Fix setting of ENCRYPTION_PENDING and Connection refcnt's that could
be out of sync due to remote slave issued security requests.
Change-Id: Ie72abd0648182db0ef60693820139f40ef2e4bf6
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Socket lookup for a fixed channel should be done based on both remote and
local device addresses.
Change-Id: I35f39bea8ade6fd5d8695640251efc54bf21beae
Signed-off-by: Inga Stotland <ingas@codeaurora.org>
If LE devices stop advertising or go out of range, we need
to apply a timeout because the baseband doesn't.
Change-Id: I115672e21fd8aef56ac688b2df4664bb74b725e4
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Store the link key persistently if one of the following is true:
1. this is a legacy link key
2. this is a changed combination key and there was a previously
stored one
3. neither local nor remote side had no-bonding as a requirement
4. the local side had dedicated bonding as a requirement
5. the remote side is using dedicated bonding since in that case
also the local requirements are set to dedicated bonding
If none of the above match only keep the link key around for
this connection and set the temporary flag for the device.
CRs-Fixed: 309161
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
Timer that was started at beginning of LE Pairing did not correctly
terminate pairing process when it fired, and was not properly cleaned
up on pairing completion.
Signed-off-by: Brian Gix <bgix@codeaurora.org>
During a move collision, both devices start out thinking they are the
initiator. The loser of the collision switches from the initiator role
to the responder role when receiving a move request from the remote
device. However, a move response will also be received by the loser
after the role switch has occurred.
The loser of the collision was incorrectly modifying the AMP move
state in the move response handler. This kept it from sending a move
channel response to the remote device, which stalled the channel move
process.
This change makes sure the AMP move state remains valid, so the
channel move succeeds.
CRs-fixed: 308382
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
When sock_put() is called on an L2CAP socket, if the reference count
on a sock goes to 0, l2cap_sock_release() is called. As part of the
release, l2cap_sock_shutdown() locks the socket. This is not allowable
in interrupt context. This change makes calls to sock_put() on the
system workqueue, where it can safely lock.
This addresses "scheduling while atomic" issues in both the Bluetooth
mgmt_ops pairing code and when RFCOMM sessions are deleted in a
security_cfm callback.
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
When remote device do not have link key, DUT will try to reinitiate
authentication process. We should remove the link key before
reinitiating authentication process. This was fixed in hciops in
Bluez user space. Adding this change for mgmtops to handle this
case in kernel space.
CRs-fixed: 307063
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
An incoming AMP "create channel" connection would trigger an info
request and an AMP physical accept sequence at the same time. Since
accepting an AMP physical link is a local operation, it would complete
quickly and send a config request before the info response was
received.
If there is an outstanding info request, the AMP physical link should
not be accepted yet. Existing logic in l2cap_conn_start() will accept
the physical link when the info response is received.
CRs-fixed: 307243
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
If hci_dev_open() returns no error or EALREADY, allow the power on
sequence to proceed.
Signed-off-by: Inga Stotland <ingas@codeaurora.org>
Conflicts:
net/bluetooth/hci_core.c
When remote device is connected outside the control of BlueZ, it
needs to be informed of whether the new connection is LE or BR/EDR.
Signed-off-by: Brian Gix <bgix@codeaurora.org>
There was a crashing issue when pairing was performed on LE connections
that were already up, due to a NULL function pointer being followed.
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When LE was added, the refcnt's for the hci_conns used were not balanced
and some of this bleeded over between LE pairing and Legacy pairing.
CRs-fixed: 305391
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Enabled ECB Block encoding for Low Energy pairing
Implemented missing components of MGMTOPS interface
Differentiated as needed between BR/EDR pairing and LE pairing
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Conflicts:
net/bluetooth/mgmt.c
Redundant calls to hci_setup_event_mask() prematurly exited Init state
when first call when erroneously detected as the last cmd sent.
CRs-fixed: 302804
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Handle -EALREADY error in hci_sock of hci_dev_open as indication that
the HCI device is already open. This was causing reset inducing timeout,
and removed unused/useless check of failure in power-up code.
Signed-off-by: Brian Gix <bgix@codeaurora.org>
RFCOMM Frame size changes to accomodate the credits in the data packet.
Earlier implementation was not considering the 1 Byte required for
Credits information in data packet and hence was considering the
RFCOMM header plus FCS as 5 Bytes.
Because of this if the remote device sends a data packet with
negotiated frame size and credits information,packet size exceeds L2CAPMTU
and will be discarded by L2CAP.
CRs-fixed: 303518
Signed-off-by: Mallikarjuna GB <gbmalli@codeaurora.org>
SAP profile requires 16 pin length authentication for BT 1.2/2.0
devices as per specification. These changes were present for hciops
pluging, the current changes are for Management operations plugin.
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Add send and receive of Extended Flow Spec option during L2CAP
lockstep configuration and passing the flow specs to HCI.
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Conflicts:
include/net/bluetooth/hci.h
include/net/bluetooth/hci_core.h
net/bluetooth/l2cap_core.c
The MAXI_EN2 register is no longer owned by the RPM. Add local
control of the VPE and Rotator AXI clocks which are in it.
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Change-Id: I6876ea5134e90d1f3d0f84e8ed40b92977b3df64
Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
When an hidp connection is added for a boot protocol input
device, don't release a device reference that was never
acquired. The device reference is acquired when the session
is linked to the session list (which hasn't happened yet when
hidp_setup_input is called).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
When an hidp connection is added for a boot protocol input
device, only free the allocated device if device registration fails.
Subsequent failures should only unregister the device (the input
device api documents that unregister will also free the allocated
device).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Once the session thread is running, cleanup must be
handled by the session thread only.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Commit f4d7cd4a4c introduced the usage of kthread API.
kthread_stop is a blocking function which returns only when
the thread exits. In this case, the thread can't exit because it's
waiting for the write lock, which is being held by bnep_del_connection()
which is waiting for the thread to exit -- deadlock.
Use atomic_t/wake_up_process instead to signal to the thread to exit.
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
No command should be send before Command Complete event for HCI
reset is received. This fix regression introduced by commit
6bd32326cda(Bluetooth: Use proper timer for hci command timout)
for chips whose reset command takes longer to complete (e.g. CSR)
resulting in next command being send before HCI reset completed.
Signed-off-by: Szymon Janc <szymon@janc.net.pl>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
