1. 20 11月, 2015 7 次提交
  2. 22 10月, 2015 6 次提交
    • J
      Bluetooth: Take advantage of connection abort helpers · 89e0ccc8
      Johan Hedberg 提交于
      Convert the various places mapping connection state to
      disconnect/cancel HCI command to use the new hci_abort_conn helper
      API.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      89e0ccc8
    • J
      Bluetooth: Fix crash in SMP when unpairing · c81d555a
      Johan Hedberg 提交于
      When unpairing the keys stored in hci_dev are removed. If SMP is
      ongoing the SMP context will also have references to these keys, so
      removing them from the hci_dev lists will make the pointers invalid.
      This can result in the following type of crashes:
      
       BUG: unable to handle kernel paging request at 6b6b6b6b
       IP: [<c11f26be>] __list_del_entry+0x44/0x71
       *pde = 00000000
       Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
       Modules linked in: hci_uart btqca btusb btintel btbcm btrtl hci_vhci rfcomm bluetooth_6lowpan bluetooth
       CPU: 0 PID: 723 Comm: kworker/u5:0 Not tainted 4.3.0-rc3+ #1379
       Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014
       Workqueue: hci0 hci_rx_work [bluetooth]
       task: f19da940 ti: f1a94000 task.ti: f1a94000
       EIP: 0060:[<c11f26be>] EFLAGS: 00010202 CPU: 0
       EIP is at __list_del_entry+0x44/0x71
       EAX: c0088d20 EBX: f30fcac0 ECX: 6b6b6b6b EDX: 6b6b6b6b
       ESI: f4b60000 EDI: c0088d20 EBP: f1a95d90 ESP: f1a95d8c
        DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
       CR0: 8005003b CR2: 6b6b6b6b CR3: 319e5000 CR4: 00000690
       Stack:
        f30fcac0 f1a95db0 f82dc3e1 f1bfc000 00000000 c106524f f1bfc000 f30fd020
        f1a95dc0 f1a95dd0 f82dcbdb f1a95de0 f82dcbdb 00000067 f1bfc000 f30fd020
        f1a95de0 f1a95df0 f82d1126 00000067 f82d1126 00000006 f30fd020 f1bfc000
       Call Trace:
        [<f82dc3e1>] smp_chan_destroy+0x192/0x240 [bluetooth]
        [<c106524f>] ? trace_hardirqs_on_caller+0x14e/0x169
        [<f82dcbdb>] smp_teardown_cb+0x47/0x64 [bluetooth]
        [<f82dcbdb>] ? smp_teardown_cb+0x47/0x64 [bluetooth]
        [<f82d1126>] l2cap_chan_del+0x5d/0x14d [bluetooth]
        [<f82d1126>] ? l2cap_chan_del+0x5d/0x14d [bluetooth]
        [<f82d40ef>] l2cap_conn_del+0x109/0x17b [bluetooth]
        [<f82d40ef>] ? l2cap_conn_del+0x109/0x17b [bluetooth]
        [<f82c0205>] ? hci_event_packet+0x5b1/0x2092 [bluetooth]
        [<f82d41aa>] l2cap_disconn_cfm+0x49/0x50 [bluetooth]
        [<f82d41aa>] ? l2cap_disconn_cfm+0x49/0x50 [bluetooth]
        [<f82c0228>] hci_event_packet+0x5d4/0x2092 [bluetooth]
        [<c1332c16>] ? skb_release_data+0x6a/0x95
        [<f82ce5d4>] ? hci_send_to_monitor+0xe7/0xf4 [bluetooth]
        [<c1409708>] ? _raw_spin_unlock_irqrestore+0x44/0x57
        [<f82b3bb0>] hci_rx_work+0xf1/0x28b [bluetooth]
        [<f82b3bb0>] ? hci_rx_work+0xf1/0x28b [bluetooth]
        [<c10635a0>] ? __lock_is_held+0x2e/0x44
        [<c104772e>] process_one_work+0x232/0x432
        [<c1071ddc>] ? rcu_read_lock_sched_held+0x50/0x5a
        [<c104772e>] ? process_one_work+0x232/0x432
        [<c1047d48>] worker_thread+0x1b8/0x255
        [<c1047b90>] ? rescuer_thread+0x23c/0x23c
        [<c104bb71>] kthread+0x91/0x96
        [<c14096a7>] ? _raw_spin_unlock_irq+0x27/0x44
        [<c1409d61>] ret_from_kernel_thread+0x21/0x30
        [<c104bae0>] ? kthread_parkme+0x1e/0x1e
      
      To solve the issue, introduce a new smp_cancel_pairing() API that can
      be used to clean up the SMP state before touching the hci_dev lists.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      c81d555a
    • J
      Bluetooth: Disable auto-connection parameters when unpairing · fc64361a
      Johan Hedberg 提交于
      For connection parameters that are left around until a disconnection
      we should at least clear any auto-connection properties. This way a
      new Add Device call is required to re-set them after calling Unpair
      Device.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fc64361a
    • J
      Bluetooth: Remove unnecessary indentation in unpair_device() · ec182f03
      Johan Hedberg 提交于
      Instead of doing all of the LE-specific handling in an else-branch in
      unpair_device() create a 'done' label for the BR/EDR branch to jump to
      and then remove the else-branch completely.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ec182f03
    • J
      Bluetooth: Use hci_conn_hash_lookup_le() when possible · 9d4c1cc1
      Johan Hedberg 提交于
      Use the new hci_conn_hash_lookup_le() API to look up LE connections.
      This way we're guaranteed exact matches that also take into account
      the address type.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9d4c1cc1
    • J
      Bluetooth: Add le_addr_type() helper function · 85813a7e
      Johan Hedberg 提交于
      The mgmt code needs to convert from mgmt/L2CAP address types to HCI in
      many places. Having a dedicated helper function for this simplifies
      code by shortening it and removing unnecessary 'addr_type' variables.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      85813a7e
  3. 21 10月, 2015 2 次提交
    • J
      Bluetooth: Fix removing connection parameters when unpairing · a6ad2a6b
      Johan Hedberg 提交于
      The commit 89cbb063 introduced support for deferred connection
      parameter removal when unpairing by removing them only once an
      existing connection gets disconnected. However, it failed to address
      the scenario when we're *not* connected and do an unpair operation.
      
      What makes things worse is that most user space BlueZ versions will
      first issue a disconnect request and only then unpair, meaning the
      buggy code will be triggered every time. This effectively causes the
      kernel to resume scanning and reconnect to a device for which we've
      removed all keys and GATT database information.
      
      This patch fixes the issue by adding the missing call to the
      hci_conn_params_del() function to a branch which handles the case of
      no existing connection.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org # 3.19+
      a6ad2a6b
    • J
      Bluetooth: Don't use remote address type to decide IRK persistency · cad20c27
      Johan Hedberg 提交于
      There are LE devices on the market that start off by announcing their
      public address and then once paired switch to using private address.
      To be interoperable with such devices we should simply trust the fact
      that we're receiving an IRK from them to indicate that they may use
      private addresses in the future. Instead, simply tie the persistency
      to the bonding/no-bonding information the same way as for LTKs and
      CSRKs.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      cad20c27
  4. 16 10月, 2015 4 次提交
  5. 11 8月, 2015 3 次提交
    • J
      Bluetooth: Enable new connection establishment procedure. · fa142220
      Jakub Pawlowski 提交于
      Currently, when trying to connect to already paired device that just
      rotated its RPA MAC address, old address would be used and connection
      would fail. In order to fix that, kernel must scan and receive
      advertisement with fresh RPA before connecting.
      
      This patch enables new connection establishment procedure. Instead of just
      sending HCI_OP_LE_CREATE_CONN to controller, "connect" will add device to
      kernel whitelist and start scan. If advertisement is received, it'll be
      compared against whitelist and then trigger connection if it matches.
      That fixes mentioned reconnect issue for  already paired devices. It also
      make whole connection procedure more robust. We can try to connect to
      multiple devices at same time now, even though controller allow only one.
      Signed-off-by: NJakub Pawlowski <jpawlowski@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fa142220
    • J
      Bluetooth: advertisement handling in new connect procedure · 28a667c9
      Jakub Pawlowski 提交于
      Currently, when trying to connect to already paired device that just
      rotated its RPA MAC address, old address would be used and connection
      would fail. In order to fix that, kernel must scan and receive
      advertisement with fresh RPA before connecting.
      
      This path makes sure that after advertisement is received from device that
      we try to connect to, it is properly handled in check_pending_le_conn and
      trigger connect attempt.
      
      It also modifies hci_le_connect to make sure that connect attempt will be
      properly continued.
      Signed-off-by: NJakub Pawlowski <jpawlowski@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      28a667c9
    • J
      Bluetooth: add hci_lookup_le_connect · e7d9ab73
      Jakub Pawlowski 提交于
      This patch adds hci_lookup_le_connect method, that will be used to check
      wether outgoing le connection attempt is in progress.
      Signed-off-by: NJakub Pawlowski <jpawlowski@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e7d9ab73
  6. 06 8月, 2015 1 次提交
    • J
      Bluetooth: fix MGMT_EV_NEW_LONG_TERM_KEY event · cb92205b
      Jakub Pawlowski 提交于
      This patch fixes how MGMT_EV_NEW_LONG_TERM_KEY event is build. Right now
      val vield is filled with only 1 byte, instead of whole value. This bug
      was introduced in
      commit 1fc62c52 ("Bluetooth: Fix exposing full value of shortened LTKs")
      
      Before that patch, if you paired with device using bluetoothd using simple
      pairing, and then restarted bluetoothd, you would be able to re-connect,
      but device would fail to establish encryption and would terminate
      connection. After this patch connecting after bluetoothd restart works
      fine.
      Signed-off-by: NJakub Pawlowski <jpawlowski@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      cb92205b
  7. 23 7月, 2015 1 次提交
  8. 19 6月, 2015 16 次提交