diff options
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/hci_conn.c | 2 | ||||
| -rw-r--r-- | net/bluetooth/hci_core.c | 60 | ||||
| -rw-r--r-- | net/bluetooth/hci_event.c | 20 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 5 | ||||
| -rw-r--r-- | net/bluetooth/mgmt.c | 99 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 5 |
6 files changed, 132 insertions, 59 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 79d84b88b8f0..fe18825cc8a4 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
| @@ -661,7 +661,7 @@ static void hci_req_add_le_create_conn(struct hci_request *req, | |||
| 661 | memset(&cp, 0, sizeof(cp)); | 661 | memset(&cp, 0, sizeof(cp)); |
| 662 | 662 | ||
| 663 | /* Update random address, but set require_privacy to false so | 663 | /* Update random address, but set require_privacy to false so |
| 664 | * that we never connect with an unresolvable address. | 664 | * that we never connect with an non-resolvable address. |
| 665 | */ | 665 | */ |
| 666 | if (hci_update_random_address(req, false, &own_addr_type)) | 666 | if (hci_update_random_address(req, false, &own_addr_type)) |
| 667 | return; | 667 | return; |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 93f92a085506..5dcacf9607e4 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -1373,8 +1373,6 @@ static void hci_init1_req(struct hci_request *req, unsigned long opt) | |||
| 1373 | 1373 | ||
| 1374 | static void bredr_setup(struct hci_request *req) | 1374 | static void bredr_setup(struct hci_request *req) |
| 1375 | { | 1375 | { |
| 1376 | struct hci_dev *hdev = req->hdev; | ||
| 1377 | |||
| 1378 | __le16 param; | 1376 | __le16 param; |
| 1379 | __u8 flt_type; | 1377 | __u8 flt_type; |
| 1380 | 1378 | ||
| @@ -1403,14 +1401,6 @@ static void bredr_setup(struct hci_request *req) | |||
| 1403 | /* Connection accept timeout ~20 secs */ | 1401 | /* Connection accept timeout ~20 secs */ |
| 1404 | param = cpu_to_le16(0x7d00); | 1402 | param = cpu_to_le16(0x7d00); |
| 1405 | hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); | 1403 | hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m); |
| 1406 | |||
| 1407 | /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2, | ||
| 1408 | * but it does not support page scan related HCI commands. | ||
| 1409 | */ | ||
| 1410 | if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) { | ||
| 1411 | hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); | ||
| 1412 | hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL); | ||
| 1413 | } | ||
| 1414 | } | 1404 | } |
| 1415 | 1405 | ||
| 1416 | static void le_setup(struct hci_request *req) | 1406 | static void le_setup(struct hci_request *req) |
| @@ -1718,6 +1708,16 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt) | |||
| 1718 | if (hdev->commands[5] & 0x10) | 1708 | if (hdev->commands[5] & 0x10) |
| 1719 | hci_setup_link_policy(req); | 1709 | hci_setup_link_policy(req); |
| 1720 | 1710 | ||
| 1711 | if (hdev->commands[8] & 0x01) | ||
| 1712 | hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); | ||
| 1713 | |||
| 1714 | /* Some older Broadcom based Bluetooth 1.2 controllers do not | ||
| 1715 | * support the Read Page Scan Type command. Check support for | ||
| 1716 | * this command in the bit mask of supported commands. | ||
| 1717 | */ | ||
| 1718 | if (hdev->commands[13] & 0x01) | ||
| 1719 | hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL); | ||
| 1720 | |||
| 1721 | if (lmp_le_capable(hdev)) { | 1721 | if (lmp_le_capable(hdev)) { |
| 1722 | u8 events[8]; | 1722 | u8 events[8]; |
| 1723 | 1723 | ||
| @@ -2634,6 +2634,12 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
| 2634 | drain_workqueue(hdev->workqueue); | 2634 | drain_workqueue(hdev->workqueue); |
| 2635 | 2635 | ||
| 2636 | hci_dev_lock(hdev); | 2636 | hci_dev_lock(hdev); |
| 2637 | |||
| 2638 | if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { | ||
| 2639 | if (hdev->dev_type == HCI_BREDR) | ||
| 2640 | mgmt_powered(hdev, 0); | ||
| 2641 | } | ||
| 2642 | |||
| 2637 | hci_inquiry_cache_flush(hdev); | 2643 | hci_inquiry_cache_flush(hdev); |
| 2638 | hci_pend_le_actions_clear(hdev); | 2644 | hci_pend_le_actions_clear(hdev); |
| 2639 | hci_conn_hash_flush(hdev); | 2645 | hci_conn_hash_flush(hdev); |
| @@ -2681,14 +2687,6 @@ static int hci_dev_do_close(struct hci_dev *hdev) | |||
| 2681 | hdev->flags &= BIT(HCI_RAW); | 2687 | hdev->flags &= BIT(HCI_RAW); |
| 2682 | hdev->dev_flags &= ~HCI_PERSISTENT_MASK; | 2688 | hdev->dev_flags &= ~HCI_PERSISTENT_MASK; |
| 2683 | 2689 | ||
| 2684 | if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) { | ||
| 2685 | if (hdev->dev_type == HCI_BREDR) { | ||
| 2686 | hci_dev_lock(hdev); | ||
| 2687 | mgmt_powered(hdev, 0); | ||
| 2688 | hci_dev_unlock(hdev); | ||
| 2689 | } | ||
| 2690 | } | ||
| 2691 | |||
| 2692 | /* Controller radio is available but is currently powered down */ | 2690 | /* Controller radio is available but is currently powered down */ |
| 2693 | hdev->amp_status = AMP_STATUS_POWERED_DOWN; | 2691 | hdev->amp_status = AMP_STATUS_POWERED_DOWN; |
| 2694 | 2692 | ||
| @@ -3083,7 +3081,9 @@ static void hci_power_on(struct work_struct *work) | |||
| 3083 | 3081 | ||
| 3084 | err = hci_dev_do_open(hdev); | 3082 | err = hci_dev_do_open(hdev); |
| 3085 | if (err < 0) { | 3083 | if (err < 0) { |
| 3084 | hci_dev_lock(hdev); | ||
| 3086 | mgmt_set_powered_failed(hdev, err); | 3085 | mgmt_set_powered_failed(hdev, err); |
| 3086 | hci_dev_unlock(hdev); | ||
| 3087 | return; | 3087 | return; |
| 3088 | } | 3088 | } |
| 3089 | 3089 | ||
| @@ -3959,17 +3959,29 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy, | |||
| 3959 | } | 3959 | } |
| 3960 | 3960 | ||
| 3961 | /* In case of required privacy without resolvable private address, | 3961 | /* In case of required privacy without resolvable private address, |
| 3962 | * use an unresolvable private address. This is useful for active | 3962 | * use an non-resolvable private address. This is useful for active |
| 3963 | * scanning and non-connectable advertising. | 3963 | * scanning and non-connectable advertising. |
| 3964 | */ | 3964 | */ |
| 3965 | if (require_privacy) { | 3965 | if (require_privacy) { |
| 3966 | bdaddr_t urpa; | 3966 | bdaddr_t nrpa; |
| 3967 | |||
| 3968 | while (true) { | ||
| 3969 | /* The non-resolvable private address is generated | ||
| 3970 | * from random six bytes with the two most significant | ||
| 3971 | * bits cleared. | ||
| 3972 | */ | ||
| 3973 | get_random_bytes(&nrpa, 6); | ||
| 3974 | nrpa.b[5] &= 0x3f; | ||
| 3967 | 3975 | ||
| 3968 | get_random_bytes(&urpa, 6); | 3976 | /* The non-resolvable private address shall not be |
| 3969 | urpa.b[5] &= 0x3f; /* Clear two most significant bits */ | 3977 | * equal to the public address. |
| 3978 | */ | ||
| 3979 | if (bacmp(&hdev->bdaddr, &nrpa)) | ||
| 3980 | break; | ||
| 3981 | } | ||
| 3970 | 3982 | ||
| 3971 | *own_addr_type = ADDR_LE_DEV_RANDOM; | 3983 | *own_addr_type = ADDR_LE_DEV_RANDOM; |
| 3972 | set_random_addr(req, &urpa); | 3984 | set_random_addr(req, &nrpa); |
| 3973 | return 0; | 3985 | return 0; |
| 3974 | } | 3986 | } |
| 3975 | 3987 | ||
| @@ -5625,7 +5637,7 @@ void hci_req_add_le_passive_scan(struct hci_request *req) | |||
| 5625 | u8 filter_policy; | 5637 | u8 filter_policy; |
| 5626 | 5638 | ||
| 5627 | /* Set require_privacy to false since no SCAN_REQ are send | 5639 | /* Set require_privacy to false since no SCAN_REQ are send |
| 5628 | * during passive scanning. Not using an unresolvable address | 5640 | * during passive scanning. Not using an non-resolvable address |
| 5629 | * here is important so that peer devices using direct | 5641 | * here is important so that peer devices using direct |
| 5630 | * advertising with our address will be correctly reported | 5642 | * advertising with our address will be correctly reported |
| 5631 | * by the controller. | 5643 | * by the controller. |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 322abbbbcef9..39a5c8a01726 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -257,6 +257,8 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 257 | if (!sent) | 257 | if (!sent) |
| 258 | return; | 258 | return; |
| 259 | 259 | ||
| 260 | hci_dev_lock(hdev); | ||
| 261 | |||
| 260 | if (!status) { | 262 | if (!status) { |
| 261 | __u8 param = *((__u8 *) sent); | 263 | __u8 param = *((__u8 *) sent); |
| 262 | 264 | ||
| @@ -268,6 +270,8 @@ static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 268 | 270 | ||
| 269 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) | 271 | if (test_bit(HCI_MGMT, &hdev->dev_flags)) |
| 270 | mgmt_auth_enable_complete(hdev, status); | 272 | mgmt_auth_enable_complete(hdev, status); |
| 273 | |||
| 274 | hci_dev_unlock(hdev); | ||
| 271 | } | 275 | } |
| 272 | 276 | ||
| 273 | static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) | 277 | static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -443,6 +447,8 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 443 | if (!sent) | 447 | if (!sent) |
| 444 | return; | 448 | return; |
| 445 | 449 | ||
| 450 | hci_dev_lock(hdev); | ||
| 451 | |||
| 446 | if (!status) { | 452 | if (!status) { |
| 447 | if (sent->mode) | 453 | if (sent->mode) |
| 448 | hdev->features[1][0] |= LMP_HOST_SSP; | 454 | hdev->features[1][0] |= LMP_HOST_SSP; |
| @@ -458,6 +464,8 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 458 | else | 464 | else |
| 459 | clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); | 465 | clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags); |
| 460 | } | 466 | } |
| 467 | |||
| 468 | hci_dev_unlock(hdev); | ||
| 461 | } | 469 | } |
| 462 | 470 | ||
| 463 | static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) | 471 | static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -471,6 +479,8 @@ static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 471 | if (!sent) | 479 | if (!sent) |
| 472 | return; | 480 | return; |
| 473 | 481 | ||
| 482 | hci_dev_lock(hdev); | ||
| 483 | |||
| 474 | if (!status) { | 484 | if (!status) { |
| 475 | if (sent->support) | 485 | if (sent->support) |
| 476 | hdev->features[1][0] |= LMP_HOST_SC; | 486 | hdev->features[1][0] |= LMP_HOST_SC; |
| @@ -486,6 +496,8 @@ static void hci_cc_write_sc_support(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 486 | else | 496 | else |
| 487 | clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); | 497 | clear_bit(HCI_SC_ENABLED, &hdev->dev_flags); |
| 488 | } | 498 | } |
| 499 | |||
| 500 | hci_dev_unlock(hdev); | ||
| 489 | } | 501 | } |
| 490 | 502 | ||
| 491 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) | 503 | static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb) |
| @@ -1135,6 +1147,8 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
| 1135 | if (!cp) | 1147 | if (!cp) |
| 1136 | return; | 1148 | return; |
| 1137 | 1149 | ||
| 1150 | hci_dev_lock(hdev); | ||
| 1151 | |||
| 1138 | switch (cp->enable) { | 1152 | switch (cp->enable) { |
| 1139 | case LE_SCAN_ENABLE: | 1153 | case LE_SCAN_ENABLE: |
| 1140 | set_bit(HCI_LE_SCAN, &hdev->dev_flags); | 1154 | set_bit(HCI_LE_SCAN, &hdev->dev_flags); |
| @@ -1184,6 +1198,8 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, | |||
| 1184 | BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); | 1198 | BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable); |
| 1185 | break; | 1199 | break; |
| 1186 | } | 1200 | } |
| 1201 | |||
| 1202 | hci_dev_unlock(hdev); | ||
| 1187 | } | 1203 | } |
| 1188 | 1204 | ||
| 1189 | static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, | 1205 | static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, |
| @@ -1278,6 +1294,8 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev, | |||
| 1278 | if (!sent) | 1294 | if (!sent) |
| 1279 | return; | 1295 | return; |
| 1280 | 1296 | ||
| 1297 | hci_dev_lock(hdev); | ||
| 1298 | |||
| 1281 | if (sent->le) { | 1299 | if (sent->le) { |
| 1282 | hdev->features[1][0] |= LMP_HOST_LE; | 1300 | hdev->features[1][0] |= LMP_HOST_LE; |
| 1283 | set_bit(HCI_LE_ENABLED, &hdev->dev_flags); | 1301 | set_bit(HCI_LE_ENABLED, &hdev->dev_flags); |
| @@ -1291,6 +1309,8 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev, | |||
| 1291 | hdev->features[1][0] |= LMP_HOST_LE_BREDR; | 1309 | hdev->features[1][0] |= LMP_HOST_LE_BREDR; |
| 1292 | else | 1310 | else |
| 1293 | hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; | 1311 | hdev->features[1][0] &= ~LMP_HOST_LE_BREDR; |
| 1312 | |||
| 1313 | hci_dev_unlock(hdev); | ||
| 1294 | } | 1314 | } |
| 1295 | 1315 | ||
| 1296 | static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb) | 1316 | static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb) |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index a2b6dfa38a0c..d04dc0095736 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -6966,8 +6966,9 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) | |||
| 6966 | test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags)) | 6966 | test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags)) |
| 6967 | conn->local_fixed_chan |= L2CAP_FC_A2MP; | 6967 | conn->local_fixed_chan |= L2CAP_FC_A2MP; |
| 6968 | 6968 | ||
| 6969 | if (bredr_sc_enabled(hcon->hdev) && | 6969 | if (test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags) && |
| 6970 | test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) | 6970 | (bredr_sc_enabled(hcon->hdev) || |
| 6971 | test_bit(HCI_FORCE_LESC, &hcon->hdev->dbg_flags))) | ||
| 6971 | conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR; | 6972 | conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR; |
| 6972 | 6973 | ||
| 6973 | mutex_init(&conn->ident_lock); | 6974 | mutex_init(&conn->ident_lock); |
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 7384f1161336..693ce8bcd06e 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
| @@ -2199,12 +2199,14 @@ static void le_enable_complete(struct hci_dev *hdev, u8 status) | |||
| 2199 | { | 2199 | { |
| 2200 | struct cmd_lookup match = { NULL, hdev }; | 2200 | struct cmd_lookup match = { NULL, hdev }; |
| 2201 | 2201 | ||
| 2202 | hci_dev_lock(hdev); | ||
| 2203 | |||
| 2202 | if (status) { | 2204 | if (status) { |
| 2203 | u8 mgmt_err = mgmt_status(status); | 2205 | u8 mgmt_err = mgmt_status(status); |
| 2204 | 2206 | ||
| 2205 | mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, | 2207 | mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp, |
| 2206 | &mgmt_err); | 2208 | &mgmt_err); |
| 2207 | return; | 2209 | goto unlock; |
| 2208 | } | 2210 | } |
| 2209 | 2211 | ||
| 2210 | mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); | 2212 | mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match); |
| @@ -2222,17 +2224,16 @@ static void le_enable_complete(struct hci_dev *hdev, u8 status) | |||
| 2222 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { | 2224 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) { |
| 2223 | struct hci_request req; | 2225 | struct hci_request req; |
| 2224 | 2226 | ||
| 2225 | hci_dev_lock(hdev); | ||
| 2226 | |||
| 2227 | hci_req_init(&req, hdev); | 2227 | hci_req_init(&req, hdev); |
| 2228 | update_adv_data(&req); | 2228 | update_adv_data(&req); |
| 2229 | update_scan_rsp_data(&req); | 2229 | update_scan_rsp_data(&req); |
| 2230 | hci_req_run(&req, NULL); | 2230 | hci_req_run(&req, NULL); |
| 2231 | 2231 | ||
| 2232 | hci_update_background_scan(hdev); | 2232 | hci_update_background_scan(hdev); |
| 2233 | |||
| 2234 | hci_dev_unlock(hdev); | ||
| 2235 | } | 2233 | } |
| 2234 | |||
| 2235 | unlock: | ||
| 2236 | hci_dev_unlock(hdev); | ||
| 2236 | } | 2237 | } |
| 2237 | 2238 | ||
| 2238 | static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) | 2239 | static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) |
| @@ -3114,14 +3115,13 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status) | |||
| 3114 | conn->disconn_cfm_cb = NULL; | 3115 | conn->disconn_cfm_cb = NULL; |
| 3115 | 3116 | ||
| 3116 | hci_conn_drop(conn); | 3117 | hci_conn_drop(conn); |
| 3117 | hci_conn_put(conn); | ||
| 3118 | |||
| 3119 | mgmt_pending_remove(cmd); | ||
| 3120 | 3118 | ||
| 3121 | /* The device is paired so there is no need to remove | 3119 | /* The device is paired so there is no need to remove |
| 3122 | * its connection parameters anymore. | 3120 | * its connection parameters anymore. |
| 3123 | */ | 3121 | */ |
| 3124 | clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); | 3122 | clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags); |
| 3123 | |||
| 3124 | hci_conn_put(conn); | ||
| 3125 | } | 3125 | } |
| 3126 | 3126 | ||
| 3127 | void mgmt_smp_complete(struct hci_conn *conn, bool complete) | 3127 | void mgmt_smp_complete(struct hci_conn *conn, bool complete) |
| @@ -3130,8 +3130,10 @@ void mgmt_smp_complete(struct hci_conn *conn, bool complete) | |||
| 3130 | struct pending_cmd *cmd; | 3130 | struct pending_cmd *cmd; |
| 3131 | 3131 | ||
| 3132 | cmd = find_pairing(conn); | 3132 | cmd = find_pairing(conn); |
| 3133 | if (cmd) | 3133 | if (cmd) { |
| 3134 | cmd->cmd_complete(cmd, status); | 3134 | cmd->cmd_complete(cmd, status); |
| 3135 | mgmt_pending_remove(cmd); | ||
| 3136 | } | ||
| 3135 | } | 3137 | } |
| 3136 | 3138 | ||
| 3137 | static void pairing_complete_cb(struct hci_conn *conn, u8 status) | 3139 | static void pairing_complete_cb(struct hci_conn *conn, u8 status) |
| @@ -3141,10 +3143,13 @@ static void pairing_complete_cb(struct hci_conn *conn, u8 status) | |||
| 3141 | BT_DBG("status %u", status); | 3143 | BT_DBG("status %u", status); |
| 3142 | 3144 | ||
| 3143 | cmd = find_pairing(conn); | 3145 | cmd = find_pairing(conn); |
| 3144 | if (!cmd) | 3146 | if (!cmd) { |
| 3145 | BT_DBG("Unable to find a pending command"); | 3147 | BT_DBG("Unable to find a pending command"); |
| 3146 | else | 3148 | return; |
| 3147 | cmd->cmd_complete(cmd, mgmt_status(status)); | 3149 | } |
| 3150 | |||
| 3151 | cmd->cmd_complete(cmd, mgmt_status(status)); | ||
| 3152 | mgmt_pending_remove(cmd); | ||
| 3148 | } | 3153 | } |
| 3149 | 3154 | ||
| 3150 | static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) | 3155 | static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) |
| @@ -3157,10 +3162,13 @@ static void le_pairing_complete_cb(struct hci_conn *conn, u8 status) | |||
| 3157 | return; | 3162 | return; |
| 3158 | 3163 | ||
| 3159 | cmd = find_pairing(conn); | 3164 | cmd = find_pairing(conn); |
| 3160 | if (!cmd) | 3165 | if (!cmd) { |
| 3161 | BT_DBG("Unable to find a pending command"); | 3166 | BT_DBG("Unable to find a pending command"); |
| 3162 | else | 3167 | return; |
| 3163 | cmd->cmd_complete(cmd, mgmt_status(status)); | 3168 | } |
| 3169 | |||
| 3170 | cmd->cmd_complete(cmd, mgmt_status(status)); | ||
| 3171 | mgmt_pending_remove(cmd); | ||
| 3164 | } | 3172 | } |
| 3165 | 3173 | ||
| 3166 | static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | 3174 | static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, |
| @@ -3274,8 +3282,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 3274 | cmd->user_data = hci_conn_get(conn); | 3282 | cmd->user_data = hci_conn_get(conn); |
| 3275 | 3283 | ||
| 3276 | if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && | 3284 | if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) && |
| 3277 | hci_conn_security(conn, sec_level, auth_type, true)) | 3285 | hci_conn_security(conn, sec_level, auth_type, true)) { |
| 3278 | pairing_complete(cmd, 0); | 3286 | cmd->cmd_complete(cmd, 0); |
| 3287 | mgmt_pending_remove(cmd); | ||
| 3288 | } | ||
| 3279 | 3289 | ||
| 3280 | err = 0; | 3290 | err = 0; |
| 3281 | 3291 | ||
| @@ -3317,7 +3327,8 @@ static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data, | |||
| 3317 | goto unlock; | 3327 | goto unlock; |
| 3318 | } | 3328 | } |
| 3319 | 3329 | ||
| 3320 | pairing_complete(cmd, MGMT_STATUS_CANCELLED); | 3330 | cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED); |
| 3331 | mgmt_pending_remove(cmd); | ||
| 3321 | 3332 | ||
| 3322 | err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, | 3333 | err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, |
| 3323 | addr, sizeof(*addr)); | 3334 | addr, sizeof(*addr)); |
| @@ -3791,7 +3802,7 @@ static bool trigger_discovery(struct hci_request *req, u8 *status) | |||
| 3791 | 3802 | ||
| 3792 | /* All active scans will be done with either a resolvable | 3803 | /* All active scans will be done with either a resolvable |
| 3793 | * private address (when privacy feature has been enabled) | 3804 | * private address (when privacy feature has been enabled) |
| 3794 | * or unresolvable private address. | 3805 | * or non-resolvable private address. |
| 3795 | */ | 3806 | */ |
| 3796 | err = hci_update_random_address(req, true, &own_addr_type); | 3807 | err = hci_update_random_address(req, true, &own_addr_type); |
| 3797 | if (err < 0) { | 3808 | if (err < 0) { |
| @@ -4279,12 +4290,14 @@ static void set_advertising_complete(struct hci_dev *hdev, u8 status) | |||
| 4279 | { | 4290 | { |
| 4280 | struct cmd_lookup match = { NULL, hdev }; | 4291 | struct cmd_lookup match = { NULL, hdev }; |
| 4281 | 4292 | ||
| 4293 | hci_dev_lock(hdev); | ||
| 4294 | |||
| 4282 | if (status) { | 4295 | if (status) { |
| 4283 | u8 mgmt_err = mgmt_status(status); | 4296 | u8 mgmt_err = mgmt_status(status); |
| 4284 | 4297 | ||
| 4285 | mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, | 4298 | mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, |
| 4286 | cmd_status_rsp, &mgmt_err); | 4299 | cmd_status_rsp, &mgmt_err); |
| 4287 | return; | 4300 | goto unlock; |
| 4288 | } | 4301 | } |
| 4289 | 4302 | ||
| 4290 | if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) | 4303 | if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) |
| @@ -4299,6 +4312,9 @@ static void set_advertising_complete(struct hci_dev *hdev, u8 status) | |||
| 4299 | 4312 | ||
| 4300 | if (match.sk) | 4313 | if (match.sk) |
| 4301 | sock_put(match.sk); | 4314 | sock_put(match.sk); |
| 4315 | |||
| 4316 | unlock: | ||
| 4317 | hci_dev_unlock(hdev); | ||
| 4302 | } | 4318 | } |
| 4303 | 4319 | ||
| 4304 | static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, | 4320 | static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, |
| @@ -6081,6 +6097,11 @@ static int powered_update_hci(struct hci_dev *hdev) | |||
| 6081 | hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp); | 6097 | hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp); |
| 6082 | } | 6098 | } |
| 6083 | 6099 | ||
| 6100 | if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) { | ||
| 6101 | u8 sc = 0x01; | ||
| 6102 | hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc); | ||
| 6103 | } | ||
| 6104 | |||
| 6084 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && | 6105 | if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) && |
| 6085 | lmp_bredr_capable(hdev)) { | 6106 | lmp_bredr_capable(hdev)) { |
| 6086 | struct hci_cp_write_le_host_supported cp; | 6107 | struct hci_cp_write_le_host_supported cp; |
| @@ -6130,8 +6151,7 @@ static int powered_update_hci(struct hci_dev *hdev) | |||
| 6130 | int mgmt_powered(struct hci_dev *hdev, u8 powered) | 6151 | int mgmt_powered(struct hci_dev *hdev, u8 powered) |
| 6131 | { | 6152 | { |
| 6132 | struct cmd_lookup match = { NULL, hdev }; | 6153 | struct cmd_lookup match = { NULL, hdev }; |
| 6133 | u8 status_not_powered = MGMT_STATUS_NOT_POWERED; | 6154 | u8 status, zero_cod[] = { 0, 0, 0 }; |
| 6134 | u8 zero_cod[] = { 0, 0, 0 }; | ||
| 6135 | int err; | 6155 | int err; |
| 6136 | 6156 | ||
| 6137 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) | 6157 | if (!test_bit(HCI_MGMT, &hdev->dev_flags)) |
| @@ -6147,7 +6167,20 @@ int mgmt_powered(struct hci_dev *hdev, u8 powered) | |||
| 6147 | } | 6167 | } |
| 6148 | 6168 | ||
| 6149 | mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); | 6169 | mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); |
| 6150 | mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status_not_powered); | 6170 | |
| 6171 | /* If the power off is because of hdev unregistration let | ||
| 6172 | * use the appropriate INVALID_INDEX status. Otherwise use | ||
| 6173 | * NOT_POWERED. We cover both scenarios here since later in | ||
| 6174 | * mgmt_index_removed() any hci_conn callbacks will have already | ||
| 6175 | * been triggered, potentially causing misleading DISCONNECTED | ||
| 6176 | * status responses. | ||
| 6177 | */ | ||
| 6178 | if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) | ||
| 6179 | status = MGMT_STATUS_INVALID_INDEX; | ||
| 6180 | else | ||
| 6181 | status = MGMT_STATUS_NOT_POWERED; | ||
| 6182 | |||
| 6183 | mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status); | ||
| 6151 | 6184 | ||
| 6152 | if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) | 6185 | if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) |
| 6153 | mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, | 6186 | mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, |
| @@ -6681,8 +6714,10 @@ void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status) | |||
| 6681 | mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), | 6714 | mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev), |
| 6682 | cmd ? cmd->sk : NULL); | 6715 | cmd ? cmd->sk : NULL); |
| 6683 | 6716 | ||
| 6684 | if (cmd) | 6717 | if (cmd) { |
| 6685 | pairing_complete(cmd, status); | 6718 | cmd->cmd_complete(cmd, status); |
| 6719 | mgmt_pending_remove(cmd); | ||
| 6720 | } | ||
| 6686 | } | 6721 | } |
| 6687 | 6722 | ||
| 6688 | void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) | 6723 | void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status) |
| @@ -7046,13 +7081,15 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
| 7046 | * kept and checking possible scan response data | 7081 | * kept and checking possible scan response data |
| 7047 | * will be skipped. | 7082 | * will be skipped. |
| 7048 | */ | 7083 | */ |
| 7049 | if (hdev->discovery.uuid_count > 0) { | 7084 | if (hdev->discovery.uuid_count > 0) |
| 7050 | match = eir_has_uuids(eir, eir_len, | 7085 | match = eir_has_uuids(eir, eir_len, |
| 7051 | hdev->discovery.uuid_count, | 7086 | hdev->discovery.uuid_count, |
| 7052 | hdev->discovery.uuids); | 7087 | hdev->discovery.uuids); |
| 7053 | if (!match) | 7088 | else |
| 7054 | return; | 7089 | match = true; |
| 7055 | } | 7090 | |
| 7091 | if (!match && !scan_rsp_len) | ||
| 7092 | return; | ||
| 7056 | 7093 | ||
| 7057 | /* Copy EIR or advertising data into event */ | 7094 | /* Copy EIR or advertising data into event */ |
| 7058 | memcpy(ev->eir, eir, eir_len); | 7095 | memcpy(ev->eir, eir, eir_len); |
| @@ -7061,8 +7098,10 @@ void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, | |||
| 7061 | * provided, results with empty EIR or advertising data | 7098 | * provided, results with empty EIR or advertising data |
| 7062 | * should be dropped since they do not match any UUID. | 7099 | * should be dropped since they do not match any UUID. |
| 7063 | */ | 7100 | */ |
| 7064 | if (hdev->discovery.uuid_count > 0) | 7101 | if (hdev->discovery.uuid_count > 0 && !scan_rsp_len) |
| 7065 | return; | 7102 | return; |
| 7103 | |||
| 7104 | match = false; | ||
| 7066 | } | 7105 | } |
| 7067 | 7106 | ||
| 7068 | if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) | 7107 | if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 6a46252fe66f..b67749bb55bf 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -1673,7 +1673,8 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 1673 | /* SMP over BR/EDR requires special treatment */ | 1673 | /* SMP over BR/EDR requires special treatment */ |
| 1674 | if (conn->hcon->type == ACL_LINK) { | 1674 | if (conn->hcon->type == ACL_LINK) { |
| 1675 | /* We must have a BR/EDR SC link */ | 1675 | /* We must have a BR/EDR SC link */ |
| 1676 | if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags)) | 1676 | if (!test_bit(HCI_CONN_AES_CCM, &conn->hcon->flags) && |
| 1677 | !test_bit(HCI_FORCE_LESC, &hdev->dbg_flags)) | ||
| 1677 | return SMP_CROSS_TRANSP_NOT_ALLOWED; | 1678 | return SMP_CROSS_TRANSP_NOT_ALLOWED; |
| 1678 | 1679 | ||
| 1679 | set_bit(SMP_FLAG_SC, &smp->flags); | 1680 | set_bit(SMP_FLAG_SC, &smp->flags); |
| @@ -2927,7 +2928,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) | |||
| 2927 | tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); | 2928 | tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0, 0); |
| 2928 | if (IS_ERR(tfm_aes)) { | 2929 | if (IS_ERR(tfm_aes)) { |
| 2929 | BT_ERR("Unable to create crypto context"); | 2930 | BT_ERR("Unable to create crypto context"); |
| 2930 | return ERR_PTR(PTR_ERR(tfm_aes)); | 2931 | return ERR_CAST(tfm_aes); |
| 2931 | } | 2932 | } |
| 2932 | 2933 | ||
| 2933 | create_chan: | 2934 | create_chan: |