1. 07 11月, 2014 3 次提交
    • J
      Bluetooth: Send mgmt_connected only if state is BT_CONFIG · cb77c3ec
      Jaganath Kanakkassery 提交于
      If a remote name request is initiated while acl connection is going on,
      and if it fails then mgmt_connected will be sent. Evetually after acl
      connection, authentication will not be initiated and userspace will
      never get pairing reply.
      
      < HCI Command: Create Connection (0x01|0x0005) plen 13
          bdaddr AA:BB:CC:DD:EE:FF ptype 0xcc18 rswitch 0x01 clkoffset 0x2306 (valid)
          Packet type: DM1 DM3 DM5 DH1 DH3 DH5
      > HCI Event: Command Status (0x0f) plen 4
          Create Connection (0x01|0x0005) status 0x00 ncmd 1
      > HCI Event: Inquiry Complete (0x01) plen 1
          status 0x00
      < HCI Command: Remote Name Request (0x01|0x0019) plen 10
          bdaddr AA:BB:CC:DD:EE:FF mode 1 clkoffset 0x2306
      > HCI Event: Command Status (0x0f) plen 4
          Remote Name Request (0x01|0x0019) status 0x0c ncmd 1
          Error: Command Disallowed
      > HCI Event: Connect Complete (0x03) plen 11
          status 0x00 handle 50 bdaddr 00:0D:FD:47:53:B2 type ACL encrypt 0x00
      < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
          handle 50
      > HCI Event: Command Status (0x0f) plen 4
          Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
      > HCI Event: Max Slots Change (0x1b) plen 3
          handle 50 slots 5
      > HCI Event: Read Remote Supported Features (0x0b) plen 11
          status 0x00 handle 50
          Features: 0xff 0xff 0x8f 0xfe 0x9b 0xff 0x59 0x83
      < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
          handle 50 page 1
      > HCI Event: Command Status (0x0f) plen 4
          Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
      > HCI Event: Read Remote Extended Features (0x23) plen 13
          status 0x00 handle 50 page 1 max 1
          Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
      
      This patch sends mgmt_connected in remote name command status only if
      conn->state is BT_CONFIG
      Signed-off-by: NJaganath Kanakkassery <jaganath.k@samsung.com>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      cb77c3ec
    • K
      Bluetooth: Sort switch cases by opcode's numeric value · 9645c76c
      Kuba Pawlak 提交于
      Opcodes in switch/case in hci_cmd_status_evt are not sorted
      by value. This patch restores proper ordering.
      Signed-off-by: NKuba Pawlak <kubax.t.pawlak@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9645c76c
    • K
      Bluetooth: Clear role switch pending flag · 50fc85f1
      Kuba Pawlak 提交于
      If role switch was rejected by the controller and HCI Event: Command Status
      returned with status "Command Disallowed" (0x0C) the flag
      HCI_CONN_RSWITCH_PEND remains set. No further role switches are
      possible as this flag prevents us from sending any new HCI Switch Role
      requests and the only way to clear it is to receive a valid
      HCI Event Switch Role.
      
      This patch clears the flag if command was rejected.
      
      2013-01-01 00:03:44.209913 < HCI Command: Switch Role (0x02|0x000b) plen 7
          bdaddr BC:C6:DB:C4:6F:79 role 0x00
          Role: Master
      2013-01-01 00:03:44.210867 > HCI Event: Command Status (0x0f) plen 4
          Switch Role (0x02|0x000b) status 0x0c ncmd 1
          Error: Command Disallowed
      Signed-off-by: NKuba Pawlak <kubax.t.pawlak@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      50fc85f1
  2. 02 11月, 2014 2 次提交
  3. 31 10月, 2014 1 次提交
  4. 29 10月, 2014 1 次提交
  5. 25 10月, 2014 2 次提交
  6. 11 9月, 2014 2 次提交
  7. 09 9月, 2014 4 次提交
  8. 21 8月, 2014 1 次提交
    • J
      Bluetooth: Fix hci_conn reference counting for auto-connections · f161dd41
      Johan Hedberg 提交于
      Recently the LE passive scanning and auto-connections feature was
      introduced. It uses the hci_connect_le() API which returns a hci_conn
      along with a reference count to that object. All previous users would
      tie this returned reference to some existing object, such as an L2CAP
      channel, and there'd be no leaked references this way. For
      auto-connections however the reference was returned but not stored
      anywhere, leaving established connections with one higher reference
      count than they should have.
      
      Instead of playing special tricks with hci_conn_hold/drop this patch
      associates the returned reference from hci_connect_le() with the object
      that in practice does own this reference, i.e. the hci_conn_params
      struct that caused us to initiate a connection in the first place. Once
      the connection is established or fails to establish this reference is
      removed appropriately.
      
      One extra thing needed is to call hci_pend_le_actions_clear() before
      calling hci_conn_hash_flush() so that the reference is cleared before
      the hci_conn objects are fully removed.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f161dd41
  9. 14 8月, 2014 1 次提交
  10. 31 7月, 2014 2 次提交
  11. 28 7月, 2014 1 次提交
  12. 24 7月, 2014 2 次提交
    • M
      Bluetooth: Fix issue with ADV_IND reports and auto-connection handling · 4b9e7e75
      Marcel Holtmann 提交于
      When adding remote devices to the kernel using the Add Device management
      command, these devices are explicitly allowed to connect. This kind of
      incoming connections are possible even when the controller itself is
      not connectable.
      
      For BR/EDR this distinction is pretty simple since there is only one
      type of incoming connections. With LE this is not that simple anymore
      since there are ADV_IND and ADV_DIRECT_IND advertising events.
      
      The ADV_DIRECT_IND advertising events are send for incoming (slave
      initiated) connections only. And this is the only thing the kernel
      should allow when adding devices using action 0x01. This meaning
      of incoming connections is coming from BR/EDR and needs to be
      mapped to LE the same way.
      
      Supporting the auto-connection of devices using ADV_IND advertising
      events is an important feature as well. However it does not map to
      incoming connections. So introduce a new action 0x02 that allows
      the kernel to connect to devices using ADV_DIRECT_IND and in addition
      ADV_IND advertising reports.
      
      This difference is represented by the new HCI_AUTO_CONN_DIRECT value
      for only connecting to ADV_DIRECT_IND. For connection to ADV_IND and
      ADV_DIRECT_IND the old value HCI_AUTO_CONN_ALWAYS is used.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      4b9e7e75
    • M
      Bluetooth: Ignore ADV_DIRECT_IND attempts from unknown devices · cd4d5671
      Marcel Holtmann 提交于
      Unconditionally connecting to devices sending ADV_DIRECT_IND when
      the controller is in CONNECTABLE mode is a feature that is not
      fully working. The background scanning trigger for this has been
      removed, but the statement allowing it to happen in case some
      other part triggers is still present. So remove that code part
      as well to avoid unwanted connections.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      cd4d5671
  13. 17 7月, 2014 5 次提交
  14. 16 7月, 2014 6 次提交
  15. 15 7月, 2014 2 次提交
  16. 11 7月, 2014 2 次提交
    • J
      Bluetooth: Fix tracking local SSP authentication requirement · 6c53823a
      Johan Hedberg 提交于
      When we need to make the decision whether to perform just-works or real
      user confirmation we need to know the exact local authentication
      requirement that was passed to the controller. So far conn->auth_type
      (the local requirement) wasn't in one case updated appropriately in fear
      of the user confirmation being rejected later.
      
      The real problem however was not really that conn->auth_type couldn't
      represent the true value but that we were checking the local MITM
      requirement in an incorrect way. It's perfectly fine to let auth_type
      follow what we tell the controller since we're still tracking the target
      security level with conn->pending_sec_level.
      
      This patch updates the check for local MITM requirement in the
      hci_user_confirm_request_evt function to use the locally requested
      security level and ensures that auth_type always represents what we tell
      the controller. All other code in hci_user_confirm_request_evt still
      uses the auth_type instead of pending_sec_level for determining whether
      to do just-works or not, since that's the only value that's in sync with
      what the remote device knows.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Tested-by: NSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org # 3.16
      6c53823a
    • M
      Bluetooth: Move HCI request internals to net/bluetooth/hci_core.c · 899de765
      Marcel Holtmann 提交于
      The internals of the HCI request framework should not be leaking to
      its users. Move them all into net/bluetooth/hci_core.c and provide
      a simple hci_req_pending helper function for the one user outside
      the framework.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      899de765
  17. 10 7月, 2014 3 次提交