Avinash kumar [Tue, 18 Feb 2014 11:34:10 +0000 (17:04 +0530)]
drivers:net:wireless:airo.c:checkpatch.pl cleanup
removed following warnings-
drivers/net/wireless/airo.c:39: WARNING: Use #include <linux/io.h> instead of <asm/io.h>
drivers/net/wireless/airo.c:48: WARNING: Use #include <linux/uaccess.h> instead of <asm/uaccess.h>
Signed-off-by: Avinash Kumar <avi.kp.137@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Zhao, Gang [Sun, 16 Feb 2014 14:31:37 +0000 (22:31 +0800)]
b43: Kconfig: let config B43_BCMA_PIO depends on B43
Logically, config B43_BCMA_PIO should depend on B43. This also solves
the problem that sub options of b43 driver didn't indent correctly in
make menuconfig's ncurses window.
Signed-off-by: Zhao, Gang <gamerh2o@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Peter Wu [Fri, 14 Feb 2014 18:03:45 +0000 (19:03 +0100)]
rtlwifi: properly apply filter flags
commit 0baa0fd76f3f5a134461d6cf30294f6bb1bb824c
("rtlwifi: Convert core routines for addition of rtl8192se and
rtl8192de") removed setting HW_VAR_RCR, HW_VAR_MGT_FILTER and
HW_VAR_CTRL_FILTER. The last two are probably done because some hardware
does not support them. The first is probably a mistake. This patch adds
the missing set_hw_reg call.
For PCI support, rx_conf is not touched directly. Instead, get_hw_reg is
used to abstract between receive_config (for PCI) and rx_conf (for USB).
This was tested on a 10ec:8176 Realtek RTL8188CE (according to the
label on the mini-PCIe card). Before this patch, `iw wlan0 set monitor
otherbss` did not capture frames from other BSS's. After this patch, it
does print packets.
Tested-by: Peter Wu <lekensteyn@gmail.com> Signed-off-by: Peter Wu <lekensteyn@gmail.com> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Peter Wu [Fri, 14 Feb 2014 18:03:44 +0000 (19:03 +0100)]
rtlwifi: avoid accessing RCR directly
The rtl*_set_check_bssid functions are mostly the same, but access the
RCR register in different ways. Use the get_hw_reg abstraction layer
(which reads rtlpci->receive_config for PCI devices and mac->rx_conf for
USB).
There is no functional change for cases where receive_config was
accessed directly. For rtl8192ce, there is still no change because
nothing modifies REG_RCR or receive_config. For rtl8192cu, it now also
applies changes to rx_conf from configure_filter, but that can be
considered a bug which is fixed later.
Signed-off-by: Peter Wu <lekensteyn@gmail.com> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Dan Carpenter [Fri, 14 Feb 2014 09:03:13 +0000 (12:03 +0300)]
mwifiex: memory corruption in mwifiex_tdls_add_vht_capab()
There is a typo here because the names are confusingly similar. The
intent was sizeof(struct ieee80211_vht_cap) (size 12) but sizeof(struct
ieee80211_ht_cap) (size 32) was used.
Anway, it's cleaner to just specify the variable instead of the type.
Fixes: 5f6d5983394f ('mwifiex: add VHT support for TDLS') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Eran Harary [Thu, 20 Feb 2014 09:00:01 +0000 (11:00 +0200)]
iwlwifi: mvm: prepare infrastructure for more TLV flags
We use the TLV flags as a handshake between the firmware
and the driver. These flags allow the firmware to advertise
its capabilities and API version.
Since we are running short of bits, we add a new
infrastructure which is more scalable, yet backward
compatible.
We make now the difference between API changes and the
capabilities. Both can have an index which allows to scale
at will.
Signed-off-by: Eran Harary <eran.harary@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg [Wed, 12 Feb 2014 21:02:38 +0000 (22:02 +0100)]
iwlwifi: nvm: remove reading valid antennas from NVM
These values aren't used as the firmware values should be used,
so reading them is pointless and hides potential errors when
somebody uses these values. Leave them zero to make it clearer
that they can't be used. We can't remove the struct members as
the DVM driver does read the values from EEPROM/OTP and the
structure is shared between drivers.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Luciano Coelho [Thu, 20 Feb 2014 14:36:21 +0000 (16:36 +0200)]
cfg80211: remove radar requirements check from cfg80211_can_use_iftype_chan()
We don't have to double check whether the parameters passed to
cfg80211_can_use_iftype_chan() are correct. We should just make sure
they *are* when we call this function.
Remove the radar_detect argument check in
cfg80211_can_use_iftype_chan() to simplify the code.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
[keep braces around a long comment + single statement] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Luciano Coelho [Thu, 20 Feb 2014 14:41:51 +0000 (16:41 +0200)]
mac80211: allow drivers to request SMPS off
Previously we were warning and using automatic when a driver sent an
update request with SMPS off. This patch makes it possible for
drivers to disable SMPS at runtime, for whatever reason.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add the ieee80211_iface_limit and the ieee80211_iface_combination
structures to docbook. Reformat the examples of combinations
slightly, so it looks a bit better on docbook.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Luciano Coelho [Thu, 20 Feb 2014 14:45:33 +0000 (16:45 +0200)]
cfg80211: docbook: fix small formatting error
docbook (or one of its friends) gets confused with semi-colons in the
argument descriptions, causing it to think that the semi-colon is
marking a new section in the description of addr_mask in wiphy struct.
Prevent this by using hyphens instead of semi-colons in the mask
example.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Janusz Dziedzic [Thu, 20 Feb 2014 12:52:16 +0000 (13:52 +0100)]
cfg80211: regulatory: introduce NL80211_RRF_AUTO_BW rule flag
Introduce NL80211_RRF_AUTO_BW rule flag. If this flag set
maximum available bandwidth should be calculated base on
contiguous rules and wider channels will be allowed to cross
multiple contiguous/overlapping frequency ranges.
In case of old kernels maximum bandwidth from regulatory
rule will be used, while there is no NL80211_RRF_AUTO_BW flag.
This fixes the previous commit 9752482083066af7ac18a5ca376f
("cfg80211: regulatory introduce maximum bandwidth calculation")
which was found to be a problem for userspace API compatibility.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
[edit commit log, use sizeof()] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Marcel Holtmann [Thu, 20 Feb 2014 20:44:20 +0000 (12:44 -0800)]
Bluetooth: Increase minor version of core module
With the addition of Resolvable Private Address (RPA) resolution
support for Bluetooth Low Energy connections, it makes sense to
increase the minor version of the Bluetooth core module.
The module version is not used anywhere, but it gives a nice extra
hint for debugging purposes.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Bluetooth: Fix channel check when binding RFCOMM sock
When binding RFCOMM socket with non-zero channel we're checking if
there is already any other socket which has the same channel number
assigned and then fail. This check does not consider situation where
we have another socket connected to remote device on given channel
number in which case we still should be able to bind local socket.
This patch changes __rfcomm_get_sock_by_addr() to return only sockets
in either BT_BOUND or BT_LISTEN states, also name is updated to better
describe what this function does now.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
iwlwifi: mvm: set immediate apply time bit in time events
Newer firmware support a new bit in the policy that allows
to request to apply the time event immediately. Add this bit
without removing the workarounds we used until now to support
older firmares.
Reviewed-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: pcie: stop the firmware when we restart it
In case the firmware didn't assert but we want to restart
it, e.g. we didn't get the reply for a host command, or the
Tx queues are stuck, we should stop the firmware by
provoking an interrupt. This allows to better debug the
firmware in these bad scenarios.
Johannes Berg [Mon, 17 Feb 2014 09:48:17 +0000 (10:48 +0100)]
mac80211: allow driver to return error from sched_scan_stop
In order to solve races with sched_scan_stop, it is necessary
for the driver to be able to return an error to propagate that
to cfg80211 so it doesn't send an event.
Reviewed-by: Alexander Bondar <alexander.bondar@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Due to userspace assumptions, the sched_scan_stop operation must
be synchronous, i.e. once it returns a new scheduled scan must be
able to start immediately. Document this in the API.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211: Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct
the VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the
presence of the respective IEs in the received TDLS Setup Response frame.
The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.
Signed-off-by: Sunil Dutt Undekari <usdutt@qti.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Marcel Holtmann [Thu, 20 Feb 2014 03:52:13 +0000 (19:52 -0800)]
Bluetooth: Track the current configured random address
For Bluetooth controllers with LE support, track the value of the
currently configured random address. It is important to know what
the current random address is to avoid unneeded attempts to set
a new address. This will become important when introducing the
LE privacy support in the future.
In addition expose the current configured random address via
debugfs for debugging purposes.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Thu, 20 Feb 2014 03:31:26 +0000 (19:31 -0800)]
Bluetooth: Replace own_address_type with force_static_address debugfs
The own_address_type debugfs option does not providing enough
flexibity for interacting with the upcoming LE privacy support.
What really is needed is an option to force using the static address
compared to the public address. The new force_static_address debugfs
option does exactly that. In addition it is also only available when
the controller does actually have a public address. For single mode
LE only controllers this option will not be available.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Thu, 20 Feb 2014 01:11:58 +0000 (17:11 -0800)]
Bluetooth: Add comment explainging store hint for long term keys
The code itself is not descriptive on what store hint is used for
long term keys and why. So add some extensive comment here. Similar
to what has already been done for identity resolving key store hint.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Wed, 19 Feb 2014 19:51:54 +0000 (11:51 -0800)]
Bluetooth: Don't send store hint for devices using identity addresses
The identity resolving keys should only be stored for devices using
resolvable random addresses. If the device is already using an
identity address, inform it about the new identity resolving key,
but tell userspace that this key is not persistent.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Wed, 19 Feb 2014 13:18:31 +0000 (15:18 +0200)]
Bluetooth: Add support for sending New IRK event
This patch adds the necessary helper function to send the New IRK mgmt
event and makes sure that the function is called at when SMP key
distribution has completed. The event is sent before the New LTK event
so user space knows which remote device to associate with the keys.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 19 Feb 2014 12:57:47 +0000 (14:57 +0200)]
Bluetooth: Move SMP LTK notification after key distribution
This patch moves the SMP Long Term Key notification over mgmt from the
hci_add_ltk function to smp.c when both sides have completed their key
distribution. This way we are also able to update the identity address
into the mgmt_new_ltk event.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 19 Feb 2014 12:57:46 +0000 (14:57 +0200)]
Bluetooth: Track SMP keys in the SMP context
As preparation to do mgmt notification in a single place at the end of
the key distribution, store the keys that need to be notified within the
SMP context.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 19 Feb 2014 12:57:45 +0000 (14:57 +0200)]
Bluetooth: Move New LTK store hint evaluation into mgmt_new_ltk
It's simpler (one less if-statement) to just evaluate the appropriate
value for store_hint in the mgmt_new_ltk function than to pass a boolean
parameter to the function. Furthermore, this simplifies moving the mgmt
event emission out from hci_add_ltk in subsequent patches.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 19 Feb 2014 12:57:44 +0000 (14:57 +0200)]
Bluetooth: Return added key when adding LTKs and IRKs
The SMP code will need to postpone the mgmt event emission for the IRK
and LTKs. To avoid extra lookups at the end of the key distribution
simply return the added value from the add_ltk and add_irk functions.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Wed, 19 Feb 2014 12:57:43 +0000 (14:57 +0200)]
Bluetooth: Avoid using GFP_ATOMIC where not necessary
The various pieces of data cached in the hci_dev structure do not need
to be allocated using GFP_ATOMIC since they are never added from
interrupt context. This patch updates these allocations to use
GFP_KERNEL instead.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Wed, 19 Feb 2014 06:27:14 +0000 (22:27 -0800)]
Bluetooth: Use same LE min/max connection event length during update
During LE connection establishment the value 0x0000 is used for min/max
connection event length. So use the same value when the peripheral is
requesting an update of the the connection paramters.
For some reason the value 0x0001 got used in the connection update and
0x0000 in the connection creation. Using the same value for both just
makes sense.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Tue, 18 Feb 2014 23:13:43 +0000 (15:13 -0800)]
Bluetooth: Fix wrong identity address during connection failures
When the connection attempt fails, the address information are not
provided in the HCI_LE_Connection_Complete event. So use the original
information from the connection to reconstruct the identity address.
This is important when a connection attempt has been made using the
identity address, but the cached resolvable random address has changed
in the meantime. The failure event needs to use the identity address
and not the resolvable random address.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Tue, 18 Feb 2014 22:22:20 +0000 (14:22 -0800)]
Bluetooth: Use connection address for reporting connection failures
When reporting connect failed events to userspace, use the address
of the connection and not the address from the HCI event.
This change is strictly speaking not needed since BR/EDR does not
have the concept of resolvable random addresses. It is more for
making the code consistent.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Tue, 18 Feb 2014 22:22:19 +0000 (14:22 -0800)]
Bluetooth: Report identity address when remote device connects
When the remote device has been successfully connected, report the
identity address (public address or static random address).
Currently the address from the HCI_LE_Connection_Complete event is
used. This was no problem so far, but since now known resolvable
random addresses are converted into identities, it is important to
use the identity of the connection and not the address report by
HCI event.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Johan Hedberg [Tue, 18 Feb 2014 19:41:37 +0000 (21:41 +0200)]
Bluetooth: Use Identity Address in Device Found event
Whenever a device uses an RPA we want to have user space identify it by
its Identity Address if we've got an IRK available for it. This patch
updates the Device Found mgmt event to contain the Identity Address if
an IRK is available for the device in question.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:36 +0000 (21:41 +0200)]
Bluetooth: Look up RPA for connection requests with Identity Address
We need to check whether there's a matching IRK and RPA when we're
requested to connect to a remote LE device based on its Identity
Address. This patch updates the hci_connect_le function to do an extra
call to hci_find_irk_by_addr and uses the RPA if it's cached. This is
particularly important once we start exposing the Identity Address to
user space instead of the RPA in events such as Device Connected and
Device Found.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:35 +0000 (21:41 +0200)]
Bluetooth: Don't try to look up private addresses as Identity Address
Identity Addresses are either public or static random. When looking up
addresses based on the Identity Address it doesn't make sense to go
through the IRK list if we're given a private random address. This patch
fixes (or rather improves) the hci_find_irk_by_addr function to bail out
early if given a private random address.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:34 +0000 (21:41 +0200)]
Bluetooth: Wait for SMP key distribution completion when pairing
When we initiate pairing through mgmt_pair_device the code has so far
been waiting for a successful HCI Encrypt Change event in order to
respond to the mgmt command. However, putting privacy into the play we
actually want the key distribution to be complete before replying so
that we can include the Identity Address in the mgmt response.
This patch updates the various hci_conn callbacks for LE in mgmt.c to
only respond in the case of failure, and adds a new mgmt_smp_complete
function that the SMP code will call once key distribution has been
completed.
Since the smp_chan_destroy function that's used to indicate completion
and clean up the SMP context can be called from various places,
including outside of smp.c, the easiest way to track failure vs success
is a new flag that we set once key distribution has been successfully
completed.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:33 +0000 (21:41 +0200)]
Bluetooth: Fix updating Identity Address in L2CAP channels
When we receive a remote identity address during SMP key distribution we
should ensure that any associated L2CAP channel instances get their
address information correspondingly updated (so that e.g. doing
getpeername on associated sockets returns the correct address).
This patch adds a new L2CAP core function l2cap_conn_update_id_addr()
which is used to iterate through all L2CAP channels associated with a
connection and update their address information.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:32 +0000 (21:41 +0200)]
Bluetooth: Track the LE Identity Address in struct hci_conn
Since we want user space to see and use the LE Identity Address whenever
interfacing with the kernel it makes sense to track that instead of the
real address (the two will only be different in the case of an RPA).
This patch adds the necessary updates to when an LE connection gets
established and when receiving the Identity Address from a remote
device.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 19:41:31 +0000 (21:41 +0200)]
Bluetooth: Remove SMP data specific crypto context
Now that each HCI device has its own AES crypto context we don't need
the one stored in the SMP data any more. This patch removes the variable
from struct smp_chan and updates the SMP code to use the per-hdev crypto
context.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Lucas De Marchi [Tue, 18 Feb 2014 05:19:26 +0000 (02:19 -0300)]
Bluetooth: allocate static minor for vhci
Commit bfacbb9 (Bluetooth: Use devname:vhci module alias for virtual HCI
driver) added the module alias to hci_vhci module so it's possible to
create the /dev/vhci node. However creating an alias without
specifying the minor doesn't allow us to create the node ahead,
triggerring module auto-load when it's first accessed.
Starting with depmod from kmod 16 we started to warn if there's a
devname alias without specifying the major and minor.
Let's do the same done for uhid, kvm, fuse and others, specifying a
fixed minor. In systems with systemd as the init the following will
happen: on early boot systemd will call "kmod static-nodes" to read
/lib/modules/$(uname -r)/modules.devname and then create the nodes. When
first accessed these "dead" nodes will trigger the module loading.
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:36 +0000 (17:14 +0200)]
Bluetooth: Add convenience function for fetching IRKs
There are many situations where we need to check if an LE address is an
RPA and if so try to look up the IRK for it. To simplify such cases this
patch adds a convenience function for the job.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:35 +0000 (17:14 +0200)]
Bluetooth: Fix removing any IRKs when unpairing devices
When mgmt_unpair_device is called we should also remove any associated
IRKs. This patch adds a hci_remove_irk convenience function and ensures
that it's called when mgmt_unpair_device is called.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:34 +0000 (17:14 +0200)]
Bluetooth: Fix completing SMP as peripheral when no keys are expected
When we're the acceptors (peripheral/slave) of an SMP procedure and
we've completed distributing our keys we should only stick around
waiting for keys from the remote side if any of the initiator
distribution bits were actually set. This patch fixes the
smp_distribute_keys function to clear the SMP context when this
situation occurs.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:33 +0000 (17:14 +0200)]
Bluetooth: Fix hci_remove_ltk failure when no match is found
There is code (in mgmt.c) that depends on the hci_remove_ltk function to
fail if no match is found. This patch adds tracking of removed LTKs
(there can be up to two: one for master and another for slave) in the
hci_remove_ltk function and returns -ENOENT of no matches were found.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:32 +0000 (17:14 +0200)]
Bluetooth: Remove return values from functions that don't need them
There are many functions that never fail but still declare an integer
return value for no reason. This patch converts these functions to use a
void return value to avoid any confusion of whether they can fail or not.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 15:14:31 +0000 (17:14 +0200)]
Bluetooth: Fix missing address type check for removing LTKs
When removing Long Term Keys we should also be checking that the given
address type (public vs random) matches. This patch updates the
hci_remove_ltk function to take an extra parameter and uses it for
address type matching.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
If we didn't request certain pieces of information during the key
distribution negotiation we should properly ignore those PDUs if the
peer incorrectly sends them. This includes the Encryption Information
and Master Identification PDUs if the EncKey bit was not set, and the
Identity Information and Identity Address Information PDUs if the IdKey
bit was not set.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:36 +0000 (10:19 +0200)]
Bluetooth: Enable support for remote IRK distribution
This patch does the necessary changes to request the remote device to
distribute its IRK to us during the SMP pairing procedure. This includes
setting the right key distribution values in the pairing
request/response and handling of the two related SMP PDUs, i.e. Identity
Information and Identity Address Information.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:35 +0000 (10:19 +0200)]
Bluetooth: Implement mgmt_load_irks command
This patch implements the Load IRKs command for the management
interface. The command is used to load the kernel with the initial set
of IRKs. It also sets a HCI_RPA_RESOLVING flag to indicate that we can
start requesting devices to distribute their IRK to us.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:34 +0000 (10:19 +0200)]
Bluetooth: Add hci_bdaddr_is_rpa convenience function
When implementing support for Resolvable Private Addresses (RPAs) we'll
need to in several places be able to identify such addresses. This patch
adds a simple convenience function to do the identification of the
address type.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:33 +0000 (10:19 +0200)]
Bluetooth: Add basic IRK management support
This patch adds the initial IRK storage and management functions to the
HCI core. This includes storing a list of IRKs per HCI device and the
ability to add, remove and lookup entries in that list.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:40:07 +0000 (10:40 +0200)]
Bluetooth: Add AES crypto context for each HCI device
Previously the crypto context has only been available for LE SMP
sessions, but now that we'll need to perform operations also during
discovery it makes sense to have this context part of the hci_dev
struct. Later, the context can be removed from the SMP context.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:31 +0000 (10:19 +0200)]
Bluetooth: Add smp_irk_matches helper function
This patch adds a helper function to check whether a given IRK matches a
given Resolvable Private Address (RPA). The function will be needed for
implementing the rest of address resolving support.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 18 Feb 2014 08:19:29 +0000 (10:19 +0200)]
Bluetooth: Fix missing PDU length checks for SMP
For each received SMP PDU we need to check that we have enough data to
fit the specified size of the PDU. This patch adds the necessary checks
for each SMP PDU handler and ensures that buffer overflows do not occur
if to little data has been received.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Marcel Holtmann [Mon, 17 Feb 2014 17:21:19 +0000 (09:21 -0800)]
Bluetooth: Allow HCI User Channel usage for controllers without address
Trying to setup HCI User Channel usage for LE only controllers without
a public address or configured static address will fail with an error
saying that no address is available.
In case of HCI User Channel the requirement for a valid address is not
needed. So allow skipping this extra validation step.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Mon, 17 Feb 2014 17:21:18 +0000 (09:21 -0800)]
Bluetooth: Add missing index added event on user channel failure
When the setup of user channel fails, the index added event is not sent
and will cause issues with user interaction. This problem can be easily
triggered with a LE only controller without a public address. In that
case hci_dev_open() fails and that error case is not sending an event
saying that the controller is available for normal use again.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Sun, 16 Feb 2014 20:59:06 +0000 (12:59 -0800)]
Bluetooth: Fix sending wrong store hint for new long term keys
The long term keys should only be stored when they belong to an
indentity address. The identity address can either be a public
address or a random static address.
For all other addresses (unresovable or resolvable) tell userspace
that the long term key is not persistent.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Marcel Holtmann [Sun, 16 Feb 2014 20:59:05 +0000 (12:59 -0800)]
Bluetooth: Restrict long term keys to public and static addresses
The long term keys should be associated with an identity address. Valid
identity addresses are public addresses or static addresses. So only
allow these two as valid address information for long term keys.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Peter Hurley [Mon, 10 Feb 2014 01:59:24 +0000 (20:59 -0500)]
Bluetooth: Fix write_room() calculation
The skb truesize of a 12-byte payload with a 10-byte head/tail
reserve is 768 bytes. Consequently, even with 40 tx_credits, at
most 6 packets could be queued at any one time:
40 tx_credits * 127-byte mtu < 768-byte truesize * 7
This error could also cause the tx queue to apparently stall if
credit flow control is disabled (where tx_credits is fixed at 5),
or if the receiver only granted a limited number of tx credits
(eg., less than 7).
Instead, track the outstanding number of queued packets not yet sent
in wmem_alloc and allow for a maximum of 40 queued packets. Report
the space avail for a single write() as the mtu * number of packets
left before reaching the maximum.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:23 +0000 (20:59 -0500)]
Bluetooth: Refactor write_room() calculation
Compute the amount of space available for a single write()
within rfcomm_room(); clamp to 0 for negative values. Note
this patch does not change the result of the computation.
Report the amount of room returned in the debug printk.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:22 +0000 (20:59 -0500)]
Bluetooth: Don't fail RFCOMM tty writes
The tty driver api design prefers no-fail writes if the driver
write_room() method has previously indicated space is available
to accept writes. Since this is trivially possible for the
RFCOMM tty driver, do so.
Introduce rfcomm_dlc_send_noerror(), which queues but does not
schedule the krfcomm thread if the dlc is not yet connected
(and thus does not error based on the connection state).
The mtu size test is also unnecessary since the caller already
chunks the written data into mtu size.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
If RFCOMM tty device registration fails, cleanup by releasing
the tty_port reference to trigger rfcomm_dev destruction
(rather than open-coding it).
The dlc reference release is moved into rfcomm_dev_add(),
which ensures cleanup in both error paths -- ie., if
__rfcomm_dev_add() fails or if tty_port_register_device() fails.
Fixes releasing the module reference if device registration fails.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:18 +0000 (20:59 -0500)]
Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls
At least two different race conditions exist with multiple concurrent
RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls:
* Multiple concurrent RFCOMMCREATEDEVs with RFCOMM_REUSE_DLC can
mistakenly share the same DLC.
* RFCOMMRELEASEDEV can destruct the rfcomm_dev still being
constructed by RFCOMMCREATEDEV.
Introduce rfcomm_ioctl_mutex to serialize these add/remove operations.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:16 +0000 (20:59 -0500)]
Bluetooth: Fix RFCOMM parent device for reused dlc
The RFCOMM tty device is parented to the acl link device when
the dlc state_change(BT_CONNECTED) notification is received.
However, if the dlc from the RFCOMM socket is being reused
(RFCOMM_REUSE_DLC is set), then the dlc may already be connected,
and no notification will occur.
Instead, always parent the RFCOMM tty device to the acl link
device at registration time. If the acl link device is not available
(eg, because the dlc is not connected) then the tty will remain
unparented until the BT_CONNECTED notification is received.
Fixes regression with ModemManager when the rfcomm device is
created with the flag RFCOMM_REUSE_DLC.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:15 +0000 (20:59 -0500)]
Bluetooth: Fix unsafe RFCOMM device parenting
Accessing the results of hci_conn_hash_lookup_ba() is unsafe without
holding the hci_dev_lock() during the lookup. For example:
CPU 0 | CPU 1
hci_conn_hash_lookup_ba | hci_conn_del
rcu_read_lock | hci_conn_hash_del
list_for_each_entry_rcu | list_del_rcu
if (.....) | synchronize_rcu
rcu_read_unlock |
| hci_conn_del_sysfs
| hci_dev_put
| hci_conn_put
| put_device (last reference)
| bt_link_release
| kfree(conn)
return p << just freed |
Even if a hci_conn reference were taken (via hci_conn_get), would
not guarantee the lifetime of the sysfs device, but only safe
access to the in-memory structure.
Ensure the hci_conn device stays valid while the rfcomm device
is reparented; rename rfcomm_get_device() to rfcomm_reparent_device()
and perform the reparenting within the function while holding the
hci_dev_lock.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:14 +0000 (20:59 -0500)]
Bluetooth: Directly close dlc for not yet started RFCOMM session
If the RFCOMM session has not yet been started (ie., session is
still in BT_BOUND state) when a dlc is closed, directly close and
unlink the dlc rather than sending a DISC frame that is never
sent.
This allows the dlci to be immediately reused rather than waiting
for a 20 second timeout.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Peter Hurley [Mon, 10 Feb 2014 01:59:13 +0000 (20:59 -0500)]
Bluetooth: Refactor dlc disconnect logic in rfcomm_dlc_close()
Prepare for directly closing dlc if the RFCOMM session has not
yet been started; refactor the dlc disconnect logic into a separate
local function, __rfcomm_dlc_disconn(). Retains functional
equivalence.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>