summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-19Bluetooth: Move New LTK store hint evaluation into mgmt_new_ltkJohan Hedberg
It's simpler (one less if-statement) to just evaluate the appropriate value for store_hint in the mgmt_new_ltk function than to pass a boolean parameter to the function. Furthermore, this simplifies moving the mgmt event emission out from hci_add_ltk in subsequent patches. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-19Bluetooth: Return added key when adding LTKs and IRKsJohan Hedberg
The SMP code will need to postpone the mgmt event emission for the IRK and LTKs. To avoid extra lookups at the end of the key distribution simply return the added value from the add_ltk and add_irk functions. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-19Bluetooth: Avoid using GFP_ATOMIC where not necessaryJohan Hedberg
The various pieces of data cached in the hci_dev structure do not need to be allocated using GFP_ATOMIC since they are never added from interrupt context. This patch updates these allocations to use GFP_KERNEL instead. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-19Bluetooth: Use same LE min/max connection event length during updateMarcel Holtmann
During LE connection establishment the value 0x0000 is used for min/max connection event length. So use the same value when the peripheral is requesting an update of the the connection paramters. For some reason the value 0x0001 got used in the connection update and 0x0000 in the connection creation. Using the same value for both just makes sense. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-19Bluetooth: Expose current list of identity resolving keys via debugfsMarcel Holtmann
For debugging purposes expose the current list of identity resolving keys via debugfs. This file is read-only and limited to root access. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-19Bluetooth: Fix wrong identity address during connection failuresMarcel Holtmann
When the connection attempt fails, the address information are not provided in the HCI_LE_Connection_Complete event. So use the original information from the connection to reconstruct the identity address. This is important when a connection attempt has been made using the identity address, but the cached resolvable random address has changed in the meantime. The failure event needs to use the identity address and not the resolvable random address. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-19Bluetooth: Use connection address for reporting connection failuresMarcel Holtmann
When reporting connect failed events to userspace, use the address of the connection and not the address from the HCI event. This change is strictly speaking not needed since BR/EDR does not have the concept of resolvable random addresses. It is more for making the code consistent. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-19Bluetooth: Report identity address when remote device connectsMarcel Holtmann
When the remote device has been successfully connected, report the identity address (public address or static random address). Currently the address from the HCI_LE_Connection_Complete event is used. This was no problem so far, but since now known resolvable random addresses are converted into identities, it is important to use the identity of the connection and not the address report by HCI event. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-18Bluetooth: Print error when dropping L2CAP dataSzymon Janc
Silently dropping L2CAP data (i.e. due to remote device not obeying negotiated MTU) is confusing and makes debugging harder. Signed-off-by: Szymon Janc <szymon.janc@gmail.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Use Identity Address in Device Found eventJohan Hedberg
Whenever a device uses an RPA we want to have user space identify it by its Identity Address if we've got an IRK available for it. This patch updates the Device Found mgmt event to contain the Identity Address if an IRK is available for the device in question. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Look up RPA for connection requests with Identity AddressJohan Hedberg
We need to check whether there's a matching IRK and RPA when we're requested to connect to a remote LE device based on its Identity Address. This patch updates the hci_connect_le function to do an extra call to hci_find_irk_by_addr and uses the RPA if it's cached. This is particularly important once we start exposing the Identity Address to user space instead of the RPA in events such as Device Connected and Device Found. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Don't try to look up private addresses as Identity AddressJohan Hedberg
Identity Addresses are either public or static random. When looking up addresses based on the Identity Address it doesn't make sense to go through the IRK list if we're given a private random address. This patch fixes (or rather improves) the hci_find_irk_by_addr function to bail out early if given a private random address. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Wait for SMP key distribution completion when pairingJohan Hedberg
When we initiate pairing through mgmt_pair_device the code has so far been waiting for a successful HCI Encrypt Change event in order to respond to the mgmt command. However, putting privacy into the play we actually want the key distribution to be complete before replying so that we can include the Identity Address in the mgmt response. This patch updates the various hci_conn callbacks for LE in mgmt.c to only respond in the case of failure, and adds a new mgmt_smp_complete function that the SMP code will call once key distribution has been completed. Since the smp_chan_destroy function that's used to indicate completion and clean up the SMP context can be called from various places, including outside of smp.c, the easiest way to track failure vs success is a new flag that we set once key distribution has been successfully completed. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix updating Identity Address in L2CAP channelsJohan Hedberg
When we receive a remote identity address during SMP key distribution we should ensure that any associated L2CAP channel instances get their address information correspondingly updated (so that e.g. doing getpeername on associated sockets returns the correct address). This patch adds a new L2CAP core function l2cap_conn_update_id_addr() which is used to iterate through all L2CAP channels associated with a connection and update their address information. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Track the LE Identity Address in struct hci_connJohan Hedberg
Since we want user space to see and use the LE Identity Address whenever interfacing with the kernel it makes sense to track that instead of the real address (the two will only be different in the case of an RPA). This patch adds the necessary updates to when an LE connection gets established and when receiving the Identity Address from a remote device. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Remove SMP data specific crypto contextJohan Hedberg
Now that each HCI device has its own AES crypto context we don't need the one stored in the SMP data any more. This patch removes the variable from struct smp_chan and updates the SMP code to use the per-hdev crypto context. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: append new supported device to the list [0b05:17d0]Andy Shevchenko
The device found on Asus Z87 Expert motherboard requires firmware to work correctly. T: Bus=03 Lev=01 Prnt=01 Port=03 Cnt=02 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0b05 ProdID=17d0 Rev=00.02 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: sort the list of IDs in the source codeAndy Shevchenko
This will help to manage table of supported IDs. There is no functional change. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: allocate static minor for vhciLucas De Marchi
Commit bfacbb9 (Bluetooth: Use devname:vhci module alias for virtual HCI driver) added the module alias to hci_vhci module so it's possible to create the /dev/vhci node. However creating an alias without specifying the minor doesn't allow us to create the node ahead, triggerring module auto-load when it's first accessed. Starting with depmod from kmod 16 we started to warn if there's a devname alias without specifying the major and minor. Let's do the same done for uhid, kvm, fuse and others, specifying a fixed minor. In systems with systemd as the init the following will happen: on early boot systemd will call "kmod static-nodes" to read /lib/modules/$(uname -r)/modules.devname and then create the nodes. When first accessed these "dead" nodes will trigger the module loading. Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Add convenience function for fetching IRKsJohan Hedberg
There are many situations where we need to check if an LE address is an RPA and if so try to look up the IRK for it. To simplify such cases this patch adds a convenience function for the job. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix removing any IRKs when unpairing devicesJohan Hedberg
When mgmt_unpair_device is called we should also remove any associated IRKs. This patch adds a hci_remove_irk convenience function and ensures that it's called when mgmt_unpair_device is called. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix completing SMP as peripheral when no keys are expectedJohan Hedberg
When we're the acceptors (peripheral/slave) of an SMP procedure and we've completed distributing our keys we should only stick around waiting for keys from the remote side if any of the initiator distribution bits were actually set. This patch fixes the smp_distribute_keys function to clear the SMP context when this situation occurs. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix hci_remove_ltk failure when no match is foundJohan Hedberg
There is code (in mgmt.c) that depends on the hci_remove_ltk function to fail if no match is found. This patch adds tracking of removed LTKs (there can be up to two: one for master and another for slave) in the hci_remove_ltk function and returns -ENOENT of no matches were found. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Remove return values from functions that don't need themJohan Hedberg
There are many functions that never fail but still declare an integer return value for no reason. This patch converts these functions to use a void return value to avoid any confusion of whether they can fail or not. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix missing address type check for removing LTKsJohan Hedberg
When removing Long Term Keys we should also be checking that the given address type (public vs random) matches. This patch updates the hci_remove_ltk function to take an extra parameter and uses it for address type matching. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix properly ignoring unexpected SMP PDUsJohan Hedberg
If we didn't request certain pieces of information during the key distribution negotiation we should properly ignore those PDUs if the peer incorrectly sends them. This includes the Encryption Information and Master Identification PDUs if the EncKey bit was not set, and the Identity Information and Identity Address Information PDUs if the IdKey bit was not set. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Enable support for remote IRK distributionJohan Hedberg
This patch does the necessary changes to request the remote device to distribute its IRK to us during the SMP pairing procedure. This includes setting the right key distribution values in the pairing request/response and handling of the two related SMP PDUs, i.e. Identity Information and Identity Address Information. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Implement mgmt_load_irks commandJohan Hedberg
This patch implements the Load IRKs command for the management interface. The command is used to load the kernel with the initial set of IRKs. It also sets a HCI_RPA_RESOLVING flag to indicate that we can start requesting devices to distribute their IRK to us. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Add hci_bdaddr_is_rpa convenience functionJohan Hedberg
When implementing support for Resolvable Private Addresses (RPAs) we'll need to in several places be able to identify such addresses. This patch adds a simple convenience function to do the identification of the address type. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Add basic IRK management supportJohan Hedberg
This patch adds the initial IRK storage and management functions to the HCI core. This includes storing a list of IRKs per HCI device and the ability to add, remove and lookup entries in that list. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Add AES crypto context for each HCI deviceJohan Hedberg
Previously the crypto context has only been available for LE SMP sessions, but now that we'll need to perform operations also during discovery it makes sense to have this context part of the hci_dev struct. Later, the context can be removed from the SMP context. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Add smp_irk_matches helper functionJohan Hedberg
This patch adds a helper function to check whether a given IRK matches a given Resolvable Private Address (RPA). The function will be needed for implementing the rest of address resolving support. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix minor whitespace issues in SMP codeJohan Hedberg
This patch fixes a couple of unnecessary empty lines in the SMP code. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-18Bluetooth: Fix missing PDU length checks for SMPJohan Hedberg
For each received SMP PDU we need to check that we have enough data to fit the specified size of the PDU. This patch adds the necessary checks for each SMP PDU handler and ensures that buffer overflows do not occur if to little data has been received. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-17Bluetooth: Allow HCI User Channel usage for controllers without addressMarcel Holtmann
Trying to setup HCI User Channel usage for LE only controllers without a public address or configured static address will fail with an error saying that no address is available. In case of HCI User Channel the requirement for a valid address is not needed. So allow skipping this extra validation step. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-17Bluetooth: Add missing index added event on user channel failureMarcel Holtmann
When the setup of user channel fails, the index added event is not sent and will cause issues with user interaction. This problem can be easily triggered with a LE only controller without a public address. In that case hci_dev_open() fails and that error case is not sending an event saying that the controller is available for normal use again. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-17Bluetooth: Fix sending wrong store hint for new long term keysMarcel Holtmann
The long term keys should only be stored when they belong to an indentity address. The identity address can either be a public address or a random static address. For all other addresses (unresovable or resolvable) tell userspace that the long term key is not persistent. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-17Bluetooth: Restrict long term keys to public and static addressesMarcel Holtmann
The long term keys should be associated with an identity address. Valid identity addresses are public addresses or static addresses. So only allow these two as valid address information for long term keys. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-02-15Bluetooth: btusb: Add IMC Networks (Broadcom based)Jurgen Kramer
Add support for IMC Networks (Broadcom based) to btusb driver. Below the output of /sys/kernel/debug/usb/devices for this device: T: Bus=01 Lev=02 Prnt=02 Port=04 Cnt=01 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3404 Rev= 1.12 S: Manufacturer=Broadcom Corp S: Product=BCM20702A0 S: SerialNumber=240A649F8246 C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) Signed-off-by: Jurgen Kramer <gtmkramer@xs4all.nl> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Fix write_room() calculationPeter Hurley
The skb truesize of a 12-byte payload with a 10-byte head/tail reserve is 768 bytes. Consequently, even with 40 tx_credits, at most 6 packets could be queued at any one time: 40 tx_credits * 127-byte mtu < 768-byte truesize * 7 This error could also cause the tx queue to apparently stall if credit flow control is disabled (where tx_credits is fixed at 5), or if the receiver only granted a limited number of tx credits (eg., less than 7). Instead, track the outstanding number of queued packets not yet sent in wmem_alloc and allow for a maximum of 40 queued packets. Report the space avail for a single write() as the mtu * number of packets left before reaching the maximum. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Refactor write_room() calculationPeter Hurley
Compute the amount of space available for a single write() within rfcomm_room(); clamp to 0 for negative values. Note this patch does not change the result of the computation. Report the amount of room returned in the debug printk. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Don't fail RFCOMM tty writesPeter Hurley
The tty driver api design prefers no-fail writes if the driver write_room() method has previously indicated space is available to accept writes. Since this is trivially possible for the RFCOMM tty driver, do so. Introduce rfcomm_dlc_send_noerror(), which queues but does not schedule the krfcomm thread if the dlc is not yet connected (and thus does not error based on the connection state). The mtu size test is also unnecessary since the caller already chunks the written data into mtu size. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Force -EIO from tty read/write if .activate() failsPeter Hurley
If rfcomm_dlc_open() fails, set tty into error state which returns -EIO from reads and writes. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Cleanup RFCOMM device registration error handlingPeter Hurley
If RFCOMM tty device registration fails, cleanup by releasing the tty_port reference to trigger rfcomm_dev destruction (rather than open-coding it). The dlc reference release is moved into rfcomm_dev_add(), which ensures cleanup in both error paths -- ie., if __rfcomm_dev_add() fails or if tty_port_register_device() fails. Fixes releasing the module reference if device registration fails. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Refactor rfcomm_dev_add()Peter Hurley
Move rfcomm_dev allocation and initialization into new function, __rfcomm_dev_add(), to simplify resource release in error handling. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Serialize RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctlsPeter Hurley
At least two different race conditions exist with multiple concurrent RFCOMMCREATEDEV and RFCOMMRELEASEDEV ioctls: * Multiple concurrent RFCOMMCREATEDEVs with RFCOMM_REUSE_DLC can mistakenly share the same DLC. * RFCOMMRELEASEDEV can destruct the rfcomm_dev still being constructed by RFCOMMCREATEDEV. Introduce rfcomm_ioctl_mutex to serialize these add/remove operations. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Rename __rfcomm_dev_get() to __rfcomm_dev_lookup()Peter Hurley
Functions which search lists for matching id's are more commonly named *_lookup, which is the convention in the bluetooth core as well. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Fix RFCOMM parent device for reused dlcPeter Hurley
The RFCOMM tty device is parented to the acl link device when the dlc state_change(BT_CONNECTED) notification is received. However, if the dlc from the RFCOMM socket is being reused (RFCOMM_REUSE_DLC is set), then the dlc may already be connected, and no notification will occur. Instead, always parent the RFCOMM tty device to the acl link device at registration time. If the acl link device is not available (eg, because the dlc is not connected) then the tty will remain unparented until the BT_CONNECTED notification is received. Fixes regression with ModemManager when the rfcomm device is created with the flag RFCOMM_REUSE_DLC. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Fix unsafe RFCOMM device parentingPeter Hurley
Accessing the results of hci_conn_hash_lookup_ba() is unsafe without holding the hci_dev_lock() during the lookup. For example: CPU 0 | CPU 1 hci_conn_hash_lookup_ba | hci_conn_del rcu_read_lock | hci_conn_hash_del list_for_each_entry_rcu | list_del_rcu if (.....) | synchronize_rcu rcu_read_unlock | | hci_conn_del_sysfs | hci_dev_put | hci_conn_put | put_device (last reference) | bt_link_release | kfree(conn) return p << just freed | Even if a hci_conn reference were taken (via hci_conn_get), would not guarantee the lifetime of the sysfs device, but only safe access to the in-memory structure. Ensure the hci_conn device stays valid while the rfcomm device is reparented; rename rfcomm_get_device() to rfcomm_reparent_device() and perform the reparenting within the function while holding the hci_dev_lock. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-02-14Bluetooth: Directly close dlc for not yet started RFCOMM sessionPeter Hurley
If the RFCOMM session has not yet been started (ie., session is still in BT_BOUND state) when a dlc is closed, directly close and unlink the dlc rather than sending a DISC frame that is never sent. This allows the dlci to be immediately reused rather than waiting for a 20 second timeout. Signed-off-by: Peter Hurley <peter@hurleysoftware.com> Tested-By: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>