diff options
| author | David S. Miller <davem@davemloft.net> | 2011-01-26 14:49:49 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-01-26 14:49:49 -0500 |
| commit | 9b6941d8b103fe95d1a90b7996046be9ee0e55e4 (patch) | |
| tree | 03c4e26abb8d6212741c3821061f2f40f2b5c8ec /net | |
| parent | de221bd5eb5e754806fcc39c40bb12b96515d9c5 (diff) | |
| parent | acd9f9cc305ca2e5da2a39f6f6160cd4b476e38b (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_conn.c | 16 | ||||
| -rw-r--r-- | net/bluetooth/hci_core.c | 4 | ||||
| -rw-r--r-- | net/bluetooth/hci_event.c | 9 | ||||
| -rw-r--r-- | net/bluetooth/l2cap.c | 84 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/core.c | 3 | ||||
| -rw-r--r-- | net/mac80211/tx.c | 3 |
6 files changed, 55 insertions, 64 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 6b90a4191734..99cd8d9d891b 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
| @@ -379,14 +379,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
| 379 | hci_conn_hold(acl); | 379 | hci_conn_hold(acl); |
| 380 | 380 | ||
| 381 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { | 381 | if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { |
| 382 | acl->sec_level = sec_level; | 382 | acl->sec_level = BT_SECURITY_LOW; |
| 383 | acl->pending_sec_level = sec_level; | ||
| 383 | acl->auth_type = auth_type; | 384 | acl->auth_type = auth_type; |
| 384 | hci_acl_connect(acl); | 385 | hci_acl_connect(acl); |
| 385 | } else { | ||
| 386 | if (acl->sec_level < sec_level) | ||
| 387 | acl->sec_level = sec_level; | ||
| 388 | if (acl->auth_type < auth_type) | ||
| 389 | acl->auth_type = auth_type; | ||
| 390 | } | 386 | } |
| 391 | 387 | ||
| 392 | if (type == ACL_LINK) | 388 | if (type == ACL_LINK) |
| @@ -442,11 +438,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) | |||
| 442 | { | 438 | { |
| 443 | BT_DBG("conn %p", conn); | 439 | BT_DBG("conn %p", conn); |
| 444 | 440 | ||
| 441 | if (conn->pending_sec_level > sec_level) | ||
| 442 | sec_level = conn->pending_sec_level; | ||
| 443 | |||
| 445 | if (sec_level > conn->sec_level) | 444 | if (sec_level > conn->sec_level) |
| 446 | conn->sec_level = sec_level; | 445 | conn->pending_sec_level = sec_level; |
| 447 | else if (conn->link_mode & HCI_LM_AUTH) | 446 | else if (conn->link_mode & HCI_LM_AUTH) |
| 448 | return 1; | 447 | return 1; |
| 449 | 448 | ||
| 449 | /* Make sure we preserve an existing MITM requirement*/ | ||
| 450 | auth_type |= (conn->auth_type & 0x01); | ||
| 451 | |||
| 450 | conn->auth_type = auth_type; | 452 | conn->auth_type = auth_type; |
| 451 | 453 | ||
| 452 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { | 454 | if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) { |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 8b602d881fd7..9c4541bc488a 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -1011,6 +1011,10 @@ int hci_unregister_dev(struct hci_dev *hdev) | |||
| 1011 | 1011 | ||
| 1012 | destroy_workqueue(hdev->workqueue); | 1012 | destroy_workqueue(hdev->workqueue); |
| 1013 | 1013 | ||
| 1014 | hci_dev_lock_bh(hdev); | ||
| 1015 | hci_blacklist_clear(hdev); | ||
| 1016 | hci_dev_unlock_bh(hdev); | ||
| 1017 | |||
| 1014 | __hci_dev_put(hdev); | 1018 | __hci_dev_put(hdev); |
| 1015 | 1019 | ||
| 1016 | return 0; | 1020 | return 0; |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 38100170d380..a290854fdaa6 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -692,13 +692,13 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev, | |||
| 692 | if (conn->state != BT_CONFIG || !conn->out) | 692 | if (conn->state != BT_CONFIG || !conn->out) |
| 693 | return 0; | 693 | return 0; |
| 694 | 694 | ||
| 695 | if (conn->sec_level == BT_SECURITY_SDP) | 695 | if (conn->pending_sec_level == BT_SECURITY_SDP) |
| 696 | return 0; | 696 | return 0; |
| 697 | 697 | ||
| 698 | /* Only request authentication for SSP connections or non-SSP | 698 | /* Only request authentication for SSP connections or non-SSP |
| 699 | * devices with sec_level HIGH */ | 699 | * devices with sec_level HIGH */ |
| 700 | if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && | 700 | if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) && |
| 701 | conn->sec_level != BT_SECURITY_HIGH) | 701 | conn->pending_sec_level != BT_SECURITY_HIGH) |
| 702 | return 0; | 702 | return 0; |
| 703 | 703 | ||
| 704 | return 1; | 704 | return 1; |
| @@ -1095,9 +1095,10 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s | |||
| 1095 | 1095 | ||
| 1096 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); | 1096 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); |
| 1097 | if (conn) { | 1097 | if (conn) { |
| 1098 | if (!ev->status) | 1098 | if (!ev->status) { |
| 1099 | conn->link_mode |= HCI_LM_AUTH; | 1099 | conn->link_mode |= HCI_LM_AUTH; |
| 1100 | else | 1100 | conn->sec_level = conn->pending_sec_level; |
| 1101 | } else | ||
| 1101 | conn->sec_level = BT_SECURITY_LOW; | 1102 | conn->sec_level = BT_SECURITY_LOW; |
| 1102 | 1103 | ||
| 1103 | clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); | 1104 | clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); |
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index c791fcda7b2d..7550abb0c96a 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
| @@ -305,33 +305,44 @@ static void l2cap_chan_del(struct sock *sk, int err) | |||
| 305 | } | 305 | } |
| 306 | } | 306 | } |
| 307 | 307 | ||
| 308 | /* Service level security */ | 308 | static inline u8 l2cap_get_auth_type(struct sock *sk) |
| 309 | static inline int l2cap_check_security(struct sock *sk) | ||
| 310 | { | 309 | { |
| 311 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | 310 | if (sk->sk_type == SOCK_RAW) { |
| 312 | __u8 auth_type; | 311 | switch (l2cap_pi(sk)->sec_level) { |
| 312 | case BT_SECURITY_HIGH: | ||
| 313 | return HCI_AT_DEDICATED_BONDING_MITM; | ||
| 314 | case BT_SECURITY_MEDIUM: | ||
| 315 | return HCI_AT_DEDICATED_BONDING; | ||
| 316 | default: | ||
| 317 | return HCI_AT_NO_BONDING; | ||
| 318 | } | ||
| 319 | } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { | ||
| 320 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) | ||
| 321 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; | ||
| 313 | 322 | ||
| 314 | if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { | ||
| 315 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) | 323 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) |
| 316 | auth_type = HCI_AT_NO_BONDING_MITM; | 324 | return HCI_AT_NO_BONDING_MITM; |
| 317 | else | 325 | else |
| 318 | auth_type = HCI_AT_NO_BONDING; | 326 | return HCI_AT_NO_BONDING; |
| 319 | |||
| 320 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) | ||
| 321 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; | ||
| 322 | } else { | 327 | } else { |
| 323 | switch (l2cap_pi(sk)->sec_level) { | 328 | switch (l2cap_pi(sk)->sec_level) { |
| 324 | case BT_SECURITY_HIGH: | 329 | case BT_SECURITY_HIGH: |
| 325 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | 330 | return HCI_AT_GENERAL_BONDING_MITM; |
| 326 | break; | ||
| 327 | case BT_SECURITY_MEDIUM: | 331 | case BT_SECURITY_MEDIUM: |
| 328 | auth_type = HCI_AT_GENERAL_BONDING; | 332 | return HCI_AT_GENERAL_BONDING; |
| 329 | break; | ||
| 330 | default: | 333 | default: |
| 331 | auth_type = HCI_AT_NO_BONDING; | 334 | return HCI_AT_NO_BONDING; |
| 332 | break; | ||
| 333 | } | 335 | } |
| 334 | } | 336 | } |
| 337 | } | ||
| 338 | |||
| 339 | /* Service level security */ | ||
| 340 | static inline int l2cap_check_security(struct sock *sk) | ||
| 341 | { | ||
| 342 | struct l2cap_conn *conn = l2cap_pi(sk)->conn; | ||
| 343 | __u8 auth_type; | ||
| 344 | |||
| 345 | auth_type = l2cap_get_auth_type(sk); | ||
| 335 | 346 | ||
| 336 | return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, | 347 | return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level, |
| 337 | auth_type); | 348 | auth_type); |
| @@ -1068,39 +1079,7 @@ static int l2cap_do_connect(struct sock *sk) | |||
| 1068 | 1079 | ||
| 1069 | err = -ENOMEM; | 1080 | err = -ENOMEM; |
| 1070 | 1081 | ||
| 1071 | if (sk->sk_type == SOCK_RAW) { | 1082 | auth_type = l2cap_get_auth_type(sk); |
| 1072 | switch (l2cap_pi(sk)->sec_level) { | ||
| 1073 | case BT_SECURITY_HIGH: | ||
| 1074 | auth_type = HCI_AT_DEDICATED_BONDING_MITM; | ||
| 1075 | break; | ||
| 1076 | case BT_SECURITY_MEDIUM: | ||
| 1077 | auth_type = HCI_AT_DEDICATED_BONDING; | ||
| 1078 | break; | ||
| 1079 | default: | ||
| 1080 | auth_type = HCI_AT_NO_BONDING; | ||
| 1081 | break; | ||
| 1082 | } | ||
| 1083 | } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) { | ||
| 1084 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH) | ||
| 1085 | auth_type = HCI_AT_NO_BONDING_MITM; | ||
| 1086 | else | ||
| 1087 | auth_type = HCI_AT_NO_BONDING; | ||
| 1088 | |||
| 1089 | if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW) | ||
| 1090 | l2cap_pi(sk)->sec_level = BT_SECURITY_SDP; | ||
| 1091 | } else { | ||
| 1092 | switch (l2cap_pi(sk)->sec_level) { | ||
| 1093 | case BT_SECURITY_HIGH: | ||
| 1094 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | ||
| 1095 | break; | ||
| 1096 | case BT_SECURITY_MEDIUM: | ||
| 1097 | auth_type = HCI_AT_GENERAL_BONDING; | ||
| 1098 | break; | ||
| 1099 | default: | ||
| 1100 | auth_type = HCI_AT_NO_BONDING; | ||
| 1101 | break; | ||
| 1102 | } | ||
| 1103 | } | ||
| 1104 | 1083 | ||
| 1105 | hcon = hci_connect(hdev, ACL_LINK, dst, | 1084 | hcon = hci_connect(hdev, ACL_LINK, dst, |
| 1106 | l2cap_pi(sk)->sec_level, auth_type); | 1085 | l2cap_pi(sk)->sec_level, auth_type); |
| @@ -1127,7 +1106,8 @@ static int l2cap_do_connect(struct sock *sk) | |||
| 1127 | if (sk->sk_type != SOCK_SEQPACKET && | 1106 | if (sk->sk_type != SOCK_SEQPACKET && |
| 1128 | sk->sk_type != SOCK_STREAM) { | 1107 | sk->sk_type != SOCK_STREAM) { |
| 1129 | l2cap_sock_clear_timer(sk); | 1108 | l2cap_sock_clear_timer(sk); |
| 1130 | sk->sk_state = BT_CONNECTED; | 1109 | if (l2cap_check_security(sk)) |
| 1110 | sk->sk_state = BT_CONNECTED; | ||
| 1131 | } else | 1111 | } else |
| 1132 | l2cap_do_start(sk); | 1112 | l2cap_do_start(sk); |
| 1133 | } | 1113 | } |
| @@ -1893,8 +1873,8 @@ static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct ms | |||
| 1893 | if (pi->mode == L2CAP_MODE_STREAMING) { | 1873 | if (pi->mode == L2CAP_MODE_STREAMING) { |
| 1894 | l2cap_streaming_send(sk); | 1874 | l2cap_streaming_send(sk); |
| 1895 | } else { | 1875 | } else { |
| 1896 | if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY && | 1876 | if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) && |
| 1897 | pi->conn_state && L2CAP_CONN_WAIT_F) { | 1877 | (pi->conn_state & L2CAP_CONN_WAIT_F)) { |
| 1898 | err = len; | 1878 | err = len; |
| 1899 | break; | 1879 | break; |
| 1900 | } | 1880 | } |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index ff8aaa736650..6b83776534fb 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
| @@ -1164,7 +1164,8 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) | |||
| 1164 | * initiator rfcomm_process_rx already calls | 1164 | * initiator rfcomm_process_rx already calls |
| 1165 | * rfcomm_session_put() */ | 1165 | * rfcomm_session_put() */ |
| 1166 | if (s->sock->sk->sk_state != BT_CLOSED) | 1166 | if (s->sock->sk->sk_state != BT_CLOSED) |
| 1167 | rfcomm_session_put(s); | 1167 | if (list_empty(&s->dlcs)) |
| 1168 | rfcomm_session_put(s); | ||
| 1168 | break; | 1169 | break; |
| 1169 | } | 1170 | } |
| 1170 | } | 1171 | } |
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 5950e3abead9..b64b42bc774b 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c | |||
| @@ -2230,6 +2230,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw, | |||
| 2230 | 2230 | ||
| 2231 | sdata = vif_to_sdata(vif); | 2231 | sdata = vif_to_sdata(vif); |
| 2232 | 2232 | ||
| 2233 | if (!ieee80211_sdata_running(sdata)) | ||
| 2234 | goto out; | ||
| 2235 | |||
| 2233 | if (tim_offset) | 2236 | if (tim_offset) |
| 2234 | *tim_offset = 0; | 2237 | *tim_offset = 0; |
| 2235 | if (tim_length) | 2238 | if (tim_length) |