aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-08-05 16:18:20 -0400
committerDavid S. Miller <davem@davemloft.net>2014-08-05 16:18:20 -0400
commitaef4f5b6db654e512ebcccab2a6e50424c05d2f9 (patch)
tree4daaee5ac85d1128233a45908dac5212f38ec7aa /net/bluetooth
parent61ab9efddf51cbc0d57356a4d650785cf5721fbe (diff)
parentdc6be9f54a4ecb0a09765d1f515ed947d86b7528 (diff)
Merge tag 'master-2014-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
Conflicts: net/6lowpan/iphc.c Minor conflicts in iphc.c were changes overlapping with some style cleanups. John W. Linville says: ==================== Please pull this last(?) batch of wireless change intended for the 3.17 stream... For the NFC bits, Samuel says: "This is a rather quiet one, we have: - A new driver from ST Microelectronics for their NCI ST21NFCB, including device tree support. - p2p support for the ST21NFCA driver - A few fixes an enhancements for the NFC digital laye" For the Atheros bits, Kalle says: "Michal and Janusz did some important RX aggregation fixes, basically we were missing RX reordering altogether. The 10.1 firmware doesn't support Ad-Hoc mode and Michal fixed ath10k so that it doesn't advertise Ad-Hoc support with that firmware. Also he implemented a workaround for a KVM issue." For the Bluetooth bits, Gustavo and Johan say: "To quote Gustavo from his previous request: 'Some last minute fixes for -next. We have a fix for a use after free in RFCOMM, another fix to an issue with ADV_DIRECT_IND and one for ADV_IND with auto-connection handling. Last, we added support for reading the codec and MWS setting for controllers that support these features.' Additionally there are fixes to LE scanning, an update to conform to the 4.1 core specification as well as fixes for tracking the page scan state. All of these fixes are important for 3.17." And, "We've got: - 6lowpan fixes/cleanups - A couple crash fixes, one for the Marvell HCI driver and another in LE SMP. - Fix for an incorrect connected state check - Fix for the bondable requirement during pairing (an issue which had crept in because of using "pairable" when in fact the actual meaning was "bondable" (these have different meanings in Bluetooth)" Along with those are some late-breaking hardware support patches in brcmfmac and b43 as well as a stray ath9k patch. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_core.c185
-rw-r--r--net/bluetooth/hci_event.c50
-rw-r--r--net/bluetooth/hidp/core.c2
-rw-r--r--net/bluetooth/mgmt.c57
-rw-r--r--net/bluetooth/rfcomm/core.c7
-rw-r--r--net/bluetooth/smp.c33
6 files changed, 287 insertions, 47 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index cfcb6055ced8..32b96f1aaf42 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -970,6 +970,62 @@ static int adv_channel_map_get(void *data, u64 *val)
970DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, 970DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
971 adv_channel_map_set, "%llu\n"); 971 adv_channel_map_set, "%llu\n");
972 972
973static int adv_min_interval_set(void *data, u64 val)
974{
975 struct hci_dev *hdev = data;
976
977 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
978 return -EINVAL;
979
980 hci_dev_lock(hdev);
981 hdev->le_adv_min_interval = val;
982 hci_dev_unlock(hdev);
983
984 return 0;
985}
986
987static int adv_min_interval_get(void *data, u64 *val)
988{
989 struct hci_dev *hdev = data;
990
991 hci_dev_lock(hdev);
992 *val = hdev->le_adv_min_interval;
993 hci_dev_unlock(hdev);
994
995 return 0;
996}
997
998DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
999 adv_min_interval_set, "%llu\n");
1000
1001static int adv_max_interval_set(void *data, u64 val)
1002{
1003 struct hci_dev *hdev = data;
1004
1005 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1006 return -EINVAL;
1007
1008 hci_dev_lock(hdev);
1009 hdev->le_adv_max_interval = val;
1010 hci_dev_unlock(hdev);
1011
1012 return 0;
1013}
1014
1015static int adv_max_interval_get(void *data, u64 *val)
1016{
1017 struct hci_dev *hdev = data;
1018
1019 hci_dev_lock(hdev);
1020 *val = hdev->le_adv_max_interval;
1021 hci_dev_unlock(hdev);
1022
1023 return 0;
1024}
1025
1026DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1027 adv_max_interval_set, "%llu\n");
1028
973static int device_list_show(struct seq_file *f, void *ptr) 1029static int device_list_show(struct seq_file *f, void *ptr)
974{ 1030{
975 struct hci_dev *hdev = f->private; 1031 struct hci_dev *hdev = f->private;
@@ -1567,7 +1623,7 @@ static void hci_set_le_support(struct hci_request *req)
1567 1623
1568 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { 1624 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1569 cp.le = 0x01; 1625 cp.le = 0x01;
1570 cp.simul = lmp_le_br_capable(hdev); 1626 cp.simul = 0x00;
1571 } 1627 }
1572 1628
1573 if (cp.le != lmp_host_le_capable(hdev)) 1629 if (cp.le != lmp_host_le_capable(hdev))
@@ -1686,6 +1742,14 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt)
1686 if (hdev->commands[22] & 0x04) 1742 if (hdev->commands[22] & 0x04)
1687 hci_set_event_mask_page_2(req); 1743 hci_set_event_mask_page_2(req);
1688 1744
1745 /* Read local codec list if the HCI command is supported */
1746 if (hdev->commands[29] & 0x20)
1747 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1748
1749 /* Get MWS transport configuration if the HCI command is supported */
1750 if (hdev->commands[30] & 0x08)
1751 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1752
1689 /* Check for Synchronization Train support */ 1753 /* Check for Synchronization Train support */
1690 if (lmp_sync_train_capable(hdev)) 1754 if (lmp_sync_train_capable(hdev))
1691 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); 1755 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
@@ -1825,6 +1889,10 @@ static int __hci_init(struct hci_dev *hdev)
1825 hdev, &supervision_timeout_fops); 1889 hdev, &supervision_timeout_fops);
1826 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs, 1890 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1827 hdev, &adv_channel_map_fops); 1891 hdev, &adv_channel_map_fops);
1892 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1893 hdev, &adv_min_interval_fops);
1894 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1895 hdev, &adv_max_interval_fops);
1828 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev, 1896 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1829 &device_list_fops); 1897 &device_list_fops);
1830 debugfs_create_u16("discov_interleaved_timeout", 0644, 1898 debugfs_create_u16("discov_interleaved_timeout", 0644,
@@ -2453,14 +2521,14 @@ int hci_dev_open(__u16 dev)
2453 flush_workqueue(hdev->req_workqueue); 2521 flush_workqueue(hdev->req_workqueue);
2454 2522
2455 /* For controllers not using the management interface and that 2523 /* For controllers not using the management interface and that
2456 * are brought up using legacy ioctl, set the HCI_PAIRABLE bit 2524 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2457 * so that pairing works for them. Once the management interface 2525 * so that pairing works for them. Once the management interface
2458 * is in use this bit will be cleared again and userspace has 2526 * is in use this bit will be cleared again and userspace has
2459 * to explicitly enable it. 2527 * to explicitly enable it.
2460 */ 2528 */
2461 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && 2529 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2462 !test_bit(HCI_MGMT, &hdev->dev_flags)) 2530 !test_bit(HCI_MGMT, &hdev->dev_flags))
2463 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 2531 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2464 2532
2465 err = hci_dev_do_open(hdev); 2533 err = hci_dev_do_open(hdev);
2466 2534
@@ -3639,6 +3707,7 @@ int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3639 list_add(&params->action, &hdev->pend_le_reports); 3707 list_add(&params->action, &hdev->pend_le_reports);
3640 hci_update_background_scan(hdev); 3708 hci_update_background_scan(hdev);
3641 break; 3709 break;
3710 case HCI_AUTO_CONN_DIRECT:
3642 case HCI_AUTO_CONN_ALWAYS: 3711 case HCI_AUTO_CONN_ALWAYS:
3643 if (!is_connected(hdev, addr, addr_type)) { 3712 if (!is_connected(hdev, addr, addr_type)) {
3644 list_add(&params->action, &hdev->pend_le_conns); 3713 list_add(&params->action, &hdev->pend_le_conns);
@@ -3914,6 +3983,8 @@ struct hci_dev *hci_alloc_dev(void)
3914 hdev->sniff_min_interval = 80; 3983 hdev->sniff_min_interval = 80;
3915 3984
3916 hdev->le_adv_channel_map = 0x07; 3985 hdev->le_adv_channel_map = 0x07;
3986 hdev->le_adv_min_interval = 0x0800;
3987 hdev->le_adv_max_interval = 0x0800;
3917 hdev->le_scan_interval = 0x0060; 3988 hdev->le_scan_interval = 0x0060;
3918 hdev->le_scan_window = 0x0030; 3989 hdev->le_scan_window = 0x0030;
3919 hdev->le_conn_min_interval = 0x0028; 3990 hdev->le_conn_min_interval = 0x0028;
@@ -5397,12 +5468,113 @@ void hci_req_add_le_scan_disable(struct hci_request *req)
5397 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 5468 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5398} 5469}
5399 5470
5471static void add_to_white_list(struct hci_request *req,
5472 struct hci_conn_params *params)
5473{
5474 struct hci_cp_le_add_to_white_list cp;
5475
5476 cp.bdaddr_type = params->addr_type;
5477 bacpy(&cp.bdaddr, &params->addr);
5478
5479 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5480}
5481
5482static u8 update_white_list(struct hci_request *req)
5483{
5484 struct hci_dev *hdev = req->hdev;
5485 struct hci_conn_params *params;
5486 struct bdaddr_list *b;
5487 uint8_t white_list_entries = 0;
5488
5489 /* Go through the current white list programmed into the
5490 * controller one by one and check if that address is still
5491 * in the list of pending connections or list of devices to
5492 * report. If not present in either list, then queue the
5493 * command to remove it from the controller.
5494 */
5495 list_for_each_entry(b, &hdev->le_white_list, list) {
5496 struct hci_cp_le_del_from_white_list cp;
5497
5498 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5499 &b->bdaddr, b->bdaddr_type) ||
5500 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5501 &b->bdaddr, b->bdaddr_type)) {
5502 white_list_entries++;
5503 continue;
5504 }
5505
5506 cp.bdaddr_type = b->bdaddr_type;
5507 bacpy(&cp.bdaddr, &b->bdaddr);
5508
5509 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5510 sizeof(cp), &cp);
5511 }
5512
5513 /* Since all no longer valid white list entries have been
5514 * removed, walk through the list of pending connections
5515 * and ensure that any new device gets programmed into
5516 * the controller.
5517 *
5518 * If the list of the devices is larger than the list of
5519 * available white list entries in the controller, then
5520 * just abort and return filer policy value to not use the
5521 * white list.
5522 */
5523 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5524 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5525 &params->addr, params->addr_type))
5526 continue;
5527
5528 if (white_list_entries >= hdev->le_white_list_size) {
5529 /* Select filter policy to accept all advertising */
5530 return 0x00;
5531 }
5532
5533 if (hci_find_irk_by_addr(hdev, &params->addr,
5534 params->addr_type)) {
5535 /* White list can not be used with RPAs */
5536 return 0x00;
5537 }
5538
5539 white_list_entries++;
5540 add_to_white_list(req, params);
5541 }
5542
5543 /* After adding all new pending connections, walk through
5544 * the list of pending reports and also add these to the
5545 * white list if there is still space.
5546 */
5547 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5548 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5549 &params->addr, params->addr_type))
5550 continue;
5551
5552 if (white_list_entries >= hdev->le_white_list_size) {
5553 /* Select filter policy to accept all advertising */
5554 return 0x00;
5555 }
5556
5557 if (hci_find_irk_by_addr(hdev, &params->addr,
5558 params->addr_type)) {
5559 /* White list can not be used with RPAs */
5560 return 0x00;
5561 }
5562
5563 white_list_entries++;
5564 add_to_white_list(req, params);
5565 }
5566
5567 /* Select filter policy to use white list */
5568 return 0x01;
5569}
5570
5400void hci_req_add_le_passive_scan(struct hci_request *req) 5571void hci_req_add_le_passive_scan(struct hci_request *req)
5401{ 5572{
5402 struct hci_cp_le_set_scan_param param_cp; 5573 struct hci_cp_le_set_scan_param param_cp;
5403 struct hci_cp_le_set_scan_enable enable_cp; 5574 struct hci_cp_le_set_scan_enable enable_cp;
5404 struct hci_dev *hdev = req->hdev; 5575 struct hci_dev *hdev = req->hdev;
5405 u8 own_addr_type; 5576 u8 own_addr_type;
5577 u8 filter_policy;
5406 5578
5407 /* Set require_privacy to false since no SCAN_REQ are send 5579 /* Set require_privacy to false since no SCAN_REQ are send
5408 * during passive scanning. Not using an unresolvable address 5580 * during passive scanning. Not using an unresolvable address
@@ -5413,11 +5585,18 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
5413 if (hci_update_random_address(req, false, &own_addr_type)) 5585 if (hci_update_random_address(req, false, &own_addr_type))
5414 return; 5586 return;
5415 5587
5588 /* Adding or removing entries from the white list must
5589 * happen before enabling scanning. The controller does
5590 * not allow white list modification while scanning.
5591 */
5592 filter_policy = update_white_list(req);
5593
5416 memset(&param_cp, 0, sizeof(param_cp)); 5594 memset(&param_cp, 0, sizeof(param_cp));
5417 param_cp.type = LE_SCAN_PASSIVE; 5595 param_cp.type = LE_SCAN_PASSIVE;
5418 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 5596 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5419 param_cp.window = cpu_to_le16(hdev->le_scan_window); 5597 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5420 param_cp.own_address_type = own_addr_type; 5598 param_cp.own_address_type = own_addr_type;
5599 param_cp.filter_policy = filter_policy;
5421 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 5600 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5422 &param_cp); 5601 &param_cp);
5423 5602
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 4c41774aa556..be35598984d9 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -317,7 +317,7 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
317 if (param & SCAN_PAGE) 317 if (param & SCAN_PAGE)
318 set_bit(HCI_PSCAN, &hdev->flags); 318 set_bit(HCI_PSCAN, &hdev->flags);
319 else 319 else
320 clear_bit(HCI_ISCAN, &hdev->flags); 320 clear_bit(HCI_PSCAN, &hdev->flags);
321 321
322done: 322done:
323 hci_dev_unlock(hdev); 323 hci_dev_unlock(hdev);
@@ -2259,6 +2259,7 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2259 break; 2259 break;
2260 /* Fall through */ 2260 /* Fall through */
2261 2261
2262 case HCI_AUTO_CONN_DIRECT:
2262 case HCI_AUTO_CONN_ALWAYS: 2263 case HCI_AUTO_CONN_ALWAYS:
2263 list_del_init(&params->action); 2264 list_del_init(&params->action);
2264 list_add(&params->action, &hdev->pend_le_conns); 2265 list_add(&params->action, &hdev->pend_le_conns);
@@ -3118,7 +3119,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3118 hci_conn_drop(conn); 3119 hci_conn_drop(conn);
3119 } 3120 }
3120 3121
3121 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) && 3122 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
3122 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) { 3123 !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
3123 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 3124 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3124 sizeof(ev->bdaddr), &ev->bdaddr); 3125 sizeof(ev->bdaddr), &ev->bdaddr);
@@ -3651,7 +3652,7 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3651 /* Allow pairing if we're pairable, the initiators of the 3652 /* Allow pairing if we're pairable, the initiators of the
3652 * pairing or if the remote is not requesting bonding. 3653 * pairing or if the remote is not requesting bonding.
3653 */ 3654 */
3654 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) || 3655 if (test_bit(HCI_BONDABLE, &hdev->dev_flags) ||
3655 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) || 3656 test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
3656 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { 3657 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3657 struct hci_cp_io_capability_reply cp; 3658 struct hci_cp_io_capability_reply cp;
@@ -3670,13 +3671,18 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3670 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && 3671 if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
3671 conn->auth_type != HCI_AT_NO_BONDING) 3672 conn->auth_type != HCI_AT_NO_BONDING)
3672 conn->auth_type |= 0x01; 3673 conn->auth_type |= 0x01;
3673
3674 cp.authentication = conn->auth_type;
3675 } else { 3674 } else {
3676 conn->auth_type = hci_get_auth_req(conn); 3675 conn->auth_type = hci_get_auth_req(conn);
3677 cp.authentication = conn->auth_type;
3678 } 3676 }
3679 3677
3678 /* If we're not bondable, force one of the non-bondable
3679 * authentication requirement values.
3680 */
3681 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags))
3682 conn->auth_type &= HCI_AT_NO_BONDING_MITM;
3683
3684 cp.authentication = conn->auth_type;
3685
3680 if (hci_find_remote_oob_data(hdev, &conn->dst) && 3686 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3681 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) 3687 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3682 cp.oob_data = 0x01; 3688 cp.oob_data = 0x01;
@@ -4251,6 +4257,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4251 u8 addr_type, u8 adv_type) 4257 u8 addr_type, u8 adv_type)
4252{ 4258{
4253 struct hci_conn *conn; 4259 struct hci_conn *conn;
4260 struct hci_conn_params *params;
4254 4261
4255 /* If the event is not connectable don't proceed further */ 4262 /* If the event is not connectable don't proceed further */
4256 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND) 4263 if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
@@ -4266,18 +4273,35 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
4266 if (hdev->conn_hash.le_num_slave > 0) 4273 if (hdev->conn_hash.le_num_slave > 0)
4267 return; 4274 return;
4268 4275
4269 /* If we're connectable, always connect any ADV_DIRECT_IND event */
4270 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) &&
4271 adv_type == LE_ADV_DIRECT_IND)
4272 goto connect;
4273
4274 /* If we're not connectable only connect devices that we have in 4276 /* If we're not connectable only connect devices that we have in
4275 * our pend_le_conns list. 4277 * our pend_le_conns list.
4276 */ 4278 */
4277 if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type)) 4279 params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
4280 addr, addr_type);
4281 if (!params)
4282 return;
4283
4284 switch (params->auto_connect) {
4285 case HCI_AUTO_CONN_DIRECT:
4286 /* Only devices advertising with ADV_DIRECT_IND are
4287 * triggering a connection attempt. This is allowing
4288 * incoming connections from slave devices.
4289 */
4290 if (adv_type != LE_ADV_DIRECT_IND)
4291 return;
4292 break;
4293 case HCI_AUTO_CONN_ALWAYS:
4294 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
4295 * are triggering a connection attempt. This means
4296 * that incoming connectioms from slave device are
4297 * accepted and also outgoing connections to slave
4298 * devices are established when found.
4299 */
4300 break;
4301 default:
4278 return; 4302 return;
4303 }
4279 4304
4280connect:
4281 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, 4305 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
4282 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); 4306 HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER);
4283 if (!IS_ERR(conn)) 4307 if (!IS_ERR(conn))
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 8181ea4bc2f2..6c7ecf116e74 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -154,7 +154,7 @@ static int hidp_input_event(struct input_dev *dev, unsigned int type,
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led)); 157 (!!test_bit(LED_NUML, dev->led) << 0);
158 158
159 if (session->leds == newleds) 159 if (session->leds == newleds)
160 return 0; 160 return 0;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 190668367e42..b8554d429d88 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -44,7 +44,7 @@ static const u16 mgmt_commands[] = {
44 MGMT_OP_SET_DISCOVERABLE, 44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE, 45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE, 46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE, 47 MGMT_OP_SET_BONDABLE,
48 MGMT_OP_SET_LINK_SECURITY, 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP, 49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS, 50 MGMT_OP_SET_HS,
@@ -553,7 +553,7 @@ static u32 get_supported_settings(struct hci_dev *hdev)
553 u32 settings = 0; 553 u32 settings = 0;
554 554
555 settings |= MGMT_SETTING_POWERED; 555 settings |= MGMT_SETTING_POWERED;
556 settings |= MGMT_SETTING_PAIRABLE; 556 settings |= MGMT_SETTING_BONDABLE;
557 settings |= MGMT_SETTING_DEBUG_KEYS; 557 settings |= MGMT_SETTING_DEBUG_KEYS;
558 settings |= MGMT_SETTING_CONNECTABLE; 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE; 559 settings |= MGMT_SETTING_DISCOVERABLE;
@@ -603,8 +603,8 @@ static u32 get_current_settings(struct hci_dev *hdev)
603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
604 settings |= MGMT_SETTING_DISCOVERABLE; 604 settings |= MGMT_SETTING_DISCOVERABLE;
605 605
606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 606 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
607 settings |= MGMT_SETTING_PAIRABLE; 607 settings |= MGMT_SETTING_BONDABLE;
608 608
609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_BREDR; 610 settings |= MGMT_SETTING_BREDR;
@@ -1086,8 +1086,8 @@ static void enable_advertising(struct hci_request *req)
1086 return; 1086 return;
1087 1087
1088 memset(&cp, 0, sizeof(cp)); 1088 memset(&cp, 0, sizeof(cp));
1089 cp.min_interval = cpu_to_le16(0x0800); 1089 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1090 cp.max_interval = cpu_to_le16(0x0800); 1090 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1091 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; 1091 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1092 cp.own_address_type = own_addr_type; 1092 cp.own_address_type = own_addr_type;
1093 cp.channel_map = hdev->le_adv_channel_map; 1093 cp.channel_map = hdev->le_adv_channel_map;
@@ -1152,7 +1152,7 @@ static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1152 * for mgmt we require user-space to explicitly enable 1152 * for mgmt we require user-space to explicitly enable
1153 * it 1153 * it
1154 */ 1154 */
1155 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1155 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1156} 1156}
1157 1157
1158static int read_controller_info(struct sock *sk, struct hci_dev *hdev, 1158static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
@@ -1881,7 +1881,18 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1881 if (cp->val) { 1881 if (cp->val) {
1882 scan = SCAN_PAGE; 1882 scan = SCAN_PAGE;
1883 } else { 1883 } else {
1884 scan = 0; 1884 /* If we don't have any whitelist entries just
1885 * disable all scanning. If there are entries
1886 * and we had both page and inquiry scanning
1887 * enabled then fall back to only page scanning.
1888 * Otherwise no changes are needed.
1889 */
1890 if (list_empty(&hdev->whitelist))
1891 scan = SCAN_DISABLED;
1892 else if (test_bit(HCI_ISCAN, &hdev->flags))
1893 scan = SCAN_PAGE;
1894 else
1895 goto no_scan_update;
1885 1896
1886 if (test_bit(HCI_ISCAN, &hdev->flags) && 1897 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1887 hdev->discov_timeout > 0) 1898 hdev->discov_timeout > 0)
@@ -1891,6 +1902,7 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1891 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1902 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1892 } 1903 }
1893 1904
1905no_scan_update:
1894 /* If we're going from non-connectable to connectable or 1906 /* If we're going from non-connectable to connectable or
1895 * vice-versa when fast connectable is enabled ensure that fast 1907 * vice-versa when fast connectable is enabled ensure that fast
1896 * connectable gets disabled. write_fast_connectable won't do 1908 * connectable gets disabled. write_fast_connectable won't do
@@ -1918,7 +1930,7 @@ failed:
1918 return err; 1930 return err;
1919} 1931}
1920 1932
1921static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, 1933static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1922 u16 len) 1934 u16 len)
1923{ 1935{
1924 struct mgmt_mode *cp = data; 1936 struct mgmt_mode *cp = data;
@@ -1928,17 +1940,17 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1928 BT_DBG("request for %s", hdev->name); 1940 BT_DBG("request for %s", hdev->name);
1929 1941
1930 if (cp->val != 0x00 && cp->val != 0x01) 1942 if (cp->val != 0x00 && cp->val != 0x01)
1931 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE, 1943 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1932 MGMT_STATUS_INVALID_PARAMS); 1944 MGMT_STATUS_INVALID_PARAMS);
1933 1945
1934 hci_dev_lock(hdev); 1946 hci_dev_lock(hdev);
1935 1947
1936 if (cp->val) 1948 if (cp->val)
1937 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags); 1949 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1938 else 1950 else
1939 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 1951 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1940 1952
1941 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 1953 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1942 if (err < 0) 1954 if (err < 0)
1943 goto unlock; 1955 goto unlock;
1944 1956
@@ -2264,7 +2276,7 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2264 2276
2265 if (val) { 2277 if (val) {
2266 hci_cp.le = val; 2278 hci_cp.le = val;
2267 hci_cp.simul = lmp_le_br_capable(hdev); 2279 hci_cp.simul = 0x00;
2268 } else { 2280 } else {
2269 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) 2281 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2270 disable_advertising(&req); 2282 disable_advertising(&req);
@@ -3201,7 +3213,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3201 conn->io_capability = cp->io_cap; 3213 conn->io_capability = cp->io_cap;
3202 cmd->user_data = conn; 3214 cmd->user_data = conn;
3203 3215
3204 if (conn->state == BT_CONNECTED && 3216 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3205 hci_conn_security(conn, sec_level, auth_type, true)) 3217 hci_conn_security(conn, sec_level, auth_type, true))
3206 pairing_complete(cmd, 0); 3218 pairing_complete(cmd, 0);
3207 3219
@@ -5271,7 +5283,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
5271 MGMT_STATUS_INVALID_PARAMS, 5283 MGMT_STATUS_INVALID_PARAMS,
5272 &cp->addr, sizeof(cp->addr)); 5284 &cp->addr, sizeof(cp->addr));
5273 5285
5274 if (cp->action != 0x00 && cp->action != 0x01) 5286 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5275 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5287 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5276 MGMT_STATUS_INVALID_PARAMS, 5288 MGMT_STATUS_INVALID_PARAMS,
5277 &cp->addr, sizeof(cp->addr)); 5289 &cp->addr, sizeof(cp->addr));
@@ -5281,7 +5293,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
5281 if (cp->addr.type == BDADDR_BREDR) { 5293 if (cp->addr.type == BDADDR_BREDR) {
5282 bool update_scan; 5294 bool update_scan;
5283 5295
5284 /* Only "connect" action supported for now */ 5296 /* Only incoming connections action is supported for now */
5285 if (cp->action != 0x01) { 5297 if (cp->action != 0x01) {
5286 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 5298 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5287 MGMT_STATUS_INVALID_PARAMS, 5299 MGMT_STATUS_INVALID_PARAMS,
@@ -5307,8 +5319,10 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
5307 else 5319 else
5308 addr_type = ADDR_LE_DEV_RANDOM; 5320 addr_type = ADDR_LE_DEV_RANDOM;
5309 5321
5310 if (cp->action) 5322 if (cp->action == 0x02)
5311 auto_conn = HCI_AUTO_CONN_ALWAYS; 5323 auto_conn = HCI_AUTO_CONN_ALWAYS;
5324 else if (cp->action == 0x01)
5325 auto_conn = HCI_AUTO_CONN_DIRECT;
5312 else 5326 else
5313 auto_conn = HCI_AUTO_CONN_REPORT; 5327 auto_conn = HCI_AUTO_CONN_REPORT;
5314 5328
@@ -5665,7 +5679,7 @@ static const struct mgmt_handler {
5665 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, 5679 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5666 { set_connectable, false, MGMT_SETTING_SIZE }, 5680 { set_connectable, false, MGMT_SETTING_SIZE },
5667 { set_fast_connectable, false, MGMT_SETTING_SIZE }, 5681 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5668 { set_pairable, false, MGMT_SETTING_SIZE }, 5682 { set_bondable, false, MGMT_SETTING_SIZE },
5669 { set_link_security, false, MGMT_SETTING_SIZE }, 5683 { set_link_security, false, MGMT_SETTING_SIZE },
5670 { set_ssp, false, MGMT_SETTING_SIZE }, 5684 { set_ssp, false, MGMT_SETTING_SIZE },
5671 { set_hs, false, MGMT_SETTING_SIZE }, 5685 { set_hs, false, MGMT_SETTING_SIZE },
@@ -5870,6 +5884,7 @@ static void restart_le_actions(struct hci_dev *hdev)
5870 list_del_init(&p->action); 5884 list_del_init(&p->action);
5871 5885
5872 switch (p->auto_connect) { 5886 switch (p->auto_connect) {
5887 case HCI_AUTO_CONN_DIRECT:
5873 case HCI_AUTO_CONN_ALWAYS: 5888 case HCI_AUTO_CONN_ALWAYS:
5874 list_add(&p->action, &hdev->pend_le_conns); 5889 list_add(&p->action, &hdev->pend_le_conns);
5875 break; 5890 break;
@@ -5922,8 +5937,8 @@ static int powered_update_hci(struct hci_dev *hdev)
5922 lmp_bredr_capable(hdev)) { 5937 lmp_bredr_capable(hdev)) {
5923 struct hci_cp_write_le_host_supported cp; 5938 struct hci_cp_write_le_host_supported cp;
5924 5939
5925 cp.le = 1; 5940 cp.le = 0x01;
5926 cp.simul = lmp_le_br_capable(hdev); 5941 cp.simul = 0x00;
5927 5942
5928 /* Check first if we already have the right 5943 /* Check first if we already have the right
5929 * host state (host features set) 5944 * host state (host features set)
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index a0690a84f3e9..af73bc3acb40 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -1910,10 +1910,13 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1910 /* Get data directly from socket receive queue without copying it. */ 1910 /* Get data directly from socket receive queue without copying it. */
1911 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1911 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1912 skb_orphan(skb); 1912 skb_orphan(skb);
1913 if (!skb_linearize(skb)) 1913 if (!skb_linearize(skb)) {
1914 s = rfcomm_recv_frame(s, skb); 1914 s = rfcomm_recv_frame(s, skb);
1915 else 1915 if (!s)
1916 break;
1917 } else {
1916 kfree_skb(skb); 1918 kfree_skb(skb);
1919 }
1917 } 1920 }
1918 1921
1919 if (s && (sk->sk_state == BT_CLOSED)) 1922 if (s && (sk->sk_state == BT_CLOSED))
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index e49c83d8b957..fd3294300803 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -307,7 +307,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn,
307 struct hci_dev *hdev = hcon->hdev; 307 struct hci_dev *hdev = hcon->hdev;
308 u8 local_dist = 0, remote_dist = 0; 308 u8 local_dist = 0, remote_dist = 0;
309 309
310 if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { 310 if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) {
311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 311 local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; 312 remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN;
313 authreq |= SMP_AUTH_BONDING; 313 authreq |= SMP_AUTH_BONDING;
@@ -579,13 +579,16 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
579 struct smp_chan *smp; 579 struct smp_chan *smp;
580 580
581 smp = kzalloc(sizeof(*smp), GFP_ATOMIC); 581 smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
582 if (!smp) 582 if (!smp) {
583 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
583 return NULL; 584 return NULL;
585 }
584 586
585 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); 587 smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
586 if (IS_ERR(smp->tfm_aes)) { 588 if (IS_ERR(smp->tfm_aes)) {
587 BT_ERR("Unable to create ECB crypto context"); 589 BT_ERR("Unable to create ECB crypto context");
588 kfree(smp); 590 kfree(smp);
591 clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
589 return NULL; 592 return NULL;
590 } 593 }
591 594
@@ -701,7 +704,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
701 if (!smp) 704 if (!smp)
702 return SMP_UNSPECIFIED; 705 return SMP_UNSPECIFIED;
703 706
704 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) && 707 if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) &&
705 (req->auth_req & SMP_AUTH_BONDING)) 708 (req->auth_req & SMP_AUTH_BONDING))
706 return SMP_PAIRING_NOTSUPP; 709 return SMP_PAIRING_NOTSUPP;
707 710
@@ -923,14 +926,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
923 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) 926 if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
924 return 0; 927 return 0;
925 928
926 if (!test_bit(HCI_PAIRABLE, &hcon->hdev->dev_flags) &&
927 (rp->auth_req & SMP_AUTH_BONDING))
928 return SMP_PAIRING_NOTSUPP;
929
930 smp = smp_chan_create(conn); 929 smp = smp_chan_create(conn);
931 if (!smp) 930 if (!smp)
932 return SMP_UNSPECIFIED; 931 return SMP_UNSPECIFIED;
933 932
933 if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) &&
934 (rp->auth_req & SMP_AUTH_BONDING))
935 return SMP_PAIRING_NOTSUPP;
936
934 skb_pull(skb, sizeof(*rp)); 937 skb_pull(skb, sizeof(*rp));
935 938
936 memset(&cp, 0, sizeof(cp)); 939 memset(&cp, 0, sizeof(cp));
@@ -1291,6 +1294,22 @@ static void smp_notify_keys(struct l2cap_conn *conn)
1291 bacpy(&hcon->dst, &smp->remote_irk->bdaddr); 1294 bacpy(&hcon->dst, &smp->remote_irk->bdaddr);
1292 hcon->dst_type = smp->remote_irk->addr_type; 1295 hcon->dst_type = smp->remote_irk->addr_type;
1293 l2cap_conn_update_id_addr(hcon); 1296 l2cap_conn_update_id_addr(hcon);
1297
1298 /* When receiving an indentity resolving key for
1299 * a remote device that does not use a resolvable
1300 * private address, just remove the key so that
1301 * it is possible to use the controller white
1302 * list for scanning.
1303 *
1304 * Userspace will have been told to not store
1305 * this key at this point. So it is safe to
1306 * just remove it.
1307 */
1308 if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) {
1309 list_del(&smp->remote_irk->list);
1310 kfree(smp->remote_irk);
1311 smp->remote_irk = NULL;
1312 }
1294 } 1313 }
1295 1314
1296 /* The LTKs and CSRKs should be persistent only if both sides 1315 /* The LTKs and CSRKs should be persistent only if both sides