diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/hci_core.c | 10 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 15 |
2 files changed, 14 insertions, 11 deletions
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index c8123f04a33c..f0018562b028 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
| @@ -3246,15 +3246,7 @@ struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, | |||
| 3246 | if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr)) | 3246 | if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr)) |
| 3247 | continue; | 3247 | continue; |
| 3248 | 3248 | ||
| 3249 | if (smp_ltk_is_sc(k)) { | 3249 | if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) { |
| 3250 | if (k->type == SMP_LTK_P256_DEBUG && | ||
| 3251 | !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) | ||
| 3252 | continue; | ||
| 3253 | rcu_read_unlock(); | ||
| 3254 | return k; | ||
| 3255 | } | ||
| 3256 | |||
| 3257 | if (ltk_role(k->type) == role) { | ||
| 3258 | rcu_read_unlock(); | 3250 | rcu_read_unlock(); |
| 3259 | return k; | 3251 | return k; |
| 3260 | } | 3252 | } |
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 1d1c33d5d1dc..a7b973b867c8 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -670,6 +670,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn) | |||
| 670 | { | 670 | { |
| 671 | struct l2cap_chan *chan = conn->smp; | 671 | struct l2cap_chan *chan = conn->smp; |
| 672 | struct smp_chan *smp = chan->data; | 672 | struct smp_chan *smp = chan->data; |
| 673 | struct hci_conn *hcon = conn->hcon; | ||
| 673 | bool complete; | 674 | bool complete; |
| 674 | 675 | ||
| 675 | BUG_ON(!smp); | 676 | BUG_ON(!smp); |
| @@ -677,7 +678,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn) | |||
| 677 | cancel_delayed_work_sync(&smp->security_timer); | 678 | cancel_delayed_work_sync(&smp->security_timer); |
| 678 | 679 | ||
| 679 | complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); | 680 | complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags); |
| 680 | mgmt_smp_complete(conn->hcon, complete); | 681 | mgmt_smp_complete(hcon, complete); |
| 681 | 682 | ||
| 682 | kfree(smp->csrk); | 683 | kfree(smp->csrk); |
| 683 | kfree(smp->slave_csrk); | 684 | kfree(smp->slave_csrk); |
| @@ -686,6 +687,16 @@ static void smp_chan_destroy(struct l2cap_conn *conn) | |||
| 686 | crypto_free_blkcipher(smp->tfm_aes); | 687 | crypto_free_blkcipher(smp->tfm_aes); |
| 687 | crypto_free_hash(smp->tfm_cmac); | 688 | crypto_free_hash(smp->tfm_cmac); |
| 688 | 689 | ||
| 690 | /* Ensure that we don't leave any debug key around if debug key | ||
| 691 | * support hasn't been explicitly enabled. | ||
| 692 | */ | ||
| 693 | if (smp->ltk && smp->ltk->type == SMP_LTK_P256_DEBUG && | ||
| 694 | !test_bit(HCI_KEEP_DEBUG_KEYS, &hcon->hdev->dev_flags)) { | ||
| 695 | list_del_rcu(&smp->ltk->list); | ||
| 696 | kfree_rcu(smp->ltk, rcu); | ||
| 697 | smp->ltk = NULL; | ||
| 698 | } | ||
| 699 | |||
| 689 | /* If pairing failed clean up any keys we might have */ | 700 | /* If pairing failed clean up any keys we might have */ |
| 690 | if (!complete) { | 701 | if (!complete) { |
| 691 | if (smp->ltk) { | 702 | if (smp->ltk) { |
| @@ -706,7 +717,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn) | |||
| 706 | 717 | ||
| 707 | chan->data = NULL; | 718 | chan->data = NULL; |
| 708 | kfree(smp); | 719 | kfree(smp); |
| 709 | hci_conn_drop(conn->hcon); | 720 | hci_conn_drop(hcon); |
| 710 | } | 721 | } |
| 711 | 722 | ||
| 712 | static void smp_failure(struct l2cap_conn *conn, u8 reason) | 723 | static void smp_failure(struct l2cap_conn *conn, u8 reason) |