Commit Graph

243606 Commits

Author SHA1 Message Date
Johan Hedberg
12adcf3a95 Bluetooth: Fix old_key_type logic for non-persistent keys
Even if there's no previous key stored the connection might still be
secured with a non-persistent key and in that case the key type in the
hci_conn struct should be checked.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:14:41 -03:00
Johan Hedberg
d25e28abe5 Bluetooth: Fix link key persistent storage criteria
Link keys should only be stored if very specific criteria of the
authentication process are fulfilled. This patch essentially copies the
criteria that user space has so far been using to the kernel side so
that the management interface works properly.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:14:40 -03:00
Johan Hedberg
582fbe9ef9 Bluetooth: Fix logic in hci_pin_code_request_evt
The mgmt_ev_pin_code_request event should not be sent to user space if
the request gets rejected by the kernel due to the pairable flag not
being set.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:14:39 -03:00
Johan Hedberg
be77159c3f Bluetooth: Fix reason code for pairing rejection
"Pairing not allowed" is 0x18 and not 0x16.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:14:38 -03:00
Johan Hedberg
55bc1a378c Bluetooth: Add confirm_hint parameter to user confirmation requests
When accepting a pairing request which fulfills the SSP auto-accept
criteria we need to push the request all the way to the user for
confirmation. This patch adds a new hint to the user_confirm_request
management event so user space can know when to show a numeric
comparison dialog and when to show a simple yes/no confirmation dialog.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:13:57 -03:00
Johan Hedberg
79c6c70cbe Bluetooth: Fix HCI_CONN_AUTH_PEND flag for all authentication requests
The HCI_CONN_AUTH_PEND flag should be set whenever requesting
authentication so that multiple pending requests can't occur.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:03:20 -03:00
Johan Hedberg
9f61656a60 Bluetooth: Add variable SSP auto-accept delay support
Some test systems require an arbitrary delay to the auto-accept test
cases for Secure Simple Pairing in order for the tests to pass.
Previously when this was handled in user space it was worked around by
code modifications and recompilation, but now that it's on the kernel
side it's more convenient if there's a debugfs interface for it.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:02:30 -03:00
Johan Hedberg
7a828908a0 Bluetooth: Add automated SSP user confirmation responses
This patch adds automated negative and positive (auto-accept) responses
for Secure Simple Pairing user confirmation requests. The responses are
only sent if the HCI_MGMT flag is set in order not to confuse older user
space versions (without management interface support).

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 16:02:25 -03:00
Waldemar Rymarkiewicz
a770bb5aea Bluetooth: Add secure flag for mgmt_pin_code_req
Extend the mgmt_pin_code_request interface to require secure
pin code (16 digit) for authentication.

This is a kernel part of the secure pin code requirement notification
to user space agent.

Code styling fix by Johan Hedberg.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:19:43 -03:00
Waldemar Rymarkiewicz
58797bf772 Bluetooth: Respect local MITM req in io_cap reply
If host requires MITM protection notify that to controller in
io capabilities reply even if the remote device requires no bonding.

If it is not respected, host can get an unauthenticated link key while
it expects authenticated one.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:03:50 -03:00
Waldemar Rymarkiewicz
60b83f571c Bluetooth: Ignore key unauthenticated for high security
High security level for pre v2.1 devices requires combination link key
authenticated by at least 16 digit PIN code.

It's also necessary to update key_type and pin_length when the key
exists and is sufficently secured for the connection as there will be
no link key notify event in that case.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:03:42 -03:00
Waldemar Rymarkiewicz
13d39315c2 Bluetooth: Map sec_level to link key requirements
Keep the link key type together with connection and use it to
map security level to link key requirements. Authenticate and/or
encrypt connection if the link is insufficiently secure.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:02:12 -03:00
Waldemar Rymarkiewicz
9003c4e220 Bluetooth: Don't modify sec_level if auth failed
If authentication fails the security level should stay as it was set
before the process has started. Setting BT_SECURITY_LOW can hide real
security level on a link eg. having BT_SECURITY_MEDIUM on the link,
re-authenticate with failure to get BT_SECURITY_HIGH, as  a result we
get BT_SECURITY_LOW on the link while the real security is still medium.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:02:08 -03:00
Waldemar Rymarkiewicz
b6020ba055 Bluetooth: Add definitions for link key types
Introduce the link key types defs and use them instead of magic numbers.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 15:02:04 -03:00
Johan Hedberg
314b2381a7 Bluetooth: Add discovering event to the Management interface
This patch adds a new event to the Management interface to track when
local adapters are discovering remote devices. For now this only tracks
BR/EDR discovery procedures.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:10:04 -03:00
Johan Hedberg
14a5366413 Bluetooth: Add basic discovery commands to the management interface
This patch adds start_discovery and stop_discovery commands to the
management interface. Right now their implementation is fairly
simplistic and the parameters are fixed to what user space has
defaulted to so far.
This is the very initial phase for discovery implementation into
the kernel. Next steps include name resolution, LE scanning and
bdaddr type handling.

Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Anderson Briglia <anderson.briglia@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:10:03 -03:00
Gustavo F. Padovan
cf2f90f59b Bluetooth: Don't export l2cap_sock_ops
l2cap_sk_ops can be static, it's not used outside l2cap_sock.c

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:10:02 -03:00
Gustavo F. Padovan
6ff5abbf4e Bluetooth: Fix memory leak with L2CAP channels
A new l2cap_chan_free() is added to free the channels.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:10:01 -03:00
Gustavo F. Padovan
8c1d787be4 Bluetooth: Move conn to struct l2cap_chan
There is no need to the socket deal directly with the channel, most of the
time it cares about the channel only.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:10:00 -03:00
Gustavo F. Padovan
fe4128e0aa Bluetooth: Move more vars to struct l2cap_chan
In this commit, psm, scid and dcid.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:09:59 -03:00
Gustavo F. Padovan
0c1bc5c626 Bluetooth: Move more channel info to struct l2cap_chan
In this commit, omtu, imtu, flush_to, mode and sport. It also remove the
pi var from l2cap_sock_sendmsg().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-28 01:09:58 -03:00
Gustavo F. Padovan
47d1ec6161 Bluetooth: Move more vars to struct l2cap_chan
In this commit all ERTM and Streaming Mode specific vars.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-27 18:51:35 -03:00
Gustavo F. Padovan
4343478f3a Bluetooth: Move some more elements to struct l2cap_chan
In this commit sec_level, force_reliable, role_switch and flushable.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-27 18:51:35 -03:00
Gustavo F. Padovan
77a74c7e08 Bluetooth: Rename l2cap_do_connect() to l2cap_chan_connect()
l2cap_chan_connect() is a much better name and reflects what this
functions is doing (or will do once socket dependence is removed from the
core).

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-27 18:51:34 -03:00
Gustavo F. Padovan
b445003518 Bluetooth: Move conf_state to struct l2cap_chan
First move of elements depending on user data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-27 18:51:34 -03:00
Gustavo F. Padovan
5d41ce1dd9 Bluetooth: Refactor L2CAP channel allocation
If the allocation happens at l2cap_sock_create() will be able to use the
struct l2cap_chan to store channel info that comes from the user via
setsockopt.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-27 18:51:34 -03:00
Gustavo F. Padovan
828d7d7b19 Merge master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
Conflicts:
	net/bluetooth/l2cap_core.c
	net/bluetooth/l2cap_sock.c
	net/bluetooth/mgmt.c
2011-04-20 21:47:07 -03:00
Stanislaw Gruszka
069f40fc07 iwl4965: fix skb usage after free
Since

commit a120e912eb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link, making bisection of other problems impossible.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-20 16:05:59 -04:00
Stanislaw Gruszka
b25026981a iwlwifi: fix skb usage after free
Since

commit a120e912eb
Author: Stanislaw Gruszka <sgruszka@redhat.com>
Date:   Fri Feb 19 15:47:33 2010 -0800

    iwlwifi: sanity check before counting number of tfds can be free

we use skb->data after calling ieee80211_tx_status_irqsafe(), which
could free skb instantly.

On current kernels I do not observe practical problems related with
bug, but on 2.6.35.y it cause random system hangs when stressing
wireless link.

Cc: stable@kernel.org # 2.6.32+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-20 16:05:59 -04:00
Johannes Berg
243e6df4ed mac80211: fix SMPS debugfs locking
The locking with SMPS requests means that the
debugs file should lock the mgd mutex, not the
iflist mutex. Calls to __ieee80211_request_smps()
need to hold that mutex, so add an assertion.

This has always been wrong, but for some reason
never been noticed, probably because the locking
error only happens while unassociated.

Cc: stable@kernel.org [2.6.34+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-20 16:05:59 -04:00
John W. Linville
10e99777e9 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6 2011-04-20 15:56:44 -04:00
Felix Fietkau
2232d31bf1 ath9k: fix the return value of ath_stoprecv
The patch 'ath9k_hw: fix stopping rx DMA during resets' added code to detect
a condition where rx DMA was stopped, but the MAC failed to enter the idle
state. This condition requires a hardware reset, however the return value
of ath_stoprecv was 'true' in that case, which allowed it to skip the reset
when issuing a fast channel change.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Paul Stewart <pstew@google.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-19 15:22:52 -04:00
Ruiyi Zhang
a429b51930 Bluetooth: Only keeping SAR bits when retransmitting one frame.
When retrasmitting one frame, only SAR bits in control field should
be kept.

Signed-off-by: Ruiyi Zhang <Ruiyi.zhang@atheros.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-18 20:11:47 -03:00
Luiz Augusto von Dentz
f21ca5fff6 Bluetooth: fix shutdown on SCO sockets
shutdown should wait for SCO link to be properly disconnected before
detroying the socket, otherwise an application using the socket may
assume link is properly disconnected before it really happens which
can be a problem when e.g synchronizing profile switch.

Signed-off-by: Luiz Augusto von Dentz <luiz.dentz-von@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-18 20:11:46 -03:00
Vinicius Costa Gomes
b79f44c16a Bluetooth: Fix keeping the command timer running
In the teardown path the reset command is sent to the controller,
this event causes the command timer to be reactivated.

So the timer is removed in two situations, when the adapter isn't
marked as UP and when we know that some command has been sent.

Reported-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-18 20:11:46 -03:00
Ville Tervo
7a74aeb022 Bluetooth: Fix refcount balance for hci connection
hci_io_capa_reply_evt() holds reference for hciconnection. It's useless since
hci_io_capa_request_evt()/hci_simple_pair_complete_evt() already protects the
connection. In addition it leaves connection open after failed SSP pairing.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-18 20:11:45 -03:00
Daniel Halperin
7caa2316bf iwlwifi: fix frame injection for HT channels
For some reason, sending QoS configuration causes transmission to stop
after a single frame on HT channels when not associated. Removing the
extra QoS configuration has no effect on station mode, and fixes
injection mode.

Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
2011-04-18 08:15:26 -07:00
Gustavo F. Padovan
26954c7f26 Bluetooth: Fix lockdep warning in L2CAP
Fix a regression from the L2CAP "rewrite" patches.
Purge the tx_q already happens on l2cap_chan_del() so we don't need it at
l2cap_disconnect_req().

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-14 18:36:16 -03:00
Gustavo F. Padovan
62f3a2cfb1 Bluetooth: Fix another locking unbalance
l2cap_get_sock_by_scid was changed to not lock the socket anymore, but I
forgot to change all the users of this function.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-14 18:34:34 -03:00
Gustavo F. Padovan
280f294f7b Bluetooth: Don't lock sock inside l2cap_get_sock_by_scid()
Fix an locking issue with the new l2cap_att_channel(). l2cap_att_channel()
was trying to lock a locked socket.

Reported-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 19:01:22 -03:00
Stanislaw Gruszka
332704a514 iwlegacy: fix tx_power initialization
priv->tx_power_next is not initialized to max supported power,
but instead default value is used, what cause errors like

[   58.597834] iwl3945 0000:03:00.0: Requested user TXPOWER 15 above upper limit 14.
[   58.597839] iwl3945 0000:03:00.0: Error setting Tx power (-22).

if maximum tx power read from the eeprom is smaller than default.
In consequence card is unable to initialize properly. Fix the problem
and cleanup tx power initialization.

Reported-and-tested-by: Robin Dong <hao.bigrat@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2011-04-13 15:09:53 -04:00
Kevin Gan
9f72c1d977 Bluetooth: btmrvl: support Marvell Bluetooth device SD8787
The SD8787 firmware image is shared with mwifiex driver.
Whoever gets loaded first will be responsible for firmware
downloading.

Signed-off-by: Kevin Gan <ganhy@marvell.com>
Signed-off-by: Tristan Xu <xurf@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:05 -03:00
Gustavo F. Padovan
b86ed368f1 Bluetooth: Check return value of hci_recv_stream_fragment()
It may return error and in this case we do add to the stats.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:04 -03:00
Jiejing Zhang
78b4a56c28 Bluetooth: hci_uart: check the return value of recv()
Check the return value of hu->proto->recv() in hci_uart_tty_receive()
the recv() may return error, check it, not add this to statistics.

Signed-off-by: Jiejing Zhang <jiejing.zhang@freescale.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:03 -03:00
Szymon Janc
e1ba1f1546 Bluetooth: Fix Out Of Band pairing when mgmt interface is disabled
Use kernel stored remote Out Of Band data only if management interface
is enabled. Otherwise HCI_OP_REMOTE_OOB_DATA_NEG_REPLY was sent to
controller even if remote Out Of Band data was present in bluetoothd.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:02 -03:00
Gustavo F. Padovan
9f69bda6aa Bluetooth: Add proper handling of received LE data
Despite it works, handling through l2cap_data_channel() is wrongs.
That function should handle only connection oriented data.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:02 -03:00
Gustavo F. Padovan
0733119c0b Bluetooth: Clean up ath3k_load_firmware()
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:01 -03:00
Gustavo F. Padovan
cd69a03af1 Bluetooth: Fix wrong comparison in listen()
We should check for the pi->scid there.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:20:00 -03:00
Gustavo F. Padovan
58d35f87ef Bluetooth: Move tx queue to struct l2cap_chan
tx_q is the queue used by ERTM mode.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:19:59 -03:00
Gustavo F. Padovan
c916fbe45c Bluetooth: Remove unneeded uninitialized_vars()
That was unnecessary use of it.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
2011-04-13 12:19:58 -03:00