1. 29 3月, 2015 1 次提交
    • J
      Bluetooth: Fix race condition with HCI_RESET flag · 600b2150
      Johan Hedberg 提交于
      During the HCI init phase a completed request might be the last part of
      the setup procedure after which the actual init procedure starts. The
      init procedure begins with a call to hci_reset_req() which sets the
      HCI_RESET flag. The purpose of this flag is to make us ignore any
      updates to ncmd/cmd_cnt as long as we haven't received the command
      complete event for the HCI_Reset. There's a potential race with this
      however:
      
      	hci_req_cmd_complete(hdev, opcode, status);
      
      	if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
      		atomic_set(&hdev->cmd_cnt, 1);
      		if (!skb_queue_empty(&hdev->cmd_q))
      			queue_work(hdev->workqueue, &hdev->cmd_work);
      	}
      
      Since the hci_req_cmd_complete() will trigger the completion of the
      setup stage, it's possible that hci_reset_req() gets called before we
      try to read ev->ncmd and the HCI_RESET flag. Because of this the cmd_cnt
      would never be updated and the hci_reset_req() in practice ends up
      blocking itself.
      
      This patch fixes the issue by updating cmd_cnt before notifying the
      request completion, and then reading it again to determine whether the
      cmd_work should be queued or not.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      600b2150
  2. 18 3月, 2015 1 次提交
  3. 16 3月, 2015 2 次提交
    • M
      Bluetooth: Remove unneeded HCI_CONN_REMOTE_OOB connection flag · aefedc1a
      Marcel Holtmann 提交于
      The HCI_CONN_REMOTE_OOB connection flag is used to indicate if the
      pairing initiator has provided out-of-band data. However since that
      value is no longer used in any decision making, just remove it.
      
      It is actually unclear what purpose the OOB data present field from
      the HCI IO Capability Response event serves in the first place. If
      either side provided out-of-band data, then that data will be used
      for pairing.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      aefedc1a
    • M
      Bluetooth: Fix BR/EDR out-of-band pairing with only initiator data · 455c2ff0
      Marcel Holtmann 提交于
      When only the pairing initiator is providing out-of-band data, then
      the receiver side was ignoring the data. For some reason the code was
      checking if the initiator has received out-of-band data and only then
      also provide the required inidication that the acceptor actually has
      the needed data available.
      
      For BR/EDR out-of-band pairing it is enough if one side has received
      out-of-band data. There are no extra checks needed here to make this
      work smoothly. The only thing that is needed is to tell the controller
      if data is present (and if it is P-192 or P-256 or both) and then let
      the controller actually figure out the rest.
      
      This means the check for outgoing connection or if the initiator has
      indicated data are completely pointless and are in fact actually
      causing harm. The check in question is this one:
      
         if (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) {
      
      After just taking the conditional check out and always executing the
      code for determining the type of out-of-band data, the pairing works
      flawlessly and prodcudes authenticated link keys.
      
      The patch itself looks more complicated due to the reformatting of the
      indentation, but it essentially just a two-line change.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      455c2ff0
  4. 14 3月, 2015 1 次提交
  5. 13 3月, 2015 4 次提交
  6. 02 3月, 2015 1 次提交
  7. 19 2月, 2015 2 次提交
  8. 01 2月, 2015 3 次提交
  9. 29 1月, 2015 6 次提交
    • S
      Bluetooth: Fix sending Read Remote Extended Features command · ac363cf9
      Szymon Janc 提交于
      This command should only be used if remote device reports that it
      supports extended features. Otherwise command will fail and connection
      will be dropped.
      
      Some devices support SSP but don't support extended features so
      current check for SSP support is not enought.
      
      Instead of checking for SSP support just check if both ends support
      Extended Feature.
      
      < HCI Command: Create Connection (0x01|0x0005) plen 13
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Packet type: 0xcc18
                DM1 may be used
                DH1 may be used
                DM3 may be used
                DH3 may be used
                DM5 may be used
                DH5 may be used
              Page scan repetition mode: R1 (0x01)
              Page scan mode: Mandatory (0x00)
              Clock offset: 0x94c8
              Role switch: Allow slave (0x01)
      > HCI Event: Command Status (0x0f) plen 4
            Create Connection (0x01|0x0005) ncmd 1
              Status: Success (0x00)
      > HCI Event: Connect Complete (0x03) plen 11
              Status: Success (0x00)
              Handle: 5
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Link type: ACL (0x01)
              Encryption: Disabled (0x00)
      < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Supported Features (0x01|0x001b) ncmd 1
              Status: Success (0x00)
      > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Page scan repetition mode: R1 (0x01)
      > HCI Event: Read Remote Supported Features (0x0b) plen 11
              Status: Success (0x00)
              Handle: 5
              Features: 0xff 0xff 0x8f 0xfe 0xdb 0xff 0x5b 0x07
                3 slot packets
                5 slot packets
                Encryption
                Slot offset
                Timing accuracy
                Role switch
                Hold mode
                Sniff mode
                Park state
                Power control requests
                Channel quality driven data rate (CQDDR)
                SCO link
                HV2 packets
                HV3 packets
                u-law log synchronous data
                A-law log synchronous data
                CVSD synchronous data
                Paging parameter negotiation
                Power control
                Transparent synchronous data
                Broadcast Encryption
                Enhanced Data Rate ACL 2 Mbps mode
                Enhanced Data Rate ACL 3 Mbps mode
                Enhanced inquiry scan
                Interlaced inquiry scan
                Interlaced page scan
                RSSI with inquiry results
                Extended SCO link (EV3 packets)
                EV4 packets
                EV5 packets
                AFH capable slave
                AFH classification slave
                LE Supported (Controller)
                3-slot Enhanced Data Rate ACL packets
                5-slot Enhanced Data Rate ACL packets
                Sniff subrating
                Pause encryption
                AFH capable master
                AFH classification master
                Enhanced Data Rate eSCO 2 Mbps mode
                Enhanced Data Rate eSCO 3 Mbps mode
                3-slot Enhanced Data Rate eSCO packets
                Extended Inquiry Response
                Simultaneous LE and BR/EDR (Controller)
                Secure Simple Pairing
                Encapsulated PDU
                Non-flushable Packet Boundary Flag
                Link Supervision Timeout Changed Event
                Inquiry TX Power Level
                Enhanced Power Control
      < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
              Handle: 5
              Page: 1
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Extended Features (0x01|0x001c) ncmd 1
              Status: Command Disallowed (0x0c)
      < HCI Command: Read Clock Offset (0x01|0x001f) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Clock Offset (0x01|0x001f) ncmd 1
              Status: Success (0x00)
      < HCI Command: Disconnect (0x01|0x0006) plen 3
              Handle: 5
              Reason: Remote User Terminated Connection (0x13)
      Signed-off-by: NSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ac363cf9
    • M
      Bluetooth: Perform a power cycle when receiving hardware error event · c7741d16
      Marcel Holtmann 提交于
      When receiving a HCI Hardware Error event, the controller should be
      assumed to be non-functional until issuing a HCI Reset command.
      
      The Bluetooth hardware errors are vendor specific and so add a
      new hdev->hw_error callback that drivers can provide to run extra
      code to handle the hardware error.
      
      After completing the vendor specific error handling perform a full
      reset of the Bluetooth stack by closing and re-opening the transport.
      Based-on-patch-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      c7741d16
    • J
      Bluetooth: Fix notifying discovery state upon reset · 39c5d970
      Johan Hedberg 提交于
      When HCI_Reset is issued the discovery state is assumed to be stopped.
      The hci_cc_reset() handler was trying to set the state but it was doing
      it without using the hci_discovery_set_state() function. Because of this
      e.g. the mgmt Discovering event could go without being sent. This patch
      fixes the code to use the hci_discovery_set_state() function instead of
      just blindly setting the state value.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      39c5d970
    • M
      Bluetooth: Check for P-256 OOB values in Secure Connections Only mode · aa5b0345
      Marcel Holtmann 提交于
      If Secure Connections Only mode has been enabled, the it is important
      to check that OOB data for P-256 values is provided. In case it is not,
      then tell the remote side that no OOB data is present.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      aa5b0345
    • M
      Bluetooth: Use helper function to determine BR/EDR OOB data present · a83ed81e
      Marcel Holtmann 提交于
      When replying to the IO capability request for Secure Simple Pairing and
      Secure Connections, the OOB data present fields needs to set. Instead of
      making the calculation inline, split this into a separate helper
      function.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      a83ed81e
    • M
      Bluetooth: Clear P-192 values for OOB when in Secure Connections Only mode · 6665d057
      Marcel Holtmann 提交于
      When Secure Connections Only mode has been enabled and remote OOB data
      is requested, then only provide P-256 hash and randomizer vaulues. The
      fields for P-192 hash and randomizer should be set to zero.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      6665d057
  10. 24 1月, 2015 1 次提交
  11. 13 1月, 2015 2 次提交
  12. 25 12月, 2014 2 次提交
    • J
      Bluetooth: Fix accepting connections when not using mgmt · 6a8fc95c
      Johan Hedberg 提交于
      When connectable mode is enabled (page scan on) through some non-mgmt
      method the HCI_CONNECTABLE flag will not be set. For backwards
      compatibility with user space versions not using mgmt we should not
      require HCI_CONNECTABLE to be set if HCI_MGMT is not set.
      Reported-by: NPali Rohár <pali.rohar@gmail.com>
      Tested-by: NPali Rohár <pali.rohar@gmail.com>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Cc: stable@vger.kernel.org # 3.17+
      6a8fc95c
    • M
      Bluetooth: Fix controller configuration with HCI_QUIRK_INVALID_BDADDR · 8bfe8442
      Marcel Holtmann 提交于
      When controllers set the HCI_QUIRK_INVALID_BDADDR flag, it is required
      by userspace to program a valid public Bluetooth device address into
      the controller before it can be used.
      
      After successful address configuration, the internal state changes and
      the controller runs the complete initialization procedure. However one
      small difference is that this is no longer the HCI_SETUP stage. The
      HCI_SETUP stage is only valid during initial controller setup. In this
      case the stack runs the initialization as part of the HCI_CONFIG stage.
      
      The controller version information, default name and supported commands
      are only stored during HCI_SETUP. While these information are static,
      they are not read initially when HCI_QUIRK_INVALID_BDADDR is set. So
      when running in HCI_CONFIG state, these information need to be updated
      as well.
      
      This especially impacts Bluetooth 4.1 and later controllers using
      extended feature pages and second event mask page.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Cc: stable@vger.kernel.org # 3.17+
      8bfe8442
  13. 21 12月, 2014 1 次提交
  14. 20 12月, 2014 1 次提交
  15. 19 12月, 2014 2 次提交
  16. 11 12月, 2014 1 次提交
  17. 06 12月, 2014 1 次提交
    • M
      Bluetooth: Add support for handling LE Direct Advertising Report events · 2f010b55
      Marcel Holtmann 提交于
      When the controller sends a LE Direct Advertising Report event, the host
      must confirm that the resolvable random address provided matches with
      its own identity resolving key. If it does, then that advertising report
      needs to be processed. If it does not match, the report needs to be
      ignored.
      
      This patch adds full support for handling these new reports and using
      them for device discovery and connection handling. This means when a
      Bluetooth controller supports the Extended Scanner Filter Policies, it
      is possible to use directed advertising with LE privacy.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      2f010b55
  18. 05 12月, 2014 1 次提交
  19. 03 12月, 2014 6 次提交
  20. 19 11月, 2014 1 次提交