aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/hci_event.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/hci_event.c')
-rw-r--r--net/bluetooth/hci_event.c163
1 files changed, 141 insertions, 22 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cb25628c0583..d5aa97ee6ffa 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -56,7 +56,9 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
56 if (status) 56 if (status)
57 return; 57 return;
58 58
59 clear_bit(HCI_INQUIRY, &hdev->flags); 59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
60 62
61 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status); 63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
62 64
@@ -72,7 +74,9 @@ static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 if (status) 74 if (status)
73 return; 75 return;
74 76
75 clear_bit(HCI_INQUIRY, &hdev->flags); 77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
76 80
77 hci_conn_check_pending(hdev); 81 hci_conn_check_pending(hdev);
78} 82}
@@ -841,10 +845,14 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
841 845
842 if (status) { 846 if (status) {
843 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
844
845 hci_conn_check_pending(hdev); 848 hci_conn_check_pending(hdev);
846 } else 849 return;
847 set_bit(HCI_INQUIRY, &hdev->flags); 850 }
851
852 if (test_bit(HCI_MGMT, &hdev->flags) &&
853 !test_and_set_bit(HCI_INQUIRY,
854 &hdev->flags))
855 mgmt_discovering(hdev->id, 1);
848} 856}
849 857
850static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) 858static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
@@ -1013,12 +1021,19 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1013 hci_dev_lock(hdev); 1021 hci_dev_lock(hdev);
1014 1022
1015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1016 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1024 if (!conn)
1025 goto unlock;
1026
1027 if (!hci_outgoing_auth_needed(hdev, conn))
1028 goto unlock;
1029
1030 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1017 struct hci_cp_auth_requested cp; 1031 struct hci_cp_auth_requested cp;
1018 cp.handle = __cpu_to_le16(conn->handle); 1032 cp.handle = __cpu_to_le16(conn->handle);
1019 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1033 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1020 } 1034 }
1021 1035
1036unlock:
1022 hci_dev_unlock(hdev); 1037 hci_dev_unlock(hdev);
1023} 1038}
1024 1039
@@ -1208,7 +1223,9 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
1208 1223
1209 BT_DBG("%s status %d", hdev->name, status); 1224 BT_DBG("%s status %d", hdev->name, status);
1210 1225
1211 clear_bit(HCI_INQUIRY, &hdev->flags); 1226 if (test_bit(HCI_MGMT, &hdev->flags) &&
1227 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1228 mgmt_discovering(hdev->id, 0);
1212 1229
1213 hci_req_complete(hdev, HCI_OP_INQUIRY, status); 1230 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1214 1231
@@ -1228,6 +1245,12 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
1228 1245
1229 hci_dev_lock(hdev); 1246 hci_dev_lock(hdev);
1230 1247
1248 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1249
1250 if (test_bit(HCI_MGMT, &hdev->flags))
1251 mgmt_discovering(hdev->id, 1);
1252 }
1253
1231 for (; num_rsp; num_rsp--, info++) { 1254 for (; num_rsp; num_rsp--, info++) {
1232 bacpy(&data.bdaddr, &info->bdaddr); 1255 bacpy(&data.bdaddr, &info->bdaddr);
1233 data.pscan_rep_mode = info->pscan_rep_mode; 1256 data.pscan_rep_mode = info->pscan_rep_mode;
@@ -1443,7 +1466,6 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
1443 conn->sec_level = conn->pending_sec_level; 1466 conn->sec_level = conn->pending_sec_level;
1444 } else { 1467 } else {
1445 mgmt_auth_failed(hdev->id, &conn->dst, ev->status); 1468 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1446 conn->sec_level = BT_SECURITY_LOW;
1447 } 1469 }
1448 1470
1449 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend); 1471 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
@@ -1501,12 +1523,19 @@ static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb
1501 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name); 1523 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1502 1524
1503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 1525 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1504 if (conn && hci_outgoing_auth_needed(hdev, conn)) { 1526 if (!conn)
1527 goto unlock;
1528
1529 if (!hci_outgoing_auth_needed(hdev, conn))
1530 goto unlock;
1531
1532 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1505 struct hci_cp_auth_requested cp; 1533 struct hci_cp_auth_requested cp;
1506 cp.handle = __cpu_to_le16(conn->handle); 1534 cp.handle = __cpu_to_le16(conn->handle);
1507 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp); 1535 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1508 } 1536 }
1509 1537
1538unlock:
1510 hci_dev_unlock(hdev); 1539 hci_dev_unlock(hdev);
1511} 1540}
1512 1541
@@ -2006,9 +2035,16 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
2006 if (!test_bit(HCI_PAIRABLE, &hdev->flags)) 2035 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2007 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, 2036 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2008 sizeof(ev->bdaddr), &ev->bdaddr); 2037 sizeof(ev->bdaddr), &ev->bdaddr);
2038 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2039 u8 secure;
2009 2040
2010 if (test_bit(HCI_MGMT, &hdev->flags)) 2041 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2011 mgmt_pin_code_request(hdev->id, &ev->bdaddr); 2042 secure = 1;
2043 else
2044 secure = 0;
2045
2046 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2047 }
2012 2048
2013 hci_dev_unlock(hdev); 2049 hci_dev_unlock(hdev);
2014} 2050}
@@ -2037,17 +2073,30 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
2037 BT_DBG("%s found key type %u for %s", hdev->name, key->type, 2073 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2038 batostr(&ev->bdaddr)); 2074 batostr(&ev->bdaddr));
2039 2075
2040 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) && key->type == 0x03) { 2076 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2077 key->type == HCI_LK_DEBUG_COMBINATION) {
2041 BT_DBG("%s ignoring debug key", hdev->name); 2078 BT_DBG("%s ignoring debug key", hdev->name);
2042 goto not_found; 2079 goto not_found;
2043 } 2080 }
2044 2081
2045 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); 2082 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2083 if (conn) {
2084 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2085 conn->auth_type != 0xff &&
2086 (conn->auth_type & 0x01)) {
2087 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2088 goto not_found;
2089 }
2046 2090
2047 if (key->type == 0x04 && conn && conn->auth_type != 0xff && 2091 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2048 (conn->auth_type & 0x01)) { 2092 conn->pending_sec_level == BT_SECURITY_HIGH) {
2049 BT_DBG("%s ignoring unauthenticated key", hdev->name); 2093 BT_DBG("%s ignoring key unauthenticated for high \
2050 goto not_found; 2094 security", hdev->name);
2095 goto not_found;
2096 }
2097
2098 conn->key_type = key->type;
2099 conn->pin_length = key->pin_len;
2051 } 2100 }
2052 2101
2053 bacpy(&cp.bdaddr, &ev->bdaddr); 2102 bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -2079,11 +2128,15 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
2079 hci_conn_hold(conn); 2128 hci_conn_hold(conn);
2080 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 2129 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2081 pin_len = conn->pin_length; 2130 pin_len = conn->pin_length;
2131
2132 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2133 conn->key_type = ev->key_type;
2134
2082 hci_conn_put(conn); 2135 hci_conn_put(conn);
2083 } 2136 }
2084 2137
2085 if (test_bit(HCI_LINK_KEYS, &hdev->flags)) 2138 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2086 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key, 2139 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2087 ev->key_type, pin_len); 2140 ev->key_type, pin_len);
2088 2141
2089 hci_dev_unlock(hdev); 2142 hci_dev_unlock(hdev);
@@ -2158,6 +2211,12 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
2158 2211
2159 hci_dev_lock(hdev); 2212 hci_dev_lock(hdev);
2160 2213
2214 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2215
2216 if (test_bit(HCI_MGMT, &hdev->flags))
2217 mgmt_discovering(hdev->id, 1);
2218 }
2219
2161 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) { 2220 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2162 struct inquiry_info_with_rssi_and_pscan_mode *info; 2221 struct inquiry_info_with_rssi_and_pscan_mode *info;
2163 info = (void *) (skb->data + 1); 2222 info = (void *) (skb->data + 1);
@@ -2320,6 +2379,12 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
2320 if (!num_rsp) 2379 if (!num_rsp)
2321 return; 2380 return;
2322 2381
2382 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2383
2384 if (test_bit(HCI_MGMT, &hdev->flags))
2385 mgmt_discovering(hdev->id, 1);
2386 }
2387
2323 hci_dev_lock(hdev); 2388 hci_dev_lock(hdev);
2324 2389
2325 for (; num_rsp; num_rsp--, info++) { 2390 for (; num_rsp; num_rsp--, info++) {
@@ -2353,7 +2418,7 @@ static inline u8 hci_get_auth_req(struct hci_conn *conn)
2353 2418
2354 /* If remote requests no-bonding follow that lead */ 2419 /* If remote requests no-bonding follow that lead */
2355 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01) 2420 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2356 return 0x00; 2421 return conn->remote_auth | (conn->auth_type & 0x01);
2357 2422
2358 return conn->auth_type; 2423 return conn->auth_type;
2359} 2424}
@@ -2382,7 +2447,8 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
2382 2447
2383 bacpy(&cp.bdaddr, &ev->bdaddr); 2448 bacpy(&cp.bdaddr, &ev->bdaddr);
2384 cp.capability = conn->io_capability; 2449 cp.capability = conn->io_capability;
2385 cp.authentication = hci_get_auth_req(conn); 2450 conn->auth_type = hci_get_auth_req(conn);
2451 cp.authentication = conn->auth_type;
2386 2452
2387 if ((conn->out == 0x01 || conn->remote_oob == 0x01) && 2453 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2388 hci_find_remote_oob_data(hdev, &conn->dst)) 2454 hci_find_remote_oob_data(hdev, &conn->dst))
@@ -2396,7 +2462,7 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
2396 struct hci_cp_io_capability_neg_reply cp; 2462 struct hci_cp_io_capability_neg_reply cp;
2397 2463
2398 bacpy(&cp.bdaddr, &ev->bdaddr); 2464 bacpy(&cp.bdaddr, &ev->bdaddr);
2399 cp.reason = 0x16; /* Pairing not allowed */ 2465 cp.reason = 0x18; /* Pairing not allowed */
2400 2466
2401 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY, 2467 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2402 sizeof(cp), &cp); 2468 sizeof(cp), &cp);
@@ -2431,14 +2497,67 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2431 struct sk_buff *skb) 2497 struct sk_buff *skb)
2432{ 2498{
2433 struct hci_ev_user_confirm_req *ev = (void *) skb->data; 2499 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2500 int loc_mitm, rem_mitm, confirm_hint = 0;
2501 struct hci_conn *conn;
2434 2502
2435 BT_DBG("%s", hdev->name); 2503 BT_DBG("%s", hdev->name);
2436 2504
2437 hci_dev_lock(hdev); 2505 hci_dev_lock(hdev);
2438 2506
2439 if (test_bit(HCI_MGMT, &hdev->flags)) 2507 if (!test_bit(HCI_MGMT, &hdev->flags))
2440 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey); 2508 goto unlock;
2509
2510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2511 if (!conn)
2512 goto unlock;
2513
2514 loc_mitm = (conn->auth_type & 0x01);
2515 rem_mitm = (conn->remote_auth & 0x01);
2516
2517 /* If we require MITM but the remote device can't provide that
2518 * (it has NoInputNoOutput) then reject the confirmation
2519 * request. The only exception is when we're dedicated bonding
2520 * initiators (connect_cfm_cb set) since then we always have the MITM
2521 * bit set. */
2522 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2523 BT_DBG("Rejecting request: remote device can't provide MITM");
2524 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2525 sizeof(ev->bdaddr), &ev->bdaddr);
2526 goto unlock;
2527 }
2528
2529 /* If no side requires MITM protection; auto-accept */
2530 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2531 (!rem_mitm || conn->io_capability == 0x03)) {
2441 2532
2533 /* If we're not the initiators request authorization to
2534 * proceed from user space (mgmt_user_confirm with
2535 * confirm_hint set to 1). */
2536 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2537 BT_DBG("Confirming auto-accept as acceptor");
2538 confirm_hint = 1;
2539 goto confirm;
2540 }
2541
2542 BT_DBG("Auto-accept of user confirmation with %ums delay",
2543 hdev->auto_accept_delay);
2544
2545 if (hdev->auto_accept_delay > 0) {
2546 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2547 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2548 goto unlock;
2549 }
2550
2551 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2552 sizeof(ev->bdaddr), &ev->bdaddr);
2553 goto unlock;
2554 }
2555
2556confirm:
2557 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2558 confirm_hint);
2559
2560unlock:
2442 hci_dev_unlock(hdev); 2561 hci_dev_unlock(hdev);
2443} 2562}
2444 2563
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-04 22:15:45 -0500