tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Conflicts:
drivers/bluetooth/btusb.c
+653
-124
+154
-1
drivers/bluetooth/btusb.c
+154
-1
drivers/bluetooth/btusb.c
···
49
49
#define BTUSB_WRONG_SCO_MTU 0x40
50
50
#define BTUSB_ATH3012 0x80
51
51
#define BTUSB_INTEL 0x100
52
+
#define BTUSB_BCM_PATCHRAM 0x200
52
53
53
54
static const struct usb_device_id btusb_table[] = {
54
55
/* Generic Bluetooth USB device */
···
112
111
{ USB_VENDOR_AND_INTERFACE_INFO(0x0489, 0xff, 0x01, 0x01) },
113
112
114
113
/* Broadcom devices with vendor specific id */
115
-
{ USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01) },
114
+
{ USB_VENDOR_AND_INTERFACE_INFO(0x0a5c, 0xff, 0x01, 0x01),
115
+
.driver_info = BTUSB_BCM_PATCHRAM },
116
116
117
117
/* Belkin F8065bf - Broadcom based */
118
118
{ USB_VENDOR_AND_INTERFACE_INFO(0x050d, 0xff, 0x01, 0x01) },
···
1383
1381
return 0;
1384
1382
}
1385
1383
1384
+
static int btusb_setup_bcm_patchram(struct hci_dev *hdev)
1385
+
{
1386
+
struct btusb_data *data = hci_get_drvdata(hdev);
1387
+
struct usb_device *udev = data->udev;
1388
+
char fw_name[64];
1389
+
const struct firmware *fw;
1390
+
const u8 *fw_ptr;
1391
+
size_t fw_size;
1392
+
const struct hci_command_hdr *cmd;
1393
+
const u8 *cmd_param;
1394
+
u16 opcode;
1395
+
struct sk_buff *skb;
1396
+
struct hci_rp_read_local_version *ver;
1397
+
long ret;
1398
+
1399
+
snprintf(fw_name, sizeof(fw_name), "brcm/%s-%04x-%04x.hcd",
1400
+
udev->product ? udev->product : "BCM",
1401
+
le16_to_cpu(udev->descriptor.idVendor),
1402
+
le16_to_cpu(udev->descriptor.idProduct));
1403
+
1404
+
ret = request_firmware(&fw, fw_name, &hdev->dev);
1405
+
if (ret < 0) {
1406
+
BT_INFO("%s: BCM: patch %s not found", hdev->name,
1407
+
fw_name);
1408
+
return 0;
1409
+
}
1410
+
1411
+
/* Reset */
1412
+
skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1413
+
if (IS_ERR(skb)) {
1414
+
ret = PTR_ERR(skb);
1415
+
BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1416
+
goto done;
1417
+
}
1418
+
kfree_skb(skb);
1419
+
1420
+
/* Read Local Version Info */
1421
+
skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1422
+
HCI_INIT_TIMEOUT);
1423
+
if (IS_ERR(skb)) {
1424
+
ret = PTR_ERR(skb);
1425
+
BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1426
+
hdev->name, ret);
1427
+
goto done;
1428
+
}
1429
+
1430
+
if (skb->len != sizeof(*ver)) {
1431
+
BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1432
+
hdev->name);
1433
+
kfree_skb(skb);
1434
+
ret = -EIO;
1435
+
goto done;
1436
+
}
1437
+
1438
+
ver = (struct hci_rp_read_local_version *) skb->data;
1439
+
BT_INFO("%s: BCM: patching hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1440
+
"lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1441
+
ver->lmp_ver, ver->lmp_subver);
1442
+
kfree_skb(skb);
1443
+
1444
+
/* Start Download */
1445
+
skb = __hci_cmd_sync(hdev, 0xfc2e, 0, NULL, HCI_INIT_TIMEOUT);
1446
+
if (IS_ERR(skb)) {
1447
+
ret = PTR_ERR(skb);
1448
+
BT_ERR("%s: BCM: Download Minidrv command failed (%ld)",
1449
+
hdev->name, ret);
1450
+
goto reset_fw;
1451
+
}
1452
+
kfree_skb(skb);
1453
+
1454
+
/* 50 msec delay after Download Minidrv completes */
1455
+
msleep(50);
1456
+
1457
+
fw_ptr = fw->data;
1458
+
fw_size = fw->size;
1459
+
1460
+
while (fw_size >= sizeof(*cmd)) {
1461
+
cmd = (struct hci_command_hdr *) fw_ptr;
1462
+
fw_ptr += sizeof(*cmd);
1463
+
fw_size -= sizeof(*cmd);
1464
+
1465
+
if (fw_size < cmd->plen) {
1466
+
BT_ERR("%s: BCM: patch %s is corrupted",
1467
+
hdev->name, fw_name);
1468
+
ret = -EINVAL;
1469
+
goto reset_fw;
1470
+
}
1471
+
1472
+
cmd_param = fw_ptr;
1473
+
fw_ptr += cmd->plen;
1474
+
fw_size -= cmd->plen;
1475
+
1476
+
opcode = le16_to_cpu(cmd->opcode);
1477
+
1478
+
skb = __hci_cmd_sync(hdev, opcode, cmd->plen, cmd_param,
1479
+
HCI_INIT_TIMEOUT);
1480
+
if (IS_ERR(skb)) {
1481
+
ret = PTR_ERR(skb);
1482
+
BT_ERR("%s: BCM: patch command %04x failed (%ld)",
1483
+
hdev->name, opcode, ret);
1484
+
goto reset_fw;
1485
+
}
1486
+
kfree_skb(skb);
1487
+
}
1488
+
1489
+
/* 250 msec delay after Launch Ram completes */
1490
+
msleep(250);
1491
+
1492
+
reset_fw:
1493
+
/* Reset */
1494
+
skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1495
+
if (IS_ERR(skb)) {
1496
+
ret = PTR_ERR(skb);
1497
+
BT_ERR("%s: HCI_OP_RESET failed (%ld)", hdev->name, ret);
1498
+
goto done;
1499
+
}
1500
+
kfree_skb(skb);
1501
+
1502
+
/* Read Local Version Info */
1503
+
skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
1504
+
HCI_INIT_TIMEOUT);
1505
+
if (IS_ERR(skb)) {
1506
+
ret = PTR_ERR(skb);
1507
+
BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)",
1508
+
hdev->name, ret);
1509
+
goto done;
1510
+
}
1511
+
1512
+
if (skb->len != sizeof(*ver)) {
1513
+
BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch",
1514
+
hdev->name);
1515
+
kfree_skb(skb);
1516
+
ret = -EIO;
1517
+
goto done;
1518
+
}
1519
+
1520
+
ver = (struct hci_rp_read_local_version *) skb->data;
1521
+
BT_INFO("%s: BCM: firmware hci_ver=%02x hci_rev=%04x lmp_ver=%02x "
1522
+
"lmp_subver=%04x", hdev->name, ver->hci_ver, ver->hci_rev,
1523
+
ver->lmp_ver, ver->lmp_subver);
1524
+
kfree_skb(skb);
1525
+
1526
+
done:
1527
+
release_firmware(fw);
1528
+
1529
+
return ret;
1530
+
}
1531
+
1386
1532
static int btusb_probe(struct usb_interface *intf,
1387
1533
const struct usb_device_id *id)
1388
1534
{
···
1635
1485
1636
1486
if (id->driver_info & BTUSB_BCM92035)
1637
1487
hdev->setup = btusb_setup_bcm92035;
1488
+
1489
+
if (id->driver_info & BTUSB_BCM_PATCHRAM)
1490
+
hdev->setup = btusb_setup_bcm_patchram;
1638
1491
1639
1492
if (id->driver_info & BTUSB_INTEL)
1640
1493
hdev->setup = btusb_setup_intel;
+21
include/net/bluetooth/hci.h
+21
include/net/bluetooth/hci.h
···
1054
1054
__le16 window;
1055
1055
} __packed;
1056
1056
1057
+
#define HCI_OP_READ_TX_POWER 0x0c2d
1058
+
struct hci_cp_read_tx_power {
1059
+
__le16 handle;
1060
+
__u8 type;
1061
+
} __packed;
1062
+
struct hci_rp_read_tx_power {
1063
+
__u8 status;
1064
+
__le16 handle;
1065
+
__s8 tx_power;
1066
+
} __packed;
1067
+
1057
1068
#define HCI_OP_READ_PAGE_SCAN_TYPE 0x0c46
1058
1069
struct hci_rp_read_page_scan_type {
1059
1070
__u8 status;
···
1074
1063
#define HCI_OP_WRITE_PAGE_SCAN_TYPE 0x0c47
1075
1064
#define PAGE_SCAN_TYPE_STANDARD 0x00
1076
1065
#define PAGE_SCAN_TYPE_INTERLACED 0x01
1066
+
1067
+
#define HCI_OP_READ_RSSI 0x1405
1068
+
struct hci_cp_read_rssi {
1069
+
__le16 handle;
1070
+
} __packed;
1071
+
struct hci_rp_read_rssi {
1072
+
__u8 status;
1073
+
__le16 handle;
1074
+
__s8 rssi;
1075
+
} __packed;
1077
1076
1078
1077
#define HCI_OP_READ_LOCAL_AMP_INFO 0x1409
1079
1078
struct hci_rp_read_local_amp_info {
+11
include/net/bluetooth/hci_core.h
+11
include/net/bluetooth/hci_core.h
···
145
145
/* Default LE RPA expiry time, 15 minutes */
146
146
#define HCI_DEFAULT_RPA_TIMEOUT (15 * 60)
147
147
148
+
/* Default min/max age of connection information (1s/3s) */
149
+
#define DEFAULT_CONN_INFO_MIN_AGE 1000
150
+
#define DEFAULT_CONN_INFO_MAX_AGE 3000
151
+
148
152
struct amp_assoc {
149
153
__u16 len;
150
154
__u16 offset;
···
204
200
__u16 le_conn_min_interval;
205
201
__u16 le_conn_max_interval;
206
202
__u16 discov_interleaved_timeout;
203
+
__u16 conn_info_min_age;
204
+
__u16 conn_info_max_age;
207
205
__u8 ssp_debug_mode;
208
206
209
207
__u16 devid_source;
···
380
374
__u16 setting;
381
375
__u16 le_conn_min_interval;
382
376
__u16 le_conn_max_interval;
377
+
__s8 rssi;
378
+
__s8 tx_power;
379
+
__s8 max_tx_power;
383
380
unsigned long flags;
381
+
382
+
unsigned long conn_info_timestamp;
384
383
385
384
__u8 remote_cap;
386
385
__u8 remote_auth;
+15
include/net/bluetooth/mgmt.h
+15
include/net/bluetooth/mgmt.h
···
181
181
} __packed;
182
182
#define MGMT_LOAD_LINK_KEYS_SIZE 3
183
183
184
+
#define MGMT_LTK_UNAUTHENTICATED 0x00
185
+
#define MGMT_LTK_AUTHENTICATED 0x01
186
+
184
187
struct mgmt_ltk_info {
185
188
struct mgmt_addr_info addr;
186
189
__u8 type;
···
411
408
struct mgmt_irk_info irks[0];
412
409
} __packed;
413
410
#define MGMT_LOAD_IRKS_SIZE 2
411
+
412
+
#define MGMT_OP_GET_CONN_INFO 0x0031
413
+
struct mgmt_cp_get_conn_info {
414
+
struct mgmt_addr_info addr;
415
+
} __packed;
416
+
#define MGMT_GET_CONN_INFO_SIZE MGMT_ADDR_INFO_SIZE
417
+
struct mgmt_rp_get_conn_info {
418
+
struct mgmt_addr_info addr;
419
+
__s8 rssi;
420
+
__s8 tx_power;
421
+
__s8 max_tx_power;
422
+
} __packed;
414
423
415
424
#define MGMT_EV_CMD_COMPLETE 0x0001
416
425
struct mgmt_ev_cmd_complete {
+3
-3
include/net/bluetooth/rfcomm.h
+3
-3
include/net/bluetooth/rfcomm.h
···
173
173
struct sk_buff_head tx_queue;
174
174
struct timer_list timer;
175
175
176
-
spinlock_t lock;
176
+
struct mutex lock;
177
177
unsigned long state;
178
178
unsigned long flags;
179
179
atomic_t refcnt;
···
244
244
void rfcomm_dlc_accept(struct rfcomm_dlc *d);
245
245
struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel);
246
246
247
-
#define rfcomm_dlc_lock(d) spin_lock(&d->lock)
248
-
#define rfcomm_dlc_unlock(d) spin_unlock(&d->lock)
247
+
#define rfcomm_dlc_lock(d) mutex_lock(&d->lock)
248
+
#define rfcomm_dlc_unlock(d) mutex_unlock(&d->lock)
249
249
250
250
static inline void rfcomm_dlc_hold(struct rfcomm_dlc *d)
251
251
{
+3
net/bluetooth/hci_conn.c
+3
net/bluetooth/hci_conn.c
···
28
28
29
29
#include <net/bluetooth/bluetooth.h>
30
30
#include <net/bluetooth/hci_core.h>
31
+
#include <net/bluetooth/l2cap.h>
31
32
32
33
#include "smp.h"
33
34
#include "a2mp.h"
···
408
407
conn->io_capability = hdev->io_capability;
409
408
conn->remote_auth = 0xff;
410
409
conn->key_type = 0xff;
410
+
conn->tx_power = HCI_TX_POWER_INVALID;
411
+
conn->max_tx_power = HCI_TX_POWER_INVALID;
411
412
412
413
set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
413
414
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+64
net/bluetooth/hci_core.c
+64
net/bluetooth/hci_core.c
···
34
34
35
35
#include <net/bluetooth/bluetooth.h>
36
36
#include <net/bluetooth/hci_core.h>
37
+
#include <net/bluetooth/l2cap.h>
37
38
38
39
#include "smp.h"
39
40
···
579
578
580
579
DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
581
580
sniff_max_interval_set, "%llu\n");
581
+
582
+
static int conn_info_min_age_set(void *data, u64 val)
583
+
{
584
+
struct hci_dev *hdev = data;
585
+
586
+
if (val == 0 || val > hdev->conn_info_max_age)
587
+
return -EINVAL;
588
+
589
+
hci_dev_lock(hdev);
590
+
hdev->conn_info_min_age = val;
591
+
hci_dev_unlock(hdev);
592
+
593
+
return 0;
594
+
}
595
+
596
+
static int conn_info_min_age_get(void *data, u64 *val)
597
+
{
598
+
struct hci_dev *hdev = data;
599
+
600
+
hci_dev_lock(hdev);
601
+
*val = hdev->conn_info_min_age;
602
+
hci_dev_unlock(hdev);
603
+
604
+
return 0;
605
+
}
606
+
607
+
DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
608
+
conn_info_min_age_set, "%llu\n");
609
+
610
+
static int conn_info_max_age_set(void *data, u64 val)
611
+
{
612
+
struct hci_dev *hdev = data;
613
+
614
+
if (val == 0 || val < hdev->conn_info_min_age)
615
+
return -EINVAL;
616
+
617
+
hci_dev_lock(hdev);
618
+
hdev->conn_info_max_age = val;
619
+
hci_dev_unlock(hdev);
620
+
621
+
return 0;
622
+
}
623
+
624
+
static int conn_info_max_age_get(void *data, u64 *val)
625
+
{
626
+
struct hci_dev *hdev = data;
627
+
628
+
hci_dev_lock(hdev);
629
+
*val = hdev->conn_info_max_age;
630
+
hci_dev_unlock(hdev);
631
+
632
+
return 0;
633
+
}
634
+
635
+
DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
636
+
conn_info_max_age_set, "%llu\n");
582
637
583
638
static int identity_show(struct seq_file *f, void *p)
584
639
{
···
1810
1753
debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1811
1754
&blacklist_fops);
1812
1755
debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1756
+
1757
+
debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1758
+
&conn_info_min_age_fops);
1759
+
debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1760
+
&conn_info_max_age_fops);
1813
1761
1814
1762
if (lmp_bredr_capable(hdev)) {
1815
1763
debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
···
3851
3789
3852
3790
hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3853
3791
hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3792
+
hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3793
+
hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3854
3794
3855
3795
mutex_init(&hdev->lock);
3856
3796
mutex_init(&hdev->req_lock);
+61
net/bluetooth/hci_event.c
+61
net/bluetooth/hci_event.c
···
1245
1245
amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1246
1246
}
1247
1247
1248
+
static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1249
+
{
1250
+
struct hci_rp_read_rssi *rp = (void *) skb->data;
1251
+
struct hci_conn *conn;
1252
+
1253
+
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1254
+
1255
+
if (rp->status)
1256
+
return;
1257
+
1258
+
hci_dev_lock(hdev);
1259
+
1260
+
conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1261
+
if (conn)
1262
+
conn->rssi = rp->rssi;
1263
+
1264
+
hci_dev_unlock(hdev);
1265
+
}
1266
+
1267
+
static void hci_cc_read_tx_power(struct hci_dev *hdev, struct sk_buff *skb)
1268
+
{
1269
+
struct hci_cp_read_tx_power *sent;
1270
+
struct hci_rp_read_tx_power *rp = (void *) skb->data;
1271
+
struct hci_conn *conn;
1272
+
1273
+
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1274
+
1275
+
if (rp->status)
1276
+
return;
1277
+
1278
+
sent = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
1279
+
if (!sent)
1280
+
return;
1281
+
1282
+
hci_dev_lock(hdev);
1283
+
1284
+
conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
1285
+
if (!conn)
1286
+
goto unlock;
1287
+
1288
+
switch (sent->type) {
1289
+
case 0x00:
1290
+
conn->tx_power = rp->tx_power;
1291
+
break;
1292
+
case 0x01:
1293
+
conn->max_tx_power = rp->tx_power;
1294
+
break;
1295
+
}
1296
+
1297
+
unlock:
1298
+
hci_dev_unlock(hdev);
1299
+
}
1300
+
1248
1301
static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1249
1302
{
1250
1303
BT_DBG("%s status 0x%2.2x", hdev->name, status);
···
2688
2635
2689
2636
case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2690
2637
hci_cc_write_remote_amp_assoc(hdev, skb);
2638
+
break;
2639
+
2640
+
case HCI_OP_READ_RSSI:
2641
+
hci_cc_read_rssi(hdev, skb);
2642
+
break;
2643
+
2644
+
case HCI_OP_READ_TX_POWER:
2645
+
hci_cc_read_tx_power(hdev, skb);
2691
2646
break;
2692
2647
2693
2648
default:
+232
-4
net/bluetooth/mgmt.c
+232
-4
net/bluetooth/mgmt.c
···
29
29
30
30
#include <net/bluetooth/bluetooth.h>
31
31
#include <net/bluetooth/hci_core.h>
32
+
#include <net/bluetooth/l2cap.h>
32
33
#include <net/bluetooth/mgmt.h>
33
34
34
35
#include "smp.h"
35
36
36
37
#define MGMT_VERSION 1
37
-
#define MGMT_REVISION 5
38
+
#define MGMT_REVISION 6
38
39
39
40
static const u16 mgmt_commands[] = {
40
41
MGMT_OP_READ_INDEX_LIST,
···
84
83
MGMT_OP_SET_DEBUG_KEYS,
85
84
MGMT_OP_SET_PRIVACY,
86
85
MGMT_OP_LOAD_IRKS,
86
+
MGMT_OP_GET_CONN_INFO,
87
87
};
88
88
89
89
static const u16 mgmt_events[] = {
···
4534
4532
4535
4533
for (i = 0; i < key_count; i++) {
4536
4534
struct mgmt_ltk_info *key = &cp->keys[i];
4537
-
u8 type, addr_type;
4535
+
u8 type, addr_type, authenticated;
4538
4536
4539
4537
if (key->addr.type == BDADDR_LE_PUBLIC)
4540
4538
addr_type = ADDR_LE_DEV_PUBLIC;
···
4546
4544
else
4547
4545
type = HCI_SMP_LTK_SLAVE;
4548
4546
4547
+
if (key->type == MGMT_LTK_UNAUTHENTICATED)
4548
+
authenticated = 0x00;
4549
+
else
4550
+
authenticated = 0x01;
4551
+
4549
4552
hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4550
-
key->type, key->val, key->enc_size, key->ediv,
4553
+
authenticated, key->val, key->enc_size, key->ediv,
4551
4554
key->rand);
4552
4555
}
4553
4556
···
4561
4554
4562
4555
hci_dev_unlock(hdev);
4563
4556
4557
+
return err;
4558
+
}
4559
+
4560
+
struct cmd_conn_lookup {
4561
+
struct hci_conn *conn;
4562
+
bool valid_tx_power;
4563
+
u8 mgmt_status;
4564
+
};
4565
+
4566
+
static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4567
+
{
4568
+
struct cmd_conn_lookup *match = data;
4569
+
struct mgmt_cp_get_conn_info *cp;
4570
+
struct mgmt_rp_get_conn_info rp;
4571
+
struct hci_conn *conn = cmd->user_data;
4572
+
4573
+
if (conn != match->conn)
4574
+
return;
4575
+
4576
+
cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4577
+
4578
+
memset(&rp, 0, sizeof(rp));
4579
+
bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4580
+
rp.addr.type = cp->addr.type;
4581
+
4582
+
if (!match->mgmt_status) {
4583
+
rp.rssi = conn->rssi;
4584
+
4585
+
if (match->valid_tx_power) {
4586
+
rp.tx_power = conn->tx_power;
4587
+
rp.max_tx_power = conn->max_tx_power;
4588
+
} else {
4589
+
rp.tx_power = HCI_TX_POWER_INVALID;
4590
+
rp.max_tx_power = HCI_TX_POWER_INVALID;
4591
+
}
4592
+
}
4593
+
4594
+
cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4595
+
match->mgmt_status, &rp, sizeof(rp));
4596
+
4597
+
hci_conn_drop(conn);
4598
+
4599
+
mgmt_pending_remove(cmd);
4600
+
}
4601
+
4602
+
static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4603
+
{
4604
+
struct hci_cp_read_rssi *cp;
4605
+
struct hci_conn *conn;
4606
+
struct cmd_conn_lookup match;
4607
+
u16 handle;
4608
+
4609
+
BT_DBG("status 0x%02x", status);
4610
+
4611
+
hci_dev_lock(hdev);
4612
+
4613
+
/* TX power data is valid in case request completed successfully,
4614
+
* otherwise we assume it's not valid. At the moment we assume that
4615
+
* either both or none of current and max values are valid to keep code
4616
+
* simple.
4617
+
*/
4618
+
match.valid_tx_power = !status;
4619
+
4620
+
/* Commands sent in request are either Read RSSI or Read Transmit Power
4621
+
* Level so we check which one was last sent to retrieve connection
4622
+
* handle. Both commands have handle as first parameter so it's safe to
4623
+
* cast data on the same command struct.
4624
+
*
4625
+
* First command sent is always Read RSSI and we fail only if it fails.
4626
+
* In other case we simply override error to indicate success as we
4627
+
* already remembered if TX power value is actually valid.
4628
+
*/
4629
+
cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4630
+
if (!cp) {
4631
+
cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4632
+
status = 0;
4633
+
}
4634
+
4635
+
if (!cp) {
4636
+
BT_ERR("invalid sent_cmd in response");
4637
+
goto unlock;
4638
+
}
4639
+
4640
+
handle = __le16_to_cpu(cp->handle);
4641
+
conn = hci_conn_hash_lookup_handle(hdev, handle);
4642
+
if (!conn) {
4643
+
BT_ERR("unknown handle (%d) in response", handle);
4644
+
goto unlock;
4645
+
}
4646
+
4647
+
match.conn = conn;
4648
+
match.mgmt_status = mgmt_status(status);
4649
+
4650
+
/* Cache refresh is complete, now reply for mgmt request for given
4651
+
* connection only.
4652
+
*/
4653
+
mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4654
+
get_conn_info_complete, &match);
4655
+
4656
+
unlock:
4657
+
hci_dev_unlock(hdev);
4658
+
}
4659
+
4660
+
static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4661
+
u16 len)
4662
+
{
4663
+
struct mgmt_cp_get_conn_info *cp = data;
4664
+
struct mgmt_rp_get_conn_info rp;
4665
+
struct hci_conn *conn;
4666
+
unsigned long conn_info_age;
4667
+
int err = 0;
4668
+
4669
+
BT_DBG("%s", hdev->name);
4670
+
4671
+
memset(&rp, 0, sizeof(rp));
4672
+
bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4673
+
rp.addr.type = cp->addr.type;
4674
+
4675
+
if (!bdaddr_type_is_valid(cp->addr.type))
4676
+
return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4677
+
MGMT_STATUS_INVALID_PARAMS,
4678
+
&rp, sizeof(rp));
4679
+
4680
+
hci_dev_lock(hdev);
4681
+
4682
+
if (!hdev_is_powered(hdev)) {
4683
+
err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4684
+
MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4685
+
goto unlock;
4686
+
}
4687
+
4688
+
if (cp->addr.type == BDADDR_BREDR)
4689
+
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4690
+
&cp->addr.bdaddr);
4691
+
else
4692
+
conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4693
+
4694
+
if (!conn || conn->state != BT_CONNECTED) {
4695
+
err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4696
+
MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4697
+
goto unlock;
4698
+
}
4699
+
4700
+
/* To avoid client trying to guess when to poll again for information we
4701
+
* calculate conn info age as random value between min/max set in hdev.
4702
+
*/
4703
+
conn_info_age = hdev->conn_info_min_age +
4704
+
prandom_u32_max(hdev->conn_info_max_age -
4705
+
hdev->conn_info_min_age);
4706
+
4707
+
/* Query controller to refresh cached values if they are too old or were
4708
+
* never read.
4709
+
*/
4710
+
if (time_after(jiffies, conn->conn_info_timestamp +
4711
+
msecs_to_jiffies(conn_info_age)) ||
4712
+
!conn->conn_info_timestamp) {
4713
+
struct hci_request req;
4714
+
struct hci_cp_read_tx_power req_txp_cp;
4715
+
struct hci_cp_read_rssi req_rssi_cp;
4716
+
struct pending_cmd *cmd;
4717
+
4718
+
hci_req_init(&req, hdev);
4719
+
req_rssi_cp.handle = cpu_to_le16(conn->handle);
4720
+
hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4721
+
&req_rssi_cp);
4722
+
4723
+
/* For LE links TX power does not change thus we don't need to
4724
+
* query for it once value is known.
4725
+
*/
4726
+
if (!bdaddr_type_is_le(cp->addr.type) ||
4727
+
conn->tx_power == HCI_TX_POWER_INVALID) {
4728
+
req_txp_cp.handle = cpu_to_le16(conn->handle);
4729
+
req_txp_cp.type = 0x00;
4730
+
hci_req_add(&req, HCI_OP_READ_TX_POWER,
4731
+
sizeof(req_txp_cp), &req_txp_cp);
4732
+
}
4733
+
4734
+
/* Max TX power needs to be read only once per connection */
4735
+
if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4736
+
req_txp_cp.handle = cpu_to_le16(conn->handle);
4737
+
req_txp_cp.type = 0x01;
4738
+
hci_req_add(&req, HCI_OP_READ_TX_POWER,
4739
+
sizeof(req_txp_cp), &req_txp_cp);
4740
+
}
4741
+
4742
+
err = hci_req_run(&req, conn_info_refresh_complete);
4743
+
if (err < 0)
4744
+
goto unlock;
4745
+
4746
+
cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4747
+
data, len);
4748
+
if (!cmd) {
4749
+
err = -ENOMEM;
4750
+
goto unlock;
4751
+
}
4752
+
4753
+
hci_conn_hold(conn);
4754
+
cmd->user_data = conn;
4755
+
4756
+
conn->conn_info_timestamp = jiffies;
4757
+
} else {
4758
+
/* Cache is valid, just reply with values cached in hci_conn */
4759
+
rp.rssi = conn->rssi;
4760
+
rp.tx_power = conn->tx_power;
4761
+
rp.max_tx_power = conn->max_tx_power;
4762
+
4763
+
err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4764
+
MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4765
+
}
4766
+
4767
+
unlock:
4768
+
hci_dev_unlock(hdev);
4564
4769
return err;
4565
4770
}
4566
4771
···
4831
4612
{ set_debug_keys, false, MGMT_SETTING_SIZE },
4832
4613
{ set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4833
4614
{ load_irks, true, MGMT_LOAD_IRKS_SIZE },
4615
+
{ get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
4834
4616
};
4835
4617
4836
4618
···
5227
5007
mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
5228
5008
}
5229
5009
5010
+
static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5011
+
{
5012
+
if (ltk->authenticated)
5013
+
return MGMT_LTK_AUTHENTICATED;
5014
+
5015
+
return MGMT_LTK_UNAUTHENTICATED;
5016
+
}
5017
+
5230
5018
void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
5231
5019
{
5232
5020
struct mgmt_ev_new_long_term_key ev;
···
5260
5032
5261
5033
bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5262
5034
ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
5263
-
ev.key.type = key->authenticated;
5035
+
ev.key.type = mgmt_ltk_type(key);
5264
5036
ev.key.enc_size = key->enc_size;
5265
5037
ev.key.ediv = key->ediv;
5266
5038
ev.key.rand = key->rand;
+1
-1
net/bluetooth/rfcomm/core.c
+1
-1
net/bluetooth/rfcomm/core.c
+10
-10
net/bluetooth/rfcomm/tty.c
+10
-10
net/bluetooth/rfcomm/tty.c
···
70
70
};
71
71
72
72
static LIST_HEAD(rfcomm_dev_list);
73
-
static DEFINE_SPINLOCK(rfcomm_dev_lock);
73
+
static DEFINE_MUTEX(rfcomm_dev_lock);
74
74
75
75
static void rfcomm_dev_data_ready(struct rfcomm_dlc *dlc, struct sk_buff *skb);
76
76
static void rfcomm_dev_state_change(struct rfcomm_dlc *dlc, int err);
···
96
96
if (dev->tty_dev)
97
97
tty_unregister_device(rfcomm_tty_driver, dev->id);
98
98
99
-
spin_lock(&rfcomm_dev_lock);
99
+
mutex_lock(&rfcomm_dev_lock);
100
100
list_del(&dev->list);
101
-
spin_unlock(&rfcomm_dev_lock);
101
+
mutex_unlock(&rfcomm_dev_lock);
102
102
103
103
kfree(dev);
104
104
···
161
161
{
162
162
struct rfcomm_dev *dev;
163
163
164
-
spin_lock(&rfcomm_dev_lock);
164
+
mutex_lock(&rfcomm_dev_lock);
165
165
166
166
dev = __rfcomm_dev_lookup(id);
167
167
168
168
if (dev && !tty_port_get(&dev->port))
169
169
dev = NULL;
170
170
171
-
spin_unlock(&rfcomm_dev_lock);
171
+
mutex_unlock(&rfcomm_dev_lock);
172
172
173
173
return dev;
174
174
}
···
224
224
if (!dev)
225
225
return ERR_PTR(-ENOMEM);
226
226
227
-
spin_lock(&rfcomm_dev_lock);
227
+
mutex_lock(&rfcomm_dev_lock);
228
228
229
229
if (req->dev_id < 0) {
230
230
dev->id = 0;
···
305
305
holds reference to this module. */
306
306
__module_get(THIS_MODULE);
307
307
308
-
spin_unlock(&rfcomm_dev_lock);
308
+
mutex_unlock(&rfcomm_dev_lock);
309
309
return dev;
310
310
311
311
out:
312
-
spin_unlock(&rfcomm_dev_lock);
312
+
mutex_unlock(&rfcomm_dev_lock);
313
313
kfree(dev);
314
314
return ERR_PTR(err);
315
315
}
···
524
524
525
525
di = dl->dev_info;
526
526
527
-
spin_lock(&rfcomm_dev_lock);
527
+
mutex_lock(&rfcomm_dev_lock);
528
528
529
529
list_for_each_entry(dev, &rfcomm_dev_list, list) {
530
530
if (!tty_port_get(&dev->port))
···
540
540
break;
541
541
}
542
542
543
-
spin_unlock(&rfcomm_dev_lock);
543
+
mutex_unlock(&rfcomm_dev_lock);
544
544
545
545
dl->dev_num = n;
546
546
size = sizeof(*dl) + n * sizeof(*di);
+77
-76
net/bluetooth/smp.c
+77
-76
net/bluetooth/smp.c
···
35
35
36
36
#define AUTH_REQ_MASK 0x07
37
37
38
+
#define SMP_FLAG_TK_VALID 1
39
+
#define SMP_FLAG_CFM_PENDING 2
40
+
#define SMP_FLAG_MITM_AUTH 3
41
+
#define SMP_FLAG_COMPLETE 4
42
+
#define SMP_FLAG_INITIATOR 5
43
+
44
+
struct smp_chan {
45
+
struct l2cap_conn *conn;
46
+
u8 preq[7]; /* SMP Pairing Request */
47
+
u8 prsp[7]; /* SMP Pairing Response */
48
+
u8 prnd[16]; /* SMP Pairing Random (local) */
49
+
u8 rrnd[16]; /* SMP Pairing Random (remote) */
50
+
u8 pcnf[16]; /* SMP Pairing Confirm */
51
+
u8 tk[16]; /* SMP Temporary Key */
52
+
u8 enc_key_size;
53
+
u8 remote_key_dist;
54
+
bdaddr_t id_addr;
55
+
u8 id_addr_type;
56
+
u8 irk[16];
57
+
struct smp_csrk *csrk;
58
+
struct smp_csrk *slave_csrk;
59
+
struct smp_ltk *ltk;
60
+
struct smp_ltk *slave_ltk;
61
+
struct smp_irk *remote_irk;
62
+
unsigned long flags;
63
+
};
64
+
38
65
static inline void swap128(const u8 src[16], u8 dst[16])
39
66
{
40
67
int i;
···
396
369
397
370
/* Initialize key for JUST WORKS */
398
371
memset(smp->tk, 0, sizeof(smp->tk));
399
-
clear_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
372
+
clear_bit(SMP_FLAG_TK_VALID, &smp->flags);
400
373
401
374
BT_DBG("tk_request: auth:%d lcl:%d rem:%d", auth, local_io, remote_io);
402
375
···
415
388
method = JUST_WORKS;
416
389
417
390
/* Don't confirm locally initiated pairing attempts */
418
-
if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR,
419
-
&smp->smp_flags))
391
+
if (method == JUST_CFM && test_bit(SMP_FLAG_INITIATOR, &smp->flags))
420
392
method = JUST_WORKS;
421
393
422
394
/* If Just Works, Continue with Zero TK */
423
395
if (method == JUST_WORKS) {
424
-
set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
396
+
set_bit(SMP_FLAG_TK_VALID, &smp->flags);
425
397
return 0;
426
398
}
427
399
428
400
/* Not Just Works/Confirm results in MITM Authentication */
429
401
if (method != JUST_CFM)
430
-
set_bit(SMP_FLAG_MITM_AUTH, &smp->smp_flags);
402
+
set_bit(SMP_FLAG_MITM_AUTH, &smp->flags);
431
403
432
404
/* If both devices have Keyoard-Display I/O, the master
433
405
* Confirms and the slave Enters the passkey.
···
445
419
passkey %= 1000000;
446
420
put_unaligned_le32(passkey, smp->tk);
447
421
BT_DBG("PassKey: %d", passkey);
448
-
set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
422
+
set_bit(SMP_FLAG_TK_VALID, &smp->flags);
449
423
}
450
424
451
425
hci_dev_lock(hcon->hdev);
···
467
441
return ret;
468
442
}
469
443
470
-
static void confirm_work(struct work_struct *work)
444
+
static u8 smp_confirm(struct smp_chan *smp)
471
445
{
472
-
struct smp_chan *smp = container_of(work, struct smp_chan, confirm);
473
446
struct l2cap_conn *conn = smp->conn;
474
447
struct hci_dev *hdev = conn->hcon->hdev;
475
448
struct crypto_blkcipher *tfm = hdev->tfm_aes;
476
449
struct smp_cmd_pairing_confirm cp;
477
450
int ret;
478
-
u8 reason;
479
451
480
452
BT_DBG("conn %p", conn);
481
453
···
487
463
488
464
hci_dev_unlock(hdev);
489
465
490
-
if (ret) {
491
-
reason = SMP_UNSPECIFIED;
492
-
goto error;
493
-
}
466
+
if (ret)
467
+
return SMP_UNSPECIFIED;
494
468
495
-
clear_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
469
+
clear_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
496
470
497
471
smp_send_cmd(smp->conn, SMP_CMD_PAIRING_CONFIRM, sizeof(cp), &cp);
498
472
499
-
return;
500
-
501
-
error:
502
-
smp_failure(conn, reason);
473
+
return 0;
503
474
}
504
475
505
-
static void random_work(struct work_struct *work)
476
+
static u8 smp_random(struct smp_chan *smp)
506
477
{
507
-
struct smp_chan *smp = container_of(work, struct smp_chan, random);
508
478
struct l2cap_conn *conn = smp->conn;
509
479
struct hci_conn *hcon = conn->hcon;
510
480
struct hci_dev *hdev = hcon->hdev;
511
481
struct crypto_blkcipher *tfm = hdev->tfm_aes;
512
-
u8 reason, confirm[16];
482
+
u8 confirm[16];
513
483
int ret;
514
484
515
-
if (IS_ERR_OR_NULL(tfm)) {
516
-
reason = SMP_UNSPECIFIED;
517
-
goto error;
518
-
}
485
+
if (IS_ERR_OR_NULL(tfm))
486
+
return SMP_UNSPECIFIED;
519
487
520
488
BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
521
489
···
520
504
521
505
hci_dev_unlock(hdev);
522
506
523
-
if (ret) {
524
-
reason = SMP_UNSPECIFIED;
525
-
goto error;
526
-
}
507
+
if (ret)
508
+
return SMP_UNSPECIFIED;
527
509
528
510
if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
529
511
BT_ERR("Pairing failed (confirmation values mismatch)");
530
-
reason = SMP_CONFIRM_FAILED;
531
-
goto error;
512
+
return SMP_CONFIRM_FAILED;
532
513
}
533
514
534
515
if (hcon->out) {
···
538
525
memset(stk + smp->enc_key_size, 0,
539
526
SMP_MAX_ENC_KEY_SIZE - smp->enc_key_size);
540
527
541
-
if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags)) {
542
-
reason = SMP_UNSPECIFIED;
543
-
goto error;
544
-
}
528
+
if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))
529
+
return SMP_UNSPECIFIED;
545
530
546
531
hci_le_start_enc(hcon, ediv, rand, stk);
547
532
hcon->enc_key_size = smp->enc_key_size;
···
561
550
ediv, rand);
562
551
}
563
552
564
-
return;
565
-
566
-
error:
567
-
smp_failure(conn, reason);
553
+
return 0;
568
554
}
569
555
570
556
static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
···
571
563
smp = kzalloc(sizeof(*smp), GFP_ATOMIC);
572
564
if (!smp)
573
565
return NULL;
574
-
575
-
INIT_WORK(&smp->confirm, confirm_work);
576
-
INIT_WORK(&smp->random, random_work);
577
566
578
567
smp->conn = conn;
579
568
conn->smp_chan = smp;
···
588
583
589
584
BUG_ON(!smp);
590
585
591
-
complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
586
+
complete = test_bit(SMP_FLAG_COMPLETE, &smp->flags);
592
587
mgmt_smp_complete(conn->hcon, complete);
593
588
594
589
kfree(smp->csrk);
···
639
634
put_unaligned_le32(value, smp->tk);
640
635
/* Fall Through */
641
636
case MGMT_OP_USER_CONFIRM_REPLY:
642
-
set_bit(SMP_FLAG_TK_VALID, &smp->smp_flags);
637
+
set_bit(SMP_FLAG_TK_VALID, &smp->flags);
643
638
break;
644
639
case MGMT_OP_USER_PASSKEY_NEG_REPLY:
645
640
case MGMT_OP_USER_CONFIRM_NEG_REPLY:
···
651
646
}
652
647
653
648
/* If it is our turn to send Pairing Confirm, do so now */
654
-
if (test_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags))
655
-
queue_work(hcon->hdev->workqueue, &smp->confirm);
649
+
if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
650
+
u8 rsp = smp_confirm(smp);
651
+
if (rsp)
652
+
smp_failure(conn, rsp);
653
+
}
656
654
657
655
return 0;
658
656
}
···
664
656
{
665
657
struct smp_cmd_pairing rsp, *req = (void *) skb->data;
666
658
struct smp_chan *smp;
667
-
u8 key_size;
668
-
u8 auth = SMP_AUTH_NONE;
659
+
u8 key_size, auth;
669
660
int ret;
670
661
671
662
BT_DBG("conn %p", conn);
672
663
673
664
if (skb->len < sizeof(*req))
674
-
return SMP_UNSPECIFIED;
665
+
return SMP_INVALID_PARAMS;
675
666
676
667
if (conn->hcon->link_mode & HCI_LM_MASTER)
677
668
return SMP_CMD_NOTSUPP;
···
688
681
skb_pull(skb, sizeof(*req));
689
682
690
683
/* We didn't start the pairing, so match remote */
691
-
if (req->auth_req & SMP_AUTH_BONDING)
692
-
auth = req->auth_req;
684
+
auth = req->auth_req;
693
685
694
686
conn->hcon->pending_sec_level = authreq_to_seclevel(auth);
695
687
···
710
704
if (ret)
711
705
return SMP_UNSPECIFIED;
712
706
713
-
clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
707
+
clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
714
708
715
709
return 0;
716
710
}
···
719
713
{
720
714
struct smp_cmd_pairing *req, *rsp = (void *) skb->data;
721
715
struct smp_chan *smp = conn->smp_chan;
722
-
struct hci_dev *hdev = conn->hcon->hdev;
723
716
u8 key_size, auth = SMP_AUTH_NONE;
724
717
int ret;
725
718
726
719
BT_DBG("conn %p", conn);
727
720
728
721
if (skb->len < sizeof(*rsp))
729
-
return SMP_UNSPECIFIED;
722
+
return SMP_INVALID_PARAMS;
730
723
731
724
if (!(conn->hcon->link_mode & HCI_LM_MASTER))
732
725
return SMP_CMD_NOTSUPP;
···
758
753
if (ret)
759
754
return SMP_UNSPECIFIED;
760
755
761
-
set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
756
+
set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
762
757
763
758
/* Can't compose response until we have been confirmed */
764
-
if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
765
-
queue_work(hdev->workqueue, &smp->confirm);
759
+
if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
760
+
return smp_confirm(smp);
766
761
767
762
return 0;
768
763
}
···
770
765
static u8 smp_cmd_pairing_confirm(struct l2cap_conn *conn, struct sk_buff *skb)
771
766
{
772
767
struct smp_chan *smp = conn->smp_chan;
773
-
struct hci_dev *hdev = conn->hcon->hdev;
774
768
775
769
BT_DBG("conn %p %s", conn, conn->hcon->out ? "master" : "slave");
776
770
777
771
if (skb->len < sizeof(smp->pcnf))
778
-
return SMP_UNSPECIFIED;
772
+
return SMP_INVALID_PARAMS;
779
773
780
774
memcpy(smp->pcnf, skb->data, sizeof(smp->pcnf));
781
775
skb_pull(skb, sizeof(smp->pcnf));
···
782
778
if (conn->hcon->out)
783
779
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
784
780
smp->prnd);
785
-
else if (test_bit(SMP_FLAG_TK_VALID, &smp->smp_flags))
786
-
queue_work(hdev->workqueue, &smp->confirm);
781
+
else if (test_bit(SMP_FLAG_TK_VALID, &smp->flags))
782
+
return smp_confirm(smp);
787
783
else
788
-
set_bit(SMP_FLAG_CFM_PENDING, &smp->smp_flags);
784
+
set_bit(SMP_FLAG_CFM_PENDING, &smp->flags);
789
785
790
786
return 0;
791
787
}
···
793
789
static u8 smp_cmd_pairing_random(struct l2cap_conn *conn, struct sk_buff *skb)
794
790
{
795
791
struct smp_chan *smp = conn->smp_chan;
796
-
struct hci_dev *hdev = conn->hcon->hdev;
797
792
798
793
BT_DBG("conn %p", conn);
799
794
800
795
if (skb->len < sizeof(smp->rrnd))
801
-
return SMP_UNSPECIFIED;
796
+
return SMP_INVALID_PARAMS;
802
797
803
798
memcpy(smp->rrnd, skb->data, sizeof(smp->rrnd));
804
799
skb_pull(skb, sizeof(smp->rrnd));
805
800
806
-
queue_work(hdev->workqueue, &smp->random);
807
-
808
-
return 0;
801
+
return smp_random(smp);
809
802
}
810
803
811
804
static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)
···
837
836
BT_DBG("conn %p", conn);
838
837
839
838
if (skb->len < sizeof(*rp))
840
-
return SMP_UNSPECIFIED;
839
+
return SMP_INVALID_PARAMS;
841
840
842
841
if (!(conn->hcon->link_mode & HCI_LM_MASTER))
843
842
return SMP_CMD_NOTSUPP;
···
862
861
863
862
smp_send_cmd(conn, SMP_CMD_PAIRING_REQ, sizeof(cp), &cp);
864
863
865
-
clear_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
864
+
clear_bit(SMP_FLAG_INITIATOR, &smp->flags);
866
865
867
866
return 0;
868
867
}
···
929
928
smp_send_cmd(conn, SMP_CMD_SECURITY_REQ, sizeof(cp), &cp);
930
929
}
931
930
932
-
set_bit(SMP_FLAG_INITIATOR, &smp->smp_flags);
931
+
set_bit(SMP_FLAG_INITIATOR, &smp->flags);
933
932
934
933
done:
935
934
hcon->pending_sec_level = sec_level;
···
945
944
BT_DBG("conn %p", conn);
946
945
947
946
if (skb->len < sizeof(*rp))
948
-
return SMP_UNSPECIFIED;
947
+
return SMP_INVALID_PARAMS;
949
948
950
949
/* Ignore this PDU if it wasn't requested */
951
950
if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
···
970
969
BT_DBG("conn %p", conn);
971
970
972
971
if (skb->len < sizeof(*rp))
973
-
return SMP_UNSPECIFIED;
972
+
return SMP_INVALID_PARAMS;
974
973
975
974
/* Ignore this PDU if it wasn't requested */
976
975
if (!(smp->remote_key_dist & SMP_DIST_ENC_KEY))
···
1002
1001
BT_DBG("");
1003
1002
1004
1003
if (skb->len < sizeof(*info))
1005
-
return SMP_UNSPECIFIED;
1004
+
return SMP_INVALID_PARAMS;
1006
1005
1007
1006
/* Ignore this PDU if it wasn't requested */
1008
1007
if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
···
1026
1025
BT_DBG("");
1027
1026
1028
1027
if (skb->len < sizeof(*info))
1029
-
return SMP_UNSPECIFIED;
1028
+
return SMP_INVALID_PARAMS;
1030
1029
1031
1030
/* Ignore this PDU if it wasn't requested */
1032
1031
if (!(smp->remote_key_dist & SMP_DIST_ID_KEY))
···
1076
1075
BT_DBG("conn %p", conn);
1077
1076
1078
1077
if (skb->len < sizeof(*rp))
1079
-
return SMP_UNSPECIFIED;
1078
+
return SMP_INVALID_PARAMS;
1080
1079
1081
1080
/* Ignore this PDU if it wasn't requested */
1082
1081
if (!(smp->remote_key_dist & SMP_DIST_SIGN))
···
1359
1358
1360
1359
clear_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags);
1361
1360
cancel_delayed_work_sync(&conn->security_timer);
1362
-
set_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
1361
+
set_bit(SMP_FLAG_COMPLETE, &smp->flags);
1363
1362
smp_notify_keys(conn);
1364
1363
1365
1364
smp_chan_destroy(conn);
+1
-29
net/bluetooth/smp.h
+1
-29
net/bluetooth/smp.h
···
111
111
#define SMP_CMD_NOTSUPP 0x07
112
112
#define SMP_UNSPECIFIED 0x08
113
113
#define SMP_REPEATED_ATTEMPTS 0x09
114
+
#define SMP_INVALID_PARAMS 0x0a
114
115
115
116
#define SMP_MIN_ENC_KEY_SIZE 7
116
117
#define SMP_MAX_ENC_KEY_SIZE 16
117
-
118
-
#define SMP_FLAG_TK_VALID 1
119
-
#define SMP_FLAG_CFM_PENDING 2
120
-
#define SMP_FLAG_MITM_AUTH 3
121
-
#define SMP_FLAG_COMPLETE 4
122
-
#define SMP_FLAG_INITIATOR 5
123
-
124
-
struct smp_chan {
125
-
struct l2cap_conn *conn;
126
-
u8 preq[7]; /* SMP Pairing Request */
127
-
u8 prsp[7]; /* SMP Pairing Response */
128
-
u8 prnd[16]; /* SMP Pairing Random (local) */
129
-
u8 rrnd[16]; /* SMP Pairing Random (remote) */
130
-
u8 pcnf[16]; /* SMP Pairing Confirm */
131
-
u8 tk[16]; /* SMP Temporary Key */
132
-
u8 enc_key_size;
133
-
u8 remote_key_dist;
134
-
bdaddr_t id_addr;
135
-
u8 id_addr_type;
136
-
u8 irk[16];
137
-
struct smp_csrk *csrk;
138
-
struct smp_csrk *slave_csrk;
139
-
struct smp_ltk *ltk;
140
-
struct smp_ltk *slave_ltk;
141
-
struct smp_irk *remote_irk;
142
-
unsigned long smp_flags;
143
-
struct work_struct confirm;
144
-
struct work_struct random;
145
-
};
146
118
147
119
/* SMP Commands */
148
120
bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);