Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless

author: John W. Linville <linville@tuxdriver.com> 2012-09-07 15:07:55 -0400
committer: John W. Linville <linville@tuxdriver.com> 2012-09-07 15:07:55 -0400
commit: fac805f8c198092de9a2842efd7f5022e2937b18 (patch)
tree: 7557809c373f97a343c427d8fded0696060394ce /net/bluetooth
parent: 2461c7d60f9f3821274e4acf9019cba8b82c94b5 (diff)
parent: f10723841e624c0726c70356b31d91befed01dd6 (diff)
6 files changed, 53 insertions, 29 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 5ad7da217474..3c094e78dde9 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -29,6 +29,7 @@
 #include <net/bluetooth/bluetooth.h>
 #include <net/bluetooth/hci_core.h>
 #include <net/bluetooth/a2mp.h>
+#include <net/bluetooth/smp.h>
 static void hci_le_connect(struct hci_conn *conn)
 {
@@ -619,6 +620,9 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
 {
        BT_DBG("hcon %p", conn);
+        if (conn->type == LE_LINK)
+                return smp_conn_security(conn, sec_level);
        /* For sdp we don't need the link key. */
        if (sec_level == BT_SECURITY_SDP)
                return 1;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 32e21ad36a68..4fd2cf3bcd05 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1365,6 +1365,9 @@ static bool hci_resolve_next_name(struct hci_dev *hdev)
                return false;
        e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
+        if (!e)
+                return false;
        if (hci_resolve_name(hdev, e) == 0) {
                e->name_state = NAME_PENDING;
                return true;
@@ -1393,12 +1396,20 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
                return;
        e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
-        if (e) {
+        /* If the device was not found in a list of found devices names of which
+         * are pending. there is no need to continue resolving a next name as it
+         * will be done upon receiving another Remote Name Request Complete
+         * Event */
+        if (!e)
+                return;
+        list_del(&e->list);
+        if (name) {
                e->name_state = NAME_KNOWN;
-                list_del(&e->list);
+                mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
-                if (name)
+                                 e->data.rssi, name, name_len);
-                        mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+        } else {
-                                         e->data.rssi, name, name_len);
+                e->name_state = NAME_NOT_KNOWN;
        }
        if (hci_resolve_next_name(hdev))
@@ -1749,7 +1760,12 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
                if (conn->type == ACL_LINK) {
                        conn->state = BT_CONFIG;
                        hci_conn_hold(conn);
-                        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+                        if (!conn->out && !hci_conn_ssp_enabled(conn) &&
+                            !hci_find_link_key(hdev, &ev->bdaddr))
+                                conn->disc_timeout = HCI_PAIRING_TIMEOUT;
+                        else
+                                conn->disc_timeout = HCI_DISCONN_TIMEOUT;
                } else
                        conn->state = BT_CONNECTED;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 9f8b29ef5b68..e0abaf3cb6a5 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1198,6 +1198,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
        sk = chan->sk;
        hci_conn_hold(conn->hcon);
+        conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
        bacpy(&bt_sk(sk)->src, conn->src);
        bacpy(&bt_sk(sk)->dst, conn->dst);
@@ -1215,14 +1216,15 @@ clean:
 static void l2cap_conn_ready(struct l2cap_conn *conn)
 {
        struct l2cap_chan *chan;
+        struct hci_conn *hcon = conn->hcon;
        BT_DBG("conn %p", conn);
-        if (!conn->hcon->out && conn->hcon->type == LE_LINK)
+        if (!hcon->out && hcon->type == LE_LINK)
                l2cap_le_conn_ready(conn);
-        if (conn->hcon->out && conn->hcon->type == LE_LINK)
+        if (hcon->out && hcon->type == LE_LINK)
-                smp_conn_security(conn, conn->hcon->pending_sec_level);
+                smp_conn_security(hcon, hcon->pending_sec_level);
        mutex_lock(&conn->chan_lock);
@@ -1235,8 +1237,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
                        continue;
                }
-                if (conn->hcon->type == LE_LINK) {
+                if (hcon->type == LE_LINK) {
-                        if (smp_conn_security(conn, chan->sec_level))
+                        if (smp_conn_security(hcon, chan->sec_level))
                                l2cap_chan_ready(chan);
                } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 13f6a9816feb..2542abd3336f 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -619,7 +619,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
                                break;
                        }
-                        if (smp_conn_security(conn, sec.level))
+                        if (smp_conn_security(conn->hcon, sec.level))
                                break;
                        sk->sk_state = BT_CONFIG;
                        chan->state = BT_CONFIG;
@@ -1180,7 +1180,7 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
        chan = l2cap_chan_create();
        if (!chan) {
-                l2cap_sock_kill(sk);
+                sk_free(sk);
                return NULL;
        }
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index caa109df6452..dc42b917aaaf 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -131,6 +131,15 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
                sco_sock_clear_timer(sk);
                sco_chan_del(sk, err);
                bh_unlock_sock(sk);
+                sco_conn_lock(conn);
+                conn->sk = NULL;
+                sco_pi(sk)->conn = NULL;
+                sco_conn_unlock(conn);
+                if (conn->hcon)
+                        hci_conn_put(conn->hcon);
                sco_sock_kill(sk);
        }
@@ -821,16 +830,6 @@ static void sco_chan_del(struct sock *sk, int err)
        BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
-        if (conn) {
-                sco_conn_lock(conn);
-                conn->sk = NULL;
-                sco_pi(sk)->conn = NULL;
-                sco_conn_unlock(conn);
-                if (conn->hcon)
-                        hci_conn_put(conn->hcon);
-        }
        sk->sk_state = BT_CLOSED;
        sk->sk_err   = err;
        sk->sk_state_change(sk);
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 16ef0dc85a0a..8c225ef349cd 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -267,10 +267,10 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
        mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
                         hcon->dst_type, reason);
-        if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {
+        cancel_delayed_work_sync(&conn->security_timer);
-                cancel_delayed_work_sync(&conn->security_timer);
+        if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
                smp_chan_destroy(conn);
-        }
 }
 #define JUST_WORKS      0x00
@@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
        if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
                smp = smp_chan_create(conn);
+        else
+                smp = conn->smp_chan;
-        smp = conn->smp_chan;
+        if (!smp)
+                return SMP_UNSPECIFIED;
        smp->preq[0] = SMP_CMD_PAIRING_REQ;
        memcpy(&smp->preq[1], req, sizeof(*req));
@@ -757,9 +760,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
        return 0;
 }
-int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)
+int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
 {
-        struct hci_conn *hcon = conn->hcon;
+        struct l2cap_conn *conn = hcon->l2cap_data;
        struct smp_chan *smp = conn->smp_chan;
        __u8 authreq;
author	John W. Linville <linville@tuxdriver.com>	2012-09-07 15:07:55 -0400
committer	John W. Linville <linville@tuxdriver.com>	2012-09-07 15:07:55 -0400
commit	fac805f8c198092de9a2842efd7f5022e2937b18 (patch)
tree	7557809c373f97a343c427d8fded0696060394ce /net/bluetooth
parent	2461c7d60f9f3821274e4acf9019cba8b82c94b5 (diff)
parent	f10723841e624c0726c70356b31d91befed01dd6 (diff)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 5ad7da217474..3c094e78dde9 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c
@@ -29,6 +29,7 @@
29	#include <net/bluetooth/bluetooth.h>	29	#include <net/bluetooth/bluetooth.h>
30	#include <net/bluetooth/hci_core.h>	30	#include <net/bluetooth/hci_core.h>
31	#include <net/bluetooth/a2mp.h>	31	#include <net/bluetooth/a2mp.h>
		32	#include <net/bluetooth/smp.h>
32		33
33	static void hci_le_connect(struct hci_conn *conn)	34	static void hci_le_connect(struct hci_conn *conn)
34	{	35	{
@@ -619,6 +620,9 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
619	{	620	{
620	BT_DBG("hcon %p", conn);	621	BT_DBG("hcon %p", conn);
621		622
		623	if (conn->type == LE_LINK)
		624	return smp_conn_security(conn, sec_level);
		625
622	/* For sdp we don't need the link key. */	626	/* For sdp we don't need the link key. */
623	if (sec_level == BT_SECURITY_SDP)	627	if (sec_level == BT_SECURITY_SDP)
624	return 1;	628	return 1;


diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 32e21ad36a68..4fd2cf3bcd05 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c
@@ -1365,6 +1365,9 @@ static bool hci_resolve_next_name(struct hci_dev *hdev)
1365	return false;	1365	return false;
1366		1366
1367	e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);	1367	e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
		1368	if (!e)
		1369	return false;
		1370
1368	if (hci_resolve_name(hdev, e) == 0) {	1371	if (hci_resolve_name(hdev, e) == 0) {
1369	e->name_state = NAME_PENDING;	1372	e->name_state = NAME_PENDING;
1370	return true;	1373	return true;
@@ -1393,12 +1396,20 @@ static void hci_check_pending_name(struct hci_dev hdev, struct hci_conn conn,
1393	return;	1396	return;
1394		1397
1395	e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);	1398	e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1396	if (e) {	1399	/* If the device was not found in a list of found devices names of which
		1400	* are pending. there is no need to continue resolving a next name as it
		1401	* will be done upon receiving another Remote Name Request Complete
		1402	* Event */
		1403	if (!e)
		1404	return;
		1405
		1406	list_del(&e->list);
		1407	if (name) {
1397	e->name_state = NAME_KNOWN;	1408	e->name_state = NAME_KNOWN;
1398	list_del(&e->list);	1409	mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1399	if (name)	1410	e->data.rssi, name, name_len);
1400	mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,	1411	} else {
1401	e->data.rssi, name, name_len);	1412	e->name_state = NAME_NOT_KNOWN;
1402	}	1413	}
1403		1414
1404	if (hci_resolve_next_name(hdev))	1415	if (hci_resolve_next_name(hdev))
@@ -1749,7 +1760,12 @@ static void hci_conn_complete_evt(struct hci_dev hdev, struct sk_buff skb)
1749	if (conn->type == ACL_LINK) {	1760	if (conn->type == ACL_LINK) {
1750	conn->state = BT_CONFIG;	1761	conn->state = BT_CONFIG;
1751	hci_conn_hold(conn);	1762	hci_conn_hold(conn);
1752	conn->disc_timeout = HCI_DISCONN_TIMEOUT;	1763
		1764	if (!conn->out && !hci_conn_ssp_enabled(conn) &&
		1765	!hci_find_link_key(hdev, &ev->bdaddr))
		1766	conn->disc_timeout = HCI_PAIRING_TIMEOUT;
		1767	else
		1768	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1753	} else	1769	} else
1754	conn->state = BT_CONNECTED;	1770	conn->state = BT_CONNECTED;
1755		1771


diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 9f8b29ef5b68..e0abaf3cb6a5 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c
@@ -1198,6 +1198,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
1198	sk = chan->sk;	1198	sk = chan->sk;
1199		1199
1200	hci_conn_hold(conn->hcon);	1200	hci_conn_hold(conn->hcon);
		1201	conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
1201		1202
1202	bacpy(&bt_sk(sk)->src, conn->src);	1203	bacpy(&bt_sk(sk)->src, conn->src);
1203	bacpy(&bt_sk(sk)->dst, conn->dst);	1204	bacpy(&bt_sk(sk)->dst, conn->dst);
@@ -1215,14 +1216,15 @@ clean:
1215	static void l2cap_conn_ready(struct l2cap_conn *conn)	1216	static void l2cap_conn_ready(struct l2cap_conn *conn)
1216	{	1217	{
1217	struct l2cap_chan *chan;	1218	struct l2cap_chan *chan;
		1219	struct hci_conn *hcon = conn->hcon;
1218		1220
1219	BT_DBG("conn %p", conn);	1221	BT_DBG("conn %p", conn);
1220		1222
1221	if (!conn->hcon->out && conn->hcon->type == LE_LINK)	1223	if (!hcon->out && hcon->type == LE_LINK)
1222	l2cap_le_conn_ready(conn);	1224	l2cap_le_conn_ready(conn);
1223		1225
1224	if (conn->hcon->out && conn->hcon->type == LE_LINK)	1226	if (hcon->out && hcon->type == LE_LINK)
1225	smp_conn_security(conn, conn->hcon->pending_sec_level);	1227	smp_conn_security(hcon, hcon->pending_sec_level);
1226		1228
1227	mutex_lock(&conn->chan_lock);	1229	mutex_lock(&conn->chan_lock);
1228		1230
@@ -1235,8 +1237,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn)
1235	continue;	1237	continue;
1236	}	1238	}
1237		1239
1238	if (conn->hcon->type == LE_LINK) {	1240	if (hcon->type == LE_LINK) {
1239	if (smp_conn_security(conn, chan->sec_level))	1241	if (smp_conn_security(hcon, chan->sec_level))
1240	l2cap_chan_ready(chan);	1242	l2cap_chan_ready(chan);
1241		1243
1242	} else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {	1244	} else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {


diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 13f6a9816feb..2542abd3336f 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c
@@ -619,7 +619,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
619	break;	619	break;
620	}	620	}
621		621
622	if (smp_conn_security(conn, sec.level))	622	if (smp_conn_security(conn->hcon, sec.level))
623	break;	623	break;
624	sk->sk_state = BT_CONFIG;	624	sk->sk_state = BT_CONFIG;
625	chan->state = BT_CONFIG;	625	chan->state = BT_CONFIG;
@@ -1180,7 +1180,7 @@ static struct sock l2cap_sock_alloc(struct net net, struct socket *sock, int p
1180		1180
1181	chan = l2cap_chan_create();	1181	chan = l2cap_chan_create();
1182	if (!chan) {	1182	if (!chan) {
1183	l2cap_sock_kill(sk);	1183	sk_free(sk);
1184	return NULL;	1184	return NULL;
1185	}	1185	}
1186		1186


diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index caa109df6452..dc42b917aaaf 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c
@@ -131,6 +131,15 @@ static int sco_conn_del(struct hci_conn *hcon, int err)
131	sco_sock_clear_timer(sk);	131	sco_sock_clear_timer(sk);
132	sco_chan_del(sk, err);	132	sco_chan_del(sk, err);
133	bh_unlock_sock(sk);	133	bh_unlock_sock(sk);
		134
		135	sco_conn_lock(conn);
		136	conn->sk = NULL;
		137	sco_pi(sk)->conn = NULL;
		138	sco_conn_unlock(conn);
		139
		140	if (conn->hcon)
		141	hci_conn_put(conn->hcon);
		142
134	sco_sock_kill(sk);	143	sco_sock_kill(sk);
135	}	144	}
136		145
@@ -821,16 +830,6 @@ static void sco_chan_del(struct sock *sk, int err)
821		830
822	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);	831	BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
823		832
824	if (conn) {
825	sco_conn_lock(conn);
826	conn->sk = NULL;
827	sco_pi(sk)->conn = NULL;
828	sco_conn_unlock(conn);
829
830	if (conn->hcon)
831	hci_conn_put(conn->hcon);
832	}
833
834	sk->sk_state = BT_CLOSED;	833	sk->sk_state = BT_CLOSED;
835	sk->sk_err = err;	834	sk->sk_err = err;
836	sk->sk_state_change(sk);	835	sk->sk_state_change(sk);


diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 16ef0dc85a0a..8c225ef349cd 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c
@@ -267,10 +267,10 @@ static void smp_failure(struct l2cap_conn *conn, u8 reason, u8 send)
267	mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,	267	mgmt_auth_failed(conn->hcon->hdev, conn->dst, hcon->type,
268	hcon->dst_type, reason);	268	hcon->dst_type, reason);
269		269
270	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {	270	cancel_delayed_work_sync(&conn->security_timer);
271	cancel_delayed_work_sync(&conn->security_timer);	271
		272	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
272	smp_chan_destroy(conn);	273	smp_chan_destroy(conn);
273	}
274	}	274	}
275		275
276	#define JUST_WORKS 0x00	276	#define JUST_WORKS 0x00
@@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn conn, struct sk_buff skb)
579		579
580	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))	580	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
581	smp = smp_chan_create(conn);	581	smp = smp_chan_create(conn);
		582	else
		583	smp = conn->smp_chan;
582		584
583	smp = conn->smp_chan;	585	if (!smp)
		586	return SMP_UNSPECIFIED;
584		587
585	smp->preq[0] = SMP_CMD_PAIRING_REQ;	588	smp->preq[0] = SMP_CMD_PAIRING_REQ;
586	memcpy(&smp->preq[1], req, sizeof(*req));	589	memcpy(&smp->preq[1], req, sizeof(*req));
@@ -757,9 +760,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn conn, struct sk_buff skb)
757	return 0;	760	return 0;
758	}	761	}
759		762
760	int smp_conn_security(struct l2cap_conn *conn, __u8 sec_level)	763	int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
761	{	764	{
762	struct hci_conn *hcon = conn->hcon;	765	struct l2cap_conn *conn = hcon->l2cap_data;
763	struct smp_chan *smp = conn->smp_chan;	766	struct smp_chan *smp = conn->smp_chan;
764	__u8 authreq;	767	__u8 authreq;
765		768