aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorGustavo Padovan <gustavo@padovan.org>2012-05-13 02:20:07 -0400
committerJohn W. Linville <linville@tuxdriver.com>2012-05-14 13:51:25 -0400
commita7d7723ae7c0178d715c06c5621e8fd8014ba92f (patch)
tree8e09cd37ed267e792481c2ad699bcaff9596e5e7 /net
parent574e02abaf816b582685805f0c1150ca9f1f18ee (diff)
Bluetooth: notify userspace of security level change
It fixes L2CAP socket based security level elevation during a connection. The HID profile needs this (for keyboards) and it is the only way to achieve the security level elevation when using the management interface to talk to the kernel (hence the management enabling patch being the one that exposes this issue). It enables the userspace a security level change when the socket is already connected and create a way to notify the socket the result of the request. At the moment of the request the socket is made non writable, if the request fails the connections closes, otherwise the socket is made writable again, POLL_OUT is emmited. Signed-off-by: Gustavo Padovan <gustavo@padovan.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/af_bluetooth.c2
-rw-r--r--net/bluetooth/hci_event.c7
-rw-r--r--net/bluetooth/l2cap_core.c5
-rw-r--r--net/bluetooth/l2cap_sock.c12
4 files changed, 21 insertions, 5 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 72eb187a5f60..6fb68a9743af 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -450,7 +450,7 @@ unsigned int bt_sock_poll(struct file *file, struct socket *sock, poll_table *wa
450 sk->sk_state == BT_CONFIG) 450 sk->sk_state == BT_CONFIG)
451 return mask; 451 return mask;
452 452
453 if (sock_writeable(sk)) 453 if (!bt_sk(sk)->suspended && sock_writeable(sk))
454 mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 454 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
455 else 455 else
456 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); 456 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6c065254afc0..53680fe84628 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2039,6 +2039,12 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
2039 2039
2040 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2040 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2041 2041
2042 if (ev->status && conn->state == BT_CONNECTED) {
2043 hci_acl_disconn(conn, 0x13);
2044 hci_conn_put(conn);
2045 goto unlock;
2046 }
2047
2042 if (conn->state == BT_CONFIG) { 2048 if (conn->state == BT_CONFIG) {
2043 if (!ev->status) 2049 if (!ev->status)
2044 conn->state = BT_CONNECTED; 2050 conn->state = BT_CONNECTED;
@@ -2049,6 +2055,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
2049 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 2055 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2050 } 2056 }
2051 2057
2058unlock:
2052 hci_dev_unlock(hdev); 2059 hci_dev_unlock(hdev);
2053} 2060}
2054 2061
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 94552b33d528..6f9c25b633a6 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4589,6 +4589,11 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4589 4589
4590 if (!status && (chan->state == BT_CONNECTED || 4590 if (!status && (chan->state == BT_CONNECTED ||
4591 chan->state == BT_CONFIG)) { 4591 chan->state == BT_CONFIG)) {
4592 struct sock *sk = chan->sk;
4593
4594 bt_sk(sk)->suspended = false;
4595 sk->sk_state_change(sk);
4596
4592 l2cap_check_encryption(chan, encrypt); 4597 l2cap_check_encryption(chan, encrypt);
4593 l2cap_chan_unlock(chan); 4598 l2cap_chan_unlock(chan);
4594 continue; 4599 continue;
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 29122ed28ea9..04e7c172d49c 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -592,10 +592,14 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
592 sk->sk_state = BT_CONFIG; 592 sk->sk_state = BT_CONFIG;
593 chan->state = BT_CONFIG; 593 chan->state = BT_CONFIG;
594 594
595 /* or for ACL link, under defer_setup time */ 595 /* or for ACL link */
596 } else if (sk->sk_state == BT_CONNECT2 && 596 } else if ((sk->sk_state == BT_CONNECT2 &&
597 bt_sk(sk)->defer_setup) { 597 bt_sk(sk)->defer_setup) ||
598 err = l2cap_chan_check_security(chan); 598 sk->sk_state == BT_CONNECTED) {
599 if (!l2cap_chan_check_security(chan))
600 bt_sk(sk)->suspended = true;
601 else
602 sk->sk_state_change(sk);
599 } else { 603 } else {
600 err = -EINVAL; 604 err = -EINVAL;
601 } 605 }