tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
+1585
-252
+25
-2
include/net/bluetooth/hci.h
+25
-2
include/net/bluetooth/hci.h
···
126
126
HCI_SSP_ENABLED,
127
127
HCI_SC_ENABLED,
128
128
HCI_SC_ONLY,
129
+
HCI_PRIVACY,
130
+
HCI_RPA_EXPIRED,
129
131
HCI_RPA_RESOLVING,
130
132
HCI_HS_ENABLED,
131
133
HCI_LE_ENABLED,
···
140
138
HCI_FAST_CONNECTABLE,
141
139
HCI_BREDR_ENABLED,
142
140
HCI_6LOWPAN_ENABLED,
141
+
HCI_LE_SCAN_INTERRUPTED,
143
142
};
144
143
145
144
/* A mask for the flags that are supposed to remain when a reset happens
···
183
180
#define HCI_CMD_TIMEOUT msecs_to_jiffies(2000) /* 2 seconds */
184
181
#define HCI_ACL_TX_TIMEOUT msecs_to_jiffies(45000) /* 45 seconds */
185
182
#define HCI_AUTO_OFF_TIMEOUT msecs_to_jiffies(2000) /* 2 seconds */
183
+
#define HCI_POWER_OFF_TIMEOUT msecs_to_jiffies(5000) /* 5 seconds */
184
+
#define HCI_LE_CONN_TIMEOUT msecs_to_jiffies(20000) /* 20 seconds */
186
185
187
186
/* HCI data types */
188
187
#define HCI_COMMAND_PKT 0x01
···
359
354
360
355
/* ---- HCI Error Codes ---- */
361
356
#define HCI_ERROR_AUTH_FAILURE 0x05
357
+
#define HCI_ERROR_MEMORY_EXCEEDED 0x07
362
358
#define HCI_ERROR_CONNECTION_TIMEOUT 0x08
363
359
#define HCI_ERROR_REJ_BAD_ADDR 0x0f
364
360
#define HCI_ERROR_REMOTE_USER_TERM 0x13
···
1184
1178
__u8 filter_dup;
1185
1179
} __packed;
1186
1180
1181
+
#define HCI_LE_USE_PEER_ADDR 0x00
1182
+
#define HCI_LE_USE_WHITELIST 0x01
1183
+
1187
1184
#define HCI_OP_LE_CREATE_CONN 0x200d
1188
1185
struct hci_cp_le_create_conn {
1189
1186
__le16 scan_interval;
···
1211
1202
__u8 size;
1212
1203
} __packed;
1213
1204
1205
+
#define HCI_OP_LE_CLEAR_WHITE_LIST 0x2010
1206
+
1207
+
#define HCI_OP_LE_ADD_TO_WHITE_LIST 0x2011
1208
+
struct hci_cp_le_add_to_white_list {
1209
+
__u8 bdaddr_type;
1210
+
bdaddr_t bdaddr;
1211
+
} __packed;
1212
+
1213
+
#define HCI_OP_LE_DEL_FROM_WHITE_LIST 0x2012
1214
+
struct hci_cp_le_del_from_white_list {
1215
+
__u8 bdaddr_type;
1216
+
bdaddr_t bdaddr;
1217
+
} __packed;
1218
+
1214
1219
#define HCI_OP_LE_CONN_UPDATE 0x2013
1215
1220
struct hci_cp_le_conn_update {
1216
1221
__le16 handle;
···
1239
1216
#define HCI_OP_LE_START_ENC 0x2019
1240
1217
struct hci_cp_le_start_enc {
1241
1218
__le16 handle;
1242
-
__u8 rand[8];
1219
+
__le64 rand;
1243
1220
__le16 ediv;
1244
1221
__u8 ltk[16];
1245
1222
} __packed;
···
1651
1628
#define HCI_EV_LE_LTK_REQ 0x05
1652
1629
struct hci_ev_le_ltk_req {
1653
1630
__le16 handle;
1654
-
__u8 random[8];
1631
+
__le64 rand;
1655
1632
__le16 ediv;
1656
1633
} __packed;
1657
1634
+67
-11
include/net/bluetooth/hci_core.h
+67
-11
include/net/bluetooth/hci_core.h
···
99
99
u8 type;
100
100
u8 enc_size;
101
101
__le16 ediv;
102
-
u8 rand[8];
102
+
__le64 rand;
103
103
u8 val[16];
104
104
};
105
105
···
130
130
131
131
#define HCI_MAX_SHORT_NAME_LENGTH 10
132
132
133
+
/* Default LE RPA expiry time, 15 minutes */
134
+
#define HCI_DEFAULT_RPA_TIMEOUT (15 * 60)
135
+
133
136
struct amp_assoc {
134
137
__u16 len;
135
138
__u16 offset;
···
156
153
bdaddr_t bdaddr;
157
154
bdaddr_t random_addr;
158
155
bdaddr_t static_addr;
159
-
__u8 own_addr_type;
156
+
__u8 adv_addr_type;
160
157
__u8 dev_name[HCI_MAX_NAME_LENGTH];
161
158
__u8 short_name[HCI_MAX_SHORT_NAME_LENGTH];
162
159
__u8 eir[HCI_MAX_EIR_LENGTH];
···
284
281
struct list_head long_term_keys;
285
282
struct list_head identity_resolving_keys;
286
283
struct list_head remote_oob_data;
284
+
struct list_head le_white_list;
287
285
struct list_head le_conn_params;
286
+
struct list_head pend_le_conns;
288
287
289
288
struct hci_dev_stats stat;
290
289
···
308
303
__u8 scan_rsp_data[HCI_MAX_AD_LENGTH];
309
304
__u8 scan_rsp_data_len;
310
305
306
+
__u8 irk[16];
307
+
__u32 rpa_timeout;
308
+
struct delayed_work rpa_expired;
309
+
bdaddr_t rpa;
310
+
311
311
int (*open)(struct hci_dev *hdev);
312
312
int (*close)(struct hci_dev *hdev);
313
313
int (*flush)(struct hci_dev *hdev);
···
332
322
__u8 dst_type;
333
323
bdaddr_t src;
334
324
__u8 src_type;
325
+
bdaddr_t init_addr;
326
+
__u8 init_addr_type;
327
+
bdaddr_t resp_addr;
328
+
__u8 resp_addr_type;
335
329
__u16 handle;
336
330
__u16 state;
337
331
__u8 mode;
···
375
361
struct delayed_work disc_work;
376
362
struct delayed_work auto_accept_work;
377
363
struct delayed_work idle_work;
364
+
struct delayed_work le_conn_timeout;
378
365
379
366
struct device dev;
380
367
···
409
394
410
395
u16 conn_min_interval;
411
396
u16 conn_max_interval;
397
+
398
+
enum {
399
+
HCI_AUTO_CONN_DISABLED,
400
+
HCI_AUTO_CONN_ALWAYS,
401
+
HCI_AUTO_CONN_LINK_LOSS,
402
+
} auto_connect;
412
403
};
413
404
414
405
extern struct list_head hci_dev_list;
···
575
554
}
576
555
}
577
556
557
+
static inline unsigned int hci_conn_count(struct hci_dev *hdev)
558
+
{
559
+
struct hci_conn_hash *c = &hdev->conn_hash;
560
+
561
+
return c->acl_num + c->amp_num + c->sco_num + c->le_num;
562
+
}
563
+
578
564
static inline struct hci_conn *hci_conn_hash_lookup_handle(struct hci_dev *hdev,
579
565
__u16 handle)
580
566
{
···
655
627
void hci_chan_list_flush(struct hci_conn *conn);
656
628
struct hci_chan *hci_chan_lookup_handle(struct hci_dev *hdev, __u16 handle);
657
629
658
-
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
659
-
__u8 dst_type, __u8 sec_level, __u8 auth_type);
630
+
struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
631
+
u8 dst_type, u8 sec_level, u8 auth_type);
632
+
struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
633
+
u8 sec_level, u8 auth_type);
660
634
struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst,
661
635
__u16 setting);
662
636
int hci_conn_check_link_mode(struct hci_conn *conn);
···
668
638
int hci_conn_switch_role(struct hci_conn *conn, __u8 role);
669
639
670
640
void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active);
641
+
642
+
void hci_le_conn_failed(struct hci_conn *conn, u8 status);
671
643
672
644
/*
673
645
* hci_conn_get() and hci_conn_put() are used to control the life-time of an
···
802
770
803
771
struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
804
772
bdaddr_t *bdaddr, u8 type);
805
-
void hci_blacklist_clear(struct hci_dev *hdev);
806
773
int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
807
774
int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
808
775
776
+
struct bdaddr_list *hci_white_list_lookup(struct hci_dev *hdev,
777
+
bdaddr_t *bdaddr, u8 type);
778
+
void hci_white_list_clear(struct hci_dev *hdev);
779
+
int hci_white_list_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
780
+
int hci_white_list_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
781
+
809
782
struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
810
783
bdaddr_t *addr, u8 addr_type);
811
-
void hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
812
-
u16 conn_min_interval, u16 conn_max_interval);
784
+
int hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
785
+
u8 auto_connect, u16 conn_min_interval,
786
+
u16 conn_max_interval);
813
787
void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type);
814
788
void hci_conn_params_clear(struct hci_dev *hdev);
789
+
790
+
struct bdaddr_list *hci_pend_le_conn_lookup(struct hci_dev *hdev,
791
+
bdaddr_t *addr, u8 addr_type);
792
+
void hci_pend_le_conn_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type);
793
+
void hci_pend_le_conn_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type);
794
+
void hci_pend_le_conns_clear(struct hci_dev *hdev);
795
+
796
+
void hci_update_background_scan(struct hci_dev *hdev);
815
797
816
798
void hci_uuids_clear(struct hci_dev *hdev);
817
799
···
833
787
struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr);
834
788
int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
835
789
bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len);
836
-
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8],
790
+
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
837
791
bool master);
838
792
struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
839
793
u8 addr_type, u8 type, u8 authenticated,
840
-
u8 tk[16], u8 enc_size, __le16 ediv, u8 rand[8]);
794
+
u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand);
841
795
struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
842
796
u8 addr_type, bool master);
843
797
int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type);
···
1161
1115
const void *param, u8 event);
1162
1116
void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status);
1163
1117
1118
+
void hci_req_add_le_scan_disable(struct hci_request *req);
1119
+
void hci_req_add_le_passive_scan(struct hci_request *req);
1120
+
1164
1121
struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1165
1122
const void *param, u32 timeout);
1166
1123
struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
···
1209
1160
void mgmt_discoverable_timeout(struct hci_dev *hdev);
1210
1161
void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable);
1211
1162
void mgmt_connectable(struct hci_dev *hdev, u8 connectable);
1163
+
void mgmt_advertising(struct hci_dev *hdev, u8 advertising);
1212
1164
void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status);
1213
1165
void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
1214
1166
bool persistent);
···
1217
1167
u8 addr_type, u32 flags, u8 *name, u8 name_len,
1218
1168
u8 *dev_class);
1219
1169
void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
1220
-
u8 link_type, u8 addr_type, u8 reason);
1170
+
u8 link_type, u8 addr_type, u8 reason,
1171
+
bool mgmt_connected);
1221
1172
void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
1222
1173
u8 link_type, u8 addr_type, u8 status);
1223
1174
void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
···
1298
1247
1299
1248
void hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max,
1300
1249
u16 latency, u16 to_multiplier);
1301
-
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
1250
+
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
1302
1251
__u8 ltk[16]);
1252
+
1253
+
int hci_update_random_address(struct hci_request *req, bool require_privacy,
1254
+
u8 *own_addr_type);
1255
+
void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
1256
+
u8 *bdaddr_type);
1303
1257
1304
1258
#define SCO_AIRMODE_MASK 0x0003
1305
1259
#define SCO_AIRMODE_CVSD 0x0000
+9
-1
include/net/bluetooth/mgmt.h
+9
-1
include/net/bluetooth/mgmt.h
···
96
96
#define MGMT_SETTING_ADVERTISING 0x00000400
97
97
#define MGMT_SETTING_SECURE_CONN 0x00000800
98
98
#define MGMT_SETTING_DEBUG_KEYS 0x00001000
99
+
#define MGMT_SETTING_PRIVACY 0x00002000
99
100
100
101
#define MGMT_OP_READ_INFO 0x0004
101
102
#define MGMT_READ_INFO_SIZE 0
···
187
186
__u8 master;
188
187
__u8 enc_size;
189
188
__le16 ediv;
190
-
__u8 rand[8];
189
+
__le64 rand;
191
190
__u8 val[16];
192
191
} __packed;
193
192
···
389
388
#define MGMT_OP_SET_SECURE_CONN 0x002D
390
389
391
390
#define MGMT_OP_SET_DEBUG_KEYS 0x002E
391
+
392
+
#define MGMT_OP_SET_PRIVACY 0x002F
393
+
struct mgmt_cp_set_privacy {
394
+
__u8 privacy;
395
+
__u8 irk[16];
396
+
} __packed;
397
+
#define MGMT_SET_PRIVACY_SIZE 17
392
398
393
399
struct mgmt_irk_info {
394
400
struct mgmt_addr_info addr;
+66
-50
net/bluetooth/hci_conn.c
+66
-50
net/bluetooth/hci_conn.c
···
231
231
hci_send_cmd(hdev, HCI_OP_LE_CONN_UPDATE, sizeof(cp), &cp);
232
232
}
233
233
234
-
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
234
+
void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __le64 rand,
235
235
__u8 ltk[16])
236
236
{
237
237
struct hci_dev *hdev = conn->hdev;
···
242
242
memset(&cp, 0, sizeof(cp));
243
243
244
244
cp.handle = cpu_to_le16(conn->handle);
245
-
memcpy(cp.ltk, ltk, sizeof(cp.ltk));
245
+
cp.rand = rand;
246
246
cp.ediv = ediv;
247
-
memcpy(cp.rand, rand, sizeof(cp.rand));
247
+
memcpy(cp.ltk, ltk, sizeof(cp.ltk));
248
248
249
249
hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp);
250
250
}
···
363
363
&conn->dst);
364
364
}
365
365
366
+
static void le_conn_timeout(struct work_struct *work)
367
+
{
368
+
struct hci_conn *conn = container_of(work, struct hci_conn,
369
+
le_conn_timeout.work);
370
+
371
+
BT_DBG("");
372
+
373
+
hci_le_create_connection_cancel(conn);
374
+
}
375
+
366
376
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
367
377
{
368
378
struct hci_conn *conn;
···
420
410
INIT_DELAYED_WORK(&conn->disc_work, hci_conn_timeout);
421
411
INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
422
412
INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
413
+
INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
423
414
424
415
atomic_set(&conn->refcnt, 0);
425
416
···
453
442
/* Unacked frames */
454
443
hdev->acl_cnt += conn->sent;
455
444
} else if (conn->type == LE_LINK) {
445
+
cancel_delayed_work_sync(&conn->le_conn_timeout);
446
+
456
447
if (hdev->le_pkts)
457
448
hdev->le_cnt += conn->sent;
458
449
else
···
528
515
EXPORT_SYMBOL(hci_get_route);
529
516
530
517
/* This function requires the caller holds hdev->lock */
531
-
static void le_conn_failed(struct hci_conn *conn, u8 status)
518
+
void hci_le_conn_failed(struct hci_conn *conn, u8 status)
532
519
{
533
520
struct hci_dev *hdev = conn->hdev;
534
521
···
540
527
hci_proto_connect_cfm(conn, status);
541
528
542
529
hci_conn_del(conn);
530
+
531
+
/* Since we may have temporarily stopped the background scanning in
532
+
* favor of connection establishment, we should restart it.
533
+
*/
534
+
hci_update_background_scan(hdev);
543
535
}
544
536
545
537
static void create_le_conn_complete(struct hci_dev *hdev, u8 status)
···
563
545
if (!conn)
564
546
goto done;
565
547
566
-
le_conn_failed(conn, status);
548
+
hci_le_conn_failed(conn, status);
567
549
568
550
done:
569
551
hci_dev_unlock(hdev);
570
552
}
571
553
572
-
static int hci_create_le_conn(struct hci_conn *conn)
554
+
static void hci_req_add_le_create_conn(struct hci_request *req,
555
+
struct hci_conn *conn)
573
556
{
574
-
struct hci_dev *hdev = conn->hdev;
575
557
struct hci_cp_le_create_conn cp;
576
-
struct hci_request req;
577
-
int err;
578
-
579
-
hci_req_init(&req, hdev);
558
+
struct hci_dev *hdev = conn->hdev;
559
+
u8 own_addr_type;
580
560
581
561
memset(&cp, 0, sizeof(cp));
562
+
563
+
/* Update random address, but set require_privacy to false so
564
+
* that we never connect with an unresolvable address.
565
+
*/
566
+
if (hci_update_random_address(req, false, &own_addr_type))
567
+
return;
568
+
569
+
/* Save the address type used for this connnection attempt so we able
570
+
* to retrieve this information if we need it.
571
+
*/
572
+
conn->src_type = own_addr_type;
573
+
582
574
cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
583
575
cp.scan_window = cpu_to_le16(hdev->le_scan_window);
584
576
bacpy(&cp.peer_addr, &conn->dst);
585
577
cp.peer_addr_type = conn->dst_type;
586
-
cp.own_address_type = conn->src_type;
578
+
cp.own_address_type = own_addr_type;
587
579
cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
588
580
cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
589
581
cp.supervision_timeout = __constant_cpu_to_le16(0x002a);
590
582
cp.min_ce_len = __constant_cpu_to_le16(0x0000);
591
583
cp.max_ce_len = __constant_cpu_to_le16(0x0000);
592
584
593
-
hci_req_add(&req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
585
+
hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
594
586
595
-
err = hci_req_run(&req, create_le_conn_complete);
596
-
if (err) {
597
-
hci_conn_del(conn);
598
-
return err;
599
-
}
600
-
601
-
return 0;
587
+
conn->state = BT_CONNECT;
602
588
}
603
589
604
-
static struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
605
-
u8 dst_type, u8 sec_level, u8 auth_type)
590
+
struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
591
+
u8 dst_type, u8 sec_level, u8 auth_type)
606
592
{
607
593
struct hci_conn_params *params;
608
594
struct hci_conn *conn;
609
595
struct smp_irk *irk;
596
+
struct hci_request req;
610
597
int err;
611
598
612
599
if (test_bit(HCI_ADVERTISING, &hdev->flags))
···
640
617
if (conn)
641
618
return ERR_PTR(-EBUSY);
642
619
643
-
/* Convert from L2CAP channel address type to HCI address type */
644
-
if (dst_type == BDADDR_LE_PUBLIC)
645
-
dst_type = ADDR_LE_DEV_PUBLIC;
646
-
else
647
-
dst_type = ADDR_LE_DEV_RANDOM;
648
-
649
620
/* When given an identity address with existing identity
650
621
* resolving key, the connection needs to be established
651
622
* to a resolvable random address.
···
664
647
return ERR_PTR(-ENOMEM);
665
648
666
649
conn->dst_type = dst_type;
667
-
conn->src_type = hdev->own_addr_type;
668
650
669
-
conn->state = BT_CONNECT;
670
651
conn->out = true;
671
652
conn->link_mode |= HCI_LM_MASTER;
672
653
conn->sec_level = BT_SECURITY_LOW;
···
680
665
conn->le_conn_max_interval = hdev->le_conn_max_interval;
681
666
}
682
667
683
-
err = hci_create_le_conn(conn);
684
-
if (err)
668
+
hci_req_init(&req, hdev);
669
+
670
+
/* If controller is scanning, we stop it since some controllers are
671
+
* not able to scan and connect at the same time. Also set the
672
+
* HCI_LE_SCAN_INTERRUPTED flag so that the command complete
673
+
* handler for scan disabling knows to set the correct discovery
674
+
* state.
675
+
*/
676
+
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
677
+
hci_req_add_le_scan_disable(&req);
678
+
set_bit(HCI_LE_SCAN_INTERRUPTED, &hdev->dev_flags);
679
+
}
680
+
681
+
hci_req_add_le_create_conn(&req, conn);
682
+
683
+
err = hci_req_run(&req, create_le_conn_complete);
684
+
if (err) {
685
+
hci_conn_del(conn);
685
686
return ERR_PTR(err);
687
+
}
686
688
687
689
done:
688
690
hci_conn_hold(conn);
689
691
return conn;
690
692
}
691
693
692
-
static struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
693
-
u8 sec_level, u8 auth_type)
694
+
struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
695
+
u8 sec_level, u8 auth_type)
694
696
{
695
697
struct hci_conn *acl;
696
698
···
774
742
}
775
743
776
744
return sco;
777
-
}
778
-
779
-
/* Create SCO, ACL or LE connection. */
780
-
struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
781
-
__u8 dst_type, __u8 sec_level, __u8 auth_type)
782
-
{
783
-
BT_DBG("%s dst %pMR type 0x%x", hdev->name, dst, type);
784
-
785
-
switch (type) {
786
-
case LE_LINK:
787
-
return hci_connect_le(hdev, dst, dst_type, sec_level, auth_type);
788
-
case ACL_LINK:
789
-
return hci_connect_acl(hdev, dst, sec_level, auth_type);
790
-
}
791
-
792
-
return ERR_PTR(-EINVAL);
793
745
}
794
746
795
747
/* Check link security requirement */
+638
-43
net/bluetooth/hci_core.c
+638
-43
net/bluetooth/hci_core.c
···
492
492
DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
493
493
idle_timeout_set, "%llu\n");
494
494
495
+
static int rpa_timeout_set(void *data, u64 val)
496
+
{
497
+
struct hci_dev *hdev = data;
498
+
499
+
/* Require the RPA timeout to be at least 30 seconds and at most
500
+
* 24 hours.
501
+
*/
502
+
if (val < 30 || val > (60 * 60 * 24))
503
+
return -EINVAL;
504
+
505
+
hci_dev_lock(hdev);
506
+
hdev->rpa_timeout = val;
507
+
hci_dev_unlock(hdev);
508
+
509
+
return 0;
510
+
}
511
+
512
+
static int rpa_timeout_get(void *data, u64 *val)
513
+
{
514
+
struct hci_dev *hdev = data;
515
+
516
+
hci_dev_lock(hdev);
517
+
*val = hdev->rpa_timeout;
518
+
hci_dev_unlock(hdev);
519
+
520
+
return 0;
521
+
}
522
+
523
+
DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
524
+
rpa_timeout_set, "%llu\n");
525
+
495
526
static int sniff_min_interval_set(void *data, u64 val)
496
527
{
497
528
struct hci_dev *hdev = data;
···
578
547
579
548
DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
580
549
sniff_max_interval_set, "%llu\n");
550
+
551
+
static int identity_show(struct seq_file *f, void *p)
552
+
{
553
+
struct hci_dev *hdev = f->private;
554
+
bdaddr_t addr;
555
+
u8 addr_type;
556
+
557
+
hci_dev_lock(hdev);
558
+
559
+
hci_copy_identity_address(hdev, &addr, &addr_type);
560
+
561
+
seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
562
+
16, hdev->irk, &hdev->rpa);
563
+
564
+
hci_dev_unlock(hdev);
565
+
566
+
return 0;
567
+
}
568
+
569
+
static int identity_open(struct inode *inode, struct file *file)
570
+
{
571
+
return single_open(file, identity_show, inode->i_private);
572
+
}
573
+
574
+
static const struct file_operations identity_fops = {
575
+
.open = identity_open,
576
+
.read = seq_read,
577
+
.llseek = seq_lseek,
578
+
.release = single_release,
579
+
};
581
580
582
581
static int random_address_show(struct seq_file *f, void *p)
583
582
{
···
702
641
.llseek = default_llseek,
703
642
};
704
643
644
+
static int white_list_show(struct seq_file *f, void *ptr)
645
+
{
646
+
struct hci_dev *hdev = f->private;
647
+
struct bdaddr_list *b;
648
+
649
+
hci_dev_lock(hdev);
650
+
list_for_each_entry(b, &hdev->le_white_list, list)
651
+
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
652
+
hci_dev_unlock(hdev);
653
+
654
+
return 0;
655
+
}
656
+
657
+
static int white_list_open(struct inode *inode, struct file *file)
658
+
{
659
+
return single_open(file, white_list_show, inode->i_private);
660
+
}
661
+
662
+
static const struct file_operations white_list_fops = {
663
+
.open = white_list_open,
664
+
.read = seq_read,
665
+
.llseek = seq_lseek,
666
+
.release = single_release,
667
+
};
668
+
705
669
static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
706
670
{
707
671
struct hci_dev *hdev = f->private;
···
765
679
hci_dev_lock(hdev);
766
680
list_for_each_safe(p, n, &hdev->long_term_keys) {
767
681
struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
768
-
seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %*phN %*phN\n",
682
+
seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
769
683
<k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
770
684
ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
771
-
8, ltk->rand, 16, ltk->val);
685
+
__le64_to_cpu(ltk->rand), 16, ltk->val);
772
686
}
773
687
hci_dev_unlock(hdev);
774
688
···
912
826
.read = lowpan_read,
913
827
.write = lowpan_write,
914
828
.llseek = default_llseek,
829
+
};
830
+
831
+
static int le_auto_conn_show(struct seq_file *sf, void *ptr)
832
+
{
833
+
struct hci_dev *hdev = sf->private;
834
+
struct hci_conn_params *p;
835
+
836
+
hci_dev_lock(hdev);
837
+
838
+
list_for_each_entry(p, &hdev->le_conn_params, list) {
839
+
seq_printf(sf, "%pMR %u %u\n", &p->addr, p->addr_type,
840
+
p->auto_connect);
841
+
}
842
+
843
+
hci_dev_unlock(hdev);
844
+
845
+
return 0;
846
+
}
847
+
848
+
static int le_auto_conn_open(struct inode *inode, struct file *file)
849
+
{
850
+
return single_open(file, le_auto_conn_show, inode->i_private);
851
+
}
852
+
853
+
static ssize_t le_auto_conn_write(struct file *file, const char __user *data,
854
+
size_t count, loff_t *offset)
855
+
{
856
+
struct seq_file *sf = file->private_data;
857
+
struct hci_dev *hdev = sf->private;
858
+
u8 auto_connect = 0;
859
+
bdaddr_t addr;
860
+
u8 addr_type;
861
+
char *buf;
862
+
int err = 0;
863
+
int n;
864
+
865
+
/* Don't allow partial write */
866
+
if (*offset != 0)
867
+
return -EINVAL;
868
+
869
+
if (count < 3)
870
+
return -EINVAL;
871
+
872
+
buf = kzalloc(count, GFP_KERNEL);
873
+
if (!buf)
874
+
return -ENOMEM;
875
+
876
+
if (copy_from_user(buf, data, count)) {
877
+
err = -EFAULT;
878
+
goto done;
879
+
}
880
+
881
+
if (memcmp(buf, "add", 3) == 0) {
882
+
n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu %hhu",
883
+
&addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2],
884
+
&addr.b[1], &addr.b[0], &addr_type,
885
+
&auto_connect);
886
+
887
+
if (n < 7) {
888
+
err = -EINVAL;
889
+
goto done;
890
+
}
891
+
892
+
hci_dev_lock(hdev);
893
+
err = hci_conn_params_add(hdev, &addr, addr_type, auto_connect,
894
+
hdev->le_conn_min_interval,
895
+
hdev->le_conn_max_interval);
896
+
hci_dev_unlock(hdev);
897
+
898
+
if (err)
899
+
goto done;
900
+
} else if (memcmp(buf, "del", 3) == 0) {
901
+
n = sscanf(&buf[4], "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu",
902
+
&addr.b[5], &addr.b[4], &addr.b[3], &addr.b[2],
903
+
&addr.b[1], &addr.b[0], &addr_type);
904
+
905
+
if (n < 7) {
906
+
err = -EINVAL;
907
+
goto done;
908
+
}
909
+
910
+
hci_dev_lock(hdev);
911
+
hci_conn_params_del(hdev, &addr, addr_type);
912
+
hci_dev_unlock(hdev);
913
+
} else if (memcmp(buf, "clr", 3) == 0) {
914
+
hci_dev_lock(hdev);
915
+
hci_conn_params_clear(hdev);
916
+
hci_pend_le_conns_clear(hdev);
917
+
hci_update_background_scan(hdev);
918
+
hci_dev_unlock(hdev);
919
+
} else {
920
+
err = -EINVAL;
921
+
}
922
+
923
+
done:
924
+
kfree(buf);
925
+
926
+
if (err)
927
+
return err;
928
+
else
929
+
return count;
930
+
}
931
+
932
+
static const struct file_operations le_auto_conn_fops = {
933
+
.open = le_auto_conn_open,
934
+
.read = seq_read,
935
+
.write = le_auto_conn_write,
936
+
.llseek = seq_lseek,
937
+
.release = single_release,
915
938
};
916
939
917
940
/* ---- HCI requests ---- */
···
1371
1176
/* Read LE Local Supported Features */
1372
1177
hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1373
1178
1179
+
/* Read LE Supported States */
1180
+
hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1181
+
1374
1182
/* Read LE Advertising Channel TX Power */
1375
1183
hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1376
1184
1377
1185
/* Read LE White List Size */
1378
1186
hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1379
1187
1380
-
/* Read LE Supported States */
1381
-
hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1188
+
/* Clear LE White List */
1189
+
hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1382
1190
1383
1191
/* LE-only controllers have LE implicitly enabled */
1384
1192
if (!lmp_bredr_capable(hdev))
···
1673
1475
if (hdev->commands[5] & 0x10)
1674
1476
hci_setup_link_policy(req);
1675
1477
1676
-
if (lmp_le_capable(hdev)) {
1677
-
/* If the controller has a public BD_ADDR, then by default
1678
-
* use that one. If this is a LE only controller without
1679
-
* a public address, default to the random address.
1680
-
*
1681
-
* For debugging purposes it is possible to force
1682
-
* controllers with a public address to use the
1683
-
* random address instead.
1684
-
*/
1685
-
if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ||
1686
-
!bacmp(&hdev->bdaddr, BDADDR_ANY))
1687
-
hdev->own_addr_type = ADDR_LE_DEV_RANDOM;
1688
-
else
1689
-
hdev->own_addr_type = ADDR_LE_DEV_PUBLIC;
1690
-
1478
+
if (lmp_le_capable(hdev))
1691
1479
hci_set_le_support(req);
1692
-
}
1693
1480
1694
1481
/* Read features beyond page 1 if available */
1695
1482
for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
···
1791
1608
}
1792
1609
1793
1610
if (lmp_le_capable(hdev)) {
1611
+
debugfs_create_file("identity", 0400, hdev->debugfs,
1612
+
hdev, &identity_fops);
1613
+
debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1614
+
hdev, &rpa_timeout_fops);
1794
1615
debugfs_create_file("random_address", 0444, hdev->debugfs,
1795
1616
hdev, &random_address_fops);
1796
1617
debugfs_create_file("static_address", 0444, hdev->debugfs,
···
1811
1624
1812
1625
debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1813
1626
&hdev->le_white_list_size);
1627
+
debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1628
+
&white_list_fops);
1814
1629
debugfs_create_file("identity_resolving_keys", 0400,
1815
1630
hdev->debugfs, hdev,
1816
1631
&identity_resolving_keys_fops);
···
1826
1637
hdev, &adv_channel_map_fops);
1827
1638
debugfs_create_file("6lowpan", 0644, hdev->debugfs, hdev,
1828
1639
&lowpan_debugfs_fops);
1640
+
debugfs_create_file("le_auto_conn", 0644, hdev->debugfs, hdev,
1641
+
&le_auto_conn_fops);
1829
1642
}
1830
1643
1831
1644
return 0;
···
1920
1729
1921
1730
switch (state) {
1922
1731
case DISCOVERY_STOPPED:
1732
+
hci_update_background_scan(hdev);
1733
+
1923
1734
if (hdev->discovery.state != DISCOVERY_STARTING)
1924
1735
mgmt_discovering(hdev, 0);
1925
1736
break;
···
2295
2102
2296
2103
if (!ret) {
2297
2104
hci_dev_hold(hdev);
2105
+
set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2298
2106
set_bit(HCI_UP, &hdev->flags);
2299
2107
hci_notify(hdev, HCI_DEV_UP);
2300
2108
if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
···
2394
2200
2395
2201
cancel_delayed_work_sync(&hdev->le_scan_disable);
2396
2202
2203
+
if (test_bit(HCI_MGMT, &hdev->dev_flags))
2204
+
cancel_delayed_work_sync(&hdev->rpa_expired);
2205
+
2397
2206
hci_dev_lock(hdev);
2398
2207
hci_inquiry_cache_flush(hdev);
2399
2208
hci_conn_hash_flush(hdev);
2209
+
hci_pend_le_conns_clear(hdev);
2400
2210
hci_dev_unlock(hdev);
2401
2211
2402
2212
hci_notify(hdev, HCI_DEV_DOWN);
···
2921
2723
return false;
2922
2724
}
2923
2725
2924
-
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8],
2726
+
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
2925
2727
bool master)
2926
2728
{
2927
2729
struct smp_ltk *k;
2928
2730
2929
2731
list_for_each_entry(k, &hdev->long_term_keys, list) {
2930
-
if (k->ediv != ediv ||
2931
-
memcmp(rand, k->rand, sizeof(k->rand)))
2732
+
if (k->ediv != ediv || k->rand != rand)
2932
2733
continue;
2933
2734
2934
2735
if (ltk_type_master(k->type) != master)
···
3045
2848
3046
2849
struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3047
2850
u8 addr_type, u8 type, u8 authenticated,
3048
-
u8 tk[16], u8 enc_size, __le16 ediv, u8 rand[8])
2851
+
u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3049
2852
{
3050
2853
struct smp_ltk *key, *old_key;
3051
2854
bool master = ltk_type_master(type);
···
3065
2868
memcpy(key->val, tk, sizeof(key->val));
3066
2869
key->authenticated = authenticated;
3067
2870
key->ediv = ediv;
2871
+
key->rand = rand;
3068
2872
key->enc_size = enc_size;
3069
2873
key->type = type;
3070
-
memcpy(key->rand, rand, sizeof(key->rand));
3071
2874
3072
2875
return key;
3073
2876
}
···
3267
3070
return NULL;
3268
3071
}
3269
3072
3270
-
void hci_blacklist_clear(struct hci_dev *hdev)
3073
+
static void hci_blacklist_clear(struct hci_dev *hdev)
3271
3074
{
3272
3075
struct list_head *p, *n;
3273
3076
···
3320
3123
return mgmt_device_unblocked(hdev, bdaddr, type);
3321
3124
}
3322
3125
3126
+
struct bdaddr_list *hci_white_list_lookup(struct hci_dev *hdev,
3127
+
bdaddr_t *bdaddr, u8 type)
3128
+
{
3129
+
struct bdaddr_list *b;
3130
+
3131
+
list_for_each_entry(b, &hdev->le_white_list, list) {
3132
+
if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3133
+
return b;
3134
+
}
3135
+
3136
+
return NULL;
3137
+
}
3138
+
3139
+
void hci_white_list_clear(struct hci_dev *hdev)
3140
+
{
3141
+
struct list_head *p, *n;
3142
+
3143
+
list_for_each_safe(p, n, &hdev->le_white_list) {
3144
+
struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3145
+
3146
+
list_del(p);
3147
+
kfree(b);
3148
+
}
3149
+
}
3150
+
3151
+
int hci_white_list_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3152
+
{
3153
+
struct bdaddr_list *entry;
3154
+
3155
+
if (!bacmp(bdaddr, BDADDR_ANY))
3156
+
return -EBADF;
3157
+
3158
+
entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
3159
+
if (!entry)
3160
+
return -ENOMEM;
3161
+
3162
+
bacpy(&entry->bdaddr, bdaddr);
3163
+
entry->bdaddr_type = type;
3164
+
3165
+
list_add(&entry->list, &hdev->le_white_list);
3166
+
3167
+
return 0;
3168
+
}
3169
+
3170
+
int hci_white_list_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3171
+
{
3172
+
struct bdaddr_list *entry;
3173
+
3174
+
if (!bacmp(bdaddr, BDADDR_ANY))
3175
+
return -EBADF;
3176
+
3177
+
entry = hci_white_list_lookup(hdev, bdaddr, type);
3178
+
if (!entry)
3179
+
return -ENOENT;
3180
+
3181
+
list_del(&entry->list);
3182
+
kfree(entry);
3183
+
3184
+
return 0;
3185
+
}
3186
+
3323
3187
/* This function requires the caller holds hdev->lock */
3324
3188
struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3325
3189
bdaddr_t *addr, u8 addr_type)
···
3397
3139
return NULL;
3398
3140
}
3399
3141
3142
+
static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3143
+
{
3144
+
struct hci_conn *conn;
3145
+
3146
+
conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3147
+
if (!conn)
3148
+
return false;
3149
+
3150
+
if (conn->dst_type != type)
3151
+
return false;
3152
+
3153
+
if (conn->state != BT_CONNECTED)
3154
+
return false;
3155
+
3156
+
return true;
3157
+
}
3158
+
3159
+
static bool is_identity_address(bdaddr_t *addr, u8 addr_type)
3160
+
{
3161
+
if (addr_type == ADDR_LE_DEV_PUBLIC)
3162
+
return true;
3163
+
3164
+
/* Check for Random Static address type */
3165
+
if ((addr->b[5] & 0xc0) == 0xc0)
3166
+
return true;
3167
+
3168
+
return false;
3169
+
}
3170
+
3400
3171
/* This function requires the caller holds hdev->lock */
3401
-
void hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3402
-
u16 conn_min_interval, u16 conn_max_interval)
3172
+
int hci_conn_params_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3173
+
u8 auto_connect, u16 conn_min_interval,
3174
+
u16 conn_max_interval)
3403
3175
{
3404
3176
struct hci_conn_params *params;
3405
3177
3178
+
if (!is_identity_address(addr, addr_type))
3179
+
return -EINVAL;
3180
+
3406
3181
params = hci_conn_params_lookup(hdev, addr, addr_type);
3407
-
if (params) {
3408
-
params->conn_min_interval = conn_min_interval;
3409
-
params->conn_max_interval = conn_max_interval;
3410
-
return;
3411
-
}
3182
+
if (params)
3183
+
goto update;
3412
3184
3413
3185
params = kzalloc(sizeof(*params), GFP_KERNEL);
3414
3186
if (!params) {
3415
3187
BT_ERR("Out of memory");
3416
-
return;
3188
+
return -ENOMEM;
3417
3189
}
3418
3190
3419
3191
bacpy(¶ms->addr, addr);
3420
3192
params->addr_type = addr_type;
3421
-
params->conn_min_interval = conn_min_interval;
3422
-
params->conn_max_interval = conn_max_interval;
3423
3193
3424
3194
list_add(¶ms->list, &hdev->le_conn_params);
3425
3195
3426
-
BT_DBG("addr %pMR (type %u) conn_min_interval 0x%.4x "
3427
-
"conn_max_interval 0x%.4x", addr, addr_type, conn_min_interval,
3428
-
conn_max_interval);
3196
+
update:
3197
+
params->conn_min_interval = conn_min_interval;
3198
+
params->conn_max_interval = conn_max_interval;
3199
+
params->auto_connect = auto_connect;
3200
+
3201
+
switch (auto_connect) {
3202
+
case HCI_AUTO_CONN_DISABLED:
3203
+
case HCI_AUTO_CONN_LINK_LOSS:
3204
+
hci_pend_le_conn_del(hdev, addr, addr_type);
3205
+
break;
3206
+
case HCI_AUTO_CONN_ALWAYS:
3207
+
if (!is_connected(hdev, addr, addr_type))
3208
+
hci_pend_le_conn_add(hdev, addr, addr_type);
3209
+
break;
3210
+
}
3211
+
3212
+
BT_DBG("addr %pMR (type %u) auto_connect %u conn_min_interval 0x%.4x "
3213
+
"conn_max_interval 0x%.4x", addr, addr_type, auto_connect,
3214
+
conn_min_interval, conn_max_interval);
3215
+
3216
+
return 0;
3429
3217
}
3430
3218
3431
3219
/* This function requires the caller holds hdev->lock */
···
3482
3178
params = hci_conn_params_lookup(hdev, addr, addr_type);
3483
3179
if (!params)
3484
3180
return;
3181
+
3182
+
hci_pend_le_conn_del(hdev, addr, addr_type);
3485
3183
3486
3184
list_del(¶ms->list);
3487
3185
kfree(params);
···
3502
3196
}
3503
3197
3504
3198
BT_DBG("All LE connection parameters were removed");
3199
+
}
3200
+
3201
+
/* This function requires the caller holds hdev->lock */
3202
+
struct bdaddr_list *hci_pend_le_conn_lookup(struct hci_dev *hdev,
3203
+
bdaddr_t *addr, u8 addr_type)
3204
+
{
3205
+
struct bdaddr_list *entry;
3206
+
3207
+
list_for_each_entry(entry, &hdev->pend_le_conns, list) {
3208
+
if (bacmp(&entry->bdaddr, addr) == 0 &&
3209
+
entry->bdaddr_type == addr_type)
3210
+
return entry;
3211
+
}
3212
+
3213
+
return NULL;
3214
+
}
3215
+
3216
+
/* This function requires the caller holds hdev->lock */
3217
+
void hci_pend_le_conn_add(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3218
+
{
3219
+
struct bdaddr_list *entry;
3220
+
3221
+
entry = hci_pend_le_conn_lookup(hdev, addr, addr_type);
3222
+
if (entry)
3223
+
goto done;
3224
+
3225
+
entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3226
+
if (!entry) {
3227
+
BT_ERR("Out of memory");
3228
+
return;
3229
+
}
3230
+
3231
+
bacpy(&entry->bdaddr, addr);
3232
+
entry->bdaddr_type = addr_type;
3233
+
3234
+
list_add(&entry->list, &hdev->pend_le_conns);
3235
+
3236
+
BT_DBG("addr %pMR (type %u)", addr, addr_type);
3237
+
3238
+
done:
3239
+
hci_update_background_scan(hdev);
3240
+
}
3241
+
3242
+
/* This function requires the caller holds hdev->lock */
3243
+
void hci_pend_le_conn_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3244
+
{
3245
+
struct bdaddr_list *entry;
3246
+
3247
+
entry = hci_pend_le_conn_lookup(hdev, addr, addr_type);
3248
+
if (!entry)
3249
+
goto done;
3250
+
3251
+
list_del(&entry->list);
3252
+
kfree(entry);
3253
+
3254
+
BT_DBG("addr %pMR (type %u)", addr, addr_type);
3255
+
3256
+
done:
3257
+
hci_update_background_scan(hdev);
3258
+
}
3259
+
3260
+
/* This function requires the caller holds hdev->lock */
3261
+
void hci_pend_le_conns_clear(struct hci_dev *hdev)
3262
+
{
3263
+
struct bdaddr_list *entry, *tmp;
3264
+
3265
+
list_for_each_entry_safe(entry, tmp, &hdev->pend_le_conns, list) {
3266
+
list_del(&entry->list);
3267
+
kfree(entry);
3268
+
}
3269
+
3270
+
BT_DBG("All LE pending connections cleared");
3505
3271
}
3506
3272
3507
3273
static void inquiry_complete(struct hci_dev *hdev, u8 status)
···
3635
3257
{
3636
3258
struct hci_dev *hdev = container_of(work, struct hci_dev,
3637
3259
le_scan_disable.work);
3638
-
struct hci_cp_le_set_scan_enable cp;
3639
3260
struct hci_request req;
3640
3261
int err;
3641
3262
···
3642
3265
3643
3266
hci_req_init(&req, hdev);
3644
3267
3645
-
memset(&cp, 0, sizeof(cp));
3646
-
cp.enable = LE_SCAN_DISABLE;
3647
-
hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
3268
+
hci_req_add_le_scan_disable(&req);
3648
3269
3649
3270
err = hci_req_run(&req, le_scan_disable_work_complete);
3650
3271
if (err)
3651
3272
BT_ERR("Disable LE scanning request failed: err %d", err);
3273
+
}
3274
+
3275
+
static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3276
+
{
3277
+
struct hci_dev *hdev = req->hdev;
3278
+
3279
+
/* If we're advertising or initiating an LE connection we can't
3280
+
* go ahead and change the random address at this time. This is
3281
+
* because the eventual initiator address used for the
3282
+
* subsequently created connection will be undefined (some
3283
+
* controllers use the new address and others the one we had
3284
+
* when the operation started).
3285
+
*
3286
+
* In this kind of scenario skip the update and let the random
3287
+
* address be updated at the next cycle.
3288
+
*/
3289
+
if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
3290
+
hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3291
+
BT_DBG("Deferring random address update");
3292
+
return;
3293
+
}
3294
+
3295
+
hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3296
+
}
3297
+
3298
+
int hci_update_random_address(struct hci_request *req, bool require_privacy,
3299
+
u8 *own_addr_type)
3300
+
{
3301
+
struct hci_dev *hdev = req->hdev;
3302
+
int err;
3303
+
3304
+
/* If privacy is enabled use a resolvable private address. If
3305
+
* current RPA has expired or there is something else than
3306
+
* the current RPA in use, then generate a new one.
3307
+
*/
3308
+
if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3309
+
int to;
3310
+
3311
+
*own_addr_type = ADDR_LE_DEV_RANDOM;
3312
+
3313
+
if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3314
+
!bacmp(&hdev->random_addr, &hdev->rpa))
3315
+
return 0;
3316
+
3317
+
err = smp_generate_rpa(hdev->tfm_aes, hdev->irk, &hdev->rpa);
3318
+
if (err < 0) {
3319
+
BT_ERR("%s failed to generate new RPA", hdev->name);
3320
+
return err;
3321
+
}
3322
+
3323
+
set_random_addr(req, &hdev->rpa);
3324
+
3325
+
to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3326
+
queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3327
+
3328
+
return 0;
3329
+
}
3330
+
3331
+
/* In case of required privacy without resolvable private address,
3332
+
* use an unresolvable private address. This is useful for active
3333
+
* scanning and non-connectable advertising.
3334
+
*/
3335
+
if (require_privacy) {
3336
+
bdaddr_t urpa;
3337
+
3338
+
get_random_bytes(&urpa, 6);
3339
+
urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3340
+
3341
+
*own_addr_type = ADDR_LE_DEV_RANDOM;
3342
+
set_random_addr(req, &urpa);
3343
+
return 0;
3344
+
}
3345
+
3346
+
/* If forcing static address is in use or there is no public
3347
+
* address use the static address as random address (but skip
3348
+
* the HCI command if the current random address is already the
3349
+
* static one.
3350
+
*/
3351
+
if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ||
3352
+
!bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3353
+
*own_addr_type = ADDR_LE_DEV_RANDOM;
3354
+
if (bacmp(&hdev->static_addr, &hdev->random_addr))
3355
+
hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3356
+
&hdev->static_addr);
3357
+
return 0;
3358
+
}
3359
+
3360
+
/* Neither privacy nor static address is being used so use a
3361
+
* public address.
3362
+
*/
3363
+
*own_addr_type = ADDR_LE_DEV_PUBLIC;
3364
+
3365
+
return 0;
3366
+
}
3367
+
3368
+
/* Copy the Identity Address of the controller.
3369
+
*
3370
+
* If the controller has a public BD_ADDR, then by default use that one.
3371
+
* If this is a LE only controller without a public address, default to
3372
+
* the static random address.
3373
+
*
3374
+
* For debugging purposes it is possible to force controllers with a
3375
+
* public address to use the static random address instead.
3376
+
*/
3377
+
void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3378
+
u8 *bdaddr_type)
3379
+
{
3380
+
if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dev_flags) ||
3381
+
!bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3382
+
bacpy(bdaddr, &hdev->static_addr);
3383
+
*bdaddr_type = ADDR_LE_DEV_RANDOM;
3384
+
} else {
3385
+
bacpy(bdaddr, &hdev->bdaddr);
3386
+
*bdaddr_type = ADDR_LE_DEV_PUBLIC;
3387
+
}
3652
3388
}
3653
3389
3654
3390
/* Alloc HCI device */
···
3790
3300
hdev->le_conn_min_interval = 0x0028;
3791
3301
hdev->le_conn_max_interval = 0x0038;
3792
3302
3303
+
hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3304
+
3793
3305
mutex_init(&hdev->lock);
3794
3306
mutex_init(&hdev->req_lock);
3795
3307
···
3802
3310
INIT_LIST_HEAD(&hdev->long_term_keys);
3803
3311
INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3804
3312
INIT_LIST_HEAD(&hdev->remote_oob_data);
3313
+
INIT_LIST_HEAD(&hdev->le_white_list);
3805
3314
INIT_LIST_HEAD(&hdev->le_conn_params);
3315
+
INIT_LIST_HEAD(&hdev->pend_le_conns);
3806
3316
INIT_LIST_HEAD(&hdev->conn_hash.list);
3807
3317
3808
3318
INIT_WORK(&hdev->rx_work, hci_rx_work);
···
4005
3511
hci_smp_ltks_clear(hdev);
4006
3512
hci_smp_irks_clear(hdev);
4007
3513
hci_remote_oob_data_clear(hdev);
3514
+
hci_white_list_clear(hdev);
4008
3515
hci_conn_params_clear(hdev);
3516
+
hci_pend_le_conns_clear(hdev);
4009
3517
hci_dev_unlock(hdev);
4010
3518
4011
3519
hci_dev_put(hdev);
···
5234
4738
queue_work(hdev->workqueue, &hdev->cmd_work);
5235
4739
}
5236
4740
}
4741
+
}
4742
+
4743
+
void hci_req_add_le_scan_disable(struct hci_request *req)
4744
+
{
4745
+
struct hci_cp_le_set_scan_enable cp;
4746
+
4747
+
memset(&cp, 0, sizeof(cp));
4748
+
cp.enable = LE_SCAN_DISABLE;
4749
+
hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
4750
+
}
4751
+
4752
+
void hci_req_add_le_passive_scan(struct hci_request *req)
4753
+
{
4754
+
struct hci_cp_le_set_scan_param param_cp;
4755
+
struct hci_cp_le_set_scan_enable enable_cp;
4756
+
struct hci_dev *hdev = req->hdev;
4757
+
u8 own_addr_type;
4758
+
4759
+
/* Set require_privacy to true to avoid identification from
4760
+
* unknown peer devices. Since this is passive scanning, no
4761
+
* SCAN_REQ using the local identity should be sent. Mandating
4762
+
* privacy is just an extra precaution.
4763
+
*/
4764
+
if (hci_update_random_address(req, true, &own_addr_type))
4765
+
return;
4766
+
4767
+
memset(¶m_cp, 0, sizeof(param_cp));
4768
+
param_cp.type = LE_SCAN_PASSIVE;
4769
+
param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
4770
+
param_cp.window = cpu_to_le16(hdev->le_scan_window);
4771
+
param_cp.own_address_type = own_addr_type;
4772
+
hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4773
+
¶m_cp);
4774
+
4775
+
memset(&enable_cp, 0, sizeof(enable_cp));
4776
+
enable_cp.enable = LE_SCAN_ENABLE;
4777
+
enable_cp.filter_dup = LE_SCAN_FILTER_DUP_DISABLE;
4778
+
hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4779
+
&enable_cp);
4780
+
}
4781
+
4782
+
static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
4783
+
{
4784
+
if (status)
4785
+
BT_DBG("HCI request failed to update background scanning: "
4786
+
"status 0x%2.2x", status);
4787
+
}
4788
+
4789
+
/* This function controls the background scanning based on hdev->pend_le_conns
4790
+
* list. If there are pending LE connection we start the background scanning,
4791
+
* otherwise we stop it.
4792
+
*
4793
+
* This function requires the caller holds hdev->lock.
4794
+
*/
4795
+
void hci_update_background_scan(struct hci_dev *hdev)
4796
+
{
4797
+
struct hci_request req;
4798
+
struct hci_conn *conn;
4799
+
int err;
4800
+
4801
+
hci_req_init(&req, hdev);
4802
+
4803
+
if (list_empty(&hdev->pend_le_conns)) {
4804
+
/* If there is no pending LE connections, we should stop
4805
+
* the background scanning.
4806
+
*/
4807
+
4808
+
/* If controller is not scanning we are done. */
4809
+
if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
4810
+
return;
4811
+
4812
+
hci_req_add_le_scan_disable(&req);
4813
+
4814
+
BT_DBG("%s stopping background scanning", hdev->name);
4815
+
} else {
4816
+
/* If there is at least one pending LE connection, we should
4817
+
* keep the background scan running.
4818
+
*/
4819
+
4820
+
/* If controller is already scanning we are done. */
4821
+
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
4822
+
return;
4823
+
4824
+
/* If controller is connecting, we should not start scanning
4825
+
* since some controllers are not able to scan and connect at
4826
+
* the same time.
4827
+
*/
4828
+
conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
4829
+
if (conn)
4830
+
return;
4831
+
4832
+
hci_req_add_le_passive_scan(&req);
4833
+
4834
+
BT_DBG("%s starting background scanning", hdev->name);
4835
+
}
4836
+
4837
+
err = hci_req_run(&req, update_background_scan_complete);
4838
+
if (err)
4839
+
BT_ERR("Failed to run HCI request: err %d", err);
5237
4840
}
+259
-15
net/bluetooth/hci_event.c
+259
-15
net/bluetooth/hci_event.c
···
991
991
992
992
hci_dev_lock(hdev);
993
993
994
-
if (!status) {
995
-
if (*sent)
996
-
set_bit(HCI_ADVERTISING, &hdev->dev_flags);
997
-
else
998
-
clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
999
-
}
994
+
if (!status)
995
+
mgmt_advertising(hdev, *sent);
1000
996
1001
997
hci_dev_unlock(hdev);
1002
998
}
···
1018
1022
break;
1019
1023
1020
1024
case LE_SCAN_DISABLE:
1025
+
/* Cancel this timer so that we don't try to disable scanning
1026
+
* when it's already disabled.
1027
+
*/
1028
+
cancel_delayed_work(&hdev->le_scan_disable);
1029
+
1021
1030
clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1031
+
/* The HCI_LE_SCAN_INTERRUPTED flag indicates that we
1032
+
* interrupted scanning due to a connect request. Mark
1033
+
* therefore discovery as stopped.
1034
+
*/
1035
+
if (test_and_clear_bit(HCI_LE_SCAN_INTERRUPTED,
1036
+
&hdev->dev_flags))
1037
+
hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1022
1038
break;
1023
1039
1024
1040
default:
···
1048
1040
1049
1041
if (!rp->status)
1050
1042
hdev->le_white_list_size = rp->size;
1043
+
}
1044
+
1045
+
static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
1046
+
struct sk_buff *skb)
1047
+
{
1048
+
__u8 status = *((__u8 *) skb->data);
1049
+
1050
+
BT_DBG("%s status 0x%2.2x", hdev->name, status);
1051
+
1052
+
if (!status)
1053
+
hci_white_list_clear(hdev);
1054
+
}
1055
+
1056
+
static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
1057
+
struct sk_buff *skb)
1058
+
{
1059
+
struct hci_cp_le_add_to_white_list *sent;
1060
+
__u8 status = *((__u8 *) skb->data);
1061
+
1062
+
BT_DBG("%s status 0x%2.2x", hdev->name, status);
1063
+
1064
+
sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
1065
+
if (!sent)
1066
+
return;
1067
+
1068
+
if (!status)
1069
+
hci_white_list_add(hdev, &sent->bdaddr, sent->bdaddr_type);
1070
+
}
1071
+
1072
+
static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
1073
+
struct sk_buff *skb)
1074
+
{
1075
+
struct hci_cp_le_del_from_white_list *sent;
1076
+
__u8 status = *((__u8 *) skb->data);
1077
+
1078
+
BT_DBG("%s status 0x%2.2x", hdev->name, status);
1079
+
1080
+
sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
1081
+
if (!sent)
1082
+
return;
1083
+
1084
+
if (!status)
1085
+
hci_white_list_del(hdev, &sent->bdaddr, sent->bdaddr_type);
1051
1086
}
1052
1087
1053
1088
static void hci_cc_le_read_supported_states(struct hci_dev *hdev,
···
1131
1080
else
1132
1081
hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1133
1082
}
1083
+
}
1084
+
1085
+
static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1086
+
{
1087
+
struct hci_cp_le_set_adv_param *cp;
1088
+
u8 status = *((u8 *) skb->data);
1089
+
1090
+
BT_DBG("%s status 0x%2.2x", hdev->name, status);
1091
+
1092
+
if (status)
1093
+
return;
1094
+
1095
+
cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_PARAM);
1096
+
if (!cp)
1097
+
return;
1098
+
1099
+
hci_dev_lock(hdev);
1100
+
hdev->adv_addr_type = cp->own_address_type;
1101
+
hci_dev_unlock(hdev);
1134
1102
}
1135
1103
1136
1104
static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
···
1653
1583
amp_write_remote_assoc(hdev, cp->phy_handle);
1654
1584
}
1655
1585
1586
+
static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1587
+
{
1588
+
struct hci_cp_le_create_conn *cp;
1589
+
struct hci_conn *conn;
1590
+
1591
+
BT_DBG("%s status 0x%2.2x", hdev->name, status);
1592
+
1593
+
/* All connection failure handling is taken care of by the
1594
+
* hci_le_conn_failed function which is triggered by the HCI
1595
+
* request completion callbacks used for connecting.
1596
+
*/
1597
+
if (status)
1598
+
return;
1599
+
1600
+
cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1601
+
if (!cp)
1602
+
return;
1603
+
1604
+
hci_dev_lock(hdev);
1605
+
1606
+
conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1607
+
if (!conn)
1608
+
goto unlock;
1609
+
1610
+
/* Store the initiator and responder address information which
1611
+
* is needed for SMP. These values will not change during the
1612
+
* lifetime of the connection.
1613
+
*/
1614
+
conn->init_addr_type = cp->own_address_type;
1615
+
if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1616
+
bacpy(&conn->init_addr, &hdev->random_addr);
1617
+
else
1618
+
bacpy(&conn->init_addr, &hdev->bdaddr);
1619
+
1620
+
conn->resp_addr_type = cp->peer_addr_type;
1621
+
bacpy(&conn->resp_addr, &cp->peer_addr);
1622
+
1623
+
/* We don't want the connection attempt to stick around
1624
+
* indefinitely since LE doesn't have a page timeout concept
1625
+
* like BR/EDR. Set a timer for any connection that doesn't use
1626
+
* the white list for connecting.
1627
+
*/
1628
+
if (cp->filter_policy == HCI_LE_USE_PEER_ADDR)
1629
+
queue_delayed_work(conn->hdev->workqueue,
1630
+
&conn->le_conn_timeout,
1631
+
HCI_LE_CONN_TIMEOUT);
1632
+
1633
+
unlock:
1634
+
hci_dev_unlock(hdev);
1635
+
}
1636
+
1656
1637
static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1657
1638
{
1658
1639
__u8 status = *((__u8 *) skb->data);
···
1966
1845
{
1967
1846
struct hci_ev_disconn_complete *ev = (void *) skb->data;
1968
1847
u8 reason = hci_to_mgmt_reason(ev->reason);
1848
+
struct hci_conn_params *params;
1969
1849
struct hci_conn *conn;
1850
+
bool mgmt_connected;
1970
1851
u8 type;
1971
1852
1972
1853
BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
···
1987
1864
1988
1865
conn->state = BT_CLOSED;
1989
1866
1990
-
if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1991
-
mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1992
-
conn->dst_type, reason);
1867
+
mgmt_connected = test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags);
1868
+
mgmt_device_disconnected(hdev, &conn->dst, conn->type, conn->dst_type,
1869
+
reason, mgmt_connected);
1993
1870
1994
1871
if (conn->type == ACL_LINK && conn->flush_key)
1995
1872
hci_remove_link_key(hdev, &conn->dst);
1873
+
1874
+
params = hci_conn_params_lookup(hdev, &conn->dst, conn->dst_type);
1875
+
if (params) {
1876
+
switch (params->auto_connect) {
1877
+
case HCI_AUTO_CONN_LINK_LOSS:
1878
+
if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT)
1879
+
break;
1880
+
/* Fall through */
1881
+
1882
+
case HCI_AUTO_CONN_ALWAYS:
1883
+
hci_pend_le_conn_add(hdev, &conn->dst, conn->dst_type);
1884
+
break;
1885
+
1886
+
default:
1887
+
break;
1888
+
}
1889
+
}
1996
1890
1997
1891
type = conn->type;
1998
1892
···
2484
2344
hci_cc_le_read_white_list_size(hdev, skb);
2485
2345
break;
2486
2346
2347
+
case HCI_OP_LE_CLEAR_WHITE_LIST:
2348
+
hci_cc_le_clear_white_list(hdev, skb);
2349
+
break;
2350
+
2351
+
case HCI_OP_LE_ADD_TO_WHITE_LIST:
2352
+
hci_cc_le_add_to_white_list(hdev, skb);
2353
+
break;
2354
+
2355
+
case HCI_OP_LE_DEL_FROM_WHITE_LIST:
2356
+
hci_cc_le_del_from_white_list(hdev, skb);
2357
+
break;
2358
+
2487
2359
case HCI_OP_LE_READ_SUPPORTED_STATES:
2488
2360
hci_cc_le_read_supported_states(hdev, skb);
2489
2361
break;
2490
2362
2491
2363
case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2492
2364
hci_cc_write_le_host_supported(hdev, skb);
2365
+
break;
2366
+
2367
+
case HCI_OP_LE_SET_ADV_PARAM:
2368
+
hci_cc_set_adv_param(hdev, skb);
2493
2369
break;
2494
2370
2495
2371
case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
···
2593
2437
2594
2438
case HCI_OP_ACCEPT_PHY_LINK:
2595
2439
hci_cs_accept_phylink(hdev, ev->status);
2440
+
break;
2441
+
2442
+
case HCI_OP_LE_CREATE_CONN:
2443
+
hci_cs_le_create_conn(hdev, ev->status);
2596
2444
break;
2597
2445
2598
2446
default:
···
3783
3623
conn->out = true;
3784
3624
conn->link_mode |= HCI_LM_MASTER;
3785
3625
}
3626
+
3627
+
/* If we didn't have a hci_conn object previously
3628
+
* but we're in master role this must be something
3629
+
* initiated using a white list. Since white list based
3630
+
* connections are not "first class citizens" we don't
3631
+
* have full tracking of them. Therefore, we go ahead
3632
+
* with a "best effort" approach of determining the
3633
+
* initiator address based on the HCI_PRIVACY flag.
3634
+
*/
3635
+
if (conn->out) {
3636
+
conn->resp_addr_type = ev->bdaddr_type;
3637
+
bacpy(&conn->resp_addr, &ev->bdaddr);
3638
+
if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3639
+
conn->init_addr_type = ADDR_LE_DEV_RANDOM;
3640
+
bacpy(&conn->init_addr, &hdev->rpa);
3641
+
} else {
3642
+
hci_copy_identity_address(hdev,
3643
+
&conn->init_addr,
3644
+
&conn->init_addr_type);
3645
+
}
3646
+
} else {
3647
+
/* Set the responder (our side) address type based on
3648
+
* the advertising address type.
3649
+
*/
3650
+
conn->resp_addr_type = hdev->adv_addr_type;
3651
+
if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM)
3652
+
bacpy(&conn->resp_addr, &hdev->random_addr);
3653
+
else
3654
+
bacpy(&conn->resp_addr, &hdev->bdaddr);
3655
+
3656
+
conn->init_addr_type = ev->bdaddr_type;
3657
+
bacpy(&conn->init_addr, &ev->bdaddr);
3658
+
}
3659
+
} else {
3660
+
cancel_delayed_work(&conn->le_conn_timeout);
3786
3661
}
3662
+
3663
+
/* Ensure that the hci_conn contains the identity address type
3664
+
* regardless of which address the connection was made with.
3665
+
*/
3666
+
hci_copy_identity_address(hdev, &conn->src, &conn->src_type);
3787
3667
3788
3668
/* Lookup the identity address from the stored connection
3789
3669
* address and address type.
···
3841
3641
}
3842
3642
3843
3643
if (ev->status) {
3844
-
mgmt_connect_failed(hdev, &conn->dst, conn->type,
3845
-
conn->dst_type, ev->status);
3846
-
hci_proto_connect_cfm(conn, ev->status);
3847
-
conn->state = BT_CLOSED;
3848
-
hci_conn_del(conn);
3644
+
hci_le_conn_failed(conn, ev->status);
3849
3645
goto unlock;
3850
3646
}
3851
3647
···
3860
3664
3861
3665
hci_proto_connect_cfm(conn, ev->status);
3862
3666
3667
+
hci_pend_le_conn_del(hdev, &conn->dst, conn->dst_type);
3668
+
3863
3669
unlock:
3864
3670
hci_dev_unlock(hdev);
3671
+
}
3672
+
3673
+
/* This function requires the caller holds hdev->lock */
3674
+
static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
3675
+
u8 addr_type)
3676
+
{
3677
+
struct hci_conn *conn;
3678
+
struct smp_irk *irk;
3679
+
3680
+
/* If this is a resolvable address, we should resolve it and then
3681
+
* update address and address type variables.
3682
+
*/
3683
+
irk = hci_get_irk(hdev, addr, addr_type);
3684
+
if (irk) {
3685
+
addr = &irk->bdaddr;
3686
+
addr_type = irk->addr_type;
3687
+
}
3688
+
3689
+
if (!hci_pend_le_conn_lookup(hdev, addr, addr_type))
3690
+
return;
3691
+
3692
+
conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
3693
+
HCI_AT_NO_BONDING);
3694
+
if (!IS_ERR(conn))
3695
+
return;
3696
+
3697
+
switch (PTR_ERR(conn)) {
3698
+
case -EBUSY:
3699
+
/* If hci_connect() returns -EBUSY it means there is already
3700
+
* an LE connection attempt going on. Since controllers don't
3701
+
* support more than one connection attempt at the time, we
3702
+
* don't consider this an error case.
3703
+
*/
3704
+
break;
3705
+
default:
3706
+
BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
3707
+
}
3865
3708
}
3866
3709
3867
3710
static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
···
3909
3674
void *ptr = &skb->data[1];
3910
3675
s8 rssi;
3911
3676
3677
+
hci_dev_lock(hdev);
3678
+
3912
3679
while (num_reports--) {
3913
3680
struct hci_ev_le_advertising_info *ev = ptr;
3681
+
3682
+
if (ev->evt_type == LE_ADV_IND ||
3683
+
ev->evt_type == LE_ADV_DIRECT_IND)
3684
+
check_pending_le_conn(hdev, &ev->bdaddr,
3685
+
ev->bdaddr_type);
3914
3686
3915
3687
rssi = ev->data[ev->length];
3916
3688
mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
···
3925
3683
3926
3684
ptr += sizeof(*ev) + ev->length + 1;
3927
3685
}
3686
+
3687
+
hci_dev_unlock(hdev);
3928
3688
}
3929
3689
3930
3690
static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
···
3945
3701
if (conn == NULL)
3946
3702
goto not_found;
3947
3703
3948
-
ltk = hci_find_ltk(hdev, ev->ediv, ev->random, conn->out);
3704
+
ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->out);
3949
3705
if (ltk == NULL)
3950
3706
goto not_found;
3951
3707
+30
-7
net/bluetooth/l2cap_core.c
+30
-7
net/bluetooth/l2cap_core.c
···
2434
2434
if (IS_ERR(skb))
2435
2435
return PTR_ERR(skb);
2436
2436
2437
+
/* Channel lock is released before requesting new skb and then
2438
+
* reacquired thus we need to recheck channel state.
2439
+
*/
2440
+
if (chan->state != BT_CONNECTED) {
2441
+
kfree_skb(skb);
2442
+
return -ENOTCONN;
2443
+
}
2444
+
2437
2445
l2cap_do_send(chan, skb);
2438
2446
return len;
2439
2447
}
···
2490
2482
skb = l2cap_create_basic_pdu(chan, msg, len, priority);
2491
2483
if (IS_ERR(skb))
2492
2484
return PTR_ERR(skb);
2485
+
2486
+
/* Channel lock is released before requesting new skb and then
2487
+
* reacquired thus we need to recheck channel state.
2488
+
*/
2489
+
if (chan->state != BT_CONNECTED) {
2490
+
kfree_skb(skb);
2491
+
return -ENOTCONN;
2492
+
}
2493
2493
2494
2494
l2cap_do_send(chan, skb);
2495
2495
err = len;
···
7108
7092
7109
7093
auth_type = l2cap_get_auth_type(chan);
7110
7094
7111
-
if (bdaddr_type_is_le(dst_type))
7112
-
hcon = hci_connect(hdev, LE_LINK, dst, dst_type,
7113
-
chan->sec_level, auth_type);
7114
-
else
7115
-
hcon = hci_connect(hdev, ACL_LINK, dst, dst_type,
7116
-
chan->sec_level, auth_type);
7095
+
if (bdaddr_type_is_le(dst_type)) {
7096
+
/* Convert from L2CAP channel address type to HCI address type
7097
+
*/
7098
+
if (dst_type == BDADDR_LE_PUBLIC)
7099
+
dst_type = ADDR_LE_DEV_PUBLIC;
7100
+
else
7101
+
dst_type = ADDR_LE_DEV_RANDOM;
7102
+
7103
+
hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level,
7104
+
auth_type);
7105
+
} else {
7106
+
hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type);
7107
+
}
7117
7108
7118
7109
if (IS_ERR(hcon)) {
7119
7110
err = PTR_ERR(hcon);
···
7274
7251
7275
7252
if (hcon->type == LE_LINK) {
7276
7253
if (!status && encrypt)
7277
-
smp_distribute_keys(conn, 0);
7254
+
smp_distribute_keys(conn);
7278
7255
cancel_delayed_work(&conn->security_timer);
7279
7256
}
7280
7257
+347
-76
net/bluetooth/mgmt.c
+347
-76
net/bluetooth/mgmt.c
···
81
81
MGMT_OP_SET_SCAN_PARAMS,
82
82
MGMT_OP_SET_SECURE_CONN,
83
83
MGMT_OP_SET_DEBUG_KEYS,
84
+
MGMT_OP_SET_PRIVACY,
84
85
MGMT_OP_LOAD_IRKS,
85
86
};
86
87
···
107
106
MGMT_EV_DEVICE_UNBLOCKED,
108
107
MGMT_EV_DEVICE_UNPAIRED,
109
108
MGMT_EV_PASSKEY_NOTIFY,
109
+
MGMT_EV_NEW_IRK,
110
110
};
111
111
112
112
#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
···
391
389
if (lmp_le_capable(hdev)) {
392
390
settings |= MGMT_SETTING_LE;
393
391
settings |= MGMT_SETTING_ADVERTISING;
392
+
settings |= MGMT_SETTING_PRIVACY;
394
393
}
395
394
396
395
return settings;
···
439
436
440
437
if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441
438
settings |= MGMT_SETTING_DEBUG_KEYS;
439
+
440
+
if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
441
+
settings |= MGMT_SETTING_PRIVACY;
442
442
443
443
return settings;
444
444
}
···
817
811
hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
818
812
}
819
813
814
+
static bool get_connectable(struct hci_dev *hdev)
815
+
{
816
+
struct pending_cmd *cmd;
817
+
818
+
/* If there's a pending mgmt command the flag will not yet have
819
+
* it's final value, so check for this first.
820
+
*/
821
+
cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
822
+
if (cmd) {
823
+
struct mgmt_mode *cp = cmd->param;
824
+
return cp->val;
825
+
}
826
+
827
+
return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
828
+
}
829
+
830
+
static void enable_advertising(struct hci_request *req)
831
+
{
832
+
struct hci_dev *hdev = req->hdev;
833
+
struct hci_cp_le_set_adv_param cp;
834
+
u8 own_addr_type, enable = 0x01;
835
+
bool connectable;
836
+
837
+
/* Clear the HCI_ADVERTISING bit temporarily so that the
838
+
* hci_update_random_address knows that it's safe to go ahead
839
+
* and write a new random address. The flag will be set back on
840
+
* as soon as the SET_ADV_ENABLE HCI command completes.
841
+
*/
842
+
clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
843
+
844
+
connectable = get_connectable(hdev);
845
+
846
+
/* Set require_privacy to true only when non-connectable
847
+
* advertising is used. In that case it is fine to use a
848
+
* non-resolvable private address.
849
+
*/
850
+
if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
851
+
return;
852
+
853
+
memset(&cp, 0, sizeof(cp));
854
+
cp.min_interval = __constant_cpu_to_le16(0x0800);
855
+
cp.max_interval = __constant_cpu_to_le16(0x0800);
856
+
cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
857
+
cp.own_address_type = own_addr_type;
858
+
cp.channel_map = hdev->le_adv_channel_map;
859
+
860
+
hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
861
+
862
+
hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
863
+
}
864
+
865
+
static void disable_advertising(struct hci_request *req)
866
+
{
867
+
u8 enable = 0x00;
868
+
869
+
hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870
+
}
871
+
820
872
static void service_cache_off(struct work_struct *work)
821
873
{
822
874
struct hci_dev *hdev = container_of(work, struct hci_dev,
···
896
832
hci_req_run(&req, NULL);
897
833
}
898
834
835
+
static void rpa_expired(struct work_struct *work)
836
+
{
837
+
struct hci_dev *hdev = container_of(work, struct hci_dev,
838
+
rpa_expired.work);
839
+
struct hci_request req;
840
+
841
+
BT_DBG("");
842
+
843
+
set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
844
+
845
+
if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
846
+
hci_conn_num(hdev, LE_LINK) > 0)
847
+
return;
848
+
849
+
/* The generation of a new RPA and programming it into the
850
+
* controller happens in the enable_advertising() function.
851
+
*/
852
+
853
+
hci_req_init(&req, hdev);
854
+
855
+
disable_advertising(&req);
856
+
enable_advertising(&req);
857
+
858
+
hci_req_run(&req, NULL);
859
+
}
860
+
899
861
static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
900
862
{
901
863
if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
902
864
return;
903
865
904
866
INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
867
+
INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
905
868
906
869
/* Non-mgmt controlled devices get this bit set
907
870
* implicitly so that pairing works for them, however
···
1034
943
sizeof(settings));
1035
944
}
1036
945
946
+
static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
947
+
{
948
+
BT_DBG("%s status 0x%02x", hdev->name, status);
949
+
950
+
if (hci_conn_count(hdev) == 0) {
951
+
cancel_delayed_work(&hdev->power_off);
952
+
queue_work(hdev->req_workqueue, &hdev->power_off.work);
953
+
}
954
+
}
955
+
956
+
static int clean_up_hci_state(struct hci_dev *hdev)
957
+
{
958
+
struct hci_request req;
959
+
struct hci_conn *conn;
960
+
961
+
hci_req_init(&req, hdev);
962
+
963
+
if (test_bit(HCI_ISCAN, &hdev->flags) ||
964
+
test_bit(HCI_PSCAN, &hdev->flags)) {
965
+
u8 scan = 0x00;
966
+
hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
967
+
}
968
+
969
+
if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
970
+
disable_advertising(&req);
971
+
972
+
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
973
+
hci_req_add_le_scan_disable(&req);
974
+
}
975
+
976
+
list_for_each_entry(conn, &hdev->conn_hash.list, list) {
977
+
struct hci_cp_disconnect dc;
978
+
struct hci_cp_reject_conn_req rej;
979
+
980
+
switch (conn->state) {
981
+
case BT_CONNECTED:
982
+
case BT_CONFIG:
983
+
dc.handle = cpu_to_le16(conn->handle);
984
+
dc.reason = 0x15; /* Terminated due to Power Off */
985
+
hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
986
+
break;
987
+
case BT_CONNECT:
988
+
if (conn->type == LE_LINK)
989
+
hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
990
+
0, NULL);
991
+
else if (conn->type == ACL_LINK)
992
+
hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
993
+
6, &conn->dst);
994
+
break;
995
+
case BT_CONNECT2:
996
+
bacpy(&rej.bdaddr, &conn->dst);
997
+
rej.reason = 0x15; /* Terminated due to Power Off */
998
+
if (conn->type == ACL_LINK)
999
+
hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1000
+
sizeof(rej), &rej);
1001
+
else if (conn->type == SCO_LINK)
1002
+
hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1003
+
sizeof(rej), &rej);
1004
+
break;
1005
+
}
1006
+
}
1007
+
1008
+
return hci_req_run(&req, clean_up_hci_complete);
1009
+
}
1010
+
1037
1011
static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1038
1012
u16 len)
1039
1013
{
···
1142
986
goto failed;
1143
987
}
1144
988
1145
-
if (cp->val)
989
+
if (cp->val) {
1146
990
queue_work(hdev->req_workqueue, &hdev->power_on);
1147
-
else
1148
-
queue_work(hdev->req_workqueue, &hdev->power_off.work);
991
+
err = 0;
992
+
} else {
993
+
/* Disconnect connections, stop scans, etc */
994
+
err = clean_up_hci_state(hdev);
995
+
if (!err)
996
+
queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
997
+
HCI_POWER_OFF_TIMEOUT);
1149
998
1150
-
err = 0;
999
+
/* ENODATA means there were no HCI commands queued */
1000
+
if (err == -ENODATA) {
1001
+
cancel_delayed_work(&hdev->power_off);
1002
+
queue_work(hdev->req_workqueue, &hdev->power_off.work);
1003
+
err = 0;
1004
+
}
1005
+
}
1151
1006
1152
1007
failed:
1153
1008
hci_dev_unlock(hdev);
···
1509
1342
1510
1343
if (hdev->page_scan_type != type)
1511
1344
hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1512
-
}
1513
-
1514
-
static u8 get_adv_type(struct hci_dev *hdev)
1515
-
{
1516
-
struct pending_cmd *cmd;
1517
-
bool connectable;
1518
-
1519
-
/* If there's a pending mgmt command the flag will not yet have
1520
-
* it's final value, so check for this first.
1521
-
*/
1522
-
cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1523
-
if (cmd) {
1524
-
struct mgmt_mode *cp = cmd->param;
1525
-
connectable = !!cp->val;
1526
-
} else {
1527
-
connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1528
-
}
1529
-
1530
-
return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1531
-
}
1532
-
1533
-
static void enable_advertising(struct hci_request *req)
1534
-
{
1535
-
struct hci_dev *hdev = req->hdev;
1536
-
struct hci_cp_le_set_adv_param cp;
1537
-
u8 enable = 0x01;
1538
-
1539
-
memset(&cp, 0, sizeof(cp));
1540
-
cp.min_interval = __constant_cpu_to_le16(0x0800);
1541
-
cp.max_interval = __constant_cpu_to_le16(0x0800);
1542
-
cp.type = get_adv_type(hdev);
1543
-
cp.own_address_type = hdev->own_addr_type;
1544
-
cp.channel_map = hdev->le_adv_channel_map;
1545
-
1546
-
hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1547
-
1548
-
hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1549
-
}
1550
-
1551
-
static void disable_advertising(struct hci_request *req)
1552
-
{
1553
-
u8 enable = 0x00;
1554
-
1555
-
hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1556
1345
}
1557
1346
1558
1347
static void set_connectable_complete(struct hci_dev *hdev, u8 status)
···
2453
2330
2454
2331
hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2455
2332
2333
+
hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2334
+
2456
2335
err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2457
2336
}
2458
2337
···
2854
2729
else
2855
2730
auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2856
2731
2857
-
if (cp->addr.type == BDADDR_BREDR)
2858
-
conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2859
-
cp->addr.type, sec_level, auth_type);
2860
-
else
2861
-
conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2862
-
cp->addr.type, sec_level, auth_type);
2732
+
if (cp->addr.type == BDADDR_BREDR) {
2733
+
conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2734
+
auth_type);
2735
+
} else {
2736
+
u8 addr_type;
2737
+
2738
+
/* Convert from L2CAP channel address type to HCI address type
2739
+
*/
2740
+
if (cp->addr.type == BDADDR_LE_PUBLIC)
2741
+
addr_type = ADDR_LE_DEV_PUBLIC;
2742
+
else
2743
+
addr_type = ADDR_LE_DEV_RANDOM;
2744
+
2745
+
conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
2746
+
sec_level, auth_type);
2747
+
}
2863
2748
2864
2749
if (IS_ERR(conn)) {
2865
2750
int status;
···
3393
3258
struct hci_request req;
3394
3259
/* General inquiry access code (GIAC) */
3395
3260
u8 lap[3] = { 0x33, 0x8b, 0x9e };
3396
-
u8 status;
3261
+
u8 status, own_addr_type;
3397
3262
int err;
3398
3263
3399
3264
BT_DBG("%s", hdev->name);
···
3478
3343
goto failed;
3479
3344
}
3480
3345
3481
-
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3346
+
/* If controller is scanning, it means the background scanning
3347
+
* is running. Thus, we should temporarily stop it in order to
3348
+
* set the discovery scanning parameters.
3349
+
*/
3350
+
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3351
+
hci_req_add_le_scan_disable(&req);
3352
+
3353
+
memset(¶m_cp, 0, sizeof(param_cp));
3354
+
3355
+
/* All active scans will be done with either a resolvable
3356
+
* private address (when privacy feature has been enabled)
3357
+
* or unresolvable private address.
3358
+
*/
3359
+
err = hci_update_random_address(&req, true, &own_addr_type);
3360
+
if (err < 0) {
3482
3361
err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3483
-
MGMT_STATUS_BUSY);
3362
+
MGMT_STATUS_FAILED);
3484
3363
mgmt_pending_remove(cmd);
3485
3364
goto failed;
3486
3365
}
3487
3366
3488
-
memset(¶m_cp, 0, sizeof(param_cp));
3489
3367
param_cp.type = LE_SCAN_ACTIVE;
3490
3368
param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3491
3369
param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3492
-
param_cp.own_address_type = hdev->own_addr_type;
3370
+
param_cp.own_address_type = own_addr_type;
3493
3371
hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3494
3372
¶m_cp);
3495
3373
···
3572
3424
struct hci_cp_remote_name_req_cancel cp;
3573
3425
struct inquiry_entry *e;
3574
3426
struct hci_request req;
3575
-
struct hci_cp_le_set_scan_enable enable_cp;
3576
3427
int err;
3577
3428
3578
3429
BT_DBG("%s", hdev->name);
···
3607
3460
} else {
3608
3461
cancel_delayed_work(&hdev->le_scan_disable);
3609
3462
3610
-
memset(&enable_cp, 0, sizeof(enable_cp));
3611
-
enable_cp.enable = LE_SCAN_DISABLE;
3612
-
hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3613
-
sizeof(enable_cp), &enable_cp);
3463
+
hci_req_add_le_scan_disable(&req);
3614
3464
}
3615
3465
3616
3466
break;
···
3664
3520
hci_dev_lock(hdev);
3665
3521
3666
3522
if (!hci_discovery_active(hdev)) {
3667
-
err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3668
-
MGMT_STATUS_FAILED);
3523
+
err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3524
+
MGMT_STATUS_FAILED, &cp->addr,
3525
+
sizeof(cp->addr));
3669
3526
goto failed;
3670
3527
}
3671
3528
3672
3529
e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3673
3530
if (!e) {
3674
-
err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3675
-
MGMT_STATUS_INVALID_PARAMS);
3531
+
err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3532
+
MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3533
+
sizeof(cp->addr));
3676
3534
goto failed;
3677
3535
}
3678
3536
···
3962
3816
hdev->le_scan_window = window;
3963
3817
3964
3818
err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3819
+
3820
+
/* If background scan is running, restart it so new parameters are
3821
+
* loaded.
3822
+
*/
3823
+
if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3824
+
hdev->discovery.state == DISCOVERY_STOPPED) {
3825
+
struct hci_request req;
3826
+
3827
+
hci_req_init(&req, hdev);
3828
+
3829
+
hci_req_add_le_scan_disable(&req);
3830
+
hci_req_add_le_passive_scan(&req);
3831
+
3832
+
hci_req_run(&req, NULL);
3833
+
}
3965
3834
3966
3835
hci_dev_unlock(hdev);
3967
3836
···
4343
4182
return err;
4344
4183
}
4345
4184
4185
+
static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4186
+
u16 len)
4187
+
{
4188
+
struct mgmt_cp_set_privacy *cp = cp_data;
4189
+
bool changed;
4190
+
int err;
4191
+
4192
+
BT_DBG("request for %s", hdev->name);
4193
+
4194
+
if (!lmp_le_capable(hdev))
4195
+
return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4196
+
MGMT_STATUS_NOT_SUPPORTED);
4197
+
4198
+
if (cp->privacy != 0x00 && cp->privacy != 0x01)
4199
+
return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4200
+
MGMT_STATUS_INVALID_PARAMS);
4201
+
4202
+
if (hdev_is_powered(hdev))
4203
+
return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4204
+
MGMT_STATUS_REJECTED);
4205
+
4206
+
hci_dev_lock(hdev);
4207
+
4208
+
/* If user space supports this command it is also expected to
4209
+
* handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4210
+
*/
4211
+
set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4212
+
4213
+
if (cp->privacy) {
4214
+
changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4215
+
memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4216
+
set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4217
+
} else {
4218
+
changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4219
+
memset(hdev->irk, 0, sizeof(hdev->irk));
4220
+
clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4221
+
}
4222
+
4223
+
err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4224
+
if (err < 0)
4225
+
goto unlock;
4226
+
4227
+
if (changed)
4228
+
err = new_settings(hdev, sk);
4229
+
4230
+
unlock:
4231
+
hci_dev_unlock(hdev);
4232
+
return err;
4233
+
}
4234
+
4346
4235
static bool irk_is_valid(struct mgmt_irk_info *irk)
4347
4236
{
4348
4237
switch (irk->addr.type) {
···
4607
4396
{ set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4608
4397
{ set_secure_conn, false, MGMT_SETTING_SIZE },
4609
4398
{ set_debug_keys, false, MGMT_SETTING_SIZE },
4610
-
{ },
4399
+
{ set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4611
4400
{ load_irks, true, MGMT_LOAD_IRKS_SIZE },
4612
4401
};
4613
4402
···
4725
4514
mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4726
4515
}
4727
4516
4517
+
/* This function requires the caller holds hdev->lock */
4518
+
static void restart_le_auto_conns(struct hci_dev *hdev)
4519
+
{
4520
+
struct hci_conn_params *p;
4521
+
4522
+
list_for_each_entry(p, &hdev->le_conn_params, list) {
4523
+
if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4524
+
hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4525
+
}
4526
+
}
4527
+
4728
4528
static void powered_complete(struct hci_dev *hdev, u8 status)
4729
4529
{
4730
4530
struct cmd_lookup match = { NULL, hdev };
···
4743
4521
BT_DBG("status 0x%02x", status);
4744
4522
4745
4523
hci_dev_lock(hdev);
4524
+
4525
+
restart_le_auto_conns(hdev);
4746
4526
4747
4527
mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4748
4528
···
4787
4563
}
4788
4564
4789
4565
if (lmp_le_capable(hdev)) {
4790
-
/* Set random address to static address if configured */
4791
-
if (bacmp(&hdev->static_addr, BDADDR_ANY))
4792
-
hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4793
-
&hdev->static_addr);
4794
-
4795
4566
/* Make sure the controller has a good default for
4796
4567
* advertising data. This also applies to the case
4797
4568
* where BR/EDR was toggled during the AUTO_OFF phase.
···
4912
4693
if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4913
4694
return;
4914
4695
4696
+
/* Powering off may clear the scan mode - don't let that interfere */
4697
+
if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4698
+
return;
4699
+
4915
4700
if (discoverable) {
4916
4701
changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4917
4702
} else {
···
4949
4726
if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4950
4727
return;
4951
4728
4729
+
/* Powering off may clear the scan mode - don't let that interfere */
4730
+
if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4731
+
return;
4732
+
4952
4733
if (connectable)
4953
4734
changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4954
4735
else
···
4960
4733
4961
4734
if (changed)
4962
4735
new_settings(hdev, NULL);
4736
+
}
4737
+
4738
+
void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4739
+
{
4740
+
/* Powering off may stop advertising - don't let that interfere */
4741
+
if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4742
+
return;
4743
+
4744
+
if (advertising)
4745
+
set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4746
+
else
4747
+
clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4963
4748
}
4964
4749
4965
4750
void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
···
5032
4793
ev.key.type = key->authenticated;
5033
4794
ev.key.enc_size = key->enc_size;
5034
4795
ev.key.ediv = key->ediv;
4796
+
ev.key.rand = key->rand;
5035
4797
5036
4798
if (key->type == HCI_SMP_LTK)
5037
4799
ev.key.master = 1;
5038
4800
5039
-
memcpy(ev.key.rand, key->rand, sizeof(key->rand));
5040
4801
memcpy(ev.key.val, key->val, sizeof(key->val));
5041
4802
5042
4803
mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
···
5146
4907
}
5147
4908
5148
4909
void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5149
-
u8 link_type, u8 addr_type, u8 reason)
4910
+
u8 link_type, u8 addr_type, u8 reason,
4911
+
bool mgmt_connected)
5150
4912
{
5151
4913
struct mgmt_ev_device_disconnected ev;
4914
+
struct pending_cmd *power_off;
5152
4915
struct sock *sk = NULL;
4916
+
4917
+
power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4918
+
if (power_off) {
4919
+
struct mgmt_mode *cp = power_off->param;
4920
+
4921
+
/* The connection is still in hci_conn_hash so test for 1
4922
+
* instead of 0 to know if this is the last one.
4923
+
*/
4924
+
if (!cp->val && hci_conn_count(hdev) == 1) {
4925
+
cancel_delayed_work(&hdev->power_off);
4926
+
queue_work(hdev->req_workqueue, &hdev->power_off.work);
4927
+
}
4928
+
}
4929
+
4930
+
if (!mgmt_connected)
4931
+
return;
5153
4932
5154
4933
if (link_type != ACL_LINK && link_type != LE_LINK)
5155
4934
return;
···
5223
4966
u8 addr_type, u8 status)
5224
4967
{
5225
4968
struct mgmt_ev_connect_failed ev;
4969
+
struct pending_cmd *power_off;
4970
+
4971
+
power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4972
+
if (power_off) {
4973
+
struct mgmt_mode *cp = power_off->param;
4974
+
4975
+
/* The connection is still in hci_conn_hash so test for 1
4976
+
* instead of 0 to know if this is the last one.
4977
+
*/
4978
+
if (!cp->val && hci_conn_count(hdev) == 1) {
4979
+
cancel_delayed_work(&hdev->power_off);
4980
+
queue_work(hdev->req_workqueue, &hdev->power_off.work);
4981
+
}
4982
+
}
5226
4983
5227
4984
bacpy(&ev.addr.bdaddr, bdaddr);
5228
4985
ev.addr.type = link_to_bdaddr(link_type, addr_type);
+136
-44
net/bluetooth/smp.c
+136
-44
net/bluetooth/smp.c
···
124
124
return !memcmp(bdaddr->b, hash, 3);
125
125
}
126
126
127
+
int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa)
128
+
{
129
+
int err;
130
+
131
+
get_random_bytes(&rpa->b[3], 3);
132
+
133
+
rpa->b[5] &= 0x3f; /* Clear two most significant bits */
134
+
rpa->b[5] |= 0x40; /* Set second most significant bit */
135
+
136
+
err = smp_ah(tfm, irk, &rpa->b[3], rpa->b);
137
+
if (err < 0)
138
+
return err;
139
+
140
+
BT_DBG("RPA %pMR", rpa);
141
+
142
+
return 0;
143
+
}
144
+
127
145
static int smp_c1(struct crypto_blkcipher *tfm, u8 k[16], u8 r[16],
128
146
u8 preq[7], u8 pres[7], u8 _iat, bdaddr_t *ia,
129
147
u8 _rat, bdaddr_t *ra, u8 res[16])
···
282
264
283
265
if (test_bit(HCI_RPA_RESOLVING, &hdev->dev_flags))
284
266
remote_dist |= SMP_DIST_ID_KEY;
267
+
268
+
if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
269
+
local_dist |= SMP_DIST_ID_KEY;
285
270
286
271
if (rsp == NULL) {
287
272
req->io_capability = conn->hcon->io_capability;
···
445
424
/* Prevent mutual access to hdev->tfm_aes */
446
425
hci_dev_lock(hdev);
447
426
448
-
if (conn->hcon->out)
449
-
ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
450
-
conn->hcon->src_type, &conn->hcon->src,
451
-
conn->hcon->dst_type, &conn->hcon->dst, res);
452
-
else
453
-
ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
454
-
conn->hcon->dst_type, &conn->hcon->dst,
455
-
conn->hcon->src_type, &conn->hcon->src, res);
427
+
ret = smp_c1(tfm, smp->tk, smp->prnd, smp->preq, smp->prsp,
428
+
conn->hcon->init_addr_type, &conn->hcon->init_addr,
429
+
conn->hcon->resp_addr_type, &conn->hcon->resp_addr, res);
456
430
457
431
hci_dev_unlock(hdev);
458
432
···
487
471
/* Prevent mutual access to hdev->tfm_aes */
488
472
hci_dev_lock(hdev);
489
473
490
-
if (hcon->out)
491
-
ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
492
-
hcon->src_type, &hcon->src,
493
-
hcon->dst_type, &hcon->dst, res);
494
-
else
495
-
ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
496
-
hcon->dst_type, &hcon->dst,
497
-
hcon->src_type, &hcon->src, res);
474
+
ret = smp_c1(tfm, smp->tk, smp->rrnd, smp->preq, smp->prsp,
475
+
hcon->init_addr_type, &hcon->init_addr,
476
+
hcon->resp_addr_type, &hcon->resp_addr, res);
498
477
499
478
hci_dev_unlock(hdev);
500
479
···
507
496
}
508
497
509
498
if (hcon->out) {
510
-
u8 stk[16], rand[8];
511
-
__le16 ediv;
512
-
513
-
memset(rand, 0, sizeof(rand));
514
-
ediv = 0;
499
+
u8 stk[16];
500
+
__le64 rand = 0;
501
+
__le16 ediv = 0;
515
502
516
503
smp_s1(tfm, smp->tk, smp->rrnd, smp->prnd, key);
517
504
swap128(key, stk);
···
525
516
hci_le_start_enc(hcon, ediv, rand, stk);
526
517
hcon->enc_key_size = smp->enc_key_size;
527
518
} else {
528
-
u8 stk[16], r[16], rand[8];
529
-
__le16 ediv;
530
-
531
-
memset(rand, 0, sizeof(rand));
532
-
ediv = 0;
519
+
u8 stk[16], r[16];
520
+
__le64 rand = 0;
521
+
__le16 ediv = 0;
533
522
534
523
swap128(smp->prnd, r);
535
524
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(r), r);
···
549
542
smp_failure(conn, reason);
550
543
}
551
544
545
+
static void smp_reencrypt(struct work_struct *work)
546
+
{
547
+
struct smp_chan *smp = container_of(work, struct smp_chan,
548
+
reencrypt.work);
549
+
struct l2cap_conn *conn = smp->conn;
550
+
struct hci_conn *hcon = conn->hcon;
551
+
struct smp_ltk *ltk = smp->ltk;
552
+
553
+
BT_DBG("");
554
+
555
+
hci_le_start_enc(hcon, ltk->ediv, ltk->rand, ltk->val);
556
+
hcon->enc_key_size = ltk->enc_size;
557
+
}
558
+
552
559
static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
553
560
{
554
561
struct smp_chan *smp;
···
573
552
574
553
INIT_WORK(&smp->confirm, confirm_work);
575
554
INIT_WORK(&smp->random, random_work);
555
+
INIT_DELAYED_WORK(&smp->reencrypt, smp_reencrypt);
576
556
577
557
smp->conn = conn;
578
558
conn->smp_chan = smp;
···
591
569
592
570
BUG_ON(!smp);
593
571
572
+
cancel_delayed_work_sync(&smp->reencrypt);
573
+
594
574
complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
595
575
mgmt_smp_complete(conn->hcon, complete);
576
+
577
+
/* If pairing failed clean up any keys we might have */
578
+
if (!complete) {
579
+
if (smp->ltk) {
580
+
list_del(&smp->ltk->list);
581
+
kfree(smp->ltk);
582
+
}
583
+
584
+
if (smp->slave_ltk) {
585
+
list_del(&smp->slave_ltk->list);
586
+
kfree(smp->slave_ltk);
587
+
}
588
+
589
+
if (smp->remote_irk) {
590
+
list_del(&smp->remote_irk->list);
591
+
kfree(smp->remote_irk);
592
+
}
593
+
}
596
594
597
595
kfree(smp);
598
596
conn->smp_chan = NULL;
···
969
927
if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
970
928
return 0;
971
929
930
+
/* Mark the information as received */
931
+
smp->remote_key_dist &= ~SMP_DIST_ENC_KEY;
932
+
972
933
skb_pull(skb, sizeof(*rp));
973
934
974
935
hci_dev_lock(hdev);
···
981
936
rp->ediv, rp->rand);
982
937
smp->ltk = ltk;
983
938
if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
984
-
smp_distribute_keys(conn, 1);
939
+
smp_distribute_keys(conn);
985
940
hci_dev_unlock(hdev);
986
941
987
942
return 0;
···
1025
980
if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
1026
981
return 0;
1027
982
983
+
/* Mark the information as received */
984
+
smp->remote_key_dist &= ~SMP_DIST_ID_KEY;
985
+
1028
986
skb_pull(skb, sizeof(*info));
987
+
988
+
/* Strictly speaking the Core Specification (4.1) allows sending
989
+
* an empty address which would force us to rely on just the IRK
990
+
* as "identity information". However, since such
991
+
* implementations are not known of and in order to not over
992
+
* complicate our implementation, simply pretend that we never
993
+
* received an IRK for such a device.
994
+
*/
995
+
if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
996
+
BT_ERR("Ignoring IRK with no identity address");
997
+
smp_distribute_keys(conn);
998
+
return 0;
999
+
}
1029
1000
1030
1001
bacpy(&smp->id_addr, &info->bdaddr);
1031
1002
smp->id_addr_type = info->addr_type;
···
1060
999
1061
1000
l2cap_conn_update_id_addr(hcon);
1062
1001
1063
-
smp_distribute_keys(conn, 1);
1002
+
smp_distribute_keys(conn);
1064
1003
1065
1004
return 0;
1066
1005
}
···
1189
1128
}
1190
1129
}
1191
1130
1192
-
int smp_distribute_keys(struct l2cap_conn *conn, __u8 force)
1131
+
int smp_distribute_keys(struct l2cap_conn *conn)
1193
1132
{
1194
1133
struct smp_cmd_pairing *req, *rsp;
1195
1134
struct smp_chan *smp = conn->smp_chan;
1135
+
struct hci_conn *hcon = conn->hcon;
1136
+
struct hci_dev *hdev = hcon->hdev;
1137
+
bool ltk_encrypt;
1196
1138
__u8 *keydist;
1197
1139
1198
-
BT_DBG("conn %p force %d", conn, force);
1140
+
BT_DBG("conn %p", conn);
1199
1141
1200
-
if (!test_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
1142
+
if (!test_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))
1201
1143
return 0;
1202
1144
1203
1145
rsp = (void *) &smp->prsp[1];
1204
1146
1205
1147
/* The responder sends its keys first */
1206
-
if (!force && conn->hcon->out && (rsp->resp_key_dist & 0x07))
1148
+
if (hcon->out && (smp->remote_key_dist & 0x07))
1207
1149
return 0;
1208
1150
1209
1151
req = (void *) &smp->preq[1];
1210
1152
1211
-
if (conn->hcon->out) {
1153
+
if (hcon->out) {
1212
1154
keydist = &rsp->init_key_dist;
1213
1155
*keydist &= req->init_key_dist;
1214
1156
} else {
···
1224
1160
if (*keydist & SMP_DIST_ENC_KEY) {
1225
1161
struct smp_cmd_encrypt_info enc;
1226
1162
struct smp_cmd_master_ident ident;
1227
-
struct hci_conn *hcon = conn->hcon;
1228
1163
struct smp_ltk *ltk;
1229
1164
u8 authenticated;
1230
1165
__le16 ediv;
1166
+
__le64 rand;
1231
1167
1232
1168
get_random_bytes(enc.ltk, sizeof(enc.ltk));
1233
1169
get_random_bytes(&ediv, sizeof(ediv));
1234
-
get_random_bytes(ident.rand, sizeof(ident.rand));
1170
+
get_random_bytes(&rand, sizeof(rand));
1235
1171
1236
1172
smp_send_cmd(conn, SMP_CMD_ENCRYPT_INFO, sizeof(enc), &enc);
1237
1173
1238
1174
authenticated = hcon->sec_level == BT_SECURITY_HIGH;
1239
-
ltk = hci_add_ltk(hcon->hdev, &hcon->dst, hcon->dst_type,
1175
+
ltk = hci_add_ltk(hdev, &hcon->dst, hcon->dst_type,
1240
1176
HCI_SMP_LTK_SLAVE, authenticated, enc.ltk,
1241
-
smp->enc_key_size, ediv, ident.rand);
1177
+
smp->enc_key_size, ediv, rand);
1242
1178
smp->slave_ltk = ltk;
1243
1179
1244
1180
ident.ediv = ediv;
1181
+
ident.rand = rand;
1245
1182
1246
1183
smp_send_cmd(conn, SMP_CMD_MASTER_IDENT, sizeof(ident), &ident);
1247
1184
···
1253
1188
struct smp_cmd_ident_addr_info addrinfo;
1254
1189
struct smp_cmd_ident_info idinfo;
1255
1190
1256
-
/* Send a dummy key */
1257
-
get_random_bytes(idinfo.irk, sizeof(idinfo.irk));
1191
+
memcpy(idinfo.irk, hdev->irk, sizeof(idinfo.irk));
1258
1192
1259
1193
smp_send_cmd(conn, SMP_CMD_IDENT_INFO, sizeof(idinfo), &idinfo);
1260
1194
1261
-
/* Just public address */
1262
-
memset(&addrinfo, 0, sizeof(addrinfo));
1263
-
bacpy(&addrinfo.bdaddr, &conn->hcon->src);
1195
+
/* The hci_conn contains the local identity address
1196
+
* after the connection has been established.
1197
+
*
1198
+
* This is true even when the connection has been
1199
+
* established using a resolvable random address.
1200
+
*/
1201
+
bacpy(&addrinfo.bdaddr, &hcon->src);
1202
+
addrinfo.addr_type = hcon->src_type;
1264
1203
1265
1204
smp_send_cmd(conn, SMP_CMD_IDENT_ADDR_INFO, sizeof(addrinfo),
1266
1205
&addrinfo);
···
1283
1214
*keydist &= ~SMP_DIST_SIGN;
1284
1215
}
1285
1216
1286
-
if (conn->hcon->out || force || !(rsp->init_key_dist & 0x07)) {
1287
-
clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags);
1217
+
/* If there are still keys to be received wait for them */
1218
+
if ((smp->remote_key_dist & 0x07))
1219
+
return 0;
1220
+
1221
+
/* Check if we should try to re-encrypt the link with the LTK.
1222
+
* SMP_FLAG_LTK_ENCRYPT flag is used to track whether we've
1223
+
* already tried this (in which case we shouldn't try again).
1224
+
*
1225
+
* The request will trigger an encryption key refresh event
1226
+
* which will cause a call to auth_cfm and eventually lead to
1227
+
* l2cap_core.c calling this smp_distribute_keys function again
1228
+
* and thereby completing the process.
1229
+
*/
1230
+
if (smp->ltk)
1231
+
ltk_encrypt = !test_and_set_bit(SMP_FLAG_LTK_ENCRYPT,
1232
+
&smp->smp_flags);
1233
+
else
1234
+
ltk_encrypt = false;
1235
+
1236
+
/* Re-encrypt the link with LTK if possible */
1237
+
if (ltk_encrypt && hcon->out) {
1238
+
queue_delayed_work(hdev->req_workqueue, &smp->reencrypt,
1239
+
SMP_REENCRYPT_TIMEOUT);
1240
+
} else {
1241
+
clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1288
1242
cancel_delayed_work_sync(&conn->security_timer);
1289
1243
set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1290
1244
smp_notify_keys(conn);
+8
-3
net/bluetooth/smp.h
+8
-3
net/bluetooth/smp.h
···
78
78
#define SMP_CMD_MASTER_IDENT 0x07
79
79
struct smp_cmd_master_ident {
80
80
__le16 ediv;
81
-
__u8 rand[8];
81
+
__le64 rand;
82
82
} __packed;
83
83
84
84
#define SMP_CMD_IDENT_INFO 0x08
···
118
118
#define SMP_FLAG_TK_VALID 1
119
119
#define SMP_FLAG_CFM_PENDING 2
120
120
#define SMP_FLAG_MITM_AUTH 3
121
-
#define SMP_FLAG_COMPLETE 4
121
+
#define SMP_FLAG_LTK_ENCRYPT 4
122
+
#define SMP_FLAG_COMPLETE 5
123
+
124
+
#define SMP_REENCRYPT_TIMEOUT msecs_to_jiffies(250)
122
125
123
126
struct smp_chan {
124
127
struct l2cap_conn *conn;
···
142
139
unsigned long smp_flags;
143
140
struct work_struct confirm;
144
141
struct work_struct random;
142
+
struct delayed_work reencrypt;
145
143
};
146
144
147
145
/* SMP Commands */
148
146
bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);
149
147
int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
150
148
int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb);
151
-
int smp_distribute_keys(struct l2cap_conn *conn, __u8 force);
149
+
int smp_distribute_keys(struct l2cap_conn *conn);
152
150
int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey);
153
151
154
152
void smp_chan_destroy(struct l2cap_conn *conn);
155
153
156
154
bool smp_irk_matches(struct crypto_blkcipher *tfm, u8 irk[16],
157
155
bdaddr_t *bdaddr);
156
+
int smp_generate_rpa(struct crypto_blkcipher *tfm, u8 irk[16], bdaddr_t *rpa);
158
157
159
158
#endif /* __SMP_H */