| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| | |
master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
Conflicts:
net/bluetooth/l2cap_core.c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There can 3 reasons for the "command reject" reply produced
by the stack. Each such reply should be accompanied by the
relevand data ( as defined in spec. ). Currently there is one
instance of "command reject" reply with reason "invalid cid"
wich is fixed. Also, added clean-up definitions related to the
"command reject" replies.
Signed-off-by: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be useful when userspace wants to restrict some kinds of
operations based on the length of the key size used to encrypt the
link.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In some cases it will be useful having the key size used for
encrypting the link. For example, some profiles may restrict
some operations depending on the key length.
The key size is stored in the key that is passed to userspace
using the pin_length field in the key structure.
For now this field is only valid for LE controllers. 3.0+HS
controllers define the Read Encryption Key Size command, this
field is intended for storing the value returned by that
command.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As the key format has changed to something that has a dynamic size,
the way that keys are received and sent must be changed.
The structure fields order is changed to make the parsing of the
information received from the Management Interface easier.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Now that it's possible that the exchanged key is present in
the link key list, we may be able to estabilish security with
an already existing key, without need to perform any SMP
procedure.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
With this we can use only one place to store all keys, without
need to use a field in the connection structure for this
purpose.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Now when the LTK is received from the remote or generated it is stored,
so it can later be used.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before implementing SM key distribution, the pairing features
exchange must be better negotiated, taking into account some
features of the host and connection requirements.
If we are in the "not pairable" state, it makes no sense to
exchange any key. This allows for simplification of the key
negociation method.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Now that we have methods to finding keys by its parameters we can
reject an encryption request if the key isn't found.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As the LTK (the new type of key being handled now) has more data
associated with it, we need to store this extra data and retrieve
the keys based on that data.
Methods for searching for a key and for adding a new LTK are
introduced here.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds support for generating and distributing all the keys
specified in the third phase of SMP.
This will make possible to re-establish secure connections, resolve
private addresses and sign commands.
For now, the values generated are random.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The ERTM receive buffer is now handled in a way that does not require
the busy queue and the associated polling code.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change moves most L2CAP ERTM receive buffer handling out of the
L2CAP core and in to the socket code. It's up to the higher layer
(the socket code, in this case) to tell the core when its buffer is
full or has space available. The recv op should always accept
incoming ERTM data or else the connection will go down.
Within the socket layer, an skb that does not fit in the socket
receive buffer will be temporarily stored. When the socket is read
from, that skb will be placed in the receive buffer if possible. Once
adequate buffer space becomes available, the L2CAP core is informed
and the ERTM local busy state is cleared.
Receive buffer management for non-ERTM modes is unchanged.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The local busy state is entered and exited based on buffer status in
the socket layer (or other upper layer). This change is in
preparation for general buffer status reports from the socket layer,
which will then be used to change the local busy status.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All threads running in process context should disable local bottom
halve before locking hdev->lock.
This patch fix the following message generated when Bluetooh module
is loaded with enable_mgmt=y (CONFIG_PROVE_LOCKING enabled).
[ 107.880781] =================================
[ 107.881631] [ INFO: inconsistent lock state ]
[ 107.881631] 2.6.39+ #1
[ 107.881631] ---------------------------------
[ 107.881631] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[ 107.881631] rcuc0/7 [HC0[0]:SC1[3]:HE1:SE0] takes:
[ 107.881631] (&(&hdev->lock)->rlock){+.?...}, at: [<ffffffffa0012c8d>] mgmt_set_local_name_complete+0x84/0x10b [bluetooth]
[ 107.881631] {SOFTIRQ-ON-W} state was registered at:
[ 107.881631] [<ffffffff8105188b>] __lock_acquire+0x347/0xd52
[ 107.881631] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7
[ 107.881631] [<ffffffff812b3758>] _raw_spin_lock+0x2c/0x3b
[ 107.881631] [<ffffffffa0011cc2>] mgmt_control+0xd4d/0x175b [bluetooth]
[ 107.881631] [<ffffffffa0013275>] hci_sock_sendmsg+0x97/0x293 [bluetooth]
[ 107.881631] [<ffffffff8121940c>] sock_aio_write+0x126/0x13a
[ 107.881631] [<ffffffff810a35fa>] do_sync_write+0xba/0xfa
[ 107.881631] [<ffffffff810a3beb>] vfs_write+0xaa/0xca
[ 107.881631] [<ffffffff810a3d80>] sys_write+0x45/0x69
[ 107.881631] [<ffffffff812b4892>] system_call_fastpath+0x16/0x1b
[ 107.881631] irq event stamp: 2100876
[ 107.881631] hardirqs last enabled at (2100876): [<ffffffff812b40d4>] restore_args+0x0/0x30
[ 107.881631] hardirqs last disabled at (2100875): [<ffffffff812b3f6a>] save_args+0x6a/0x70
[ 107.881631] softirqs last enabled at (2100862): [<ffffffff8106a805>] rcu_cpu_kthread+0x2b5/0x2e2
[ 107.881631] softirqs last disabled at (2100863): [<ffffffff812b56bc>] call_softirq+0x1c/0x26
[ 107.881631]
[ 107.881631] other info that might help us debug this:
[ 107.881631] Possible unsafe locking scenario:
[ 107.881631]
[ 107.881631] CPU0
[ 107.881631] ----
[ 107.881631] lock(&(&hdev->lock)->rlock);
[ 107.881631] <Interrupt>
[ 107.881631] lock(&(&hdev->lock)->rlock);
[ 107.881631]
[ 107.881631] *** DEADLOCK ***
[ 107.881631]
[ 107.881631] 1 lock held by rcuc0/7:
[ 107.881631] #0: (hci_task_lock){++.-..}, at: [<ffffffffa0008353>] hci_rx_task+0x49/0x2f3 [bluetooth]
[ 107.881631]
[ 107.881631] stack backtrace:
[ 107.881631] Pid: 7, comm: rcuc0 Not tainted 2.6.39+ #1
[ 107.881631] Call Trace:
[ 107.881631] <IRQ> [<ffffffff812ae901>] print_usage_bug+0x1e7/0x1f8
[ 107.881631] [<ffffffff8100a796>] ? save_stack_trace+0x27/0x44
[ 107.881631] [<ffffffff8104fc3f>] ? print_irq_inversion_bug.part.26+0x19a/0x19a
[ 107.881631] [<ffffffff810504bb>] mark_lock+0x106/0x258
[ 107.881631] [<ffffffff81051817>] __lock_acquire+0x2d3/0xd52
[ 107.881631] [<ffffffff8102be73>] ? vprintk+0x3ab/0x3d7
[ 107.881631] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7
[ 107.881631] [<ffffffffa0012c8d>] ? mgmt_set_local_name_complete+0x84/0x10b [bluetooth]
[ 107.881631] [<ffffffff81052615>] ? lock_release+0x16c/0x179
[ 107.881631] [<ffffffff812b3952>] _raw_spin_lock_bh+0x31/0x40
[ 107.881631] [<ffffffffa0012c8d>] ? mgmt_set_local_name_complete+0x84/0x10b [bluetooth]
[ 107.881631] [<ffffffffa0012c8d>] mgmt_set_local_name_complete+0x84/0x10b [bluetooth]
[ 107.881631] [<ffffffffa000d3fe>] hci_event_packet+0x122b/0x3e12 [bluetooth]
[ 107.881631] [<ffffffff81050658>] ? mark_held_locks+0x4b/0x6d
[ 107.881631] [<ffffffff812b3cff>] ? _raw_spin_unlock_irqrestore+0x40/0x4d
[ 107.881631] [<ffffffff810507b9>] ? trace_hardirqs_on_caller+0x13f/0x172
[ 107.881631] [<ffffffff812b3d07>] ? _raw_spin_unlock_irqrestore+0x48/0x4d
[ 107.881631] [<ffffffffa00083d2>] hci_rx_task+0xc8/0x2f3 [bluetooth]
[ 107.881631] [<ffffffff8102f836>] ? __local_bh_enable+0x90/0xa4
[ 107.881631] [<ffffffff8102f5a9>] tasklet_action+0x87/0xe6
[ 107.881631] [<ffffffff8102fa11>] __do_softirq+0x9f/0x13f
[ 107.881631] [<ffffffff812b56bc>] call_softirq+0x1c/0x26
[ 107.881631] <EOI> [<ffffffff810033b8>] ? do_softirq+0x46/0x9a
[ 107.881631] [<ffffffff8106a805>] ? rcu_cpu_kthread+0x2b5/0x2e2
[ 107.881631] [<ffffffff8102f906>] _local_bh_enable_ip+0xac/0xc9
[ 107.881631] [<ffffffff8102f93b>] local_bh_enable+0xd/0xf
[ 107.881631] [<ffffffff8106a805>] rcu_cpu_kthread+0x2b5/0x2e2
[ 107.881631] [<ffffffff81041586>] ? __init_waitqueue_head+0x46/0x46
[ 107.881631] [<ffffffff8106a550>] ? rcu_yield.constprop.42+0x98/0x98
[ 107.881631] [<ffffffff81040f0a>] kthread+0x7f/0x87
[ 107.881631] [<ffffffff812b55c4>] kernel_thread_helper+0x4/0x10
[ 107.881631] [<ffffffff812b40d4>] ? retint_restore_args+0x13/0x13
[ 107.881631] [<ffffffff81040e8b>] ? __init_kthread_worker+0x53/0x53
[ 107.881631] [<ffffffff812b55c0>] ? gs_change+0x13/0x13
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since hdev->lock may be acquired by threads runnning in interrupt
context, all threads running in process context should disable
local bottom halve before locking hdev->lock. This can be done by
using hci_dev_lock_bh macro.
This way, we avoid potencial deadlocks like this one reported by
CONFIG_PROVE_LOCKING=y.
[ 304.788780] =================================
[ 304.789686] [ INFO: inconsistent lock state ]
[ 304.789686] 2.6.39+ #1
[ 304.789686] ---------------------------------
[ 304.789686] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[ 304.789686] ksoftirqd/0/3 [HC0[0]:SC1[1]:HE1:SE0] takes:
[ 304.789686] (&(&hdev->lock)->rlock){+.?...}, at: [<ffffffffa000bbfe>] hci_conn_check_pending+0x38/0x76 [bluetooth]
[ 304.789686] {SOFTIRQ-ON-W} state was registered at:
[ 304.789686] [<ffffffff8105188b>] __lock_acquire+0x347/0xd52
[ 304.789686] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7
[ 304.789686] [<ffffffff812b3758>] _raw_spin_lock+0x2c/0x3b
[ 304.789686] [<ffffffffa0009cf0>] hci_blacklist_del+0x1f/0x8a [bluetooth]
[ 304.789686] [<ffffffffa00139fd>] hci_sock_ioctl+0x2d9/0x314 [bluetooth]
[ 304.789686] [<ffffffff812197d8>] sock_ioctl+0x1f2/0x214
[ 304.789686] [<ffffffff810b0fd6>] do_vfs_ioctl+0x46c/0x4ad
[ 304.789686] [<ffffffff810b1059>] sys_ioctl+0x42/0x65
[ 304.789686] [<ffffffff812b4892>] system_call_fastpath+0x16/0x1b
[ 304.789686] irq event stamp: 9768
[ 304.789686] hardirqs last enabled at (9768): [<ffffffff812b40d4>] restore_args+0x0/0x30
[ 304.789686] hardirqs last disabled at (9767): [<ffffffff812b3f6a>] save_args+0x6a/0x70
[ 304.789686] softirqs last enabled at (9726): [<ffffffff8102fa9b>] __do_softirq+0x129/0x13f
[ 304.789686] softirqs last disabled at (9739): [<ffffffff8102fb33>] run_ksoftirqd+0x82/0x133
[ 304.789686]
[ 304.789686] other info that might help us debug this:
[ 304.789686] Possible unsafe locking scenario:
[ 304.789686]
[ 304.789686] CPU0
[ 304.789686] ----
[ 304.789686] lock(&(&hdev->lock)->rlock);
[ 304.789686] <Interrupt>
[ 304.789686] lock(&(&hdev->lock)->rlock);
[ 304.789686]
[ 304.789686] *** DEADLOCK ***
[ 304.789686]
[ 304.789686] 1 lock held by ksoftirqd/0/3:
[ 304.789686] #0: (hci_task_lock){++.-..}, at: [<ffffffffa0008353>] hci_rx_task+0x49/0x2f3 [bluetooth]
[ 304.789686]
[ 304.789686] stack backtrace:
[ 304.789686] Pid: 3, comm: ksoftirqd/0 Not tainted 2.6.39+ #1
[ 304.789686] Call Trace:
[ 304.789686] [<ffffffff812ae901>] print_usage_bug+0x1e7/0x1f8
[ 304.789686] [<ffffffff8100a796>] ? save_stack_trace+0x27/0x44
[ 304.789686] [<ffffffff8104fc3f>] ? print_irq_inversion_bug.part.26+0x19a/0x19a
[ 304.789686] [<ffffffff810504bb>] mark_lock+0x106/0x258
[ 304.789686] [<ffffffff812b40d4>] ? retint_restore_args+0x13/0x13
[ 304.789686] [<ffffffff81051817>] __lock_acquire+0x2d3/0xd52
[ 304.789686] [<ffffffff8102be73>] ? vprintk+0x3ab/0x3d7
[ 304.789686] [<ffffffff812ae126>] ? printk+0x3c/0x3e
[ 304.789686] [<ffffffff810526ac>] lock_acquire+0x8a/0xa7
[ 304.789686] [<ffffffffa000bbfe>] ? hci_conn_check_pending+0x38/0x76 [bluetooth]
[ 304.789686] [<ffffffff811601c6>] ? __dynamic_pr_debug+0x10c/0x11a
[ 304.789686] [<ffffffff812b3758>] _raw_spin_lock+0x2c/0x3b
[ 304.789686] [<ffffffffa000bbfe>] ? hci_conn_check_pending+0x38/0x76 [bluetooth]
[ 304.789686] [<ffffffffa000bbfe>] hci_conn_check_pending+0x38/0x76 [bluetooth]
[ 304.789686] [<ffffffffa000c561>] hci_event_packet+0x38e/0x3e12 [bluetooth]
[ 304.789686] [<ffffffff81052615>] ? lock_release+0x16c/0x179
[ 304.789686] [<ffffffff812b3b41>] ? _raw_read_unlock+0x23/0x27
[ 304.789686] [<ffffffffa0013e7f>] ? hci_send_to_sock+0x179/0x188 [bluetooth]
[ 304.789686] [<ffffffffa00083d2>] hci_rx_task+0xc8/0x2f3 [bluetooth]
[ 304.789686] [<ffffffff8102f5a9>] tasklet_action+0x87/0xe6
[ 304.789686] [<ffffffff8102fa11>] __do_softirq+0x9f/0x13f
[ 304.789686] [<ffffffff8102fb33>] run_ksoftirqd+0x82/0x133
[ 304.789686] [<ffffffff8102fab1>] ? __do_softirq+0x13f/0x13f
[ 304.789686] [<ffffffff81040f0a>] kthread+0x7f/0x87
[ 304.789686] [<ffffffff812b55c4>] kernel_thread_helper+0x4/0x10
[ 304.789686] [<ffffffff812b40d4>] ? retint_restore_args+0x13/0x13
[ 304.789686] [<ffffffff81040e8b>] ? __init_kthread_worker+0x53/0x53
[ 304.789686] [<ffffffff812b55c0>] ? gs_change+0x13/0x13
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The enable_smp parameter is no longer needed. It can be replaced by
checking lmp_host_le_capable.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Since we have the extended LMP features properly implemented, we
should check the LMP_HOST_LE bit to know if the host supports LE.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This patch adds a new module parameter to enable/disable host LE
support. By default host LE support is disabled.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds a handler to Write LE Host Supported command complete
events. Once this commands has completed successfully, we should
read the extended LMP features and update the extfeatures field in
hci_dev.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This new field holds the extended LMP features value. Some LE
mechanism such as discovery procedure needs to read the extended
LMP features to work properly.
Signed-off-by: Andre Guedes <andre.guedes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Even when the received tx_seq is expected, the frame still needs to be
dropped if the TX window is exceeded or the receiver is in the local
busy state.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| | |
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a local logging function to emit bluetooth specific
messages. Using vsprintf extension %pV saves code/text
space.
Convert the current BT_INFO and BT_ERR macros to use bt_printk.
Remove __func__ from BT_ERR macro (and the uses).
Prefix "Bluetooth: " to BT_ERR
Remove __func__ from BT_DBG as function can be prefixed when
using dynamic_debug.
With allyesconfig:
text data bss dec hex filename
129956 8632 36096 174684 2aa5c drivers/bluetooth/built-in.o.new2
134402 8632 36064 179098 2bb9a drivers/bluetooth/built-in.o.old
14778 1012 3408 19198 4afe net/bluetooth/bnep/built-in.o.new2
15067 1012 3408 19487 4c1f net/bluetooth/bnep/built-in.o.old
346595 19163 86080 451838 6e4fe net/bluetooth/built-in.o.new2
353751 19163 86064 458978 700e2 net/bluetooth/built-in.o.old
18483 1172 4264 23919 5d6f net/bluetooth/cmtp/built-in.o.new2
18927 1172 4264 24363 5f2b net/bluetooth/cmtp/built-in.o.old
19237 1172 5152 25561 63d9 net/bluetooth/hidp/built-in.o.new2
19581 1172 5152 25905 6531 net/bluetooth/hidp/built-in.o.old
59461 3884 14464 77809 12ff1 net/bluetooth/rfcomm/built-in.o.new2
61206 3884 14464 79554 136c2 net/bluetooth/rfcomm/built-in.o.old
with x86 defconfig (and just bluetooth):
$ size net/bluetooth/built-in.o.defconfig.*
text data bss dec hex filename
66358 933 100 67391 1073f net/bluetooth/built-in.o.defconfig.new
66643 933 100 67676 1085c net/bluetooth/built-in.o.defconfig.old
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| | |
Make it easier to use more normal logging styles later.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
ERTM timeouts are defined in milliseconds, but need to be converted
to jiffies when passed to mod_timer().
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recent changes to hci_core.c use crypto interfaces, so select CRYPTO
to make sure that those interfaces are present.
Fixes these build errors when CRYPTO is not enabled:
net/built-in.o: In function `hci_register_dev':
(.text+0x4cf86): undefined reference to `crypto_alloc_base'
net/built-in.o: In function `hci_unregister_dev':
(.text+0x4f912): undefined reference to `crypto_destroy_tfm'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
Conflicts:
drivers/net/wireless/ath/ath5k/sysfs.c
net/bluetooth/l2cap_core.c
net/mac80211/wpa.c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unlike CCMP, the presence or absence of the QoS
field doesn't change the encryption, only the
TID is used. When no QoS field is present, zero
is used as the TID value. This means that it is
possible for an attacker to take a QoS packet
with TID 0 and replay it as a non-QoS packet.
Unfortunately, mac80211 uses different IVs for
checking the validity of the packet's TKIP IV
when it checks TID 0 and when it checks non-QoS
packets. This means it is vulnerable to this
replay attack.
To fix this, use the same replay counter for
TID 0 and non-QoS packets by overriding the
rx->queue value to 0 if it is 16 (non-QoS).
This is a minimal fix for now. I caused this
issue in
commit 1411f9b531f0a910cd1c85a337737c1e6ffbae6a
Author: Johannes Berg <johannes@sipsolutions.net>
Date: Thu Jul 10 10:11:02 2008 +0200
mac80211: fix RX sequence number check
while fixing a sequence number issue (there,
a separate counter needs to be used).
Cc: stable@kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were not allocating memory for the IEs passed in the scheduled_scan
request and this was causing memory corruption (buffer overflow).
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There was a deadlock when rfkill-blocking a wireless interface,
because we were locking the rdev mutex on NETDEV_GOING_DOWN to stop
sched_scans that were eventually running. The rfkill block code was
already holding a mutex under rdev:
kernel: =======================================================
kernel: [ INFO: possible circular locking dependency detected ]
kernel: 3.0.0-rc1-00049-g1fa7b6a #57
kernel: -------------------------------------------------------
kernel: kworker/0:1/4525 is trying to acquire lock:
kernel: (&rdev->mtx){+.+.+.}, at: [<ffffffff8164c831>] cfg80211_netdev_notifier_call+0x131/0x5b0
kernel:
kernel: but task is already holding lock:
kernel: (&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff8164dcef>] cfg80211_rfkill_set_block+0x4f/0xa0
kernel:
kernel: which lock already depends on the new lock.
To fix this, add a new mutex specifically for sched_scan, to protect
the sched_scan_req element in the rdev struct, instead of using the
global rdev mutex.
Reported-by: Duane Griffin <duaneg@dghda.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | |\ \
| | | |
| | | |
| | | | |
master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-2.6
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the remote device is not present, the connections attemp fails and
the struct hci_conn was not freed
Signed-off-by: Tomas Targownik <ttargownik@geicp.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PTS test A2DP/SRC/SRC_SET/TC_SRC_SET_BV_02_I revealed that
( probably after the df3c3931e commit ) the l2cap connection
could not be established in case when the "Auth Complete" HCI
event does not arive before the initiator send "Configuration
request", in which case l2cap replies with "Command rejected"
since the channel is still in BT_CONNECT2 state.
Based on patch from: Ilia Kolomisnky <iliak@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Partial revert of commit aabf6f89. When the hidp session thread
was converted from kernel_thread to kthread, the atomic/wakeups
were replaced with kthread_stop. kthread_stop has blocking semantics
which are inappropriate for the hidp session kthread. In addition,
the kthread signals itself to terminate in hidp_process_hid_control()
- it cannot do this with kthread_stop().
Lastly, a wakeup can be lost if the wakeup happens between checking
for the loop exit condition and setting the current state to
TASK_INTERRUPTIBLE. (Without appropriate synchronization mechanisms,
the task state should not be changed between the condition test and
the yield - via schedule() - as this creates a race between the
wakeup and resetting the state back to interruptible.)
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A remote user can provide a small value for the command size field in
the command header of an l2cap configuration request, resulting in an
integer underflow when subtracting the size of the configuration request
header. This results in copying a very large amount of data via
memcpy() and destroying the kernel heap. Check for underflow.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we try to stop a scheduled scan while it is not running, we should
return -ENOENT instead of simply ignoring the command and returning
success. This is more consistent with other parts of the code.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A panic was observed when the device is failed to resume properly,
and there are no running interfaces. ieee80211_reconfig tries
to restart STA timers on unassociated state.
Cc: stable@kernel.org
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to support pre-populating the P1K cache in
iwlwifi hardware for WoWLAN, we need to calculate
the P1K for the current IV32. Allow drivers to get
the P1K for any given IV32 instead of for a given
packet, but keep the packet-based version around as
an inline.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to implement GTK rekeying, the device needs
to be able to encrypt frames with the right PN/IV and
check the PN/IV in RX frames. To be able to tell it
about all those counters, we need to be able to get
them from mac80211, this adds the required API.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current rx->queue value is slightly confusing.
It is set to 16 on non-QoS frames, including data,
and then used for sequence number and PN/IV checks.
Until recently, we had a TKIP IV checking bug that
had been introduced in 2008 to fix a seqno issue.
Before that, we always used TID 0 for checking the
PN or IV on non-QoS packets.
Go back to the old status for PN/IV checks using
the TID 0 counter for non-QoS by splitting up the
rx->queue value into "seqno_idx" and "security_idx"
in order to avoid confusion in the future. They
each have special rules on the value used for non-
QoS data frames.
Since the handling is now unified, also revert the
special TKIP handling from my patch
"mac80211: fix TKIP replay vulnerability".
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
mac80211 has a defnition of AES_BLOCK_SIZE and
multiple definitions of AES_BLOCK_LEN. Remove
them all and use crypto/aes.h.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Just like TKIP and CCMP, CMAC has the PN race.
It might not actually be possible to hit it now
since there aren't multiple ACs for management
frames, but fix it anyway.
Also move scratch buffers onto the stack.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since we can process multiple packets at the
same time for different ACs, but the PN is
allocated from a single counter, we need to
use an atomic value there. Use atomic64_t to
make this cheaper on 64-bit platforms, other
platforms will support this through software
emulation, see lib/atomic64.c.
We also need to use an on-stack scratch buf
so that multiple packets won't corrupt each
others scratch buffers.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds the necessary mac80211 APIs to support
GTK rekey offload, mirroring the functionality
from cfg80211.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In certain circumstances, like WoWLAN scenarios,
devices may implement (partial) GTK rekeying on
the device to avoid waking up the host for it.
In order to successfully go through GTK rekeying,
the KEK, KCK and the replay counter are required.
Add API to let the supplicant hand the parameters
to the driver which may store it for future GTK
rekey operations.
Note that, of course, if GTK rekeying is done by
the device, the EAP frame must not be passed up
to userspace, instead a rekey event needs to be
sent to let userspace update its replay counter.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
|
