1. 03 12月, 2014 9 次提交
  2. 02 12月, 2014 1 次提交
    • J
      Bluetooth: Track both local and remote L2CAP fixed channel mask · 0bd49fc7
      Johan Hedberg 提交于
      To pave the way for future fixed channels to be added easily we should
      track both the local and remote mask on a per-L2CAP connection (struct
      l2cap_conn) basis. So far the code has used a global variable in a racy
      way which anyway needs fixing.
      
      This patch renames the existing conn->fixed_chan_mask that tracked
      the remote mask to conn->remote_fixed_chan and adds a new variable
      conn->local_fixed_chan to track the local mask. Since the HS support
      info is now available in the local mask we can remove the
      conn->hs_enabled variable.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      0bd49fc7
  3. 19 11月, 2014 1 次提交
  4. 18 11月, 2014 1 次提交
  5. 15 11月, 2014 2 次提交
  6. 13 11月, 2014 1 次提交
    • J
      Bluetooth: Use proper nesting annotation for l2cap_chan lock · abe84903
      Johan Hedberg 提交于
      By default lockdep considers all L2CAP channels equal. This would mean
      that we get warnings if a channel is locked when another one's lock is
      tried to be acquired in the same thread. This kind of inter-channel
      locking dependencies exist in the form of parent-child channels as well
      as any channel wishing to elevate the security by requesting procedures
      on the SMP channel.
      
      To eliminate the chance for these lockdep warnings we introduce a
      nesting level for each channel and use that when acquiring the channel
      lock. For now there exists the earlier mentioned three identified
      categories: SMP, "normal" channels and parent channels (i.e. those in
      BT_LISTEN state). The nesting level is defined as atomic_t since we need
      access to it before the lock is actually acquired.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      abe84903
  7. 03 11月, 2014 2 次提交
  8. 02 11月, 2014 2 次提交
  9. 25 10月, 2014 3 次提交
  10. 24 9月, 2014 2 次提交
  11. 17 9月, 2014 1 次提交
  12. 15 9月, 2014 1 次提交
  13. 09 9月, 2014 9 次提交
    • J
      Bluetooth: Fix mgmt pairing failure when authentication fails · e1e930f5
      Johan Hedberg 提交于
      Whether through HCI with BR/EDR or SMP with LE when authentication fails
      we should also notify any pending Pair Device mgmt command. This patch
      updates the mgmt_auth_failed function to take the actual hci_conn object
      and makes sure that any pending pairing command is notified and cleaned
      up appropriately.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e1e930f5
    • J
      Bluetooth: Fix locking of the SMP context · fc75cc86
      Johan Hedberg 提交于
      Before the move the l2cap_chan the SMP context (smp_chan) didn't have
      any kind of proper locking. The best there existed was the
      HCI_CONN_LE_SMP_PEND flag which was used to enable mutual exclusion for
      potential multiple creators of the SMP context.
      
      Now that SMP has been converted to use the l2cap_chan infrastructure and
      since the SMP context is directly mapped to a corresponding l2cap_chan
      we get the SMP context locking essentially for free through the
      l2cap_chan lock. For all callbacks that l2cap_core.c makes for each
      channel implementation (smp.c in the case of SMP) the l2cap_chan lock is
      held through l2cap_chan_lock(chan).
      
      Since the calls from l2cap_core.c to smp.c are covered the only missing
      piece to have the locking implemented properly is to ensure that the
      lock is held for any other call path that may access the SMP context.
      This means user responses through mgmt.c, requests to elevate the
      security of a connection through hci_conn.c, as well as any deferred
      work through workqueues.
      
      This patch adds the necessary locking to all these other code paths that
      try to access the SMP context. Since mutual exclusion for the l2cap_chan
      access is now covered from all directions the patch also removes
      unnecessary HCI_CONN_LE_SMP_PEND flag (once we've acquired the chan lock
      we can simply check whether chan->smp is set to know if there's an SMP
      context).
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fc75cc86
    • J
      Bluetooth: Move identity address update behind a workqueue · f3d82d0c
      Johan Hedberg 提交于
      The identity address update of all channels for an l2cap_conn needs to
      take the lock for each channel, i.e. it's safest to do this by a
      separate workqueue callback.
      
      Previously this was partially solved by moving the entire SMP key
      distribution behind a workqueue. However, if we want SMP context locking
      to be correct and safe we should always use the l2cap_chan lock when
      accessing it, meaning even smp_distribute_keys needs to take that lock
      which would once again create a dead lock when updating the identity
      address.
      
      The simplest way to solve this is to have l2cap_conn manage the deferred
      work which is what this patch does. A subsequent patch will remove the
      now unnecessary SMP key distribution work struct.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f3d82d0c
    • J
      Bluetooth: Update hci_disconnect() to return an error value · e3b679d5
      Johan Hedberg 提交于
      We'll soon use hci_disconnect() from places that are interested to know
      whether the hci_send_cmd() really succeeded or not. This patch updates
      hci_disconnect() to pass on any error returned from hci_send_cmd().
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e3b679d5
    • J
      Bluetooth: Remove unused l2cap_conn_shutdown API · b04afa0c
      Johan Hedberg 提交于
      Now that there are no more users of the l2cap_conn_shutdown API (since
      smp.c switched to using hci_disconnect) we can simply remove it along
      with all of it's l2cap_conn variables.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      b04afa0c
    • J
      Bluetooth: Ignore incoming data after initiating disconnection · f94b665d
      Johan Hedberg 提交于
      When hci_chan_del is called the disconnection routines get scheduled
      through a workqueue. If there's any incoming ACL data before the
      routines get executed there's a chance that a new hci_chan is created
      and the disconnection never happens. This patch adds a new hci_conn flag
      to indicate that we're in the process of driving the connection down. We
      set the flag in hci_chan_del and check for it in hci_chan_create so that
      no new channels are created for the same connection.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f94b665d
    • J
      Bluetooth: Use zero timeout for immediate scheduling · eb78d7e5
      Johan Hedberg 提交于
      There's no point in passing a "small" timeout to queue_delayed_work() to
      try to get the callback faster scheduled. Passing 0 is perfectly valid
      and will cause a shortcut to a direct queue_work().
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      eb78d7e5
    • J
      Bluetooth: Improve *_get() functions to return the object type · 51bb8457
      Johan Hedberg 提交于
      It's natural to have *_get() functions that increment the reference
      count of an object to return the object type itself. This way it's
      simple to make a copy of the object pointer and increase the reference
      count in a single step. This patch updates two such get() functions,
      namely hci_conn_get() and l2cap_conn_get(), and updates the users to
      take advantage of the new API.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      51bb8457
    • J
      Bluetooth: Fix hci_conn reference counting for fixed channels · c16900cf
      Johan Hedberg 提交于
      Now that SMP has been converted to use fixed channels we've got a bit of
      a problem with the hci_conn reference counting. So far the L2CAP code
      has kept a reference for each L2CAP channel that was notified of the
      connection. With SMP however this would mean that the connection is
      never dropped even though there are no other users of it. Furthermore,
      SMP already does its own hci_conn reference counting internally,
      starting from a security or pairing request and ending with the key
      distribution.
      
      This patch makes L2CAP fixed channels default to the L2CAP core not
      keeping a hci_conn reference for them. A new FLAG_HOLD_HCI_CONN flag is
      added so that L2CAP users can declare an exception to this rule and hold
      a reference even for their fixed channels. One such exception is the
      L2CAP socket layer which does want a reference for each socket (e.g. an
      ATT socket which uses a fixed channel).
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      c16900cf
  14. 21 8月, 2014 1 次提交
    • J
      Bluetooth: Fix hci_conn reference counting for auto-connections · f161dd41
      Johan Hedberg 提交于
      Recently the LE passive scanning and auto-connections feature was
      introduced. It uses the hci_connect_le() API which returns a hci_conn
      along with a reference count to that object. All previous users would
      tie this returned reference to some existing object, such as an L2CAP
      channel, and there'd be no leaked references this way. For
      auto-connections however the reference was returned but not stored
      anywhere, leaving established connections with one higher reference
      count than they should have.
      
      Instead of playing special tricks with hci_conn_hold/drop this patch
      associates the returned reference from hci_connect_le() with the object
      that in practice does own this reference, i.e. the hci_conn_params
      struct that caused us to initiate a connection in the first place. Once
      the connection is established or fails to establish this reference is
      removed appropriately.
      
      One extra thing needed is to call hci_pend_le_actions_clear() before
      calling hci_conn_hash_flush() so that the reference is cleared before
      the hci_conn objects are fully removed.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f161dd41
  15. 14 8月, 2014 4 次提交
    • J
      Bluetooth: Remove unused l2cap_conn->security_timer · 276d8073
      Johan Hedberg 提交于
      Now that there are no-longer any users for l2cap_conn->security_timer we
      can go ahead and simply remove it. The patch makes initialization of the
      conn->info_timer unconditional since it's better not to leave any
      l2cap_conn data structures uninitialized no matter what the underlying
      transport.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      276d8073
    • J
      Bluetooth: Add public l2cap_conn_shutdown() API to request disconnection · dec5b492
      Johan Hedberg 提交于
      Since we no-longer do special handling of SMP within l2cap_core.c we
      don't have any code for calling l2cap_conn_del() when smp.c doesn't like
      the data it gets. At the same time we cannot simply export
      l2cap_conn_del() since it will try to lock the channels it calls into
      whereas we already hold the lock in the smp.c l2cap_chan callbacks (i.e.
      it'd lead to a deadlock).
      
      This patch adds a new l2cap_conn_shutdown() API which is very similar to
      l2cap_conn_del() except that it defers the call to l2cap_conn_del()
      through a workqueue, thereby making it safe to use it from an L2CAP
      channel callback.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      dec5b492
    • J
      Bluetooth: Convert SMP to use l2cap_chan infrastructure · 5d88cc73
      Johan Hedberg 提交于
      Now that we have all the necessary pieces in place we can fully convert
      SMP to use the L2CAP channel infrastructure. This patch adds the
      necessary callbacks and removes the now unneeded conn->smp_chan pointer.
      
      One notable behavioral change in this patch comes from the following
      code snippet:
      
      -       case L2CAP_CID_SMP:
      -               if (smp_sig_channel(conn, skb))
      -                       l2cap_conn_del(conn->hcon, EACCES);
      
      This piece of code was essentially forcing a disconnection if garbage
      SMP data was received. The l2cap_conn_del() function is private to
      l2cap_conn.c so we don't have access to it anymore when using the L2CAP
      channel callbacks. Therefore, the behavior of the new code is simply to
      return errors in the recv() callback (which is simply the old
      smp_sig_channel()), but no disconnection will occur.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5d88cc73
    • J
      Bluetooth: Make AES crypto context private to SMP · defce9e8
      Johan Hedberg 提交于
      Now that we have per-adapter SMP data thanks to the root SMP L2CAP
      channel we can take advantage of it and attach the AES crypto context
      (only used for SMP) to it. This means that the smp_irk_matches() and
      smp_generate_rpa() function can be converted to internally handle the
      AES context.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      defce9e8