn_put(conn);
+        } else {
+                hci_auth_cfm(conn, ev->status);
+                hci_conn_hold(conn);
+                conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+                hci_conn_put(conn);
+        }
+unlock:
+        hci_dev_unlock(hdev);
+}
 static u8 hci_get_auth_req(struct hci_conn *conn)
 {
        /* If remote requests dedicated bonding follow that lead */
@@ -3560,6 +3604,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
                hci_extended_inquiry_result_evt(hdev, skb);
                break;
+        case HCI_EV_KEY_REFRESH_COMPLETE:
+                hci_key_refresh_complete_evt(hdev, skb);
+                break;
        case HCI_EV_IO_CAPA_REQUEST:
                hci_io_capa_request_evt(hdev, skb);
                break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index f9bffe3af026..4ca88247b7c2 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1314,7 +1314,12 @@ static void security_timeout(struct work_struct *work)
        struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
                                                security_timer.work);
-        l2cap_conn_del(conn->hcon, ETIMEDOUT);
+        BT_DBG("conn %p", conn);
+        if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
+                smp_chan_destroy(conn);
+                l2cap_conn_del(conn->hcon, ETIMEDOUT);
+        }
 }
 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 958f764cc6ab..c72307cc25fc 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -1873,6 +1873,22 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status)
                pairing_complete(cmd, mgmt_status(status));
 }
+static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
+{
+        struct pending_cmd *cmd;
+        BT_DBG("status %u", status);
+        if (!status)
+                return;
+        cmd = find_pairing(conn);
+        if (!cmd)
+                BT_DBG("Unable to find a pending command");
+        else
+                pairing_complete(cmd, mgmt_status(status));
+}
 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
                       u16 len)
 {
@@ -1941,6 +1957,8 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
        /* For LE, just connecting isn't a proof that the pairing finished */
        if (cp->addr.type == BDADDR_BREDR)
                conn->connect_cfm_cb = pairing_complete_cb;
+        else
+                conn->connect_cfm_cb = le_connect_complete_cb;
        conn->security_cfm_cb = pairing_complete_cb;
        conn->disconn_cfm_cb = pairing_complete_cb;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index ff4835b61de9..16ef0dc85a0a 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -649,7 +649,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb)
        auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;
-        ret = tk_request(conn, 0, auth, rsp->io_capability, req->io_capability);
+        ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
        if (ret)
                return SMP_UNSPECIFIED;
@@ -704,7 +704,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
        return 0;
 }
-static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
+static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
 {
        struct smp_ltk *key;
        struct hci_conn *hcon = conn->hcon;
@@ -713,6 +713,9 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
        if (!key)
                return 0;
+        if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
+                return 0;
        if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
                return 1;
@@ -733,7 +736,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
-        if (smp_ltk_encrypt(conn))
+        if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
                return 0;
        if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
@@ -772,7 +775,7 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
                return 1;
        if (hcon->link_mode & HCI_LM_MASTER)
-                if (smp_ltk_encrypt(conn))
+                if (smp_ltk_encrypt(conn, sec_level))
                        goto done;
        if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
author	Gustavo Padovan <gustavo.padovan@collabora.co.uk>	2012-06-11 21:36:42 -0400
committer	Gustavo Padovan <gustavo.padovan@collabora.co.uk>	2012-06-11 21:36:42 -0400
commit	cbe461c526e1e0f8b55f91180df64f02d8daed45 (patch)
tree	e0d785c63d550d81cb42960ac490aebef4bc965c /net/bluetooth
parent	1d0c4da8f717937aeda47a72bc769d80f8776795 (diff)
parent	1c2e004183178e1947882cd2e74f37826f45230e (diff)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 47656beee14c..1ba929c05d0d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -3040,6 +3040,50 @@ static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3040	hci_dev_unlock(hdev);	3040	hci_dev_unlock(hdev);
3041	}	3041	}
3042		3042
		3043	static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
		3044	struct sk_buff *skb)
		3045	{
		3046	struct hci_ev_key_refresh_complete ev = (void ) skb->data;
		3047	struct hci_conn *conn;
		3048
		3049	BT_DBG("%s status %u handle %u", hdev->name, ev->status,
		3050	__le16_to_cpu(ev->handle));
		3051
		3052	hci_dev_lock(hdev);
		3053
		3054	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
		3055	if (!conn)
		3056	goto unlock;
		3057
		3058	if (!ev->status)
		3059	conn->sec_level = conn->pending_sec_level;
		3060
		3061	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
		3062
		3063	if (ev->status && conn->state == BT_CONNECTED) {
		3064	hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
		3065	hci_conn_put(conn);
		3066	goto unlock;
		3067	}
		3068
		3069	if (conn->state == BT_CONFIG) {
		3070	if (!ev->status)
		3071	conn->state = BT_CONNECTED;
		3072
		3073	hci_proto_connect_cfm(conn, ev->status);
		3074	hci_conn_put(conn);
		3075	} else {
		3076	hci_auth_cfm(conn, ev->status);
		3077
		3078	hci_conn_hold(conn);
		3079	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
		3080	hci_conn_put(conn);
		3081	}
		3082
		3083	unlock:
		3084	hci_dev_unlock(hdev);
		3085	}
		3086
3043	static u8 hci_get_auth_req(struct hci_conn *conn)	3087	static u8 hci_get_auth_req(struct hci_conn *conn)
3044	{	3088	{
3045	/* If remote requests dedicated bonding follow that lead */	3089	/* If remote requests dedicated bonding follow that lead */
@@ -3560,6 +3604,10 @@ void hci_event_packet(struct hci_dev hdev, struct sk_buff skb)
3560	hci_extended_inquiry_result_evt(hdev, skb);	3604	hci_extended_inquiry_result_evt(hdev, skb);
3561	break;	3605	break;
3562		3606
		3607	case HCI_EV_KEY_REFRESH_COMPLETE:
		3608	hci_key_refresh_complete_evt(hdev, skb);
		3609	break;
		3610
3563	case HCI_EV_IO_CAPA_REQUEST:	3611	case HCI_EV_IO_CAPA_REQUEST:
3564	hci_io_capa_request_evt(hdev, skb);	3612	hci_io_capa_request_evt(hdev, skb);
3565	break;	3613	break;


diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index f9bffe3af026..4ca88247b7c2 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c
@@ -1314,7 +1314,12 @@ static void security_timeout(struct work_struct *work)
1314	struct l2cap_conn *conn = container_of(work, struct l2cap_conn,	1314	struct l2cap_conn *conn = container_of(work, struct l2cap_conn,
1315	security_timer.work);	1315	security_timer.work);
1316		1316
1317	l2cap_conn_del(conn->hcon, ETIMEDOUT);	1317	BT_DBG("conn %p", conn);
		1318
		1319	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
		1320	smp_chan_destroy(conn);
		1321	l2cap_conn_del(conn->hcon, ETIMEDOUT);
		1322	}
1318	}	1323	}
1319		1324
1320	static struct l2cap_conn l2cap_conn_add(struct hci_conn hcon, u8 status)	1325	static struct l2cap_conn l2cap_conn_add(struct hci_conn hcon, u8 status)


diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 958f764cc6ab..c72307cc25fc 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c
@@ -1873,6 +1873,22 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1873	pairing_complete(cmd, mgmt_status(status));	1873	pairing_complete(cmd, mgmt_status(status));
1874	}	1874	}
1875		1875
		1876	static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
		1877	{
		1878	struct pending_cmd *cmd;
		1879
		1880	BT_DBG("status %u", status);
		1881
		1882	if (!status)
		1883	return;
		1884
		1885	cmd = find_pairing(conn);
		1886	if (!cmd)
		1887	BT_DBG("Unable to find a pending command");
		1888	else
		1889	pairing_complete(cmd, mgmt_status(status));
		1890	}
		1891
1876	static int pair_device(struct sock sk, struct hci_dev hdev, void *data,	1892	static int pair_device(struct sock sk, struct hci_dev hdev, void *data,
1877	u16 len)	1893	u16 len)
1878	{	1894	{
@@ -1941,6 +1957,8 @@ static int pair_device(struct sock sk, struct hci_dev hdev, void *data,
1941	/* For LE, just connecting isn't a proof that the pairing finished */	1957	/* For LE, just connecting isn't a proof that the pairing finished */
1942	if (cp->addr.type == BDADDR_BREDR)	1958	if (cp->addr.type == BDADDR_BREDR)
1943	conn->connect_cfm_cb = pairing_complete_cb;	1959	conn->connect_cfm_cb = pairing_complete_cb;
		1960	else
		1961	conn->connect_cfm_cb = le_connect_complete_cb;
1944		1962
1945	conn->security_cfm_cb = pairing_complete_cb;	1963	conn->security_cfm_cb = pairing_complete_cb;
1946	conn->disconn_cfm_cb = pairing_complete_cb;	1964	conn->disconn_cfm_cb = pairing_complete_cb;


diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index ff4835b61de9..16ef0dc85a0a 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c
@@ -649,7 +649,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn conn, struct sk_buff skb)
649		649
650	auth \|= (req->auth_req \| rsp->auth_req) & SMP_AUTH_MITM;	650	auth \|= (req->auth_req \| rsp->auth_req) & SMP_AUTH_MITM;
651		651
652	ret = tk_request(conn, 0, auth, rsp->io_capability, req->io_capability);	652	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);
653	if (ret)	653	if (ret)
654	return SMP_UNSPECIFIED;	654	return SMP_UNSPECIFIED;
655		655
@@ -704,7 +704,7 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn conn, struct sk_buff skb)
704	return 0;	704	return 0;
705	}	705	}
706		706
707	static u8 smp_ltk_encrypt(struct l2cap_conn *conn)	707	static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
708	{	708	{
709	struct smp_ltk *key;	709	struct smp_ltk *key;
710	struct hci_conn *hcon = conn->hcon;	710	struct hci_conn *hcon = conn->hcon;
@@ -713,6 +713,9 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn)
713	if (!key)	713	if (!key)
714	return 0;	714	return 0;
715		715
		716	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)
		717	return 0;
		718
716	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))	719	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
717	return 1;	720	return 1;
718		721
@@ -733,7 +736,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn conn, struct sk_buff skb)
733		736
734	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);	737	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);
735		738
736	if (smp_ltk_encrypt(conn))	739	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))
737	return 0;	740	return 0;
738		741
739	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))	742	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
@@ -772,7 +775,7 @@ int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
772	return 1;	775	return 1;
773		776
774	if (hcon->link_mode & HCI_LM_MASTER)	777	if (hcon->link_mode & HCI_LM_MASTER)
775	if (smp_ltk_encrypt(conn))	778	if (smp_ltk_encrypt(conn, sec_level))
776	goto done;	779	goto done;
777		780
778	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))	781	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))