1. 23 8月, 2009 2 次提交
    • T
      Bluetooth: Convert hdev->req_lock to a mutex · a6a67efd
      Thomas Gleixner 提交于
      hdev->req_lock is used as mutex so make it a mutex.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a6a67efd
    • M
      Bluetooth: Add extra device reference counting for connections · 9eba32b8
      Marcel Holtmann 提交于
      The device model itself has no real usable reference counting at the
      moment and this causes problems if parents are deleted before their
      children. The device model itself handles the memory details of this
      correctly, but the uevent order is not consistent. This causes various
      problems for systems like HAL or even X.
      
      So until device_put() does a proper cleanup, the device for Bluetooth
      connection will be protected with an extra reference counting to ensure
      the correct order of uevents when connections are terminated.
      
      This is not an automatic feature. Higher Bluetooth layers like HIDP or
      BNEP should grab this new reference to ensure that their uevents are
      send before the ones from the parent device.
      
      Based on a report by Brian Rogers <brian@xyzw.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9eba32b8
  2. 08 6月, 2009 1 次提交
  3. 05 5月, 2009 1 次提交
    • M
      Bluetooth: Fix issue with sysfs handling for connections · a67e899c
      Marcel Holtmann 提交于
      Due to a semantic changes in flush_workqueue() the current approach of
      synchronizing the sysfs handling for connections doesn't work anymore. The
      whole approach is actually fully broken and based on assumptions that are
      no longer valid.
      
      With the introduction of Simple Pairing support, the creation of low-level
      ACL links got changed. This change invalidates the reason why in the past
      two independent work queues have been used for adding/removing sysfs
      devices. The adding of the actual sysfs device is now postponed until the
      host controller successfully assigns an unique handle to that link. So
      the real synchronization happens inside the controller and not the host.
      
      The only left-over problem is that some internals of the sysfs device
      handling are not initialized ahead of time. This leaves potential access
      to invalid data and can cause various NULL pointer dereferences. To fix
      this a new function makes sure that all sysfs details are initialized
      when an connection attempt is made. The actual sysfs device is only
      registered when the connection has been successfully established. To
      avoid a race condition with the registration, the check if a device is
      registered has been moved into the removal work.
      
      As an extra protection two flush_work() calls are left in place to
      make sure a previous add/del work has been completed first.
      
      Based on a report by Marc Pignat <marc.pignat@hevs.ch>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Tested-by: NJustin P. Mattock <justinmattock@gmail.com>
      Tested-by: NRoger Quadros <ext-roger.quadros@nokia.com>
      Tested-by: NMarc Pignat <marc.pignat@hevs.ch>
      a67e899c
  4. 29 4月, 2009 2 次提交
    • M
      Bluetooth: Add different pairing timeout for Legacy Pairing · 052b30b0
      Marcel Holtmann 提交于
      The Bluetooth stack uses a reference counting for all established ACL
      links and if no user (L2CAP connection) is present, the link will be
      terminated to save power. The problem part is the dedicated pairing
      when using Legacy Pairing (Bluetooth 2.0 and before). At that point
      no user is present and pairing attempts will be disconnected within
      10 seconds or less. In previous kernel version this was not a problem
      since the disconnect timeout wasn't triggered on incoming connections
      for the first time. However this caused issues with broken host stacks
      that kept the connections around after dedicated pairing. When the
      support for Simple Pairing got added, the link establishment procedure
      needed to be changed and now causes issues when using Legacy Pairing
      
      When using Simple Pairing it is possible to do a proper reference
      counting of ACL link users. With Legacy Pairing this is not possible
      since the specification is unclear in some areas and too many broken
      Bluetooth devices have already been deployed. So instead of trying to
      deal with all the broken devices, a special pairing timeout will be
      introduced that increases the timeout to 60 seconds when pairing is
      triggered.
      
      If a broken devices now puts the stack into an unforeseen state, the
      worst that happens is the disconnect timeout triggers after 120 seconds
      instead of 4 seconds. This allows successful pairings with legacy and
      broken devices now.
      
      Based on a report by Johan Hedberg <johan.hedberg@nokia.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      052b30b0
    • R
      Bluetooth: Ensure that HCI sysfs add/del is preempt safe · f3784d83
      Roger Quadros 提交于
      Use a different work_struct variables for add_conn() and del_conn() and
      use single work queue instead of two for adding and deleting connections.
      
      It eliminates the following error on a preemptible kernel:
      
      [  204.358032] Unable to handle kernel NULL pointer dereference at virtual address 0000000c
      [  204.370697] pgd = c0004000
      [  204.373443] [0000000c] *pgd=00000000
      [  204.378601] Internal error: Oops: 17 [#1] PREEMPT
      [  204.383361] Modules linked in: vfat fat rfcomm sco l2cap sd_mod scsi_mod iphb pvr2d drm omaplfb ps
      [  204.438537] CPU: 0    Not tainted  (2.6.28-maemo2 #1)
      [  204.443664] PC is at klist_put+0x2c/0xb4
      [  204.447601] LR is at klist_put+0x18/0xb4
      [  204.451568] pc : [<c0270f08>]    lr : [<c0270ef4>]    psr: a0000113
      [  204.451568] sp : cf1b3f10  ip : cf1b3f10  fp : cf1b3f2c
      [  204.463104] r10: 00000000  r9 : 00000000  r8 : bf08029c
      [  204.468353] r7 : c7869200  r6 : cfbe2690  r5 : c78692c8  r4 : 00000001
      [  204.474945] r3 : 00000001  r2 : cf1b2000  r1 : 00000001  r0 : 00000000
      [  204.481506] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM Segment kernel
      [  204.488861] Control: 10c5387d  Table: 887fc018  DAC: 00000017
      [  204.494628] Process btdelconn (pid: 515, stack limit = 0xcf1b22e0)
      Signed-off-by: NRoger Quadros <ext-roger.quadros@nokia.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f3784d83
  5. 27 2月, 2009 4 次提交
    • M
      Bluetooth: Ask upper layers for HCI disconnect reason · 2950f21a
      Marcel Holtmann 提交于
      Some of the qualification tests demand that in case of failures in L2CAP
      the HCI disconnect should indicate a reason why L2CAP fails. This is a
      bluntly layer violation since multiple L2CAP connections could be using
      the same ACL and thus forcing a disconnect reason is not a good idea.
      
      To comply with the Bluetooth test specification, the disconnect reason
      is now stored in the L2CAP connection structure and every time a new
      L2CAP channel is added it will set back to its default. So only in the
      case where the L2CAP channel with the disconnect reason is really the
      last one, it will propagated to the HCI layer.
      
      The HCI layer has been extended with a disconnect indication that allows
      it to ask upper layers for a disconnect reason. The upper layer must not
      support this callback and in that case it will nicely default to the
      existing behavior. If an upper layer like L2CAP can provide a disconnect
      reason that one will be used to disconnect the ACL or SCO link.
      
      No modification to the ACL disconnect timeout have been made. So in case
      of Linux to Linux connection the initiator will disconnect the ACL link
      before the acceptor side can signal the specific disconnect reason. That
      is perfectly fine since Linux doesn't make use of this value anyway. The
      L2CAP layer has a perfect valid error code for rejecting connection due
      to a security violation. It is unclear why the Bluetooth specification
      insists on having specific HCI disconnect reason.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      2950f21a
    • M
      Bluetooth: Don't enforce authentication for L2CAP PSM 1 and 3 · 435fef20
      Marcel Holtmann 提交于
      The recommendation for the L2CAP PSM 1 (SDP) is to not use any kind
      of authentication or encryption. So don't trigger authentication
      for incoming and outgoing SDP connections.
      
      For L2CAP PSM 3 (RFCOMM) there is no clear requirement, but with
      Bluetooth 2.1 the initiator is required to enable authentication
      and encryption first and this gets enforced. So there is no need
      to trigger an additional authentication step. The RFCOMM service
      security will make sure that a secure enough link key is present.
      
      When the encryption gets enabled after the SDP connection setup,
      then switch the security level from SDP to low security.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      435fef20
    • M
      Bluetooth: Use general bonding whenever possible · 0684e5f9
      Marcel Holtmann 提交于
      When receiving incoming connection to specific services, always use
      general bonding. This ensures that the link key gets stored and can be
      used for further authentications.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      0684e5f9
    • M
      Bluetooth: Add enhanced security model for Simple Pairing · 8c1b2355
      Marcel Holtmann 提交于
      The current security model is based around the flags AUTH, ENCRYPT and
      SECURE. Starting with support for the Bluetooth 2.1 specification this is
      no longer sufficient. The different security levels are now defined as
      SDP, LOW, MEDIUM and SECURE.
      
      Previously it was possible to set each security independently, but this
      actually doesn't make a lot of sense. For Bluetooth the encryption depends
      on a previous successful authentication. Also you can only update your
      existing link key if you successfully created at least one before. And of
      course the update of link keys without having proper encryption in place
      is a security issue.
      
      The new security levels from the Bluetooth 2.1 specification are now
      used internally. All old settings are mapped to the new values and this
      way it ensures that old applications still work. The only limitation
      is that it is no longer possible to set authentication without also
      enabling encryption. No application should have done this anyway since
      this is actually a security issue. Without encryption the integrity of
      the authentication can't be guaranteed.
      
      As default for a new L2CAP or RFCOMM connection, the LOW security level
      is used. The only exception here are the service discovery sessions on
      PSM 1 where SDP level is used. To have similar security strength as with
      a Bluetooth 2.0 and before combination key, the MEDIUM level should be
      used. This is according to the Bluetooth specification. The MEDIUM level
      will not require any kind of man-in-the-middle (MITM) protection. Only
      the HIGH security level will require this.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      8c1b2355
  6. 09 9月, 2008 2 次提交
    • M
      [Bluetooth] Reject L2CAP connections on an insecure ACL link · e7c29cb1
      Marcel Holtmann 提交于
      The Security Mode 4 of the Bluetooth 2.1 specification has strict
      authentication and encryption requirements. It is the initiators job
      to create a secure ACL link. However in case of malicious devices, the
      acceptor has to make sure that the ACL is encrypted before allowing
      any kind of L2CAP connection. The only exception here is the PSM 1 for
      the service discovery protocol, because that is allowed to run on an
      insecure ACL link.
      
      Previously it was enough to reject a L2CAP connection during the
      connection setup phase, but with Bluetooth 2.1 it is forbidden to
      do any L2CAP protocol exchange on an insecure link (except SDP).
      
      The new hci_conn_check_link_mode() function can be used to check the
      integrity of an ACL link. This functions also takes care of the cases
      where Security Mode 4 is disabled or one of the devices is based on
      an older specification.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e7c29cb1
    • M
      [Bluetooth] Enforce correct authentication requirements · 09ab6f4c
      Marcel Holtmann 提交于
      With the introduction of Security Mode 4 and Simple Pairing from the
      Bluetooth 2.1 specification it became mandatory that the initiator
      requires authentication and encryption before any L2CAP channel can
      be established. The only exception here is PSM 1 for the service
      discovery protocol (SDP). It is meant to be used without any encryption
      since it contains only public information. This is how Bluetooth 2.0
      and before handle connections on PSM 1.
      
      For Bluetooth 2.1 devices the pairing procedure differentiates between
      no bonding, general bonding and dedicated bonding. The L2CAP layer
      wrongly uses always general bonding when creating new connections, but it
      should not do this for SDP connections. In this case the authentication
      requirement should be no bonding and the just-works model should be used,
      but in case of non-SDP connection it is required to use general bonding.
      
      If the new connection requires man-in-the-middle (MITM) protection, it
      also first wrongly creates an unauthenticated link key and then later on
      requests an upgrade to an authenticated link key to provide full MITM
      protection. With Simple Pairing the link key generation is an expensive
      operation (compared to Bluetooth 2.0 and before) and doing this twice
      during a connection setup causes a noticeable delay when establishing
      a new connection. This should be avoided to not regress from the expected
      Bluetooth 2.0 connection times. The authentication requirements are known
      up-front and so enforce them.
      
      To fulfill these requirements the hci_connect() function has been extended
      with an authentication requirement parameter that will be stored inside
      the connection information and can be retrieved by userspace at any
      time. This allows the correct IO capabilities exchange and results in
      the expected behavior.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      09ab6f4c
  7. 15 7月, 2008 6 次提交
    • M
      [Bluetooth] Export details about authentication requirements · 40be492f
      Marcel Holtmann 提交于
      With the Simple Pairing support, the authentication requirements are
      an explicit setting during the bonding process. Track and enforce the
      requirements and allow higher layers like L2CAP and RFCOMM to increase
      them if needed.
      
      This patch introduces a new IOCTL that allows to query the current
      authentication requirements. It is also possible to detect Simple
      Pairing support in the kernel this way.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      40be492f
    • M
      [Bluetooth] Use ACL config stage to retrieve remote features · 769be974
      Marcel Holtmann 提交于
      The Bluetooth technology introduces new features on a regular basis
      and for some of them it is important that the hardware on both sides
      support them. For features like Simple Pairing it is important that
      the host stacks on both sides have switched this feature on. To make
      valid decisions, a config stage during ACL link establishment has been
      introduced that retrieves remote features and if needed also the remote
      extended features (known as remote host features) before signalling
      this link as connected.
      
      This change introduces full reference counting of incoming and outgoing
      ACL links and the Bluetooth core will disconnect both if no owner of it
      is present. To better handle interoperability during the pairing phase
      the disconnect timeout for incoming connections has been increased to
      10 seconds. This is five times more than for outgoing connections.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      769be974
    • M
      [Bluetooth] Track status of remote Simple Pairing mode · 41a96212
      Marcel Holtmann 提交于
      The Simple Pairing process can only be used if both sides have the
      support enabled in the host stack. The current Bluetooth specification
      has three ways to detect this support.
      
      If an Extended Inquiry Result has been sent during inquiry then it
      is safe to assume that Simple Pairing is enabled. It is not allowed
      to enable Extended Inquiry without Simple Pairing. During the remote
      name request phase a notification with the remote host supported
      features will be sent to indicate Simple Pairing support. Also the
      second page of the remote extended features can indicate support for
      Simple Pairing.
      
      For all three cases the value of remote Simple Pairing mode is stored
      in the inquiry cache for later use.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      41a96212
    • M
      [Bluetooth] Track status of Simple Pairing mode · 333140b5
      Marcel Holtmann 提交于
      The Simple Pairing feature is optional and needs to be enabled by the
      host stack first. The Linux kernel relies on the Bluetooth daemon to
      either enable or disable it, but at any time it needs to know the
      current state of the Simple Pairing mode. So track any changes made
      by external entities and store the current mode in the HCI device
      structure.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      333140b5
    • M
      [Bluetooth] Track connection packet type changes · a8746417
      Marcel Holtmann 提交于
      The connection packet type can be changed after the connection has been
      established and thus needs to be properly tracked to ensure that the
      host stack has always correct and valid information about it.
      
      On incoming connections the Bluetooth core switches the supported packet
      types to the configured list for this controller. However the usefulness
      of this feature has been questioned a lot. The general consent is that
      every Bluetooth host stack should enable as many packet types as the
      hardware actually supports and leave the decision to the link manager
      software running on the Bluetooth chip.
      
      When running on Bluetooth 2.0 or later hardware, don't change the packet
      type for incoming connections anymore. This hardware likely supports
      Enhanced Data Rate and thus leave it completely up to the link manager
      to pick the best packet type.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a8746417
    • M
      [Bluetooth] Disconnect when encryption gets disabled · 9719f8af
      Marcel Holtmann 提交于
      The Bluetooth specification allows to enable or disable the encryption
      of an ACL link at any time by either the peer or the remote device. If
      a L2CAP or RFCOMM connection requested an encrypted link, they will now
      disconnect that link if the encryption gets disabled. Higher protocols
      that don't care about encryption (like SDP) are not affected.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9719f8af
  8. 22 10月, 2007 2 次提交
    • M
      [Bluetooth] Add support for handling simple eSCO links · b6a0dc82
      Marcel Holtmann 提交于
      With the Bluetooth 1.2 specification the Extended SCO feature for
      better audio connections was introduced. So far the Bluetooth core
      wasn't able to handle any eSCO connections correctly. This patch
      adds simple eSCO support while keeping backward compatibility with
      older devices.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      b6a0dc82
    • M
      [Bluetooth] Switch from OGF+OCF to using only opcodes · a9de9248
      Marcel Holtmann 提交于
      The Bluetooth HCI commands are divided into logical OGF groups for
      easier identification of their purposes. While this still makes sense
      for the written specification, its makes the code only more complex
      and harder to read. So instead of using separate OGF and OCF values
      to identify the commands, use a common 16-bit opcode that combines
      both values. As a side effect this also reduces the complexity of
      OGF and OCF calculations during command header parsing.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a9de9248
  9. 11 7月, 2007 2 次提交
  10. 16 10月, 2006 1 次提交
    • M
      [Bluetooth] Support concurrent connect requests · 4c67bc74
      Marcel Holtmann 提交于
      Most Bluetooth chips don't support concurrent connect requests, because
      this would involve a multiple baseband page with only one radio. In the
      case an upper layer like L2CAP requests a concurrent connect these chips
      return the error "Command Disallowed" for the second request. If this
      happens it the responsibility of the Bluetooth core to queue the request
      and try again after the previous connect attempt has been completed.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      4c67bc74
  11. 29 9月, 2006 3 次提交
  12. 04 7月, 2006 3 次提交
  13. 09 11月, 2005 2 次提交
  14. 30 8月, 2005 1 次提交
  15. 17 4月, 2005 1 次提交
    • L
      Linux-2.6.12-rc2 · 1da177e4
      Linus Torvalds 提交于
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      
      Let it rip!
      1da177e4