diff options
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/a2mp.c | 8 | ||||
-rw-r--r-- | net/bluetooth/af_bluetooth.c | 2 | ||||
-rw-r--r-- | net/bluetooth/hci_conn.c | 206 | ||||
-rw-r--r-- | net/bluetooth/hci_core.c | 1193 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 478 | ||||
-rw-r--r-- | net/bluetooth/hci_sock.c | 1 | ||||
-rw-r--r-- | net/bluetooth/hci_sysfs.c | 18 | ||||
-rw-r--r-- | net/bluetooth/l2cap_core.c | 616 | ||||
-rw-r--r-- | net/bluetooth/l2cap_sock.c | 62 | ||||
-rw-r--r-- | net/bluetooth/mgmt.c | 913 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 92 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/sock.c | 33 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/tty.c | 262 | ||||
-rw-r--r-- | net/bluetooth/smp.c | 418 | ||||
-rw-r--r-- | net/bluetooth/smp.h | 22 |
15 files changed, 3419 insertions, 905 deletions
diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c index efcd108822c4..f986b9968bdb 100644 --- a/net/bluetooth/a2mp.c +++ b/net/bluetooth/a2mp.c | |||
@@ -235,7 +235,7 @@ static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb, | |||
235 | BT_DBG("chan %p state %s", chan, | 235 | BT_DBG("chan %p state %s", chan, |
236 | state_to_string(chan->state)); | 236 | state_to_string(chan->state)); |
237 | 237 | ||
238 | if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) | 238 | if (chan->scid == L2CAP_CID_A2MP) |
239 | continue; | 239 | continue; |
240 | 240 | ||
241 | l2cap_chan_lock(chan); | 241 | l2cap_chan_lock(chan); |
@@ -726,7 +726,11 @@ static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked) | |||
726 | 726 | ||
727 | BT_DBG("chan %p", chan); | 727 | BT_DBG("chan %p", chan); |
728 | 728 | ||
729 | chan->chan_type = L2CAP_CHAN_CONN_FIX_A2MP; | 729 | chan->chan_type = L2CAP_CHAN_FIXED; |
730 | chan->scid = L2CAP_CID_A2MP; | ||
731 | chan->dcid = L2CAP_CID_A2MP; | ||
732 | chan->omtu = L2CAP_A2MP_DEFAULT_MTU; | ||
733 | chan->imtu = L2CAP_A2MP_DEFAULT_MTU; | ||
730 | chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; | 734 | chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; |
731 | 735 | ||
732 | chan->ops = &a2mp_chan_ops; | 736 | chan->ops = &a2mp_chan_ops; |
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 0c5866bb49b6..2021c481cdb6 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c | |||
@@ -31,7 +31,7 @@ | |||
31 | #include <net/bluetooth/bluetooth.h> | 31 | #include <net/bluetooth/bluetooth.h> |
32 | #include <linux/proc_fs.h> | 32 | #include <linux/proc_fs.h> |
33 | 33 | ||
34 | #define VERSION "2.18" | 34 | #define VERSION "2.19" |
35 | 35 | ||
36 | /* Bluetooth sockets */ | 36 | /* Bluetooth sockets */ |
37 | #define BT_MAX_PROTO 8 | 37 | #define BT_MAX_PROTO 8 |
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index ba5366c320da..7c713c4675ba 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -225,13 +225,13 @@ void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, | |||
225 | cp.conn_interval_max = cpu_to_le16(max); | 225 | cp.conn_interval_max = cpu_to_le16(max); |
226 | cp.conn_latency = cpu_to_le16(latency); | 226 | cp.conn_latency = cpu_to_le16(latency); |
227 | cp.supervision_timeout = cpu_to_le16(to_multiplier); | 227 | cp.supervision_timeout = cpu_to_le16(to_multiplier); |
228 | cp.min_ce_len = __constant_cpu_to_le16(0x0001); | 228 | cp.min_ce_len = __constant_cpu_to_le16(0x0000); |
229 | cp.max_ce_len = __constant_cpu_to_le16(0x0001); | 229 | cp.max_ce_len = __constant_cpu_to_le16(0x0000); |
230 | 230 | ||
231 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); | 231 | hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp); |
232 | } | 232 | } |
233 | 233 | ||
234 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], | 234 | void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand, |
235 | __u8 ltk[16]) | 235 | __u8 ltk[16]) |
236 | { | 236 | { |
237 | struct hci_dev *hdev = conn->hdev; | 237 | struct hci_dev *hdev = conn->hdev; |
@@ -242,9 +242,9 @@ void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], | |||
242 | memset(&cp, 0, sizeof(cp)); | 242 | memset(&cp, 0, sizeof(cp)); |
243 | 243 | ||
244 | cp.handle = cpu_to_le16(conn->handle); | 244 | cp.handle = cpu_to_le16(conn->handle); |
245 | memcpy(cp.ltk, ltk, sizeof(cp.ltk)); | 245 | cp.rand = rand; |
246 | cp.ediv = ediv; | 246 | cp.ediv = ediv; |
247 | memcpy(cp.rand, rand, sizeof(cp.rand)); | 247 | memcpy(cp.ltk, ltk, sizeof(cp.ltk)); |
248 | 248 | ||
249 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); | 249 | hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); |
250 | } | 250 | } |
@@ -363,6 +363,16 @@ static void hci_conn_auto_accept(struct work_struct *work) | |||
363 | &conn->dst); | 363 | &conn->dst); |
364 | } | 364 | } |
365 | 365 | ||
366 | static void le_conn_timeout(struct work_struct *work) | ||
367 | { | ||
368 | struct hci_conn *conn = container_of(work, struct hci_conn, | ||
369 | le_conn_timeout.work); | ||
370 | |||
371 | BT_DBG(""); | ||
372 | |||
373 | hci_le_create_connection_cancel(conn); | ||
374 | } | ||
375 | |||
366 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) | 376 | struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) |
367 | { | 377 | { |
368 | struct hci_conn *conn; | 378 | struct hci_conn *conn; |
@@ -410,6 +420,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst) | |||
410 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); | 420 | INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout); |
411 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); | 421 | INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept); |
412 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); | 422 | INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle); |
423 | INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout); | ||
413 | 424 | ||
414 | atomic_set(&conn->refcnt, 0); | 425 | atomic_set(&conn->refcnt, 0); |
415 | 426 | ||
@@ -442,6 +453,8 @@ int hci_conn_del(struct hci_conn *conn) | |||
442 | /* Unacked frames */ | 453 | /* Unacked frames */ |
443 | hdev->acl_cnt += conn->sent; | 454 | hdev->acl_cnt += conn->sent; |
444 | } else if (conn->type == LE_LINK) { | 455 | } else if (conn->type == LE_LINK) { |
456 | cancel_delayed_work_sync(&conn->le_conn_timeout); | ||
457 | |||
445 | if (hdev->le_pkts) | 458 | if (hdev->le_pkts) |
446 | hdev->le_cnt += conn->sent; | 459 | hdev->le_cnt += conn->sent; |
447 | else | 460 | else |
@@ -514,6 +527,26 @@ struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src) | |||
514 | } | 527 | } |
515 | EXPORT_SYMBOL(hci_get_route); | 528 | EXPORT_SYMBOL(hci_get_route); |
516 | 529 | ||
530 | /* This function requires the caller holds hdev->lock */ | ||
531 | void hci_le_conn_failed(struct hci_conn *conn, u8 status) | ||
532 | { | ||
533 | struct hci_dev *hdev = conn->hdev; | ||
534 | |||
535 | conn->state = BT_CLOSED; | ||
536 | |||
537 | mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type, | ||
538 | status); | ||
539 | |||
540 | hci_proto_connect_cfm(conn, status); | ||
541 | |||
542 | hci_conn_del(conn); | ||
543 | |||
544 | /* Since we may have temporarily stopped the background scanning in | ||
545 | * favor of connection establishment, we should restart it. | ||
546 | */ | ||
547 | hci_update_background_scan(hdev); | ||
548 | } | ||
549 | |||
517 | static void create_le_conn_complete(struct hci_dev *hdev, u8 status) | 550 | static void create_le_conn_complete(struct hci_dev *hdev, u8 status) |
518 | { | 551 | { |
519 | struct hci_conn *conn; | 552 | struct hci_conn *conn; |
@@ -530,55 +563,55 @@ static void create_le_conn_complete(struct hci_dev *hdev, u8 status) | |||
530 | if (!conn) | 563 | if (!conn) |
531 | goto done; | 564 | goto done; |
532 | 565 | ||
533 | conn->state = BT_CLOSED; | 566 | hci_le_conn_failed(conn, status); |
534 | |||
535 | mgmt_connect_failed(hdev, &conn->dst, conn->type, conn->dst_type, | ||
536 | status); | ||
537 | |||
538 | hci_proto_connect_cfm(conn, status); | ||
539 | |||
540 | hci_conn_del(conn); | ||
541 | 567 | ||
542 | done: | 568 | done: |
543 | hci_dev_unlock(hdev); | 569 | hci_dev_unlock(hdev); |
544 | } | 570 | } |
545 | 571 | ||
546 | static int hci_create_le_conn(struct hci_conn *conn) | 572 | static void hci_req_add_le_create_conn(struct hci_request *req, |
573 | struct hci_conn *conn) | ||
547 | { | 574 | { |
548 | struct hci_dev *hdev = conn->hdev; | ||
549 | struct hci_cp_le_create_conn cp; | 575 | struct hci_cp_le_create_conn cp; |
550 | struct hci_request req; | 576 | struct hci_dev *hdev = conn->hdev; |
551 | int err; | 577 | u8 own_addr_type; |
552 | |||
553 | hci_req_init(&req, hdev); | ||
554 | 578 | ||
555 | memset(&cp, 0, sizeof(cp)); | 579 | memset(&cp, 0, sizeof(cp)); |
580 | |||
581 | /* Update random address, but set require_privacy to false so | ||
582 | * that we never connect with an unresolvable address. | ||
583 | */ | ||
584 | if (hci_update_random_address(req, false, &own_addr_type)) | ||
585 | return; | ||
586 | |||
587 | /* Save the address type used for this connnection attempt so we able | ||
588 | * to retrieve this information if we need it. | ||
589 | */ | ||
590 | conn->src_type = own_addr_type; | ||
591 | |||
556 | cp.scan_interval = cpu_to_le16(hdev->le_scan_interval); | 592 | cp.scan_interval = cpu_to_le16(hdev->le_scan_interval); |
557 | cp.scan_window = cpu_to_le16(hdev->le_scan_window); | 593 | cp.scan_window = cpu_to_le16(hdev->le_scan_window); |
558 | bacpy(&cp.peer_addr, &conn->dst); | 594 | bacpy(&cp.peer_addr, &conn->dst); |
559 | cp.peer_addr_type = conn->dst_type; | 595 | cp.peer_addr_type = conn->dst_type; |
560 | cp.own_address_type = conn->src_type; | 596 | cp.own_address_type = own_addr_type; |
561 | cp.conn_interval_min = cpu_to_le16(hdev->le_conn_min_interval); | 597 | cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval); |
562 | cp.conn_interval_max = cpu_to_le16(hdev->le_conn_max_interval); | 598 | cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval); |
563 | cp.supervision_timeout = __constant_cpu_to_le16(0x002a); | 599 | cp.supervision_timeout = __constant_cpu_to_le16(0x002a); |
564 | cp.min_ce_len = __constant_cpu_to_le16(0x0000); | 600 | cp.min_ce_len = __constant_cpu_to_le16(0x0000); |
565 | cp.max_ce_len = __constant_cpu_to_le16(0x0000); | 601 | cp.max_ce_len = __constant_cpu_to_le16(0x0000); |
566 | 602 | ||
567 | hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); | 603 | hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); |
568 | |||
569 | err = hci_req_run(&req, create_le_conn_complete); | ||
570 | if (err) { | ||
571 | hci_conn_del(conn); | ||
572 | return err; | ||
573 | } | ||
574 | 604 | ||
575 | return 0; | 605 | conn->state = BT_CONNECT; |
576 | } | 606 | } |
577 | 607 | ||
578 | static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, | 608 | struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, |
579 | u8 dst_type, u8 sec_level, u8 auth_type) | 609 | u8 dst_type, u8 sec_level, u8 auth_type) |
580 | { | 610 | { |
611 | struct hci_conn_params *params; | ||
581 | struct hci_conn *conn; | 612 | struct hci_conn *conn; |
613 | struct smp_irk *irk; | ||
614 | struct hci_request req; | ||
582 | int err; | 615 | int err; |
583 | 616 | ||
584 | if (test_bit(HCI_ADVERTISING, &hdev->flags)) | 617 | if (test_bit(HCI_ADVERTISING, &hdev->flags)) |
@@ -607,35 +640,74 @@ static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, | |||
607 | if (conn) | 640 | if (conn) |
608 | return ERR_PTR(-EBUSY); | 641 | return ERR_PTR(-EBUSY); |
609 | 642 | ||
643 | /* When given an identity address with existing identity | ||
644 | * resolving key, the connection needs to be established | ||
645 | * to a resolvable random address. | ||
646 | * | ||
647 | * This uses the cached random resolvable address from | ||
648 | * a previous scan. When no cached address is available, | ||
649 | * try connecting to the identity address instead. | ||
650 | * | ||
651 | * Storing the resolvable random address is required here | ||
652 | * to handle connection failures. The address will later | ||
653 | * be resolved back into the original identity address | ||
654 | * from the connect request. | ||
655 | */ | ||
656 | irk = hci_find_irk_by_addr(hdev, dst, dst_type); | ||
657 | if (irk && bacmp(&irk->rpa, BDADDR_ANY)) { | ||
658 | dst = &irk->rpa; | ||
659 | dst_type = ADDR_LE_DEV_RANDOM; | ||
660 | } | ||
661 | |||
610 | conn = hci_conn_add(hdev, LE_LINK, dst); | 662 | conn = hci_conn_add(hdev, LE_LINK, dst); |
611 | if (!conn) | 663 | if (!conn) |
612 | return ERR_PTR(-ENOMEM); | 664 | return ERR_PTR(-ENOMEM); |
613 | 665 | ||
614 | if (dst_type == BDADDR_LE_PUBLIC) | 666 | conn->dst_type = dst_type; |
615 | conn->dst_type = ADDR_LE_DEV_PUBLIC; | ||
616 | else | ||
617 | conn->dst_type = ADDR_LE_DEV_RANDOM; | ||
618 | |||
619 | conn->src_type = hdev->own_addr_type; | ||
620 | 667 | ||
621 | conn->state = BT_CONNECT; | ||
622 | conn->out = true; | 668 | conn->out = true; |
623 | conn->link_mode |= HCI_LM_MASTER; | 669 | conn->link_mode |= HCI_LM_MASTER; |
624 | conn->sec_level = BT_SECURITY_LOW; | 670 | conn->sec_level = BT_SECURITY_LOW; |
625 | conn->pending_sec_level = sec_level; | 671 | conn->pending_sec_level = sec_level; |
626 | conn->auth_type = auth_type; | 672 | conn->auth_type = auth_type; |
627 | 673 | ||
628 | err = hci_create_le_conn(conn); | 674 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); |
629 | if (err) | 675 | if (params) { |
676 | conn->le_conn_min_interval = params->conn_min_interval; | ||
677 | conn->le_conn_max_interval = params->conn_max_interval; | ||
678 | } else { | ||
679 | conn->le_conn_min_interval = hdev->le_conn_min_interval; | ||
680 | conn->le_conn_max_interval = hdev->le_conn_max_interval; | ||
681 | } | ||
682 | |||
683 | hci_req_init(&req, hdev); | ||
684 | |||
685 | /* If controller is scanning, we stop it since some controllers are | ||
686 | * not able to scan and connect at the same time. Also set the | ||
687 | * HCI_LE_SCAN_INTERRUPTED flag so that the command complete | ||
688 | * handler for scan disabling knows to set the correct discovery | ||
689 | * state. | ||
690 | */ | ||
691 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) { | ||
692 | hci_req_add_le_scan_disable(&req); | ||
693 | set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags); | ||
694 | } | ||
695 | |||
696 | hci_req_add_le_create_conn(&req, conn); | ||
697 | |||
698 | err = hci_req_run(&req, create_le_conn_complete); | ||
699 | if (err) { | ||
700 | hci_conn_del(conn); | ||
630 | return ERR_PTR(err); | 701 | return ERR_PTR(err); |
702 | } | ||
631 | 703 | ||
632 | done: | 704 | done: |
633 | hci_conn_hold(conn); | 705 | hci_conn_hold(conn); |
634 | return conn; | 706 | return conn; |
635 | } | 707 | } |
636 | 708 | ||
637 | static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, | 709 | struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, |
638 | u8 sec_level, u8 auth_type) | 710 | u8 sec_level, u8 auth_type) |
639 | { | 711 | { |
640 | struct hci_conn *acl; | 712 | struct hci_conn *acl; |
641 | 713 | ||
@@ -704,22 +776,6 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, | |||
704 | return sco; | 776 | return sco; |
705 | } | 777 | } |
706 | 778 | ||
707 | /* Create SCO, ACL or LE connection. */ | ||
708 | struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, | ||
709 | __u8 dst_type, __u8 sec_level, __u8 auth_type) | ||
710 | { | ||
711 | BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type); | ||
712 | |||
713 | switch (type) { | ||
714 | case LE_LINK: | ||
715 | return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type); | ||
716 | case ACL_LINK: | ||
717 | return hci_connect_acl(hdev, dst, sec_level, auth_type); | ||
718 | } | ||
719 | |||
720 | return ERR_PTR(-EINVAL); | ||
721 | } | ||
722 | |||
723 | /* Check link security requirement */ | 779 | /* Check link security requirement */ |
724 | int hci_conn_check_link_mode(struct hci_conn *conn) | 780 | int hci_conn_check_link_mode(struct hci_conn *conn) |
725 | { | 781 | { |
@@ -800,14 +856,23 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) | |||
800 | if (!(conn->link_mode & HCI_LM_AUTH)) | 856 | if (!(conn->link_mode & HCI_LM_AUTH)) |
801 | goto auth; | 857 | goto auth; |
802 | 858 | ||
803 | /* An authenticated combination key has sufficient security for any | 859 | /* An authenticated FIPS approved combination key has sufficient |
804 | security level. */ | 860 | * security for security level 4. */ |
805 | if (conn->key_type == HCI_LK_AUTH_COMBINATION) | 861 | if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 && |
862 | sec_level == BT_SECURITY_FIPS) | ||
863 | goto encrypt; | ||
864 | |||
865 | /* An authenticated combination key has sufficient security for | ||
866 | security level 3. */ | ||
867 | if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 || | ||
868 | conn->key_type == HCI_LK_AUTH_COMBINATION_P256) && | ||
869 | sec_level == BT_SECURITY_HIGH) | ||
806 | goto encrypt; | 870 | goto encrypt; |
807 | 871 | ||
808 | /* An unauthenticated combination key has sufficient security for | 872 | /* An unauthenticated combination key has sufficient security for |
809 | security level 1 and 2. */ | 873 | security level 1 and 2. */ |
810 | if (conn->key_type == HCI_LK_UNAUTH_COMBINATION && | 874 | if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 || |
875 | conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) && | ||
811 | (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW)) | 876 | (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW)) |
812 | goto encrypt; | 877 | goto encrypt; |
813 | 878 | ||
@@ -816,7 +881,8 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type) | |||
816 | is generated using maximum PIN code length (16). | 881 | is generated using maximum PIN code length (16). |
817 | For pre 2.1 units. */ | 882 | For pre 2.1 units. */ |
818 | if (conn->key_type == HCI_LK_COMBINATION && | 883 | if (conn->key_type == HCI_LK_COMBINATION && |
819 | (sec_level != BT_SECURITY_HIGH || conn->pin_length == 16)) | 884 | (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW || |
885 | conn->pin_length == 16)) | ||
820 | goto encrypt; | 886 | goto encrypt; |
821 | 887 | ||
822 | auth: | 888 | auth: |
@@ -840,13 +906,17 @@ int hci_conn_check_secure(struct hci_conn *conn, __u8 sec_level) | |||
840 | { | 906 | { |
841 | BT_DBG("hcon %p", conn); | 907 | BT_DBG("hcon %p", conn); |
842 | 908 | ||
843 | if (sec_level != BT_SECURITY_HIGH) | 909 | /* Accept if non-secure or higher security level is required */ |
844 | return 1; /* Accept if non-secure is required */ | 910 | if (sec_level != BT_SECURITY_HIGH && sec_level != BT_SECURITY_FIPS) |
911 | return 1; | ||
845 | 912 | ||
846 | if (conn->sec_level == BT_SECURITY_HIGH) | 913 | /* Accept if secure or higher security level is already present */ |
914 | if (conn->sec_level == BT_SECURITY_HIGH || | ||
915 | conn->sec_level == BT_SECURITY_FIPS) | ||
847 | return 1; | 916 | return 1; |
848 | 917 | ||
849 | return 0; /* Reject not secure link */ | 918 | /* Reject not secure link */ |
919 | return 0; | ||
850 | } | 920 | } |
851 | EXPORT_SYMBOL(hci_conn_check_secure); | 921 | EXPORT_SYMBOL(hci_conn_check_secure); |
852 | 922 | ||
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 5e8663c194c1..8bbfdea9cbec 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -29,11 +29,14 @@ | |||
29 | #include <linux/idr.h> | 29 | #include <linux/idr.h> |
30 | #include <linux/rfkill.h> | 30 | #include <linux/rfkill.h> |
31 | #include <linux/debugfs.h> | 31 | #include <linux/debugfs.h> |
32 | #include <linux/crypto.h> | ||
32 | #include <asm/unaligned.h> | 33 | #include <asm/unaligned.h> |
33 | 34 | ||
34 | #include <net/bluetooth/bluetooth.h> | 35 | #include <net/bluetooth/bluetooth.h> |
35 | #include <net/bluetooth/hci_core.h> | 36 | #include <net/bluetooth/hci_core.h> |
36 | 37 | ||
38 | #include "smp.h" | ||
39 | |||
37 | static void hci_rx_work(struct work_struct *work); | 40 | static void hci_rx_work(struct work_struct *work); |
38 | static void hci_cmd_work(struct work_struct *work); | 41 | static void hci_cmd_work(struct work_struct *work); |
39 | static void hci_tx_work(struct work_struct *work); | 42 | static void hci_tx_work(struct work_struct *work); |
@@ -285,24 +288,6 @@ static const struct file_operations link_keys_fops = { | |||
285 | .release = single_release, | 288 | .release = single_release, |
286 | }; | 289 | }; |
287 | 290 | ||
288 | static ssize_t use_debug_keys_read(struct file *file, char __user *user_buf, | ||
289 | size_t count, loff_t *ppos) | ||
290 | { | ||
291 | struct hci_dev *hdev = file->private_data; | ||
292 | char buf[3]; | ||
293 | |||
294 | buf[0] = test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) ? 'Y': 'N'; | ||
295 | buf[1] = '\n'; | ||
296 | buf[2] = '\0'; | ||
297 | return simple_read_from_buffer(user_buf, count, ppos, buf, 2); | ||
298 | } | ||
299 | |||
300 | static const struct file_operations use_debug_keys_fops = { | ||
301 | .open = simple_open, | ||
302 | .read = use_debug_keys_read, | ||
303 | .llseek = default_llseek, | ||
304 | }; | ||
305 | |||
306 | static int dev_class_show(struct seq_file *f, void *ptr) | 291 | static int dev_class_show(struct seq_file *f, void *ptr) |
307 | { | 292 | { |
308 | struct hci_dev *hdev = f->private; | 293 | struct hci_dev *hdev = f->private; |
@@ -415,6 +400,70 @@ static int ssp_debug_mode_get(void *data, u64 *val) | |||
415 | DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get, | 400 | DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get, |
416 | ssp_debug_mode_set, "%llu\n"); | 401 | ssp_debug_mode_set, "%llu\n"); |
417 | 402 | ||
403 | static ssize_t force_sc_support_read(struct file *file, char __user *user_buf, | ||
404 | size_t count, loff_t *ppos) | ||
405 | { | ||
406 | struct hci_dev *hdev = file->private_data; | ||
407 | char buf[3]; | ||
408 | |||
409 | buf[0] = test_bit(HCI_FORCE_SC, &hdev->dev_flags) ? 'Y': 'N'; | ||
410 | buf[1] = '\n'; | ||
411 | buf[2] = '\0'; | ||
412 | return simple_read_from_buffer(user_buf, count, ppos, buf, 2); | ||
413 | } | ||
414 | |||
415 | static ssize_t force_sc_support_write(struct file *file, | ||
416 | const char __user *user_buf, | ||
417 | size_t count, loff_t *ppos) | ||
418 | { | ||
419 | struct hci_dev *hdev = file->private_data; | ||
420 | char buf[32]; | ||
421 | size_t buf_size = min(count, (sizeof(buf)-1)); | ||
422 | bool enable; | ||
423 | |||
424 | if (test_bit(HCI_UP, &hdev->flags)) | ||
425 | return -EBUSY; | ||
426 | |||
427 | if (copy_from_user(buf, user_buf, buf_size)) | ||
428 | return -EFAULT; | ||
429 | |||
430 | buf[buf_size] = '\0'; | ||
431 | if (strtobool(buf, &enable)) | ||
432 | return -EINVAL; | ||
433 | |||
434 | if (enable == test_bit(HCI_FORCE_SC, &hdev->dev_flags)) | ||
435 | return -EALREADY; | ||
436 | |||
437 | change_bit(HCI_FORCE_SC, &hdev->dev_flags); | ||
438 | |||
439 | return count; | ||
440 | } | ||
441 | |||
442 | static const struct file_operations force_sc_support_fops = { | ||
443 | .open = simple_open, | ||
444 | .read = force_sc_support_read, | ||
445 | .write = force_sc_support_write, | ||
446 | .llseek = default_llseek, | ||
447 | }; | ||
448 | |||
449 | static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf, | ||
450 | size_t count, loff_t *ppos) | ||
451 | { | ||
452 | struct hci_dev *hdev = file->private_data; | ||
453 | char buf[3]; | ||
454 | |||
455 | buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N'; | ||
456 | buf[1] = '\n'; | ||
457 | buf[2] = '\0'; | ||
458 | return simple_read_from_buffer(user_buf, count, ppos, buf, 2); | ||
459 | } | ||
460 | |||
461 | static const struct file_operations sc_only_mode_fops = { | ||
462 | .open = simple_open, | ||
463 | .read = sc_only_mode_read, | ||
464 | .llseek = default_llseek, | ||
465 | }; | ||
466 | |||
418 | static int idle_timeout_set(void *data, u64 val) | 467 | static int idle_timeout_set(void *data, u64 val) |
419 | { | 468 | { |
420 | struct hci_dev *hdev = data; | 469 | struct hci_dev *hdev = data; |
@@ -443,6 +492,37 @@ static int idle_timeout_get(void *data, u64 *val) | |||
443 | DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get, | 492 | DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get, |
444 | idle_timeout_set, "%llu\n"); | 493 | idle_timeout_set, "%llu\n"); |
445 | 494 | ||
495 | static int rpa_timeout_set(void *data, u64 val) | ||
496 | { | ||
497 | struct hci_dev *hdev = data; | ||
498 | |||
499 | /* Require the RPA timeout to be at least 30 seconds and at most | ||
500 | * 24 hours. | ||
501 | */ | ||
502 | if (val < 30 || val > (60 * 60 * 24)) | ||
503 | return -EINVAL; | ||
504 | |||
505 | hci_dev_lock(hdev); | ||
506 | hdev->rpa_timeout = val; | ||
507 | hci_dev_unlock(hdev); | ||
508 | |||
509 | return 0; | ||
510 | } | ||
511 | |||
512 | static int rpa_timeout_get(void *data, u64 *val) | ||
513 | { | ||
514 | struct hci_dev *hdev = data; | ||
515 | |||
516 | hci_dev_lock(hdev); | ||
517 | *val = hdev->rpa_timeout; | ||
518 | hci_dev_unlock(hdev); | ||
519 | |||
520 | return 0; | ||
521 | } | ||
522 | |||
523 | DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get, | ||
524 | rpa_timeout_set, "%llu\n"); | ||
525 | |||
446 | static int sniff_min_interval_set(void *data, u64 val) | 526 | static int sniff_min_interval_set(void *data, u64 val) |
447 | { | 527 | { |
448 | struct hci_dev *hdev = data; | 528 | struct hci_dev *hdev = data; |
@@ -499,6 +579,59 @@ static int sniff_max_interval_get(void *data, u64 *val) | |||
499 | DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get, | 579 | DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get, |
500 | sniff_max_interval_set, "%llu\n"); | 580 | sniff_max_interval_set, "%llu\n"); |
501 | 581 | ||
582 | static int identity_show(struct seq_file *f, void *p) | ||
583 | { | ||
584 | struct hci_dev *hdev = f->private; | ||
585 | bdaddr_t addr; | ||
586 | u8 addr_type; | ||
587 | |||
588 | hci_dev_lock(hdev); | ||
589 | |||
590 | hci_copy_identity_address(hdev, &addr, &addr_type); | ||
591 | |||
592 | seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type, | ||
593 | 16, hdev->irk, &hdev->rpa); | ||
594 | |||
595 | hci_dev_unlock(hdev); | ||
596 | |||
597 | return 0; | ||
598 | } | ||
599 | |||
600 | static int identity_open(struct inode *inode, struct file *file) | ||
601 | { | ||
602 | return single_open(file, identity_show, inode->i_private); | ||
603 | } | ||
604 | |||
605 | static const struct file_operations identity_fops = { | ||
606 | .open = identity_open, | ||
607 | .read = seq_read, | ||
608 | .llseek = seq_lseek, | ||
609 | .release = single_release, | ||
610 | }; | ||
611 | |||
612 | static int random_address_show(struct seq_file *f, void *p) | ||
613 | { | ||
614 | struct hci_dev *hdev = f->private; | ||
615 | |||
616 | hci_dev_lock(hdev); | ||
617 | seq_printf(f, "%pMR\n", &hdev->random_addr); | ||
618 | hci_dev_unlock(hdev); | ||
619 | |||
620 | return 0; | ||
621 | } | ||
622 | |||
623 | static int random_address_open(struct inode *inode, struct file *file) | ||
624 | { | ||
625 | return single_open(file, random_address_show, inode->i_private); | ||
626 | } | ||
627 | |||
628 | static const struct file_operations random_address_fops = { | ||
629 | .open = random_address_open, | ||
630 | .read = seq_read, | ||
631 | .llseek = seq_lseek, | ||
632 | .release = single_release, | ||
633 | }; | ||
634 | |||
502 | static int static_address_show(struct seq_file *f, void *p) | 635 | static int static_address_show(struct seq_file *f, void *p) |
503 | { | 636 | { |
504 | struct hci_dev *hdev = f->private; | 637 | struct hci_dev *hdev = f->private; |
@@ -522,33 +655,107 @@ static const struct file_operations static_address_fops = { | |||
522 | .release = single_release, | 655 | .release = single_release, |
523 | }; | 656 | }; |
524 | 657 | ||
525 | static int own_address_type_set(void *data, u64 val) | 658 | static ssize_t force_static_address_read(struct file *file, |
659 | char __user *user_buf, | ||
660 | size_t count, loff_t *ppos) | ||
526 | { | 661 | { |
527 | struct hci_dev *hdev = data; | 662 | struct hci_dev *hdev = file->private_data; |
663 | char buf[3]; | ||
528 | 664 | ||
529 | if (val != 0 && val != 1) | 665 | buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ? 'Y': 'N'; |
666 | buf[1] = '\n'; | ||
667 | buf[2] = '\0'; | ||
668 | return simple_read_from_buffer(user_buf, count, ppos, buf, 2); | ||
669 | } | ||
670 | |||
671 | static ssize_t force_static_address_write(struct file *file, | ||
672 | const char __user *user_buf, | ||
673 | size_t count, loff_t *ppos) | ||
674 | { | ||
675 | struct hci_dev *hdev = file->private_data; | ||
676 | char buf[32]; | ||
677 | size_t buf_size = min(count, (sizeof(buf)-1)); | ||
678 | bool enable; | ||
679 | |||
680 | if (test_bit(HCI_UP, &hdev->flags)) | ||
681 | return -EBUSY; | ||
682 | |||
683 | if (copy_from_user(buf, user_buf, buf_size)) | ||
684 | return -EFAULT; | ||
685 | |||
686 | buf[buf_size] = '\0'; | ||
687 | if (strtobool(buf, &enable)) | ||
530 | return -EINVAL; | 688 | return -EINVAL; |
531 | 689 | ||
690 | if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags)) | ||
691 | return -EALREADY; | ||
692 | |||
693 | change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags); | ||
694 | |||
695 | return count; | ||
696 | } | ||
697 | |||
698 | static const struct file_operations force_static_address_fops = { | ||
699 | .open = simple_open, | ||
700 | .read = force_static_address_read, | ||
701 | .write = force_static_address_write, | ||
702 | .llseek = default_llseek, | ||
703 | }; | ||
704 | |||
705 | static int white_list_show(struct seq_file *f, void *ptr) | ||
706 | { | ||
707 | struct hci_dev *hdev = f->private; | ||
708 | struct bdaddr_list *b; | ||
709 | |||
532 | hci_dev_lock(hdev); | 710 | hci_dev_lock(hdev); |
533 | hdev->own_addr_type = val; | 711 | list_for_each_entry(b, &hdev->le_white_list, list) |
712 | seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type); | ||
534 | hci_dev_unlock(hdev); | 713 | hci_dev_unlock(hdev); |
535 | 714 | ||
536 | return 0; | 715 | return 0; |
537 | } | 716 | } |
538 | 717 | ||
539 | static int own_address_type_get(void *data, u64 *val) | 718 | static int white_list_open(struct inode *inode, struct file *file) |
540 | { | 719 | { |
541 | struct hci_dev *hdev = data; | 720 | return single_open(file, white_list_show, inode->i_private); |
721 | } | ||
722 | |||
723 | static const struct file_operations white_list_fops = { | ||
724 | .open = white_list_open, | ||
725 | .read = seq_read, | ||
726 | .llseek = seq_lseek, | ||
727 | .release = single_release, | ||
728 | }; | ||
729 | |||
730 | static int identity_resolving_keys_show(struct seq_file *f, void *ptr) | ||
731 | { | ||
732 | struct hci_dev *hdev = f->private; | ||
733 | struct list_head *p, *n; | ||
542 | 734 | ||
543 | hci_dev_lock(hdev); | 735 | hci_dev_lock(hdev); |
544 | *val = hdev->own_addr_type; | 736 | list_for_each_safe(p, n, &hdev->identity_resolving_keys) { |
737 | struct smp_irk *irk = list_entry(p, struct smp_irk, list); | ||
738 | seq_printf(f, "%pMR (type %u) %*phN %pMR\n", | ||
739 | &irk->bdaddr, irk->addr_type, | ||
740 | 16, irk->val, &irk->rpa); | ||
741 | } | ||
545 | hci_dev_unlock(hdev); | 742 | hci_dev_unlock(hdev); |
546 | 743 | ||
547 | return 0; | 744 | return 0; |
548 | } | 745 | } |
549 | 746 | ||
550 | DEFINE_SIMPLE_ATTRIBUTE(own_address_type_fops, own_address_type_get, | 747 | static int identity_resolving_keys_open(struct inode *inode, struct file *file) |
551 | own_address_type_set, "%llu\n"); | 748 | { |
749 | return single_open(file, identity_resolving_keys_show, | ||
750 | inode->i_private); | ||
751 | } | ||
752 | |||
753 | static const struct file_operations identity_resolving_keys_fops = { | ||
754 | .open = identity_resolving_keys_open, | ||
755 | .read = seq_read, | ||
756 | .llseek = seq_lseek, | ||
757 | .release = single_release, | ||
758 | }; | ||
552 | 759 | ||
553 | static int long_term_keys_show(struct seq_file *f, void *ptr) | 760 | static int long_term_keys_show(struct seq_file *f, void *ptr) |
554 | { | 761 | { |
@@ -556,12 +763,12 @@ static int long_term_keys_show(struct seq_file *f, void *ptr) | |||
556 | struct list_head *p, *n; | 763 | struct list_head *p, *n; |
557 | 764 | ||
558 | hci_dev_lock(hdev); | 765 | hci_dev_lock(hdev); |
559 | list_for_each_safe(p, n, &hdev->link_keys) { | 766 | list_for_each_safe(p, n, &hdev->long_term_keys) { |
560 | struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list); | 767 | struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list); |
561 | seq_printf(f, "%pMR (type %u) %u %u %u %.4x %*phN %*phN\\n", | 768 | seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n", |
562 | <k->bdaddr, ltk->bdaddr_type, ltk->authenticated, | 769 | <k->bdaddr, ltk->bdaddr_type, ltk->authenticated, |
563 | ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv), | 770 | ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv), |
564 | 8, ltk->rand, 16, ltk->val); | 771 | __le64_to_cpu(ltk->rand), 16, ltk->val); |
565 | } | 772 | } |
566 | hci_dev_unlock(hdev); | 773 | hci_dev_unlock(hdev); |
567 | 774 | ||
@@ -636,6 +843,34 @@ static int conn_max_interval_get(void *data, u64 *val) | |||
636 | DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get, | 843 | DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get, |
637 | conn_max_interval_set, "%llu\n"); | 844 | conn_max_interval_set, "%llu\n"); |
638 | 845 | ||
846 | static int adv_channel_map_set(void *data, u64 val) | ||
847 | { | ||
848 | struct hci_dev *hdev = data; | ||
849 | |||
850 | if (val < 0x01 || val > 0x07) | ||
851 | return -EINVAL; | ||
852 | |||
853 | hci_dev_lock(hdev); | ||
854 | hdev->le_adv_channel_map = val; | ||
855 | hci_dev_unlock(hdev); | ||
856 | |||
857 | return 0; | ||
858 | } | ||
859 | |||
860 | static int adv_channel_map_get(void *data, u64 *val) | ||
861 | { | ||
862 | struct hci_dev *hdev = data; | ||
863 | |||
864 | hci_dev_lock(hdev); | ||
865 | *val = hdev->le_adv_channel_map; | ||
866 | hci_dev_unlock(hdev); | ||
867 | |||
868 | return 0; | ||
869 | } | ||
870 | |||
871 | DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get, | ||
872 | adv_channel_map_set, "%llu\n"); | ||
873 | |||
639 | static ssize_t lowpan_read(struct file *file, char __user *user_buf, | 874 | static ssize_t lowpan_read(struct file *file, char __user *user_buf, |
640 | size_t count, loff_t *ppos) | 875 | size_t count, loff_t *ppos) |
641 | { | 876 | { |
@@ -679,6 +914,115 @@ static const struct file_operations lowpan_debugfs_fops = { | |||
679 | .llseek = default_llseek, | 914 | .llseek = default_llseek, |
680 | }; | 915 | }; |
681 | 916 | ||
917 | static int le_auto_conn_show(struct seq_file *sf, void *ptr) | ||
918 | { | ||
919 | struct hci_dev *hdev = sf->private; | ||
920 | struct hci_conn_params *p; | ||
921 | |||
922 | hci_dev_lock(hdev); | ||
923 | |||
924 | list_for_each_entry(p, &hdev->le_conn_params, list) { | ||
925 | seq_printf(sf, "%pMR %u %u\n", &p->addr, p->addr_type, | ||
926 | p->auto_connect); | ||
927 | } | ||
928 | |||
929 | hci_dev_unlock(hdev); | ||
930 | |||
931 | return 0; | ||
932 | } | ||
933 | |||
934 | static int le_auto_conn_open(struct inode *inode, struct file *file) | ||
935 | { | ||
936 | return single_open(file, le_auto_conn_show, inode->i_private); | ||
937 | } | ||
938 | |||
939 | static ssize_t le_auto_conn_write(struct file *file, const char __user *data, | ||
940 | size_t count, loff_t *offset) | ||
941 | { | ||
942 | struct seq_file *sf = file->private_data; | ||
943 | struct hci_dev *hdev = sf->private; | ||
944 | u8 auto_connect = 0; | ||
945 | bdaddr_t addr; | ||
946 | u8 addr_type; | ||
947 | char *buf; | ||
948 | int err = 0; | ||
949 | int n; | ||
950 | |||
951 | /* Don't allow partial write */ | ||
952 | if (*offset != 0) | ||
953 | return -EINVAL; | ||
954 | |||
955 | if (count < 3) | ||
956 | return -EINVAL; | ||
957 | |||
958 | buf = kzalloc(count, GFP_KERNEL); | ||
959 | if (!buf) | ||
960 | return -ENOMEM; | ||
961 | |||
962 | if (copy_from_user(buf, data, count)) { | ||
963 | err = -EFAULT; | ||
964 | goto done; | ||
965 | } | ||
966 | |||
967 | if (memcmp(buf, "add", 3) == 0) { | ||
968 | n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu %hhu", | ||
969 | &addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2], | ||
970 | &addr.b[1], &addr.b[0], &addr_type, | ||
971 | &auto_connect); | ||
972 | |||
973 | if (n < 7) { | ||
974 | err = -EINVAL; | ||
975 | goto done; | ||
976 | } | ||
977 | |||
978 | hci_dev_lock(hdev); | ||
979 | err = hci_conn_params_add(hdev, &addr, addr_type, auto_connect, | ||
980 | hdev->le_conn_min_interval, | ||
981 | hdev->le_conn_max_interval); | ||
982 | hci_dev_unlock(hdev); | ||
983 | |||
984 | if (err) | ||
985 | goto done; | ||
986 | } else if (memcmp(buf, "del", 3) == 0) { | ||
987 | n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu", | ||
988 | &addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2], | ||
989 | &addr.b[1], &addr.b[0], &addr_type); | ||
990 | |||
991 | if (n < 7) { | ||
992 | err = -EINVAL; | ||
993 | goto done; | ||
994 | } | ||
995 | |||
996 | hci_dev_lock(hdev); | ||
997 | hci_conn_params_del(hdev, &addr, addr_type); | ||
998 | hci_dev_unlock(hdev); | ||
999 | } else if (memcmp(buf, "clr", 3) == 0) { | ||
1000 | hci_dev_lock(hdev); | ||
1001 | hci_conn_params_clear(hdev); | ||
1002 | hci_pend_le_conns_clear(hdev); | ||
1003 | hci_update_background_scan(hdev); | ||
1004 | hci_dev_unlock(hdev); | ||
1005 | } else { | ||
1006 | err = -EINVAL; | ||
1007 | } | ||
1008 | |||
1009 | done: | ||
1010 | kfree(buf); | ||
1011 | |||
1012 | if (err) | ||
1013 | return err; | ||
1014 | else | ||
1015 | return count; | ||
1016 | } | ||
1017 | |||
1018 | static const struct file_operations le_auto_conn_fops = { | ||
1019 | .open = le_auto_conn_open, | ||
1020 | .read = seq_read, | ||
1021 | .write = le_auto_conn_write, | ||
1022 | .llseek = seq_lseek, | ||
1023 | .release = single_release, | ||
1024 | }; | ||
1025 | |||
682 | /* ---- HCI requests ---- */ | 1026 | /* ---- HCI requests ---- */ |
683 | 1027 | ||
684 | static void hci_req_sync_complete(struct hci_dev *hdev, u8 result) | 1028 | static void hci_req_sync_complete(struct hci_dev *hdev, u8 result) |
@@ -1027,14 +1371,17 @@ static void le_setup(struct hci_request *req) | |||
1027 | /* Read LE Local Supported Features */ | 1371 | /* Read LE Local Supported Features */ |
1028 | hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL); | 1372 | hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL); |
1029 | 1373 | ||
1374 | /* Read LE Supported States */ | ||
1375 | hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL); | ||
1376 | |||
1030 | /* Read LE Advertising Channel TX Power */ | 1377 | /* Read LE Advertising Channel TX Power */ |
1031 | hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); | 1378 | hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); |
1032 | 1379 | ||
1033 | /* Read LE White List Size */ | 1380 | /* Read LE White List Size */ |
1034 | hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL); | 1381 | hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL); |
1035 | 1382 | ||
1036 | /* Read LE Supported States */ | 1383 | /* Clear LE White List */ |
1037 | hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL); | 1384 | hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL); |
1038 | 1385 | ||
1039 | /* LE-only controllers have LE implicitly enabled */ | 1386 | /* LE-only controllers have LE implicitly enabled */ |
1040 | if (!lmp_bredr_capable(hdev)) | 1387 | if (!lmp_bredr_capable(hdev)) |
@@ -1288,6 +1635,10 @@ static void hci_set_event_mask_page_2(struct hci_request *req) | |||
1288 | events[2] |= 0x08; /* Truncated Page Complete */ | 1635 | events[2] |= 0x08; /* Truncated Page Complete */ |
1289 | } | 1636 | } |
1290 | 1637 | ||
1638 | /* Enable Authenticated Payload Timeout Expired event if supported */ | ||
1639 | if (lmp_ping_capable(hdev)) | ||
1640 | events[2] |= 0x80; | ||
1641 | |||
1291 | hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events); | 1642 | hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events); |
1292 | } | 1643 | } |
1293 | 1644 | ||
@@ -1322,21 +1673,8 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt) | |||
1322 | if (hdev->commands[5] & 0x10) | 1673 | if (hdev->commands[5] & 0x10) |
1323 | hci_setup_link_policy(req); | 1674 | hci_setup_link_policy(req); |
1324 | 1675 | ||
1325 | if (lmp_le_capable(hdev)) { | 1676 | if (lmp_le_capable(hdev)) |
1326 | if (test_bit(HCI_SETUP, &hdev->dev_flags)) { | ||
1327 | /* If the controller has a public BD_ADDR, then | ||
1328 | * by default use that one. If this is a LE only | ||
1329 | * controller without a public address, default | ||
1330 | * to the random address. | ||
1331 | */ | ||
1332 | if (bacmp(&hdev->bdaddr, BDADDR_ANY)) | ||
1333 | hdev->own_addr_type = ADDR_LE_DEV_PUBLIC; | ||
1334 | else | ||
1335 | hdev->own_addr_type = ADDR_LE_DEV_RANDOM; | ||
1336 | } | ||
1337 | |||
1338 | hci_set_le_support(req); | 1677 | hci_set_le_support(req); |
1339 | } | ||
1340 | 1678 | ||
1341 | /* Read features beyond page 1 if available */ | 1679 | /* Read features beyond page 1 if available */ |
1342 | for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { | 1680 | for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) { |
@@ -1359,6 +1697,15 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt) | |||
1359 | /* Check for Synchronization Train support */ | 1697 | /* Check for Synchronization Train support */ |
1360 | if (lmp_sync_train_capable(hdev)) | 1698 | if (lmp_sync_train_capable(hdev)) |
1361 | hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); | 1699 | hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL); |
1700 | |||
1701 | /* Enable Secure Connections if supported and configured */ | ||
1702 | if ((lmp_sc_capable(hdev) || | ||
1703 | test_bit(HCI_FORCE_SC, &hdev->dev_flags)) && | ||
1704 | test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { | ||
1705 | u8 support = 0x01; | ||
1706 | hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT, | ||
1707 | sizeof(support), &support); | ||
1708 | } | ||
1362 | } | 1709 | } |
1363 | 1710 | ||
1364 | static int __hci_init(struct hci_dev *hdev) | 1711 | static int __hci_init(struct hci_dev *hdev) |
@@ -1417,8 +1764,6 @@ static int __hci_init(struct hci_dev *hdev) | |||
1417 | hdev, &inquiry_cache_fops); | 1764 | hdev, &inquiry_cache_fops); |
1418 | debugfs_create_file("link_keys", 0400, hdev->debugfs, | 1765 | debugfs_create_file("link_keys", 0400, hdev->debugfs, |
1419 | hdev, &link_keys_fops); | 1766 | hdev, &link_keys_fops); |
1420 | debugfs_create_file("use_debug_keys", 0444, hdev->debugfs, | ||
1421 | hdev, &use_debug_keys_fops); | ||
1422 | debugfs_create_file("dev_class", 0444, hdev->debugfs, | 1767 | debugfs_create_file("dev_class", 0444, hdev->debugfs, |
1423 | hdev, &dev_class_fops); | 1768 | hdev, &dev_class_fops); |
1424 | debugfs_create_file("voice_setting", 0444, hdev->debugfs, | 1769 | debugfs_create_file("voice_setting", 0444, hdev->debugfs, |
@@ -1430,6 +1775,10 @@ static int __hci_init(struct hci_dev *hdev) | |||
1430 | hdev, &auto_accept_delay_fops); | 1775 | hdev, &auto_accept_delay_fops); |
1431 | debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs, | 1776 | debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs, |
1432 | hdev, &ssp_debug_mode_fops); | 1777 | hdev, &ssp_debug_mode_fops); |
1778 | debugfs_create_file("force_sc_support", 0644, hdev->debugfs, | ||
1779 | hdev, &force_sc_support_fops); | ||
1780 | debugfs_create_file("sc_only_mode", 0444, hdev->debugfs, | ||
1781 | hdev, &sc_only_mode_fops); | ||
1433 | } | 1782 | } |
1434 | 1783 | ||
1435 | if (lmp_sniff_capable(hdev)) { | 1784 | if (lmp_sniff_capable(hdev)) { |
@@ -1442,20 +1791,43 @@ static int __hci_init(struct hci_dev *hdev) | |||
1442 | } | 1791 | } |
1443 | 1792 | ||
1444 | if (lmp_le_capable(hdev)) { | 1793 | if (lmp_le_capable(hdev)) { |
1794 | debugfs_create_file("identity", 0400, hdev->debugfs, | ||
1795 | hdev, &identity_fops); | ||
1796 | debugfs_create_file("rpa_timeout", 0644, hdev->debugfs, | ||
1797 | hdev, &rpa_timeout_fops); | ||
1798 | debugfs_create_file("random_address", 0444, hdev->debugfs, | ||
1799 | hdev, &random_address_fops); | ||
1800 | debugfs_create_file("static_address", 0444, hdev->debugfs, | ||
1801 | hdev, &static_address_fops); | ||
1802 | |||
1803 | /* For controllers with a public address, provide a debug | ||
1804 | * option to force the usage of the configured static | ||
1805 | * address. By default the public address is used. | ||
1806 | */ | ||
1807 | if (bacmp(&hdev->bdaddr, BDADDR_ANY)) | ||
1808 | debugfs_create_file("force_static_address", 0644, | ||
1809 | hdev->debugfs, hdev, | ||
1810 | &force_static_address_fops); | ||
1811 | |||
1445 | debugfs_create_u8("white_list_size", 0444, hdev->debugfs, | 1812 | debugfs_create_u8("white_list_size", 0444, hdev->debugfs, |
1446 | &hdev->le_white_list_size); | 1813 | &hdev->le_white_list_size); |
1447 | debugfs_create_file("static_address", 0444, hdev->debugfs, | 1814 | debugfs_create_file("white_list", 0444, hdev->debugfs, hdev, |
1448 | hdev, &static_address_fops); | 1815 | &white_list_fops); |
1449 | debugfs_create_file("own_address_type", 0644, hdev->debugfs, | 1816 | debugfs_create_file("identity_resolving_keys", 0400, |
1450 | hdev, &own_address_type_fops); | 1817 | hdev->debugfs, hdev, |
1818 | &identity_resolving_keys_fops); | ||
1451 | debugfs_create_file("long_term_keys", 0400, hdev->debugfs, | 1819 | debugfs_create_file("long_term_keys", 0400, hdev->debugfs, |
1452 | hdev, &long_term_keys_fops); | 1820 | hdev, &long_term_keys_fops); |
1453 | debugfs_create_file("conn_min_interval", 0644, hdev->debugfs, | 1821 | debugfs_create_file("conn_min_interval", 0644, hdev->debugfs, |
1454 | hdev, &conn_min_interval_fops); | 1822 | hdev, &conn_min_interval_fops); |
1455 | debugfs_create_file("conn_max_interval", 0644, hdev->debugfs, | 1823 | debugfs_create_file("conn_max_interval", 0644, hdev->debugfs, |
1456 | hdev, &conn_max_interval_fops); | 1824 | hdev, &conn_max_interval_fops); |
1825 | debugfs_create_file("adv_channel_map", 0644, hdev->debugfs, | ||
1826 | hdev, &adv_channel_map_fops); | ||
1457 | debugfs_create_file("6lowpan", 0644, hdev->debugfs, hdev, | 1827 | debugfs_create_file("6lowpan", 0644, hdev->debugfs, hdev, |
1458 | &lowpan_debugfs_fops); | 1828 | &lowpan_debugfs_fops); |
1829 | debugfs_create_file("le_auto_conn", 0644, hdev->debugfs, hdev, | ||
1830 | &le_auto_conn_fops); | ||
1459 | } | 1831 | } |
1460 | 1832 | ||
1461 | return 0; | 1833 | return 0; |
@@ -1548,6 +1920,8 @@ void hci_discovery_set_state(struct hci_dev *hdev, int state) | |||
1548 | 1920 | ||
1549 | switch (state) { | 1921 | switch (state) { |
1550 | case DISCOVERY_STOPPED: | 1922 | case DISCOVERY_STOPPED: |
1923 | hci_update_background_scan(hdev); | ||
1924 | |||
1551 | if (hdev->discovery.state != DISCOVERY_STARTING) | 1925 | if (hdev->discovery.state != DISCOVERY_STARTING) |
1552 | mgmt_discovering(hdev, 0); | 1926 | mgmt_discovering(hdev, 0); |
1553 | break; | 1927 | break; |
@@ -1876,10 +2250,15 @@ static int hci_dev_do_open(struct hci_dev *hdev) | |||
1876 | * be able to determine if there is a public address | 2250 | * be able to determine if there is a public address |
1877 | * or not. | 2251 | * or not. |
1878 | * | 2252 | * |
2253 | * In case of user channel usage, it is not important | ||
2254 | * if a public address or static random address is | ||
2255 | * available. | ||
2256 | * | ||
1879 | * This check is only valid for BR/EDR controllers | 2257 | * This check is only valid for BR/EDR controllers |
1880 | * since AMP controllers do not have an address. | 2258 | * since AMP controllers do not have an address. |
1881 | */ | 2259 | */ |
1882 | if (hdev->dev_type == HCI_BREDR && | 2260 | if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) && |
2261 | hdev->dev_type == HCI_BREDR && | ||
1883 | !bacmp(&hdev->bdaddr, BDADDR_ANY) && | 2262 | !bacmp(&hdev->bdaddr, BDADDR_ANY) && |
1884 | !bacmp(&hdev->static_addr, BDADDR_ANY)) { | 2263 | !bacmp(&hdev->static_addr, BDADDR_ANY)) { |
1885 | ret = -EADDRNOTAVAIL; | 2264 | ret = -EADDRNOTAVAIL; |
@@ -1916,6 +2295,7 @@ static int hci_dev_do_open(struct hci_dev *hdev) | |||
1916 | 2295 | ||
1917 | if (!ret) { | 2296 | if (!ret) { |
1918 | hci_dev_hold(hdev); | 2297 | hci_dev_hold(hdev); |
2298 | set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); | ||
1919 | set_bit(HCI_UP, &hdev->flags); | 2299 | set_bit(HCI_UP, &hdev->flags); |
1920 | hci_notify(hdev, HCI_DEV_UP); | 2300 | hci_notify(hdev, HCI_DEV_UP); |
1921 | if (!test_bit(HCI_SETUP, &hdev->dev_flags) && | 2301 | if (!test_bit(HCI_SETUP, &hdev->dev_flags) && |
@@ -2014,9 +2394,13 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
2014 | 2394 | ||
2015 | cancel_delayed_work_sync(&hdev->le_scan_disable); | 2395 | cancel_delayed_work_sync(&hdev->le_scan_disable); |
2016 | 2396 | ||
2397 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) | ||
2398 | cancel_delayed_work_sync(&hdev->rpa_expired); | ||
2399 | |||
2017 | hci_dev_lock(hdev); | 2400 | hci_dev_lock(hdev); |
2018 | hci_inquiry_cache_flush(hdev); | 2401 | hci_inquiry_cache_flush(hdev); |
2019 | hci_conn_hash_flush(hdev); | 2402 | hci_conn_hash_flush(hdev); |
2403 | hci_pend_le_conns_clear(hdev); | ||
2020 | hci_dev_unlock(hdev); | 2404 | hci_dev_unlock(hdev); |
2021 | 2405 | ||
2022 | hci_notify(hdev, HCI_DEV_DOWN); | 2406 | hci_notify(hdev, HCI_DEV_DOWN); |
@@ -2074,6 +2458,7 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
2074 | 2458 | ||
2075 | memset(hdev->eir, 0, sizeof(hdev->eir)); | 2459 | memset(hdev->eir, 0, sizeof(hdev->eir)); |
2076 | memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); | 2460 | memset(hdev->dev_class, 0, sizeof(hdev->dev_class)); |
2461 | bacpy(&hdev->random_addr, BDADDR_ANY); | ||
2077 | 2462 | ||
2078 | hci_req_unlock(hdev); | 2463 | hci_req_unlock(hdev); |
2079 | 2464 | ||
@@ -2437,7 +2822,7 @@ static void hci_discov_off(struct work_struct *work) | |||
2437 | mgmt_discoverable_timeout(hdev); | 2822 | mgmt_discoverable_timeout(hdev); |
2438 | } | 2823 | } |
2439 | 2824 | ||
2440 | int hci_uuids_clear(struct hci_dev *hdev) | 2825 | void hci_uuids_clear(struct hci_dev *hdev) |
2441 | { | 2826 | { |
2442 | struct bt_uuid *uuid, *tmp; | 2827 | struct bt_uuid *uuid, *tmp; |
2443 | 2828 | ||
@@ -2445,11 +2830,9 @@ int hci_uuids_clear(struct hci_dev *hdev) | |||
2445 | list_del(&uuid->list); | 2830 | list_del(&uuid->list); |
2446 | kfree(uuid); | 2831 | kfree(uuid); |
2447 | } | 2832 | } |
2448 | |||
2449 | return 0; | ||
2450 | } | 2833 | } |
2451 | 2834 | ||
2452 | int hci_link_keys_clear(struct hci_dev *hdev) | 2835 | void hci_link_keys_clear(struct hci_dev *hdev) |
2453 | { | 2836 | { |
2454 | struct list_head *p, *n; | 2837 | struct list_head *p, *n; |
2455 | 2838 | ||
@@ -2461,11 +2844,9 @@ int hci_link_keys_clear(struct hci_dev *hdev) | |||
2461 | list_del(p); | 2844 | list_del(p); |
2462 | kfree(key); | 2845 | kfree(key); |
2463 | } | 2846 | } |
2464 | |||
2465 | return 0; | ||
2466 | } | 2847 | } |
2467 | 2848 | ||
2468 | int hci_smp_ltks_clear(struct hci_dev *hdev) | 2849 | void hci_smp_ltks_clear(struct hci_dev *hdev) |
2469 | { | 2850 | { |
2470 | struct smp_ltk *k, *tmp; | 2851 | struct smp_ltk *k, *tmp; |
2471 | 2852 | ||
@@ -2473,8 +2854,16 @@ int hci_smp_ltks_clear(struct hci_dev *hdev) | |||
2473 | list_del(&k->list); | 2854 | list_del(&k->list); |
2474 | kfree(k); | 2855 | kfree(k); |
2475 | } | 2856 | } |
2857 | } | ||
2476 | 2858 | ||
2477 | return 0; | 2859 | void hci_smp_irks_clear(struct hci_dev *hdev) |
2860 | { | ||
2861 | struct smp_irk *k, *tmp; | ||
2862 | |||
2863 | list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) { | ||
2864 | list_del(&k->list); | ||
2865 | kfree(k); | ||
2866 | } | ||
2478 | } | 2867 | } |
2479 | 2868 | ||
2480 | struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) | 2869 | struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) |
@@ -2524,13 +2913,24 @@ static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn, | |||
2524 | return false; | 2913 | return false; |
2525 | } | 2914 | } |
2526 | 2915 | ||
2527 | struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) | 2916 | static bool ltk_type_master(u8 type) |
2917 | { | ||
2918 | if (type == HCI_SMP_STK || type == HCI_SMP_LTK) | ||
2919 | return true; | ||
2920 | |||
2921 | return false; | ||
2922 | } | ||
2923 | |||
2924 | struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand, | ||
2925 | bool master) | ||
2528 | { | 2926 | { |
2529 | struct smp_ltk *k; | 2927 | struct smp_ltk *k; |
2530 | 2928 | ||
2531 | list_for_each_entry(k, &hdev->long_term_keys, list) { | 2929 | list_for_each_entry(k, &hdev->long_term_keys, list) { |
2532 | if (k->ediv != ediv || | 2930 | if (k->ediv != ediv || k->rand != rand) |
2533 | memcmp(rand, k->rand, sizeof(k->rand))) | 2931 | continue; |
2932 | |||
2933 | if (ltk_type_master(k->type) != master) | ||
2534 | continue; | 2934 | continue; |
2535 | 2935 | ||
2536 | return k; | 2936 | return k; |
@@ -2540,18 +2940,56 @@ struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]) | |||
2540 | } | 2940 | } |
2541 | 2941 | ||
2542 | struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, | 2942 | struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, |
2543 | u8 addr_type) | 2943 | u8 addr_type, bool master) |
2544 | { | 2944 | { |
2545 | struct smp_ltk *k; | 2945 | struct smp_ltk *k; |
2546 | 2946 | ||
2547 | list_for_each_entry(k, &hdev->long_term_keys, list) | 2947 | list_for_each_entry(k, &hdev->long_term_keys, list) |
2548 | if (addr_type == k->bdaddr_type && | 2948 | if (addr_type == k->bdaddr_type && |
2549 | bacmp(bdaddr, &k->bdaddr) == 0) | 2949 | bacmp(bdaddr, &k->bdaddr) == 0 && |
2950 | ltk_type_master(k->type) == master) | ||
2550 | return k; | 2951 | return k; |
2551 | 2952 | ||
2552 | return NULL; | 2953 | return NULL; |
2553 | } | 2954 | } |
2554 | 2955 | ||
2956 | struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa) | ||
2957 | { | ||
2958 | struct smp_irk *irk; | ||
2959 | |||
2960 | list_for_each_entry(irk, &hdev->identity_resolving_keys, list) { | ||
2961 | if (!bacmp(&irk->rpa, rpa)) | ||
2962 | return irk; | ||
2963 | } | ||
2964 | |||
2965 | list_for_each_entry(irk, &hdev->identity_resolving_keys, list) { | ||
2966 | if (smp_irk_matches(hdev->tfm_aes, irk->val, rpa)) { | ||
2967 | bacpy(&irk->rpa, rpa); | ||
2968 | return irk; | ||
2969 | } | ||
2970 | } | ||
2971 | |||
2972 | return NULL; | ||
2973 | } | ||
2974 | |||
2975 | struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr, | ||
2976 | u8 addr_type) | ||
2977 | { | ||
2978 | struct smp_irk *irk; | ||
2979 | |||
2980 | /* Identity Address must be public or static random */ | ||
2981 | if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0) | ||
2982 | return NULL; | ||
2983 | |||
2984 | list_for_each_entry(irk, &hdev->identity_resolving_keys, list) { | ||
2985 | if (addr_type == irk->addr_type && | ||
2986 | bacmp(bdaddr, &irk->bdaddr) == 0) | ||
2987 | return irk; | ||
2988 | } | ||
2989 | |||
2990 | return NULL; | ||
2991 | } | ||
2992 | |||
2555 | int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, | 2993 | int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, |
2556 | bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) | 2994 | bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len) |
2557 | { | 2995 | { |
@@ -2565,7 +3003,7 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, | |||
2565 | key = old_key; | 3003 | key = old_key; |
2566 | } else { | 3004 | } else { |
2567 | old_key_type = conn ? conn->key_type : 0xff; | 3005 | old_key_type = conn ? conn->key_type : 0xff; |
2568 | key = kzalloc(sizeof(*key), GFP_ATOMIC); | 3006 | key = kzalloc(sizeof(*key), GFP_KERNEL); |
2569 | if (!key) | 3007 | if (!key) |
2570 | return -ENOMEM; | 3008 | return -ENOMEM; |
2571 | list_add(&key->list, &hdev->link_keys); | 3009 | list_add(&key->list, &hdev->link_keys); |
@@ -2605,22 +3043,20 @@ int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key, | |||
2605 | return 0; | 3043 | return 0; |
2606 | } | 3044 | } |
2607 | 3045 | ||
2608 | int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type, | 3046 | struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, |
2609 | int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16 | 3047 | u8 addr_type, u8 type, u8 authenticated, |
2610 | ediv, u8 rand[8]) | 3048 | u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand) |
2611 | { | 3049 | { |
2612 | struct smp_ltk *key, *old_key; | 3050 | struct smp_ltk *key, *old_key; |
3051 | bool master = ltk_type_master(type); | ||
2613 | 3052 | ||
2614 | if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK)) | 3053 | old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, master); |
2615 | return 0; | ||
2616 | |||
2617 | old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type); | ||
2618 | if (old_key) | 3054 | if (old_key) |
2619 | key = old_key; | 3055 | key = old_key; |
2620 | else { | 3056 | else { |
2621 | key = kzalloc(sizeof(*key), GFP_ATOMIC); | 3057 | key = kzalloc(sizeof(*key), GFP_KERNEL); |
2622 | if (!key) | 3058 | if (!key) |
2623 | return -ENOMEM; | 3059 | return NULL; |
2624 | list_add(&key->list, &hdev->long_term_keys); | 3060 | list_add(&key->list, &hdev->long_term_keys); |
2625 | } | 3061 | } |
2626 | 3062 | ||
@@ -2629,17 +3065,34 @@ int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type, | |||
2629 | memcpy(key->val, tk, sizeof(key->val)); | 3065 | memcpy(key->val, tk, sizeof(key->val)); |
2630 | key->authenticated = authenticated; | 3066 | key->authenticated = authenticated; |
2631 | key->ediv = ediv; | 3067 | key->ediv = ediv; |
3068 | key->rand = rand; | ||
2632 | key->enc_size = enc_size; | 3069 | key->enc_size = enc_size; |
2633 | key->type = type; | 3070 | key->type = type; |
2634 | memcpy(key->rand, rand, sizeof(key->rand)); | ||
2635 | 3071 | ||
2636 | if (!new_key) | 3072 | return key; |
2637 | return 0; | 3073 | } |
3074 | |||
3075 | struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, | ||
3076 | u8 addr_type, u8 val[16], bdaddr_t *rpa) | ||
3077 | { | ||
3078 | struct smp_irk *irk; | ||
2638 | 3079 | ||
2639 | if (type & HCI_SMP_LTK) | 3080 | irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type); |
2640 | mgmt_new_ltk(hdev, key, 1); | 3081 | if (!irk) { |
3082 | irk = kzalloc(sizeof(*irk), GFP_KERNEL); | ||
3083 | if (!irk) | ||
3084 | return NULL; | ||
2641 | 3085 | ||
2642 | return 0; | 3086 | bacpy(&irk->bdaddr, bdaddr); |
3087 | irk->addr_type = addr_type; | ||
3088 | |||
3089 | list_add(&irk->list, &hdev->identity_resolving_keys); | ||
3090 | } | ||
3091 | |||
3092 | memcpy(irk->val, val, 16); | ||
3093 | bacpy(&irk->rpa, rpa); | ||
3094 | |||
3095 | return irk; | ||
2643 | } | 3096 | } |
2644 | 3097 | ||
2645 | int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) | 3098 | int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) |
@@ -2658,21 +3111,38 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
2658 | return 0; | 3111 | return 0; |
2659 | } | 3112 | } |
2660 | 3113 | ||
2661 | int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr) | 3114 | int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type) |
2662 | { | 3115 | { |
2663 | struct smp_ltk *k, *tmp; | 3116 | struct smp_ltk *k, *tmp; |
3117 | int removed = 0; | ||
2664 | 3118 | ||
2665 | list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { | 3119 | list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) { |
2666 | if (bacmp(bdaddr, &k->bdaddr)) | 3120 | if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type) |
2667 | continue; | 3121 | continue; |
2668 | 3122 | ||
2669 | BT_DBG("%s removing %pMR", hdev->name, bdaddr); | 3123 | BT_DBG("%s removing %pMR", hdev->name, bdaddr); |
2670 | 3124 | ||
2671 | list_del(&k->list); | 3125 | list_del(&k->list); |
2672 | kfree(k); | 3126 | kfree(k); |
3127 | removed++; | ||
2673 | } | 3128 | } |
2674 | 3129 | ||
2675 | return 0; | 3130 | return removed ? 0 : -ENOENT; |
3131 | } | ||
3132 | |||
3133 | void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type) | ||
3134 | { | ||
3135 | struct smp_irk *k, *tmp; | ||
3136 | |||
3137 | list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) { | ||
3138 | if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type) | ||
3139 | continue; | ||
3140 | |||
3141 | BT_DBG("%s removing %pMR", hdev->name, bdaddr); | ||
3142 | |||
3143 | list_del(&k->list); | ||
3144 | kfree(k); | ||
3145 | } | ||
2676 | } | 3146 | } |
2677 | 3147 | ||
2678 | /* HCI command timer function */ | 3148 | /* HCI command timer function */ |
@@ -2721,7 +3191,7 @@ int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr) | |||
2721 | return 0; | 3191 | return 0; |
2722 | } | 3192 | } |
2723 | 3193 | ||
2724 | int hci_remote_oob_data_clear(struct hci_dev *hdev) | 3194 | void hci_remote_oob_data_clear(struct hci_dev *hdev) |
2725 | { | 3195 | { |
2726 | struct oob_data *data, *n; | 3196 | struct oob_data *data, *n; |
2727 | 3197 | ||
@@ -2729,19 +3199,43 @@ int hci_remote_oob_data_clear(struct hci_dev *hdev) | |||
2729 | list_del(&data->list); | 3199 | list_del(&data->list); |
2730 | kfree(data); | 3200 | kfree(data); |
2731 | } | 3201 | } |
3202 | } | ||
3203 | |||
3204 | int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, | ||
3205 | u8 *hash, u8 *randomizer) | ||
3206 | { | ||
3207 | struct oob_data *data; | ||
3208 | |||
3209 | data = hci_find_remote_oob_data(hdev, bdaddr); | ||
3210 | if (!data) { | ||
3211 | data = kmalloc(sizeof(*data), GFP_KERNEL); | ||
3212 | if (!data) | ||
3213 | return -ENOMEM; | ||
3214 | |||
3215 | bacpy(&data->bdaddr, bdaddr); | ||
3216 | list_add(&data->list, &hdev->remote_oob_data); | ||
3217 | } | ||
3218 | |||
3219 | memcpy(data->hash192, hash, sizeof(data->hash192)); | ||
3220 | memcpy(data->randomizer192, randomizer, sizeof(data->randomizer192)); | ||
3221 | |||
3222 | memset(data->hash256, 0, sizeof(data->hash256)); | ||
3223 | memset(data->randomizer256, 0, sizeof(data->randomizer256)); | ||
3224 | |||
3225 | BT_DBG("%s for %pMR", hdev->name, bdaddr); | ||
2732 | 3226 | ||
2733 | return 0; | 3227 | return 0; |
2734 | } | 3228 | } |
2735 | 3229 | ||
2736 | int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, | 3230 | int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr, |
2737 | u8 *randomizer) | 3231 | u8 *hash192, u8 *randomizer192, |
3232 | u8 *hash256, u8 *randomizer256) | ||
2738 | { | 3233 | { |
2739 | struct oob_data *data; | 3234 | struct oob_data *data; |
2740 | 3235 | ||
2741 | data = hci_find_remote_oob_data(hdev, bdaddr); | 3236 | data = hci_find_remote_oob_data(hdev, bdaddr); |
2742 | |||
2743 | if (!data) { | 3237 | if (!data) { |
2744 | data = kmalloc(sizeof(*data), GFP_ATOMIC); | 3238 | data = kmalloc(sizeof(*data), GFP_KERNEL); |
2745 | if (!data) | 3239 | if (!data) |
2746 | return -ENOMEM; | 3240 | return -ENOMEM; |
2747 | 3241 | ||
@@ -2749,8 +3243,11 @@ int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash, | |||
2749 | list_add(&data->list, &hdev->remote_oob_data); | 3243 | list_add(&data->list, &hdev->remote_oob_data); |
2750 | } | 3244 | } |
2751 | 3245 | ||
2752 | memcpy(data->hash, hash, sizeof(data->hash)); | 3246 | memcpy(data->hash192, hash192, sizeof(data->hash192)); |
2753 | memcpy(data->randomizer, randomizer, sizeof(data->randomizer)); | 3247 | memcpy(data->randomizer192, randomizer192, sizeof(data->randomizer192)); |
3248 | |||
3249 | memcpy(data->hash256, hash256, sizeof(data->hash256)); | ||
3250 | memcpy(data->randomizer256, randomizer256, sizeof(data->randomizer256)); | ||
2754 | 3251 | ||
2755 | BT_DBG("%s for %pMR", hdev->name, bdaddr); | 3252 | BT_DBG("%s for %pMR", hdev->name, bdaddr); |
2756 | 3253 | ||
@@ -2770,7 +3267,7 @@ struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, | |||
2770 | return NULL; | 3267 | return NULL; |
2771 | } | 3268 | } |
2772 | 3269 | ||
2773 | int hci_blacklist_clear(struct hci_dev *hdev) | 3270 | static void hci_blacklist_clear(struct hci_dev *hdev) |
2774 | { | 3271 | { |
2775 | struct list_head *p, *n; | 3272 | struct list_head *p, *n; |
2776 | 3273 | ||
@@ -2780,8 +3277,6 @@ int hci_blacklist_clear(struct hci_dev *hdev) | |||
2780 | list_del(p); | 3277 | list_del(p); |
2781 | kfree(b); | 3278 | kfree(b); |
2782 | } | 3279 | } |
2783 | |||
2784 | return 0; | ||
2785 | } | 3280 | } |
2786 | 3281 | ||
2787 | int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | 3282 | int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) |
@@ -2810,8 +3305,10 @@ int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | |||
2810 | { | 3305 | { |
2811 | struct bdaddr_list *entry; | 3306 | struct bdaddr_list *entry; |
2812 | 3307 | ||
2813 | if (!bacmp(bdaddr, BDADDR_ANY)) | 3308 | if (!bacmp(bdaddr, BDADDR_ANY)) { |
2814 | return hci_blacklist_clear(hdev); | 3309 | hci_blacklist_clear(hdev); |
3310 | return 0; | ||
3311 | } | ||
2815 | 3312 | ||
2816 | entry = hci_blacklist_lookup(hdev, bdaddr, type); | 3313 | entry = hci_blacklist_lookup(hdev, bdaddr, type); |
2817 | if (!entry) | 3314 | if (!entry) |
@@ -2823,6 +3320,262 @@ int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | |||
2823 | return mgmt_device_unblocked(hdev, bdaddr, type); | 3320 | return mgmt_device_unblocked(hdev, bdaddr, type); |
2824 | } | 3321 | } |
2825 | 3322 | ||
3323 | struct bdaddr_list *hci_white_list_lookup(struct hci_dev *hdev, | ||
3324 | bdaddr_t *bdaddr, u8 type) | ||
3325 | { | ||
3326 | struct bdaddr_list *b; | ||
3327 | |||
3328 | list_for_each_entry(b, &hdev->le_white_list, list) { | ||
3329 | if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type) | ||
3330 | return b; | ||
3331 | } | ||
3332 | |||
3333 | return NULL; | ||
3334 | } | ||
3335 | |||
3336 | void hci_white_list_clear(struct hci_dev *hdev) | ||
3337 | { | ||
3338 | struct list_head *p, *n; | ||
3339 | |||
3340 | list_for_each_safe(p, n, &hdev->le_white_list) { | ||
3341 | struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list); | ||
3342 | |||
3343 | list_del(p); | ||
3344 | kfree(b); | ||
3345 | } | ||
3346 | } | ||
3347 | |||
3348 | int hci_white_list_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | ||
3349 | { | ||
3350 | struct bdaddr_list *entry; | ||
3351 | |||
3352 | if (!bacmp(bdaddr, BDADDR_ANY)) | ||
3353 | return -EBADF; | ||
3354 | |||
3355 | entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL); | ||
3356 | if (!entry) | ||
3357 | return -ENOMEM; | ||
3358 | |||
3359 | bacpy(&entry->bdaddr, bdaddr); | ||
3360 | entry->bdaddr_type = type; | ||
3361 | |||
3362 | list_add(&entry->list, &hdev->le_white_list); | ||
3363 | |||
3364 | return 0; | ||
3365 | } | ||
3366 | |||
3367 | int hci_white_list_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type) | ||
3368 | { | ||
3369 | struct bdaddr_list *entry; | ||
3370 | |||
3371 | if (!bacmp(bdaddr, BDADDR_ANY)) | ||
3372 | return -EBADF; | ||
3373 | |||
3374 | entry = hci_white_list_lookup(hdev, bdaddr, type); | ||
3375 | if (!entry) | ||
3376 | return -ENOENT; | ||
3377 | |||
3378 | list_del(&entry->list); | ||
3379 | kfree(entry); | ||
3380 | |||
3381 | return 0; | ||
3382 | } | ||
3383 | |||
3384 | /* This function requires the caller holds hdev->lock */ | ||
3385 | struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev, | ||
3386 | bdaddr_t *addr, u8 addr_type) | ||
3387 | { | ||
3388 | struct hci_conn_params *params; | ||
3389 | |||
3390 | list_for_each_entry(params, &hdev->le_conn_params, list) { | ||
3391 | if (bacmp(¶ms->addr, addr) == 0 && | ||
3392 | params->addr_type == addr_type) { | ||
3393 | return params; | ||
3394 | } | ||
3395 | } | ||
3396 | |||
3397 | return NULL; | ||
3398 | } | ||
3399 | |||
3400 | static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) | ||
3401 | { | ||
3402 | struct hci_conn *conn; | ||
3403 | |||
3404 | conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); | ||
3405 | if (!conn) | ||
3406 | return false; | ||
3407 | |||
3408 | if (conn->dst_type != type) | ||
3409 | return false; | ||
3410 | |||
3411 | if (conn->state != BT_CONNECTED) | ||
3412 | return false; | ||
3413 | |||
3414 | return true; | ||
3415 | } | ||
3416 | |||
3417 | static bool is_identity_address(bdaddr_t *addr, u8 addr_type) | ||
3418 | { | ||
3419 | if (addr_type == ADDR_LE_DEV_PUBLIC) | ||
3420 | return true; | ||
3421 | |||
3422 | /* Check for Random Static address type */ | ||
3423 | if ((addr->b[5] & 0xc0) == 0xc0) | ||
3424 | return true; | ||
3425 | |||
3426 | return false; | ||
3427 | } | ||
3428 | |||
3429 | /* This function requires the caller holds hdev->lock */ | ||
3430 | int hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type, | ||
3431 | u8 auto_connect, u16 conn_min_interval, | ||
3432 | u16 conn_max_interval) | ||
3433 | { | ||
3434 | struct hci_conn_params *params; | ||
3435 | |||
3436 | if (!is_identity_address(addr, addr_type)) | ||
3437 | return -EINVAL; | ||
3438 | |||
3439 | params = hci_conn_params_lookup(hdev, addr, addr_type); | ||
3440 | if (params) | ||
3441 | goto update; | ||
3442 | |||
3443 | params = kzalloc(sizeof(*params), GFP_KERNEL); | ||
3444 | if (!params) { | ||
3445 | BT_ERR("Out of memory"); | ||
3446 | return -ENOMEM; | ||
3447 | } | ||
3448 | |||
3449 | bacpy(¶ms->addr, addr); | ||
3450 | params->addr_type = addr_type; | ||
3451 | |||
3452 | list_add(¶ms->list, &hdev->le_conn_params); | ||
3453 | |||
3454 | update: | ||
3455 | params->conn_min_interval = conn_min_interval; | ||
3456 | params->conn_max_interval = conn_max_interval; | ||
3457 | params->auto_connect = auto_connect; | ||
3458 | |||
3459 | switch (auto_connect) { | ||
3460 | case HCI_AUTO_CONN_DISABLED: | ||
3461 | case HCI_AUTO_CONN_LINK_LOSS: | ||
3462 | hci_pend_le_conn_del(hdev, addr, addr_type); | ||
3463 | break; | ||
3464 | case HCI_AUTO_CONN_ALWAYS: | ||
3465 | if (!is_connected(hdev, addr, addr_type)) | ||
3466 | hci_pend_le_conn_add(hdev, addr, addr_type); | ||
3467 | break; | ||
3468 | } | ||
3469 | |||
3470 | BT_DBG("addr %pMR (type %u) auto_connect %u conn_min_interval 0x%.4x " | ||
3471 | "conn_max_interval 0x%.4x", addr, addr_type, auto_connect, | ||
3472 | conn_min_interval, conn_max_interval); | ||
3473 | |||
3474 | return 0; | ||
3475 | } | ||
3476 | |||
3477 | /* This function requires the caller holds hdev->lock */ | ||
3478 | void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type) | ||
3479 | { | ||
3480 | struct hci_conn_params *params; | ||
3481 | |||
3482 | params = hci_conn_params_lookup(hdev, addr, addr_type); | ||
3483 | if (!params) | ||
3484 | return; | ||
3485 | |||
3486 | hci_pend_le_conn_del(hdev, addr, addr_type); | ||
3487 | |||
3488 | list_del(¶ms->list); | ||
3489 | kfree(params); | ||
3490 | |||
3491 | BT_DBG("addr %pMR (type %u)", addr, addr_type); | ||
3492 | } | ||
3493 | |||
3494 | /* This function requires the caller holds hdev->lock */ | ||
3495 | void hci_conn_params_clear(struct hci_dev *hdev) | ||
3496 | { | ||
3497 | struct hci_conn_params *params, *tmp; | ||
3498 | |||
3499 | list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) { | ||
3500 | list_del(¶ms->list); | ||
3501 | kfree(params); | ||
3502 | } | ||
3503 | |||
3504 | BT_DBG("All LE connection parameters were removed"); | ||
3505 | } | ||
3506 | |||
3507 | /* This function requires the caller holds hdev->lock */ | ||
3508 | struct bdaddr_list *hci_pend_le_conn_lookup(struct hci_dev *hdev, | ||
3509 | bdaddr_t *addr, u8 addr_type) | ||
3510 | { | ||
3511 | struct bdaddr_list *entry; | ||
3512 | |||
3513 | list_for_each_entry(entry, &hdev->pend_le_conns, list) { | ||
3514 | if (bacmp(&entry->bdaddr, addr) == 0 && | ||
3515 | entry->bdaddr_type == addr_type) | ||
3516 | return entry; | ||
3517 | } | ||
3518 | |||
3519 | return NULL; | ||
3520 | } | ||
3521 | |||
3522 | /* This function requires the caller holds hdev->lock */ | ||
3523 | void hci_pend_le_conn_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type) | ||
3524 | { | ||
3525 | struct bdaddr_list *entry; | ||
3526 | |||
3527 | entry = hci_pend_le_conn_lookup(hdev, addr, addr_type); | ||
3528 | if (entry) | ||
3529 | goto done; | ||
3530 | |||
3531 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); | ||
3532 | if (!entry) { | ||
3533 | BT_ERR("Out of memory"); | ||
3534 | return; | ||
3535 | } | ||
3536 | |||
3537 | bacpy(&entry->bdaddr, addr); | ||
3538 | entry->bdaddr_type = addr_type; | ||
3539 | |||
3540 | list_add(&entry->list, &hdev->pend_le_conns); | ||
3541 | |||
3542 | BT_DBG("addr %pMR (type %u)", addr, addr_type); | ||
3543 | |||
3544 | done: | ||
3545 | hci_update_background_scan(hdev); | ||
3546 | } | ||
3547 | |||
3548 | /* This function requires the caller holds hdev->lock */ | ||
3549 | void hci_pend_le_conn_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type) | ||
3550 | { | ||
3551 | struct bdaddr_list *entry; | ||
3552 | |||
3553 | entry = hci_pend_le_conn_lookup(hdev, addr, addr_type); | ||
3554 | if (!entry) | ||
3555 | goto done; | ||
3556 | |||
3557 | list_del(&entry->list); | ||
3558 | kfree(entry); | ||
3559 | |||
3560 | BT_DBG("addr %pMR (type %u)", addr, addr_type); | ||
3561 | |||
3562 | done: | ||
3563 | hci_update_background_scan(hdev); | ||
3564 | } | ||
3565 | |||
3566 | /* This function requires the caller holds hdev->lock */ | ||
3567 | void hci_pend_le_conns_clear(struct hci_dev *hdev) | ||
3568 | { | ||
3569 | struct bdaddr_list *entry, *tmp; | ||
3570 | |||
3571 | list_for_each_entry_safe(entry, tmp, &hdev->pend_le_conns, list) { | ||
3572 | list_del(&entry->list); | ||
3573 | kfree(entry); | ||
3574 | } | ||
3575 | |||
3576 | BT_DBG("All LE pending connections cleared"); | ||
3577 | } | ||
3578 | |||
2826 | static void inquiry_complete(struct hci_dev *hdev, u8 status) | 3579 | static void inquiry_complete(struct hci_dev *hdev, u8 status) |
2827 | { | 3580 | { |
2828 | if (status) { | 3581 | if (status) { |
@@ -2882,7 +3635,6 @@ static void le_scan_disable_work(struct work_struct *work) | |||
2882 | { | 3635 | { |
2883 | struct hci_dev *hdev = container_of(work, struct hci_dev, | 3636 | struct hci_dev *hdev = container_of(work, struct hci_dev, |
2884 | le_scan_disable.work); | 3637 | le_scan_disable.work); |
2885 | struct hci_cp_le_set_scan_enable cp; | ||
2886 | struct hci_request req; | 3638 | struct hci_request req; |
2887 | int err; | 3639 | int err; |
2888 | 3640 | ||
@@ -2890,15 +3642,128 @@ static void le_scan_disable_work(struct work_struct *work) | |||
2890 | 3642 | ||
2891 | hci_req_init(&req, hdev); | 3643 | hci_req_init(&req, hdev); |
2892 | 3644 | ||
2893 | memset(&cp, 0, sizeof(cp)); | 3645 | hci_req_add_le_scan_disable(&req); |
2894 | cp.enable = LE_SCAN_DISABLE; | ||
2895 | hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); | ||
2896 | 3646 | ||
2897 | err = hci_req_run(&req, le_scan_disable_work_complete); | 3647 | err = hci_req_run(&req, le_scan_disable_work_complete); |
2898 | if (err) | 3648 | if (err) |
2899 | BT_ERR("Disable LE scanning request failed: err %d", err); | 3649 | BT_ERR("Disable LE scanning request failed: err %d", err); |
2900 | } | 3650 | } |
2901 | 3651 | ||
3652 | static void set_random_addr(struct hci_request *req, bdaddr_t *rpa) | ||
3653 | { | ||
3654 | struct hci_dev *hdev = req->hdev; | ||
3655 | |||
3656 | /* If we're advertising or initiating an LE connection we can't | ||
3657 | * go ahead and change the random address at this time. This is | ||
3658 | * because the eventual initiator address used for the | ||
3659 | * subsequently created connection will be undefined (some | ||
3660 | * controllers use the new address and others the one we had | ||
3661 | * when the operation started). | ||
3662 | * | ||
3663 | * In this kind of scenario skip the update and let the random | ||
3664 | * address be updated at the next cycle. | ||
3665 | */ | ||
3666 | if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) || | ||
3667 | hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) { | ||
3668 | BT_DBG("Deferring random address update"); | ||
3669 | return; | ||
3670 | } | ||
3671 | |||
3672 | hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa); | ||
3673 | } | ||
3674 | |||
3675 | int hci_update_random_address(struct hci_request *req, bool require_privacy, | ||
3676 | u8 *own_addr_type) | ||
3677 | { | ||
3678 | struct hci_dev *hdev = req->hdev; | ||
3679 | int err; | ||
3680 | |||
3681 | /* If privacy is enabled use a resolvable private address. If | ||
3682 | * current RPA has expired or there is something else than | ||
3683 | * the current RPA in use, then generate a new one. | ||
3684 | */ | ||
3685 | if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) { | ||
3686 | int to; | ||
3687 | |||
3688 | *own_addr_type = ADDR_LE_DEV_RANDOM; | ||
3689 | |||
3690 | if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) && | ||
3691 | !bacmp(&hdev->random_addr, &hdev->rpa)) | ||
3692 | return 0; | ||
3693 | |||
3694 | err = smp_generate_rpa(hdev->tfm_aes, hdev->irk, &hdev->rpa); | ||
3695 | if (err < 0) { | ||
3696 | BT_ERR("%s failed to generate new RPA", hdev->name); | ||
3697 | return err; | ||
3698 | } | ||
3699 | |||
3700 | set_random_addr(req, &hdev->rpa); | ||
3701 | |||
3702 | to = msecs_to_jiffies(hdev->rpa_timeout * 1000); | ||
3703 | queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to); | ||
3704 | |||
3705 | return 0; | ||
3706 | } | ||
3707 | |||
3708 | /* In case of required privacy without resolvable private address, | ||
3709 | * use an unresolvable private address. This is useful for active | ||
3710 | * scanning and non-connectable advertising. | ||
3711 | */ | ||
3712 | if (require_privacy) { | ||
3713 | bdaddr_t urpa; | ||
3714 | |||
3715 | get_random_bytes(&urpa, 6); | ||
3716 | urpa.b[5] &= 0x3f; /* Clear two most significant bits */ | ||
3717 | |||
3718 | *own_addr_type = ADDR_LE_DEV_RANDOM; | ||
3719 | set_random_addr(req, &urpa); | ||
3720 | return 0; | ||
3721 | } | ||
3722 | |||
3723 | /* If forcing static address is in use or there is no public | ||
3724 | * address use the static address as random address (but skip | ||
3725 | * the HCI command if the current random address is already the | ||
3726 | * static one. | ||
3727 | */ | ||
3728 | if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) || | ||
3729 | !bacmp(&hdev->bdaddr, BDADDR_ANY)) { | ||
3730 | *own_addr_type = ADDR_LE_DEV_RANDOM; | ||
3731 | if (bacmp(&hdev->static_addr, &hdev->random_addr)) | ||
3732 | hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, | ||
3733 | &hdev->static_addr); | ||
3734 | return 0; | ||
3735 | } | ||
3736 | |||
3737 | /* Neither privacy nor static address is being used so use a | ||
3738 | * public address. | ||
3739 | */ | ||
3740 | *own_addr_type = ADDR_LE_DEV_PUBLIC; | ||
3741 | |||
3742 | return 0; | ||
3743 | } | ||
3744 | |||
3745 | /* Copy the Identity Address of the controller. | ||
3746 | * | ||
3747 | * If the controller has a public BD_ADDR, then by default use that one. | ||
3748 | * If this is a LE only controller without a public address, default to | ||
3749 | * the static random address. | ||
3750 | * | ||
3751 | * For debugging purposes it is possible to force controllers with a | ||
3752 | * public address to use the static random address instead. | ||
3753 | */ | ||
3754 | void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr, | ||
3755 | u8 *bdaddr_type) | ||
3756 | { | ||
3757 | if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) || | ||
3758 | !bacmp(&hdev->bdaddr, BDADDR_ANY)) { | ||
3759 | bacpy(bdaddr, &hdev->static_addr); | ||
3760 | *bdaddr_type = ADDR_LE_DEV_RANDOM; | ||
3761 | } else { | ||
3762 | bacpy(bdaddr, &hdev->bdaddr); | ||
3763 | *bdaddr_type = ADDR_LE_DEV_PUBLIC; | ||
3764 | } | ||
3765 | } | ||
3766 | |||
2902 | /* Alloc HCI device */ | 3767 | /* Alloc HCI device */ |
2903 | struct hci_dev *hci_alloc_dev(void) | 3768 | struct hci_dev *hci_alloc_dev(void) |
2904 | { | 3769 | { |
@@ -2919,11 +3784,14 @@ struct hci_dev *hci_alloc_dev(void) | |||
2919 | hdev->sniff_max_interval = 800; | 3784 | hdev->sniff_max_interval = 800; |
2920 | hdev->sniff_min_interval = 80; | 3785 | hdev->sniff_min_interval = 80; |
2921 | 3786 | ||
3787 | hdev->le_adv_channel_map = 0x07; | ||
2922 | hdev->le_scan_interval = 0x0060; | 3788 | hdev->le_scan_interval = 0x0060; |
2923 | hdev->le_scan_window = 0x0030; | 3789 | hdev->le_scan_window = 0x0030; |
2924 | hdev->le_conn_min_interval = 0x0028; | 3790 | hdev->le_conn_min_interval = 0x0028; |
2925 | hdev->le_conn_max_interval = 0x0038; | 3791 | hdev->le_conn_max_interval = 0x0038; |
2926 | 3792 | ||
3793 | hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT; | ||
3794 | |||
2927 | mutex_init(&hdev->lock); | 3795 | mutex_init(&hdev->lock); |
2928 | mutex_init(&hdev->req_lock); | 3796 | mutex_init(&hdev->req_lock); |
2929 | 3797 | ||
@@ -2932,7 +3800,11 @@ struct hci_dev *hci_alloc_dev(void) | |||
2932 | INIT_LIST_HEAD(&hdev->uuids); | 3800 | INIT_LIST_HEAD(&hdev->uuids); |
2933 | INIT_LIST_HEAD(&hdev->link_keys); | 3801 | INIT_LIST_HEAD(&hdev->link_keys); |
2934 | INIT_LIST_HEAD(&hdev->long_term_keys); | 3802 | INIT_LIST_HEAD(&hdev->long_term_keys); |
3803 | INIT_LIST_HEAD(&hdev->identity_resolving_keys); | ||
2935 | INIT_LIST_HEAD(&hdev->remote_oob_data); | 3804 | INIT_LIST_HEAD(&hdev->remote_oob_data); |
3805 | INIT_LIST_HEAD(&hdev->le_white_list); | ||
3806 | INIT_LIST_HEAD(&hdev->le_conn_params); | ||
3807 | INIT_LIST_HEAD(&hdev->pend_le_conns); | ||
2936 | INIT_LIST_HEAD(&hdev->conn_hash.list); | 3808 | INIT_LIST_HEAD(&hdev->conn_hash.list); |
2937 | 3809 | ||
2938 | INIT_WORK(&hdev->rx_work, hci_rx_work); | 3810 | INIT_WORK(&hdev->rx_work, hci_rx_work); |
@@ -3017,9 +3889,18 @@ int hci_register_dev(struct hci_dev *hdev) | |||
3017 | 3889 | ||
3018 | dev_set_name(&hdev->dev, "%s", hdev->name); | 3890 | dev_set_name(&hdev->dev, "%s", hdev->name); |
3019 | 3891 | ||
3892 | hdev->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, | ||
3893 | CRYPTO_ALG_ASYNC); | ||
3894 | if (IS_ERR(hdev->tfm_aes)) { | ||
3895 | BT_ERR("Unable to create crypto context"); | ||
3896 | error = PTR_ERR(hdev->tfm_aes); | ||
3897 | hdev->tfm_aes = NULL; | ||
3898 | goto err_wqueue; | ||
3899 | } | ||
3900 | |||
3020 | error = device_add(&hdev->dev); | 3901 | error = device_add(&hdev->dev); |
3021 | if (error < 0) | 3902 | if (error < 0) |
3022 | goto err_wqueue; | 3903 | goto err_tfm; |
3023 | 3904 | ||
3024 | hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, | 3905 | hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev, |
3025 | RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, | 3906 | RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, |
@@ -3055,6 +3936,8 @@ int hci_register_dev(struct hci_dev *hdev) | |||
3055 | 3936 | ||
3056 | return id; | 3937 | return id; |
3057 | 3938 | ||
3939 | err_tfm: | ||
3940 | crypto_free_blkcipher(hdev->tfm_aes); | ||
3058 | err_wqueue: | 3941 | err_wqueue: |
3059 | destroy_workqueue(hdev->workqueue); | 3942 | destroy_workqueue(hdev->workqueue); |
3060 | destroy_workqueue(hdev->req_workqueue); | 3943 | destroy_workqueue(hdev->req_workqueue); |
@@ -3105,6 +3988,9 @@ void hci_unregister_dev(struct hci_dev *hdev) | |||
3105 | rfkill_destroy(hdev->rfkill); | 3988 | rfkill_destroy(hdev->rfkill); |
3106 | } | 3989 | } |
3107 | 3990 | ||
3991 | if (hdev->tfm_aes) | ||
3992 | crypto_free_blkcipher(hdev->tfm_aes); | ||
3993 | |||
3108 | device_del(&hdev->dev); | 3994 | device_del(&hdev->dev); |
3109 | 3995 | ||
3110 | debugfs_remove_recursive(hdev->debugfs); | 3996 | debugfs_remove_recursive(hdev->debugfs); |
@@ -3117,7 +4003,11 @@ void hci_unregister_dev(struct hci_dev *hdev) | |||
3117 | hci_uuids_clear(hdev); | 4003 | hci_uuids_clear(hdev); |
3118 | hci_link_keys_clear(hdev); | 4004 | hci_link_keys_clear(hdev); |
3119 | hci_smp_ltks_clear(hdev); | 4005 | hci_smp_ltks_clear(hdev); |
4006 | hci_smp_irks_clear(hdev); | ||
3120 | hci_remote_oob_data_clear(hdev); | 4007 | hci_remote_oob_data_clear(hdev); |
4008 | hci_white_list_clear(hdev); | ||
4009 | hci_conn_params_clear(hdev); | ||
4010 | hci_pend_le_conns_clear(hdev); | ||
3121 | hci_dev_unlock(hdev); | 4011 | hci_dev_unlock(hdev); |
3122 | 4012 | ||
3123 | hci_dev_put(hdev); | 4013 | hci_dev_put(hdev); |
@@ -4345,3 +5235,102 @@ static void hci_cmd_work(struct work_struct *work) | |||
4345 | } | 5235 | } |
4346 | } | 5236 | } |
4347 | } | 5237 | } |
5238 | |||
5239 | void hci_req_add_le_scan_disable(struct hci_request *req) | ||
5240 | { | ||
5241 | struct hci_cp_le_set_scan_enable cp; | ||
5242 | |||
5243 | memset(&cp, 0, sizeof(cp)); | ||
5244 | cp.enable = LE_SCAN_DISABLE; | ||
5245 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); | ||
5246 | } | ||
5247 | |||
5248 | void hci_req_add_le_passive_scan(struct hci_request *req) | ||
5249 | { | ||
5250 | struct hci_cp_le_set_scan_param param_cp; | ||
5251 | struct hci_cp_le_set_scan_enable enable_cp; | ||
5252 | struct hci_dev *hdev = req->hdev; | ||
5253 | u8 own_addr_type; | ||
5254 | |||
5255 | /* Set require_privacy to true to avoid identification from | ||
5256 | * unknown peer devices. Since this is passive scanning, no | ||
5257 | * SCAN_REQ using the local identity should be sent. Mandating | ||
5258 | * privacy is just an extra precaution. | ||
5259 | */ | ||
5260 | if (hci_update_random_address(req, true, &own_addr_type)) | ||
5261 | return; | ||
5262 | |||
5263 | memset(¶m_cp, 0, sizeof(param_cp)); | ||
5264 | param_cp.type = LE_SCAN_PASSIVE; | ||
5265 | param_cp.interval = cpu_to_le16(hdev->le_scan_interval); | ||
5266 | param_cp.window = cpu_to_le16(hdev->le_scan_window); | ||
5267 | param_cp.own_address_type = own_addr_type; | ||
5268 | hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), | ||
5269 | ¶m_cp); | ||
5270 | |||
5271 | memset(&enable_cp, 0, sizeof(enable_cp)); | ||
5272 | enable_cp.enable = LE_SCAN_ENABLE; | ||
5273 | enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE; | ||
5274 | hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), | ||
5275 | &enable_cp); | ||
5276 | } | ||
5277 | |||
5278 | static void update_background_scan_complete(struct hci_dev *hdev, u8 status) | ||
5279 | { | ||
5280 | if (status) | ||
5281 | BT_DBG("HCI request failed to update background scanning: " | ||
5282 | "status 0x%2.2x", status); | ||
5283 | } | ||
5284 | |||
5285 | /* This function controls the background scanning based on hdev->pend_le_conns | ||
5286 | * list. If there are pending LE connection we start the background scanning, | ||
5287 | * otherwise we stop it. | ||
5288 | * | ||
5289 | * This function requires the caller holds hdev->lock. | ||
5290 | */ | ||
5291 | void hci_update_background_scan(struct hci_dev *hdev) | ||
5292 | { | ||
5293 | struct hci_request req; | ||
5294 | struct hci_conn *conn; | ||
5295 | int err; | ||
5296 | |||
5297 | hci_req_init(&req, hdev); | ||
5298 | |||
5299 | if (list_empty(&hdev->pend_le_conns)) { | ||
5300 | /* If there is no pending LE connections, we should stop | ||
5301 | * the background scanning. | ||
5302 | */ | ||
5303 | |||
5304 | /* If controller is not scanning we are done. */ | ||
5305 | if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags)) | ||
5306 | return; | ||
5307 | |||
5308 | hci_req_add_le_scan_disable(&req); | ||
5309 | |||
5310 | BT_DBG("%s stopping background scanning", hdev->name); | ||
5311 | } else { | ||
5312 | /* If there is at least one pending LE connection, we should | ||
5313 | * keep the background scan running. | ||
5314 | */ | ||
5315 | |||
5316 | /* If controller is already scanning we are done. */ | ||
5317 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) | ||
5318 | return; | ||
5319 | |||
5320 | /* If controller is connecting, we should not start scanning | ||
5321 | * since some controllers are not able to scan and connect at | ||
5322 | * the same time. | ||
5323 | */ | ||
5324 | conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT); | ||
5325 | if (conn) | ||
5326 | return; | ||
5327 | |||
5328 | hci_req_add_le_passive_scan(&req); | ||
5329 | |||
5330 | BT_DBG("%s starting background scanning", hdev->name); | ||
5331 | } | ||
5332 | |||
5333 | err = hci_req_run(&req, update_background_scan_complete); | ||
5334 | if (err) | ||
5335 | BT_ERR("Failed to run HCI request: err %d", err); | ||
5336 | } | ||
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 5f812455a450..c3b0a08f5ab4 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -461,6 +461,34 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) | |||
461 | } | 461 | } |
462 | } | 462 | } |
463 | 463 | ||
464 | static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) | ||
465 | { | ||
466 | u8 status = *((u8 *) skb->data); | ||
467 | struct hci_cp_write_sc_support *sent; | ||
468 | |||
469 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
470 | |||
471 | sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SC_SUPPORT); | ||
472 | if (!sent) | ||
473 | return; | ||
474 | |||
475 | if (!status) { | ||
476 | if (sent->support) | ||
477 | hdev->features[1][0] |= LMP_HOST_SC; | ||
478 | else | ||
479 | hdev->features[1][0] &= ~LMP_HOST_SC; | ||
480 | } | ||
481 | |||
482 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) | ||
483 | mgmt_sc_enable_complete(hdev, sent->support, status); | ||
484 | else if (!status) { | ||
485 | if (sent->support) | ||
486 | set_bit(HCI_SC_ENABLED, &hdev->dev_flags); | ||
487 | else | ||
488 | clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); | ||
489 | } | ||
490 | } | ||
491 | |||
464 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) | 492 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) |
465 | { | 493 | { |
466 | struct hci_rp_read_local_version *rp = (void *) skb->data; | 494 | struct hci_rp_read_local_version *rp = (void *) skb->data; |
@@ -904,16 +932,50 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev, | |||
904 | hci_dev_unlock(hdev); | 932 | hci_dev_unlock(hdev); |
905 | } | 933 | } |
906 | 934 | ||
907 | static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev, | 935 | static void hci_cc_read_local_oob_data(struct hci_dev *hdev, |
908 | struct sk_buff *skb) | 936 | struct sk_buff *skb) |
909 | { | 937 | { |
910 | struct hci_rp_read_local_oob_data *rp = (void *) skb->data; | 938 | struct hci_rp_read_local_oob_data *rp = (void *) skb->data; |
911 | 939 | ||
912 | BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); | 940 | BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); |
913 | 941 | ||
914 | hci_dev_lock(hdev); | 942 | hci_dev_lock(hdev); |
915 | mgmt_read_local_oob_data_reply_complete(hdev, rp->hash, | 943 | mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer, |
916 | rp->randomizer, rp->status); | 944 | NULL, NULL, rp->status); |
945 | hci_dev_unlock(hdev); | ||
946 | } | ||
947 | |||
948 | static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev, | ||
949 | struct sk_buff *skb) | ||
950 | { | ||
951 | struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data; | ||
952 | |||
953 | BT_DBG("%s status 0x%2.2x", hdev->name, rp->status); | ||
954 | |||
955 | hci_dev_lock(hdev); | ||
956 | mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192, | ||
957 | rp->hash256, rp->randomizer256, | ||
958 | rp->status); | ||
959 | hci_dev_unlock(hdev); | ||
960 | } | ||
961 | |||
962 | |||
963 | static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb) | ||
964 | { | ||
965 | __u8 status = *((__u8 *) skb->data); | ||
966 | bdaddr_t *sent; | ||
967 | |||
968 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
969 | |||
970 | sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_RANDOM_ADDR); | ||
971 | if (!sent) | ||
972 | return; | ||
973 | |||
974 | hci_dev_lock(hdev); | ||
975 | |||
976 | if (!status) | ||
977 | bacpy(&hdev->random_addr, sent); | ||
978 | |||
917 | hci_dev_unlock(hdev); | 979 | hci_dev_unlock(hdev); |
918 | } | 980 | } |
919 | 981 | ||
@@ -929,12 +991,8 @@ static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb) | |||
929 | 991 | ||
930 | hci_dev_lock(hdev); | 992 | hci_dev_lock(hdev); |
931 | 993 | ||
932 | if (!status) { | 994 | if (!status) |
933 | if (*sent) | 995 | mgmt_advertising(hdev, *sent); |
934 | set_bit(HCI_ADVERTISING, &hdev->dev_flags); | ||
935 | else | ||
936 | clear_bit(HCI_ADVERTISING, &hdev->dev_flags); | ||
937 | } | ||
938 | 996 | ||
939 | hci_dev_unlock(hdev); | 997 | hci_dev_unlock(hdev); |
940 | } | 998 | } |
@@ -960,7 +1018,19 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
960 | break; | 1018 | break; |
961 | 1019 | ||
962 | case LE_SCAN_DISABLE: | 1020 | case LE_SCAN_DISABLE: |
1021 | /* Cancel this timer so that we don't try to disable scanning | ||
1022 | * when it's already disabled. | ||
1023 | */ | ||
1024 | cancel_delayed_work(&hdev->le_scan_disable); | ||
1025 | |||
963 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); | 1026 | clear_bit(HCI_LE_SCAN, &hdev->dev_flags); |
1027 | /* The HCI_LE_SCAN_INTERRUPTED flag indicates that we | ||
1028 | * interrupted scanning due to a connect request. Mark | ||
1029 | * therefore discovery as stopped. | ||
1030 | */ | ||
1031 | if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED, | ||
1032 | &hdev->dev_flags)) | ||
1033 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); | ||
964 | break; | 1034 | break; |
965 | 1035 | ||
966 | default: | 1036 | default: |
@@ -980,6 +1050,49 @@ static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, | |||
980 | hdev->le_white_list_size = rp->size; | 1050 | hdev->le_white_list_size = rp->size; |
981 | } | 1051 | } |
982 | 1052 | ||
1053 | static void hci_cc_le_clear_white_list(struct hci_dev *hdev, | ||
1054 | struct sk_buff *skb) | ||
1055 | { | ||
1056 | __u8 status = *((__u8 *) skb->data); | ||
1057 | |||
1058 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
1059 | |||
1060 | if (!status) | ||
1061 | hci_white_list_clear(hdev); | ||
1062 | } | ||
1063 | |||
1064 | static void hci_cc_le_add_to_white_list(struct hci_dev *hdev, | ||
1065 | struct sk_buff *skb) | ||
1066 | { | ||
1067 | struct hci_cp_le_add_to_white_list *sent; | ||
1068 | __u8 status = *((__u8 *) skb->data); | ||
1069 | |||
1070 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
1071 | |||
1072 | sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST); | ||
1073 | if (!sent) | ||
1074 | return; | ||
1075 | |||
1076 | if (!status) | ||
1077 | hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type); | ||
1078 | } | ||
1079 | |||
1080 | static void hci_cc_le_del_from_white_list(struct hci_dev *hdev, | ||
1081 | struct sk_buff *skb) | ||
1082 | { | ||
1083 | struct hci_cp_le_del_from_white_list *sent; | ||
1084 | __u8 status = *((__u8 *) skb->data); | ||
1085 | |||
1086 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
1087 | |||
1088 | sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST); | ||
1089 | if (!sent) | ||
1090 | return; | ||
1091 | |||
1092 | if (!status) | ||
1093 | hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type); | ||
1094 | } | ||
1095 | |||
983 | static void hci_cc_le_read_supported_states(struct hci_dev *hdev, | 1096 | static void hci_cc_le_read_supported_states(struct hci_dev *hdev, |
984 | struct sk_buff *skb) | 1097 | struct sk_buff *skb) |
985 | { | 1098 | { |
@@ -1020,6 +1133,25 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev, | |||
1020 | } | 1133 | } |
1021 | } | 1134 | } |
1022 | 1135 | ||
1136 | static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb) | ||
1137 | { | ||
1138 | struct hci_cp_le_set_adv_param *cp; | ||
1139 | u8 status = *((u8 *) skb->data); | ||
1140 | |||
1141 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
1142 | |||
1143 | if (status) | ||
1144 | return; | ||
1145 | |||
1146 | cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM); | ||
1147 | if (!cp) | ||
1148 | return; | ||
1149 | |||
1150 | hci_dev_lock(hdev); | ||
1151 | hdev->adv_addr_type = cp->own_address_type; | ||
1152 | hci_dev_unlock(hdev); | ||
1153 | } | ||
1154 | |||
1023 | static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev, | 1155 | static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev, |
1024 | struct sk_buff *skb) | 1156 | struct sk_buff *skb) |
1025 | { | 1157 | { |
@@ -1185,9 +1317,12 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev, | |||
1185 | return 0; | 1317 | return 0; |
1186 | 1318 | ||
1187 | /* Only request authentication for SSP connections or non-SSP | 1319 | /* Only request authentication for SSP connections or non-SSP |
1188 | * devices with sec_level HIGH or if MITM protection is requested */ | 1320 | * devices with sec_level MEDIUM or HIGH or if MITM protection |
1321 | * is requested. | ||
1322 | */ | ||
1189 | if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && | 1323 | if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) && |
1190 | conn->pending_sec_level != BT_SECURITY_HIGH) | 1324 | conn->pending_sec_level != BT_SECURITY_HIGH && |
1325 | conn->pending_sec_level != BT_SECURITY_MEDIUM) | ||
1191 | return 0; | 1326 | return 0; |
1192 | 1327 | ||
1193 | return 1; | 1328 | return 1; |
@@ -1518,6 +1653,57 @@ static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status) | |||
1518 | amp_write_remote_assoc(hdev, cp->phy_handle); | 1653 | amp_write_remote_assoc(hdev, cp->phy_handle); |
1519 | } | 1654 | } |
1520 | 1655 | ||
1656 | static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status) | ||
1657 | { | ||
1658 | struct hci_cp_le_create_conn *cp; | ||
1659 | struct hci_conn *conn; | ||
1660 | |||
1661 | BT_DBG("%s status 0x%2.2x", hdev->name, status); | ||
1662 | |||
1663 | /* All connection failure handling is taken care of by the | ||
1664 | * hci_le_conn_failed function which is triggered by the HCI | ||
1665 | * request completion callbacks used for connecting. | ||
1666 | */ | ||
1667 | if (status) | ||
1668 | return; | ||
1669 | |||
1670 | cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN); | ||
1671 | if (!cp) | ||
1672 | return; | ||
1673 | |||
1674 | hci_dev_lock(hdev); | ||
1675 | |||
1676 | conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr); | ||
1677 | if (!conn) | ||
1678 | goto unlock; | ||
1679 | |||
1680 | /* Store the initiator and responder address information which | ||
1681 | * is needed for SMP. These values will not change during the | ||
1682 | * lifetime of the connection. | ||
1683 | */ | ||
1684 | conn->init_addr_type = cp->own_address_type; | ||
1685 | if (cp->own_address_type == ADDR_LE_DEV_RANDOM) | ||
1686 | bacpy(&conn->init_addr, &hdev->random_addr); | ||
1687 | else | ||
1688 | bacpy(&conn->init_addr, &hdev->bdaddr); | ||
1689 | |||
1690 | conn->resp_addr_type = cp->peer_addr_type; | ||
1691 | bacpy(&conn->resp_addr, &cp->peer_addr); | ||
1692 | |||
1693 | /* We don't want the connection attempt to stick around | ||
1694 | * indefinitely since LE doesn't have a page timeout concept | ||
1695 | * like BR/EDR. Set a timer for any connection that doesn't use | ||
1696 | * the white list for connecting. | ||
1697 | */ | ||
1698 | if (cp->filter_policy == HCI_LE_USE_PEER_ADDR) | ||
1699 | queue_delayed_work(conn->hdev->workqueue, | ||
1700 | &conn->le_conn_timeout, | ||
1701 | HCI_LE_CONN_TIMEOUT); | ||
1702 | |||
1703 | unlock: | ||
1704 | hci_dev_unlock(hdev); | ||
1705 | } | ||
1706 | |||
1521 | static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | 1707 | static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) |
1522 | { | 1708 | { |
1523 | __u8 status = *((__u8 *) skb->data); | 1709 | __u8 status = *((__u8 *) skb->data); |
@@ -1659,7 +1845,7 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1659 | } else { | 1845 | } else { |
1660 | conn->state = BT_CLOSED; | 1846 | conn->state = BT_CLOSED; |
1661 | if (conn->type == ACL_LINK) | 1847 | if (conn->type == ACL_LINK) |
1662 | mgmt_connect_failed(hdev, &ev->bdaddr, conn->type, | 1848 | mgmt_connect_failed(hdev, &conn->dst, conn->type, |
1663 | conn->dst_type, ev->status); | 1849 | conn->dst_type, ev->status); |
1664 | } | 1850 | } |
1665 | 1851 | ||
@@ -1780,7 +1966,9 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1780 | { | 1966 | { |
1781 | struct hci_ev_disconn_complete *ev = (void *) skb->data; | 1967 | struct hci_ev_disconn_complete *ev = (void *) skb->data; |
1782 | u8 reason = hci_to_mgmt_reason(ev->reason); | 1968 | u8 reason = hci_to_mgmt_reason(ev->reason); |
1969 | struct hci_conn_params *params; | ||
1783 | struct hci_conn *conn; | 1970 | struct hci_conn *conn; |
1971 | bool mgmt_connected; | ||
1784 | u8 type; | 1972 | u8 type; |
1785 | 1973 | ||
1786 | BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); | 1974 | BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); |
@@ -1799,13 +1987,30 @@ static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1799 | 1987 | ||
1800 | conn->state = BT_CLOSED; | 1988 | conn->state = BT_CLOSED; |
1801 | 1989 | ||
1802 | if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) | 1990 | mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags); |
1803 | mgmt_device_disconnected(hdev, &conn->dst, conn->type, | 1991 | mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type, |
1804 | conn->dst_type, reason); | 1992 | reason, mgmt_connected); |
1805 | 1993 | ||
1806 | if (conn->type == ACL_LINK && conn->flush_key) | 1994 | if (conn->type == ACL_LINK && conn->flush_key) |
1807 | hci_remove_link_key(hdev, &conn->dst); | 1995 | hci_remove_link_key(hdev, &conn->dst); |
1808 | 1996 | ||
1997 | params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type); | ||
1998 | if (params) { | ||
1999 | switch (params->auto_connect) { | ||
2000 | case HCI_AUTO_CONN_LINK_LOSS: | ||
2001 | if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT) | ||
2002 | break; | ||
2003 | /* Fall through */ | ||
2004 | |||
2005 | case HCI_AUTO_CONN_ALWAYS: | ||
2006 | hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type); | ||
2007 | break; | ||
2008 | |||
2009 | default: | ||
2010 | break; | ||
2011 | } | ||
2012 | } | ||
2013 | |||
1809 | type = conn->type; | 2014 | type = conn->type; |
1810 | 2015 | ||
1811 | hci_proto_disconn_cfm(conn, ev->reason); | 2016 | hci_proto_disconn_cfm(conn, ev->reason); |
@@ -1943,35 +2148,46 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
1943 | hci_dev_lock(hdev); | 2148 | hci_dev_lock(hdev); |
1944 | 2149 | ||
1945 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); | 2150 | conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); |
1946 | if (conn) { | 2151 | if (!conn) |
1947 | if (!ev->status) { | 2152 | goto unlock; |
1948 | if (ev->encrypt) { | ||
1949 | /* Encryption implies authentication */ | ||
1950 | conn->link_mode |= HCI_LM_AUTH; | ||
1951 | conn->link_mode |= HCI_LM_ENCRYPT; | ||
1952 | conn->sec_level = conn->pending_sec_level; | ||
1953 | } else | ||
1954 | conn->link_mode &= ~HCI_LM_ENCRYPT; | ||
1955 | } | ||
1956 | 2153 | ||
1957 | clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); | 2154 | if (!ev->status) { |
2155 | if (ev->encrypt) { | ||
2156 | /* Encryption implies authentication */ | ||
2157 | conn->link_mode |= HCI_LM_AUTH; | ||
2158 | conn->link_mode |= HCI_LM_ENCRYPT; | ||
2159 | conn->sec_level = conn->pending_sec_level; | ||
1958 | 2160 | ||
1959 | if (ev->status && conn->state == BT_CONNECTED) { | 2161 | /* P-256 authentication key implies FIPS */ |
1960 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); | 2162 | if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256) |
1961 | hci_conn_drop(conn); | 2163 | conn->link_mode |= HCI_LM_FIPS; |
1962 | goto unlock; | 2164 | |
2165 | if ((conn->type == ACL_LINK && ev->encrypt == 0x02) || | ||
2166 | conn->type == LE_LINK) | ||
2167 | set_bit(HCI_CONN_AES_CCM, &conn->flags); | ||
2168 | } else { | ||
2169 | conn->link_mode &= ~HCI_LM_ENCRYPT; | ||
2170 | clear_bit(HCI_CONN_AES_CCM, &conn->flags); | ||
1963 | } | 2171 | } |
2172 | } | ||
1964 | 2173 | ||
1965 | if (conn->state == BT_CONFIG) { | 2174 | clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); |
1966 | if (!ev->status) | ||
1967 | conn->state = BT_CONNECTED; | ||
1968 | 2175 | ||
1969 | hci_proto_connect_cfm(conn, ev->status); | 2176 | if (ev->status && conn->state == BT_CONNECTED) { |
1970 | hci_conn_drop(conn); | 2177 | hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); |
1971 | } else | 2178 | hci_conn_drop(conn); |
1972 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); | 2179 | goto unlock; |
1973 | } | 2180 | } |
1974 | 2181 | ||
2182 | if (conn->state == BT_CONFIG) { | ||
2183 | if (!ev->status) | ||
2184 | conn->state = BT_CONNECTED; | ||
2185 | |||
2186 | hci_proto_connect_cfm(conn, ev->status); | ||
2187 | hci_conn_drop(conn); | ||
2188 | } else | ||
2189 | hci_encrypt_cfm(conn, ev->status, ev->encrypt); | ||
2190 | |||
1975 | unlock: | 2191 | unlock: |
1976 | hci_dev_unlock(hdev); | 2192 | hci_dev_unlock(hdev); |
1977 | } | 2193 | } |
@@ -2144,6 +2360,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2144 | hci_cc_write_ssp_mode(hdev, skb); | 2360 | hci_cc_write_ssp_mode(hdev, skb); |
2145 | break; | 2361 | break; |
2146 | 2362 | ||
2363 | case HCI_OP_WRITE_SC_SUPPORT: | ||
2364 | hci_cc_write_sc_support(hdev, skb); | ||
2365 | break; | ||
2366 | |||
2147 | case HCI_OP_READ_LOCAL_VERSION: | 2367 | case HCI_OP_READ_LOCAL_VERSION: |
2148 | hci_cc_read_local_version(hdev, skb); | 2368 | hci_cc_read_local_version(hdev, skb); |
2149 | break; | 2369 | break; |
@@ -2213,7 +2433,11 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2213 | break; | 2433 | break; |
2214 | 2434 | ||
2215 | case HCI_OP_READ_LOCAL_OOB_DATA: | 2435 | case HCI_OP_READ_LOCAL_OOB_DATA: |
2216 | hci_cc_read_local_oob_data_reply(hdev, skb); | 2436 | hci_cc_read_local_oob_data(hdev, skb); |
2437 | break; | ||
2438 | |||
2439 | case HCI_OP_READ_LOCAL_OOB_EXT_DATA: | ||
2440 | hci_cc_read_local_oob_ext_data(hdev, skb); | ||
2217 | break; | 2441 | break; |
2218 | 2442 | ||
2219 | case HCI_OP_LE_READ_BUFFER_SIZE: | 2443 | case HCI_OP_LE_READ_BUFFER_SIZE: |
@@ -2244,6 +2468,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2244 | hci_cc_user_passkey_neg_reply(hdev, skb); | 2468 | hci_cc_user_passkey_neg_reply(hdev, skb); |
2245 | break; | 2469 | break; |
2246 | 2470 | ||
2471 | case HCI_OP_LE_SET_RANDOM_ADDR: | ||
2472 | hci_cc_le_set_random_addr(hdev, skb); | ||
2473 | break; | ||
2474 | |||
2247 | case HCI_OP_LE_SET_ADV_ENABLE: | 2475 | case HCI_OP_LE_SET_ADV_ENABLE: |
2248 | hci_cc_le_set_adv_enable(hdev, skb); | 2476 | hci_cc_le_set_adv_enable(hdev, skb); |
2249 | break; | 2477 | break; |
@@ -2256,6 +2484,18 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2256 | hci_cc_le_read_white_list_size(hdev, skb); | 2484 | hci_cc_le_read_white_list_size(hdev, skb); |
2257 | break; | 2485 | break; |
2258 | 2486 | ||
2487 | case HCI_OP_LE_CLEAR_WHITE_LIST: | ||
2488 | hci_cc_le_clear_white_list(hdev, skb); | ||
2489 | break; | ||
2490 | |||
2491 | case HCI_OP_LE_ADD_TO_WHITE_LIST: | ||
2492 | hci_cc_le_add_to_white_list(hdev, skb); | ||
2493 | break; | ||
2494 | |||
2495 | case HCI_OP_LE_DEL_FROM_WHITE_LIST: | ||
2496 | hci_cc_le_del_from_white_list(hdev, skb); | ||
2497 | break; | ||
2498 | |||
2259 | case HCI_OP_LE_READ_SUPPORTED_STATES: | 2499 | case HCI_OP_LE_READ_SUPPORTED_STATES: |
2260 | hci_cc_le_read_supported_states(hdev, skb); | 2500 | hci_cc_le_read_supported_states(hdev, skb); |
2261 | break; | 2501 | break; |
@@ -2264,6 +2504,10 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2264 | hci_cc_write_le_host_supported(hdev, skb); | 2504 | hci_cc_write_le_host_supported(hdev, skb); |
2265 | break; | 2505 | break; |
2266 | 2506 | ||
2507 | case HCI_OP_LE_SET_ADV_PARAM: | ||
2508 | hci_cc_set_adv_param(hdev, skb); | ||
2509 | break; | ||
2510 | |||
2267 | case HCI_OP_WRITE_REMOTE_AMP_ASSOC: | 2511 | case HCI_OP_WRITE_REMOTE_AMP_ASSOC: |
2268 | hci_cc_write_remote_amp_assoc(hdev, skb); | 2512 | hci_cc_write_remote_amp_assoc(hdev, skb); |
2269 | break; | 2513 | break; |
@@ -2351,6 +2595,10 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2351 | hci_cs_accept_phylink(hdev, ev->status); | 2595 | hci_cs_accept_phylink(hdev, ev->status); |
2352 | break; | 2596 | break; |
2353 | 2597 | ||
2598 | case HCI_OP_LE_CREATE_CONN: | ||
2599 | hci_cs_le_create_conn(hdev, ev->status); | ||
2600 | break; | ||
2601 | |||
2354 | default: | 2602 | default: |
2355 | BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); | 2603 | BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode); |
2356 | break; | 2604 | break; |
@@ -2630,7 +2878,8 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
2630 | 2878 | ||
2631 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); | 2879 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); |
2632 | if (conn) { | 2880 | if (conn) { |
2633 | if (key->type == HCI_LK_UNAUTH_COMBINATION && | 2881 | if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 || |
2882 | key->type == HCI_LK_UNAUTH_COMBINATION_P256) && | ||
2634 | conn->auth_type != 0xff && (conn->auth_type & 0x01)) { | 2883 | conn->auth_type != 0xff && (conn->auth_type & 0x01)) { |
2635 | BT_DBG("%s ignoring unauthenticated key", hdev->name); | 2884 | BT_DBG("%s ignoring unauthenticated key", hdev->name); |
2636 | goto not_found; | 2885 | goto not_found; |
@@ -2844,6 +3093,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, | |||
2844 | * features do not indicate SSP support */ | 3093 | * features do not indicate SSP support */ |
2845 | clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); | 3094 | clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags); |
2846 | } | 3095 | } |
3096 | |||
3097 | if (ev->features[0] & LMP_HOST_SC) | ||
3098 | set_bit(HCI_CONN_SC_ENABLED, &conn->flags); | ||
2847 | } | 3099 | } |
2848 | 3100 | ||
2849 | if (conn->state != BT_CONFIG) | 3101 | if (conn->state != BT_CONFIG) |
@@ -3337,20 +3589,36 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev, | |||
3337 | 3589 | ||
3338 | data = hci_find_remote_oob_data(hdev, &ev->bdaddr); | 3590 | data = hci_find_remote_oob_data(hdev, &ev->bdaddr); |
3339 | if (data) { | 3591 | if (data) { |
3340 | struct hci_cp_remote_oob_data_reply cp; | 3592 | if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) { |
3593 | struct hci_cp_remote_oob_ext_data_reply cp; | ||
3341 | 3594 | ||
3342 | bacpy(&cp.bdaddr, &ev->bdaddr); | 3595 | bacpy(&cp.bdaddr, &ev->bdaddr); |
3343 | memcpy(cp.hash, data->hash, sizeof(cp.hash)); | 3596 | memcpy(cp.hash192, data->hash192, sizeof(cp.hash192)); |
3344 | memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer)); | 3597 | memcpy(cp.randomizer192, data->randomizer192, |
3598 | sizeof(cp.randomizer192)); | ||
3599 | memcpy(cp.hash256, data->hash256, sizeof(cp.hash256)); | ||
3600 | memcpy(cp.randomizer256, data->randomizer256, | ||
3601 | sizeof(cp.randomizer256)); | ||
3602 | |||
3603 | hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY, | ||
3604 | sizeof(cp), &cp); | ||
3605 | } else { | ||
3606 | struct hci_cp_remote_oob_data_reply cp; | ||
3607 | |||
3608 | bacpy(&cp.bdaddr, &ev->bdaddr); | ||
3609 | memcpy(cp.hash, data->hash192, sizeof(cp.hash)); | ||
3610 | memcpy(cp.randomizer, data->randomizer192, | ||
3611 | sizeof(cp.randomizer)); | ||
3345 | 3612 | ||
3346 | hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp), | 3613 | hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, |
3347 | &cp); | 3614 | sizeof(cp), &cp); |
3615 | } | ||
3348 | } else { | 3616 | } else { |
3349 | struct hci_cp_remote_oob_data_neg_reply cp; | 3617 | struct hci_cp_remote_oob_data_neg_reply cp; |
3350 | 3618 | ||
3351 | bacpy(&cp.bdaddr, &ev->bdaddr); | 3619 | bacpy(&cp.bdaddr, &ev->bdaddr); |
3352 | hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp), | 3620 | hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, |
3353 | &cp); | 3621 | sizeof(cp), &cp); |
3354 | } | 3622 | } |
3355 | 3623 | ||
3356 | unlock: | 3624 | unlock: |
@@ -3484,6 +3752,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3484 | { | 3752 | { |
3485 | struct hci_ev_le_conn_complete *ev = (void *) skb->data; | 3753 | struct hci_ev_le_conn_complete *ev = (void *) skb->data; |
3486 | struct hci_conn *conn; | 3754 | struct hci_conn *conn; |
3755 | struct smp_irk *irk; | ||
3487 | 3756 | ||
3488 | BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); | 3757 | BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); |
3489 | 3758 | ||
@@ -3514,19 +3783,70 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3514 | conn->out = true; | 3783 | conn->out = true; |
3515 | conn->link_mode |= HCI_LM_MASTER; | 3784 | conn->link_mode |= HCI_LM_MASTER; |
3516 | } | 3785 | } |
3786 | |||
3787 | /* If we didn't have a hci_conn object previously | ||
3788 | * but we're in master role this must be something | ||
3789 | * initiated using a white list. Since white list based | ||
3790 | * connections are not "first class citizens" we don't | ||
3791 | * have full tracking of them. Therefore, we go ahead | ||
3792 | * with a "best effort" approach of determining the | ||
3793 | * initiator address based on the HCI_PRIVACY flag. | ||
3794 | */ | ||
3795 | if (conn->out) { | ||
3796 | conn->resp_addr_type = ev->bdaddr_type; | ||
3797 | bacpy(&conn->resp_addr, &ev->bdaddr); | ||
3798 | if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) { | ||
3799 | conn->init_addr_type = ADDR_LE_DEV_RANDOM; | ||
3800 | bacpy(&conn->init_addr, &hdev->rpa); | ||
3801 | } else { | ||
3802 | hci_copy_identity_address(hdev, | ||
3803 | &conn->init_addr, | ||
3804 | &conn->init_addr_type); | ||
3805 | } | ||
3806 | } else { | ||
3807 | /* Set the responder (our side) address type based on | ||
3808 | * the advertising address type. | ||
3809 | */ | ||
3810 | conn->resp_addr_type = hdev->adv_addr_type; | ||
3811 | if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) | ||
3812 | bacpy(&conn->resp_addr, &hdev->random_addr); | ||
3813 | else | ||
3814 | bacpy(&conn->resp_addr, &hdev->bdaddr); | ||
3815 | |||
3816 | conn->init_addr_type = ev->bdaddr_type; | ||
3817 | bacpy(&conn->init_addr, &ev->bdaddr); | ||
3818 | } | ||
3819 | } else { | ||
3820 | cancel_delayed_work(&conn->le_conn_timeout); | ||
3821 | } | ||
3822 | |||
3823 | /* Ensure that the hci_conn contains the identity address type | ||
3824 | * regardless of which address the connection was made with. | ||
3825 | */ | ||
3826 | hci_copy_identity_address(hdev, &conn->src, &conn->src_type); | ||
3827 | |||
3828 | /* Lookup the identity address from the stored connection | ||
3829 | * address and address type. | ||
3830 | * | ||
3831 | * When establishing connections to an identity address, the | ||
3832 | * connection procedure will store the resolvable random | ||
3833 | * address first. Now if it can be converted back into the | ||
3834 | * identity address, start using the identity address from | ||
3835 | * now on. | ||
3836 | */ | ||
3837 | irk = hci_get_irk(hdev, &conn->dst, conn->dst_type); | ||
3838 | if (irk) { | ||
3839 | bacpy(&conn->dst, &irk->bdaddr); | ||
3840 | conn->dst_type = irk->addr_type; | ||
3517 | } | 3841 | } |
3518 | 3842 | ||
3519 | if (ev->status) { | 3843 | if (ev->status) { |
3520 | mgmt_connect_failed(hdev, &conn->dst, conn->type, | 3844 | hci_le_conn_failed(conn, ev->status); |
3521 | conn->dst_type, ev->status); | ||
3522 | hci_proto_connect_cfm(conn, ev->status); | ||
3523 | conn->state = BT_CLOSED; | ||
3524 | hci_conn_del(conn); | ||
3525 | goto unlock; | 3845 | goto unlock; |
3526 | } | 3846 | } |
3527 | 3847 | ||
3528 | if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) | 3848 | if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) |
3529 | mgmt_device_connected(hdev, &ev->bdaddr, conn->type, | 3849 | mgmt_device_connected(hdev, &conn->dst, conn->type, |
3530 | conn->dst_type, 0, NULL, 0, NULL); | 3850 | conn->dst_type, 0, NULL, 0, NULL); |
3531 | 3851 | ||
3532 | conn->sec_level = BT_SECURITY_LOW; | 3852 | conn->sec_level = BT_SECURITY_LOW; |
@@ -3540,25 +3860,73 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3540 | 3860 | ||
3541 | hci_proto_connect_cfm(conn, ev->status); | 3861 | hci_proto_connect_cfm(conn, ev->status); |
3542 | 3862 | ||
3863 | hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type); | ||
3864 | |||
3543 | unlock: | 3865 | unlock: |
3544 | hci_dev_unlock(hdev); | 3866 | hci_dev_unlock(hdev); |
3545 | } | 3867 | } |
3546 | 3868 | ||
3869 | /* This function requires the caller holds hdev->lock */ | ||
3870 | static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, | ||
3871 | u8 addr_type) | ||
3872 | { | ||
3873 | struct hci_conn *conn; | ||
3874 | struct smp_irk *irk; | ||
3875 | |||
3876 | /* If this is a resolvable address, we should resolve it and then | ||
3877 | * update address and address type variables. | ||
3878 | */ | ||
3879 | irk = hci_get_irk(hdev, addr, addr_type); | ||
3880 | if (irk) { | ||
3881 | addr = &irk->bdaddr; | ||
3882 | addr_type = irk->addr_type; | ||
3883 | } | ||
3884 | |||
3885 | if (!hci_pend_le_conn_lookup(hdev, addr, addr_type)) | ||
3886 | return; | ||
3887 | |||
3888 | conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, | ||
3889 | HCI_AT_NO_BONDING); | ||
3890 | if (!IS_ERR(conn)) | ||
3891 | return; | ||
3892 | |||
3893 | switch (PTR_ERR(conn)) { | ||
3894 | case -EBUSY: | ||
3895 | /* If hci_connect() returns -EBUSY it means there is already | ||
3896 | * an LE connection attempt going on. Since controllers don't | ||
3897 | * support more than one connection attempt at the time, we | ||
3898 | * don't consider this an error case. | ||
3899 | */ | ||
3900 | break; | ||
3901 | default: | ||
3902 | BT_DBG("Failed to connect: err %ld", PTR_ERR(conn)); | ||
3903 | } | ||
3904 | } | ||
3905 | |||
3547 | static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) | 3906 | static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) |
3548 | { | 3907 | { |
3549 | u8 num_reports = skb->data[0]; | 3908 | u8 num_reports = skb->data[0]; |
3550 | void *ptr = &skb->data[1]; | 3909 | void *ptr = &skb->data[1]; |
3551 | s8 rssi; | 3910 | s8 rssi; |
3552 | 3911 | ||
3912 | hci_dev_lock(hdev); | ||
3913 | |||
3553 | while (num_reports--) { | 3914 | while (num_reports--) { |
3554 | struct hci_ev_le_advertising_info *ev = ptr; | 3915 | struct hci_ev_le_advertising_info *ev = ptr; |
3555 | 3916 | ||
3917 | if (ev->evt_type == LE_ADV_IND || | ||
3918 | ev->evt_type == LE_ADV_DIRECT_IND) | ||
3919 | check_pending_le_conn(hdev, &ev->bdaddr, | ||
3920 | ev->bdaddr_type); | ||
3921 | |||
3556 | rssi = ev->data[ev->length]; | 3922 | rssi = ev->data[ev->length]; |
3557 | mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type, | 3923 | mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type, |
3558 | NULL, rssi, 0, 1, ev->data, ev->length); | 3924 | NULL, rssi, 0, 1, ev->data, ev->length); |
3559 | 3925 | ||
3560 | ptr += sizeof(*ev) + ev->length + 1; | 3926 | ptr += sizeof(*ev) + ev->length + 1; |
3561 | } | 3927 | } |
3928 | |||
3929 | hci_dev_unlock(hdev); | ||
3562 | } | 3930 | } |
3563 | 3931 | ||
3564 | static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | 3932 | static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) |
@@ -3577,7 +3945,7 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
3577 | if (conn == NULL) | 3945 | if (conn == NULL) |
3578 | goto not_found; | 3946 | goto not_found; |
3579 | 3947 | ||
3580 | ltk = hci_find_ltk(hdev, ev->ediv, ev->random); | 3948 | ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out); |
3581 | if (ltk == NULL) | 3949 | if (ltk == NULL) |
3582 | goto not_found; | 3950 | goto not_found; |
3583 | 3951 | ||
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 7552f9e3089c..68e51a84e72d 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
@@ -716,6 +716,7 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, | |||
716 | err = hci_dev_open(hdev->id); | 716 | err = hci_dev_open(hdev->id); |
717 | if (err) { | 717 | if (err) { |
718 | clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags); | 718 | clear_bit(HCI_USER_CHANNEL, &hdev->dev_flags); |
719 | mgmt_index_added(hdev); | ||
719 | hci_dev_put(hdev); | 720 | hci_dev_put(hdev); |
720 | goto done; | 721 | goto done; |
721 | } | 722 | } |
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index 0b61250cfdf9..555982a78a58 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c | |||
@@ -49,14 +49,7 @@ static struct attribute *bt_link_attrs[] = { | |||
49 | NULL | 49 | NULL |
50 | }; | 50 | }; |
51 | 51 | ||
52 | static struct attribute_group bt_link_group = { | 52 | ATTRIBUTE_GROUPS(bt_link); |
53 | .attrs = bt_link_attrs, | ||
54 | }; | ||
55 | |||
56 | static const struct attribute_group *bt_link_groups[] = { | ||
57 | &bt_link_group, | ||
58 | NULL | ||
59 | }; | ||
60 | 53 | ||
61 | static void bt_link_release(struct device *dev) | 54 | static void bt_link_release(struct device *dev) |
62 | { | 55 | { |
@@ -182,14 +175,7 @@ static struct attribute *bt_host_attrs[] = { | |||
182 | NULL | 175 | NULL |
183 | }; | 176 | }; |
184 | 177 | ||
185 | static struct attribute_group bt_host_group = { | 178 | ATTRIBUTE_GROUPS(bt_host); |
186 | .attrs = bt_host_attrs, | ||
187 | }; | ||
188 | |||
189 | static const struct attribute_group *bt_host_groups[] = { | ||
190 | &bt_host_group, | ||
191 | NULL | ||
192 | }; | ||
193 | 179 | ||
194 | static void bt_host_release(struct device *dev) | 180 | static void bt_host_release(struct device *dev) |
195 | { | 181 | { |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index b0ad2c752d73..9ed2168fa59f 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
@@ -42,6 +42,8 @@ | |||
42 | #include "amp.h" | 42 | #include "amp.h" |
43 | #include "6lowpan.h" | 43 | #include "6lowpan.h" |
44 | 44 | ||
45 | #define LE_FLOWCTL_MAX_CREDITS 65535 | ||
46 | |||
45 | bool disable_ertm; | 47 | bool disable_ertm; |
46 | 48 | ||
47 | static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD; | 49 | static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD; |
@@ -330,44 +332,20 @@ static inline bool l2cap_seq_list_contains(struct l2cap_seq_list *seq_list, | |||
330 | return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR; | 332 | return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR; |
331 | } | 333 | } |
332 | 334 | ||
333 | static u16 l2cap_seq_list_remove(struct l2cap_seq_list *seq_list, u16 seq) | 335 | static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list) |
334 | { | 336 | { |
337 | u16 seq = seq_list->head; | ||
335 | u16 mask = seq_list->mask; | 338 | u16 mask = seq_list->mask; |
336 | 339 | ||
337 | if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) { | 340 | seq_list->head = seq_list->list[seq & mask]; |
338 | /* In case someone tries to pop the head of an empty list */ | 341 | seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR; |
339 | return L2CAP_SEQ_LIST_CLEAR; | ||
340 | } else if (seq_list->head == seq) { | ||
341 | /* Head can be removed in constant time */ | ||
342 | seq_list->head = seq_list->list[seq & mask]; | ||
343 | seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR; | ||
344 | |||
345 | if (seq_list->head == L2CAP_SEQ_LIST_TAIL) { | ||
346 | seq_list->head = L2CAP_SEQ_LIST_CLEAR; | ||
347 | seq_list->tail = L2CAP_SEQ_LIST_CLEAR; | ||
348 | } | ||
349 | } else { | ||
350 | /* Walk the list to find the sequence number */ | ||
351 | u16 prev = seq_list->head; | ||
352 | while (seq_list->list[prev & mask] != seq) { | ||
353 | prev = seq_list->list[prev & mask]; | ||
354 | if (prev == L2CAP_SEQ_LIST_TAIL) | ||
355 | return L2CAP_SEQ_LIST_CLEAR; | ||
356 | } | ||
357 | 342 | ||
358 | /* Unlink the number from the list and clear it */ | 343 | if (seq_list->head == L2CAP_SEQ_LIST_TAIL) { |
359 | seq_list->list[prev & mask] = seq_list->list[seq & mask]; | 344 | seq_list->head = L2CAP_SEQ_LIST_CLEAR; |
360 | seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR; | 345 | seq_list->tail = L2CAP_SEQ_LIST_CLEAR; |
361 | if (seq_list->tail == seq) | ||
362 | seq_list->tail = prev; | ||
363 | } | 346 | } |
364 | return seq; | ||
365 | } | ||
366 | 347 | ||
367 | static inline u16 l2cap_seq_list_pop(struct l2cap_seq_list *seq_list) | 348 | return seq; |
368 | { | ||
369 | /* Remove the head in constant time */ | ||
370 | return l2cap_seq_list_remove(seq_list, seq_list->head); | ||
371 | } | 349 | } |
372 | 350 | ||
373 | static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list) | 351 | static void l2cap_seq_list_clear(struct l2cap_seq_list *seq_list) |
@@ -506,7 +484,7 @@ static void l2cap_le_flowctl_init(struct l2cap_chan *chan) | |||
506 | chan->sdu_len = 0; | 484 | chan->sdu_len = 0; |
507 | chan->tx_credits = 0; | 485 | chan->tx_credits = 0; |
508 | chan->rx_credits = le_max_credits; | 486 | chan->rx_credits = le_max_credits; |
509 | chan->mps = min_t(u16, chan->imtu, L2CAP_LE_DEFAULT_MPS); | 487 | chan->mps = min_t(u16, chan->imtu, le_default_mps); |
510 | 488 | ||
511 | skb_queue_head_init(&chan->tx_q); | 489 | skb_queue_head_init(&chan->tx_q); |
512 | } | 490 | } |
@@ -522,18 +500,10 @@ void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | |||
522 | 500 | ||
523 | switch (chan->chan_type) { | 501 | switch (chan->chan_type) { |
524 | case L2CAP_CHAN_CONN_ORIENTED: | 502 | case L2CAP_CHAN_CONN_ORIENTED: |
525 | if (conn->hcon->type == LE_LINK) { | 503 | /* Alloc CID for connection-oriented socket */ |
526 | if (chan->dcid == L2CAP_CID_ATT) { | 504 | chan->scid = l2cap_alloc_cid(conn); |
527 | chan->omtu = L2CAP_DEFAULT_MTU; | 505 | if (conn->hcon->type == ACL_LINK) |
528 | chan->scid = L2CAP_CID_ATT; | ||
529 | } else { | ||
530 | chan->scid = l2cap_alloc_cid(conn); | ||
531 | } | ||
532 | } else { | ||
533 | /* Alloc CID for connection-oriented socket */ | ||
534 | chan->scid = l2cap_alloc_cid(conn); | ||
535 | chan->omtu = L2CAP_DEFAULT_MTU; | 506 | chan->omtu = L2CAP_DEFAULT_MTU; |
536 | } | ||
537 | break; | 507 | break; |
538 | 508 | ||
539 | case L2CAP_CHAN_CONN_LESS: | 509 | case L2CAP_CHAN_CONN_LESS: |
@@ -543,11 +513,8 @@ void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan) | |||
543 | chan->omtu = L2CAP_DEFAULT_MTU; | 513 | chan->omtu = L2CAP_DEFAULT_MTU; |
544 | break; | 514 | break; |
545 | 515 | ||
546 | case L2CAP_CHAN_CONN_FIX_A2MP: | 516 | case L2CAP_CHAN_FIXED: |
547 | chan->scid = L2CAP_CID_A2MP; | 517 | /* Caller will set CID and CID specific MTU values */ |
548 | chan->dcid = L2CAP_CID_A2MP; | ||
549 | chan->omtu = L2CAP_A2MP_DEFAULT_MTU; | ||
550 | chan->imtu = L2CAP_A2MP_DEFAULT_MTU; | ||
551 | break; | 518 | break; |
552 | 519 | ||
553 | default: | 520 | default: |
@@ -595,7 +562,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
595 | 562 | ||
596 | chan->conn = NULL; | 563 | chan->conn = NULL; |
597 | 564 | ||
598 | if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) | 565 | if (chan->scid != L2CAP_CID_A2MP) |
599 | hci_conn_drop(conn->hcon); | 566 | hci_conn_drop(conn->hcon); |
600 | 567 | ||
601 | if (mgr && mgr->bredr_chan == chan) | 568 | if (mgr && mgr->bredr_chan == chan) |
@@ -642,6 +609,23 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err) | |||
642 | return; | 609 | return; |
643 | } | 610 | } |
644 | 611 | ||
612 | void l2cap_conn_update_id_addr(struct hci_conn *hcon) | ||
613 | { | ||
614 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
615 | struct l2cap_chan *chan; | ||
616 | |||
617 | mutex_lock(&conn->chan_lock); | ||
618 | |||
619 | list_for_each_entry(chan, &conn->chan_l, list) { | ||
620 | l2cap_chan_lock(chan); | ||
621 | bacpy(&chan->dst, &hcon->dst); | ||
622 | chan->dst_type = bdaddr_type(hcon, hcon->dst_type); | ||
623 | l2cap_chan_unlock(chan); | ||
624 | } | ||
625 | |||
626 | mutex_unlock(&conn->chan_lock); | ||
627 | } | ||
628 | |||
645 | static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan) | 629 | static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan) |
646 | { | 630 | { |
647 | struct l2cap_conn *conn = chan->conn; | 631 | struct l2cap_conn *conn = chan->conn; |
@@ -699,10 +683,7 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason) | |||
699 | 683 | ||
700 | case BT_CONNECTED: | 684 | case BT_CONNECTED: |
701 | case BT_CONFIG: | 685 | case BT_CONFIG: |
702 | /* ATT uses L2CAP_CHAN_CONN_ORIENTED so we must also | 686 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { |
703 | * check for chan->psm. | ||
704 | */ | ||
705 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && chan->psm) { | ||
706 | __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); | 687 | __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); |
707 | l2cap_send_disconn_req(chan, reason); | 688 | l2cap_send_disconn_req(chan, reason); |
708 | } else | 689 | } else |
@@ -737,6 +718,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | |||
737 | case L2CAP_CHAN_RAW: | 718 | case L2CAP_CHAN_RAW: |
738 | switch (chan->sec_level) { | 719 | switch (chan->sec_level) { |
739 | case BT_SECURITY_HIGH: | 720 | case BT_SECURITY_HIGH: |
721 | case BT_SECURITY_FIPS: | ||
740 | return HCI_AT_DEDICATED_BONDING_MITM; | 722 | return HCI_AT_DEDICATED_BONDING_MITM; |
741 | case BT_SECURITY_MEDIUM: | 723 | case BT_SECURITY_MEDIUM: |
742 | return HCI_AT_DEDICATED_BONDING; | 724 | return HCI_AT_DEDICATED_BONDING; |
@@ -749,7 +731,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | |||
749 | if (chan->sec_level == BT_SECURITY_LOW) | 731 | if (chan->sec_level == BT_SECURITY_LOW) |
750 | chan->sec_level = BT_SECURITY_SDP; | 732 | chan->sec_level = BT_SECURITY_SDP; |
751 | } | 733 | } |
752 | if (chan->sec_level == BT_SECURITY_HIGH) | 734 | if (chan->sec_level == BT_SECURITY_HIGH || |
735 | chan->sec_level == BT_SECURITY_FIPS) | ||
753 | return HCI_AT_NO_BONDING_MITM; | 736 | return HCI_AT_NO_BONDING_MITM; |
754 | else | 737 | else |
755 | return HCI_AT_NO_BONDING; | 738 | return HCI_AT_NO_BONDING; |
@@ -759,7 +742,8 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | |||
759 | if (chan->sec_level == BT_SECURITY_LOW) | 742 | if (chan->sec_level == BT_SECURITY_LOW) |
760 | chan->sec_level = BT_SECURITY_SDP; | 743 | chan->sec_level = BT_SECURITY_SDP; |
761 | 744 | ||
762 | if (chan->sec_level == BT_SECURITY_HIGH) | 745 | if (chan->sec_level == BT_SECURITY_HIGH || |
746 | chan->sec_level == BT_SECURITY_FIPS) | ||
763 | return HCI_AT_NO_BONDING_MITM; | 747 | return HCI_AT_NO_BONDING_MITM; |
764 | else | 748 | else |
765 | return HCI_AT_NO_BONDING; | 749 | return HCI_AT_NO_BONDING; |
@@ -768,6 +752,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) | |||
768 | default: | 752 | default: |
769 | switch (chan->sec_level) { | 753 | switch (chan->sec_level) { |
770 | case BT_SECURITY_HIGH: | 754 | case BT_SECURITY_HIGH: |
755 | case BT_SECURITY_FIPS: | ||
771 | return HCI_AT_GENERAL_BONDING_MITM; | 756 | return HCI_AT_GENERAL_BONDING_MITM; |
772 | case BT_SECURITY_MEDIUM: | 757 | case BT_SECURITY_MEDIUM: |
773 | return HCI_AT_GENERAL_BONDING; | 758 | return HCI_AT_GENERAL_BONDING; |
@@ -1330,7 +1315,7 @@ static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err) | |||
1330 | __clear_ack_timer(chan); | 1315 | __clear_ack_timer(chan); |
1331 | } | 1316 | } |
1332 | 1317 | ||
1333 | if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { | 1318 | if (chan->scid == L2CAP_CID_A2MP) { |
1334 | l2cap_state_change(chan, BT_DISCONN); | 1319 | l2cap_state_change(chan, BT_DISCONN); |
1335 | return; | 1320 | return; |
1336 | } | 1321 | } |
@@ -1493,8 +1478,6 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn) | |||
1493 | if (!chan) | 1478 | if (!chan) |
1494 | goto clean; | 1479 | goto clean; |
1495 | 1480 | ||
1496 | chan->dcid = L2CAP_CID_ATT; | ||
1497 | |||
1498 | bacpy(&chan->src, &hcon->src); | 1481 | bacpy(&chan->src, &hcon->src); |
1499 | bacpy(&chan->dst, &hcon->dst); | 1482 | bacpy(&chan->dst, &hcon->dst); |
1500 | chan->src_type = bdaddr_type(hcon, hcon->src_type); | 1483 | chan->src_type = bdaddr_type(hcon, hcon->src_type); |
@@ -1528,7 +1511,7 @@ static void l2cap_conn_ready(struct l2cap_conn *conn) | |||
1528 | 1511 | ||
1529 | l2cap_chan_lock(chan); | 1512 | l2cap_chan_lock(chan); |
1530 | 1513 | ||
1531 | if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { | 1514 | if (chan->scid == L2CAP_CID_A2MP) { |
1532 | l2cap_chan_unlock(chan); | 1515 | l2cap_chan_unlock(chan); |
1533 | continue; | 1516 | continue; |
1534 | } | 1517 | } |
@@ -1546,6 +1529,8 @@ static void l2cap_conn_ready(struct l2cap_conn *conn) | |||
1546 | } | 1529 | } |
1547 | 1530 | ||
1548 | mutex_unlock(&conn->chan_lock); | 1531 | mutex_unlock(&conn->chan_lock); |
1532 | |||
1533 | queue_work(hcon->hdev->workqueue, &conn->pending_rx_work); | ||
1549 | } | 1534 | } |
1550 | 1535 | ||
1551 | /* Notify sockets that we cannot guaranty reliability anymore */ | 1536 | /* Notify sockets that we cannot guaranty reliability anymore */ |
@@ -1671,6 +1656,9 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) | |||
1671 | 1656 | ||
1672 | kfree_skb(conn->rx_skb); | 1657 | kfree_skb(conn->rx_skb); |
1673 | 1658 | ||
1659 | skb_queue_purge(&conn->pending_rx); | ||
1660 | flush_work(&conn->pending_rx_work); | ||
1661 | |||
1674 | l2cap_unregister_all_users(conn); | 1662 | l2cap_unregister_all_users(conn); |
1675 | 1663 | ||
1676 | mutex_lock(&conn->chan_lock); | 1664 | mutex_lock(&conn->chan_lock); |
@@ -1718,66 +1706,6 @@ static void security_timeout(struct work_struct *work) | |||
1718 | } | 1706 | } |
1719 | } | 1707 | } |
1720 | 1708 | ||
1721 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) | ||
1722 | { | ||
1723 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
1724 | struct hci_chan *hchan; | ||
1725 | |||
1726 | if (conn) | ||
1727 | return conn; | ||
1728 | |||
1729 | hchan = hci_chan_create(hcon); | ||
1730 | if (!hchan) | ||
1731 | return NULL; | ||
1732 | |||
1733 | conn = kzalloc(sizeof(struct l2cap_conn), GFP_KERNEL); | ||
1734 | if (!conn) { | ||
1735 | hci_chan_del(hchan); | ||
1736 | return NULL; | ||
1737 | } | ||
1738 | |||
1739 | kref_init(&conn->ref); | ||
1740 | hcon->l2cap_data = conn; | ||
1741 | conn->hcon = hcon; | ||
1742 | hci_conn_get(conn->hcon); | ||
1743 | conn->hchan = hchan; | ||
1744 | |||
1745 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); | ||
1746 | |||
1747 | switch (hcon->type) { | ||
1748 | case LE_LINK: | ||
1749 | if (hcon->hdev->le_mtu) { | ||
1750 | conn->mtu = hcon->hdev->le_mtu; | ||
1751 | break; | ||
1752 | } | ||
1753 | /* fall through */ | ||
1754 | default: | ||
1755 | conn->mtu = hcon->hdev->acl_mtu; | ||
1756 | break; | ||
1757 | } | ||
1758 | |||
1759 | conn->feat_mask = 0; | ||
1760 | |||
1761 | if (hcon->type == ACL_LINK) | ||
1762 | conn->hs_enabled = test_bit(HCI_HS_ENABLED, | ||
1763 | &hcon->hdev->dev_flags); | ||
1764 | |||
1765 | spin_lock_init(&conn->lock); | ||
1766 | mutex_init(&conn->chan_lock); | ||
1767 | |||
1768 | INIT_LIST_HEAD(&conn->chan_l); | ||
1769 | INIT_LIST_HEAD(&conn->users); | ||
1770 | |||
1771 | if (hcon->type == LE_LINK) | ||
1772 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); | ||
1773 | else | ||
1774 | INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout); | ||
1775 | |||
1776 | conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; | ||
1777 | |||
1778 | return conn; | ||
1779 | } | ||
1780 | |||
1781 | static void l2cap_conn_free(struct kref *ref) | 1709 | static void l2cap_conn_free(struct kref *ref) |
1782 | { | 1710 | { |
1783 | struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref); | 1711 | struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref); |
@@ -1848,154 +1776,6 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, | |||
1848 | return c1; | 1776 | return c1; |
1849 | } | 1777 | } |
1850 | 1778 | ||
1851 | static bool is_valid_psm(u16 psm, u8 dst_type) | ||
1852 | { | ||
1853 | if (!psm) | ||
1854 | return false; | ||
1855 | |||
1856 | if (bdaddr_type_is_le(dst_type)) | ||
1857 | return (psm <= 0x00ff); | ||
1858 | |||
1859 | /* PSM must be odd and lsb of upper byte must be 0 */ | ||
1860 | return ((psm & 0x0101) == 0x0001); | ||
1861 | } | ||
1862 | |||
1863 | int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | ||
1864 | bdaddr_t *dst, u8 dst_type) | ||
1865 | { | ||
1866 | struct l2cap_conn *conn; | ||
1867 | struct hci_conn *hcon; | ||
1868 | struct hci_dev *hdev; | ||
1869 | __u8 auth_type; | ||
1870 | int err; | ||
1871 | |||
1872 | BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", &chan->src, dst, | ||
1873 | dst_type, __le16_to_cpu(psm)); | ||
1874 | |||
1875 | hdev = hci_get_route(dst, &chan->src); | ||
1876 | if (!hdev) | ||
1877 | return -EHOSTUNREACH; | ||
1878 | |||
1879 | hci_dev_lock(hdev); | ||
1880 | |||
1881 | l2cap_chan_lock(chan); | ||
1882 | |||
1883 | if (!is_valid_psm(__le16_to_cpu(psm), dst_type) && !cid && | ||
1884 | chan->chan_type != L2CAP_CHAN_RAW) { | ||
1885 | err = -EINVAL; | ||
1886 | goto done; | ||
1887 | } | ||
1888 | |||
1889 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !(psm || cid)) { | ||
1890 | err = -EINVAL; | ||
1891 | goto done; | ||
1892 | } | ||
1893 | |||
1894 | switch (chan->mode) { | ||
1895 | case L2CAP_MODE_BASIC: | ||
1896 | break; | ||
1897 | case L2CAP_MODE_LE_FLOWCTL: | ||
1898 | l2cap_le_flowctl_init(chan); | ||
1899 | break; | ||
1900 | case L2CAP_MODE_ERTM: | ||
1901 | case L2CAP_MODE_STREAMING: | ||
1902 | if (!disable_ertm) | ||
1903 | break; | ||
1904 | /* fall through */ | ||
1905 | default: | ||
1906 | err = -ENOTSUPP; | ||
1907 | goto done; | ||
1908 | } | ||
1909 | |||
1910 | switch (chan->state) { | ||
1911 | case BT_CONNECT: | ||
1912 | case BT_CONNECT2: | ||
1913 | case BT_CONFIG: | ||
1914 | /* Already connecting */ | ||
1915 | err = 0; | ||
1916 | goto done; | ||
1917 | |||
1918 | case BT_CONNECTED: | ||
1919 | /* Already connected */ | ||
1920 | err = -EISCONN; | ||
1921 | goto done; | ||
1922 | |||
1923 | case BT_OPEN: | ||
1924 | case BT_BOUND: | ||
1925 | /* Can connect */ | ||
1926 | break; | ||
1927 | |||
1928 | default: | ||
1929 | err = -EBADFD; | ||
1930 | goto done; | ||
1931 | } | ||
1932 | |||
1933 | /* Set destination address and psm */ | ||
1934 | bacpy(&chan->dst, dst); | ||
1935 | chan->dst_type = dst_type; | ||
1936 | |||
1937 | chan->psm = psm; | ||
1938 | chan->dcid = cid; | ||
1939 | |||
1940 | auth_type = l2cap_get_auth_type(chan); | ||
1941 | |||
1942 | if (bdaddr_type_is_le(dst_type)) | ||
1943 | hcon = hci_connect(hdev, LE_LINK, dst, dst_type, | ||
1944 | chan->sec_level, auth_type); | ||
1945 | else | ||
1946 | hcon = hci_connect(hdev, ACL_LINK, dst, dst_type, | ||
1947 | chan->sec_level, auth_type); | ||
1948 | |||
1949 | if (IS_ERR(hcon)) { | ||
1950 | err = PTR_ERR(hcon); | ||
1951 | goto done; | ||
1952 | } | ||
1953 | |||
1954 | conn = l2cap_conn_add(hcon); | ||
1955 | if (!conn) { | ||
1956 | hci_conn_drop(hcon); | ||
1957 | err = -ENOMEM; | ||
1958 | goto done; | ||
1959 | } | ||
1960 | |||
1961 | if (cid && __l2cap_get_chan_by_dcid(conn, cid)) { | ||
1962 | hci_conn_drop(hcon); | ||
1963 | err = -EBUSY; | ||
1964 | goto done; | ||
1965 | } | ||
1966 | |||
1967 | /* Update source addr of the socket */ | ||
1968 | bacpy(&chan->src, &hcon->src); | ||
1969 | chan->src_type = bdaddr_type(hcon, hcon->src_type); | ||
1970 | |||
1971 | l2cap_chan_unlock(chan); | ||
1972 | l2cap_chan_add(conn, chan); | ||
1973 | l2cap_chan_lock(chan); | ||
1974 | |||
1975 | /* l2cap_chan_add takes its own ref so we can drop this one */ | ||
1976 | hci_conn_drop(hcon); | ||
1977 | |||
1978 | l2cap_state_change(chan, BT_CONNECT); | ||
1979 | __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); | ||
1980 | |||
1981 | if (hcon->state == BT_CONNECTED) { | ||
1982 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { | ||
1983 | __clear_chan_timer(chan); | ||
1984 | if (l2cap_chan_check_security(chan)) | ||
1985 | l2cap_state_change(chan, BT_CONNECTED); | ||
1986 | } else | ||
1987 | l2cap_do_start(chan); | ||
1988 | } | ||
1989 | |||
1990 | err = 0; | ||
1991 | |||
1992 | done: | ||
1993 | l2cap_chan_unlock(chan); | ||
1994 | hci_dev_unlock(hdev); | ||
1995 | hci_dev_put(hdev); | ||
1996 | return err; | ||
1997 | } | ||
1998 | |||
1999 | static void l2cap_monitor_timeout(struct work_struct *work) | 1779 | static void l2cap_monitor_timeout(struct work_struct *work) |
2000 | { | 1780 | { |
2001 | struct l2cap_chan *chan = container_of(work, struct l2cap_chan, | 1781 | struct l2cap_chan *chan = container_of(work, struct l2cap_chan, |
@@ -2654,6 +2434,14 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, | |||
2654 | if (IS_ERR(skb)) | 2434 | if (IS_ERR(skb)) |
2655 | return PTR_ERR(skb); | 2435 | return PTR_ERR(skb); |
2656 | 2436 | ||
2437 | /* Channel lock is released before requesting new skb and then | ||
2438 | * reacquired thus we need to recheck channel state. | ||
2439 | */ | ||
2440 | if (chan->state != BT_CONNECTED) { | ||
2441 | kfree_skb(skb); | ||
2442 | return -ENOTCONN; | ||
2443 | } | ||
2444 | |||
2657 | l2cap_do_send(chan, skb); | 2445 | l2cap_do_send(chan, skb); |
2658 | return len; | 2446 | return len; |
2659 | } | 2447 | } |
@@ -2703,6 +2491,14 @@ int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len, | |||
2703 | if (IS_ERR(skb)) | 2491 | if (IS_ERR(skb)) |
2704 | return PTR_ERR(skb); | 2492 | return PTR_ERR(skb); |
2705 | 2493 | ||
2494 | /* Channel lock is released before requesting new skb and then | ||
2495 | * reacquired thus we need to recheck channel state. | ||
2496 | */ | ||
2497 | if (chan->state != BT_CONNECTED) { | ||
2498 | kfree_skb(skb); | ||
2499 | return -ENOTCONN; | ||
2500 | } | ||
2501 | |||
2706 | l2cap_do_send(chan, skb); | 2502 | l2cap_do_send(chan, skb); |
2707 | err = len; | 2503 | err = len; |
2708 | break; | 2504 | break; |
@@ -5709,7 +5505,7 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, | |||
5709 | { | 5505 | { |
5710 | struct l2cap_le_credits *pkt; | 5506 | struct l2cap_le_credits *pkt; |
5711 | struct l2cap_chan *chan; | 5507 | struct l2cap_chan *chan; |
5712 | u16 cid, credits; | 5508 | u16 cid, credits, max_credits; |
5713 | 5509 | ||
5714 | if (cmd_len != sizeof(*pkt)) | 5510 | if (cmd_len != sizeof(*pkt)) |
5715 | return -EPROTO; | 5511 | return -EPROTO; |
@@ -5724,6 +5520,17 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, | |||
5724 | if (!chan) | 5520 | if (!chan) |
5725 | return -EBADSLT; | 5521 | return -EBADSLT; |
5726 | 5522 | ||
5523 | max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits; | ||
5524 | if (credits > max_credits) { | ||
5525 | BT_ERR("LE credits overflow"); | ||
5526 | l2cap_send_disconn_req(chan, ECONNRESET); | ||
5527 | |||
5528 | /* Return 0 so that we don't trigger an unnecessary | ||
5529 | * command reject packet. | ||
5530 | */ | ||
5531 | return 0; | ||
5532 | } | ||
5533 | |||
5727 | chan->tx_credits += credits; | 5534 | chan->tx_credits += credits; |
5728 | 5535 | ||
5729 | while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { | 5536 | while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { |
@@ -5770,17 +5577,6 @@ static inline int l2cap_le_sig_cmd(struct l2cap_conn *conn, | |||
5770 | { | 5577 | { |
5771 | int err = 0; | 5578 | int err = 0; |
5772 | 5579 | ||
5773 | if (!enable_lecoc) { | ||
5774 | switch (cmd->code) { | ||
5775 | case L2CAP_LE_CONN_REQ: | ||
5776 | case L2CAP_LE_CONN_RSP: | ||
5777 | case L2CAP_LE_CREDITS: | ||
5778 | case L2CAP_DISCONN_REQ: | ||
5779 | case L2CAP_DISCONN_RSP: | ||
5780 | return -EINVAL; | ||
5781 | } | ||
5782 | } | ||
5783 | |||
5784 | switch (cmd->code) { | 5580 | switch (cmd->code) { |
5785 | case L2CAP_COMMAND_REJ: | 5581 | case L2CAP_COMMAND_REJ: |
5786 | l2cap_le_command_rej(conn, cmd, cmd_len, data); | 5582 | l2cap_le_command_rej(conn, cmd, cmd_len, data); |
@@ -6871,6 +6667,7 @@ static int l2cap_le_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb) | |||
6871 | 6667 | ||
6872 | if (!chan->rx_credits) { | 6668 | if (!chan->rx_credits) { |
6873 | BT_ERR("No credits to receive LE L2CAP data"); | 6669 | BT_ERR("No credits to receive LE L2CAP data"); |
6670 | l2cap_send_disconn_req(chan, ECONNRESET); | ||
6874 | return -ENOBUFS; | 6671 | return -ENOBUFS; |
6875 | } | 6672 | } |
6876 | 6673 | ||
@@ -6995,8 +6792,10 @@ static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid, | |||
6995 | * But we don't have any other choice. L2CAP doesn't | 6792 | * But we don't have any other choice. L2CAP doesn't |
6996 | * provide flow control mechanism. */ | 6793 | * provide flow control mechanism. */ |
6997 | 6794 | ||
6998 | if (chan->imtu < skb->len) | 6795 | if (chan->imtu < skb->len) { |
6796 | BT_ERR("Dropping L2CAP data: receive buffer overflow"); | ||
6999 | goto drop; | 6797 | goto drop; |
6798 | } | ||
7000 | 6799 | ||
7001 | if (!chan->ops->recv(chan, skb)) | 6800 | if (!chan->ops->recv(chan, skb)) |
7002 | goto done; | 6801 | goto done; |
@@ -7084,9 +6883,16 @@ drop: | |||
7084 | static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) | 6883 | static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) |
7085 | { | 6884 | { |
7086 | struct l2cap_hdr *lh = (void *) skb->data; | 6885 | struct l2cap_hdr *lh = (void *) skb->data; |
6886 | struct hci_conn *hcon = conn->hcon; | ||
7087 | u16 cid, len; | 6887 | u16 cid, len; |
7088 | __le16 psm; | 6888 | __le16 psm; |
7089 | 6889 | ||
6890 | if (hcon->state != BT_CONNECTED) { | ||
6891 | BT_DBG("queueing pending rx skb"); | ||
6892 | skb_queue_tail(&conn->pending_rx, skb); | ||
6893 | return; | ||
6894 | } | ||
6895 | |||
7090 | skb_pull(skb, L2CAP_HDR_SIZE); | 6896 | skb_pull(skb, L2CAP_HDR_SIZE); |
7091 | cid = __le16_to_cpu(lh->cid); | 6897 | cid = __le16_to_cpu(lh->cid); |
7092 | len = __le16_to_cpu(lh->len); | 6898 | len = __le16_to_cpu(lh->len); |
@@ -7132,6 +6938,247 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb) | |||
7132 | } | 6938 | } |
7133 | } | 6939 | } |
7134 | 6940 | ||
6941 | static void process_pending_rx(struct work_struct *work) | ||
6942 | { | ||
6943 | struct l2cap_conn *conn = container_of(work, struct l2cap_conn, | ||
6944 | pending_rx_work); | ||
6945 | struct sk_buff *skb; | ||
6946 | |||
6947 | BT_DBG(""); | ||
6948 | |||
6949 | while ((skb = skb_dequeue(&conn->pending_rx))) | ||
6950 | l2cap_recv_frame(conn, skb); | ||
6951 | } | ||
6952 | |||
6953 | static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) | ||
6954 | { | ||
6955 | struct l2cap_conn *conn = hcon->l2cap_data; | ||
6956 | struct hci_chan *hchan; | ||
6957 | |||
6958 | if (conn) | ||
6959 | return conn; | ||
6960 | |||
6961 | hchan = hci_chan_create(hcon); | ||
6962 | if (!hchan) | ||
6963 | return NULL; | ||
6964 | |||
6965 | conn = kzalloc(sizeof(struct l2cap_conn), GFP_KERNEL); | ||
6966 | if (!conn) { | ||
6967 | hci_chan_del(hchan); | ||
6968 | return NULL; | ||
6969 | } | ||
6970 | |||
6971 | kref_init(&conn->ref); | ||
6972 | hcon->l2cap_data = conn; | ||
6973 | conn->hcon = hcon; | ||
6974 | hci_conn_get(conn->hcon); | ||
6975 | conn->hchan = hchan; | ||
6976 | |||
6977 | BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); | ||
6978 | |||
6979 | switch (hcon->type) { | ||
6980 | case LE_LINK: | ||
6981 | if (hcon->hdev->le_mtu) { | ||
6982 | conn->mtu = hcon->hdev->le_mtu; | ||
6983 | break; | ||
6984 | } | ||
6985 | /* fall through */ | ||
6986 | default: | ||
6987 | conn->mtu = hcon->hdev->acl_mtu; | ||
6988 | break; | ||
6989 | } | ||
6990 | |||
6991 | conn->feat_mask = 0; | ||
6992 | |||
6993 | if (hcon->type == ACL_LINK) | ||
6994 | conn->hs_enabled = test_bit(HCI_HS_ENABLED, | ||
6995 | &hcon->hdev->dev_flags); | ||
6996 | |||
6997 | spin_lock_init(&conn->lock); | ||
6998 | mutex_init(&conn->chan_lock); | ||
6999 | |||
7000 | INIT_LIST_HEAD(&conn->chan_l); | ||
7001 | INIT_LIST_HEAD(&conn->users); | ||
7002 | |||
7003 | if (hcon->type == LE_LINK) | ||
7004 | INIT_DELAYED_WORK(&conn->security_timer, security_timeout); | ||
7005 | else | ||
7006 | INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout); | ||
7007 | |||
7008 | skb_queue_head_init(&conn->pending_rx); | ||
7009 | INIT_WORK(&conn->pending_rx_work, process_pending_rx); | ||
7010 | |||
7011 | conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; | ||
7012 | |||
7013 | return conn; | ||
7014 | } | ||
7015 | |||
7016 | static bool is_valid_psm(u16 psm, u8 dst_type) { | ||
7017 | if (!psm) | ||
7018 | return false; | ||
7019 | |||
7020 | if (bdaddr_type_is_le(dst_type)) | ||
7021 | return (psm <= 0x00ff); | ||
7022 | |||
7023 | /* PSM must be odd and lsb of upper byte must be 0 */ | ||
7024 | return ((psm & 0x0101) == 0x0001); | ||
7025 | } | ||
7026 | |||
7027 | int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, | ||
7028 | bdaddr_t *dst, u8 dst_type) | ||
7029 | { | ||
7030 | struct l2cap_conn *conn; | ||
7031 | struct hci_conn *hcon; | ||
7032 | struct hci_dev *hdev; | ||
7033 | __u8 auth_type; | ||
7034 | int err; | ||
7035 | |||
7036 | BT_DBG("%pMR -> %pMR (type %u) psm 0x%2.2x", &chan->src, dst, | ||
7037 | dst_type, __le16_to_cpu(psm)); | ||
7038 | |||
7039 | hdev = hci_get_route(dst, &chan->src); | ||
7040 | if (!hdev) | ||
7041 | return -EHOSTUNREACH; | ||
7042 | |||
7043 | hci_dev_lock(hdev); | ||
7044 | |||
7045 | l2cap_chan_lock(chan); | ||
7046 | |||
7047 | if (!is_valid_psm(__le16_to_cpu(psm), dst_type) && !cid && | ||
7048 | chan->chan_type != L2CAP_CHAN_RAW) { | ||
7049 | err = -EINVAL; | ||
7050 | goto done; | ||
7051 | } | ||
7052 | |||
7053 | if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) { | ||
7054 | err = -EINVAL; | ||
7055 | goto done; | ||
7056 | } | ||
7057 | |||
7058 | if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) { | ||
7059 | err = -EINVAL; | ||
7060 | goto done; | ||
7061 | } | ||
7062 | |||
7063 | switch (chan->mode) { | ||
7064 | case L2CAP_MODE_BASIC: | ||
7065 | break; | ||
7066 | case L2CAP_MODE_LE_FLOWCTL: | ||
7067 | l2cap_le_flowctl_init(chan); | ||
7068 | break; | ||
7069 | case L2CAP_MODE_ERTM: | ||
7070 | case L2CAP_MODE_STREAMING: | ||
7071 | if (!disable_ertm) | ||
7072 | break; | ||
7073 | /* fall through */ | ||
7074 | default: | ||
7075 | err = -ENOTSUPP; | ||
7076 | goto done; | ||
7077 | } | ||
7078 | |||
7079 | switch (chan->state) { | ||
7080 | case BT_CONNECT: | ||
7081 | case BT_CONNECT2: | ||
7082 | case BT_CONFIG: | ||
7083 | /* Already connecting */ | ||
7084 | err = 0; | ||
7085 | goto done; | ||
7086 | |||
7087 | case BT_CONNECTED: | ||
7088 | /* Already connected */ | ||
7089 | err = -EISCONN; | ||
7090 | goto done; | ||
7091 | |||
7092 | case BT_OPEN: | ||
7093 | case BT_BOUND: | ||
7094 | /* Can connect */ | ||
7095 | break; | ||
7096 | |||
7097 | default: | ||
7098 | err = -EBADFD; | ||
7099 | goto done; | ||
7100 | } | ||
7101 | |||
7102 | /* Set destination address and psm */ | ||
7103 | bacpy(&chan->dst, dst); | ||
7104 | chan->dst_type = dst_type; | ||
7105 | |||
7106 | chan->psm = psm; | ||
7107 | chan->dcid = cid; | ||
7108 | |||
7109 | auth_type = l2cap_get_auth_type(chan); | ||
7110 | |||
7111 | if (bdaddr_type_is_le(dst_type)) { | ||
7112 | /* Convert from L2CAP channel address type to HCI address type | ||
7113 | */ | ||
7114 | if (dst_type == BDADDR_LE_PUBLIC) | ||
7115 | dst_type = ADDR_LE_DEV_PUBLIC; | ||
7116 | else | ||
7117 | dst_type = ADDR_LE_DEV_RANDOM; | ||
7118 | |||
7119 | hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level, | ||
7120 | auth_type); | ||
7121 | } else { | ||
7122 | hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type); | ||
7123 | } | ||
7124 | |||
7125 | if (IS_ERR(hcon)) { | ||
7126 | err = PTR_ERR(hcon); | ||
7127 | goto done; | ||
7128 | } | ||
7129 | |||
7130 | conn = l2cap_conn_add(hcon); | ||
7131 | if (!conn) { | ||
7132 | hci_conn_drop(hcon); | ||
7133 | err = -ENOMEM; | ||
7134 | goto done; | ||
7135 | } | ||
7136 | |||
7137 | if (cid && __l2cap_get_chan_by_dcid(conn, cid)) { | ||
7138 | hci_conn_drop(hcon); | ||
7139 | err = -EBUSY; | ||
7140 | goto done; | ||
7141 | } | ||
7142 | |||
7143 | /* Update source addr of the socket */ | ||
7144 | bacpy(&chan->src, &hcon->src); | ||
7145 | chan->src_type = bdaddr_type(hcon, hcon->src_type); | ||
7146 | |||
7147 | l2cap_chan_unlock(chan); | ||
7148 | l2cap_chan_add(conn, chan); | ||
7149 | l2cap_chan_lock(chan); | ||
7150 | |||
7151 | /* l2cap_chan_add takes its own ref so we can drop this one */ | ||
7152 | hci_conn_drop(hcon); | ||
7153 | |||
7154 | l2cap_state_change(chan, BT_CONNECT); | ||
7155 | __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); | ||
7156 | |||
7157 | /* Release chan->sport so that it can be reused by other | ||
7158 | * sockets (as it's only used for listening sockets). | ||
7159 | */ | ||
7160 | write_lock(&chan_list_lock); | ||
7161 | chan->sport = 0; | ||
7162 | write_unlock(&chan_list_lock); | ||
7163 | |||
7164 | if (hcon->state == BT_CONNECTED) { | ||
7165 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { | ||
7166 | __clear_chan_timer(chan); | ||
7167 | if (l2cap_chan_check_security(chan)) | ||
7168 | l2cap_state_change(chan, BT_CONNECTED); | ||
7169 | } else | ||
7170 | l2cap_do_start(chan); | ||
7171 | } | ||
7172 | |||
7173 | err = 0; | ||
7174 | |||
7175 | done: | ||
7176 | l2cap_chan_unlock(chan); | ||
7177 | hci_dev_unlock(hdev); | ||
7178 | hci_dev_put(hdev); | ||
7179 | return err; | ||
7180 | } | ||
7181 | |||
7135 | /* ---- L2CAP interface with lower layer (HCI) ---- */ | 7182 | /* ---- L2CAP interface with lower layer (HCI) ---- */ |
7136 | 7183 | ||
7137 | int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr) | 7184 | int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr) |
@@ -7206,7 +7253,8 @@ static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt) | |||
7206 | if (encrypt == 0x00) { | 7253 | if (encrypt == 0x00) { |
7207 | if (chan->sec_level == BT_SECURITY_MEDIUM) { | 7254 | if (chan->sec_level == BT_SECURITY_MEDIUM) { |
7208 | __set_chan_timer(chan, L2CAP_ENC_TIMEOUT); | 7255 | __set_chan_timer(chan, L2CAP_ENC_TIMEOUT); |
7209 | } else if (chan->sec_level == BT_SECURITY_HIGH) | 7256 | } else if (chan->sec_level == BT_SECURITY_HIGH || |
7257 | chan->sec_level == BT_SECURITY_FIPS) | ||
7210 | l2cap_chan_close(chan, ECONNREFUSED); | 7258 | l2cap_chan_close(chan, ECONNREFUSED); |
7211 | } else { | 7259 | } else { |
7212 | if (chan->sec_level == BT_SECURITY_MEDIUM) | 7260 | if (chan->sec_level == BT_SECURITY_MEDIUM) |
@@ -7226,7 +7274,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
7226 | 7274 | ||
7227 | if (hcon->type == LE_LINK) { | 7275 | if (hcon->type == LE_LINK) { |
7228 | if (!status && encrypt) | 7276 | if (!status && encrypt) |
7229 | smp_distribute_keys(conn, 0); | 7277 | smp_distribute_keys(conn); |
7230 | cancel_delayed_work(&conn->security_timer); | 7278 | cancel_delayed_work(&conn->security_timer); |
7231 | } | 7279 | } |
7232 | 7280 | ||
@@ -7238,7 +7286,7 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
7238 | BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid, | 7286 | BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid, |
7239 | state_to_string(chan->state)); | 7287 | state_to_string(chan->state)); |
7240 | 7288 | ||
7241 | if (chan->chan_type == L2CAP_CHAN_CONN_FIX_A2MP) { | 7289 | if (chan->scid == L2CAP_CID_A2MP) { |
7242 | l2cap_chan_unlock(chan); | 7290 | l2cap_chan_unlock(chan); |
7243 | continue; | 7291 | continue; |
7244 | } | 7292 | } |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index d58f76bcebd1..b247f9d27fed 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
@@ -36,8 +36,6 @@ | |||
36 | 36 | ||
37 | #include "smp.h" | 37 | #include "smp.h" |
38 | 38 | ||
39 | bool enable_lecoc; | ||
40 | |||
41 | static struct bt_sock_list l2cap_sk_list = { | 39 | static struct bt_sock_list l2cap_sk_list = { |
42 | .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) | 40 | .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock) |
43 | }; | 41 | }; |
@@ -101,9 +99,16 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
101 | if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) | 99 | if (!bdaddr_type_is_valid(la.l2_bdaddr_type)) |
102 | return -EINVAL; | 100 | return -EINVAL; |
103 | 101 | ||
102 | if (la.l2_cid) { | ||
103 | /* When the socket gets created it defaults to | ||
104 | * CHAN_CONN_ORIENTED, so we need to overwrite the | ||
105 | * default here. | ||
106 | */ | ||
107 | chan->chan_type = L2CAP_CHAN_FIXED; | ||
108 | chan->omtu = L2CAP_DEFAULT_MTU; | ||
109 | } | ||
110 | |||
104 | if (bdaddr_type_is_le(la.l2_bdaddr_type)) { | 111 | if (bdaddr_type_is_le(la.l2_bdaddr_type)) { |
105 | if (!enable_lecoc && la.l2_psm) | ||
106 | return -EINVAL; | ||
107 | /* We only allow ATT user space socket */ | 112 | /* We only allow ATT user space socket */ |
108 | if (la.l2_cid && | 113 | if (la.l2_cid && |
109 | la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) | 114 | la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) |
@@ -220,8 +225,6 @@ static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, | |||
220 | return -EINVAL; | 225 | return -EINVAL; |
221 | 226 | ||
222 | if (bdaddr_type_is_le(la.l2_bdaddr_type)) { | 227 | if (bdaddr_type_is_le(la.l2_bdaddr_type)) { |
223 | if (!enable_lecoc && la.l2_psm) | ||
224 | return -EINVAL; | ||
225 | /* We only allow ATT user space socket */ | 228 | /* We only allow ATT user space socket */ |
226 | if (la.l2_cid && | 229 | if (la.l2_cid && |
227 | la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) | 230 | la.l2_cid != __constant_cpu_to_le16(L2CAP_CID_ATT)) |
@@ -357,17 +360,20 @@ static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, | |||
357 | 360 | ||
358 | BT_DBG("sock %p, sk %p", sock, sk); | 361 | BT_DBG("sock %p, sk %p", sock, sk); |
359 | 362 | ||
363 | if (peer && sk->sk_state != BT_CONNECTED) | ||
364 | return -ENOTCONN; | ||
365 | |||
360 | memset(la, 0, sizeof(struct sockaddr_l2)); | 366 | memset(la, 0, sizeof(struct sockaddr_l2)); |
361 | addr->sa_family = AF_BLUETOOTH; | 367 | addr->sa_family = AF_BLUETOOTH; |
362 | *len = sizeof(struct sockaddr_l2); | 368 | *len = sizeof(struct sockaddr_l2); |
363 | 369 | ||
370 | la->l2_psm = chan->psm; | ||
371 | |||
364 | if (peer) { | 372 | if (peer) { |
365 | la->l2_psm = chan->psm; | ||
366 | bacpy(&la->l2_bdaddr, &chan->dst); | 373 | bacpy(&la->l2_bdaddr, &chan->dst); |
367 | la->l2_cid = cpu_to_le16(chan->dcid); | 374 | la->l2_cid = cpu_to_le16(chan->dcid); |
368 | la->l2_bdaddr_type = chan->dst_type; | 375 | la->l2_bdaddr_type = chan->dst_type; |
369 | } else { | 376 | } else { |
370 | la->l2_psm = chan->sport; | ||
371 | bacpy(&la->l2_bdaddr, &chan->src); | 377 | bacpy(&la->l2_bdaddr, &chan->src); |
372 | la->l2_cid = cpu_to_le16(chan->scid); | 378 | la->l2_cid = cpu_to_le16(chan->scid); |
373 | la->l2_bdaddr_type = chan->src_type; | 379 | la->l2_bdaddr_type = chan->src_type; |
@@ -432,6 +438,10 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, | |||
432 | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | | 438 | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | |
433 | L2CAP_LM_SECURE; | 439 | L2CAP_LM_SECURE; |
434 | break; | 440 | break; |
441 | case BT_SECURITY_FIPS: | ||
442 | opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT | | ||
443 | L2CAP_LM_SECURE | L2CAP_LM_FIPS; | ||
444 | break; | ||
435 | default: | 445 | default: |
436 | opt = 0; | 446 | opt = 0; |
437 | break; | 447 | break; |
@@ -445,6 +455,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, | |||
445 | 455 | ||
446 | if (put_user(opt, (u32 __user *) optval)) | 456 | if (put_user(opt, (u32 __user *) optval)) |
447 | err = -EFAULT; | 457 | err = -EFAULT; |
458 | |||
448 | break; | 459 | break; |
449 | 460 | ||
450 | case L2CAP_CONNINFO: | 461 | case L2CAP_CONNINFO: |
@@ -499,6 +510,7 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, | |||
499 | switch (optname) { | 510 | switch (optname) { |
500 | case BT_SECURITY: | 511 | case BT_SECURITY: |
501 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && | 512 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && |
513 | chan->chan_type != L2CAP_CHAN_FIXED && | ||
502 | chan->chan_type != L2CAP_CHAN_RAW) { | 514 | chan->chan_type != L2CAP_CHAN_RAW) { |
503 | err = -EINVAL; | 515 | err = -EINVAL; |
504 | break; | 516 | break; |
@@ -560,11 +572,6 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, | |||
560 | break; | 572 | break; |
561 | 573 | ||
562 | case BT_SNDMTU: | 574 | case BT_SNDMTU: |
563 | if (!enable_lecoc) { | ||
564 | err = -EPROTONOSUPPORT; | ||
565 | break; | ||
566 | } | ||
567 | |||
568 | if (!bdaddr_type_is_le(chan->src_type)) { | 575 | if (!bdaddr_type_is_le(chan->src_type)) { |
569 | err = -EINVAL; | 576 | err = -EINVAL; |
570 | break; | 577 | break; |
@@ -580,11 +587,6 @@ static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, | |||
580 | break; | 587 | break; |
581 | 588 | ||
582 | case BT_RCVMTU: | 589 | case BT_RCVMTU: |
583 | if (!enable_lecoc) { | ||
584 | err = -EPROTONOSUPPORT; | ||
585 | break; | ||
586 | } | ||
587 | |||
588 | if (!bdaddr_type_is_le(chan->src_type)) { | 590 | if (!bdaddr_type_is_le(chan->src_type)) { |
589 | err = -EINVAL; | 591 | err = -EINVAL; |
590 | break; | 592 | break; |
@@ -699,6 +701,11 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, | |||
699 | break; | 701 | break; |
700 | } | 702 | } |
701 | 703 | ||
704 | if (opt & L2CAP_LM_FIPS) { | ||
705 | err = -EINVAL; | ||
706 | break; | ||
707 | } | ||
708 | |||
702 | if (opt & L2CAP_LM_AUTH) | 709 | if (opt & L2CAP_LM_AUTH) |
703 | chan->sec_level = BT_SECURITY_LOW; | 710 | chan->sec_level = BT_SECURITY_LOW; |
704 | if (opt & L2CAP_LM_ENCRYPT) | 711 | if (opt & L2CAP_LM_ENCRYPT) |
@@ -750,6 +757,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |||
750 | switch (optname) { | 757 | switch (optname) { |
751 | case BT_SECURITY: | 758 | case BT_SECURITY: |
752 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && | 759 | if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED && |
760 | chan->chan_type != L2CAP_CHAN_FIXED && | ||
753 | chan->chan_type != L2CAP_CHAN_RAW) { | 761 | chan->chan_type != L2CAP_CHAN_RAW) { |
754 | err = -EINVAL; | 762 | err = -EINVAL; |
755 | break; | 763 | break; |
@@ -895,11 +903,6 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |||
895 | break; | 903 | break; |
896 | 904 | ||
897 | case BT_SNDMTU: | 905 | case BT_SNDMTU: |
898 | if (!enable_lecoc) { | ||
899 | err = -EPROTONOSUPPORT; | ||
900 | break; | ||
901 | } | ||
902 | |||
903 | if (!bdaddr_type_is_le(chan->src_type)) { | 906 | if (!bdaddr_type_is_le(chan->src_type)) { |
904 | err = -EINVAL; | 907 | err = -EINVAL; |
905 | break; | 908 | break; |
@@ -912,11 +915,6 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, | |||
912 | break; | 915 | break; |
913 | 916 | ||
914 | case BT_RCVMTU: | 917 | case BT_RCVMTU: |
915 | if (!enable_lecoc) { | ||
916 | err = -EPROTONOSUPPORT; | ||
917 | break; | ||
918 | } | ||
919 | |||
920 | if (!bdaddr_type_is_le(chan->src_type)) { | 918 | if (!bdaddr_type_is_le(chan->src_type)) { |
921 | err = -EINVAL; | 919 | err = -EINVAL; |
922 | break; | 920 | break; |
@@ -1449,6 +1447,11 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent) | |||
1449 | chan->tx_credits = pchan->tx_credits; | 1447 | chan->tx_credits = pchan->tx_credits; |
1450 | chan->rx_credits = pchan->rx_credits; | 1448 | chan->rx_credits = pchan->rx_credits; |
1451 | 1449 | ||
1450 | if (chan->chan_type == L2CAP_CHAN_FIXED) { | ||
1451 | chan->scid = pchan->scid; | ||
1452 | chan->dcid = pchan->scid; | ||
1453 | } | ||
1454 | |||
1452 | security_sk_clone(parent, sk); | 1455 | security_sk_clone(parent, sk); |
1453 | } else { | 1456 | } else { |
1454 | switch (sk->sk_type) { | 1457 | switch (sk->sk_type) { |
@@ -1614,6 +1617,3 @@ void l2cap_cleanup_sockets(void) | |||
1614 | bt_sock_unregister(BTPROTO_L2CAP); | 1617 | bt_sock_unregister(BTPROTO_L2CAP); |
1615 | proto_unregister(&l2cap_proto); | 1618 | proto_unregister(&l2cap_proto); |
1616 | } | 1619 | } |
1617 | |||
1618 | module_param(enable_lecoc, bool, 0644); | ||
1619 | MODULE_PARM_DESC(enable_lecoc, "Enable support for LE CoC"); | ||
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index a03ca3ca91bf..98e9df3556e7 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -34,7 +34,7 @@ | |||
34 | #include "smp.h" | 34 | #include "smp.h" |
35 | 35 | ||
36 | #define MGMT_VERSION 1 | 36 | #define MGMT_VERSION 1 |
37 | #define MGMT_REVISION 4 | 37 | #define MGMT_REVISION 5 |
38 | 38 | ||
39 | static const u16 mgmt_commands[] = { | 39 | static const u16 mgmt_commands[] = { |
40 | MGMT_OP_READ_INDEX_LIST, | 40 | MGMT_OP_READ_INDEX_LIST, |
@@ -79,6 +79,10 @@ static const u16 mgmt_commands[] = { | |||
79 | MGMT_OP_SET_BREDR, | 79 | MGMT_OP_SET_BREDR, |
80 | MGMT_OP_SET_STATIC_ADDRESS, | 80 | MGMT_OP_SET_STATIC_ADDRESS, |
81 | MGMT_OP_SET_SCAN_PARAMS, | 81 | MGMT_OP_SET_SCAN_PARAMS, |
82 | MGMT_OP_SET_SECURE_CONN, | ||
83 | MGMT_OP_SET_DEBUG_KEYS, | ||
84 | MGMT_OP_SET_PRIVACY, | ||
85 | MGMT_OP_LOAD_IRKS, | ||
82 | }; | 86 | }; |
83 | 87 | ||
84 | static const u16 mgmt_events[] = { | 88 | static const u16 mgmt_events[] = { |
@@ -103,6 +107,7 @@ static const u16 mgmt_events[] = { | |||
103 | MGMT_EV_DEVICE_UNBLOCKED, | 107 | MGMT_EV_DEVICE_UNBLOCKED, |
104 | MGMT_EV_DEVICE_UNPAIRED, | 108 | MGMT_EV_DEVICE_UNPAIRED, |
105 | MGMT_EV_PASSKEY_NOTIFY, | 109 | MGMT_EV_PASSKEY_NOTIFY, |
110 | MGMT_EV_NEW_IRK, | ||
106 | }; | 111 | }; |
107 | 112 | ||
108 | #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) | 113 | #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) |
@@ -127,7 +132,7 @@ static u8 mgmt_status_table[] = { | |||
127 | MGMT_STATUS_FAILED, /* Hardware Failure */ | 132 | MGMT_STATUS_FAILED, /* Hardware Failure */ |
128 | MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ | 133 | MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ |
129 | MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ | 134 | MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ |
130 | MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ | 135 | MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */ |
131 | MGMT_STATUS_NO_RESOURCES, /* Memory Full */ | 136 | MGMT_STATUS_NO_RESOURCES, /* Memory Full */ |
132 | MGMT_STATUS_TIMEOUT, /* Connection Timeout */ | 137 | MGMT_STATUS_TIMEOUT, /* Connection Timeout */ |
133 | MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ | 138 | MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ |
@@ -363,6 +368,7 @@ static u32 get_supported_settings(struct hci_dev *hdev) | |||
363 | 368 | ||
364 | settings |= MGMT_SETTING_POWERED; | 369 | settings |= MGMT_SETTING_POWERED; |
365 | settings |= MGMT_SETTING_PAIRABLE; | 370 | settings |= MGMT_SETTING_PAIRABLE; |
371 | settings |= MGMT_SETTING_DEBUG_KEYS; | ||
366 | 372 | ||
367 | if (lmp_bredr_capable(hdev)) { | 373 | if (lmp_bredr_capable(hdev)) { |
368 | settings |= MGMT_SETTING_CONNECTABLE; | 374 | settings |= MGMT_SETTING_CONNECTABLE; |
@@ -376,11 +382,16 @@ static u32 get_supported_settings(struct hci_dev *hdev) | |||
376 | settings |= MGMT_SETTING_SSP; | 382 | settings |= MGMT_SETTING_SSP; |
377 | settings |= MGMT_SETTING_HS; | 383 | settings |= MGMT_SETTING_HS; |
378 | } | 384 | } |
385 | |||
386 | if (lmp_sc_capable(hdev) || | ||
387 | test_bit(HCI_FORCE_SC, &hdev->dev_flags)) | ||
388 | settings |= MGMT_SETTING_SECURE_CONN; | ||
379 | } | 389 | } |
380 | 390 | ||
381 | if (lmp_le_capable(hdev)) { | 391 | if (lmp_le_capable(hdev)) { |
382 | settings |= MGMT_SETTING_LE; | 392 | settings |= MGMT_SETTING_LE; |
383 | settings |= MGMT_SETTING_ADVERTISING; | 393 | settings |= MGMT_SETTING_ADVERTISING; |
394 | settings |= MGMT_SETTING_PRIVACY; | ||
384 | } | 395 | } |
385 | 396 | ||
386 | return settings; | 397 | return settings; |
@@ -423,6 +434,15 @@ static u32 get_current_settings(struct hci_dev *hdev) | |||
423 | if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) | 434 | if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) |
424 | settings |= MGMT_SETTING_ADVERTISING; | 435 | settings |= MGMT_SETTING_ADVERTISING; |
425 | 436 | ||
437 | if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) | ||
438 | settings |= MGMT_SETTING_SECURE_CONN; | ||
439 | |||
440 | if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags)) | ||
441 | settings |= MGMT_SETTING_DEBUG_KEYS; | ||
442 | |||
443 | if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) | ||
444 | settings |= MGMT_SETTING_PRIVACY; | ||
445 | |||
426 | return settings; | 446 | return settings; |
427 | } | 447 | } |
428 | 448 | ||
@@ -629,14 +649,8 @@ static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr) | |||
629 | 649 | ||
630 | flags |= get_adv_discov_flags(hdev); | 650 | flags |= get_adv_discov_flags(hdev); |
631 | 651 | ||
632 | if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) { | 652 | if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) |
633 | if (lmp_le_br_capable(hdev)) | ||
634 | flags |= LE_AD_SIM_LE_BREDR_CTRL; | ||
635 | if (lmp_host_le_br_capable(hdev)) | ||
636 | flags |= LE_AD_SIM_LE_BREDR_HOST; | ||
637 | } else { | ||
638 | flags |= LE_AD_NO_BREDR; | 653 | flags |= LE_AD_NO_BREDR; |
639 | } | ||
640 | 654 | ||
641 | if (flags) { | 655 | if (flags) { |
642 | BT_DBG("adv flags 0x%02x", flags); | 656 | BT_DBG("adv flags 0x%02x", flags); |
@@ -803,6 +817,64 @@ static void update_class(struct hci_request *req) | |||
803 | hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); | 817 | hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); |
804 | } | 818 | } |
805 | 819 | ||
820 | static bool get_connectable(struct hci_dev *hdev) | ||
821 | { | ||
822 | struct pending_cmd *cmd; | ||
823 | |||
824 | /* If there's a pending mgmt command the flag will not yet have | ||
825 | * it's final value, so check for this first. | ||
826 | */ | ||
827 | cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev); | ||
828 | if (cmd) { | ||
829 | struct mgmt_mode *cp = cmd->param; | ||
830 | return cp->val; | ||
831 | } | ||
832 | |||
833 | return test_bit(HCI_CONNECTABLE, &hdev->dev_flags); | ||
834 | } | ||
835 | |||
836 | static void enable_advertising(struct hci_request *req) | ||
837 | { | ||
838 | struct hci_dev *hdev = req->hdev; | ||
839 | struct hci_cp_le_set_adv_param cp; | ||
840 | u8 own_addr_type, enable = 0x01; | ||
841 | bool connectable; | ||
842 | |||
843 | /* Clear the HCI_ADVERTISING bit temporarily so that the | ||
844 | * hci_update_random_address knows that it's safe to go ahead | ||
845 | * and write a new random address. The flag will be set back on | ||
846 | * as soon as the SET_ADV_ENABLE HCI command completes. | ||
847 | */ | ||
848 | clear_bit(HCI_ADVERTISING, &hdev->dev_flags); | ||
849 | |||
850 | connectable = get_connectable(hdev); | ||
851 | |||
852 | /* Set require_privacy to true only when non-connectable | ||
853 | * advertising is used. In that case it is fine to use a | ||
854 | * non-resolvable private address. | ||
855 | */ | ||
856 | if (hci_update_random_address(req, !connectable, &own_addr_type) < 0) | ||
857 | return; | ||
858 | |||
859 | memset(&cp, 0, sizeof(cp)); | ||
860 | cp.min_interval = __constant_cpu_to_le16(0x0800); | ||
861 | cp.max_interval = __constant_cpu_to_le16(0x0800); | ||
862 | cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; | ||
863 | cp.own_address_type = own_addr_type; | ||
864 | cp.channel_map = hdev->le_adv_channel_map; | ||
865 | |||
866 | hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); | ||
867 | |||
868 | hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); | ||
869 | } | ||
870 | |||
871 | static void disable_advertising(struct hci_request *req) | ||
872 | { | ||
873 | u8 enable = 0x00; | ||
874 | |||
875 | hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); | ||
876 | } | ||
877 | |||
806 | static void service_cache_off(struct work_struct *work) | 878 | static void service_cache_off(struct work_struct *work) |
807 | { | 879 | { |
808 | struct hci_dev *hdev = container_of(work, struct hci_dev, | 880 | struct hci_dev *hdev = container_of(work, struct hci_dev, |
@@ -824,12 +896,39 @@ static void service_cache_off(struct work_struct *work) | |||
824 | hci_req_run(&req, NULL); | 896 | hci_req_run(&req, NULL); |
825 | } | 897 | } |
826 | 898 | ||
899 | static void rpa_expired(struct work_struct *work) | ||
900 | { | ||
901 | struct hci_dev *hdev = container_of(work, struct hci_dev, | ||
902 | rpa_expired.work); | ||
903 | struct hci_request req; | ||
904 | |||
905 | BT_DBG(""); | ||
906 | |||
907 | set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); | ||
908 | |||
909 | if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) || | ||
910 | hci_conn_num(hdev, LE_LINK) > 0) | ||
911 | return; | ||
912 | |||
913 | /* The generation of a new RPA and programming it into the | ||
914 | * controller happens in the enable_advertising() function. | ||
915 | */ | ||
916 | |||
917 | hci_req_init(&req, hdev); | ||
918 | |||
919 | disable_advertising(&req); | ||
920 | enable_advertising(&req); | ||
921 | |||
922 | hci_req_run(&req, NULL); | ||
923 | } | ||
924 | |||
827 | static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) | 925 | static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev) |
828 | { | 926 | { |
829 | if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) | 927 | if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) |
830 | return; | 928 | return; |
831 | 929 | ||
832 | INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); | 930 | INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); |
931 | INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired); | ||
833 | 932 | ||
834 | /* Non-mgmt controlled devices get this bit set | 933 | /* Non-mgmt controlled devices get this bit set |
835 | * implicitly so that pairing works for them, however | 934 | * implicitly so that pairing works for them, however |
@@ -935,6 +1034,71 @@ static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) | |||
935 | sizeof(settings)); | 1034 | sizeof(settings)); |
936 | } | 1035 | } |
937 | 1036 | ||
1037 | static void clean_up_hci_complete(struct hci_dev *hdev, u8 status) | ||
1038 | { | ||
1039 | BT_DBG("%s status 0x%02x", hdev->name, status); | ||
1040 | |||
1041 | if (hci_conn_count(hdev) == 0) { | ||
1042 | cancel_delayed_work(&hdev->power_off); | ||
1043 | queue_work(hdev->req_workqueue, &hdev->power_off.work); | ||
1044 | } | ||
1045 | } | ||
1046 | |||
1047 | static int clean_up_hci_state(struct hci_dev *hdev) | ||
1048 | { | ||
1049 | struct hci_request req; | ||
1050 | struct hci_conn *conn; | ||
1051 | |||
1052 | hci_req_init(&req, hdev); | ||
1053 | |||
1054 | if (test_bit(HCI_ISCAN, &hdev->flags) || | ||
1055 | test_bit(HCI_PSCAN, &hdev->flags)) { | ||
1056 | u8 scan = 0x00; | ||
1057 | hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); | ||
1058 | } | ||
1059 | |||
1060 | if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) | ||
1061 | disable_advertising(&req); | ||
1062 | |||
1063 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) { | ||
1064 | hci_req_add_le_scan_disable(&req); | ||
1065 | } | ||
1066 | |||
1067 | list_for_each_entry(conn, &hdev->conn_hash.list, list) { | ||
1068 | struct hci_cp_disconnect dc; | ||
1069 | struct hci_cp_reject_conn_req rej; | ||
1070 | |||
1071 | switch (conn->state) { | ||
1072 | case BT_CONNECTED: | ||
1073 | case BT_CONFIG: | ||
1074 | dc.handle = cpu_to_le16(conn->handle); | ||
1075 | dc.reason = 0x15; /* Terminated due to Power Off */ | ||
1076 | hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc); | ||
1077 | break; | ||
1078 | case BT_CONNECT: | ||
1079 | if (conn->type == LE_LINK) | ||
1080 | hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL, | ||
1081 | 0, NULL); | ||
1082 | else if (conn->type == ACL_LINK) | ||
1083 | hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL, | ||
1084 | 6, &conn->dst); | ||
1085 | break; | ||
1086 | case BT_CONNECT2: | ||
1087 | bacpy(&rej.bdaddr, &conn->dst); | ||
1088 | rej.reason = 0x15; /* Terminated due to Power Off */ | ||
1089 | if (conn->type == ACL_LINK) | ||
1090 | hci_req_add(&req, HCI_OP_REJECT_CONN_REQ, | ||
1091 | sizeof(rej), &rej); | ||
1092 | else if (conn->type == SCO_LINK) | ||
1093 | hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ, | ||
1094 | sizeof(rej), &rej); | ||
1095 | break; | ||
1096 | } | ||
1097 | } | ||
1098 | |||
1099 | return hci_req_run(&req, clean_up_hci_complete); | ||
1100 | } | ||
1101 | |||
938 | static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, | 1102 | static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, |
939 | u16 len) | 1103 | u16 len) |
940 | { | 1104 | { |
@@ -978,12 +1142,23 @@ static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data, | |||
978 | goto failed; | 1142 | goto failed; |
979 | } | 1143 | } |
980 | 1144 | ||
981 | if (cp->val) | 1145 | if (cp->val) { |
982 | queue_work(hdev->req_workqueue, &hdev->power_on); | 1146 | queue_work(hdev->req_workqueue, &hdev->power_on); |
983 | else | 1147 | err = 0; |
984 | queue_work(hdev->req_workqueue, &hdev->power_off.work); | 1148 | } else { |
985 | 1149 | /* Disconnect connections, stop scans, etc */ | |
986 | err = 0; | 1150 | err = clean_up_hci_state(hdev); |
1151 | if (!err) | ||
1152 | queue_delayed_work(hdev->req_workqueue, &hdev->power_off, | ||
1153 | HCI_POWER_OFF_TIMEOUT); | ||
1154 | |||
1155 | /* ENODATA means there were no HCI commands queued */ | ||
1156 | if (err == -ENODATA) { | ||
1157 | cancel_delayed_work(&hdev->power_off); | ||
1158 | queue_work(hdev->req_workqueue, &hdev->power_off.work); | ||
1159 | err = 0; | ||
1160 | } | ||
1161 | } | ||
987 | 1162 | ||
988 | failed: | 1163 | failed: |
989 | hci_dev_unlock(hdev); | 1164 | hci_dev_unlock(hdev); |
@@ -1336,50 +1511,6 @@ static void write_fast_connectable(struct hci_request *req, bool enable) | |||
1336 | hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); | 1511 | hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); |
1337 | } | 1512 | } |
1338 | 1513 | ||
1339 | static u8 get_adv_type(struct hci_dev *hdev) | ||
1340 | { | ||
1341 | struct pending_cmd *cmd; | ||
1342 | bool connectable; | ||
1343 | |||
1344 | /* If there's a pending mgmt command the flag will not yet have | ||
1345 | * it's final value, so check for this first. | ||
1346 | */ | ||
1347 | cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev); | ||
1348 | if (cmd) { | ||
1349 | struct mgmt_mode *cp = cmd->param; | ||
1350 | connectable = !!cp->val; | ||
1351 | } else { | ||
1352 | connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags); | ||
1353 | } | ||
1354 | |||
1355 | return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND; | ||
1356 | } | ||
1357 | |||
1358 | static void enable_advertising(struct hci_request *req) | ||
1359 | { | ||
1360 | struct hci_dev *hdev = req->hdev; | ||
1361 | struct hci_cp_le_set_adv_param cp; | ||
1362 | u8 enable = 0x01; | ||
1363 | |||
1364 | memset(&cp, 0, sizeof(cp)); | ||
1365 | cp.min_interval = __constant_cpu_to_le16(0x0800); | ||
1366 | cp.max_interval = __constant_cpu_to_le16(0x0800); | ||
1367 | cp.type = get_adv_type(hdev); | ||
1368 | cp.own_address_type = hdev->own_addr_type; | ||
1369 | cp.channel_map = 0x07; | ||
1370 | |||
1371 | hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); | ||
1372 | |||
1373 | hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); | ||
1374 | } | ||
1375 | |||
1376 | static void disable_advertising(struct hci_request *req) | ||
1377 | { | ||
1378 | u8 enable = 0x00; | ||
1379 | |||
1380 | hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); | ||
1381 | } | ||
1382 | |||
1383 | static void set_connectable_complete(struct hci_dev *hdev, u8 status) | 1514 | static void set_connectable_complete(struct hci_dev *hdev, u8 status) |
1384 | { | 1515 | { |
1385 | struct pending_cmd *cmd; | 1516 | struct pending_cmd *cmd; |
@@ -2065,7 +2196,7 @@ static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2065 | } | 2196 | } |
2066 | 2197 | ||
2067 | if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { | 2198 | if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { |
2068 | err = hci_uuids_clear(hdev); | 2199 | hci_uuids_clear(hdev); |
2069 | 2200 | ||
2070 | if (enable_service_cache(hdev)) { | 2201 | if (enable_service_cache(hdev)) { |
2071 | err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, | 2202 | err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, |
@@ -2205,6 +2336,7 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2205 | { | 2336 | { |
2206 | struct mgmt_cp_load_link_keys *cp = data; | 2337 | struct mgmt_cp_load_link_keys *cp = data; |
2207 | u16 key_count, expected_len; | 2338 | u16 key_count, expected_len; |
2339 | bool changed; | ||
2208 | int i; | 2340 | int i; |
2209 | 2341 | ||
2210 | BT_DBG("request for %s", hdev->name); | 2342 | BT_DBG("request for %s", hdev->name); |
@@ -2234,7 +2366,7 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2234 | for (i = 0; i < key_count; i++) { | 2366 | for (i = 0; i < key_count; i++) { |
2235 | struct mgmt_link_key_info *key = &cp->keys[i]; | 2367 | struct mgmt_link_key_info *key = &cp->keys[i]; |
2236 | 2368 | ||
2237 | if (key->addr.type != BDADDR_BREDR) | 2369 | if (key->addr.type != BDADDR_BREDR || key->type > 0x08) |
2238 | return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, | 2370 | return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, |
2239 | MGMT_STATUS_INVALID_PARAMS); | 2371 | MGMT_STATUS_INVALID_PARAMS); |
2240 | } | 2372 | } |
@@ -2244,9 +2376,12 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2244 | hci_link_keys_clear(hdev); | 2376 | hci_link_keys_clear(hdev); |
2245 | 2377 | ||
2246 | if (cp->debug_keys) | 2378 | if (cp->debug_keys) |
2247 | set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); | 2379 | changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); |
2248 | else | 2380 | else |
2249 | clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); | 2381 | changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); |
2382 | |||
2383 | if (changed) | ||
2384 | new_settings(hdev, NULL); | ||
2250 | 2385 | ||
2251 | for (i = 0; i < key_count; i++) { | 2386 | for (i = 0; i < key_count; i++) { |
2252 | struct mgmt_link_key_info *key = &cp->keys[i]; | 2387 | struct mgmt_link_key_info *key = &cp->keys[i]; |
@@ -2306,10 +2441,22 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2306 | goto unlock; | 2441 | goto unlock; |
2307 | } | 2442 | } |
2308 | 2443 | ||
2309 | if (cp->addr.type == BDADDR_BREDR) | 2444 | if (cp->addr.type == BDADDR_BREDR) { |
2310 | err = hci_remove_link_key(hdev, &cp->addr.bdaddr); | 2445 | err = hci_remove_link_key(hdev, &cp->addr.bdaddr); |
2311 | else | 2446 | } else { |
2312 | err = hci_remove_ltk(hdev, &cp->addr.bdaddr); | 2447 | u8 addr_type; |
2448 | |||
2449 | if (cp->addr.type == BDADDR_LE_PUBLIC) | ||
2450 | addr_type = ADDR_LE_DEV_PUBLIC; | ||
2451 | else | ||
2452 | addr_type = ADDR_LE_DEV_RANDOM; | ||
2453 | |||
2454 | hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); | ||
2455 | |||
2456 | hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); | ||
2457 | |||
2458 | err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); | ||
2459 | } | ||
2313 | 2460 | ||
2314 | if (err < 0) { | 2461 | if (err < 0) { |
2315 | err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, | 2462 | err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, |
@@ -2633,6 +2780,16 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) | |||
2633 | mgmt_pending_remove(cmd); | 2780 | mgmt_pending_remove(cmd); |
2634 | } | 2781 | } |
2635 | 2782 | ||
2783 | void mgmt_smp_complete(struct hci_conn *conn, bool complete) | ||
2784 | { | ||
2785 | u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED; | ||
2786 | struct pending_cmd *cmd; | ||
2787 | |||
2788 | cmd = find_pairing(conn); | ||
2789 | if (cmd) | ||
2790 | pairing_complete(cmd, status); | ||
2791 | } | ||
2792 | |||
2636 | static void pairing_complete_cb(struct hci_conn *conn, u8 status) | 2793 | static void pairing_complete_cb(struct hci_conn *conn, u8 status) |
2637 | { | 2794 | { |
2638 | struct pending_cmd *cmd; | 2795 | struct pending_cmd *cmd; |
@@ -2646,7 +2803,7 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status) | |||
2646 | pairing_complete(cmd, mgmt_status(status)); | 2803 | pairing_complete(cmd, mgmt_status(status)); |
2647 | } | 2804 | } |
2648 | 2805 | ||
2649 | static void le_connect_complete_cb(struct hci_conn *conn, u8 status) | 2806 | static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) |
2650 | { | 2807 | { |
2651 | struct pending_cmd *cmd; | 2808 | struct pending_cmd *cmd; |
2652 | 2809 | ||
@@ -2697,12 +2854,22 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2697 | else | 2854 | else |
2698 | auth_type = HCI_AT_DEDICATED_BONDING_MITM; | 2855 | auth_type = HCI_AT_DEDICATED_BONDING_MITM; |
2699 | 2856 | ||
2700 | if (cp->addr.type == BDADDR_BREDR) | 2857 | if (cp->addr.type == BDADDR_BREDR) { |
2701 | conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, | 2858 | conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, |
2702 | cp->addr.type, sec_level, auth_type); | 2859 | auth_type); |
2703 | else | 2860 | } else { |
2704 | conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, | 2861 | u8 addr_type; |
2705 | cp->addr.type, sec_level, auth_type); | 2862 | |
2863 | /* Convert from L2CAP channel address type to HCI address type | ||
2864 | */ | ||
2865 | if (cp->addr.type == BDADDR_LE_PUBLIC) | ||
2866 | addr_type = ADDR_LE_DEV_PUBLIC; | ||
2867 | else | ||
2868 | addr_type = ADDR_LE_DEV_RANDOM; | ||
2869 | |||
2870 | conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type, | ||
2871 | sec_level, auth_type); | ||
2872 | } | ||
2706 | 2873 | ||
2707 | if (IS_ERR(conn)) { | 2874 | if (IS_ERR(conn)) { |
2708 | int status; | 2875 | int status; |
@@ -2733,13 +2900,16 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
2733 | } | 2900 | } |
2734 | 2901 | ||
2735 | /* For LE, just connecting isn't a proof that the pairing finished */ | 2902 | /* For LE, just connecting isn't a proof that the pairing finished */ |
2736 | if (cp->addr.type == BDADDR_BREDR) | 2903 | if (cp->addr.type == BDADDR_BREDR) { |
2737 | conn->connect_cfm_cb = pairing_complete_cb; | 2904 | conn->connect_cfm_cb = pairing_complete_cb; |
2738 | else | 2905 | conn->security_cfm_cb = pairing_complete_cb; |
2739 | conn->connect_cfm_cb = le_connect_complete_cb; | 2906 | conn->disconn_cfm_cb = pairing_complete_cb; |
2907 | } else { | ||
2908 | conn->connect_cfm_cb = le_pairing_complete_cb; | ||
2909 | conn->security_cfm_cb = le_pairing_complete_cb; | ||
2910 | conn->disconn_cfm_cb = le_pairing_complete_cb; | ||
2911 | } | ||
2740 | 2912 | ||
2741 | conn->security_cfm_cb = pairing_complete_cb; | ||
2742 | conn->disconn_cfm_cb = pairing_complete_cb; | ||
2743 | conn->io_capability = cp->io_cap; | 2913 | conn->io_capability = cp->io_cap; |
2744 | cmd->user_data = conn; | 2914 | cmd->user_data = conn; |
2745 | 2915 | ||
@@ -3071,7 +3241,12 @@ static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev, | |||
3071 | goto unlock; | 3241 | goto unlock; |
3072 | } | 3242 | } |
3073 | 3243 | ||
3074 | err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); | 3244 | if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) |
3245 | err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA, | ||
3246 | 0, NULL); | ||
3247 | else | ||
3248 | err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); | ||
3249 | |||
3075 | if (err < 0) | 3250 | if (err < 0) |
3076 | mgmt_pending_remove(cmd); | 3251 | mgmt_pending_remove(cmd); |
3077 | 3252 | ||
@@ -3083,23 +3258,46 @@ unlock: | |||
3083 | static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, | 3258 | static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev, |
3084 | void *data, u16 len) | 3259 | void *data, u16 len) |
3085 | { | 3260 | { |
3086 | struct mgmt_cp_add_remote_oob_data *cp = data; | ||
3087 | u8 status; | ||
3088 | int err; | 3261 | int err; |
3089 | 3262 | ||
3090 | BT_DBG("%s ", hdev->name); | 3263 | BT_DBG("%s ", hdev->name); |
3091 | 3264 | ||
3092 | hci_dev_lock(hdev); | 3265 | hci_dev_lock(hdev); |
3093 | 3266 | ||
3094 | err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash, | 3267 | if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) { |
3095 | cp->randomizer); | 3268 | struct mgmt_cp_add_remote_oob_data *cp = data; |
3096 | if (err < 0) | 3269 | u8 status; |
3097 | status = MGMT_STATUS_FAILED; | ||
3098 | else | ||
3099 | status = MGMT_STATUS_SUCCESS; | ||
3100 | 3270 | ||
3101 | err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status, | 3271 | err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, |
3102 | &cp->addr, sizeof(cp->addr)); | 3272 | cp->hash, cp->randomizer); |
3273 | if (err < 0) | ||
3274 | status = MGMT_STATUS_FAILED; | ||
3275 | else | ||
3276 | status = MGMT_STATUS_SUCCESS; | ||
3277 | |||
3278 | err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, | ||
3279 | status, &cp->addr, sizeof(cp->addr)); | ||
3280 | } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) { | ||
3281 | struct mgmt_cp_add_remote_oob_ext_data *cp = data; | ||
3282 | u8 status; | ||
3283 | |||
3284 | err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr, | ||
3285 | cp->hash192, | ||
3286 | cp->randomizer192, | ||
3287 | cp->hash256, | ||
3288 | cp->randomizer256); | ||
3289 | if (err < 0) | ||
3290 | status = MGMT_STATUS_FAILED; | ||
3291 | else | ||
3292 | status = MGMT_STATUS_SUCCESS; | ||
3293 | |||
3294 | err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, | ||
3295 | status, &cp->addr, sizeof(cp->addr)); | ||
3296 | } else { | ||
3297 | BT_ERR("add_remote_oob_data: invalid length of %u bytes", len); | ||
3298 | err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, | ||
3299 | MGMT_STATUS_INVALID_PARAMS); | ||
3300 | } | ||
3103 | 3301 | ||
3104 | hci_dev_unlock(hdev); | 3302 | hci_dev_unlock(hdev); |
3105 | return err; | 3303 | return err; |
@@ -3195,7 +3393,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
3195 | struct hci_request req; | 3393 | struct hci_request req; |
3196 | /* General inquiry access code (GIAC) */ | 3394 | /* General inquiry access code (GIAC) */ |
3197 | u8 lap[3] = { 0x33, 0x8b, 0x9e }; | 3395 | u8 lap[3] = { 0x33, 0x8b, 0x9e }; |
3198 | u8 status; | 3396 | u8 status, own_addr_type; |
3199 | int err; | 3397 | int err; |
3200 | 3398 | ||
3201 | BT_DBG("%s", hdev->name); | 3399 | BT_DBG("%s", hdev->name); |
@@ -3280,18 +3478,31 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev, | |||
3280 | goto failed; | 3478 | goto failed; |
3281 | } | 3479 | } |
3282 | 3480 | ||
3283 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) { | 3481 | /* If controller is scanning, it means the background scanning |
3482 | * is running. Thus, we should temporarily stop it in order to | ||
3483 | * set the discovery scanning parameters. | ||
3484 | */ | ||
3485 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) | ||
3486 | hci_req_add_le_scan_disable(&req); | ||
3487 | |||
3488 | memset(¶m_cp, 0, sizeof(param_cp)); | ||
3489 | |||
3490 | /* All active scans will be done with either a resolvable | ||
3491 | * private address (when privacy feature has been enabled) | ||
3492 | * or unresolvable private address. | ||
3493 | */ | ||
3494 | err = hci_update_random_address(&req, true, &own_addr_type); | ||
3495 | if (err < 0) { | ||
3284 | err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, | 3496 | err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY, |
3285 | MGMT_STATUS_BUSY); | 3497 | MGMT_STATUS_FAILED); |
3286 | mgmt_pending_remove(cmd); | 3498 | mgmt_pending_remove(cmd); |
3287 | goto failed; | 3499 | goto failed; |
3288 | } | 3500 | } |
3289 | 3501 | ||
3290 | memset(¶m_cp, 0, sizeof(param_cp)); | ||
3291 | param_cp.type = LE_SCAN_ACTIVE; | 3502 | param_cp.type = LE_SCAN_ACTIVE; |
3292 | param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT); | 3503 | param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT); |
3293 | param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); | 3504 | param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN); |
3294 | param_cp.own_address_type = hdev->own_addr_type; | 3505 | param_cp.own_address_type = own_addr_type; |
3295 | hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), | 3506 | hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), |
3296 | ¶m_cp); | 3507 | ¶m_cp); |
3297 | 3508 | ||
@@ -3361,7 +3572,6 @@ static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, | |||
3361 | struct hci_cp_remote_name_req_cancel cp; | 3572 | struct hci_cp_remote_name_req_cancel cp; |
3362 | struct inquiry_entry *e; | 3573 | struct inquiry_entry *e; |
3363 | struct hci_request req; | 3574 | struct hci_request req; |
3364 | struct hci_cp_le_set_scan_enable enable_cp; | ||
3365 | int err; | 3575 | int err; |
3366 | 3576 | ||
3367 | BT_DBG("%s", hdev->name); | 3577 | BT_DBG("%s", hdev->name); |
@@ -3397,10 +3607,7 @@ static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data, | |||
3397 | } else { | 3607 | } else { |
3398 | cancel_delayed_work(&hdev->le_scan_disable); | 3608 | cancel_delayed_work(&hdev->le_scan_disable); |
3399 | 3609 | ||
3400 | memset(&enable_cp, 0, sizeof(enable_cp)); | 3610 | hci_req_add_le_scan_disable(&req); |
3401 | enable_cp.enable = LE_SCAN_DISABLE; | ||
3402 | hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, | ||
3403 | sizeof(enable_cp), &enable_cp); | ||
3404 | } | 3611 | } |
3405 | 3612 | ||
3406 | break; | 3613 | break; |
@@ -3457,15 +3664,17 @@ static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data, | |||
3457 | hci_dev_lock(hdev); | 3664 | hci_dev_lock(hdev); |
3458 | 3665 | ||
3459 | if (!hci_discovery_active(hdev)) { | 3666 | if (!hci_discovery_active(hdev)) { |
3460 | err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, | 3667 | err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, |
3461 | MGMT_STATUS_FAILED); | 3668 | MGMT_STATUS_FAILED, &cp->addr, |
3669 | sizeof(cp->addr)); | ||
3462 | goto failed; | 3670 | goto failed; |
3463 | } | 3671 | } |
3464 | 3672 | ||
3465 | e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); | 3673 | e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr); |
3466 | if (!e) { | 3674 | if (!e) { |
3467 | err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME, | 3675 | err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, |
3468 | MGMT_STATUS_INVALID_PARAMS); | 3676 | MGMT_STATUS_INVALID_PARAMS, &cp->addr, |
3677 | sizeof(cp->addr)); | ||
3469 | goto failed; | 3678 | goto failed; |
3470 | } | 3679 | } |
3471 | 3680 | ||
@@ -3754,6 +3963,21 @@ static int set_scan_params(struct sock *sk, struct hci_dev *hdev, | |||
3754 | 3963 | ||
3755 | err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0); | 3964 | err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0); |
3756 | 3965 | ||
3966 | /* If background scan is running, restart it so new parameters are | ||
3967 | * loaded. | ||
3968 | */ | ||
3969 | if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) && | ||
3970 | hdev->discovery.state == DISCOVERY_STOPPED) { | ||
3971 | struct hci_request req; | ||
3972 | |||
3973 | hci_req_init(&req, hdev); | ||
3974 | |||
3975 | hci_req_add_le_scan_disable(&req); | ||
3976 | hci_req_add_le_passive_scan(&req); | ||
3977 | |||
3978 | hci_req_run(&req, NULL); | ||
3979 | } | ||
3980 | |||
3757 | hci_dev_unlock(hdev); | 3981 | hci_dev_unlock(hdev); |
3758 | 3982 | ||
3759 | return err; | 3983 | return err; |
@@ -3999,15 +4223,269 @@ unlock: | |||
3999 | return err; | 4223 | return err; |
4000 | } | 4224 | } |
4001 | 4225 | ||
4226 | static int set_secure_conn(struct sock *sk, struct hci_dev *hdev, | ||
4227 | void *data, u16 len) | ||
4228 | { | ||
4229 | struct mgmt_mode *cp = data; | ||
4230 | struct pending_cmd *cmd; | ||
4231 | u8 val, status; | ||
4232 | int err; | ||
4233 | |||
4234 | BT_DBG("request for %s", hdev->name); | ||
4235 | |||
4236 | status = mgmt_bredr_support(hdev); | ||
4237 | if (status) | ||
4238 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, | ||
4239 | status); | ||
4240 | |||
4241 | if (!lmp_sc_capable(hdev) && | ||
4242 | !test_bit(HCI_FORCE_SC, &hdev->dev_flags)) | ||
4243 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, | ||
4244 | MGMT_STATUS_NOT_SUPPORTED); | ||
4245 | |||
4246 | if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) | ||
4247 | return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, | ||
4248 | MGMT_STATUS_INVALID_PARAMS); | ||
4249 | |||
4250 | hci_dev_lock(hdev); | ||
4251 | |||
4252 | if (!hdev_is_powered(hdev)) { | ||
4253 | bool changed; | ||
4254 | |||
4255 | if (cp->val) { | ||
4256 | changed = !test_and_set_bit(HCI_SC_ENABLED, | ||
4257 | &hdev->dev_flags); | ||
4258 | if (cp->val == 0x02) | ||
4259 | set_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
4260 | else | ||
4261 | clear_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
4262 | } else { | ||
4263 | changed = test_and_clear_bit(HCI_SC_ENABLED, | ||
4264 | &hdev->dev_flags); | ||
4265 | clear_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
4266 | } | ||
4267 | |||
4268 | err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); | ||
4269 | if (err < 0) | ||
4270 | goto failed; | ||
4271 | |||
4272 | if (changed) | ||
4273 | err = new_settings(hdev, sk); | ||
4274 | |||
4275 | goto failed; | ||
4276 | } | ||
4277 | |||
4278 | if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) { | ||
4279 | err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN, | ||
4280 | MGMT_STATUS_BUSY); | ||
4281 | goto failed; | ||
4282 | } | ||
4283 | |||
4284 | val = !!cp->val; | ||
4285 | |||
4286 | if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && | ||
4287 | (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) { | ||
4288 | err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev); | ||
4289 | goto failed; | ||
4290 | } | ||
4291 | |||
4292 | cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len); | ||
4293 | if (!cmd) { | ||
4294 | err = -ENOMEM; | ||
4295 | goto failed; | ||
4296 | } | ||
4297 | |||
4298 | err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val); | ||
4299 | if (err < 0) { | ||
4300 | mgmt_pending_remove(cmd); | ||
4301 | goto failed; | ||
4302 | } | ||
4303 | |||
4304 | if (cp->val == 0x02) | ||
4305 | set_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
4306 | else | ||
4307 | clear_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
4308 | |||
4309 | failed: | ||
4310 | hci_dev_unlock(hdev); | ||
4311 | return err; | ||
4312 | } | ||
4313 | |||
4314 | static int set_debug_keys(struct sock *sk, struct hci_dev *hdev, | ||
4315 | void *data, u16 len) | ||
4316 | { | ||
4317 | struct mgmt_mode *cp = data; | ||
4318 | bool changed; | ||
4319 | int err; | ||
4320 | |||
4321 | BT_DBG("request for %s", hdev->name); | ||
4322 | |||
4323 | if (cp->val != 0x00 && cp->val != 0x01) | ||
4324 | return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS, | ||
4325 | MGMT_STATUS_INVALID_PARAMS); | ||
4326 | |||
4327 | hci_dev_lock(hdev); | ||
4328 | |||
4329 | if (cp->val) | ||
4330 | changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); | ||
4331 | else | ||
4332 | changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); | ||
4333 | |||
4334 | err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev); | ||
4335 | if (err < 0) | ||
4336 | goto unlock; | ||
4337 | |||
4338 | if (changed) | ||
4339 | err = new_settings(hdev, sk); | ||
4340 | |||
4341 | unlock: | ||
4342 | hci_dev_unlock(hdev); | ||
4343 | return err; | ||
4344 | } | ||
4345 | |||
4346 | static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data, | ||
4347 | u16 len) | ||
4348 | { | ||
4349 | struct mgmt_cp_set_privacy *cp = cp_data; | ||
4350 | bool changed; | ||
4351 | int err; | ||
4352 | |||
4353 | BT_DBG("request for %s", hdev->name); | ||
4354 | |||
4355 | if (!lmp_le_capable(hdev)) | ||
4356 | return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, | ||
4357 | MGMT_STATUS_NOT_SUPPORTED); | ||
4358 | |||
4359 | if (cp->privacy != 0x00 && cp->privacy != 0x01) | ||
4360 | return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, | ||
4361 | MGMT_STATUS_INVALID_PARAMS); | ||
4362 | |||
4363 | if (hdev_is_powered(hdev)) | ||
4364 | return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY, | ||
4365 | MGMT_STATUS_REJECTED); | ||
4366 | |||
4367 | hci_dev_lock(hdev); | ||
4368 | |||
4369 | /* If user space supports this command it is also expected to | ||
4370 | * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag. | ||
4371 | */ | ||
4372 | set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags); | ||
4373 | |||
4374 | if (cp->privacy) { | ||
4375 | changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags); | ||
4376 | memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); | ||
4377 | set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); | ||
4378 | } else { | ||
4379 | changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags); | ||
4380 | memset(hdev->irk, 0, sizeof(hdev->irk)); | ||
4381 | clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags); | ||
4382 | } | ||
4383 | |||
4384 | err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev); | ||
4385 | if (err < 0) | ||
4386 | goto unlock; | ||
4387 | |||
4388 | if (changed) | ||
4389 | err = new_settings(hdev, sk); | ||
4390 | |||
4391 | unlock: | ||
4392 | hci_dev_unlock(hdev); | ||
4393 | return err; | ||
4394 | } | ||
4395 | |||
4396 | static bool irk_is_valid(struct mgmt_irk_info *irk) | ||
4397 | { | ||
4398 | switch (irk->addr.type) { | ||
4399 | case BDADDR_LE_PUBLIC: | ||
4400 | return true; | ||
4401 | |||
4402 | case BDADDR_LE_RANDOM: | ||
4403 | /* Two most significant bits shall be set */ | ||
4404 | if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0) | ||
4405 | return false; | ||
4406 | return true; | ||
4407 | } | ||
4408 | |||
4409 | return false; | ||
4410 | } | ||
4411 | |||
4412 | static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data, | ||
4413 | u16 len) | ||
4414 | { | ||
4415 | struct mgmt_cp_load_irks *cp = cp_data; | ||
4416 | u16 irk_count, expected_len; | ||
4417 | int i, err; | ||
4418 | |||
4419 | BT_DBG("request for %s", hdev->name); | ||
4420 | |||
4421 | if (!lmp_le_capable(hdev)) | ||
4422 | return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, | ||
4423 | MGMT_STATUS_NOT_SUPPORTED); | ||
4424 | |||
4425 | irk_count = __le16_to_cpu(cp->irk_count); | ||
4426 | |||
4427 | expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info); | ||
4428 | if (expected_len != len) { | ||
4429 | BT_ERR("load_irks: expected %u bytes, got %u bytes", | ||
4430 | len, expected_len); | ||
4431 | return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS, | ||
4432 | MGMT_STATUS_INVALID_PARAMS); | ||
4433 | } | ||
4434 | |||
4435 | BT_DBG("%s irk_count %u", hdev->name, irk_count); | ||
4436 | |||
4437 | for (i = 0; i < irk_count; i++) { | ||
4438 | struct mgmt_irk_info *key = &cp->irks[i]; | ||
4439 | |||
4440 | if (!irk_is_valid(key)) | ||
4441 | return cmd_status(sk, hdev->id, | ||
4442 | MGMT_OP_LOAD_IRKS, | ||
4443 | MGMT_STATUS_INVALID_PARAMS); | ||
4444 | } | ||
4445 | |||
4446 | hci_dev_lock(hdev); | ||
4447 | |||
4448 | hci_smp_irks_clear(hdev); | ||
4449 | |||
4450 | for (i = 0; i < irk_count; i++) { | ||
4451 | struct mgmt_irk_info *irk = &cp->irks[i]; | ||
4452 | u8 addr_type; | ||
4453 | |||
4454 | if (irk->addr.type == BDADDR_LE_PUBLIC) | ||
4455 | addr_type = ADDR_LE_DEV_PUBLIC; | ||
4456 | else | ||
4457 | addr_type = ADDR_LE_DEV_RANDOM; | ||
4458 | |||
4459 | hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val, | ||
4460 | BDADDR_ANY); | ||
4461 | } | ||
4462 | |||
4463 | set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags); | ||
4464 | |||
4465 | err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0); | ||
4466 | |||
4467 | hci_dev_unlock(hdev); | ||
4468 | |||
4469 | return err; | ||
4470 | } | ||
4471 | |||
4002 | static bool ltk_is_valid(struct mgmt_ltk_info *key) | 4472 | static bool ltk_is_valid(struct mgmt_ltk_info *key) |
4003 | { | 4473 | { |
4004 | if (key->authenticated != 0x00 && key->authenticated != 0x01) | ||
4005 | return false; | ||
4006 | if (key->master != 0x00 && key->master != 0x01) | 4474 | if (key->master != 0x00 && key->master != 0x01) |
4007 | return false; | 4475 | return false; |
4008 | if (!bdaddr_type_is_le(key->addr.type)) | 4476 | |
4009 | return false; | 4477 | switch (key->addr.type) { |
4010 | return true; | 4478 | case BDADDR_LE_PUBLIC: |
4479 | return true; | ||
4480 | |||
4481 | case BDADDR_LE_RANDOM: | ||
4482 | /* Two most significant bits shall be set */ | ||
4483 | if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0) | ||
4484 | return false; | ||
4485 | return true; | ||
4486 | } | ||
4487 | |||
4488 | return false; | ||
4011 | } | 4489 | } |
4012 | 4490 | ||
4013 | static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, | 4491 | static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, |
@@ -4063,9 +4541,9 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev, | |||
4063 | else | 4541 | else |
4064 | type = HCI_SMP_LTK_SLAVE; | 4542 | type = HCI_SMP_LTK_SLAVE; |
4065 | 4543 | ||
4066 | hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, | 4544 | hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type, |
4067 | type, 0, key->authenticated, key->val, | 4545 | key->type, key->val, key->enc_size, key->ediv, |
4068 | key->enc_size, key->ediv, key->rand); | 4546 | key->rand); |
4069 | } | 4547 | } |
4070 | 4548 | ||
4071 | err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, | 4549 | err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0, |
@@ -4115,7 +4593,7 @@ static const struct mgmt_handler { | |||
4115 | { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, | 4593 | { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE }, |
4116 | { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, | 4594 | { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE }, |
4117 | { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, | 4595 | { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE }, |
4118 | { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, | 4596 | { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE }, |
4119 | { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, | 4597 | { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE }, |
4120 | { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, | 4598 | { start_discovery, false, MGMT_START_DISCOVERY_SIZE }, |
4121 | { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, | 4599 | { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE }, |
@@ -4127,6 +4605,10 @@ static const struct mgmt_handler { | |||
4127 | { set_bredr, false, MGMT_SETTING_SIZE }, | 4605 | { set_bredr, false, MGMT_SETTING_SIZE }, |
4128 | { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE }, | 4606 | { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE }, |
4129 | { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE }, | 4607 | { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE }, |
4608 | { set_secure_conn, false, MGMT_SETTING_SIZE }, | ||
4609 | { set_debug_keys, false, MGMT_SETTING_SIZE }, | ||
4610 | { set_privacy, false, MGMT_SET_PRIVACY_SIZE }, | ||
4611 | { load_irks, true, MGMT_LOAD_IRKS_SIZE }, | ||
4130 | }; | 4612 | }; |
4131 | 4613 | ||
4132 | 4614 | ||
@@ -4243,6 +4725,17 @@ void mgmt_index_removed(struct hci_dev *hdev) | |||
4243 | mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); | 4725 | mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); |
4244 | } | 4726 | } |
4245 | 4727 | ||
4728 | /* This function requires the caller holds hdev->lock */ | ||
4729 | static void restart_le_auto_conns(struct hci_dev *hdev) | ||
4730 | { | ||
4731 | struct hci_conn_params *p; | ||
4732 | |||
4733 | list_for_each_entry(p, &hdev->le_conn_params, list) { | ||
4734 | if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) | ||
4735 | hci_pend_le_conn_add(hdev, &p->addr, p->addr_type); | ||
4736 | } | ||
4737 | } | ||
4738 | |||
4246 | static void powered_complete(struct hci_dev *hdev, u8 status) | 4739 | static void powered_complete(struct hci_dev *hdev, u8 status) |
4247 | { | 4740 | { |
4248 | struct cmd_lookup match = { NULL, hdev }; | 4741 | struct cmd_lookup match = { NULL, hdev }; |
@@ -4251,6 +4744,8 @@ static void powered_complete(struct hci_dev *hdev, u8 status) | |||
4251 | 4744 | ||
4252 | hci_dev_lock(hdev); | 4745 | hci_dev_lock(hdev); |
4253 | 4746 | ||
4747 | restart_le_auto_conns(hdev); | ||
4748 | |||
4254 | mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); | 4749 | mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); |
4255 | 4750 | ||
4256 | new_settings(hdev, match.sk); | 4751 | new_settings(hdev, match.sk); |
@@ -4292,11 +4787,6 @@ static int powered_update_hci(struct hci_dev *hdev) | |||
4292 | } | 4787 | } |
4293 | 4788 | ||
4294 | if (lmp_le_capable(hdev)) { | 4789 | if (lmp_le_capable(hdev)) { |
4295 | /* Set random address to static address if configured */ | ||
4296 | if (bacmp(&hdev->static_addr, BDADDR_ANY)) | ||
4297 | hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6, | ||
4298 | &hdev->static_addr); | ||
4299 | |||
4300 | /* Make sure the controller has a good default for | 4790 | /* Make sure the controller has a good default for |
4301 | * advertising data. This also applies to the case | 4791 | * advertising data. This also applies to the case |
4302 | * where BR/EDR was toggled during the AUTO_OFF phase. | 4792 | * where BR/EDR was toggled during the AUTO_OFF phase. |
@@ -4422,6 +4912,10 @@ void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) | |||
4422 | if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) | 4912 | if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) |
4423 | return; | 4913 | return; |
4424 | 4914 | ||
4915 | /* Powering off may clear the scan mode - don't let that interfere */ | ||
4916 | if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) | ||
4917 | return; | ||
4918 | |||
4425 | if (discoverable) { | 4919 | if (discoverable) { |
4426 | changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags); | 4920 | changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags); |
4427 | } else { | 4921 | } else { |
@@ -4455,6 +4949,10 @@ void mgmt_connectable(struct hci_dev *hdev, u8 connectable) | |||
4455 | if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) | 4949 | if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) |
4456 | return; | 4950 | return; |
4457 | 4951 | ||
4952 | /* Powering off may clear the scan mode - don't let that interfere */ | ||
4953 | if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) | ||
4954 | return; | ||
4955 | |||
4458 | if (connectable) | 4956 | if (connectable) |
4459 | changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags); | 4957 | changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags); |
4460 | else | 4958 | else |
@@ -4464,6 +4962,18 @@ void mgmt_connectable(struct hci_dev *hdev, u8 connectable) | |||
4464 | new_settings(hdev, NULL); | 4962 | new_settings(hdev, NULL); |
4465 | } | 4963 | } |
4466 | 4964 | ||
4965 | void mgmt_advertising(struct hci_dev *hdev, u8 advertising) | ||
4966 | { | ||
4967 | /* Powering off may stop advertising - don't let that interfere */ | ||
4968 | if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) | ||
4969 | return; | ||
4970 | |||
4971 | if (advertising) | ||
4972 | set_bit(HCI_ADVERTISING, &hdev->dev_flags); | ||
4973 | else | ||
4974 | clear_bit(HCI_ADVERTISING, &hdev->dev_flags); | ||
4975 | } | ||
4976 | |||
4467 | void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) | 4977 | void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) |
4468 | { | 4978 | { |
4469 | u8 mgmt_err = mgmt_status(status); | 4979 | u8 mgmt_err = mgmt_status(status); |
@@ -4494,28 +5004,74 @@ void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, | |||
4494 | mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); | 5004 | mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); |
4495 | } | 5005 | } |
4496 | 5006 | ||
4497 | void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent) | 5007 | void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key) |
4498 | { | 5008 | { |
4499 | struct mgmt_ev_new_long_term_key ev; | 5009 | struct mgmt_ev_new_long_term_key ev; |
4500 | 5010 | ||
4501 | memset(&ev, 0, sizeof(ev)); | 5011 | memset(&ev, 0, sizeof(ev)); |
4502 | 5012 | ||
4503 | ev.store_hint = persistent; | 5013 | /* Devices using resolvable or non-resolvable random addresses |
5014 | * without providing an indentity resolving key don't require | ||
5015 | * to store long term keys. Their addresses will change the | ||
5016 | * next time around. | ||
5017 | * | ||
5018 | * Only when a remote device provides an identity address | ||
5019 | * make sure the long term key is stored. If the remote | ||
5020 | * identity is known, the long term keys are internally | ||
5021 | * mapped to the identity address. So allow static random | ||
5022 | * and public addresses here. | ||
5023 | */ | ||
5024 | if (key->bdaddr_type == ADDR_LE_DEV_RANDOM && | ||
5025 | (key->bdaddr.b[5] & 0xc0) != 0xc0) | ||
5026 | ev.store_hint = 0x00; | ||
5027 | else | ||
5028 | ev.store_hint = 0x01; | ||
5029 | |||
4504 | bacpy(&ev.key.addr.bdaddr, &key->bdaddr); | 5030 | bacpy(&ev.key.addr.bdaddr, &key->bdaddr); |
4505 | ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); | 5031 | ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); |
4506 | ev.key.authenticated = key->authenticated; | 5032 | ev.key.type = key->authenticated; |
4507 | ev.key.enc_size = key->enc_size; | 5033 | ev.key.enc_size = key->enc_size; |
4508 | ev.key.ediv = key->ediv; | 5034 | ev.key.ediv = key->ediv; |
5035 | ev.key.rand = key->rand; | ||
4509 | 5036 | ||
4510 | if (key->type == HCI_SMP_LTK) | 5037 | if (key->type == HCI_SMP_LTK) |
4511 | ev.key.master = 1; | 5038 | ev.key.master = 1; |
4512 | 5039 | ||
4513 | memcpy(ev.key.rand, key->rand, sizeof(key->rand)); | ||
4514 | memcpy(ev.key.val, key->val, sizeof(key->val)); | 5040 | memcpy(ev.key.val, key->val, sizeof(key->val)); |
4515 | 5041 | ||
4516 | mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); | 5042 | mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL); |
4517 | } | 5043 | } |
4518 | 5044 | ||
5045 | void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk) | ||
5046 | { | ||
5047 | struct mgmt_ev_new_irk ev; | ||
5048 | |||
5049 | memset(&ev, 0, sizeof(ev)); | ||
5050 | |||
5051 | /* For identity resolving keys from devices that are already | ||
5052 | * using a public address or static random address, do not | ||
5053 | * ask for storing this key. The identity resolving key really | ||
5054 | * is only mandatory for devices using resovlable random | ||
5055 | * addresses. | ||
5056 | * | ||
5057 | * Storing all identity resolving keys has the downside that | ||
5058 | * they will be also loaded on next boot of they system. More | ||
5059 | * identity resolving keys, means more time during scanning is | ||
5060 | * needed to actually resolve these addresses. | ||
5061 | */ | ||
5062 | if (bacmp(&irk->rpa, BDADDR_ANY)) | ||
5063 | ev.store_hint = 0x01; | ||
5064 | else | ||
5065 | ev.store_hint = 0x00; | ||
5066 | |||
5067 | bacpy(&ev.rpa, &irk->rpa); | ||
5068 | bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); | ||
5069 | ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); | ||
5070 | memcpy(ev.irk.val, irk->val, sizeof(irk->val)); | ||
5071 | |||
5072 | mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); | ||
5073 | } | ||
5074 | |||
4519 | static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, | 5075 | static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data, |
4520 | u8 data_len) | 5076 | u8 data_len) |
4521 | { | 5077 | { |
@@ -4590,11 +5146,29 @@ static void unpair_device_rsp(struct pending_cmd *cmd, void *data) | |||
4590 | } | 5146 | } |
4591 | 5147 | ||
4592 | void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, | 5148 | void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, |
4593 | u8 link_type, u8 addr_type, u8 reason) | 5149 | u8 link_type, u8 addr_type, u8 reason, |
5150 | bool mgmt_connected) | ||
4594 | { | 5151 | { |
4595 | struct mgmt_ev_device_disconnected ev; | 5152 | struct mgmt_ev_device_disconnected ev; |
5153 | struct pending_cmd *power_off; | ||
4596 | struct sock *sk = NULL; | 5154 | struct sock *sk = NULL; |
4597 | 5155 | ||
5156 | power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); | ||
5157 | if (power_off) { | ||
5158 | struct mgmt_mode *cp = power_off->param; | ||
5159 | |||
5160 | /* The connection is still in hci_conn_hash so test for 1 | ||
5161 | * instead of 0 to know if this is the last one. | ||
5162 | */ | ||
5163 | if (!cp->val && hci_conn_count(hdev) == 1) { | ||
5164 | cancel_delayed_work(&hdev->power_off); | ||
5165 | queue_work(hdev->req_workqueue, &hdev->power_off.work); | ||
5166 | } | ||
5167 | } | ||
5168 | |||
5169 | if (!mgmt_connected) | ||
5170 | return; | ||
5171 | |||
4598 | if (link_type != ACL_LINK && link_type != LE_LINK) | 5172 | if (link_type != ACL_LINK && link_type != LE_LINK) |
4599 | return; | 5173 | return; |
4600 | 5174 | ||
@@ -4649,6 +5223,20 @@ void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
4649 | u8 addr_type, u8 status) | 5223 | u8 addr_type, u8 status) |
4650 | { | 5224 | { |
4651 | struct mgmt_ev_connect_failed ev; | 5225 | struct mgmt_ev_connect_failed ev; |
5226 | struct pending_cmd *power_off; | ||
5227 | |||
5228 | power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev); | ||
5229 | if (power_off) { | ||
5230 | struct mgmt_mode *cp = power_off->param; | ||
5231 | |||
5232 | /* The connection is still in hci_conn_hash so test for 1 | ||
5233 | * instead of 0 to know if this is the last one. | ||
5234 | */ | ||
5235 | if (!cp->val && hci_conn_count(hdev) == 1) { | ||
5236 | cancel_delayed_work(&hdev->power_off); | ||
5237 | queue_work(hdev->req_workqueue, &hdev->power_off.work); | ||
5238 | } | ||
5239 | } | ||
4652 | 5240 | ||
4653 | bacpy(&ev.addr.bdaddr, bdaddr); | 5241 | bacpy(&ev.addr.bdaddr, bdaddr); |
4654 | ev.addr.type = link_to_bdaddr(link_type, addr_type); | 5242 | ev.addr.type = link_to_bdaddr(link_type, addr_type); |
@@ -4910,6 +5498,43 @@ void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) | |||
4910 | hci_req_run(&req, NULL); | 5498 | hci_req_run(&req, NULL); |
4911 | } | 5499 | } |
4912 | 5500 | ||
5501 | void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status) | ||
5502 | { | ||
5503 | struct cmd_lookup match = { NULL, hdev }; | ||
5504 | bool changed = false; | ||
5505 | |||
5506 | if (status) { | ||
5507 | u8 mgmt_err = mgmt_status(status); | ||
5508 | |||
5509 | if (enable) { | ||
5510 | if (test_and_clear_bit(HCI_SC_ENABLED, | ||
5511 | &hdev->dev_flags)) | ||
5512 | new_settings(hdev, NULL); | ||
5513 | clear_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
5514 | } | ||
5515 | |||
5516 | mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev, | ||
5517 | cmd_status_rsp, &mgmt_err); | ||
5518 | return; | ||
5519 | } | ||
5520 | |||
5521 | if (enable) { | ||
5522 | changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags); | ||
5523 | } else { | ||
5524 | changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); | ||
5525 | clear_bit(HCI_SC_ONLY, &hdev->dev_flags); | ||
5526 | } | ||
5527 | |||
5528 | mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev, | ||
5529 | settings_rsp, &match); | ||
5530 | |||
5531 | if (changed) | ||
5532 | new_settings(hdev, match.sk); | ||
5533 | |||
5534 | if (match.sk) | ||
5535 | sock_put(match.sk); | ||
5536 | } | ||
5537 | |||
4913 | static void sk_lookup(struct pending_cmd *cmd, void *data) | 5538 | static void sk_lookup(struct pending_cmd *cmd, void *data) |
4914 | { | 5539 | { |
4915 | struct cmd_lookup *match = data; | 5540 | struct cmd_lookup *match = data; |
@@ -4964,8 +5589,9 @@ void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) | |||
4964 | cmd ? cmd->sk : NULL); | 5589 | cmd ? cmd->sk : NULL); |
4965 | } | 5590 | } |
4966 | 5591 | ||
4967 | void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, | 5592 | void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192, |
4968 | u8 *randomizer, u8 status) | 5593 | u8 *randomizer192, u8 *hash256, |
5594 | u8 *randomizer256, u8 status) | ||
4969 | { | 5595 | { |
4970 | struct pending_cmd *cmd; | 5596 | struct pending_cmd *cmd; |
4971 | 5597 | ||
@@ -4979,13 +5605,32 @@ void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, | |||
4979 | cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, | 5605 | cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, |
4980 | mgmt_status(status)); | 5606 | mgmt_status(status)); |
4981 | } else { | 5607 | } else { |
4982 | struct mgmt_rp_read_local_oob_data rp; | 5608 | if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) && |
5609 | hash256 && randomizer256) { | ||
5610 | struct mgmt_rp_read_local_oob_ext_data rp; | ||
5611 | |||
5612 | memcpy(rp.hash192, hash192, sizeof(rp.hash192)); | ||
5613 | memcpy(rp.randomizer192, randomizer192, | ||
5614 | sizeof(rp.randomizer192)); | ||
5615 | |||
5616 | memcpy(rp.hash256, hash256, sizeof(rp.hash256)); | ||
5617 | memcpy(rp.randomizer256, randomizer256, | ||
5618 | sizeof(rp.randomizer256)); | ||
5619 | |||
5620 | cmd_complete(cmd->sk, hdev->id, | ||
5621 | MGMT_OP_READ_LOCAL_OOB_DATA, 0, | ||
5622 | &rp, sizeof(rp)); | ||
5623 | } else { | ||
5624 | struct mgmt_rp_read_local_oob_data rp; | ||
4983 | 5625 | ||
4984 | memcpy(rp.hash, hash, sizeof(rp.hash)); | 5626 | memcpy(rp.hash, hash192, sizeof(rp.hash)); |
4985 | memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); | 5627 | memcpy(rp.randomizer, randomizer192, |
5628 | sizeof(rp.randomizer)); | ||
4986 | 5629 | ||
4987 | cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, | 5630 | cmd_complete(cmd->sk, hdev->id, |
4988 | 0, &rp, sizeof(rp)); | 5631 | MGMT_OP_READ_LOCAL_OOB_DATA, 0, |
5632 | &rp, sizeof(rp)); | ||
5633 | } | ||
4989 | } | 5634 | } |
4990 | 5635 | ||
4991 | mgmt_pending_remove(cmd); | 5636 | mgmt_pending_remove(cmd); |
@@ -4997,6 +5642,7 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
4997 | { | 5642 | { |
4998 | char buf[512]; | 5643 | char buf[512]; |
4999 | struct mgmt_ev_device_found *ev = (void *) buf; | 5644 | struct mgmt_ev_device_found *ev = (void *) buf; |
5645 | struct smp_irk *irk; | ||
5000 | size_t ev_size; | 5646 | size_t ev_size; |
5001 | 5647 | ||
5002 | if (!hci_discovery_active(hdev)) | 5648 | if (!hci_discovery_active(hdev)) |
@@ -5008,8 +5654,15 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
5008 | 5654 | ||
5009 | memset(buf, 0, sizeof(buf)); | 5655 | memset(buf, 0, sizeof(buf)); |
5010 | 5656 | ||
5011 | bacpy(&ev->addr.bdaddr, bdaddr); | 5657 | irk = hci_get_irk(hdev, bdaddr, addr_type); |
5012 | ev->addr.type = link_to_bdaddr(link_type, addr_type); | 5658 | if (irk) { |
5659 | bacpy(&ev->addr.bdaddr, &irk->bdaddr); | ||
5660 | ev->addr.type = link_to_bdaddr(link_type, irk->addr_type); | ||
5661 | } else { | ||
5662 | bacpy(&ev->addr.bdaddr, bdaddr); | ||
5663 | ev->addr.type = link_to_bdaddr(link_type, addr_type); | ||
5664 | } | ||
5665 | |||
5013 | ev->rssi = rssi; | 5666 | ev->rssi = rssi; |
5014 | if (cfm_name) | 5667 | if (cfm_name) |
5015 | ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME); | 5668 | ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME); |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index facd8a79c038..21e15318937c 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
@@ -216,6 +216,7 @@ static int rfcomm_check_security(struct rfcomm_dlc *d) | |||
216 | 216 | ||
217 | switch (d->sec_level) { | 217 | switch (d->sec_level) { |
218 | case BT_SECURITY_HIGH: | 218 | case BT_SECURITY_HIGH: |
219 | case BT_SECURITY_FIPS: | ||
219 | auth_type = HCI_AT_GENERAL_BONDING_MITM; | 220 | auth_type = HCI_AT_GENERAL_BONDING_MITM; |
220 | break; | 221 | break; |
221 | case BT_SECURITY_MEDIUM: | 222 | case BT_SECURITY_MEDIUM: |
@@ -359,6 +360,11 @@ static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) | |||
359 | return NULL; | 360 | return NULL; |
360 | } | 361 | } |
361 | 362 | ||
363 | static int rfcomm_check_channel(u8 channel) | ||
364 | { | ||
365 | return channel < 1 || channel > 30; | ||
366 | } | ||
367 | |||
362 | static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) | 368 | static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) |
363 | { | 369 | { |
364 | struct rfcomm_session *s; | 370 | struct rfcomm_session *s; |
@@ -368,7 +374,7 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, | |||
368 | BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d", | 374 | BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d", |
369 | d, d->state, src, dst, channel); | 375 | d, d->state, src, dst, channel); |
370 | 376 | ||
371 | if (channel < 1 || channel > 30) | 377 | if (rfcomm_check_channel(channel)) |
372 | return -EINVAL; | 378 | return -EINVAL; |
373 | 379 | ||
374 | if (d->state != BT_OPEN && d->state != BT_CLOSED) | 380 | if (d->state != BT_OPEN && d->state != BT_CLOSED) |
@@ -425,6 +431,20 @@ int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 chann | |||
425 | return r; | 431 | return r; |
426 | } | 432 | } |
427 | 433 | ||
434 | static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d) | ||
435 | { | ||
436 | struct rfcomm_session *s = d->session; | ||
437 | |||
438 | d->state = BT_DISCONN; | ||
439 | if (skb_queue_empty(&d->tx_queue)) { | ||
440 | rfcomm_send_disc(s, d->dlci); | ||
441 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); | ||
442 | } else { | ||
443 | rfcomm_queue_disc(d); | ||
444 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); | ||
445 | } | ||
446 | } | ||
447 | |||
428 | static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | 448 | static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) |
429 | { | 449 | { |
430 | struct rfcomm_session *s = d->session; | 450 | struct rfcomm_session *s = d->session; |
@@ -437,32 +457,29 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) | |||
437 | switch (d->state) { | 457 | switch (d->state) { |
438 | case BT_CONNECT: | 458 | case BT_CONNECT: |
439 | case BT_CONFIG: | 459 | case BT_CONFIG: |
460 | case BT_OPEN: | ||
461 | case BT_CONNECT2: | ||
440 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | 462 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { |
441 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | 463 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); |
442 | rfcomm_schedule(); | 464 | rfcomm_schedule(); |
443 | break; | 465 | return 0; |
444 | } | 466 | } |
445 | /* Fall through */ | 467 | } |
446 | 468 | ||
469 | switch (d->state) { | ||
470 | case BT_CONNECT: | ||
447 | case BT_CONNECTED: | 471 | case BT_CONNECTED: |
448 | d->state = BT_DISCONN; | 472 | __rfcomm_dlc_disconn(d); |
449 | if (skb_queue_empty(&d->tx_queue)) { | ||
450 | rfcomm_send_disc(s, d->dlci); | ||
451 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); | ||
452 | } else { | ||
453 | rfcomm_queue_disc(d); | ||
454 | rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); | ||
455 | } | ||
456 | break; | 473 | break; |
457 | 474 | ||
458 | case BT_OPEN: | 475 | case BT_CONFIG: |
459 | case BT_CONNECT2: | 476 | if (s->state != BT_BOUND) { |
460 | if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { | 477 | __rfcomm_dlc_disconn(d); |
461 | set_bit(RFCOMM_AUTH_REJECT, &d->flags); | ||
462 | rfcomm_schedule(); | ||
463 | break; | 478 | break; |
464 | } | 479 | } |
465 | /* Fall through */ | 480 | /* if closing a dlc in a session that hasn't been started, |
481 | * just close and unlink the dlc | ||
482 | */ | ||
466 | 483 | ||
467 | default: | 484 | default: |
468 | rfcomm_dlc_clear_timer(d); | 485 | rfcomm_dlc_clear_timer(d); |
@@ -513,6 +530,25 @@ no_session: | |||
513 | return r; | 530 | return r; |
514 | } | 531 | } |
515 | 532 | ||
533 | struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel) | ||
534 | { | ||
535 | struct rfcomm_session *s; | ||
536 | struct rfcomm_dlc *dlc = NULL; | ||
537 | u8 dlci; | ||
538 | |||
539 | if (rfcomm_check_channel(channel)) | ||
540 | return ERR_PTR(-EINVAL); | ||
541 | |||
542 | rfcomm_lock(); | ||
543 | s = rfcomm_session_get(src, dst); | ||
544 | if (s) { | ||
545 | dlci = __dlci(!s->initiator, channel); | ||
546 | dlc = rfcomm_dlc_get(s, dlci); | ||
547 | } | ||
548 | rfcomm_unlock(); | ||
549 | return dlc; | ||
550 | } | ||
551 | |||
516 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) | 552 | int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) |
517 | { | 553 | { |
518 | int len = skb->len; | 554 | int len = skb->len; |
@@ -533,6 +569,20 @@ int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) | |||
533 | return len; | 569 | return len; |
534 | } | 570 | } |
535 | 571 | ||
572 | void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb) | ||
573 | { | ||
574 | int len = skb->len; | ||
575 | |||
576 | BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); | ||
577 | |||
578 | rfcomm_make_uih(skb, d->addr); | ||
579 | skb_queue_tail(&d->tx_queue, skb); | ||
580 | |||
581 | if (d->state == BT_CONNECTED && | ||
582 | !test_bit(RFCOMM_TX_THROTTLED, &d->flags)) | ||
583 | rfcomm_schedule(); | ||
584 | } | ||
585 | |||
536 | void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) | 586 | void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) |
537 | { | 587 | { |
538 | BT_DBG("dlc %p state %ld", d, d->state); | 588 | BT_DBG("dlc %p state %ld", d, d->state); |
@@ -1943,12 +1993,11 @@ static void rfcomm_process_sessions(void) | |||
1943 | continue; | 1993 | continue; |
1944 | } | 1994 | } |
1945 | 1995 | ||
1946 | if (s->state == BT_LISTEN) { | 1996 | switch (s->state) { |
1997 | case BT_LISTEN: | ||
1947 | rfcomm_accept_connection(s); | 1998 | rfcomm_accept_connection(s); |
1948 | continue; | 1999 | continue; |
1949 | } | ||
1950 | 2000 | ||
1951 | switch (s->state) { | ||
1952 | case BT_BOUND: | 2001 | case BT_BOUND: |
1953 | s = rfcomm_check_connection(s); | 2002 | s = rfcomm_check_connection(s); |
1954 | break; | 2003 | break; |
@@ -2085,7 +2134,8 @@ static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) | |||
2085 | set_bit(RFCOMM_SEC_PENDING, &d->flags); | 2134 | set_bit(RFCOMM_SEC_PENDING, &d->flags); |
2086 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); | 2135 | rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); |
2087 | continue; | 2136 | continue; |
2088 | } else if (d->sec_level == BT_SECURITY_HIGH) { | 2137 | } else if (d->sec_level == BT_SECURITY_HIGH || |
2138 | d->sec_level == BT_SECURITY_FIPS) { | ||
2089 | set_bit(RFCOMM_ENC_DROP, &d->flags); | 2139 | set_bit(RFCOMM_ENC_DROP, &d->flags); |
2090 | continue; | 2140 | continue; |
2091 | } | 2141 | } |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 3c2d3e4aa2f5..c024e715512f 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
@@ -105,13 +105,18 @@ static void rfcomm_sk_state_change(struct rfcomm_dlc *d, int err) | |||
105 | } | 105 | } |
106 | 106 | ||
107 | /* ---- Socket functions ---- */ | 107 | /* ---- Socket functions ---- */ |
108 | static struct sock *__rfcomm_get_sock_by_addr(u8 channel, bdaddr_t *src) | 108 | static struct sock *__rfcomm_get_listen_sock_by_addr(u8 channel, bdaddr_t *src) |
109 | { | 109 | { |
110 | struct sock *sk = NULL; | 110 | struct sock *sk = NULL; |
111 | 111 | ||
112 | sk_for_each(sk, &rfcomm_sk_list.head) { | 112 | sk_for_each(sk, &rfcomm_sk_list.head) { |
113 | if (rfcomm_pi(sk)->channel == channel && | 113 | if (rfcomm_pi(sk)->channel != channel) |
114 | !bacmp(&rfcomm_pi(sk)->src, src)) | 114 | continue; |
115 | |||
116 | if (bacmp(&rfcomm_pi(sk)->src, src)) | ||
117 | continue; | ||
118 | |||
119 | if (sk->sk_state == BT_BOUND || sk->sk_state == BT_LISTEN) | ||
115 | break; | 120 | break; |
116 | } | 121 | } |
117 | 122 | ||
@@ -331,6 +336,7 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
331 | { | 336 | { |
332 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; | 337 | struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; |
333 | struct sock *sk = sock->sk; | 338 | struct sock *sk = sock->sk; |
339 | int chan = sa->rc_channel; | ||
334 | int err = 0; | 340 | int err = 0; |
335 | 341 | ||
336 | BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); | 342 | BT_DBG("sk %p %pMR", sk, &sa->rc_bdaddr); |
@@ -352,12 +358,12 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr | |||
352 | 358 | ||
353 | write_lock(&rfcomm_sk_list.lock); | 359 | write_lock(&rfcomm_sk_list.lock); |
354 | 360 | ||
355 | if (sa->rc_channel && __rfcomm_get_sock_by_addr(sa->rc_channel, &sa->rc_bdaddr)) { | 361 | if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { |
356 | err = -EADDRINUSE; | 362 | err = -EADDRINUSE; |
357 | } else { | 363 | } else { |
358 | /* Save source address */ | 364 | /* Save source address */ |
359 | bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); | 365 | bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); |
360 | rfcomm_pi(sk)->channel = sa->rc_channel; | 366 | rfcomm_pi(sk)->channel = chan; |
361 | sk->sk_state = BT_BOUND; | 367 | sk->sk_state = BT_BOUND; |
362 | } | 368 | } |
363 | 369 | ||
@@ -439,7 +445,7 @@ static int rfcomm_sock_listen(struct socket *sock, int backlog) | |||
439 | write_lock(&rfcomm_sk_list.lock); | 445 | write_lock(&rfcomm_sk_list.lock); |
440 | 446 | ||
441 | for (channel = 1; channel < 31; channel++) | 447 | for (channel = 1; channel < 31; channel++) |
442 | if (!__rfcomm_get_sock_by_addr(channel, src)) { | 448 | if (!__rfcomm_get_listen_sock_by_addr(channel, src)) { |
443 | rfcomm_pi(sk)->channel = channel; | 449 | rfcomm_pi(sk)->channel = channel; |
444 | err = 0; | 450 | err = 0; |
445 | break; | 451 | break; |
@@ -528,6 +534,9 @@ static int rfcomm_sock_getname(struct socket *sock, struct sockaddr *addr, int * | |||
528 | 534 | ||
529 | BT_DBG("sock %p, sk %p", sock, sk); | 535 | BT_DBG("sock %p, sk %p", sock, sk); |
530 | 536 | ||
537 | if (peer && sk->sk_state != BT_CONNECTED) | ||
538 | return -ENOTCONN; | ||
539 | |||
531 | memset(sa, 0, sizeof(*sa)); | 540 | memset(sa, 0, sizeof(*sa)); |
532 | sa->rc_family = AF_BLUETOOTH; | 541 | sa->rc_family = AF_BLUETOOTH; |
533 | sa->rc_channel = rfcomm_pi(sk)->channel; | 542 | sa->rc_channel = rfcomm_pi(sk)->channel; |
@@ -648,6 +657,11 @@ static int rfcomm_sock_setsockopt_old(struct socket *sock, int optname, char __u | |||
648 | break; | 657 | break; |
649 | } | 658 | } |
650 | 659 | ||
660 | if (opt & RFCOMM_LM_FIPS) { | ||
661 | err = -EINVAL; | ||
662 | break; | ||
663 | } | ||
664 | |||
651 | if (opt & RFCOMM_LM_AUTH) | 665 | if (opt & RFCOMM_LM_AUTH) |
652 | rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; | 666 | rfcomm_pi(sk)->sec_level = BT_SECURITY_LOW; |
653 | if (opt & RFCOMM_LM_ENCRYPT) | 667 | if (opt & RFCOMM_LM_ENCRYPT) |
@@ -762,7 +776,11 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u | |||
762 | break; | 776 | break; |
763 | case BT_SECURITY_HIGH: | 777 | case BT_SECURITY_HIGH: |
764 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | | 778 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | |
765 | RFCOMM_LM_SECURE; | 779 | RFCOMM_LM_SECURE; |
780 | break; | ||
781 | case BT_SECURITY_FIPS: | ||
782 | opt = RFCOMM_LM_AUTH | RFCOMM_LM_ENCRYPT | | ||
783 | RFCOMM_LM_SECURE | RFCOMM_LM_FIPS; | ||
766 | break; | 784 | break; |
767 | default: | 785 | default: |
768 | opt = 0; | 786 | opt = 0; |
@@ -774,6 +792,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u | |||
774 | 792 | ||
775 | if (put_user(opt, (u32 __user *) optval)) | 793 | if (put_user(opt, (u32 __user *) optval)) |
776 | err = -EFAULT; | 794 | err = -EFAULT; |
795 | |||
777 | break; | 796 | break; |
778 | 797 | ||
779 | case RFCOMM_CONNINFO: | 798 | case RFCOMM_CONNINFO: |
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index f9c0980abeea..403ec09f480a 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c | |||
@@ -40,6 +40,7 @@ | |||
40 | #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ | 40 | #define RFCOMM_TTY_MAJOR 216 /* device node major id of the usb/bluetooth.c driver */ |
41 | #define RFCOMM_TTY_MINOR 0 | 41 | #define RFCOMM_TTY_MINOR 0 |
42 | 42 | ||
43 | static DEFINE_MUTEX(rfcomm_ioctl_mutex); | ||
43 | static struct tty_driver *rfcomm_tty_driver; | 44 | static struct tty_driver *rfcomm_tty_driver; |
44 | 45 | ||
45 | struct rfcomm_dev { | 46 | struct rfcomm_dev { |
@@ -51,6 +52,8 @@ struct rfcomm_dev { | |||
51 | unsigned long flags; | 52 | unsigned long flags; |
52 | int err; | 53 | int err; |
53 | 54 | ||
55 | unsigned long status; /* don't export to userspace */ | ||
56 | |||
54 | bdaddr_t src; | 57 | bdaddr_t src; |
55 | bdaddr_t dst; | 58 | bdaddr_t dst; |
56 | u8 channel; | 59 | u8 channel; |
@@ -58,7 +61,6 @@ struct rfcomm_dev { | |||
58 | uint modem_status; | 61 | uint modem_status; |
59 | 62 | ||
60 | struct rfcomm_dlc *dlc; | 63 | struct rfcomm_dlc *dlc; |
61 | wait_queue_head_t conn_wait; | ||
62 | 64 | ||
63 | struct device *tty_dev; | 65 | struct device *tty_dev; |
64 | 66 | ||
@@ -83,10 +85,6 @@ static void rfcomm_dev_destruct(struct tty_port *port) | |||
83 | 85 | ||
84 | BT_DBG("dev %p dlc %p", dev, dlc); | 86 | BT_DBG("dev %p dlc %p", dev, dlc); |
85 | 87 | ||
86 | spin_lock(&rfcomm_dev_lock); | ||
87 | list_del(&dev->list); | ||
88 | spin_unlock(&rfcomm_dev_lock); | ||
89 | |||
90 | rfcomm_dlc_lock(dlc); | 88 | rfcomm_dlc_lock(dlc); |
91 | /* Detach DLC if it's owned by this dev */ | 89 | /* Detach DLC if it's owned by this dev */ |
92 | if (dlc->owner == dev) | 90 | if (dlc->owner == dev) |
@@ -95,7 +93,12 @@ static void rfcomm_dev_destruct(struct tty_port *port) | |||
95 | 93 | ||
96 | rfcomm_dlc_put(dlc); | 94 | rfcomm_dlc_put(dlc); |
97 | 95 | ||
98 | tty_unregister_device(rfcomm_tty_driver, dev->id); | 96 | if (dev->tty_dev) |
97 | tty_unregister_device(rfcomm_tty_driver, dev->id); | ||
98 | |||
99 | spin_lock(&rfcomm_dev_lock); | ||
100 | list_del(&dev->list); | ||
101 | spin_unlock(&rfcomm_dev_lock); | ||
99 | 102 | ||
100 | kfree(dev); | 103 | kfree(dev); |
101 | 104 | ||
@@ -104,60 +107,24 @@ static void rfcomm_dev_destruct(struct tty_port *port) | |||
104 | module_put(THIS_MODULE); | 107 | module_put(THIS_MODULE); |
105 | } | 108 | } |
106 | 109 | ||
107 | static struct device *rfcomm_get_device(struct rfcomm_dev *dev) | ||
108 | { | ||
109 | struct hci_dev *hdev; | ||
110 | struct hci_conn *conn; | ||
111 | |||
112 | hdev = hci_get_route(&dev->dst, &dev->src); | ||
113 | if (!hdev) | ||
114 | return NULL; | ||
115 | |||
116 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); | ||
117 | |||
118 | hci_dev_put(hdev); | ||
119 | |||
120 | return conn ? &conn->dev : NULL; | ||
121 | } | ||
122 | |||
123 | /* device-specific initialization: open the dlc */ | 110 | /* device-specific initialization: open the dlc */ |
124 | static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) | 111 | static int rfcomm_dev_activate(struct tty_port *port, struct tty_struct *tty) |
125 | { | 112 | { |
126 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); | 113 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); |
127 | DEFINE_WAIT(wait); | ||
128 | int err; | 114 | int err; |
129 | 115 | ||
130 | err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); | 116 | err = rfcomm_dlc_open(dev->dlc, &dev->src, &dev->dst, dev->channel); |
131 | if (err) | 117 | if (err) |
132 | return err; | 118 | set_bit(TTY_IO_ERROR, &tty->flags); |
133 | 119 | return err; | |
134 | while (1) { | 120 | } |
135 | prepare_to_wait(&dev->conn_wait, &wait, TASK_INTERRUPTIBLE); | ||
136 | |||
137 | if (dev->dlc->state == BT_CLOSED) { | ||
138 | err = -dev->err; | ||
139 | break; | ||
140 | } | ||
141 | |||
142 | if (dev->dlc->state == BT_CONNECTED) | ||
143 | break; | ||
144 | |||
145 | if (signal_pending(current)) { | ||
146 | err = -ERESTARTSYS; | ||
147 | break; | ||
148 | } | ||
149 | |||
150 | tty_unlock(tty); | ||
151 | schedule(); | ||
152 | tty_lock(tty); | ||
153 | } | ||
154 | finish_wait(&dev->conn_wait, &wait); | ||
155 | 121 | ||
156 | if (!err) | 122 | /* we block the open until the dlc->state becomes BT_CONNECTED */ |
157 | device_move(dev->tty_dev, rfcomm_get_device(dev), | 123 | static int rfcomm_dev_carrier_raised(struct tty_port *port) |
158 | DPM_ORDER_DEV_AFTER_PARENT); | 124 | { |
125 | struct rfcomm_dev *dev = container_of(port, struct rfcomm_dev, port); | ||
159 | 126 | ||
160 | return err; | 127 | return (dev->dlc->state == BT_CONNECTED); |
161 | } | 128 | } |
162 | 129 | ||
163 | /* device-specific cleanup: close the dlc */ | 130 | /* device-specific cleanup: close the dlc */ |
@@ -176,9 +143,10 @@ static const struct tty_port_operations rfcomm_port_ops = { | |||
176 | .destruct = rfcomm_dev_destruct, | 143 | .destruct = rfcomm_dev_destruct, |
177 | .activate = rfcomm_dev_activate, | 144 | .activate = rfcomm_dev_activate, |
178 | .shutdown = rfcomm_dev_shutdown, | 145 | .shutdown = rfcomm_dev_shutdown, |
146 | .carrier_raised = rfcomm_dev_carrier_raised, | ||
179 | }; | 147 | }; |
180 | 148 | ||
181 | static struct rfcomm_dev *__rfcomm_dev_get(int id) | 149 | static struct rfcomm_dev *__rfcomm_dev_lookup(int id) |
182 | { | 150 | { |
183 | struct rfcomm_dev *dev; | 151 | struct rfcomm_dev *dev; |
184 | 152 | ||
@@ -195,20 +163,41 @@ static struct rfcomm_dev *rfcomm_dev_get(int id) | |||
195 | 163 | ||
196 | spin_lock(&rfcomm_dev_lock); | 164 | spin_lock(&rfcomm_dev_lock); |
197 | 165 | ||
198 | dev = __rfcomm_dev_get(id); | 166 | dev = __rfcomm_dev_lookup(id); |
199 | 167 | ||
200 | if (dev) { | 168 | if (dev && !tty_port_get(&dev->port)) |
201 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) | 169 | dev = NULL; |
202 | dev = NULL; | ||
203 | else | ||
204 | tty_port_get(&dev->port); | ||
205 | } | ||
206 | 170 | ||
207 | spin_unlock(&rfcomm_dev_lock); | 171 | spin_unlock(&rfcomm_dev_lock); |
208 | 172 | ||
209 | return dev; | 173 | return dev; |
210 | } | 174 | } |
211 | 175 | ||
176 | static void rfcomm_reparent_device(struct rfcomm_dev *dev) | ||
177 | { | ||
178 | struct hci_dev *hdev; | ||
179 | struct hci_conn *conn; | ||
180 | |||
181 | hdev = hci_get_route(&dev->dst, &dev->src); | ||
182 | if (!hdev) | ||
183 | return; | ||
184 | |||
185 | /* The lookup results are unsafe to access without the | ||
186 | * hci device lock (FIXME: why is this not documented?) | ||
187 | */ | ||
188 | hci_dev_lock(hdev); | ||
189 | conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst); | ||
190 | |||
191 | /* Just because the acl link is in the hash table is no | ||
192 | * guarantee the sysfs device has been added ... | ||
193 | */ | ||
194 | if (conn && device_is_registered(&conn->dev)) | ||
195 | device_move(dev->tty_dev, &conn->dev, DPM_ORDER_DEV_AFTER_PARENT); | ||
196 | |||
197 | hci_dev_unlock(hdev); | ||
198 | hci_dev_put(hdev); | ||
199 | } | ||
200 | |||
212 | static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) | 201 | static ssize_t show_address(struct device *tty_dev, struct device_attribute *attr, char *buf) |
213 | { | 202 | { |
214 | struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); | 203 | struct rfcomm_dev *dev = dev_get_drvdata(tty_dev); |
@@ -224,17 +213,16 @@ static ssize_t show_channel(struct device *tty_dev, struct device_attribute *att | |||
224 | static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); | 213 | static DEVICE_ATTR(address, S_IRUGO, show_address, NULL); |
225 | static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); | 214 | static DEVICE_ATTR(channel, S_IRUGO, show_channel, NULL); |
226 | 215 | ||
227 | static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | 216 | static struct rfcomm_dev *__rfcomm_dev_add(struct rfcomm_dev_req *req, |
217 | struct rfcomm_dlc *dlc) | ||
228 | { | 218 | { |
229 | struct rfcomm_dev *dev, *entry; | 219 | struct rfcomm_dev *dev, *entry; |
230 | struct list_head *head = &rfcomm_dev_list; | 220 | struct list_head *head = &rfcomm_dev_list; |
231 | int err = 0; | 221 | int err = 0; |
232 | 222 | ||
233 | BT_DBG("id %d channel %d", req->dev_id, req->channel); | ||
234 | |||
235 | dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); | 223 | dev = kzalloc(sizeof(struct rfcomm_dev), GFP_KERNEL); |
236 | if (!dev) | 224 | if (!dev) |
237 | return -ENOMEM; | 225 | return ERR_PTR(-ENOMEM); |
238 | 226 | ||
239 | spin_lock(&rfcomm_dev_lock); | 227 | spin_lock(&rfcomm_dev_lock); |
240 | 228 | ||
@@ -282,7 +270,6 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | |||
282 | 270 | ||
283 | tty_port_init(&dev->port); | 271 | tty_port_init(&dev->port); |
284 | dev->port.ops = &rfcomm_port_ops; | 272 | dev->port.ops = &rfcomm_port_ops; |
285 | init_waitqueue_head(&dev->conn_wait); | ||
286 | 273 | ||
287 | skb_queue_head_init(&dev->pending); | 274 | skb_queue_head_init(&dev->pending); |
288 | 275 | ||
@@ -318,22 +305,37 @@ static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | |||
318 | holds reference to this module. */ | 305 | holds reference to this module. */ |
319 | __module_get(THIS_MODULE); | 306 | __module_get(THIS_MODULE); |
320 | 307 | ||
308 | spin_unlock(&rfcomm_dev_lock); | ||
309 | return dev; | ||
310 | |||
321 | out: | 311 | out: |
322 | spin_unlock(&rfcomm_dev_lock); | 312 | spin_unlock(&rfcomm_dev_lock); |
313 | kfree(dev); | ||
314 | return ERR_PTR(err); | ||
315 | } | ||
316 | |||
317 | static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) | ||
318 | { | ||
319 | struct rfcomm_dev *dev; | ||
320 | struct device *tty; | ||
321 | |||
322 | BT_DBG("id %d channel %d", req->dev_id, req->channel); | ||
323 | 323 | ||
324 | if (err < 0) | 324 | dev = __rfcomm_dev_add(req, dlc); |
325 | goto free; | 325 | if (IS_ERR(dev)) { |
326 | rfcomm_dlc_put(dlc); | ||
327 | return PTR_ERR(dev); | ||
328 | } | ||
326 | 329 | ||
327 | dev->tty_dev = tty_port_register_device(&dev->port, rfcomm_tty_driver, | 330 | tty = tty_port_register_device(&dev->port, rfcomm_tty_driver, |
328 | dev->id, NULL); | 331 | dev->id, NULL); |
329 | if (IS_ERR(dev->tty_dev)) { | 332 | if (IS_ERR(tty)) { |
330 | err = PTR_ERR(dev->tty_dev); | 333 | tty_port_put(&dev->port); |
331 | spin_lock(&rfcomm_dev_lock); | 334 | return PTR_ERR(tty); |
332 | list_del(&dev->list); | ||
333 | spin_unlock(&rfcomm_dev_lock); | ||
334 | goto free; | ||
335 | } | 335 | } |
336 | 336 | ||
337 | dev->tty_dev = tty; | ||
338 | rfcomm_reparent_device(dev); | ||
337 | dev_set_drvdata(dev->tty_dev, dev); | 339 | dev_set_drvdata(dev->tty_dev, dev); |
338 | 340 | ||
339 | if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) | 341 | if (device_create_file(dev->tty_dev, &dev_attr_address) < 0) |
@@ -343,24 +345,23 @@ out: | |||
343 | BT_ERR("Failed to create channel attribute"); | 345 | BT_ERR("Failed to create channel attribute"); |
344 | 346 | ||
345 | return dev->id; | 347 | return dev->id; |
346 | |||
347 | free: | ||
348 | kfree(dev); | ||
349 | return err; | ||
350 | } | 348 | } |
351 | 349 | ||
352 | /* ---- Send buffer ---- */ | 350 | /* ---- Send buffer ---- */ |
353 | static inline unsigned int rfcomm_room(struct rfcomm_dlc *dlc) | 351 | static inline unsigned int rfcomm_room(struct rfcomm_dev *dev) |
354 | { | 352 | { |
355 | /* We can't let it be zero, because we don't get a callback | 353 | struct rfcomm_dlc *dlc = dev->dlc; |
356 | when tx_credits becomes nonzero, hence we'd never wake up */ | 354 | |
357 | return dlc->mtu * (dlc->tx_credits?:1); | 355 | /* Limit the outstanding number of packets not yet sent to 40 */ |
356 | int pending = 40 - atomic_read(&dev->wmem_alloc); | ||
357 | |||
358 | return max(0, pending) * dlc->mtu; | ||
358 | } | 359 | } |
359 | 360 | ||
360 | static void rfcomm_wfree(struct sk_buff *skb) | 361 | static void rfcomm_wfree(struct sk_buff *skb) |
361 | { | 362 | { |
362 | struct rfcomm_dev *dev = (void *) skb->sk; | 363 | struct rfcomm_dev *dev = (void *) skb->sk; |
363 | atomic_sub(skb->truesize, &dev->wmem_alloc); | 364 | atomic_dec(&dev->wmem_alloc); |
364 | if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) | 365 | if (test_bit(RFCOMM_TTY_ATTACHED, &dev->flags)) |
365 | tty_port_tty_wakeup(&dev->port); | 366 | tty_port_tty_wakeup(&dev->port); |
366 | tty_port_put(&dev->port); | 367 | tty_port_put(&dev->port); |
@@ -369,28 +370,24 @@ static void rfcomm_wfree(struct sk_buff *skb) | |||
369 | static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) | 370 | static void rfcomm_set_owner_w(struct sk_buff *skb, struct rfcomm_dev *dev) |
370 | { | 371 | { |
371 | tty_port_get(&dev->port); | 372 | tty_port_get(&dev->port); |
372 | atomic_add(skb->truesize, &dev->wmem_alloc); | 373 | atomic_inc(&dev->wmem_alloc); |
373 | skb->sk = (void *) dev; | 374 | skb->sk = (void *) dev; |
374 | skb->destructor = rfcomm_wfree; | 375 | skb->destructor = rfcomm_wfree; |
375 | } | 376 | } |
376 | 377 | ||
377 | static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) | 378 | static struct sk_buff *rfcomm_wmalloc(struct rfcomm_dev *dev, unsigned long size, gfp_t priority) |
378 | { | 379 | { |
379 | if (atomic_read(&dev->wmem_alloc) < rfcomm_room(dev->dlc)) { | 380 | struct sk_buff *skb = alloc_skb(size, priority); |
380 | struct sk_buff *skb = alloc_skb(size, priority); | 381 | if (skb) |
381 | if (skb) { | 382 | rfcomm_set_owner_w(skb, dev); |
382 | rfcomm_set_owner_w(skb, dev); | 383 | return skb; |
383 | return skb; | ||
384 | } | ||
385 | } | ||
386 | return NULL; | ||
387 | } | 384 | } |
388 | 385 | ||
389 | /* ---- Device IOCTLs ---- */ | 386 | /* ---- Device IOCTLs ---- */ |
390 | 387 | ||
391 | #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) | 388 | #define NOCAP_FLAGS ((1 << RFCOMM_REUSE_DLC) | (1 << RFCOMM_RELEASE_ONHUP)) |
392 | 389 | ||
393 | static int rfcomm_create_dev(struct sock *sk, void __user *arg) | 390 | static int __rfcomm_create_dev(struct sock *sk, void __user *arg) |
394 | { | 391 | { |
395 | struct rfcomm_dev_req req; | 392 | struct rfcomm_dev_req req; |
396 | struct rfcomm_dlc *dlc; | 393 | struct rfcomm_dlc *dlc; |
@@ -412,16 +409,22 @@ static int rfcomm_create_dev(struct sock *sk, void __user *arg) | |||
412 | dlc = rfcomm_pi(sk)->dlc; | 409 | dlc = rfcomm_pi(sk)->dlc; |
413 | rfcomm_dlc_hold(dlc); | 410 | rfcomm_dlc_hold(dlc); |
414 | } else { | 411 | } else { |
412 | /* Validate the channel is unused */ | ||
413 | dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel); | ||
414 | if (IS_ERR(dlc)) | ||
415 | return PTR_ERR(dlc); | ||
416 | else if (dlc) { | ||
417 | rfcomm_dlc_put(dlc); | ||
418 | return -EBUSY; | ||
419 | } | ||
415 | dlc = rfcomm_dlc_alloc(GFP_KERNEL); | 420 | dlc = rfcomm_dlc_alloc(GFP_KERNEL); |
416 | if (!dlc) | 421 | if (!dlc) |
417 | return -ENOMEM; | 422 | return -ENOMEM; |
418 | } | 423 | } |
419 | 424 | ||
420 | id = rfcomm_dev_add(&req, dlc); | 425 | id = rfcomm_dev_add(&req, dlc); |
421 | if (id < 0) { | 426 | if (id < 0) |
422 | rfcomm_dlc_put(dlc); | ||
423 | return id; | 427 | return id; |
424 | } | ||
425 | 428 | ||
426 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { | 429 | if (req.flags & (1 << RFCOMM_REUSE_DLC)) { |
427 | /* DLC is now used by device. | 430 | /* DLC is now used by device. |
@@ -432,7 +435,7 @@ static int rfcomm_create_dev(struct sock *sk, void __user *arg) | |||
432 | return id; | 435 | return id; |
433 | } | 436 | } |
434 | 437 | ||
435 | static int rfcomm_release_dev(void __user *arg) | 438 | static int __rfcomm_release_dev(void __user *arg) |
436 | { | 439 | { |
437 | struct rfcomm_dev_req req; | 440 | struct rfcomm_dev_req req; |
438 | struct rfcomm_dev *dev; | 441 | struct rfcomm_dev *dev; |
@@ -452,6 +455,12 @@ static int rfcomm_release_dev(void __user *arg) | |||
452 | return -EPERM; | 455 | return -EPERM; |
453 | } | 456 | } |
454 | 457 | ||
458 | /* only release once */ | ||
459 | if (test_and_set_bit(RFCOMM_DEV_RELEASED, &dev->status)) { | ||
460 | tty_port_put(&dev->port); | ||
461 | return -EALREADY; | ||
462 | } | ||
463 | |||
455 | if (req.flags & (1 << RFCOMM_HANGUP_NOW)) | 464 | if (req.flags & (1 << RFCOMM_HANGUP_NOW)) |
456 | rfcomm_dlc_close(dev->dlc, 0); | 465 | rfcomm_dlc_close(dev->dlc, 0); |
457 | 466 | ||
@@ -462,14 +471,35 @@ static int rfcomm_release_dev(void __user *arg) | |||
462 | tty_kref_put(tty); | 471 | tty_kref_put(tty); |
463 | } | 472 | } |
464 | 473 | ||
465 | if (!test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags) && | 474 | if (!test_bit(RFCOMM_TTY_OWNED, &dev->status)) |
466 | !test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)) | ||
467 | tty_port_put(&dev->port); | 475 | tty_port_put(&dev->port); |
468 | 476 | ||
469 | tty_port_put(&dev->port); | 477 | tty_port_put(&dev->port); |
470 | return 0; | 478 | return 0; |
471 | } | 479 | } |
472 | 480 | ||
481 | static int rfcomm_create_dev(struct sock *sk, void __user *arg) | ||
482 | { | ||
483 | int ret; | ||
484 | |||
485 | mutex_lock(&rfcomm_ioctl_mutex); | ||
486 | ret = __rfcomm_create_dev(sk, arg); | ||
487 | mutex_unlock(&rfcomm_ioctl_mutex); | ||
488 | |||
489 | return ret; | ||
490 | } | ||
491 | |||
492 | static int rfcomm_release_dev(void __user *arg) | ||
493 | { | ||
494 | int ret; | ||
495 | |||
496 | mutex_lock(&rfcomm_ioctl_mutex); | ||
497 | ret = __rfcomm_release_dev(arg); | ||
498 | mutex_unlock(&rfcomm_ioctl_mutex); | ||
499 | |||
500 | return ret; | ||
501 | } | ||
502 | |||
473 | static int rfcomm_get_dev_list(void __user *arg) | 503 | static int rfcomm_get_dev_list(void __user *arg) |
474 | { | 504 | { |
475 | struct rfcomm_dev *dev; | 505 | struct rfcomm_dev *dev; |
@@ -497,7 +527,7 @@ static int rfcomm_get_dev_list(void __user *arg) | |||
497 | spin_lock(&rfcomm_dev_lock); | 527 | spin_lock(&rfcomm_dev_lock); |
498 | 528 | ||
499 | list_for_each_entry(dev, &rfcomm_dev_list, list) { | 529 | list_for_each_entry(dev, &rfcomm_dev_list, list) { |
500 | if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) | 530 | if (!tty_port_get(&dev->port)) |
501 | continue; | 531 | continue; |
502 | (di + n)->id = dev->id; | 532 | (di + n)->id = dev->id; |
503 | (di + n)->flags = dev->flags; | 533 | (di + n)->flags = dev->flags; |
@@ -505,6 +535,7 @@ static int rfcomm_get_dev_list(void __user *arg) | |||
505 | (di + n)->channel = dev->channel; | 535 | (di + n)->channel = dev->channel; |
506 | bacpy(&(di + n)->src, &dev->src); | 536 | bacpy(&(di + n)->src, &dev->src); |
507 | bacpy(&(di + n)->dst, &dev->dst); | 537 | bacpy(&(di + n)->dst, &dev->dst); |
538 | tty_port_put(&dev->port); | ||
508 | if (++n >= dev_num) | 539 | if (++n >= dev_num) |
509 | break; | 540 | break; |
510 | } | 541 | } |
@@ -601,9 +632,11 @@ static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err) | |||
601 | BT_DBG("dlc %p dev %p err %d", dlc, dev, err); | 632 | BT_DBG("dlc %p dev %p err %d", dlc, dev, err); |
602 | 633 | ||
603 | dev->err = err; | 634 | dev->err = err; |
604 | wake_up_interruptible(&dev->conn_wait); | 635 | if (dlc->state == BT_CONNECTED) { |
636 | rfcomm_reparent_device(dev); | ||
605 | 637 | ||
606 | if (dlc->state == BT_CLOSED) | 638 | wake_up_interruptible(&dev->port.open_wait); |
639 | } else if (dlc->state == BT_CLOSED) | ||
607 | tty_port_tty_hangup(&dev->port, false); | 640 | tty_port_tty_hangup(&dev->port, false); |
608 | } | 641 | } |
609 | 642 | ||
@@ -703,8 +736,10 @@ static int rfcomm_tty_install(struct tty_driver *driver, struct tty_struct *tty) | |||
703 | * when the last process closes the tty. The behaviour is expected by | 736 | * when the last process closes the tty. The behaviour is expected by |
704 | * userspace. | 737 | * userspace. |
705 | */ | 738 | */ |
706 | if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) | 739 | if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) { |
740 | set_bit(RFCOMM_TTY_OWNED, &dev->status); | ||
707 | tty_port_put(&dev->port); | 741 | tty_port_put(&dev->port); |
742 | } | ||
708 | 743 | ||
709 | return 0; | 744 | return 0; |
710 | } | 745 | } |
@@ -750,7 +785,7 @@ static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, in | |||
750 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; | 785 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; |
751 | struct rfcomm_dlc *dlc = dev->dlc; | 786 | struct rfcomm_dlc *dlc = dev->dlc; |
752 | struct sk_buff *skb; | 787 | struct sk_buff *skb; |
753 | int err = 0, sent = 0, size; | 788 | int sent = 0, size; |
754 | 789 | ||
755 | BT_DBG("tty %p count %d", tty, count); | 790 | BT_DBG("tty %p count %d", tty, count); |
756 | 791 | ||
@@ -758,7 +793,6 @@ static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, in | |||
758 | size = min_t(uint, count, dlc->mtu); | 793 | size = min_t(uint, count, dlc->mtu); |
759 | 794 | ||
760 | skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); | 795 | skb = rfcomm_wmalloc(dev, size + RFCOMM_SKB_RESERVE, GFP_ATOMIC); |
761 | |||
762 | if (!skb) | 796 | if (!skb) |
763 | break; | 797 | break; |
764 | 798 | ||
@@ -766,32 +800,24 @@ static int rfcomm_tty_write(struct tty_struct *tty, const unsigned char *buf, in | |||
766 | 800 | ||
767 | memcpy(skb_put(skb, size), buf + sent, size); | 801 | memcpy(skb_put(skb, size), buf + sent, size); |
768 | 802 | ||
769 | err = rfcomm_dlc_send(dlc, skb); | 803 | rfcomm_dlc_send_noerror(dlc, skb); |
770 | if (err < 0) { | ||
771 | kfree_skb(skb); | ||
772 | break; | ||
773 | } | ||
774 | 804 | ||
775 | sent += size; | 805 | sent += size; |
776 | count -= size; | 806 | count -= size; |
777 | } | 807 | } |
778 | 808 | ||
779 | return sent ? sent : err; | 809 | return sent; |
780 | } | 810 | } |
781 | 811 | ||
782 | static int rfcomm_tty_write_room(struct tty_struct *tty) | 812 | static int rfcomm_tty_write_room(struct tty_struct *tty) |
783 | { | 813 | { |
784 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; | 814 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; |
785 | int room; | 815 | int room = 0; |
786 | 816 | ||
787 | BT_DBG("tty %p", tty); | 817 | if (dev && dev->dlc) |
788 | 818 | room = rfcomm_room(dev); | |
789 | if (!dev || !dev->dlc) | ||
790 | return 0; | ||
791 | 819 | ||
792 | room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); | 820 | BT_DBG("tty %p room %d", tty, room); |
793 | if (room < 0) | ||
794 | room = 0; | ||
795 | 821 | ||
796 | return room; | 822 | return room; |
797 | } | 823 | } |
@@ -1125,7 +1151,7 @@ int __init rfcomm_init_ttys(void) | |||
1125 | rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; | 1151 | rfcomm_tty_driver->subtype = SERIAL_TYPE_NORMAL; |
1126 | rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; | 1152 | rfcomm_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_DYNAMIC_DEV; |
1127 | rfcomm_tty_driver->init_termios = tty_std_termios; | 1153 | rfcomm_tty_driver->init_termios = tty_std_termios; |
1128 | rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL; | 1154 | rfcomm_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL; |
1129 | rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; | 1155 | rfcomm_tty_driver->init_termios.c_lflag &= ~ICANON; |
1130 | tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); | 1156 | tty_set_operations(rfcomm_tty_driver, &rfcomm_ops); |
1131 | 1157 | ||
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 45007362683b..f886bcae1b7e 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
@@ -78,6 +78,70 @@ static int smp_e(struct crypto_blkcipher *tfm, const u8 *k, u8 *r) | |||
78 | return err; | 78 | return err; |
79 | } | 79 | } |
80 | 80 | ||
81 | static int smp_ah(struct crypto_blkcipher *tfm, u8 irk[16], u8 r[3], u8 res[3]) | ||
82 | { | ||
83 | u8 _res[16], k[16]; | ||
84 | int err; | ||
85 | |||
86 | /* r' = padding || r */ | ||
87 | memset(_res, 0, 13); | ||
88 | _res[13] = r[2]; | ||
89 | _res[14] = r[1]; | ||
90 | _res[15] = r[0]; | ||
91 | |||
92 | swap128(irk, k); | ||
93 | err = smp_e(tfm, k, _res); | ||
94 | if (err) { | ||
95 | BT_ERR("Encrypt error"); | ||
96 | return err; | ||
97 | } | ||
98 | |||
99 | /* The output of the random address function ah is: | ||
100 | * ah(h, r) = e(k, r') mod 2^24 | ||
101 | * The output of the security function e is then truncated to 24 bits | ||
102 | * by taking the least significant 24 bits of the output of e as the | ||
103 | * result of ah. | ||
104 | */ | ||
105 | res[0] = _res[15]; | ||
106 | res[1] = _res[14]; | ||
107 | res[2] = _res[13]; | ||
108 | |||
109 | return 0; | ||
110 | } | ||
111 | |||
112 | bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16], | ||
113 | bdaddr_t *bdaddr) | ||
114 | { | ||
115 | u8 hash[3]; | ||
116 | int err; | ||
117 | |||
118 | BT_DBG("RPA %pMR IRK %*phN", bdaddr, 16, irk); | ||
119 | |||
120 | err = smp_ah(tfm, irk, &bdaddr->b[3], hash); | ||
121 | if (err) | ||
122 | return false; | ||
123 | |||
124 | return !memcmp(bdaddr->b, hash, 3); | ||
125 | } | ||
126 | |||
127 | int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa) | ||
128 | { | ||
129 | int err; | ||
130 | |||
131 | get_random_bytes(&rpa->b[3], 3); | ||
132 | |||
133 | rpa->b[5] &= 0x3f; /* Clear two most significant bits */ | ||
134 | rpa->b[5] |= 0x40; /* Set second most significant bit */ | ||
135 | |||
136 | err = smp_ah(tfm, irk, &rpa->b[3], rpa->b); | ||
137 | if (err < 0) | ||
138 | return err; | ||
139 | |||
140 | BT_DBG("RPA %pMR", rpa); | ||
141 | |||
142 | return 0; | ||
143 | } | ||
144 | |||
81 | static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], | 145 | static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16], |
82 | u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, | 146 | u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia, |
83 | u8 _rat, bdaddr_t *ra, u8 res[16]) | 147 | u8 _rat, bdaddr_t *ra, u8 res[16]) |
@@ -203,31 +267,45 @@ static void build_pairing_cmd(struct l2cap_conn *conn, | |||
203 | struct smp_cmd_pairing *req, | 267 | struct smp_cmd_pairing *req, |
204 | struct smp_cmd_pairing *rsp, __u8 authreq) | 268 | struct smp_cmd_pairing *rsp, __u8 authreq) |
205 | { | 269 | { |
206 | u8 dist_keys = 0; | 270 | struct smp_chan *smp = conn->smp_chan; |
271 | struct hci_conn *hcon = conn->hcon; | ||
272 | struct hci_dev *hdev = hcon->hdev; | ||
273 | u8 local_dist = 0, remote_dist = 0; | ||
207 | 274 | ||
208 | if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { | 275 | if (test_bit(HCI_PAIRABLE, &conn->hcon->hdev->dev_flags)) { |
209 | dist_keys = SMP_DIST_ENC_KEY; | 276 | local_dist = SMP_DIST_ENC_KEY; |
277 | remote_dist = SMP_DIST_ENC_KEY; | ||
210 | authreq |= SMP_AUTH_BONDING; | 278 | authreq |= SMP_AUTH_BONDING; |
211 | } else { | 279 | } else { |
212 | authreq &= ~SMP_AUTH_BONDING; | 280 | authreq &= ~SMP_AUTH_BONDING; |
213 | } | 281 | } |
214 | 282 | ||
283 | if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags)) | ||
284 | remote_dist |= SMP_DIST_ID_KEY; | ||
285 | |||
286 | if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) | ||
287 | local_dist |= SMP_DIST_ID_KEY; | ||
288 | |||
215 | if (rsp == NULL) { | 289 | if (rsp == NULL) { |
216 | req->io_capability = conn->hcon->io_capability; | 290 | req->io_capability = conn->hcon->io_capability; |
217 | req->oob_flag = SMP_OOB_NOT_PRESENT; | 291 | req->oob_flag = SMP_OOB_NOT_PRESENT; |
218 | req->max_key_size = SMP_MAX_ENC_KEY_SIZE; | 292 | req->max_key_size = SMP_MAX_ENC_KEY_SIZE; |
219 | req->init_key_dist = 0; | 293 | req->init_key_dist = local_dist; |
220 | req->resp_key_dist = dist_keys; | 294 | req->resp_key_dist = remote_dist; |
221 | req->auth_req = (authreq & AUTH_REQ_MASK); | 295 | req->auth_req = (authreq & AUTH_REQ_MASK); |
296 | |||
297 | smp->remote_key_dist = remote_dist; | ||
222 | return; | 298 | return; |
223 | } | 299 | } |
224 | 300 | ||
225 | rsp->io_capability = conn->hcon->io_capability; | 301 | rsp->io_capability = conn->hcon->io_capability; |
226 | rsp->oob_flag = SMP_OOB_NOT_PRESENT; | 302 | rsp->oob_flag = SMP_OOB_NOT_PRESENT; |
227 | rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; | 303 | rsp->max_key_size = SMP_MAX_ENC_KEY_SIZE; |
228 | rsp->init_key_dist = 0; | 304 | rsp->init_key_dist = req->init_key_dist & remote_dist; |
229 | rsp->resp_key_dist = req->resp_key_dist & dist_keys; | 305 | rsp->resp_key_dist = req->resp_key_dist & local_dist; |
230 | rsp->auth_req = (authreq & AUTH_REQ_MASK); | 306 | rsp->auth_req = (authreq & AUTH_REQ_MASK); |
307 | |||
308 | smp->remote_key_dist = rsp->init_key_dist; | ||
231 | } | 309 | } |
232 | 310 | ||
233 | static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) | 311 | static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size) |
@@ -356,29 +434,23 @@ static void confirm_work(struct work_struct *work) | |||
356 | { | 434 | { |
357 | struct smp_chan *smp = container_of(work, struct smp_chan, confirm); | 435 | struct smp_chan *smp = container_of(work, struct smp_chan, confirm); |
358 | struct l2cap_conn *conn = smp->conn; | 436 | struct l2cap_conn *conn = smp->conn; |
359 | struct crypto_blkcipher *tfm; | 437 | struct hci_dev *hdev = conn->hcon->hdev; |
438 | struct crypto_blkcipher *tfm = hdev->tfm_aes; | ||
360 | struct smp_cmd_pairing_confirm cp; | 439 | struct smp_cmd_pairing_confirm cp; |
361 | int ret; | 440 | int ret; |
362 | u8 res[16], reason; | 441 | u8 res[16], reason; |
363 | 442 | ||
364 | BT_DBG("conn %p", conn); | 443 | BT_DBG("conn %p", conn); |
365 | 444 | ||
366 | tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC); | 445 | /* Prevent mutual access to hdev->tfm_aes */ |
367 | if (IS_ERR(tfm)) { | 446 | hci_dev_lock(hdev); |
368 | reason = SMP_UNSPECIFIED; | ||
369 | goto error; | ||
370 | } | ||
371 | 447 | ||
372 | smp->tfm = tfm; | 448 | ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, |
449 | conn->hcon->init_addr_type, &conn->hcon->init_addr, | ||
450 | conn->hcon->resp_addr_type, &conn->hcon->resp_addr, res); | ||
451 | |||
452 | hci_dev_unlock(hdev); | ||
373 | 453 | ||
374 | if (conn->hcon->out) | ||
375 | ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, | ||
376 | conn->hcon->src_type, &conn->hcon->src, | ||
377 | conn->hcon->dst_type, &conn->hcon->dst, res); | ||
378 | else | ||
379 | ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp, | ||
380 | conn->hcon->dst_type, &conn->hcon->dst, | ||
381 | conn->hcon->src_type, &conn->hcon->src, res); | ||
382 | if (ret) { | 454 | if (ret) { |
383 | reason = SMP_UNSPECIFIED; | 455 | reason = SMP_UNSPECIFIED; |
384 | goto error; | 456 | goto error; |
@@ -400,7 +472,8 @@ static void random_work(struct work_struct *work) | |||
400 | struct smp_chan *smp = container_of(work, struct smp_chan, random); | 472 | struct smp_chan *smp = container_of(work, struct smp_chan, random); |
401 | struct l2cap_conn *conn = smp->conn; | 473 | struct l2cap_conn *conn = smp->conn; |
402 | struct hci_conn *hcon = conn->hcon; | 474 | struct hci_conn *hcon = conn->hcon; |
403 | struct crypto_blkcipher *tfm = smp->tfm; | 475 | struct hci_dev *hdev = hcon->hdev; |
476 | struct crypto_blkcipher *tfm = hdev->tfm_aes; | ||
404 | u8 reason, confirm[16], res[16], key[16]; | 477 | u8 reason, confirm[16], res[16], key[16]; |
405 | int ret; | 478 | int ret; |
406 | 479 | ||
@@ -411,14 +484,15 @@ static void random_work(struct work_struct *work) | |||
411 | 484 | ||
412 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); | 485 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); |
413 | 486 | ||
414 | if (hcon->out) | 487 | /* Prevent mutual access to hdev->tfm_aes */ |
415 | ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, | 488 | hci_dev_lock(hdev); |
416 | hcon->src_type, &hcon->src, | 489 | |
417 | hcon->dst_type, &hcon->dst, res); | 490 | ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, |
418 | else | 491 | hcon->init_addr_type, &hcon->init_addr, |
419 | ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp, | 492 | hcon->resp_addr_type, &hcon->resp_addr, res); |
420 | hcon->dst_type, &hcon->dst, | 493 | |
421 | hcon->src_type, &hcon->src, res); | 494 | hci_dev_unlock(hdev); |
495 | |||
422 | if (ret) { | 496 | if (ret) { |
423 | reason = SMP_UNSPECIFIED; | 497 | reason = SMP_UNSPECIFIED; |
424 | goto error; | 498 | goto error; |
@@ -433,11 +507,9 @@ static void random_work(struct work_struct *work) | |||
433 | } | 507 | } |
434 | 508 | ||
435 | if (hcon->out) { | 509 | if (hcon->out) { |
436 | u8 stk[16], rand[8]; | 510 | u8 stk[16]; |
437 | __le16 ediv; | 511 | __le64 rand = 0; |
438 | 512 | __le16 ediv = 0; | |
439 | memset(rand, 0, sizeof(rand)); | ||
440 | ediv = 0; | ||
441 | 513 | ||
442 | smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key); | 514 | smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key); |
443 | swap128(key, stk); | 515 | swap128(key, stk); |
@@ -453,11 +525,9 @@ static void random_work(struct work_struct *work) | |||
453 | hci_le_start_enc(hcon, ediv, rand, stk); | 525 | hci_le_start_enc(hcon, ediv, rand, stk); |
454 | hcon->enc_key_size = smp->enc_key_size; | 526 | hcon->enc_key_size = smp->enc_key_size; |
455 | } else { | 527 | } else { |
456 | u8 stk[16], r[16], rand[8]; | 528 | u8 stk[16], r[16]; |
457 | __le16 ediv; | 529 | __le64 rand = 0; |
458 | 530 | __le16 ediv = 0; | |
459 | memset(rand, 0, sizeof(rand)); | ||
460 | ediv = 0; | ||
461 | 531 | ||
462 | swap128(smp->prnd, r); | 532 | swap128(smp->prnd, r); |
463 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); | 533 | smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r); |
@@ -469,7 +539,7 @@ static void random_work(struct work_struct *work) | |||
469 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); | 539 | SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size); |
470 | 540 | ||
471 | hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, | 541 | hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, |
472 | HCI_SMP_STK_SLAVE, 0, 0, stk, smp->enc_key_size, | 542 | HCI_SMP_STK_SLAVE, 0, stk, smp->enc_key_size, |
473 | ediv, rand); | 543 | ediv, rand); |
474 | } | 544 | } |
475 | 545 | ||
@@ -479,6 +549,20 @@ error: | |||
479 | smp_failure(conn, reason); | 549 | smp_failure(conn, reason); |
480 | } | 550 | } |
481 | 551 | ||
552 | static void smp_reencrypt(struct work_struct *work) | ||
553 | { | ||
554 | struct smp_chan *smp = container_of(work, struct smp_chan, | ||
555 | reencrypt.work); | ||
556 | struct l2cap_conn *conn = smp->conn; | ||
557 | struct hci_conn *hcon = conn->hcon; | ||
558 | struct smp_ltk *ltk = smp->ltk; | ||
559 | |||
560 | BT_DBG(""); | ||
561 | |||
562 | hci_le_start_enc(hcon, ltk->ediv, ltk->rand, ltk->val); | ||
563 | hcon->enc_key_size = ltk->enc_size; | ||
564 | } | ||
565 | |||
482 | static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) | 566 | static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) |
483 | { | 567 | { |
484 | struct smp_chan *smp; | 568 | struct smp_chan *smp; |
@@ -489,6 +573,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) | |||
489 | 573 | ||
490 | INIT_WORK(&smp->confirm, confirm_work); | 574 | INIT_WORK(&smp->confirm, confirm_work); |
491 | INIT_WORK(&smp->random, random_work); | 575 | INIT_WORK(&smp->random, random_work); |
576 | INIT_DELAYED_WORK(&smp->reencrypt, smp_reencrypt); | ||
492 | 577 | ||
493 | smp->conn = conn; | 578 | smp->conn = conn; |
494 | conn->smp_chan = smp; | 579 | conn->smp_chan = smp; |
@@ -502,11 +587,32 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) | |||
502 | void smp_chan_destroy(struct l2cap_conn *conn) | 587 | void smp_chan_destroy(struct l2cap_conn *conn) |
503 | { | 588 | { |
504 | struct smp_chan *smp = conn->smp_chan; | 589 | struct smp_chan *smp = conn->smp_chan; |
590 | bool complete; | ||
505 | 591 | ||
506 | BUG_ON(!smp); | 592 | BUG_ON(!smp); |
507 | 593 | ||
508 | if (smp->tfm) | 594 | cancel_delayed_work_sync(&smp->reencrypt); |
509 | crypto_free_blkcipher(smp->tfm); | 595 | |
596 | complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); | ||
597 | mgmt_smp_complete(conn->hcon, complete); | ||
598 | |||
599 | /* If pairing failed clean up any keys we might have */ | ||
600 | if (!complete) { | ||
601 | if (smp->ltk) { | ||
602 | list_del(&smp->ltk->list); | ||
603 | kfree(smp->ltk); | ||
604 | } | ||
605 | |||
606 | if (smp->slave_ltk) { | ||
607 | list_del(&smp->slave_ltk->list); | ||
608 | kfree(smp->slave_ltk); | ||
609 | } | ||
610 | |||
611 | if (smp->remote_irk) { | ||
612 | list_del(&smp->remote_irk->list); | ||
613 | kfree(smp->remote_irk); | ||
614 | } | ||
615 | } | ||
510 | 616 | ||
511 | kfree(smp); | 617 | kfree(smp); |
512 | conn->smp_chan = NULL; | 618 | conn->smp_chan = NULL; |
@@ -565,6 +671,9 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
565 | 671 | ||
566 | BT_DBG("conn %p", conn); | 672 | BT_DBG("conn %p", conn); |
567 | 673 | ||
674 | if (skb->len < sizeof(*req)) | ||
675 | return SMP_UNSPECIFIED; | ||
676 | |||
568 | if (conn->hcon->link_mode & HCI_LM_MASTER) | 677 | if (conn->hcon->link_mode & HCI_LM_MASTER) |
569 | return SMP_CMD_NOTSUPP; | 678 | return SMP_CMD_NOTSUPP; |
570 | 679 | ||
@@ -617,6 +726,9 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) | |||
617 | 726 | ||
618 | BT_DBG("conn %p", conn); | 727 | BT_DBG("conn %p", conn); |
619 | 728 | ||
729 | if (skb->len < sizeof(*rsp)) | ||
730 | return SMP_UNSPECIFIED; | ||
731 | |||
620 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) | 732 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) |
621 | return SMP_CMD_NOTSUPP; | 733 | return SMP_CMD_NOTSUPP; |
622 | 734 | ||
@@ -661,6 +773,9 @@ static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb) | |||
661 | 773 | ||
662 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); | 774 | BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave"); |
663 | 775 | ||
776 | if (skb->len < sizeof(smp->pcnf)) | ||
777 | return SMP_UNSPECIFIED; | ||
778 | |||
664 | memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); | 779 | memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf)); |
665 | skb_pull(skb, sizeof(smp->pcnf)); | 780 | skb_pull(skb, sizeof(smp->pcnf)); |
666 | 781 | ||
@@ -686,6 +801,9 @@ static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb) | |||
686 | 801 | ||
687 | BT_DBG("conn %p", conn); | 802 | BT_DBG("conn %p", conn); |
688 | 803 | ||
804 | if (skb->len < sizeof(smp->rrnd)) | ||
805 | return SMP_UNSPECIFIED; | ||
806 | |||
689 | swap128(skb->data, smp->rrnd); | 807 | swap128(skb->data, smp->rrnd); |
690 | skb_pull(skb, sizeof(smp->rrnd)); | 808 | skb_pull(skb, sizeof(smp->rrnd)); |
691 | 809 | ||
@@ -699,7 +817,8 @@ static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level) | |||
699 | struct smp_ltk *key; | 817 | struct smp_ltk *key; |
700 | struct hci_conn *hcon = conn->hcon; | 818 | struct hci_conn *hcon = conn->hcon; |
701 | 819 | ||
702 | key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type); | 820 | key = hci_find_ltk_by_addr(hcon->hdev, &hcon->dst, hcon->dst_type, |
821 | hcon->out); | ||
703 | if (!key) | 822 | if (!key) |
704 | return 0; | 823 | return 0; |
705 | 824 | ||
@@ -724,6 +843,9 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
724 | 843 | ||
725 | BT_DBG("conn %p", conn); | 844 | BT_DBG("conn %p", conn); |
726 | 845 | ||
846 | if (skb->len < sizeof(*rp)) | ||
847 | return SMP_UNSPECIFIED; | ||
848 | |||
727 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) | 849 | if (!(conn->hcon->link_mode & HCI_LM_MASTER)) |
728 | return SMP_CMD_NOTSUPP; | 850 | return SMP_CMD_NOTSUPP; |
729 | 851 | ||
@@ -813,6 +935,15 @@ static int smp_cmd_encrypt_info(struct l2cap_conn *conn, struct sk_buff *skb) | |||
813 | struct smp_cmd_encrypt_info *rp = (void *) skb->data; | 935 | struct smp_cmd_encrypt_info *rp = (void *) skb->data; |
814 | struct smp_chan *smp = conn->smp_chan; | 936 | struct smp_chan *smp = conn->smp_chan; |
815 | 937 | ||
938 | BT_DBG("conn %p", conn); | ||
939 | |||
940 | if (skb->len < sizeof(*rp)) | ||
941 | return SMP_UNSPECIFIED; | ||
942 | |||
943 | /* Ignore this PDU if it wasn't requested */ | ||
944 | if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) | ||
945 | return 0; | ||
946 | |||
816 | skb_pull(skb, sizeof(*rp)); | 947 | skb_pull(skb, sizeof(*rp)); |
817 | 948 | ||
818 | memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); | 949 | memcpy(smp->tk, rp->ltk, sizeof(smp->tk)); |
@@ -826,21 +957,114 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb) | |||
826 | struct smp_chan *smp = conn->smp_chan; | 957 | struct smp_chan *smp = conn->smp_chan; |
827 | struct hci_dev *hdev = conn->hcon->hdev; | 958 | struct hci_dev *hdev = conn->hcon->hdev; |
828 | struct hci_conn *hcon = conn->hcon; | 959 | struct hci_conn *hcon = conn->hcon; |
960 | struct smp_ltk *ltk; | ||
829 | u8 authenticated; | 961 | u8 authenticated; |
830 | 962 | ||
963 | BT_DBG("conn %p", conn); | ||
964 | |||
965 | if (skb->len < sizeof(*rp)) | ||
966 | return SMP_UNSPECIFIED; | ||
967 | |||
968 | /* Ignore this PDU if it wasn't requested */ | ||
969 | if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY)) | ||
970 | return 0; | ||
971 | |||
972 | /* Mark the information as received */ | ||
973 | smp->remote_key_dist &= ~SMP_DIST_ENC_KEY; | ||
974 | |||
831 | skb_pull(skb, sizeof(*rp)); | 975 | skb_pull(skb, sizeof(*rp)); |
832 | 976 | ||
833 | hci_dev_lock(hdev); | 977 | hci_dev_lock(hdev); |
834 | authenticated = (hcon->sec_level == BT_SECURITY_HIGH); | 978 | authenticated = (hcon->sec_level == BT_SECURITY_HIGH); |
835 | hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK, 1, | 979 | ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, HCI_SMP_LTK, |
836 | authenticated, smp->tk, smp->enc_key_size, | 980 | authenticated, smp->tk, smp->enc_key_size, |
837 | rp->ediv, rp->rand); | 981 | rp->ediv, rp->rand); |
838 | smp_distribute_keys(conn, 1); | 982 | smp->ltk = ltk; |
983 | if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) | ||
984 | smp_distribute_keys(conn); | ||
839 | hci_dev_unlock(hdev); | 985 | hci_dev_unlock(hdev); |
840 | 986 | ||
841 | return 0; | 987 | return 0; |
842 | } | 988 | } |
843 | 989 | ||
990 | static int smp_cmd_ident_info(struct l2cap_conn *conn, struct sk_buff *skb) | ||
991 | { | ||
992 | struct smp_cmd_ident_info *info = (void *) skb->data; | ||
993 | struct smp_chan *smp = conn->smp_chan; | ||
994 | |||
995 | BT_DBG(""); | ||
996 | |||
997 | if (skb->len < sizeof(*info)) | ||
998 | return SMP_UNSPECIFIED; | ||
999 | |||
1000 | /* Ignore this PDU if it wasn't requested */ | ||
1001 | if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) | ||
1002 | return 0; | ||
1003 | |||
1004 | skb_pull(skb, sizeof(*info)); | ||
1005 | |||
1006 | memcpy(smp->irk, info->irk, 16); | ||
1007 | |||
1008 | return 0; | ||
1009 | } | ||
1010 | |||
1011 | static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, | ||
1012 | struct sk_buff *skb) | ||
1013 | { | ||
1014 | struct smp_cmd_ident_addr_info *info = (void *) skb->data; | ||
1015 | struct smp_chan *smp = conn->smp_chan; | ||
1016 | struct hci_conn *hcon = conn->hcon; | ||
1017 | bdaddr_t rpa; | ||
1018 | |||
1019 | BT_DBG(""); | ||
1020 | |||
1021 | if (skb->len < sizeof(*info)) | ||
1022 | return SMP_UNSPECIFIED; | ||
1023 | |||
1024 | /* Ignore this PDU if it wasn't requested */ | ||
1025 | if (!(smp->remote_key_dist & SMP_DIST_ID_KEY)) | ||
1026 | return 0; | ||
1027 | |||
1028 | /* Mark the information as received */ | ||
1029 | smp->remote_key_dist &= ~SMP_DIST_ID_KEY; | ||
1030 | |||
1031 | skb_pull(skb, sizeof(*info)); | ||
1032 | |||
1033 | /* Strictly speaking the Core Specification (4.1) allows sending | ||
1034 | * an empty address which would force us to rely on just the IRK | ||
1035 | * as "identity information". However, since such | ||
1036 | * implementations are not known of and in order to not over | ||
1037 | * complicate our implementation, simply pretend that we never | ||
1038 | * received an IRK for such a device. | ||
1039 | */ | ||
1040 | if (!bacmp(&info->bdaddr, BDADDR_ANY)) { | ||
1041 | BT_ERR("Ignoring IRK with no identity address"); | ||
1042 | smp_distribute_keys(conn); | ||
1043 | return 0; | ||
1044 | } | ||
1045 | |||
1046 | bacpy(&smp->id_addr, &info->bdaddr); | ||
1047 | smp->id_addr_type = info->addr_type; | ||
1048 | |||
1049 | if (hci_bdaddr_is_rpa(&hcon->dst, hcon->dst_type)) | ||
1050 | bacpy(&rpa, &hcon->dst); | ||
1051 | else | ||
1052 | bacpy(&rpa, BDADDR_ANY); | ||
1053 | |||
1054 | smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, | ||
1055 | smp->id_addr_type, smp->irk, &rpa); | ||
1056 | |||
1057 | /* Track the connection based on the Identity Address from now on */ | ||
1058 | bacpy(&hcon->dst, &smp->id_addr); | ||
1059 | hcon->dst_type = smp->id_addr_type; | ||
1060 | |||
1061 | l2cap_conn_update_id_addr(hcon); | ||
1062 | |||
1063 | smp_distribute_keys(conn); | ||
1064 | |||
1065 | return 0; | ||
1066 | } | ||
1067 | |||
844 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) | 1068 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) |
845 | { | 1069 | { |
846 | struct hci_conn *hcon = conn->hcon; | 1070 | struct hci_conn *hcon = conn->hcon; |
@@ -915,7 +1139,13 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) | |||
915 | break; | 1139 | break; |
916 | 1140 | ||
917 | case SMP_CMD_IDENT_INFO: | 1141 | case SMP_CMD_IDENT_INFO: |
1142 | reason = smp_cmd_ident_info(conn, skb); | ||
1143 | break; | ||
1144 | |||
918 | case SMP_CMD_IDENT_ADDR_INFO: | 1145 | case SMP_CMD_IDENT_ADDR_INFO: |
1146 | reason = smp_cmd_ident_addr_info(conn, skb); | ||
1147 | break; | ||
1148 | |||
919 | case SMP_CMD_SIGN_INFO: | 1149 | case SMP_CMD_SIGN_INFO: |
920 | /* Just ignored */ | 1150 | /* Just ignored */ |
921 | reason = 0; | 1151 | reason = 0; |
@@ -937,26 +1167,51 @@ done: | |||
937 | return err; | 1167 | return err; |
938 | } | 1168 | } |
939 | 1169 | ||
940 | int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) | 1170 | static void smp_notify_keys(struct l2cap_conn *conn) |
1171 | { | ||
1172 | struct smp_chan *smp = conn->smp_chan; | ||
1173 | struct hci_conn *hcon = conn->hcon; | ||
1174 | struct hci_dev *hdev = hcon->hdev; | ||
1175 | |||
1176 | if (smp->remote_irk) | ||
1177 | mgmt_new_irk(hdev, smp->remote_irk); | ||
1178 | |||
1179 | if (smp->ltk) { | ||
1180 | smp->ltk->bdaddr_type = hcon->dst_type; | ||
1181 | bacpy(&smp->ltk->bdaddr, &hcon->dst); | ||
1182 | mgmt_new_ltk(hdev, smp->ltk); | ||
1183 | } | ||
1184 | |||
1185 | if (smp->slave_ltk) { | ||
1186 | smp->slave_ltk->bdaddr_type = hcon->dst_type; | ||
1187 | bacpy(&smp->slave_ltk->bdaddr, &hcon->dst); | ||
1188 | mgmt_new_ltk(hdev, smp->slave_ltk); | ||
1189 | } | ||
1190 | } | ||
1191 | |||
1192 | int smp_distribute_keys(struct l2cap_conn *conn) | ||
941 | { | 1193 | { |
942 | struct smp_cmd_pairing *req, *rsp; | 1194 | struct smp_cmd_pairing *req, *rsp; |
943 | struct smp_chan *smp = conn->smp_chan; | 1195 | struct smp_chan *smp = conn->smp_chan; |
1196 | struct hci_conn *hcon = conn->hcon; | ||
1197 | struct hci_dev *hdev = hcon->hdev; | ||
1198 | bool ltk_encrypt; | ||
944 | __u8 *keydist; | 1199 | __u8 *keydist; |
945 | 1200 | ||
946 | BT_DBG("conn %p force %d", conn, force); | 1201 | BT_DBG("conn %p", conn); |
947 | 1202 | ||
948 | if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) | 1203 | if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags)) |
949 | return 0; | 1204 | return 0; |
950 | 1205 | ||
951 | rsp = (void *) &smp->prsp[1]; | 1206 | rsp = (void *) &smp->prsp[1]; |
952 | 1207 | ||
953 | /* The responder sends its keys first */ | 1208 | /* The responder sends its keys first */ |
954 | if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07)) | 1209 | if (hcon->out && (smp->remote_key_dist & 0x07)) |
955 | return 0; | 1210 | return 0; |
956 | 1211 | ||
957 | req = (void *) &smp->preq[1]; | 1212 | req = (void *) &smp->preq[1]; |
958 | 1213 | ||
959 | if (conn->hcon->out) { | 1214 | if (hcon->out) { |
960 | keydist = &rsp->init_key_dist; | 1215 | keydist = &rsp->init_key_dist; |
961 | *keydist &= req->init_key_dist; | 1216 | *keydist &= req->init_key_dist; |
962 | } else { | 1217 | } else { |
@@ -964,28 +1219,30 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) | |||
964 | *keydist &= req->resp_key_dist; | 1219 | *keydist &= req->resp_key_dist; |
965 | } | 1220 | } |
966 | 1221 | ||
967 | |||
968 | BT_DBG("keydist 0x%x", *keydist); | 1222 | BT_DBG("keydist 0x%x", *keydist); |
969 | 1223 | ||
970 | if (*keydist & SMP_DIST_ENC_KEY) { | 1224 | if (*keydist & SMP_DIST_ENC_KEY) { |
971 | struct smp_cmd_encrypt_info enc; | 1225 | struct smp_cmd_encrypt_info enc; |
972 | struct smp_cmd_master_ident ident; | 1226 | struct smp_cmd_master_ident ident; |
973 | struct hci_conn *hcon = conn->hcon; | 1227 | struct smp_ltk *ltk; |
974 | u8 authenticated; | 1228 | u8 authenticated; |
975 | __le16 ediv; | 1229 | __le16 ediv; |
1230 | __le64 rand; | ||
976 | 1231 | ||
977 | get_random_bytes(enc.ltk, sizeof(enc.ltk)); | 1232 | get_random_bytes(enc.ltk, sizeof(enc.ltk)); |
978 | get_random_bytes(&ediv, sizeof(ediv)); | 1233 | get_random_bytes(&ediv, sizeof(ediv)); |
979 | get_random_bytes(ident.rand, sizeof(ident.rand)); | 1234 | get_random_bytes(&rand, sizeof(rand)); |
980 | 1235 | ||
981 | smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); | 1236 | smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc); |
982 | 1237 | ||
983 | authenticated = hcon->sec_level == BT_SECURITY_HIGH; | 1238 | authenticated = hcon->sec_level == BT_SECURITY_HIGH; |
984 | hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type, | 1239 | ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type, |
985 | HCI_SMP_LTK_SLAVE, 1, authenticated, | 1240 | HCI_SMP_LTK_SLAVE, authenticated, enc.ltk, |
986 | enc.ltk, smp->enc_key_size, ediv, ident.rand); | 1241 | smp->enc_key_size, ediv, rand); |
1242 | smp->slave_ltk = ltk; | ||
987 | 1243 | ||
988 | ident.ediv = ediv; | 1244 | ident.ediv = ediv; |
1245 | ident.rand = rand; | ||
989 | 1246 | ||
990 | smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); | 1247 | smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident); |
991 | 1248 | ||
@@ -996,14 +1253,18 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) | |||
996 | struct smp_cmd_ident_addr_info addrinfo; | 1253 | struct smp_cmd_ident_addr_info addrinfo; |
997 | struct smp_cmd_ident_info idinfo; | 1254 | struct smp_cmd_ident_info idinfo; |
998 | 1255 | ||
999 | /* Send a dummy key */ | 1256 | memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk)); |
1000 | get_random_bytes(idinfo.irk, sizeof(idinfo.irk)); | ||
1001 | 1257 | ||
1002 | smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); | 1258 | smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo); |
1003 | 1259 | ||
1004 | /* Just public address */ | 1260 | /* The hci_conn contains the local identity address |
1005 | memset(&addrinfo, 0, sizeof(addrinfo)); | 1261 | * after the connection has been established. |
1006 | bacpy(&addrinfo.bdaddr, &conn->hcon->src); | 1262 | * |
1263 | * This is true even when the connection has been | ||
1264 | * established using a resolvable random address. | ||
1265 | */ | ||
1266 | bacpy(&addrinfo.bdaddr, &hcon->src); | ||
1267 | addrinfo.addr_type = hcon->src_type; | ||
1007 | 1268 | ||
1008 | smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), | 1269 | smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo), |
1009 | &addrinfo); | 1270 | &addrinfo); |
@@ -1022,9 +1283,34 @@ int smp_distribute_keys(struct l2cap_conn *conn, __u8 force) | |||
1022 | *keydist &= ~SMP_DIST_SIGN; | 1283 | *keydist &= ~SMP_DIST_SIGN; |
1023 | } | 1284 | } |
1024 | 1285 | ||
1025 | if (conn->hcon->out || force) { | 1286 | /* If there are still keys to be received wait for them */ |
1026 | clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags); | 1287 | if ((smp->remote_key_dist & 0x07)) |
1288 | return 0; | ||
1289 | |||
1290 | /* Check if we should try to re-encrypt the link with the LTK. | ||
1291 | * SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've | ||
1292 | * already tried this (in which case we shouldn't try again). | ||
1293 | * | ||
1294 | * The request will trigger an encryption key refresh event | ||
1295 | * which will cause a call to auth_cfm and eventually lead to | ||
1296 | * l2cap_core.c calling this smp_distribute_keys function again | ||
1297 | * and thereby completing the process. | ||
1298 | */ | ||
1299 | if (smp->ltk) | ||
1300 | ltk_encrypt = !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT, | ||
1301 | &smp->smp_flags); | ||
1302 | else | ||
1303 | ltk_encrypt = false; | ||
1304 | |||
1305 | /* Re-encrypt the link with LTK if possible */ | ||
1306 | if (ltk_encrypt && hcon->out) { | ||
1307 | queue_delayed_work(hdev->req_workqueue, &smp->reencrypt, | ||
1308 | SMP_REENCRYPT_TIMEOUT); | ||
1309 | } else { | ||
1310 | clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags); | ||
1027 | cancel_delayed_work_sync(&conn->security_timer); | 1311 | cancel_delayed_work_sync(&conn->security_timer); |
1312 | set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); | ||
1313 | smp_notify_keys(conn); | ||
1028 | smp_chan_destroy(conn); | 1314 | smp_chan_destroy(conn); |
1029 | } | 1315 | } |
1030 | 1316 | ||
diff --git a/net/bluetooth/smp.h b/net/bluetooth/smp.h index a700bcb490d7..f55d83617218 100644 --- a/net/bluetooth/smp.h +++ b/net/bluetooth/smp.h | |||
@@ -78,7 +78,7 @@ struct smp_cmd_encrypt_info { | |||
78 | #define SMP_CMD_MASTER_IDENT 0x07 | 78 | #define SMP_CMD_MASTER_IDENT 0x07 |
79 | struct smp_cmd_master_ident { | 79 | struct smp_cmd_master_ident { |
80 | __le16 ediv; | 80 | __le16 ediv; |
81 | __u8 rand[8]; | 81 | __le64 rand; |
82 | } __packed; | 82 | } __packed; |
83 | 83 | ||
84 | #define SMP_CMD_IDENT_INFO 0x08 | 84 | #define SMP_CMD_IDENT_INFO 0x08 |
@@ -118,6 +118,10 @@ struct smp_cmd_security_req { | |||
118 | #define SMP_FLAG_TK_VALID 1 | 118 | #define SMP_FLAG_TK_VALID 1 |
119 | #define SMP_FLAG_CFM_PENDING 2 | 119 | #define SMP_FLAG_CFM_PENDING 2 |
120 | #define SMP_FLAG_MITM_AUTH 3 | 120 | #define SMP_FLAG_MITM_AUTH 3 |
121 | #define SMP_FLAG_LTK_ENCRYPT 4 | ||
122 | #define SMP_FLAG_COMPLETE 5 | ||
123 | |||
124 | #define SMP_REENCRYPT_TIMEOUT msecs_to_jiffies(250) | ||
121 | 125 | ||
122 | struct smp_chan { | 126 | struct smp_chan { |
123 | struct l2cap_conn *conn; | 127 | struct l2cap_conn *conn; |
@@ -128,20 +132,30 @@ struct smp_chan { | |||
128 | u8 pcnf[16]; /* SMP Pairing Confirm */ | 132 | u8 pcnf[16]; /* SMP Pairing Confirm */ |
129 | u8 tk[16]; /* SMP Temporary Key */ | 133 | u8 tk[16]; /* SMP Temporary Key */ |
130 | u8 enc_key_size; | 134 | u8 enc_key_size; |
135 | u8 remote_key_dist; | ||
136 | bdaddr_t id_addr; | ||
137 | u8 id_addr_type; | ||
138 | u8 irk[16]; | ||
139 | struct smp_ltk *ltk; | ||
140 | struct smp_ltk *slave_ltk; | ||
141 | struct smp_irk *remote_irk; | ||
131 | unsigned long smp_flags; | 142 | unsigned long smp_flags; |
132 | struct crypto_blkcipher *tfm; | ||
133 | struct work_struct confirm; | 143 | struct work_struct confirm; |
134 | struct work_struct random; | 144 | struct work_struct random; |
135 | 145 | struct delayed_work reencrypt; | |
136 | }; | 146 | }; |
137 | 147 | ||
138 | /* SMP Commands */ | 148 | /* SMP Commands */ |
139 | bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level); | 149 | bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level); |
140 | int smp_conn_security(struct hci_conn *hcon, __u8 sec_level); | 150 | int smp_conn_security(struct hci_conn *hcon, __u8 sec_level); |
141 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb); | 151 | int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb); |
142 | int smp_distribute_keys(struct l2cap_conn *conn, __u8 force); | 152 | int smp_distribute_keys(struct l2cap_conn *conn); |
143 | int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey); | 153 | int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey); |
144 | 154 | ||
145 | void smp_chan_destroy(struct l2cap_conn *conn); | 155 | void smp_chan_destroy(struct l2cap_conn *conn); |
146 | 156 | ||
157 | bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16], | ||
158 | bdaddr_t *bdaddr); | ||
159 | int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa); | ||
160 | |||
147 | #endif /* __SMP_H */ | 161 | #endif /* __SMP_H */ |