1. 09 9月, 2014 7 次提交
    • J
      Bluetooth: Fix locking of the SMP context · fc75cc86
      Johan Hedberg 提交于
      Before the move the l2cap_chan the SMP context (smp_chan) didn't have
      any kind of proper locking. The best there existed was the
      HCI_CONN_LE_SMP_PEND flag which was used to enable mutual exclusion for
      potential multiple creators of the SMP context.
      
      Now that SMP has been converted to use the l2cap_chan infrastructure and
      since the SMP context is directly mapped to a corresponding l2cap_chan
      we get the SMP context locking essentially for free through the
      l2cap_chan lock. For all callbacks that l2cap_core.c makes for each
      channel implementation (smp.c in the case of SMP) the l2cap_chan lock is
      held through l2cap_chan_lock(chan).
      
      Since the calls from l2cap_core.c to smp.c are covered the only missing
      piece to have the locking implemented properly is to ensure that the
      lock is held for any other call path that may access the SMP context.
      This means user responses through mgmt.c, requests to elevate the
      security of a connection through hci_conn.c, as well as any deferred
      work through workqueues.
      
      This patch adds the necessary locking to all these other code paths that
      try to access the SMP context. Since mutual exclusion for the l2cap_chan
      access is now covered from all directions the patch also removes
      unnecessary HCI_CONN_LE_SMP_PEND flag (once we've acquired the chan lock
      we can simply check whether chan->smp is set to know if there's an SMP
      context).
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fc75cc86
    • J
      Bluetooth: Remove unnecessary deferred work for SMP key distribution · d6268e86
      Johan Hedberg 提交于
      Now that the identity address update happens through its own deferred
      work there's no need to have smp_distribute_keys anymore behind a second
      deferred work. This patch removes this extra construction and makes the
      code do direct calls to smp_distribute_keys() again.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      d6268e86
    • J
      Bluetooth: Move identity address update behind a workqueue · f3d82d0c
      Johan Hedberg 提交于
      The identity address update of all channels for an l2cap_conn needs to
      take the lock for each channel, i.e. it's safest to do this by a
      separate workqueue callback.
      
      Previously this was partially solved by moving the entire SMP key
      distribution behind a workqueue. However, if we want SMP context locking
      to be correct and safe we should always use the l2cap_chan lock when
      accessing it, meaning even smp_distribute_keys needs to take that lock
      which would once again create a dead lock when updating the identity
      address.
      
      The simplest way to solve this is to have l2cap_conn manage the deferred
      work which is what this patch does. A subsequent patch will remove the
      now unnecessary SMP key distribution work struct.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      f3d82d0c
    • J
      Bluetooth: Don't take any action in smp_resume_cb if not encrypted · 84bc0db5
      Johan Hedberg 提交于
      When smp_resume_cb is called if we're not encrypted (i.e. the callback
      wasn't called because the connection became encrypted) we shouldn't take
      any action at all. This patch moves also the security_timer cancellation
      behind this condition.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      84bc0db5
    • J
      Bluetooth: Remove unnecessary checks after canceling SMP security timer · 1b0921d6
      Johan Hedberg 提交于
      The SMP security timer used to be able to modify the SMP context state
      but now days it simply calls hci_disconnect(). It is therefore
      unnecessary to have extra sanity checks for the SMP context after
      canceling the timer.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1b0921d6
    • J
      Bluetooth: Fix SMP error and response to be mutually exclusive · 9b7b18ef
      Johan Hedberg 提交于
      Returning failure from the SMP data parsing function will cause an
      immediate disconnect, making any attempts to send a response PDU futile.
      This patch updates the function to always either send a response or
      return an error, but never both at the same time:
      
      * In the case that HCI_LE_ENABLED is not set we want to send a Pairing Not
        Supported response but it is not required to force a disconnection, so
        do not set the error return in this case.
      
      * If we get garbage SMP data we can just fail with the handler function
        instead of also trying to send an SMP Failure PDU.
      
      * There's no reason to force a disconnection if we receive an unknown SMP
        command. Instead simply send a proper Command Not Supported SMP
        response.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      9b7b18ef
    • J
      Bluetooth: Use hci_disconnect for immediate disconnection from SMP · 1e91c29e
      Johan Hedberg 提交于
      Relying on the l2cap_conn_del procedure (triggered through the
      l2cap_conn_shutdown API) to get the connection disconnected is not
      reliable as it depends on all users releasing (through hci_conn_drop)
      and that there's at least one user (so hci_conn_drop is called at least
      one time).
      
      A much simpler and more reliable solution is to call hci_disconnect()
      directly from the SMP code when we want to disconnect. One side-effect
      this has is that it prevents any SMP Failure PDU from being sent before
      the disconnection, however neither one of the scenarios where
      l2cap_conn_shutdown was used really requires this.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1e91c29e
  2. 14 8月, 2014 13 次提交
  3. 31 7月, 2014 2 次提交
    • J
      Bluetooth: Rename HCI_PAIRABLE to HCI_BONDABLE · b6ae8457
      Johan Hedberg 提交于
      The HCI_PAIRABLE flag isn't actually controlling whether we're pairable
      but whether we're bondable. Therefore, rename it accordingly.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      b6ae8457
    • J
      Bluetooth: Fix SMP context tracking leading to a kernel crash · 616d55be
      Johan Hedberg 提交于
      The HCI_CONN_LE_SMP_PEND flag is supposed to indicate whether we have an
      SMP context or not. If the context creation fails, or some other error
      is indicated between setting the flag and creating the context the flag
      must be cleared first.
      
      This patch ensures that smp_chan_create() clears the flag in case of
      allocation failure as well as reorders code in smp_cmd_security_req()
      that could lead to returning an error between setting the flag and
      creating the context.
      
      Without the patch the following kind of kernel crash could be observed
      (this one because of unacceptable authentication requirements in a
      Security Request):
      
      [  +0.000855] kernel BUG at net/bluetooth/smp.c:606!
      [  +0.000000] invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
      [  +0.000000] CPU: 0 PID: 58 Comm: kworker/u5:2 Tainted: G        W     3.16.0-rc1+ #785
      [  +0.008391] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      [  +0.000000] Workqueue: hci0 hci_rx_work
      [  +0.000000] task: f4dc8f90 ti: f4ef0000 task.ti: f4ef0000
      [  +0.000000] EIP: 0060:[<c13432b6>] EFLAGS: 00010246 CPU: 0
      [  +0.000000] EIP is at smp_chan_destroy+0x1e/0x145
      [  +0.000709] EAX: f46db870 EBX: 00000000 ECX: 00000000 EDX: 00000005
      [  +0.000000] ESI: f46db870 EDI: f46db870 EBP: f4ef1dc0 ESP: f4ef1db0
      [  +0.000000]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
      [  +0.000000] CR0: 8005003b CR2: b666b0b0 CR3: 00022000 CR4: 00000690
      [  +0.000000] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
      [  +0.000000] DR6: fffe0ff0 DR7: 00000400
      [  +0.000000] Stack:
      [  +0.000000]  00000005 f17b7840 f46db870 f4ef1dd4 f4ef1de4 c1343441 c134342e 00000000
      [  +0.000000]  c1343441 00000005 00000002 00000000 f17b7840 f4ef1e38 c134452a 00002aae
      [  +0.000000]  01ef1e00 00002aae f46bd980 f46db870 00000039 ffffffff 00000007 f4ef1e34
      [  +0.000000] Call Trace:
      [  +0.000000]  [<c1343441>] smp_failure+0x64/0x6c
      [  +0.000000]  [<c134342e>] ? smp_failure+0x51/0x6c
      [  +0.000000]  [<c1343441>] ? smp_failure+0x64/0x6c
      [  +0.000000]  [<c134452a>] smp_sig_channel+0xad6/0xafc
      [  +0.000000]  [<c1053b61>] ? vprintk_emit+0x343/0x366
      [  +0.000000]  [<c133f34e>] l2cap_recv_frame+0x1337/0x1ac4
      [  +0.000000]  [<c133f34e>] ? l2cap_recv_frame+0x1337/0x1ac4
      [  +0.000000]  [<c1172307>] ? __dynamic_pr_debug+0x3e/0x40
      [  +0.000000]  [<c11702a1>] ? debug_smp_processor_id+0x12/0x14
      [  +0.000000]  [<c1340bc9>] l2cap_recv_acldata+0xe8/0x239
      [  +0.000000]  [<c1340bc9>] ? l2cap_recv_acldata+0xe8/0x239
      [  +0.000000]  [<c1169931>] ? __const_udelay+0x1a/0x1c
      [  +0.000000]  [<c131f120>] hci_rx_work+0x1a1/0x286
      [  +0.000000]  [<c137244e>] ? mutex_unlock+0x8/0xa
      [  +0.000000]  [<c131f120>] ? hci_rx_work+0x1a1/0x286
      [  +0.000000]  [<c1038fe5>] process_one_work+0x128/0x1df
      [  +0.000000]  [<c1038fe5>] ? process_one_work+0x128/0x1df
      [  +0.000000]  [<c10392df>] worker_thread+0x222/0x2de
      [  +0.000000]  [<c10390bd>] ? process_scheduled_works+0x21/0x21
      [  +0.000000]  [<c103d34c>] kthread+0x82/0x87
      [  +0.000000]  [<c1040000>] ? create_new_namespaces+0x90/0x105
      [  +0.000000]  [<c13738e1>] ret_from_kernel_thread+0x21/0x30
      [  +0.000000]  [<c103d2ca>] ? __kthread_parkme+0x50/0x50
      [  +0.000000] Code: 65 f4 89 f0 5b 5e 5f 5d 8d 67 f8 5f c3 57 8d 7c 24 08 83 e4 f8 ff 77 fc 55 89 e5 57 89 c7 56 53 52 8b 98 e0 00 00 00 85 db 75 02 <0f> 0b 8b b3 80 00 00 00 8b 00 c1 ee 03 83 e6 01 89 f2 e8 ef 09
      [  +0.000000] EIP: [<c13432b6>] smp_chan_destroy+0x1e/0x145 SS:ESP 0068:f4ef1db0
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      616d55be
  4. 26 7月, 2014 1 次提交
    • M
      Bluetooth: Fix white list handling with resolvable private addresses · 66d8e837
      Marcel Holtmann 提交于
      Devices using resolvable private addresses are required to provide
      an identity resolving key. These devices can not be found using
      the current controller white list support. This means if the kernel
      knows about any devices with an identity resolving key, the white
      list filtering must be disabled.
      
      However so far the kernel kept identity resolving keys around even
      for devices that are not using resolvable private addresses. The
      notification to userspace clearly hints to not store the key and
      so it is best to just remove the key from the kernel as well at
      that point.
      
      With this it easy now to detect when using the white list is
      possible or when kernel side resolving of addresses is required.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      66d8e837
  5. 18 7月, 2014 1 次提交
  6. 17 7月, 2014 1 次提交
  7. 16 7月, 2014 2 次提交
  8. 14 7月, 2014 1 次提交
  9. 10 7月, 2014 4 次提交
  10. 03 7月, 2014 8 次提交