diff options
author | David S. Miller <davem@davemloft.net> | 2014-08-05 16:18:20 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-08-05 16:18:20 -0400 |
commit | aef4f5b6db654e512ebcccab2a6e50424c05d2f9 (patch) | |
tree | 4daaee5ac85d1128233a45908dac5212f38ec7aa /net/bluetooth | |
parent | 61ab9efddf51cbc0d57356a4d650785cf5721fbe (diff) | |
parent | dc6be9f54a4ecb0a09765d1f515ed947d86b7528 (diff) |
Merge tag 'master-2014-07-31' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
Conflicts:
net/6lowpan/iphc.c
Minor conflicts in iphc.c were changes overlapping with some
style cleanups.
John W. Linville says:
====================
Please pull this last(?) batch of wireless change intended for the
3.17 stream...
For the NFC bits, Samuel says:
"This is a rather quiet one, we have:
- A new driver from ST Microelectronics for their NCI ST21NFCB,
including device tree support.
- p2p support for the ST21NFCA driver
- A few fixes an enhancements for the NFC digital laye"
For the Atheros bits, Kalle says:
"Michal and Janusz did some important RX aggregation fixes, basically we
were missing RX reordering altogether. The 10.1 firmware doesn't support
Ad-Hoc mode and Michal fixed ath10k so that it doesn't advertise Ad-Hoc
support with that firmware. Also he implemented a workaround for a KVM
issue."
For the Bluetooth bits, Gustavo and Johan say:
"To quote Gustavo from his previous request:
'Some last minute fixes for -next. We have a fix for a use after free in
RFCOMM, another fix to an issue with ADV_DIRECT_IND and one for ADV_IND with
auto-connection handling. Last, we added support for reading the codec and
MWS setting for controllers that support these features.'
Additionally there are fixes to LE scanning, an update to conform to the 4.1
core specification as well as fixes for tracking the page scan state. All
of these fixes are important for 3.17."
And,
"We've got:
- 6lowpan fixes/cleanups
- A couple crash fixes, one for the Marvell HCI driver and another in LE SMP.
- Fix for an incorrect connected state check
- Fix for the bondable requirement during pairing (an issue which had
crept in because of using "pairable" when in fact the actual meaning
was "bondable" (these have different meanings in Bluetooth)"
Along with those are some late-breaking hardware support patches in
brcmfmac and b43 as well as a stray ath9k patch.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/hci_core.c | 185 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 50 | ||||
-rw-r--r-- | net/bluetooth/hidp/core.c | 2 | ||||
-rw-r--r-- | net/bluetooth/mgmt.c | 57 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 7 | ||||
-rw-r--r-- | net/bluetooth/smp.c | 33 |
6 files changed, 287 insertions, 47 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index cfcb6055ced8..32b96f1aaf42 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -970,6 +970,62 @@ static int adv_channel_map_get(void *data, u64 *val) | |||
970 | DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, | 970 | DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, |
971 | adv_channel_map_set, "%llu\n"); | 971 | adv_channel_map_set, "%llu\n"); |
972 | 972 | ||
973 | static int adv_min_interval_set(void *data, u64 val) | ||
974 | { | ||
975 | struct hci_dev *hdev = data; | ||
976 | |||
977 | if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval) | ||
978 | return -EINVAL; | ||
979 | |||
980 | hci_dev_lock(hdev); | ||
981 | hdev->le_adv_min_interval = val; | ||
982 | hci_dev_unlock(hdev); | ||
983 | |||
984 | return 0; | ||
985 | } | ||
986 | |||
987 | static int adv_min_interval_get(void *data, u64 *val) | ||
988 | { | ||
989 | struct hci_dev *hdev = data; | ||
990 | |||
991 | hci_dev_lock(hdev); | ||
992 | *val = hdev->le_adv_min_interval; | ||
993 | hci_dev_unlock(hdev); | ||
994 | |||
995 | return 0; | ||
996 | } | ||
997 | |||
998 | DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get, | ||
999 | adv_min_interval_set, "%llu\n"); | ||
1000 | |||
1001 | static int adv_max_interval_set(void *data, u64 val) | ||
1002 | { | ||
1003 | struct hci_dev *hdev = data; | ||
1004 | |||
1005 | if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval) | ||
1006 | return -EINVAL; | ||
1007 | |||
1008 | hci_dev_lock(hdev); | ||
1009 | hdev->le_adv_max_interval = val; | ||
1010 | hci_dev_unlock(hdev); | ||
1011 | |||
1012 | return 0; | ||
1013 | } | ||
1014 | |||
1015 | static int adv_max_interval_get(void *data, u64 *val) | ||
1016 | { | ||
1017 | struct hci_dev *hdev = data; | ||
1018 | |||
1019 | hci_dev_lock(hdev); | ||
1020 | *val = hdev->le_adv_max_interval; | ||
1021 | hci_dev_unlock(hdev); | ||
1022 | |||
1023 | return 0; | ||
1024 | } | ||
1025 | |||
1026 | DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get, | ||
1027 | adv_max_interval_set, "%llu\n"); | ||
1028 | |||
973 | static int device_list_show(struct seq_file *f, void *ptr) | 1029 | static int device_list_show(struct seq_file *f, void *ptr) |
974 | { | 1030 | { |
975 | struct hci_dev *hdev = f->private; | 1031 | struct hci_dev *hdev = f->private; |
@@ -1567,7 +1623,7 @@ static void hci_set_le_support(struct hci_request *req) | |||
1567 | 1623 | ||
1568 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { | 1624 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { |
1569 | cp.le = 0x01; | 1625 | cp.le = 0x01; |
1570 | cp.simul = lmp_le_br_capable(hdev); | 1626 | cp.simul = 0x00; |
1571 | } | 1627 | } |
1572 | 1628 | ||
1573 | if (cp.le != lmp_host_le_capable(hdev)) | 1629 | if (cp.le != lmp_host_le_capable(hdev)) |
@@ -1686,6 +1742,14 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt) | |||
1686 | if (hdev->commands[22] & 0x04) | 1742 | if (hdev->commands[22] & 0x04) |
1687 | hci_set_event_mask_page_2(req); | 1743 | hci_set_event_mask_page_2(req); |
1688 | 1744 | ||
1745 | /* Read local codec list if the HCI command is supported */ | ||
1746 | if (hdev->commands[29] & 0x20) | ||
1747 | hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL); | ||
1748 | |||
1749 | /* Get MWS transport configuration if the HCI command is supported */ | ||
1750 | if (hdev->commands[30] & 0x08) | ||
1751 | hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL); | ||
1752 | |||
1689 | /* Check for Synchronization Train support */ | 1753 | /* Check for Synchronization Train support */ |
1690 | if (lmp_sync_train_capable(hdev)) | 1754 | if (lmp_sync_train_capable(hdev)) |
1691 | hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); | 1755 | hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); |
@@ -1825,6 +1889,10 @@ static int __hci_init(struct hci_dev *hdev) | |||
1825 | hdev, &supervision_timeout_fops); | 1889 | hdev, &supervision_timeout_fops); |
1826 | debugfs_create_file("adv_channel_map", 0644, hdev->debugfs, | 1890 | debugfs_create_file("adv_channel_map", 0644, hdev->debugfs, |
1827 | hdev, &adv_channel_map_fops); | 1891 | hdev, &adv_channel_map_fops); |
1892 | debugfs_create_file("adv_min_interval", 0644, hdev->debugfs, | ||
1893 | hdev, &adv_min_interval_fops); | ||
1894 | debugfs_create_file("adv_max_interval", 0644, hdev->debugfs, | ||
1895 | hdev, &adv_max_interval_fops); | ||
1828 | debugfs_create_file("device_list", 0444, hdev->debugfs, hdev, | 1896 | debugfs_create_file("device_list", 0444, hdev->debugfs, hdev, |
1829 | &device_list_fops); | 1897 | &device_list_fops); |
1830 | debugfs_create_u16("discov_interleaved_timeout", 0644, | 1898 | debugfs_create_u16("discov_interleaved_timeout", 0644, |
@@ -2453,14 +2521,14 @@ int hci_dev_open(__u16 dev) | |||
2453 | flush_workqueue(hdev->req_workqueue); | 2521 | flush_workqueue(hdev->req_workqueue); |
2454 | 2522 | ||
2455 | /* For controllers not using the management interface and that | 2523 | /* For controllers not using the management interface and that |
2456 | * are brought up using legacy ioctl, set the HCI_PAIRABLE bit | 2524 | * are brought up using legacy ioctl, set the HCI_BONDABLE bit |
2457 | * so that pairing works for them. Once the management interface | 2525 | * so that pairing works for them. Once the management interface |
2458 | * is in use this bit will be cleared again and userspace has | 2526 | * is in use this bit will be cleared again and userspace has |
2459 | * to explicitly enable it. | 2527 | * to explicitly enable it. |
2460 | */ | 2528 | */ |
2461 | if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && | 2529 | if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && |
2462 | !test_bit(HCI_MGMT, &hdev->dev_flags)) | 2530 | !test_bit(HCI_MGMT, &hdev->dev_flags)) |
2463 | set_bit(HCI_PAIRABLE, &hdev->dev_flags); | 2531 | set_bit(HCI_BONDABLE, &hdev->dev_flags); |
2464 | 2532 | ||
2465 | err = hci_dev_do_open(hdev); | 2533 | err = hci_dev_do_open(hdev); |
2466 | 2534 | ||
@@ -3639,6 +3707,7 @@ int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type, | |||
3639 | list_add(¶ms->action, &hdev->pend_le_reports); | 3707 | list_add(¶ms->action, &hdev->pend_le_reports); |
3640 | hci_update_background_scan(hdev); | 3708 | hci_update_background_scan(hdev); |
3641 | break; | 3709 | break; |
3710 | case HCI_AUTO_CONN_DIRECT: | ||
3642 | case HCI_AUTO_CONN_ALWAYS: | 3711 | case HCI_AUTO_CONN_ALWAYS: |
3643 | if (!is_connected(hdev, addr, addr_type)) { | 3712 | if (!is_connected(hdev, addr, addr_type)) { |
3644 | list_add(¶ms->action, &hdev->pend_le_conns); | 3713 | list_add(¶ms->action, &hdev->pend_le_conns); |
@@ -3914,6 +3983,8 @@ struct hci_dev *hci_alloc_dev(void) | |||
3914 | hdev->sniff_min_interval = 80; | 3983 | hdev->sniff_min_interval = 80; |
3915 | 3984 | ||
3916 | hdev->le_adv_channel_map = 0x07; | 3985 | hdev->le_adv_channel_map = 0x07; |
3986 | hdev->le_adv_min_interval = 0x0800; | ||
3987 | hdev->le_adv_max_interval = 0x0800; | ||
3917 | hdev->le_scan_interval = 0x0060; | 3988 | hdev->le_scan_interval = 0x0060; |
3918 | hdev->le_scan_window = 0x0030; | 3989 | hdev->le_scan_window = 0x0030; |
3919 | hdev->le_conn_min_interval = 0x0028; | 3990 | hdev->le_conn_min_interval = 0x0028; |
@@ -5397,12 +5468,113 @@ void hci_req_add_le_scan_disable(struct hci_request *req) | |||
5397 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); | 5468 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); |
5398 | } | 5469 | } |
5399 | 5470 | ||
5471 | static void add_to_white_list(struct hci_request *req, | ||
5472 | struct hci_conn_params *params) | ||
5473 | { | ||
5474 | struct hci_cp_le_add_to_white_list cp; | ||
5475 | |||
5476 | cp.bdaddr_type = params->addr_type; | ||
5477 | bacpy(&cp.bdaddr, ¶ms->addr); | ||
5478 | |||
5479 | hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp); | ||
5480 | } | ||
5481 | |||
5482 | static u8 update_white_list(struct hci_request *req) | ||
5483 | { | ||
5484 | struct hci_dev *hdev = req->hdev; | ||
5485 | struct hci_conn_params *params; | ||
5486 | struct bdaddr_list *b; | ||
5487 | uint8_t white_list_entries = 0; | ||
5488 | |||
5489 | /* Go through the current white list programmed into the | ||
5490 | * controller one by one and check if that address is still | ||
5491 | * in the list of pending connections or list of devices to | ||
5492 | * report. If not present in either list, then queue the | ||
5493 | * command to remove it from the controller. | ||
5494 | */ | ||
5495 | list_for_each_entry(b, &hdev->le_white_list, list) { | ||
5496 | struct hci_cp_le_del_from_white_list cp; | ||
5497 | |||
5498 | if (hci_pend_le_action_lookup(&hdev->pend_le_conns, | ||
5499 | &b->bdaddr, b->bdaddr_type) || | ||
5500 | hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
5501 | &b->bdaddr, b->bdaddr_type)) { | ||
5502 | white_list_entries++; | ||
5503 | continue; | ||
5504 | } | ||
5505 | |||
5506 | cp.bdaddr_type = b->bdaddr_type; | ||
5507 | bacpy(&cp.bdaddr, &b->bdaddr); | ||
5508 | |||
5509 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, | ||
5510 | sizeof(cp), &cp); | ||
5511 | } | ||
5512 | |||
5513 | /* Since all no longer valid white list entries have been | ||
5514 | * removed, walk through the list of pending connections | ||
5515 | * and ensure that any new device gets programmed into | ||
5516 | * the controller. | ||
5517 | * | ||
5518 | * If the list of the devices is larger than the list of | ||
5519 | * available white list entries in the controller, then | ||
5520 | * just abort and return filer policy value to not use the | ||
5521 | * white list. | ||
5522 | */ | ||
5523 | list_for_each_entry(params, &hdev->pend_le_conns, action) { | ||
5524 | if (hci_bdaddr_list_lookup(&hdev->le_white_list, | ||
5525 | ¶ms->addr, params->addr_type)) | ||
5526 | continue; | ||
5527 | |||
5528 | if (white_list_entries >= hdev->le_white_list_size) { | ||
5529 | /* Select filter policy to accept all advertising */ | ||
5530 | return 0x00; | ||
5531 | } | ||
5532 | |||
5533 | if (hci_find_irk_by_addr(hdev, ¶ms->addr, | ||
5534 | params->addr_type)) { | ||
5535 | /* White list can not be used with RPAs */ | ||
5536 | return 0x00; | ||
5537 | } | ||
5538 | |||
5539 | white_list_entries++; | ||
5540 | add_to_white_list(req, params); | ||
5541 | } | ||
5542 | |||
5543 | /* After adding all new pending connections, walk through | ||
5544 | * the list of pending reports and also add these to the | ||
5545 | * white list if there is still space. | ||
5546 | */ | ||
5547 | list_for_each_entry(params, &hdev->pend_le_reports, action) { | ||
5548 | if (hci_bdaddr_list_lookup(&hdev->le_white_list, | ||
5549 | ¶ms->addr, params->addr_type)) | ||
5550 | continue; | ||
5551 | |||
5552 | if (white_list_entries >= hdev->le_white_list_size) { | ||
5553 | /* Select filter policy to accept all advertising */ | ||
5554 | return 0x00; | ||
5555 | } | ||
5556 | |||
5557 | if (hci_find_irk_by_addr(hdev, ¶ms->addr, | ||
5558 | params->addr_type)) { | ||
5559 | /* White list can not be used with RPAs */ | ||
5560 | return 0x00; | ||
5561 | } | ||
5562 | |||
5563 | white_list_entries++; | ||
5564 | add_to_white_list(req, params); | ||
5565 | } | ||
5566 | |||
5567 | /* Select filter policy to use white list */ | ||
5568 | return 0x01; | ||
5569 | } | ||
5570 | |||
5400 | void hci_req_add_le_passive_scan(struct hci_request *req) | 5571 | void hci_req_add_le_passive_scan(struct hci_request *req) |
5401 | { | 5572 | { |
5402 | struct hci_cp_le_set_scan_param param_cp; | 5573 | struct hci_cp_le_set_scan_param param_cp; |
5403 | struct hci_cp_le_set_scan_enable enable_cp; | 5574 | struct hci_cp_le_set_scan_enable enable_cp; |
5404 | struct hci_dev *hdev = req->hdev; | 5575 | struct hci_dev *hdev = req->hdev; |
5405 | u8 own_addr_type; | 5576 | u8 own_addr_type; |
5577 | u8 filter_policy; | ||
5406 | 5578 | ||
5407 | /* Set require_privacy to false since no SCAN_REQ are send | 5579 | /* Set require_privacy to false since no SCAN_REQ are send |
5408 | * during passive scanning. Not using an unresolvable address | 5580 | * during passive scanning. Not using an unresolvable address |
@@ -5413,11 +5585,18 @@ void hci_req_add_le_passive_scan(struct hci_request *req) | |||
5413 | if (hci_update_random_address(req, false, &own_addr_type)) | 5585 | if (hci_update_random_address(req, false, &own_addr_type)) |
5414 | return; | 5586 | return; |
5415 | 5587 | ||
5588 | /* Adding or removing entries from the white list must | ||
5589 | * happen before enabling scanning. The controller does | ||
5590 | * not allow white list modification while scanning. | ||
5591 | */ | ||
5592 | filter_policy = update_white_list(req); | ||
5593 | |||
5416 | memset(¶m_cp, 0, sizeof(param_cp)); | 5594 | memset(¶m_cp, 0, sizeof(param_cp)); |
5417 | param_cp.type = LE_SCAN_PASSIVE; | 5595 | param_cp.type = LE_SCAN_PASSIVE; |
5418 | param_cp.interval = cpu_to_le16(hdev->le_scan_interval); | 5596 | param_cp.interval = cpu_to_le16(hdev->le_scan_interval); |
5419 | param_cp.window = cpu_to_le16(hdev->le_scan_window); | 5597 | param_cp.window = cpu_to_le16(hdev->le_scan_window); |
5420 | param_cp.own_address_type = own_addr_type; | 5598 | param_cp.own_address_type = own_addr_type; |
5599 | param_cp.filter_policy = filter_policy; | ||
5421 | hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), | 5600 | hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), |
5422 | ¶m_cp); | 5601 | ¶m_cp); |
5423 | 5602 | ||
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 4c41774aa556..be35598984d9 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -317,7 +317,7 @@ static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb) | |||
317 | if (param & SCAN_PAGE) | 317 | if (param & SCAN_PAGE) |
318 | set_bit(HCI_PSCAN, &hdev->flags); | 318 | set_bit(HCI_PSCAN, &hdev->flags); |
319 | else | 319 | else |
320 | clear_bit(HCI_ISCAN, &hdev->flags); | 320 | clear_bit(HCI_PSCAN, &hdev->flags); |
321 | 321 | ||
322 | done: | 322 | done: |
323 | hci_dev_unlock(hdev); | 323 | hci_dev_unlock(hdev); |
@@ -2259,6 +2259,7 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2259 | break; | 2259 | break; |
2260 | /* Fall through */ | 2260 | /* Fall through */ |
2261 | 2261 | ||
2262 | case HCI_AUTO_CONN_DIRECT: | ||
2262 | case HCI_AUTO_CONN_ALWAYS: | 2263 | case HCI_AUTO_CONN_ALWAYS: |
2263 | list_del_init(¶ms->action); | 2264 | list_del_init(¶ms->action); |
2264 | list_add(¶ms->action, &hdev->pend_le_conns); | 2265 | list_add(¶ms->action, &hdev->pend_le_conns); |
@@ -3118,7 +3119,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3118 | hci_conn_drop(conn); | 3119 | hci_conn_drop(conn); |
3119 | } | 3120 | } |
3120 | 3121 | ||
3121 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) && | 3122 | if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && |
3122 | !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) { | 3123 | !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) { |
3123 | hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, | 3124 | hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, |
3124 | sizeof(ev->bdaddr), &ev->bdaddr); | 3125 | sizeof(ev->bdaddr), &ev->bdaddr); |
@@ -3651,7 +3652,7 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3651 | /* Allow pairing if we're pairable, the initiators of the | 3652 | /* Allow pairing if we're pairable, the initiators of the |
3652 | * pairing or if the remote is not requesting bonding. | 3653 | * pairing or if the remote is not requesting bonding. |
3653 | */ | 3654 | */ |
3654 | if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) || | 3655 | if (test_bit(HCI_BONDABLE, &hdev->dev_flags) || |
3655 | test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) || | 3656 | test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) || |
3656 | (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { | 3657 | (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) { |
3657 | struct hci_cp_io_capability_reply cp; | 3658 | struct hci_cp_io_capability_reply cp; |
@@ -3670,13 +3671,18 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3670 | if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && | 3671 | if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && |
3671 | conn->auth_type != HCI_AT_NO_BONDING) | 3672 | conn->auth_type != HCI_AT_NO_BONDING) |
3672 | conn->auth_type |= 0x01; | 3673 | conn->auth_type |= 0x01; |
3673 | |||
3674 | cp.authentication = conn->auth_type; | ||
3675 | } else { | 3674 | } else { |
3676 | conn->auth_type = hci_get_auth_req(conn); | 3675 | conn->auth_type = hci_get_auth_req(conn); |
3677 | cp.authentication = conn->auth_type; | ||
3678 | } | 3676 | } |
3679 | 3677 | ||
3678 | /* If we're not bondable, force one of the non-bondable | ||
3679 | * authentication requirement values. | ||
3680 | */ | ||
3681 | if (!test_bit(HCI_BONDABLE, &hdev->dev_flags)) | ||
3682 | conn->auth_type &= HCI_AT_NO_BONDING_MITM; | ||
3683 | |||
3684 | cp.authentication = conn->auth_type; | ||
3685 | |||
3680 | if (hci_find_remote_oob_data(hdev, &conn->dst) && | 3686 | if (hci_find_remote_oob_data(hdev, &conn->dst) && |
3681 | (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) | 3687 | (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags))) |
3682 | cp.oob_data = 0x01; | 3688 | cp.oob_data = 0x01; |
@@ -4251,6 +4257,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, | |||
4251 | u8 addr_type, u8 adv_type) | 4257 | u8 addr_type, u8 adv_type) |
4252 | { | 4258 | { |
4253 | struct hci_conn *conn; | 4259 | struct hci_conn *conn; |
4260 | struct hci_conn_params *params; | ||
4254 | 4261 | ||
4255 | /* If the event is not connectable don't proceed further */ | 4262 | /* If the event is not connectable don't proceed further */ |
4256 | if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND) | 4263 | if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND) |
@@ -4266,18 +4273,35 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, | |||
4266 | if (hdev->conn_hash.le_num_slave > 0) | 4273 | if (hdev->conn_hash.le_num_slave > 0) |
4267 | return; | 4274 | return; |
4268 | 4275 | ||
4269 | /* If we're connectable, always connect any ADV_DIRECT_IND event */ | ||
4270 | if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) && | ||
4271 | adv_type == LE_ADV_DIRECT_IND) | ||
4272 | goto connect; | ||
4273 | |||
4274 | /* If we're not connectable only connect devices that we have in | 4276 | /* If we're not connectable only connect devices that we have in |
4275 | * our pend_le_conns list. | 4277 | * our pend_le_conns list. |
4276 | */ | 4278 | */ |
4277 | if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, addr, addr_type)) | 4279 | params = hci_pend_le_action_lookup(&hdev->pend_le_conns, |
4280 | addr, addr_type); | ||
4281 | if (!params) | ||
4282 | return; | ||
4283 | |||
4284 | switch (params->auto_connect) { | ||
4285 | case HCI_AUTO_CONN_DIRECT: | ||
4286 | /* Only devices advertising with ADV_DIRECT_IND are | ||
4287 | * triggering a connection attempt. This is allowing | ||
4288 | * incoming connections from slave devices. | ||
4289 | */ | ||
4290 | if (adv_type != LE_ADV_DIRECT_IND) | ||
4291 | return; | ||
4292 | break; | ||
4293 | case HCI_AUTO_CONN_ALWAYS: | ||
4294 | /* Devices advertising with ADV_IND or ADV_DIRECT_IND | ||
4295 | * are triggering a connection attempt. This means | ||
4296 | * that incoming connectioms from slave device are | ||
4297 | * accepted and also outgoing connections to slave | ||
4298 | * devices are established when found. | ||
4299 | */ | ||
4300 | break; | ||
4301 | default: | ||
4278 | return; | 4302 | return; |
4303 | } | ||
4279 | 4304 | ||
4280 | connect: | ||
4281 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, | 4305 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, |
4282 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); | 4306 | HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); |
4283 | if (!IS_ERR(conn)) | 4307 | if (!IS_ERR(conn)) |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 8181ea4bc2f2..6c7ecf116e74 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c | |||
@@ -154,7 +154,7 @@ static int hidp_input_event(struct input_dev *dev, unsigned int type, | |||
154 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | 154 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | |
155 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | 155 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | |
156 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | 156 | (!!test_bit(LED_CAPSL, dev->led) << 1) | |
157 | (!!test_bit(LED_NUML, dev->led)); | 157 | (!!test_bit(LED_NUML, dev->led) << 0); |
158 | 158 | ||
159 | if (session->leds == newleds) | 159 | if (session->leds == newleds) |
160 | return 0; | 160 | return 0; |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 190668367e42..b8554d429d88 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -44,7 +44,7 @@ static const u16 mgmt_commands[] = { | |||
44 | MGMT_OP_SET_DISCOVERABLE, | 44 | MGMT_OP_SET_DISCOVERABLE, |
45 | MGMT_OP_SET_CONNECTABLE, | 45 | MGMT_OP_SET_CONNECTABLE, |
46 | MGMT_OP_SET_FAST_CONNECTABLE, | 46 | MGMT_OP_SET_FAST_CONNECTABLE, |
47 | MGMT_OP_SET_PAIRABLE, | 47 | MGMT_OP_SET_BONDABLE, |
48 | MGMT_OP_SET_LINK_SECURITY, | 48 | MGMT_OP_SET_LINK_SECURITY, |
49 | MGMT_OP_SET_SSP, | 49 | MGMT_OP_SET_SSP, |
50 | MGMT_OP_SET_HS, | 50 | MGMT_OP_SET_HS, |
@@ -553,7 +553,7 @@ static u32 get_supported_settings(struct hci_dev *hdev) | |||
553 | u32 settings = 0; | 553 | u32 settings = 0; |
554 | 554 | ||
555 | settings |= MGMT_SETTING_POWERED; | 555 | settings |= MGMT_SETTING_POWERED; |
556 | settings |= MGMT_SETTING_PAIRABLE; | 556 | settings |= MGMT_SETTING_BONDABLE; |
557 | settings |= MGMT_SETTING_DEBUG_KEYS; | 557 | settings |= MGMT_SETTING_DEBUG_KEYS; |
558 | settings |= MGMT_SETTING_CONNECTABLE; | 558 | settings |= MGMT_SETTING_CONNECTABLE; |
559 | settings |= MGMT_SETTING_DISCOVERABLE; | 559 | settings |= MGMT_SETTING_DISCOVERABLE; |
@@ -603,8 +603,8 @@ static u32 get_current_settings(struct hci_dev *hdev) | |||
603 | if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) | 603 | if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) |
604 | settings |= MGMT_SETTING_DISCOVERABLE; | 604 | settings |= MGMT_SETTING_DISCOVERABLE; |
605 | 605 | ||
606 | if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) | 606 | if (test_bit(HCI_BONDABLE, &hdev->dev_flags)) |
607 | settings |= MGMT_SETTING_PAIRABLE; | 607 | settings |= MGMT_SETTING_BONDABLE; |
608 | 608 | ||
609 | if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) | 609 | if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) |
610 | settings |= MGMT_SETTING_BREDR; | 610 | settings |= MGMT_SETTING_BREDR; |
@@ -1086,8 +1086,8 @@ static void enable_advertising(struct hci_request *req) | |||
1086 | return; | 1086 | return; |
1087 | 1087 | ||
1088 | memset(&cp, 0, sizeof(cp)); | 1088 | memset(&cp, 0, sizeof(cp)); |
1089 | cp.min_interval = cpu_to_le16(0x0800); | 1089 | cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval); |
1090 | cp.max_interval = cpu_to_le16(0x0800); | 1090 | cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval); |
1091 | cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; | 1091 | cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; |
1092 | cp.own_address_type = own_addr_type; | 1092 | cp.own_address_type = own_addr_type; |
1093 | cp.channel_map = hdev->le_adv_channel_map; | 1093 | cp.channel_map = hdev->le_adv_channel_map; |
@@ -1152,7 +1152,7 @@ static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) | |||
1152 | * for mgmt we require user-space to explicitly enable | 1152 | * for mgmt we require user-space to explicitly enable |
1153 | * it | 1153 | * it |
1154 | */ | 1154 | */ |
1155 | clear_bit(HCI_PAIRABLE, &hdev->dev_flags); | 1155 | clear_bit(HCI_BONDABLE, &hdev->dev_flags); |
1156 | } | 1156 | } |
1157 | 1157 | ||
1158 | static int read_controller_info(struct sock *sk, struct hci_dev *hdev, | 1158 | static int read_controller_info(struct sock *sk, struct hci_dev *hdev, |
@@ -1881,7 +1881,18 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
1881 | if (cp->val) { | 1881 | if (cp->val) { |
1882 | scan = SCAN_PAGE; | 1882 | scan = SCAN_PAGE; |
1883 | } else { | 1883 | } else { |
1884 | scan = 0; | 1884 | /* If we don't have any whitelist entries just |
1885 | * disable all scanning. If there are entries | ||
1886 | * and we had both page and inquiry scanning | ||
1887 | * enabled then fall back to only page scanning. | ||
1888 | * Otherwise no changes are needed. | ||
1889 | */ | ||
1890 | if (list_empty(&hdev->whitelist)) | ||
1891 | scan = SCAN_DISABLED; | ||
1892 | else if (test_bit(HCI_ISCAN, &hdev->flags)) | ||
1893 | scan = SCAN_PAGE; | ||
1894 | else | ||
1895 | goto no_scan_update; | ||
1885 | 1896 | ||
1886 | if (test_bit(HCI_ISCAN, &hdev->flags) && | 1897 | if (test_bit(HCI_ISCAN, &hdev->flags) && |
1887 | hdev->discov_timeout > 0) | 1898 | hdev->discov_timeout > 0) |
@@ -1891,6 +1902,7 @@ static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
1891 | hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); | 1902 | hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); |
1892 | } | 1903 | } |
1893 | 1904 | ||
1905 | no_scan_update: | ||
1894 | /* If we're going from non-connectable to connectable or | 1906 | /* If we're going from non-connectable to connectable or |
1895 | * vice-versa when fast connectable is enabled ensure that fast | 1907 | * vice-versa when fast connectable is enabled ensure that fast |
1896 | * connectable gets disabled. write_fast_connectable won't do | 1908 | * connectable gets disabled. write_fast_connectable won't do |
@@ -1918,7 +1930,7 @@ failed: | |||
1918 | return err; | 1930 | return err; |
1919 | } | 1931 | } |
1920 | 1932 | ||
1921 | static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, | 1933 | static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data, |
1922 | u16 len) | 1934 | u16 len) |
1923 | { | 1935 | { |
1924 | struct mgmt_mode *cp = data; | 1936 | struct mgmt_mode *cp = data; |
@@ -1928,17 +1940,17 @@ static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data, | |||
1928 | BT_DBG("request for %s", hdev->name); | 1940 | BT_DBG("request for %s", hdev->name); |
1929 | 1941 | ||
1930 | if (cp->val != 0x00 && cp->val != 0x01) | 1942 | if (cp->val != 0x00 && cp->val != 0x01) |
1931 | return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE, | 1943 | return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE, |
1932 | MGMT_STATUS_INVALID_PARAMS); | 1944 | MGMT_STATUS_INVALID_PARAMS); |
1933 | 1945 | ||
1934 | hci_dev_lock(hdev); | 1946 | hci_dev_lock(hdev); |
1935 | 1947 | ||
1936 | if (cp->val) | 1948 | if (cp->val) |
1937 | changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags); | 1949 | changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags); |
1938 | else | 1950 | else |
1939 | changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags); | 1951 | changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags); |
1940 | 1952 | ||
1941 | err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); | 1953 | err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev); |
1942 | if (err < 0) | 1954 | if (err < 0) |
1943 | goto unlock; | 1955 | goto unlock; |
1944 | 1956 | ||
@@ -2264,7 +2276,7 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) | |||
2264 | 2276 | ||
2265 | if (val) { | 2277 | if (val) { |
2266 | hci_cp.le = val; | 2278 | hci_cp.le = val; |
2267 | hci_cp.simul = lmp_le_br_capable(hdev); | 2279 | hci_cp.simul = 0x00; |
2268 | } else { | 2280 | } else { |
2269 | if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) | 2281 | if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) |
2270 | disable_advertising(&req); | 2282 | disable_advertising(&req); |
@@ -3201,7 +3213,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
3201 | conn->io_capability = cp->io_cap; | 3213 | conn->io_capability = cp->io_cap; |
3202 | cmd->user_data = conn; | 3214 | cmd->user_data = conn; |
3203 | 3215 | ||
3204 | if (conn->state == BT_CONNECTED && | 3216 | if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && |
3205 | hci_conn_security(conn, sec_level, auth_type, true)) | 3217 | hci_conn_security(conn, sec_level, auth_type, true)) |
3206 | pairing_complete(cmd, 0); | 3218 | pairing_complete(cmd, 0); |
3207 | 3219 | ||
@@ -5271,7 +5283,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev, | |||
5271 | MGMT_STATUS_INVALID_PARAMS, | 5283 | MGMT_STATUS_INVALID_PARAMS, |
5272 | &cp->addr, sizeof(cp->addr)); | 5284 | &cp->addr, sizeof(cp->addr)); |
5273 | 5285 | ||
5274 | if (cp->action != 0x00 && cp->action != 0x01) | 5286 | if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02) |
5275 | return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, | 5287 | return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, |
5276 | MGMT_STATUS_INVALID_PARAMS, | 5288 | MGMT_STATUS_INVALID_PARAMS, |
5277 | &cp->addr, sizeof(cp->addr)); | 5289 | &cp->addr, sizeof(cp->addr)); |
@@ -5281,7 +5293,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev, | |||
5281 | if (cp->addr.type == BDADDR_BREDR) { | 5293 | if (cp->addr.type == BDADDR_BREDR) { |
5282 | bool update_scan; | 5294 | bool update_scan; |
5283 | 5295 | ||
5284 | /* Only "connect" action supported for now */ | 5296 | /* Only incoming connections action is supported for now */ |
5285 | if (cp->action != 0x01) { | 5297 | if (cp->action != 0x01) { |
5286 | err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, | 5298 | err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, |
5287 | MGMT_STATUS_INVALID_PARAMS, | 5299 | MGMT_STATUS_INVALID_PARAMS, |
@@ -5307,8 +5319,10 @@ static int add_device(struct sock *sk, struct hci_dev *hdev, | |||
5307 | else | 5319 | else |
5308 | addr_type = ADDR_LE_DEV_RANDOM; | 5320 | addr_type = ADDR_LE_DEV_RANDOM; |
5309 | 5321 | ||
5310 | if (cp->action) | 5322 | if (cp->action == 0x02) |
5311 | auto_conn = HCI_AUTO_CONN_ALWAYS; | 5323 | auto_conn = HCI_AUTO_CONN_ALWAYS; |
5324 | else if (cp->action == 0x01) | ||
5325 | auto_conn = HCI_AUTO_CONN_DIRECT; | ||
5312 | else | 5326 | else |
5313 | auto_conn = HCI_AUTO_CONN_REPORT; | 5327 | auto_conn = HCI_AUTO_CONN_REPORT; |
5314 | 5328 | ||
@@ -5665,7 +5679,7 @@ static const struct mgmt_handler { | |||
5665 | { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, | 5679 | { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE }, |
5666 | { set_connectable, false, MGMT_SETTING_SIZE }, | 5680 | { set_connectable, false, MGMT_SETTING_SIZE }, |
5667 | { set_fast_connectable, false, MGMT_SETTING_SIZE }, | 5681 | { set_fast_connectable, false, MGMT_SETTING_SIZE }, |
5668 | { set_pairable, false, MGMT_SETTING_SIZE }, | 5682 | { set_bondable, false, MGMT_SETTING_SIZE }, |
5669 | { set_link_security, false, MGMT_SETTING_SIZE }, | 5683 | { set_link_security, false, MGMT_SETTING_SIZE }, |
5670 | { set_ssp, false, MGMT_SETTING_SIZE }, | 5684 | { set_ssp, false, MGMT_SETTING_SIZE }, |
5671 | { set_hs, false, MGMT_SETTING_SIZE }, | 5685 | { set_hs, false, MGMT_SETTING_SIZE }, |
@@ -5870,6 +5884,7 @@ static void restart_le_actions(struct hci_dev *hdev) | |||
5870 | list_del_init(&p->action); | 5884 | list_del_init(&p->action); |
5871 | 5885 | ||
5872 | switch (p->auto_connect) { | 5886 | switch (p->auto_connect) { |
5887 | case HCI_AUTO_CONN_DIRECT: | ||
5873 | case HCI_AUTO_CONN_ALWAYS: | 5888 | case HCI_AUTO_CONN_ALWAYS: |
5874 | list_add(&p->action, &hdev->pend_le_conns); | 5889 | list_add(&p->action, &hdev->pend_le_conns); |
5875 | break; | 5890 | break; |
@@ -5922,8 +5937,8 @@ static int powered_update_hci(struct hci_dev *hdev) | |||
5922 | lmp_bredr_capable(hdev)) { | 5937 | lmp_bredr_capable(hdev)) { |
5923 | struct hci_cp_write_le_host_supported cp; | 5938 | struct hci_cp_write_le_host_supported cp; |
5924 | 5939 | ||
5925 | cp.le = 1; | 5940 | cp.le = 0x01; |
5926 | cp.simul = lmp_le_br_capable(hdev); | 5941 | cp.simul = 0x00; |
5927 | 5942 | ||
5928 | /* Check first if we already have the right | 5943 | /* Check first if we already have the right |
5929 | * host state (host features set) | 5944 | * host state (host features set) |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index a0690a84f3e9..af73bc3acb40 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
@@ -1910,10 +1910,13 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s) | |||
1910 | /* Get data directly from socket receive queue without copying it. */ | 1910 | /* Get data directly from socket receive queue without copying it. */ |
1911 | while ((skb = skb_dequeue(&sk->sk_receive_queue))) { | 1911 | while ((skb = skb_dequeue(&sk->sk_receive_queue))) { |
1912 | skb_orphan(skb); | 1912 | skb_orphan(skb); |
1913 | if (!skb_linearize(skb)) | 1913 | if (!skb_linearize(skb)) { |
1914 | s = rfcomm_recv_frame(s, skb); | 1914 | s = rfcomm_recv_frame(s, skb); |
1915 | else | 1915 | if (!s) |
1916 | break; | ||
1917 | } else { | ||
1916 | kfree_skb(skb); | 1918 | kfree_skb(skb); |
1919 | } | ||
1917 | } | 1920 | } |
1918 | 1921 | ||
1919 | if (s && (sk->sk_state == BT_CLOSED)) | 1922 | if (s && (sk->sk_state == BT_CLOSED)) |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index e49c83d8b957..fd3294300803 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
@@ -307,7 +307,7 @@ static void build_pairing_cmd(struct l2cap_conn *conn, | |||
307 | struct hci_dev *hdev = hcon->hdev; | 307 | struct hci_dev *hdev = hcon->hdev; |
308 | u8 local_dist = 0, remote_dist = 0; | 308 | u8 local_dist = 0, remote_dist = 0; |
309 | 309 | ||
310 | if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { | 310 | if (test_bit(HCI_BONDABLE, &conn->hcon->hdev->dev_flags)) { |
311 | local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; | 311 | local_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; |
312 | remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; | 312 | remote_dist = SMP_DIST_ENC_KEY | SMP_DIST_SIGN; |
313 | authreq |= SMP_AUTH_BONDING; | 313 | authreq |= SMP_AUTH_BONDING; |
@@ -579,13 +579,16 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) | |||
579 | struct smp_chan *smp; | 579 | struct smp_chan *smp; |
580 | 580 | ||
581 | smp = kzalloc(sizeof(*smp), GFP_ATOMIC); | 581 | smp = kzalloc(sizeof(*smp), GFP_ATOMIC); |
582 | if (!smp) | 582 | if (!smp) { |
583 | clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); | ||
583 | return NULL; | 584 | return NULL; |
585 | } | ||
584 | 586 | ||
585 | smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); | 587 | smp->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); |
586 | if (IS_ERR(smp->tfm_aes)) { | 588 | if (IS_ERR(smp->tfm_aes)) { |
587 | BT_ERR("Unable to create ECB crypto context"); | 589 | BT_ERR("Unable to create ECB crypto context"); |
588 | kfree(smp); | 590 | kfree(smp); |
591 | clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); | ||
589 | return NULL; | 592 | return NULL; |
590 | } | 593 | } |
591 | 594 | ||
@@ -701,7 +704,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
701 | if (!smp) | 704 | if (!smp) |
702 | return SMP_UNSPECIFIED; | 705 | return SMP_UNSPECIFIED; |
703 | 706 | ||
704 | if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) && | 707 | if (!test_bit(HCI_BONDABLE, &hdev->dev_flags) && |
705 | (req->auth_req & SMP_AUTH_BONDING)) | 708 | (req->auth_req & SMP_AUTH_BONDING)) |
706 | return SMP_PAIRING_NOTSUPP; | 709 | return SMP_PAIRING_NOTSUPP; |
707 | 710 | ||
@@ -923,14 +926,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
923 | if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) | 926 | if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) |
924 | return 0; | 927 | return 0; |
925 | 928 | ||
926 | if (!test_bit(HCI_PAIRABLE, &hcon->hdev->dev_flags) && | ||
927 | (rp->auth_req & SMP_AUTH_BONDING)) | ||
928 | return SMP_PAIRING_NOTSUPP; | ||
929 | |||
930 | smp = smp_chan_create(conn); | 929 | smp = smp_chan_create(conn); |
931 | if (!smp) | 930 | if (!smp) |
932 | return SMP_UNSPECIFIED; | 931 | return SMP_UNSPECIFIED; |
933 | 932 | ||
933 | if (!test_bit(HCI_BONDABLE, &hcon->hdev->dev_flags) && | ||
934 | (rp->auth_req & SMP_AUTH_BONDING)) | ||
935 | return SMP_PAIRING_NOTSUPP; | ||
936 | |||
934 | skb_pull(skb, sizeof(*rp)); | 937 | skb_pull(skb, sizeof(*rp)); |
935 | 938 | ||
936 | memset(&cp, 0, sizeof(cp)); | 939 | memset(&cp, 0, sizeof(cp)); |
@@ -1291,6 +1294,22 @@ static void smp_notify_keys(struct l2cap_conn *conn) | |||
1291 | bacpy(&hcon->dst, &smp->remote_irk->bdaddr); | 1294 | bacpy(&hcon->dst, &smp->remote_irk->bdaddr); |
1292 | hcon->dst_type = smp->remote_irk->addr_type; | 1295 | hcon->dst_type = smp->remote_irk->addr_type; |
1293 | l2cap_conn_update_id_addr(hcon); | 1296 | l2cap_conn_update_id_addr(hcon); |
1297 | |||
1298 | /* When receiving an indentity resolving key for | ||
1299 | * a remote device that does not use a resolvable | ||
1300 | * private address, just remove the key so that | ||
1301 | * it is possible to use the controller white | ||
1302 | * list for scanning. | ||
1303 | * | ||
1304 | * Userspace will have been told to not store | ||
1305 | * this key at this point. So it is safe to | ||
1306 | * just remove it. | ||
1307 | */ | ||
1308 | if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { | ||
1309 | list_del(&smp->remote_irk->list); | ||
1310 | kfree(smp->remote_irk); | ||
1311 | smp->remote_irk = NULL; | ||
1312 | } | ||
1294 | } | 1313 | } |
1295 | 1314 | ||
1296 | /* The LTKs and CSRKs should be persistent only if both sides | 1315 | /* The LTKs and CSRKs should be persistent only if both sides |