xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
派生 0
代码 工单 合并请求 工作流 软件包 项目 发布 百科 活动

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

浏览代码 
Pull networking updates from David Miller:

 1) New offloading infrastructure and example 'rocker' driver for
    offloading of switching and routing to hardware.

    This work was done by a large group of dedicated individuals, not
    limited to: Scott Feldman, Jiri Pirko, Thomas Graf, John Fastabend,
    Jamal Hadi Salim, Andy Gospodarek, Florian Fainelli, Roopa Prabhu

 2) Start making the networking operate on IOV iterators instead of
    modifying iov objects in-situ during transfers.  Thanks to Al Viro
    and Herbert Xu.

 3) A set of new netlink interfaces for the TIPC stack, from Richard
    Alpe.

 4) Remove unnecessary looping during ipv6 routing lookups, from Martin
    KaFai Lau.

 5) Add PAUSE frame generation support to gianfar driver, from Matei
    Pavaluca.

 6) Allow for larger reordering levels in TCP, which are easily
    achievable in the real world right now, from Eric Dumazet.

 7) Add a variable of napi_schedule that doesn't need to disable cpu
    interrupts, from Eric Dumazet.

 8) Use a doubly linked list to optimize neigh_parms_release(), from
    Nicolas Dichtel.

 9) Various enhancements to the kernel BPF verifier, and allow eBPF
    programs to actually be attached to sockets.  From Alexei
    Starovoitov.

10) Support TSO/LSO in sunvnet driver, from David L Stevens.

11) Allow controlling ECN usage via routing metrics, from Florian
    Westphal.

12) Remote checksum offload, from Tom Herbert.

13) Add split-header receive, BQL, and xmit_more support to amd-xgbe
    driver, from Thomas Lendacky.

14) Add MPLS support to openvswitch, from Simon Horman.

15) Support wildcard tunnel endpoints in ipv6 tunnels, from Steffen
    Klassert.

16) Do gro flushes on a per-device basis using a timer, from Eric
    Dumazet.  This tries to resolve the conflicting goals between the
    desired handling of bulk vs.  RPC-like traffic.

17) Allow userspace to ask for the CPU upon what a packet was
    received/steered, via SO_INCOMING_CPU.  From Eric Dumazet.

18) Limit GSO packets to half the current congestion window, from Eric
    Dumazet.

19) Add a generic helper so that all drivers set their RSS keys in a
    consistent way, from Eric Dumazet.

20) Add xmit_more support to enic driver, from Govindarajulu
    Varadarajan.

21) Add VLAN packet scheduler action, from Jiri Pirko.

22) Support configurable RSS hash functions via ethtool, from Eyal
    Perry.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1820 commits)
  Fix race condition between vxlan_sock_add and vxlan_sock_release
  net/macb: fix compilation warning for print_hex_dump() called with skb->mac_header
  net/mlx4: Add support for A0 steering
  net/mlx4: Refactor QUERY_PORT
  net/mlx4_core: Add explicit error message when rule doesn't meet configuration
  net/mlx4: Add A0 hybrid steering
  net/mlx4: Add mlx4_bitmap zone allocator
  net/mlx4: Add a check if there are too many reserved QPs
  net/mlx4: Change QP allocation scheme
  net/mlx4_core: Use tasklet for user-space CQ completion events
  net/mlx4_core: Mask out host side virtualization features for guests
  net/mlx4_en: Set csum level for encapsulated packets
  be2net: Export tunnel offloads only when a VxLAN tunnel is created
  gianfar: Fix dma check map error when DMA_API_DEBUG is enabled
  cxgb4/csiostor: Don't use MASTER_MUST for fw_hello call
  net: fec: only enable mdio interrupt before phy device link up
  net: fec: clear all interrupt events to support i.MX6SX
  net: fec: reset fep link status in suspend function
  net: sock: fix access via invalid file descriptor
  net: introduce helper macro for_each_cmsghdr
  ...
这个提交包含在:
Linus Torvalds
2014-12-11 14:27:06 -08:00
父节点 bae41e45b7 00c83b01d5
当前提交 70e71ca0af
修改 1336 个文件,包含 70853 行新增29184 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

307
net/bluetooth/6lowpan.c
查看文件

@@ -53,7 +53,7 @@ struct skb_cb {
* The list contains struct lowpan_dev elements.
*/
static LIST_HEAD(bt_6lowpan_devices);
static DEFINE_RWLOCK(devices_lock);
static DEFINE_SPINLOCK(devices_lock);
/* If psm is set to 0 (default value), then 6lowpan is disabled.
* Other values are used to indicate a Protocol Service Multiplexer
@@ -67,6 +67,7 @@ static struct l2cap_chan *listen_chan;
struct lowpan_peer {
struct list_head list;
struct rcu_head rcu;
struct l2cap_chan *chan;
/* peer addresses in various formats */
@@ -93,13 +94,14 @@ static inline struct lowpan_dev *lowpan_dev(const struct net_device *netdev)
static inline void peer_add(struct lowpan_dev *dev, struct lowpan_peer *peer)
{
list_add(&peer->list, &dev->peers);
list_add_rcu(&peer->list, &dev->peers);
atomic_inc(&dev->peer_count);
}
static inline bool peer_del(struct lowpan_dev *dev, struct lowpan_peer *peer)
{
list_del(&peer->list);
list_del_rcu(&peer->list);
kfree_rcu(peer, rcu);
module_put(THIS_MODULE);
@@ -114,31 +116,37 @@ static inline bool peer_del(struct lowpan_dev *dev, struct lowpan_peer *peer)
static inline struct lowpan_peer *peer_lookup_ba(struct lowpan_dev *dev,
bdaddr_t *ba, __u8 type)
{
struct lowpan_peer *peer, *tmp;
struct lowpan_peer *peer;
BT_DBG("peers %d addr %pMR type %d", atomic_read(&dev->peer_count),
ba, type);
list_for_each_entry_safe(peer, tmp, &dev->peers, list) {
rcu_read_lock();
list_for_each_entry_rcu(peer, &dev->peers, list) {
BT_DBG("dst addr %pMR dst type %d",
&peer->chan->dst, peer->chan->dst_type);
if (bacmp(&peer->chan->dst, ba))
continue;
if (type == peer->chan->dst_type)
if (type == peer->chan->dst_type) {
rcu_read_unlock();
return peer;
}
}
rcu_read_unlock();
return NULL;
}
static inline struct lowpan_peer *peer_lookup_chan(struct lowpan_dev *dev,
struct l2cap_chan *chan)
static inline struct lowpan_peer *__peer_lookup_chan(struct lowpan_dev *dev,
struct l2cap_chan *chan)
{
struct lowpan_peer *peer, *tmp;
struct lowpan_peer *peer;
list_for_each_entry_safe(peer, tmp, &dev->peers, list) {
list_for_each_entry_rcu(peer, &dev->peers, list) {
if (peer->chan == chan)
return peer;
}
@@ -146,12 +154,12 @@ static inline struct lowpan_peer *peer_lookup_chan(struct lowpan_dev *dev,
return NULL;
}
static inline struct lowpan_peer *peer_lookup_conn(struct lowpan_dev *dev,
struct l2cap_conn *conn)
static inline struct lowpan_peer *__peer_lookup_conn(struct lowpan_dev *dev,
struct l2cap_conn *conn)
{
struct lowpan_peer *peer, *tmp;
struct lowpan_peer *peer;
list_for_each_entry_safe(peer, tmp, &dev->peers, list) {
list_for_each_entry_rcu(peer, &dev->peers, list) {
if (peer->chan->conn == conn)
return peer;
}
@@ -163,7 +171,7 @@ static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_dev *dev,
struct in6_addr *daddr,
struct sk_buff *skb)
{
struct lowpan_peer *peer, *tmp;
struct lowpan_peer *peer;
struct in6_addr *nexthop;
struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
int count = atomic_read(&dev->peer_count);
@@ -174,9 +182,13 @@ static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_dev *dev,
* send the packet. If only one peer exists, then we can send the
* packet right away.
*/
if (count == 1)
return list_first_entry(&dev->peers, struct lowpan_peer,
list);
if (count == 1) {
rcu_read_lock();
peer = list_first_or_null_rcu(&dev->peers, struct lowpan_peer,
list);
rcu_read_unlock();
return peer;
}
if (!rt) {
nexthop = &lowpan_cb(skb)->gw;
@@ -195,53 +207,57 @@ static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_dev *dev,
BT_DBG("gw %pI6c", nexthop);
list_for_each_entry_safe(peer, tmp, &dev->peers, list) {
rcu_read_lock();
list_for_each_entry_rcu(peer, &dev->peers, list) {
BT_DBG("dst addr %pMR dst type %d ip %pI6c",
&peer->chan->dst, peer->chan->dst_type,
&peer->peer_addr);
if (!ipv6_addr_cmp(&peer->peer_addr, nexthop))
if (!ipv6_addr_cmp(&peer->peer_addr, nexthop)) {
rcu_read_unlock();
return peer;
}
}
rcu_read_unlock();
return NULL;
}
static struct lowpan_peer *lookup_peer(struct l2cap_conn *conn)
{
struct lowpan_dev *entry, *tmp;
struct lowpan_dev *entry;
struct lowpan_peer *peer = NULL;
unsigned long flags;
read_lock_irqsave(&devices_lock, flags);
rcu_read_lock();
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices, list) {
peer = peer_lookup_conn(entry, conn);
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
peer = __peer_lookup_conn(entry, conn);
if (peer)
break;
}
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_unlock();
return peer;
}
static struct lowpan_dev *lookup_dev(struct l2cap_conn *conn)
{
struct lowpan_dev *entry, *tmp;
struct lowpan_dev *entry;
struct lowpan_dev *dev = NULL;
unsigned long flags;
read_lock_irqsave(&devices_lock, flags);
rcu_read_lock();
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices, list) {
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
if (conn->hcon->hdev == entry->hdev) {
dev = entry;
break;
}
}
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_unlock();
return dev;
}
@@ -249,59 +265,49 @@ static struct lowpan_dev *lookup_dev(struct l2cap_conn *conn)
static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev)
{
struct sk_buff *skb_cp;
int ret;
skb_cp = skb_copy(skb, GFP_ATOMIC);
if (!skb_cp)
return -ENOMEM;
ret = netif_rx(skb_cp);
if (ret < 0) {
BT_DBG("receive skb %d", ret);
return NET_RX_DROP;
}
return ret;
return netif_rx(skb_cp);
}
static int process_data(struct sk_buff *skb, struct net_device *netdev,
struct l2cap_chan *chan)
static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev,
struct l2cap_chan *chan)
{
const u8 *saddr, *daddr;
u8 iphc0, iphc1;
struct lowpan_dev *dev;
struct lowpan_peer *peer;
unsigned long flags;
dev = lowpan_dev(netdev);
read_lock_irqsave(&devices_lock, flags);
peer = peer_lookup_chan(dev, chan);
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_lock();
peer = __peer_lookup_chan(dev, chan);
rcu_read_unlock();
if (!peer)
goto drop;
return -EINVAL;
saddr = peer->eui64_addr;
daddr = dev->netdev->dev_addr;
/* at least two bytes will be used for the encoding */
if (skb->len < 2)
goto drop;
return -EINVAL;
if (lowpan_fetch_skb_u8(skb, &iphc0))
goto drop;
return -EINVAL;
if (lowpan_fetch_skb_u8(skb, &iphc1))
goto drop;
return -EINVAL;
return lowpan_process_data(skb, netdev,
saddr, IEEE802154_ADDR_LONG, EUI64_ADDR_LEN,
daddr, IEEE802154_ADDR_LONG, EUI64_ADDR_LEN,
iphc0, iphc1, give_skb_to_upper);
return lowpan_header_decompress(skb, netdev,
saddr, IEEE802154_ADDR_LONG,
EUI64_ADDR_LEN, daddr,
IEEE802154_ADDR_LONG, EUI64_ADDR_LEN,
iphc0, iphc1);
drop:
kfree_skb(skb);
return -EINVAL;
}
static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
@@ -316,6 +322,10 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
if (dev->type != ARPHRD_6LOWPAN)
goto drop;
skb = skb_share_check(skb, GFP_ATOMIC);
if (!skb)
goto drop;
/* check that it's our buffer */
if (skb->data[0] == LOWPAN_DISPATCH_IPV6) {
/* Copy the packet so that the IPv6 header is
@@ -340,8 +350,8 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
dev->stats.rx_bytes += skb->len;
dev->stats.rx_packets++;
kfree_skb(local_skb);
kfree_skb(skb);
consume_skb(local_skb);
consume_skb(skb);
} else {
switch (skb->data[0] & 0xe0) {
case LOWPAN_DISPATCH_IPHC: /* ipv6 datagram */
@@ -349,14 +359,27 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
if (!local_skb)
goto drop;
ret = process_data(local_skb, dev, chan);
if (ret != NET_RX_SUCCESS)
ret = iphc_decompress(local_skb, dev, chan);
if (ret < 0) {
kfree_skb(local_skb);
goto drop;
}
local_skb->protocol = htons(ETH_P_IPV6);
local_skb->pkt_type = PACKET_HOST;
local_skb->dev = dev;
if (give_skb_to_upper(local_skb, dev)
!= NET_RX_SUCCESS) {
kfree_skb(local_skb);
goto drop;
}
dev->stats.rx_bytes += skb->len;
dev->stats.rx_packets++;
kfree_skb(skb);
consume_skb(local_skb);
consume_skb(skb);
break;
default:
break;
@@ -443,7 +466,6 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev,
if (ipv6_addr_is_multicast(&ipv6_daddr)) {
lowpan_cb(skb)->chan = NULL;
} else {
unsigned long flags;
u8 addr_type;
/* Get destination BT device from skb.
@@ -454,19 +476,14 @@ static int setup_header(struct sk_buff *skb, struct net_device *netdev,
BT_DBG("dest addr %pMR type %d IP %pI6c", &addr,
addr_type, &ipv6_daddr);
read_lock_irqsave(&devices_lock, flags);
peer = peer_lookup_ba(dev, &addr, addr_type);
read_unlock_irqrestore(&devices_lock, flags);
if (!peer) {
/* The packet might be sent to 6lowpan interface
* because of routing (either via default route
* or user set route) so get peer according to
* the destination address.
*/
read_lock_irqsave(&devices_lock, flags);
peer = peer_lookup_dst(dev, &ipv6_daddr, skb);
read_unlock_irqrestore(&devices_lock, flags);
if (!peer) {
BT_DBG("no such peer %pMR found", &addr);
return -ENOENT;
@@ -520,12 +537,12 @@ static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb,
*/
chan->data = skb;
memset(&msg, 0, sizeof(msg));
msg.msg_iov = (struct iovec *) &iv;
msg.msg_iovlen = 1;
iv.iov_base = skb->data;
iv.iov_len = skb->len;
memset(&msg, 0, sizeof(msg));
iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &iv, 1, skb->len);
err = l2cap_chan_send(chan, &msg, skb->len);
if (err > 0) {
netdev->stats.tx_bytes += err;
@@ -549,14 +566,13 @@ static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb,
static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
{
struct sk_buff *local_skb;
struct lowpan_dev *entry, *tmp;
unsigned long flags;
struct lowpan_dev *entry;
int err = 0;
read_lock_irqsave(&devices_lock, flags);
rcu_read_lock();
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices, list) {
struct lowpan_peer *pentry, *ptmp;
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
struct lowpan_peer *pentry;
struct lowpan_dev *dev;
if (entry->netdev != netdev)
@@ -564,7 +580,7 @@ static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
dev = lowpan_dev(entry->netdev);
list_for_each_entry_safe(pentry, ptmp, &dev->peers, list) {
list_for_each_entry_rcu(pentry, &dev->peers, list) {
int ret;
local_skb = skb_clone(skb, GFP_ATOMIC);
@@ -581,7 +597,7 @@ static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
}
}
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_unlock();
return err;
}
@@ -591,17 +607,13 @@ static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev)
int err = 0;
bdaddr_t addr;
u8 addr_type;
struct sk_buff *tmpskb;
/* We must take a copy of the skb before we modify/replace the ipv6
* header as the header could be used elsewhere
*/
tmpskb = skb_unshare(skb, GFP_ATOMIC);
if (!tmpskb) {
kfree_skb(skb);
skb = skb_unshare(skb, GFP_ATOMIC);
if (!skb)
return NET_XMIT_DROP;
}
skb = tmpskb;
/* Return values from setup_header()
* <0 - error, packet is dropped
@@ -638,7 +650,26 @@ static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev)
return err < 0 ? NET_XMIT_DROP : err;
}
static struct lock_class_key bt_tx_busylock;
static struct lock_class_key bt_netdev_xmit_lock_key;
static void bt_set_lockdep_class_one(struct net_device *dev,
struct netdev_queue *txq,
void *_unused)
{
lockdep_set_class(&txq->_xmit_lock, &bt_netdev_xmit_lock_key);
}
static int bt_dev_init(struct net_device *dev)
{
netdev_for_each_tx_queue(dev, bt_set_lockdep_class_one, NULL);
dev->qdisc_tx_busylock = &bt_tx_busylock;
return 0;
}
static const struct net_device_ops netdev_ops = {
.ndo_init = bt_dev_init,
.ndo_start_xmit = bt_xmit,
};
@@ -783,7 +814,6 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
struct lowpan_dev *dev)
{
struct lowpan_peer *peer;
unsigned long flags;
peer = kzalloc(sizeof(*peer), GFP_ATOMIC);
if (!peer)
@@ -806,10 +836,10 @@ static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
*/
set_ip_addr_bits(chan->dst_type, (u8 *)&peer->peer_addr.s6_addr + 8);
write_lock_irqsave(&devices_lock, flags);
spin_lock(&devices_lock);
INIT_LIST_HEAD(&peer->list);
peer_add(dev, peer);
write_unlock_irqrestore(&devices_lock, flags);
spin_unlock(&devices_lock);
/* Notifying peers about us needs to be done without locks held */
INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers);
@@ -822,7 +852,6 @@ static int setup_netdev(struct l2cap_chan *chan, struct lowpan_dev **dev)
{
struct net_device *netdev;
int err = 0;
unsigned long flags;
netdev = alloc_netdev(sizeof(struct lowpan_dev), IFACE_NAME_TEMPLATE,
NET_NAME_UNKNOWN, netdev_setup);
@@ -852,10 +881,10 @@ static int setup_netdev(struct l2cap_chan *chan, struct lowpan_dev **dev)
(*dev)->hdev = chan->conn->hcon->hdev;
INIT_LIST_HEAD(&(*dev)->peers);
write_lock_irqsave(&devices_lock, flags);
spin_lock(&devices_lock);
INIT_LIST_HEAD(&(*dev)->list);
list_add(&(*dev)->list, &bt_6lowpan_devices);
write_unlock_irqrestore(&devices_lock, flags);
list_add_rcu(&(*dev)->list, &bt_6lowpan_devices);
spin_unlock(&devices_lock);
return 0;
@@ -909,11 +938,10 @@ static void delete_netdev(struct work_struct *work)
static void chan_close_cb(struct l2cap_chan *chan)
{
struct lowpan_dev *entry, *tmp;
struct lowpan_dev *entry;
struct lowpan_dev *dev = NULL;
struct lowpan_peer *peer;
int err = -ENOENT;
unsigned long flags;
bool last = false, removed = true;
BT_DBG("chan %p conn %p", chan, chan->conn);
@@ -928,11 +956,11 @@ static void chan_close_cb(struct l2cap_chan *chan)
removed = false;
}
write_lock_irqsave(&devices_lock, flags);
spin_lock(&devices_lock);
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices, list) {
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
dev = lowpan_dev(entry->netdev);
peer = peer_lookup_chan(dev, chan);
peer = __peer_lookup_chan(dev, chan);
if (peer) {
last = peer_del(dev, peer);
err = 0;
@@ -943,13 +971,12 @@ static void chan_close_cb(struct l2cap_chan *chan)
atomic_read(&chan->kref.refcount));
l2cap_chan_put(chan);
kfree(peer);
break;
}
}
if (!err && last && dev && !atomic_read(&dev->peer_count)) {
write_unlock_irqrestore(&devices_lock, flags);
spin_unlock(&devices_lock);
cancel_delayed_work_sync(&dev->notify_peers);
@@ -960,7 +987,7 @@ static void chan_close_cb(struct l2cap_chan *chan)
schedule_work(&entry->delete_netdev);
}
} else {
write_unlock_irqrestore(&devices_lock, flags);
spin_unlock(&devices_lock);
}
return;
@@ -1023,7 +1050,6 @@ static const struct l2cap_ops bt_6lowpan_chan_ops = {
.suspend = chan_suspend_cb,
.get_sndtimeo = chan_get_sndtimeo_cb,
.alloc_skb = chan_alloc_skb_cb,
.memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
.teardown = l2cap_chan_no_teardown,
.defer = l2cap_chan_no_defer,
@@ -1103,6 +1129,8 @@ static struct l2cap_chan *bt_6lowpan_listen(void)
pchan->state = BT_LISTEN;
pchan->src_type = BDADDR_LE_PUBLIC;
atomic_set(&pchan->nesting, L2CAP_NESTING_PARENT);
BT_DBG("psm 0x%04x chan %p src type %d", psm_6lowpan, pchan,
pchan->src_type);
@@ -1152,10 +1180,9 @@ static int get_l2cap_conn(char *buf, bdaddr_t *addr, u8 *addr_type,
static void disconnect_all_peers(void)
{
struct lowpan_dev *entry, *tmp_dev;
struct lowpan_dev *entry;
struct lowpan_peer *peer, *tmp_peer, *new_peer;
struct list_head peers;
unsigned long flags;
INIT_LIST_HEAD(&peers);
@@ -1164,10 +1191,10 @@ static void disconnect_all_peers(void)
* with the same list at the same time.
*/
read_lock_irqsave(&devices_lock, flags);
rcu_read_lock();
list_for_each_entry_safe(entry, tmp_dev, &bt_6lowpan_devices, list) {
list_for_each_entry_safe(peer, tmp_peer, &entry->peers, list) {
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
list_for_each_entry_rcu(peer, &entry->peers, list) {
new_peer = kmalloc(sizeof(*new_peer), GFP_ATOMIC);
if (!new_peer)
break;
@@ -1179,26 +1206,36 @@ static void disconnect_all_peers(void)
}
}
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_unlock();
spin_lock(&devices_lock);
list_for_each_entry_safe(peer, tmp_peer, &peers, list) {
l2cap_chan_close(peer->chan, ENOENT);
kfree(peer);
list_del_rcu(&peer->list);
kfree_rcu(peer, rcu);
module_put(THIS_MODULE);
}
spin_unlock(&devices_lock);
}
static int lowpan_psm_set(void *data, u64 val)
{
struct set_psm {
struct work_struct work;
u16 psm;
};
psm = val;
if (psm == 0 || psm_6lowpan != psm)
static void do_psm_set(struct work_struct *work)
{
struct set_psm *set_psm = container_of(work, struct set_psm, work);
if (set_psm->psm == 0 || psm_6lowpan != set_psm->psm)
/* Disconnect existing connections if 6lowpan is
* disabled (psm = 0), or if psm changes.
*/
disconnect_all_peers();
psm_6lowpan = psm;
psm_6lowpan = set_psm->psm;
if (listen_chan) {
l2cap_chan_close(listen_chan, 0);
@@ -1207,6 +1244,22 @@ static int lowpan_psm_set(void *data, u64 val)
listen_chan = bt_6lowpan_listen();
kfree(set_psm);
}
static int lowpan_psm_set(void *data, u64 val)
{
struct set_psm *set_psm;
set_psm = kzalloc(sizeof(*set_psm), GFP_KERNEL);
if (!set_psm)
return -ENOMEM;
set_psm->psm = val;
INIT_WORK(&set_psm->work, do_psm_set);
schedule_work(&set_psm->work);
return 0;
}
@@ -1288,19 +1341,18 @@ static ssize_t lowpan_control_write(struct file *fp,
static int lowpan_control_show(struct seq_file *f, void *ptr)
{
struct lowpan_dev *entry, *tmp_dev;
struct lowpan_peer *peer, *tmp_peer;
unsigned long flags;
struct lowpan_dev *entry;
struct lowpan_peer *peer;
read_lock_irqsave(&devices_lock, flags);
spin_lock(&devices_lock);
list_for_each_entry_safe(entry, tmp_dev, &bt_6lowpan_devices, list) {
list_for_each_entry_safe(peer, tmp_peer, &entry->peers, list)
list_for_each_entry(entry, &bt_6lowpan_devices, list) {
list_for_each_entry(peer, &entry->peers, list)
seq_printf(f, "%pMR (type %u)\n",
&peer->chan->dst, peer->chan->dst_type);
}
read_unlock_irqrestore(&devices_lock, flags);
spin_unlock(&devices_lock);
return 0;
}
@@ -1322,7 +1374,6 @@ static void disconnect_devices(void)
{
struct lowpan_dev *entry, *tmp, *new_dev;
struct list_head devices;
unsigned long flags;
INIT_LIST_HEAD(&devices);
@@ -1331,9 +1382,9 @@ static void disconnect_devices(void)
* devices list.
*/
read_lock_irqsave(&devices_lock, flags);
rcu_read_lock();
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices, list) {
list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
new_dev = kmalloc(sizeof(*new_dev), GFP_ATOMIC);
if (!new_dev)
break;
@@ -1341,10 +1392,10 @@ static void disconnect_devices(void)
new_dev->netdev = entry->netdev;
INIT_LIST_HEAD(&new_dev->list);
list_add(&new_dev->list, &devices);
list_add_rcu(&new_dev->list, &devices);
}
read_unlock_irqrestore(&devices_lock, flags);
rcu_read_unlock();
list_for_each_entry_safe(entry, tmp, &devices, list) {
ifdown(entry->netdev);
@@ -1359,17 +1410,15 @@ static int device_event(struct notifier_block *unused,
unsigned long event, void *ptr)
{
struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
struct lowpan_dev *entry, *tmp;
unsigned long flags;
struct lowpan_dev *entry;
if (netdev->type != ARPHRD_6LOWPAN)
return NOTIFY_DONE;
switch (event) {
case NETDEV_UNREGISTER:
write_lock_irqsave(&devices_lock, flags);
list_for_each_entry_safe(entry, tmp, &bt_6lowpan_devices,
list) {
spin_lock(&devices_lock);
list_for_each_entry(entry, &bt_6lowpan_devices, list) {
if (entry->netdev == netdev) {
BT_DBG("Unregistered netdev %s %p",
netdev->name, netdev);
@@ -1378,7 +1427,7 @@ static int device_event(struct notifier_block *unused,
break;
}
}
write_unlock_irqrestore(&devices_lock, flags);
spin_unlock(&devices_lock);
break;
}

21
net/bluetooth/Kconfig
查看文件

@@ -10,6 +10,7 @@ menuconfig BT
select CRYPTO
select CRYPTO_BLKCIPHER
select CRYPTO_AES
select CRYPTO_CMAC
select CRYPTO_ECB
select CRYPTO_SHA256
help
@@ -39,11 +40,10 @@ menuconfig BT
to Bluetooth kernel modules are provided in the BlueZ packages. For
more information, see <http://www.bluez.org/>.
config BT_6LOWPAN
tristate "Bluetooth 6LoWPAN support"
depends on BT && 6LOWPAN
help
IPv6 compression over Bluetooth Low Energy.
config BT_BREDR
bool "Bluetooth Classic (BR/EDR) features"
depends on BT
default y
source "net/bluetooth/rfcomm/Kconfig"
@@ -53,4 +53,15 @@ source "net/bluetooth/cmtp/Kconfig"
source "net/bluetooth/hidp/Kconfig"
config BT_LE
bool "Bluetooth Low Energy (LE) features"
depends on BT
default y
config BT_6LOWPAN
tristate "Bluetooth 6LoWPAN support"
depends on BT_LE && 6LOWPAN
help
IPv6 compression over Bluetooth Low Energy.
source "drivers/bluetooth/Kconfig"

2
net/bluetooth/Makefile
查看文件

@@ -13,6 +13,6 @@ bluetooth_6lowpan-y := 6lowpan.o
bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \
hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o sco.o lib.o \
a2mp.o amp.o
a2mp.o amp.o ecc.o
subdir-ccflags-y += -D__CHECK_ENDIAN__

4
net/bluetooth/a2mp.c
查看文件

@@ -60,8 +60,7 @@ void a2mp_send(struct amp_mgr *mgr, u8 code, u8 ident, u16 len, void *data)
memset(&msg, 0, sizeof(msg));
msg.msg_iov = (struct iovec *) &iv;
msg.msg_iovlen = 1;
iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &iv, 1, total_len);
l2cap_chan_send(chan, &msg, total_len);
@@ -720,7 +719,6 @@ static const struct l2cap_ops a2mp_chan_ops = {
.resume = l2cap_chan_no_resume,
.set_shutdown = l2cap_chan_no_set_shutdown,
.get_sndtimeo = l2cap_chan_no_get_sndtimeo,
.memcpy_fromiovec = l2cap_chan_no_memcpy_fromiovec,
};
static struct l2cap_chan *a2mp_chan_open(struct l2cap_conn *conn, bool locked)

6
net/bluetooth/af_bluetooth.c
查看文件

@@ -31,7 +31,7 @@
#include <net/bluetooth/bluetooth.h>
#include <linux/proc_fs.h>
#define VERSION "2.19"
#define VERSION "2.20"
/* Bluetooth sockets */
#define BT_MAX_PROTO 8
@@ -237,7 +237,7 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
}
skb_reset_transport_header(skb);
err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
err = skb_copy_datagram_msg(skb, 0, msg, copied);
if (err == 0) {
sock_recv_ts_and_drops(msg, sk, skb);
@@ -328,7 +328,7 @@ int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
}
chunk = min_t(unsigned int, skb->len, size);
if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) {
if (skb_copy_datagram_msg(skb, 0, msg, chunk)) {
skb_queue_head(&sk->sk_receive_queue, skb);
if (!copied)
copied = -EFAULT;

27
net/bluetooth/amp.c
查看文件

@@ -134,6 +134,7 @@ struct hci_conn *phylink_add(struct hci_dev *hdev, struct amp_mgr *mgr,
static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
{
struct crypto_shash *tfm;
struct shash_desc *shash;
int ret;
if (!ksize)
@@ -148,18 +149,24 @@ static int hmac_sha256(u8 *key, u8 ksize, char *plaintext, u8 psize, u8 *output)
ret = crypto_shash_setkey(tfm, key, ksize);
if (ret) {
BT_DBG("crypto_ahash_setkey failed: err %d", ret);
} else {
char desc[sizeof(struct shash_desc) +
crypto_shash_descsize(tfm)] CRYPTO_MINALIGN_ATTR;
struct shash_desc *shash = (struct shash_desc *)desc;
shash->tfm = tfm;
shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
ret = crypto_shash_digest(shash, plaintext, psize,
output);
goto failed;
}
shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(tfm),
GFP_KERNEL);
if (!shash) {
ret = -ENOMEM;
goto failed;
}
shash->tfm = tfm;
shash->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
ret = crypto_shash_digest(shash, plaintext, psize, output);
kfree(shash);
failed:
crypto_free_shash(tfm);
return ret;
}

2
net/bluetooth/bnep/Kconfig
查看文件

@@ -1,6 +1,6 @@
config BT_BNEP
tristate "BNEP protocol support"
depends on BT
depends on BT_BREDR
select CRC32
help
BNEP (Bluetooth Network Encapsulation Protocol) is Ethernet

2
net/bluetooth/cmtp/Kconfig
查看文件

@@ -1,6 +1,6 @@
config BT_CMTP
tristate "CMTP protocol support"
depends on BT && ISDN_CAPI
depends on BT_BREDR && ISDN_CAPI
help
CMTP (CAPI Message Transport Protocol) is a transport layer
for CAPI messages. CMTP is required for the Bluetooth Common

816
net/bluetooth/ecc.c 普通文件
查看文件

@@ -0,0 +1,816 @@
/*
* Copyright (c) 2013, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <linux/random.h>
#include "ecc.h"
/* 256-bit curve */
#define ECC_BYTES 32
#define MAX_TRIES 16
/* Number of u64's needed */
#define NUM_ECC_DIGITS (ECC_BYTES / 8)
struct ecc_point {
u64 x[NUM_ECC_DIGITS];
u64 y[NUM_ECC_DIGITS];
};
typedef struct {
u64 m_low;
u64 m_high;
} uint128_t;
#define CURVE_P_32 { 0xFFFFFFFFFFFFFFFFull, 0x00000000FFFFFFFFull, \
0x0000000000000000ull, 0xFFFFFFFF00000001ull }
#define CURVE_G_32 { \
{ 0xF4A13945D898C296ull, 0x77037D812DEB33A0ull, \
0xF8BCE6E563A440F2ull, 0x6B17D1F2E12C4247ull }, \
{ 0xCBB6406837BF51F5ull, 0x2BCE33576B315ECEull, \
0x8EE7EB4A7C0F9E16ull, 0x4FE342E2FE1A7F9Bull } \
}
#define CURVE_N_32 { 0xF3B9CAC2FC632551ull, 0xBCE6FAADA7179E84ull, \
0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFF00000000ull }
static u64 curve_p[NUM_ECC_DIGITS] = CURVE_P_32;
static struct ecc_point curve_g = CURVE_G_32;
static u64 curve_n[NUM_ECC_DIGITS] = CURVE_N_32;
static void vli_clear(u64 *vli)
{
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++)
vli[i] = 0;
}
/* Returns true if vli == 0, false otherwise. */
static bool vli_is_zero(const u64 *vli)
{
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
if (vli[i])
return false;
}
return true;
}
/* Returns nonzero if bit bit of vli is set. */
static u64 vli_test_bit(const u64 *vli, unsigned int bit)
{
return (vli[bit / 64] & ((u64) 1 << (bit % 64)));
}
/* Counts the number of 64-bit "digits" in vli. */
static unsigned int vli_num_digits(const u64 *vli)
{
int i;
/* Search from the end until we find a non-zero digit.
* We do it in reverse because we expect that most digits will
* be nonzero.
*/
for (i = NUM_ECC_DIGITS - 1; i >= 0 && vli[i] == 0; i--);
return (i + 1);
}
/* Counts the number of bits required for vli. */
static unsigned int vli_num_bits(const u64 *vli)
{
unsigned int i, num_digits;
u64 digit;
num_digits = vli_num_digits(vli);
if (num_digits == 0)
return 0;
digit = vli[num_digits - 1];
for (i = 0; digit; i++)
digit >>= 1;
return ((num_digits - 1) * 64 + i);
}
/* Sets dest = src. */
static void vli_set(u64 *dest, const u64 *src)
{
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++)
dest[i] = src[i];
}
/* Returns sign of left - right. */
static int vli_cmp(const u64 *left, const u64 *right)
{
int i;
for (i = NUM_ECC_DIGITS - 1; i >= 0; i--) {
if (left[i] > right[i])
return 1;
else if (left[i] < right[i])
return -1;
}
return 0;
}
/* Computes result = in << c, returning carry. Can modify in place
* (if result == in). 0 < shift < 64.
*/
static u64 vli_lshift(u64 *result, const u64 *in,
unsigned int shift)
{
u64 carry = 0;
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
u64 temp = in[i];
result[i] = (temp << shift) | carry;
carry = temp >> (64 - shift);
}
return carry;
}
/* Computes vli = vli >> 1. */
static void vli_rshift1(u64 *vli)
{
u64 *end = vli;
u64 carry = 0;
vli += NUM_ECC_DIGITS;
while (vli-- > end) {
u64 temp = *vli;
*vli = (temp >> 1) | carry;
carry = temp << 63;
}
}
/* Computes result = left + right, returning carry. Can modify in place. */
static u64 vli_add(u64 *result, const u64 *left,
const u64 *right)
{
u64 carry = 0;
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
u64 sum;
sum = left[i] + right[i] + carry;
if (sum != left[i])
carry = (sum < left[i]);
result[i] = sum;
}
return carry;
}
/* Computes result = left - right, returning borrow. Can modify in place. */
static u64 vli_sub(u64 *result, const u64 *left, const u64 *right)
{
u64 borrow = 0;
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
u64 diff;
diff = left[i] - right[i] - borrow;
if (diff != left[i])
borrow = (diff > left[i]);
result[i] = diff;
}
return borrow;
}
static uint128_t mul_64_64(u64 left, u64 right)
{
u64 a0 = left & 0xffffffffull;
u64 a1 = left >> 32;
u64 b0 = right & 0xffffffffull;
u64 b1 = right >> 32;
u64 m0 = a0 * b0;
u64 m1 = a0 * b1;
u64 m2 = a1 * b0;
u64 m3 = a1 * b1;
uint128_t result;
m2 += (m0 >> 32);
m2 += m1;
/* Overflow */
if (m2 < m1)
m3 += 0x100000000ull;
result.m_low = (m0 & 0xffffffffull) | (m2 << 32);
result.m_high = m3 + (m2 >> 32);
return result;
}
static uint128_t add_128_128(uint128_t a, uint128_t b)
{
uint128_t result;
result.m_low = a.m_low + b.m_low;
result.m_high = a.m_high + b.m_high + (result.m_low < a.m_low);
return result;
}
static void vli_mult(u64 *result, const u64 *left, const u64 *right)
{
uint128_t r01 = { 0, 0 };
u64 r2 = 0;
unsigned int i, k;
/* Compute each digit of result in sequence, maintaining the
* carries.
*/
for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; k++) {
unsigned int min;
if (k < NUM_ECC_DIGITS)
min = 0;
else
min = (k + 1) - NUM_ECC_DIGITS;
for (i = min; i <= k && i < NUM_ECC_DIGITS; i++) {
uint128_t product;
product = mul_64_64(left[i], right[k - i]);
r01 = add_128_128(r01, product);
r2 += (r01.m_high < product.m_high);
}
result[k] = r01.m_low;
r01.m_low = r01.m_high;
r01.m_high = r2;
r2 = 0;
}
result[NUM_ECC_DIGITS * 2 - 1] = r01.m_low;
}
static void vli_square(u64 *result, const u64 *left)
{
uint128_t r01 = { 0, 0 };
u64 r2 = 0;
int i, k;
for (k = 0; k < NUM_ECC_DIGITS * 2 - 1; k++) {
unsigned int min;
if (k < NUM_ECC_DIGITS)
min = 0;
else
min = (k + 1) - NUM_ECC_DIGITS;
for (i = min; i <= k && i <= k - i; i++) {
uint128_t product;
product = mul_64_64(left[i], left[k - i]);
if (i < k - i) {
r2 += product.m_high >> 63;
product.m_high = (product.m_high << 1) |
(product.m_low >> 63);
product.m_low <<= 1;
}
r01 = add_128_128(r01, product);
r2 += (r01.m_high < product.m_high);
}
result[k] = r01.m_low;
r01.m_low = r01.m_high;
r01.m_high = r2;
r2 = 0;
}
result[NUM_ECC_DIGITS * 2 - 1] = r01.m_low;
}
/* Computes result = (left + right) % mod.
* Assumes that left < mod and right < mod, result != mod.
*/
static void vli_mod_add(u64 *result, const u64 *left, const u64 *right,
const u64 *mod)
{
u64 carry;
carry = vli_add(result, left, right);
/* result > mod (result = mod + remainder), so subtract mod to
* get remainder.
*/
if (carry || vli_cmp(result, mod) >= 0)
vli_sub(result, result, mod);
}
/* Computes result = (left - right) % mod.
* Assumes that left < mod and right < mod, result != mod.
*/
static void vli_mod_sub(u64 *result, const u64 *left, const u64 *right,
const u64 *mod)
{
u64 borrow = vli_sub(result, left, right);
/* In this case, p_result == -diff == (max int) - diff.
* Since -x % d == d - x, we can get the correct result from
* result + mod (with overflow).
*/
if (borrow)
vli_add(result, result, mod);
}
/* Computes result = product % curve_p
from http://www.nsa.gov/ia/_files/nist-routines.pdf */
static void vli_mmod_fast(u64 *result, const u64 *product)
{
u64 tmp[NUM_ECC_DIGITS];
int carry;
/* t */
vli_set(result, product);
/* s1 */
tmp[0] = 0;
tmp[1] = product[5] & 0xffffffff00000000ull;
tmp[2] = product[6];
tmp[3] = product[7];
carry = vli_lshift(tmp, tmp, 1);
carry += vli_add(result, result, tmp);
/* s2 */
tmp[1] = product[6] << 32;
tmp[2] = (product[6] >> 32) | (product[7] << 32);
tmp[3] = product[7] >> 32;
carry += vli_lshift(tmp, tmp, 1);
carry += vli_add(result, result, tmp);
/* s3 */
tmp[0] = product[4];
tmp[1] = product[5] & 0xffffffff;
tmp[2] = 0;
tmp[3] = product[7];
carry += vli_add(result, result, tmp);
/* s4 */
tmp[0] = (product[4] >> 32) | (product[5] << 32);
tmp[1] = (product[5] >> 32) | (product[6] & 0xffffffff00000000ull);
tmp[2] = product[7];
tmp[3] = (product[6] >> 32) | (product[4] << 32);
carry += vli_add(result, result, tmp);
/* d1 */
tmp[0] = (product[5] >> 32) | (product[6] << 32);
tmp[1] = (product[6] >> 32);
tmp[2] = 0;
tmp[3] = (product[4] & 0xffffffff) | (product[5] << 32);
carry -= vli_sub(result, result, tmp);
/* d2 */
tmp[0] = product[6];
tmp[1] = product[7];
tmp[2] = 0;
tmp[3] = (product[4] >> 32) | (product[5] & 0xffffffff00000000ull);
carry -= vli_sub(result, result, tmp);
/* d3 */
tmp[0] = (product[6] >> 32) | (product[7] << 32);
tmp[1] = (product[7] >> 32) | (product[4] << 32);
tmp[2] = (product[4] >> 32) | (product[5] << 32);
tmp[3] = (product[6] << 32);
carry -= vli_sub(result, result, tmp);
/* d4 */
tmp[0] = product[7];
tmp[1] = product[4] & 0xffffffff00000000ull;
tmp[2] = product[5];
tmp[3] = product[6] & 0xffffffff00000000ull;
carry -= vli_sub(result, result, tmp);
if (carry < 0) {
do {
carry += vli_add(result, result, curve_p);
} while (carry < 0);
} else {
while (carry || vli_cmp(curve_p, result) != 1)
carry -= vli_sub(result, result, curve_p);
}
}
/* Computes result = (left * right) % curve_p. */
static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right)
{
u64 product[2 * NUM_ECC_DIGITS];
vli_mult(product, left, right);
vli_mmod_fast(result, product);
}
/* Computes result = left^2 % curve_p. */
static void vli_mod_square_fast(u64 *result, const u64 *left)
{
u64 product[2 * NUM_ECC_DIGITS];
vli_square(product, left);
vli_mmod_fast(result, product);
}
#define EVEN(vli) (!(vli[0] & 1))
/* Computes result = (1 / p_input) % mod. All VLIs are the same size.
* See "From Euclid's GCD to Montgomery Multiplication to the Great Divide"
* https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf
*/
static void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod)
{
u64 a[NUM_ECC_DIGITS], b[NUM_ECC_DIGITS];
u64 u[NUM_ECC_DIGITS], v[NUM_ECC_DIGITS];
u64 carry;
int cmp_result;
if (vli_is_zero(input)) {
vli_clear(result);
return;
}
vli_set(a, input);
vli_set(b, mod);
vli_clear(u);
u[0] = 1;
vli_clear(v);
while ((cmp_result = vli_cmp(a, b)) != 0) {
carry = 0;
if (EVEN(a)) {
vli_rshift1(a);
if (!EVEN(u))
carry = vli_add(u, u, mod);
vli_rshift1(u);
if (carry)
u[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
} else if (EVEN(b)) {
vli_rshift1(b);
if (!EVEN(v))
carry = vli_add(v, v, mod);
vli_rshift1(v);
if (carry)
v[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
} else if (cmp_result > 0) {
vli_sub(a, a, b);
vli_rshift1(a);
if (vli_cmp(u, v) < 0)
vli_add(u, u, mod);
vli_sub(u, u, v);
if (!EVEN(u))
carry = vli_add(u, u, mod);
vli_rshift1(u);
if (carry)
u[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
} else {
vli_sub(b, b, a);
vli_rshift1(b);
if (vli_cmp(v, u) < 0)
vli_add(v, v, mod);
vli_sub(v, v, u);
if (!EVEN(v))
carry = vli_add(v, v, mod);
vli_rshift1(v);
if (carry)
v[NUM_ECC_DIGITS - 1] |= 0x8000000000000000ull;
}
}
vli_set(result, u);
}
/* ------ Point operations ------ */
/* Returns true if p_point is the point at infinity, false otherwise. */
static bool ecc_point_is_zero(const struct ecc_point *point)
{
return (vli_is_zero(point->x) && vli_is_zero(point->y));
}
/* Point multiplication algorithm using Montgomery's ladder with co-Z
* coordinates. From http://eprint.iacr.org/2011/338.pdf
*/
/* Double in place */
static void ecc_point_double_jacobian(u64 *x1, u64 *y1, u64 *z1)
{
/* t1 = x, t2 = y, t3 = z */
u64 t4[NUM_ECC_DIGITS];
u64 t5[NUM_ECC_DIGITS];
if (vli_is_zero(z1))
return;
vli_mod_square_fast(t4, y1); /* t4 = y1^2 */
vli_mod_mult_fast(t5, x1, t4); /* t5 = x1*y1^2 = A */
vli_mod_square_fast(t4, t4); /* t4 = y1^4 */
vli_mod_mult_fast(y1, y1, z1); /* t2 = y1*z1 = z3 */
vli_mod_square_fast(z1, z1); /* t3 = z1^2 */
vli_mod_add(x1, x1, z1, curve_p); /* t1 = x1 + z1^2 */
vli_mod_add(z1, z1, z1, curve_p); /* t3 = 2*z1^2 */
vli_mod_sub(z1, x1, z1, curve_p); /* t3 = x1 - z1^2 */
vli_mod_mult_fast(x1, x1, z1); /* t1 = x1^2 - z1^4 */
vli_mod_add(z1, x1, x1, curve_p); /* t3 = 2*(x1^2 - z1^4) */
vli_mod_add(x1, x1, z1, curve_p); /* t1 = 3*(x1^2 - z1^4) */
if (vli_test_bit(x1, 0)) {
u64 carry = vli_add(x1, x1, curve_p);
vli_rshift1(x1);
x1[NUM_ECC_DIGITS - 1] |= carry << 63;
} else {
vli_rshift1(x1);
}
/* t1 = 3/2*(x1^2 - z1^4) = B */
vli_mod_square_fast(z1, x1); /* t3 = B^2 */
vli_mod_sub(z1, z1, t5, curve_p); /* t3 = B^2 - A */
vli_mod_sub(z1, z1, t5, curve_p); /* t3 = B^2 - 2A = x3 */
vli_mod_sub(t5, t5, z1, curve_p); /* t5 = A - x3 */
vli_mod_mult_fast(x1, x1, t5); /* t1 = B * (A - x3) */
vli_mod_sub(t4, x1, t4, curve_p); /* t4 = B * (A - x3) - y1^4 = y3 */
vli_set(x1, z1);
vli_set(z1, y1);
vli_set(y1, t4);
}
/* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */
static void apply_z(u64 *x1, u64 *y1, u64 *z)
{
u64 t1[NUM_ECC_DIGITS];
vli_mod_square_fast(t1, z); /* z^2 */
vli_mod_mult_fast(x1, x1, t1); /* x1 * z^2 */
vli_mod_mult_fast(t1, t1, z); /* z^3 */
vli_mod_mult_fast(y1, y1, t1); /* y1 * z^3 */
}
/* P = (x1, y1) => 2P, (x2, y2) => P' */
static void xycz_initial_double(u64 *x1, u64 *y1, u64 *x2, u64 *y2,
u64 *p_initial_z)
{
u64 z[NUM_ECC_DIGITS];
vli_set(x2, x1);
vli_set(y2, y1);
vli_clear(z);
z[0] = 1;
if (p_initial_z)
vli_set(z, p_initial_z);
apply_z(x1, y1, z);
ecc_point_double_jacobian(x1, y1, z);
apply_z(x2, y2, z);
}
/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
* Output P' = (x1', y1', Z3), P + Q = (x3, y3, Z3)
* or P => P', Q => P + Q
*/
static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2)
{
/* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
u64 t5[NUM_ECC_DIGITS];
vli_mod_sub(t5, x2, x1, curve_p); /* t5 = x2 - x1 */
vli_mod_square_fast(t5, t5); /* t5 = (x2 - x1)^2 = A */
vli_mod_mult_fast(x1, x1, t5); /* t1 = x1*A = B */
vli_mod_mult_fast(x2, x2, t5); /* t3 = x2*A = C */
vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y2 - y1 */
vli_mod_square_fast(t5, y2); /* t5 = (y2 - y1)^2 = D */
vli_mod_sub(t5, t5, x1, curve_p); /* t5 = D - B */
vli_mod_sub(t5, t5, x2, curve_p); /* t5 = D - B - C = x3 */
vli_mod_sub(x2, x2, x1, curve_p); /* t3 = C - B */
vli_mod_mult_fast(y1, y1, x2); /* t2 = y1*(C - B) */
vli_mod_sub(x2, x1, t5, curve_p); /* t3 = B - x3 */
vli_mod_mult_fast(y2, y2, x2); /* t4 = (y2 - y1)*(B - x3) */
vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y3 */
vli_set(x2, t5);
}
/* Input P = (x1, y1, Z), Q = (x2, y2, Z)
* Output P + Q = (x3, y3, Z3), P - Q = (x3', y3', Z3)
* or P => P - Q, Q => P + Q
*/
static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2)
{
/* t1 = X1, t2 = Y1, t3 = X2, t4 = Y2 */
u64 t5[NUM_ECC_DIGITS];
u64 t6[NUM_ECC_DIGITS];
u64 t7[NUM_ECC_DIGITS];
vli_mod_sub(t5, x2, x1, curve_p); /* t5 = x2 - x1 */
vli_mod_square_fast(t5, t5); /* t5 = (x2 - x1)^2 = A */
vli_mod_mult_fast(x1, x1, t5); /* t1 = x1*A = B */
vli_mod_mult_fast(x2, x2, t5); /* t3 = x2*A = C */
vli_mod_add(t5, y2, y1, curve_p); /* t4 = y2 + y1 */
vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y2 - y1 */
vli_mod_sub(t6, x2, x1, curve_p); /* t6 = C - B */
vli_mod_mult_fast(y1, y1, t6); /* t2 = y1 * (C - B) */
vli_mod_add(t6, x1, x2, curve_p); /* t6 = B + C */
vli_mod_square_fast(x2, y2); /* t3 = (y2 - y1)^2 */
vli_mod_sub(x2, x2, t6, curve_p); /* t3 = x3 */
vli_mod_sub(t7, x1, x2, curve_p); /* t7 = B - x3 */
vli_mod_mult_fast(y2, y2, t7); /* t4 = (y2 - y1)*(B - x3) */
vli_mod_sub(y2, y2, y1, curve_p); /* t4 = y3 */
vli_mod_square_fast(t7, t5); /* t7 = (y2 + y1)^2 = F */
vli_mod_sub(t7, t7, t6, curve_p); /* t7 = x3' */
vli_mod_sub(t6, t7, x1, curve_p); /* t6 = x3' - B */
vli_mod_mult_fast(t6, t6, t5); /* t6 = (y2 + y1)*(x3' - B) */
vli_mod_sub(y1, t6, y1, curve_p); /* t2 = y3' */
vli_set(x1, t7);
}
static void ecc_point_mult(struct ecc_point *result,
const struct ecc_point *point, u64 *scalar,
u64 *initial_z, int num_bits)
{
/* R0 and R1 */
u64 rx[2][NUM_ECC_DIGITS];
u64 ry[2][NUM_ECC_DIGITS];
u64 z[NUM_ECC_DIGITS];
int i, nb;
vli_set(rx[1], point->x);
vli_set(ry[1], point->y);
xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z);
for (i = num_bits - 2; i > 0; i--) {
nb = !vli_test_bit(scalar, i);
xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb]);
xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb]);
}
nb = !vli_test_bit(scalar, 0);
xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb]);
/* Find final 1/Z value. */
vli_mod_sub(z, rx[1], rx[0], curve_p); /* X1 - X0 */
vli_mod_mult_fast(z, z, ry[1 - nb]); /* Yb * (X1 - X0) */
vli_mod_mult_fast(z, z, point->x); /* xP * Yb * (X1 - X0) */
vli_mod_inv(z, z, curve_p); /* 1 / (xP * Yb * (X1 - X0)) */
vli_mod_mult_fast(z, z, point->y); /* yP / (xP * Yb * (X1 - X0)) */
vli_mod_mult_fast(z, z, rx[1 - nb]); /* Xb * yP / (xP * Yb * (X1 - X0)) */
/* End 1/Z calculation */
xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb]);
apply_z(rx[0], ry[0], z);
vli_set(result->x, rx[0]);
vli_set(result->y, ry[0]);
}
static void ecc_bytes2native(const u8 bytes[ECC_BYTES],
u64 native[NUM_ECC_DIGITS])
{
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
const u8 *digit = bytes + 8 * (NUM_ECC_DIGITS - 1 - i);
native[NUM_ECC_DIGITS - 1 - i] =
((u64) digit[0] << 0) |
((u64) digit[1] << 8) |
((u64) digit[2] << 16) |
((u64) digit[3] << 24) |
((u64) digit[4] << 32) |
((u64) digit[5] << 40) |
((u64) digit[6] << 48) |
((u64) digit[7] << 56);
}
}
static void ecc_native2bytes(const u64 native[NUM_ECC_DIGITS],
u8 bytes[ECC_BYTES])
{
int i;
for (i = 0; i < NUM_ECC_DIGITS; i++) {
u8 *digit = bytes + 8 * (NUM_ECC_DIGITS - 1 - i);
digit[0] = native[NUM_ECC_DIGITS - 1 - i] >> 0;
digit[1] = native[NUM_ECC_DIGITS - 1 - i] >> 8;
digit[2] = native[NUM_ECC_DIGITS - 1 - i] >> 16;
digit[3] = native[NUM_ECC_DIGITS - 1 - i] >> 24;
digit[4] = native[NUM_ECC_DIGITS - 1 - i] >> 32;
digit[5] = native[NUM_ECC_DIGITS - 1 - i] >> 40;
digit[6] = native[NUM_ECC_DIGITS - 1 - i] >> 48;
digit[7] = native[NUM_ECC_DIGITS - 1 - i] >> 56;
}
}
bool ecc_make_key(u8 public_key[64], u8 private_key[32])
{
struct ecc_point pk;
u64 priv[NUM_ECC_DIGITS];
unsigned int tries = 0;
do {
if (tries++ >= MAX_TRIES)
return false;
get_random_bytes(priv, ECC_BYTES);
if (vli_is_zero(priv))
continue;
/* Make sure the private key is in the range [1, n-1]. */
if (vli_cmp(curve_n, priv) != 1)
continue;
ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
} while (ecc_point_is_zero(&pk));
ecc_native2bytes(priv, private_key);
ecc_native2bytes(pk.x, public_key);
ecc_native2bytes(pk.y, &public_key[32]);
return true;
}
bool ecdh_shared_secret(const u8 public_key[64], const u8 private_key[32],
u8 secret[32])
{
u64 priv[NUM_ECC_DIGITS];
u64 rand[NUM_ECC_DIGITS];
struct ecc_point product, pk;
get_random_bytes(rand, ECC_BYTES);
ecc_bytes2native(public_key, pk.x);
ecc_bytes2native(&public_key[32], pk.y);
ecc_bytes2native(private_key, priv);
ecc_point_mult(&product, &pk, priv, rand, vli_num_bits(priv));
ecc_native2bytes(product.x, secret);
return !ecc_point_is_zero(&product);
}

54
net/bluetooth/ecc.h 普通文件
查看文件

@@ -0,0 +1,54 @@
/*
* Copyright (c) 2013, Kenneth MacKay
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* Create a public/private key pair.
* Outputs:
* public_key - Will be filled in with the public key.
* private_key - Will be filled in with the private key.
*
* Returns true if the key pair was generated successfully, false
* if an error occurred. The keys are with the LSB first.
*/
bool ecc_make_key(u8 public_key[64], u8 private_key[32]);
/* Compute a shared secret given your secret key and someone else's
* public key.
* Note: It is recommended that you hash the result of ecdh_shared_secret
* before using it for symmetric encryption or HMAC.
*
* Inputs:
* public_key - The public key of the remote party
* private_key - Your private key.
*
* Outputs:
* secret - Will be filled in with the shared secret value.
*
* Returns true if the shared secret was generated successfully, false
* if an error occurred. Both input and output parameters are with the
* LSB first.
*/
bool ecdh_shared_secret(const u8 public_key[64], const u8 private_key[32],
u8 secret[32]);

15
net/bluetooth/hci_conn.c
查看文件

@@ -141,10 +141,11 @@ int hci_disconnect(struct hci_conn *conn, __u8 reason)
*/
if (conn->type == ACL_LINK && conn->role == HCI_ROLE_MASTER) {
struct hci_dev *hdev = conn->hdev;
struct hci_cp_read_clock_offset cp;
struct hci_cp_read_clock_offset clkoff_cp;
cp.handle = cpu_to_le16(conn->handle);
hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(cp), &cp);
clkoff_cp.handle = cpu_to_le16(conn->handle);
hci_send_cmd(hdev, HCI_OP_READ_CLOCK_OFFSET, sizeof(clkoff_cp),
&clkoff_cp);
}
conn->state = BT_DISCONN;
@@ -415,7 +416,7 @@ static void le_conn_timeout(struct work_struct *work)
* happen with broken hardware or if low duty cycle was used
* (which doesn't have a timeout of its own).
*/
if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
if (conn->role == HCI_ROLE_SLAVE) {
u8 enable = 0x00;
hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
&enable);
@@ -448,6 +449,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
conn->io_capability = hdev->io_capability;
conn->remote_auth = 0xff;
conn->key_type = 0xff;
conn->rssi = HCI_RSSI_INVALID;
conn->tx_power = HCI_TX_POWER_INVALID;
conn->max_tx_power = HCI_TX_POWER_INVALID;
@@ -517,7 +519,7 @@ int hci_conn_del(struct hci_conn *conn)
/* Unacked frames */
hdev->acl_cnt += conn->sent;
} else if (conn->type == LE_LINK) {
cancel_delayed_work_sync(&conn->le_conn_timeout);
cancel_delayed_work(&conn->le_conn_timeout);
if (hdev->le_pkts)
hdev->le_cnt += conn->sent;
@@ -544,6 +546,9 @@ int hci_conn_del(struct hci_conn *conn)
hci_conn_del_sysfs(conn);
if (test_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags))
hci_conn_params_del(conn->hdev, &conn->dst, conn->dst_type);
hci_dev_put(hdev);
hci_conn_put(conn);

425
net/bluetooth/hci_core.c
查看文件

@@ -200,31 +200,6 @@ static const struct file_operations blacklist_fops = {
.release = single_release,
};
static int whitelist_show(struct seq_file *f, void *p)
{
struct hci_dev *hdev = f->private;
struct bdaddr_list *b;
hci_dev_lock(hdev);
list_for_each_entry(b, &hdev->whitelist, list)
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
hci_dev_unlock(hdev);
return 0;
}
static int whitelist_open(struct inode *inode, struct file *file)
{
return single_open(file, whitelist_show, inode->i_private);
}
static const struct file_operations whitelist_fops = {
.open = whitelist_open,
.read = seq_read,
.llseek = seq_lseek,
.release = single_release,
};
static int uuids_show(struct seq_file *f, void *p)
{
struct hci_dev *hdev = f->private;
@@ -299,15 +274,13 @@ static const struct file_operations inquiry_cache_fops = {
static int link_keys_show(struct seq_file *f, void *ptr)
{
struct hci_dev *hdev = f->private;
struct list_head *p, *n;
struct link_key *key;
hci_dev_lock(hdev);
list_for_each_safe(p, n, &hdev->link_keys) {
struct link_key *key = list_entry(p, struct link_key, list);
rcu_read_lock();
list_for_each_entry_rcu(key, &hdev->link_keys, list)
seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
HCI_LINK_KEY_SIZE, key->val, key->pin_len);
}
hci_dev_unlock(hdev);
rcu_read_unlock();
return 0;
}
@@ -433,6 +406,49 @@ static const struct file_operations force_sc_support_fops = {
.llseek = default_llseek,
};
static ssize_t force_lesc_support_read(struct file *file, char __user *user_buf,
size_t count, loff_t *ppos)
{
struct hci_dev *hdev = file->private_data;
char buf[3];
buf[0] = test_bit(HCI_FORCE_LESC, &hdev->dbg_flags) ? 'Y': 'N';
buf[1] = '\n';
buf[2] = '\0';
return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
}
static ssize_t force_lesc_support_write(struct file *file,
const char __user *user_buf,
size_t count, loff_t *ppos)
{
struct hci_dev *hdev = file->private_data;
char buf[32];
size_t buf_size = min(count, (sizeof(buf)-1));
bool enable;
if (copy_from_user(buf, user_buf, buf_size))
return -EFAULT;
buf[buf_size] = '\0';
if (strtobool(buf, &enable))
return -EINVAL;
if (enable == test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
return -EALREADY;
change_bit(HCI_FORCE_LESC, &hdev->dbg_flags);
return count;
}
static const struct file_operations force_lesc_support_fops = {
.open = simple_open,
.read = force_lesc_support_read,
.write = force_lesc_support_write,
.llseek = default_llseek,
};
static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
size_t count, loff_t *ppos)
{
@@ -773,16 +789,15 @@ static const struct file_operations white_list_fops = {
static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
{
struct hci_dev *hdev = f->private;
struct list_head *p, *n;
struct smp_irk *irk;
hci_dev_lock(hdev);
list_for_each_safe(p, n, &hdev->identity_resolving_keys) {
struct smp_irk *irk = list_entry(p, struct smp_irk, list);
rcu_read_lock();
list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
&irk->bdaddr, irk->addr_type,
16, irk->val, &irk->rpa);
}
hci_dev_unlock(hdev);
rcu_read_unlock();
return 0;
}
@@ -803,17 +818,15 @@ static const struct file_operations identity_resolving_keys_fops = {
static int long_term_keys_show(struct seq_file *f, void *ptr)
{
struct hci_dev *hdev = f->private;
struct list_head *p, *n;
struct smp_ltk *ltk;
hci_dev_lock(hdev);
list_for_each_safe(p, n, &hdev->long_term_keys) {
struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
rcu_read_lock();
list_for_each_entry_rcu(ltk, &hdev->long_term_keys, list)
seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
&ltk->bdaddr, ltk->bdaddr_type, ltk->authenticated,
ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
__le64_to_cpu(ltk->rand), 16, ltk->val);
}
hci_dev_unlock(hdev);
rcu_read_unlock();
return 0;
}
@@ -1030,10 +1043,13 @@ static int device_list_show(struct seq_file *f, void *ptr)
{
struct hci_dev *hdev = f->private;
struct hci_conn_params *p;
struct bdaddr_list *b;
hci_dev_lock(hdev);
list_for_each_entry(b, &hdev->whitelist, list)
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
list_for_each_entry(p, &hdev->le_conn_params, list) {
seq_printf(f, "%pMR %u %u\n", &p->addr, p->addr_type,
seq_printf(f, "%pMR (type %u) %u\n", &p->addr, p->addr_type,
p->auto_connect);
}
hci_dev_unlock(hdev);
@@ -1147,13 +1163,16 @@ struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
hdev->req_status = HCI_REQ_PEND;
err = hci_req_run(&req, hci_req_sync_complete);
if (err < 0)
return ERR_PTR(err);
add_wait_queue(&hdev->req_wait_q, &wait);
set_current_state(TASK_INTERRUPTIBLE);
err = hci_req_run(&req, hci_req_sync_complete);
if (err < 0) {
remove_wait_queue(&hdev->req_wait_q, &wait);
set_current_state(TASK_RUNNING);
return ERR_PTR(err);
}
schedule_timeout(timeout);
remove_wait_queue(&hdev->req_wait_q, &wait);
@@ -1211,10 +1230,16 @@ static int __hci_req_sync(struct hci_dev *hdev,
func(&req, opt);
add_wait_queue(&hdev->req_wait_q, &wait);
set_current_state(TASK_INTERRUPTIBLE);
err = hci_req_run(&req, hci_req_sync_complete);
if (err < 0) {
hdev->req_status = 0;
remove_wait_queue(&hdev->req_wait_q, &wait);
set_current_state(TASK_RUNNING);
/* ENODATA means the HCI request command queue is empty.
* This can happen when a request with conditionals doesn't
* trigger any commands to be sent. This is normal behavior
@@ -1226,9 +1251,6 @@ static int __hci_req_sync(struct hci_dev *hdev,
return err;
}
add_wait_queue(&hdev->req_wait_q, &wait);
set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(timeout);
remove_wait_queue(&hdev->req_wait_q, &wait);
@@ -1713,6 +1735,28 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
* Parameter Request
*/
/* If the controller supports Extended Scanner Filter
* Policies, enable the correspondig event.
*/
if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
events[1] |= 0x04; /* LE Direct Advertising
* Report
*/
/* If the controller supports the LE Read Local P-256
* Public Key command, enable the corresponding event.
*/
if (hdev->commands[34] & 0x02)
events[0] |= 0x80; /* LE Read Local P-256
* Public Key Complete
*/
/* If the controller supports the LE Generate DHKey
* command, enable the corresponding event.
*/
if (hdev->commands[34] & 0x04)
events[1] |= 0x01; /* LE Generate DHKey Complete */
hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
events);
@@ -1755,9 +1799,7 @@ static void hci_init4_req(struct hci_request *req, unsigned long opt)
hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
/* Enable Secure Connections if supported and configured */
if ((lmp_sc_capable(hdev) ||
test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
if (bredr_sc_enabled(hdev)) {
u8 support = 0x01;
hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
sizeof(support), &support);
@@ -1811,10 +1853,10 @@ static int __hci_init(struct hci_dev *hdev)
&hdev->manufacturer);
debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
&device_list_fops);
debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
&blacklist_fops);
debugfs_create_file("whitelist", 0444, hdev->debugfs, hdev,
&whitelist_fops);
debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
@@ -1840,6 +1882,10 @@ static int __hci_init(struct hci_dev *hdev)
hdev, &force_sc_support_fops);
debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
hdev, &sc_only_mode_fops);
if (lmp_le_capable(hdev))
debugfs_create_file("force_lesc_support", 0644,
hdev->debugfs, hdev,
&force_lesc_support_fops);
}
if (lmp_sniff_capable(hdev)) {
@@ -1893,8 +1939,6 @@ static int __hci_init(struct hci_dev *hdev)
hdev, &adv_min_interval_fops);
debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
hdev, &adv_max_interval_fops);
debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
&device_list_fops);
debugfs_create_u16("discov_interleaved_timeout", 0644,
hdev->debugfs,
&hdev->discov_interleaved_timeout);
@@ -2138,7 +2182,7 @@ u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
hci_remove_remote_oob_data(hdev, &data->bdaddr);
hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
if (!data->ssp_mode)
flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
@@ -2584,6 +2628,11 @@ static int hci_dev_do_close(struct hci_dev *hdev)
if (test_bit(HCI_MGMT, &hdev->dev_flags))
cancel_delayed_work_sync(&hdev->rpa_expired);
/* Avoid potential lockdep warnings from the *_flush() calls by
* ensuring the workqueue is empty up front.
*/
drain_workqueue(hdev->workqueue);
hci_dev_lock(hdev);
hci_inquiry_cache_flush(hdev);
hci_pend_le_actions_clear(hdev);
@@ -2707,6 +2756,11 @@ int hci_dev_reset(__u16 dev)
skb_queue_purge(&hdev->rx_q);
skb_queue_purge(&hdev->cmd_q);
/* Avoid potential lockdep warnings from the *_flush() calls by
* ensuring the workqueue is empty up front.
*/
drain_workqueue(hdev->workqueue);
hci_dev_lock(hdev);
hci_inquiry_cache_flush(hdev);
hci_conn_hash_flush(hdev);
@@ -3112,35 +3166,31 @@ void hci_uuids_clear(struct hci_dev *hdev)
void hci_link_keys_clear(struct hci_dev *hdev)
{
struct list_head *p, *n;
struct link_key *key;
list_for_each_safe(p, n, &hdev->link_keys) {
struct link_key *key;
key = list_entry(p, struct link_key, list);
list_del(p);
kfree(key);
list_for_each_entry_rcu(key, &hdev->link_keys, list) {
list_del_rcu(&key->list);
kfree_rcu(key, rcu);
}
}
void hci_smp_ltks_clear(struct hci_dev *hdev)
{
struct smp_ltk *k, *tmp;
struct smp_ltk *k;
list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
list_del(&k->list);
kfree(k);
list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
list_del_rcu(&k->list);
kfree_rcu(k, rcu);
}
}
void hci_smp_irks_clear(struct hci_dev *hdev)
{
struct smp_irk *k, *tmp;
struct smp_irk *k;
list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
list_del(&k->list);
kfree(k);
list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
list_del_rcu(&k->list);
kfree_rcu(k, rcu);
}
}
@@ -3148,9 +3198,14 @@ struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
{
struct link_key *k;
list_for_each_entry(k, &hdev->link_keys, list)
if (bacmp(bdaddr, &k->bdaddr) == 0)
rcu_read_lock();
list_for_each_entry_rcu(k, &hdev->link_keys, list) {
if (bacmp(bdaddr, &k->bdaddr) == 0) {
rcu_read_unlock();
return k;
}
}
rcu_read_unlock();
return NULL;
}
@@ -3174,6 +3229,10 @@ static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
if (!conn)
return true;
/* BR/EDR key derived using SC from an LE link */
if (conn->type == LE_LINK)
return true;
/* Neither local nor remote side had no-bonding as requirement */
if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
return true;
@@ -3199,34 +3258,22 @@ static u8 ltk_role(u8 type)
return HCI_ROLE_SLAVE;
}
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
u8 role)
struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
u8 addr_type, u8 role)
{
struct smp_ltk *k;
list_for_each_entry(k, &hdev->long_term_keys, list) {
if (k->ediv != ediv || k->rand != rand)
rcu_read_lock();
list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
continue;
if (ltk_role(k->type) != role)
continue;
return k;
}
return NULL;
}
struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
u8 addr_type, u8 role)
{
struct smp_ltk *k;
list_for_each_entry(k, &hdev->long_term_keys, list)
if (addr_type == k->bdaddr_type &&
bacmp(bdaddr, &k->bdaddr) == 0 &&
ltk_role(k->type) == role)
if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
rcu_read_unlock();
return k;
}
}
rcu_read_unlock();
return NULL;
}
@@ -3235,18 +3282,23 @@ struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
{
struct smp_irk *irk;
list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
if (!bacmp(&irk->rpa, rpa))
return irk;
}
list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
if (smp_irk_matches(hdev, irk->val, rpa)) {
bacpy(&irk->rpa, rpa);
rcu_read_lock();
list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
if (!bacmp(&irk->rpa, rpa)) {
rcu_read_unlock();
return irk;
}
}
list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
if (smp_irk_matches(hdev, irk->val, rpa)) {
bacpy(&irk->rpa, rpa);
rcu_read_unlock();
return irk;
}
}
rcu_read_unlock();
return NULL;
}
@@ -3259,11 +3311,15 @@ struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
return NULL;
list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
rcu_read_lock();
list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
if (addr_type == irk->addr_type &&
bacmp(bdaddr, &irk->bdaddr) == 0)
bacmp(bdaddr, &irk->bdaddr) == 0) {
rcu_read_unlock();
return irk;
}
}
rcu_read_unlock();
return NULL;
}
@@ -3284,7 +3340,7 @@ struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
key = kzalloc(sizeof(*key), GFP_KERNEL);
if (!key)
return NULL;
list_add(&key->list, &hdev->link_keys);
list_add_rcu(&key->list, &hdev->link_keys);
}
BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
@@ -3322,14 +3378,14 @@ struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
struct smp_ltk *key, *old_key;
u8 role = ltk_role(type);
old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role);
old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
if (old_key)
key = old_key;
else {
key = kzalloc(sizeof(*key), GFP_KERNEL);
if (!key)
return NULL;
list_add(&key->list, &hdev->long_term_keys);
list_add_rcu(&key->list, &hdev->long_term_keys);
}
bacpy(&key->bdaddr, bdaddr);
@@ -3358,7 +3414,7 @@ struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
bacpy(&irk->bdaddr, bdaddr);
irk->addr_type = addr_type;
list_add(&irk->list, &hdev->identity_resolving_keys);
list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
}
memcpy(irk->val, val, 16);
@@ -3377,25 +3433,25 @@ int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
BT_DBG("%s removing %pMR", hdev->name, bdaddr);
list_del(&key->list);
kfree(key);
list_del_rcu(&key->list);
kfree_rcu(key, rcu);
return 0;
}
int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
{
struct smp_ltk *k, *tmp;
struct smp_ltk *k;
int removed = 0;
list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
continue;
BT_DBG("%s removing %pMR", hdev->name, bdaddr);
list_del(&k->list);
kfree(k);
list_del_rcu(&k->list);
kfree_rcu(k, rcu);
removed++;
}
@@ -3404,16 +3460,16 @@ int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
{
struct smp_irk *k, *tmp;
struct smp_irk *k;
list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
continue;
BT_DBG("%s removing %pMR", hdev->name, bdaddr);
list_del(&k->list);
kfree(k);
list_del_rcu(&k->list);
kfree_rcu(k, rcu);
}
}
@@ -3437,26 +3493,31 @@ static void hci_cmd_timeout(struct work_struct *work)
}
struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
bdaddr_t *bdaddr)
bdaddr_t *bdaddr, u8 bdaddr_type)
{
struct oob_data *data;
list_for_each_entry(data, &hdev->remote_oob_data, list)
if (bacmp(bdaddr, &data->bdaddr) == 0)
return data;
list_for_each_entry(data, &hdev->remote_oob_data, list) {
if (bacmp(bdaddr, &data->bdaddr) != 0)
continue;
if (data->bdaddr_type != bdaddr_type)
continue;
return data;
}
return NULL;
}
int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
u8 bdaddr_type)
{
struct oob_data *data;
data = hci_find_remote_oob_data(hdev, bdaddr);
data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
if (!data)
return -ENOENT;
BT_DBG("%s removing %pMR", hdev->name, bdaddr);
BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
list_del(&data->list);
kfree(data);
@@ -3475,52 +3536,37 @@ void hci_remote_oob_data_clear(struct hci_dev *hdev)
}
int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
u8 *hash, u8 *randomizer)
u8 bdaddr_type, u8 *hash192, u8 *rand192,
u8 *hash256, u8 *rand256)
{
struct oob_data *data;
data = hci_find_remote_oob_data(hdev, bdaddr);
data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
if (!data) {
data = kmalloc(sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
bacpy(&data->bdaddr, bdaddr);
data->bdaddr_type = bdaddr_type;
list_add(&data->list, &hdev->remote_oob_data);
}
memcpy(data->hash192, hash, sizeof(data->hash192));
memcpy(data->randomizer192, randomizer, sizeof(data->randomizer192));
memset(data->hash256, 0, sizeof(data->hash256));
memset(data->randomizer256, 0, sizeof(data->randomizer256));
BT_DBG("%s for %pMR", hdev->name, bdaddr);
return 0;
}
int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
u8 *hash192, u8 *randomizer192,
u8 *hash256, u8 *randomizer256)
{
struct oob_data *data;
data = hci_find_remote_oob_data(hdev, bdaddr);
if (!data) {
data = kmalloc(sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
bacpy(&data->bdaddr, bdaddr);
list_add(&data->list, &hdev->remote_oob_data);
if (hash192 && rand192) {
memcpy(data->hash192, hash192, sizeof(data->hash192));
memcpy(data->rand192, rand192, sizeof(data->rand192));
} else {
memset(data->hash192, 0, sizeof(data->hash192));
memset(data->rand192, 0, sizeof(data->rand192));
}
memcpy(data->hash192, hash192, sizeof(data->hash192));
memcpy(data->randomizer192, randomizer192, sizeof(data->randomizer192));
memcpy(data->hash256, hash256, sizeof(data->hash256));
memcpy(data->randomizer256, randomizer256, sizeof(data->randomizer256));
if (hash256 && rand256) {
memcpy(data->hash256, hash256, sizeof(data->hash256));
memcpy(data->rand256, rand256, sizeof(data->rand256));
} else {
memset(data->hash256, 0, sizeof(data->hash256));
memset(data->rand256, 0, sizeof(data->rand256));
}
BT_DBG("%s for %pMR", hdev->name, bdaddr);
@@ -4220,6 +4266,7 @@ void hci_unregister_dev(struct hci_dev *hdev)
hci_remote_oob_data_clear(hdev);
hci_bdaddr_list_clear(&hdev->le_white_list);
hci_conn_params_clear_all(hdev);
hci_discovery_filter_clear(hdev);
hci_dev_unlock(hdev);
hci_dev_put(hdev);
@@ -4244,6 +4291,24 @@ int hci_resume_dev(struct hci_dev *hdev)
}
EXPORT_SYMBOL(hci_resume_dev);
/* Reset HCI device */
int hci_reset_dev(struct hci_dev *hdev)
{
const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
struct sk_buff *skb;
skb = bt_skb_alloc(3, GFP_ATOMIC);
if (!skb)
return -ENOMEM;
bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
memcpy(skb_put(skb, 3), hw_err, 3);
/* Send Hardware Error to upper stack */
return hci_recv_frame(hdev, skb);
}
EXPORT_SYMBOL(hci_reset_dev);
/* Receive frame from HCI drivers */
int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
{
@@ -4477,7 +4542,7 @@ int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
BT_DBG("length %u", skb_queue_len(&req->cmd_q));
/* If an error occured during request building, remove all HCI
/* If an error occurred during request building, remove all HCI
* commands queued on the HCI request queue.
*/
if (req->err) {
@@ -4546,7 +4611,7 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
return -ENOMEM;
}
/* Stand-alone HCI commands must be flaged as
/* Stand-alone HCI commands must be flagged as
* single-command requests.
*/
bt_cb(skb)->req.start = true;
@@ -4566,7 +4631,7 @@ void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
/* If an error occured during request building, there is no point in
/* If an error occurred during request building, there is no point in
* queueing the HCI command. We can simply return.
*/
if (req->err)
@@ -4661,8 +4726,12 @@ static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
skb_shinfo(skb)->frag_list = NULL;
/* Queue all fragments atomically */
spin_lock(&queue->lock);
/* Queue all fragments atomically. We need to use spin_lock_bh
* here because of 6LoWPAN links, as there this function is
* called from softirq and using normal spin lock could cause
* deadlocks.
*/
spin_lock_bh(&queue->lock);
__skb_queue_tail(queue, skb);
@@ -4679,7 +4748,7 @@ static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
__skb_queue_tail(queue, skb);
} while (list);
spin_unlock(&queue->lock);
spin_unlock_bh(&queue->lock);
}
}
@@ -5570,6 +5639,19 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
*/
filter_policy = update_white_list(req);
/* When the controller is using random resolvable addresses and
* with that having LE privacy enabled, then controllers with
* Extended Scanner Filter Policies support can now enable support
* for handling directed advertising.
*
* So instead of using filter polices 0x00 (no whitelist)
* and 0x01 (whitelist enabled) use the new filter policies
* 0x02 (no whitelist) and 0x03 (whitelist enabled).
*/
if (test_bit(HCI_PRIVACY, &hdev->dev_flags) &&
(hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
filter_policy |= 0x02;
memset(&param_cp, 0, sizeof(param_cp));
param_cp.type = LE_SCAN_PASSIVE;
param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
@@ -5621,6 +5703,15 @@ void hci_update_background_scan(struct hci_dev *hdev)
if (hdev->discovery.state != DISCOVERY_STOPPED)
return;
/* Reset RSSI and UUID filters when starting background scanning
* since these filters are meant for service discovery only.
*
* The Start Discovery and Start Service Discovery operations
* ensure to set proper values for RSSI threshold and UUID
* filter list. So it is safe to just reset them here.
*/
hci_discovery_filter_clear(hdev);
hci_req_init(&req, hdev);
if (list_empty(&hdev->pend_le_conns) &&

296
net/bluetooth/hci_event.c
查看文件

@@ -189,6 +189,9 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
clear_bit(HCI_RESET, &hdev->flags);
if (status)
return;
/* Reset all non-persistent flags */
hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
@@ -205,6 +208,8 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
hdev->le_scan_type = LE_SCAN_PASSIVE;
hdev->ssp_debug_mode = 0;
hci_bdaddr_list_clear(&hdev->le_white_list);
}
static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -989,8 +994,8 @@ static void hci_cc_read_local_oob_data(struct hci_dev *hdev,
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
hci_dev_lock(hdev);
mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->randomizer,
NULL, NULL, rp->status);
mgmt_read_local_oob_data_complete(hdev, rp->hash, rp->rand, NULL, NULL,
rp->status);
hci_dev_unlock(hdev);
}
@@ -1002,8 +1007,8 @@ static void hci_cc_read_local_oob_ext_data(struct hci_dev *hdev,
BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
hci_dev_lock(hdev);
mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->randomizer192,
rp->hash256, rp->randomizer256,
mgmt_read_local_oob_data_complete(hdev, rp->hash192, rp->rand192,
rp->hash256, rp->rand256,
rp->status);
hci_dev_unlock(hdev);
}
@@ -1045,7 +1050,7 @@ static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
hci_dev_lock(hdev);
/* If we're doing connection initation as peripheral. Set a
/* If we're doing connection initiation as peripheral. Set a
* timeout in case something goes wrong.
*/
if (*sent) {
@@ -1576,9 +1581,15 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
struct discovery_state *discov = &hdev->discovery;
struct inquiry_entry *e;
if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
name_len, conn->dev_class);
/* Update the mgmt connected state if necessary. Be careful with
* conn objects that exist but are not (yet) connected however.
* Only those in BT_CONFIG or BT_CONNECTED states can be
* considered connected.
*/
if (conn &&
(conn->state == BT_CONFIG || conn->state == BT_CONNECTED) &&
!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
mgmt_device_connected(hdev, conn, 0, name, name_len);
if (discov->state == DISCOVERY_STOPPED)
return;
@@ -1943,6 +1954,29 @@ unlock:
hci_dev_unlock(hdev);
}
static void hci_cs_switch_role(struct hci_dev *hdev, u8 status)
{
struct hci_cp_switch_role *cp;
struct hci_conn *conn;
BT_DBG("%s status 0x%2.2x", hdev->name, status);
if (!status)
return;
cp = hci_sent_cmd_data(hdev, HCI_OP_SWITCH_ROLE);
if (!cp)
return;
hci_dev_lock(hdev);
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
if (conn)
clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
hci_dev_unlock(hdev);
}
static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
__u8 status = *((__u8 *) skb->data);
@@ -2009,13 +2043,14 @@ static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
data.pscan_mode = info->pscan_mode;
memcpy(data.dev_class, info->dev_class, 3);
data.clock_offset = info->clock_offset;
data.rssi = 0x00;
data.rssi = HCI_RSSI_INVALID;
data.ssp_mode = 0x00;
flags = hci_inquiry_cache_update(hdev, &data, false);
mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
info->dev_class, 0, flags, NULL, 0, NULL, 0);
info->dev_class, HCI_RSSI_INVALID,
flags, NULL, 0, NULL, 0);
}
hci_dev_unlock(hdev);
@@ -2536,9 +2571,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
cp.pscan_rep_mode = 0x02;
hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
} else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
mgmt_device_connected(hdev, &conn->dst, conn->type,
conn->dst_type, 0, NULL, 0,
conn->dev_class);
mgmt_device_connected(hdev, conn, 0, NULL, 0);
if (!hci_outgoing_auth_needed(hdev, conn)) {
conn->state = BT_CONNECTED;
@@ -2848,6 +2881,10 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
hci_cs_create_conn(hdev, ev->status);
break;
case HCI_OP_DISCONNECT:
hci_cs_disconnect(hdev, ev->status);
break;
case HCI_OP_ADD_SCO:
hci_cs_add_sco(hdev, ev->status);
break;
@@ -2876,6 +2913,14 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
hci_cs_setup_sync_conn(hdev, ev->status);
break;
case HCI_OP_CREATE_PHY_LINK:
hci_cs_create_phylink(hdev, ev->status);
break;
case HCI_OP_ACCEPT_PHY_LINK:
hci_cs_accept_phylink(hdev, ev->status);
break;
case HCI_OP_SNIFF_MODE:
hci_cs_sniff_mode(hdev, ev->status);
break;
@@ -2884,16 +2929,8 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
hci_cs_exit_sniff_mode(hdev, ev->status);
break;
case HCI_OP_DISCONNECT:
hci_cs_disconnect(hdev, ev->status);
break;
case HCI_OP_CREATE_PHY_LINK:
hci_cs_create_phylink(hdev, ev->status);
break;
case HCI_OP_ACCEPT_PHY_LINK:
hci_cs_accept_phylink(hdev, ev->status);
case HCI_OP_SWITCH_ROLE:
hci_cs_switch_role(hdev, ev->status);
break;
case HCI_OP_LE_CREATE_CONN:
@@ -2923,6 +2960,13 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
}
}
static void hci_hardware_error_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
struct hci_ev_hardware_error *ev = (void *) skb->data;
BT_ERR("%s hardware error 0x%2.2x", hdev->name, ev->code);
}
static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
struct hci_ev_role_change *ev = (void *) skb->data;
@@ -3148,6 +3192,38 @@ unlock:
hci_dev_unlock(hdev);
}
static void conn_set_key(struct hci_conn *conn, u8 key_type, u8 pin_len)
{
if (key_type == HCI_LK_CHANGED_COMBINATION)
return;
conn->pin_length = pin_len;
conn->key_type = key_type;
switch (key_type) {
case HCI_LK_LOCAL_UNIT:
case HCI_LK_REMOTE_UNIT:
case HCI_LK_DEBUG_COMBINATION:
return;
case HCI_LK_COMBINATION:
if (pin_len == 16)
conn->pending_sec_level = BT_SECURITY_HIGH;
else
conn->pending_sec_level = BT_SECURITY_MEDIUM;
break;
case HCI_LK_UNAUTH_COMBINATION_P192:
case HCI_LK_UNAUTH_COMBINATION_P256:
conn->pending_sec_level = BT_SECURITY_MEDIUM;
break;
case HCI_LK_AUTH_COMBINATION_P192:
conn->pending_sec_level = BT_SECURITY_HIGH;
break;
case HCI_LK_AUTH_COMBINATION_P256:
conn->pending_sec_level = BT_SECURITY_FIPS;
break;
}
}
static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
struct hci_ev_link_key_req *ev = (void *) skb->data;
@@ -3174,6 +3250,8 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
if (conn) {
clear_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
if ((key->type == HCI_LK_UNAUTH_COMBINATION_P192 ||
key->type == HCI_LK_UNAUTH_COMBINATION_P256) &&
conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
@@ -3189,8 +3267,7 @@ static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
goto not_found;
}
conn->key_type = key->type;
conn->pin_length = key->pin_len;
conn_set_key(conn, key->type, key->pin_len);
}
bacpy(&cp.bdaddr, &ev->bdaddr);
@@ -3220,16 +3297,15 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
hci_dev_lock(hdev);
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
if (conn) {
hci_conn_hold(conn);
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
pin_len = conn->pin_length;
if (!conn)
goto unlock;
if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
conn->key_type = ev->key_type;
hci_conn_hold(conn);
conn->disc_timeout = HCI_DISCONN_TIMEOUT;
hci_conn_drop(conn);
hci_conn_drop(conn);
}
set_bit(HCI_CONN_NEW_LINK_KEY, &conn->flags);
conn_set_key(conn, ev->key_type, conn->pin_length);
if (!test_bit(HCI_MGMT, &hdev->dev_flags))
goto unlock;
@@ -3239,6 +3315,12 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
if (!key)
goto unlock;
/* Update connection information since adding the key will have
* fixed up the type in the case of changed combination keys.
*/
if (ev->key_type == HCI_LK_CHANGED_COMBINATION)
conn_set_key(conn, key->type, key->pin_len);
mgmt_new_link_key(hdev, key, persistent);
/* Keep debug keys around only if the HCI_KEEP_DEBUG_KEYS flag
@@ -3248,15 +3330,16 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
*/
if (key->type == HCI_LK_DEBUG_COMBINATION &&
!test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags)) {
list_del(&key->list);
kfree(key);
} else if (conn) {
if (persistent)
clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
else
set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
list_del_rcu(&key->list);
kfree_rcu(key, rcu);
goto unlock;
}
if (persistent)
clear_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
else
set_bit(HCI_CONN_FLUSH_KEY, &conn->flags);
unlock:
hci_dev_unlock(hdev);
}
@@ -3434,9 +3517,7 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
cp.pscan_rep_mode = 0x02;
hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
} else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
mgmt_device_connected(hdev, &conn->dst, conn->type,
conn->dst_type, 0, NULL, 0,
conn->dev_class);
mgmt_device_connected(hdev, conn, 0, NULL, 0);
if (!hci_outgoing_auth_needed(hdev, conn)) {
conn->state = BT_CONNECTED;
@@ -3693,7 +3774,7 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
cp.authentication = conn->auth_type;
if (hci_find_remote_oob_data(hdev, &conn->dst) &&
if (hci_find_remote_oob_data(hdev, &conn->dst, BDADDR_BREDR) &&
(conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
cp.oob_data = 0x01;
else
@@ -3948,18 +4029,16 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
if (!test_bit(HCI_MGMT, &hdev->dev_flags))
goto unlock;
data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
data = hci_find_remote_oob_data(hdev, &ev->bdaddr, BDADDR_BREDR);
if (data) {
if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
if (bredr_sc_enabled(hdev)) {
struct hci_cp_remote_oob_ext_data_reply cp;
bacpy(&cp.bdaddr, &ev->bdaddr);
memcpy(cp.hash192, data->hash192, sizeof(cp.hash192));
memcpy(cp.randomizer192, data->randomizer192,
sizeof(cp.randomizer192));
memcpy(cp.rand192, data->rand192, sizeof(cp.rand192));
memcpy(cp.hash256, data->hash256, sizeof(cp.hash256));
memcpy(cp.randomizer256, data->randomizer256,
sizeof(cp.randomizer256));
memcpy(cp.rand256, data->rand256, sizeof(cp.rand256));
hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_EXT_DATA_REPLY,
sizeof(cp), &cp);
@@ -3968,8 +4047,7 @@ static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
bacpy(&cp.bdaddr, &ev->bdaddr);
memcpy(cp.hash, data->hash192, sizeof(cp.hash));
memcpy(cp.randomizer, data->randomizer192,
sizeof(cp.randomizer));
memcpy(cp.rand, data->rand192, sizeof(cp.rand));
hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY,
sizeof(cp), &cp);
@@ -4214,8 +4292,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
}
if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
mgmt_device_connected(hdev, &conn->dst, conn->type,
conn->dst_type, 0, NULL, 0, NULL);
mgmt_device_connected(hdev, conn, 0, NULL, 0);
conn->sec_level = BT_SECURITY_LOW;
conn->handle = __le16_to_cpu(ev->handle);
@@ -4269,25 +4346,26 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
}
/* This function requires the caller holds hdev->lock */
static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
u8 addr_type, u8 adv_type)
static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
bdaddr_t *addr,
u8 addr_type, u8 adv_type)
{
struct hci_conn *conn;
struct hci_conn_params *params;
/* If the event is not connectable don't proceed further */
if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
return;
return NULL;
/* Ignore if the device is blocked */
if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
return;
return NULL;
/* Most controller will fail if we try to create new connections
* while we have an existing one in slave role.
*/
if (hdev->conn_hash.le_num_slave > 0)
return;
return NULL;
/* If we're not connectable only connect devices that we have in
* our pend_le_conns list.
@@ -4295,7 +4373,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
addr, addr_type);
if (!params)
return;
return NULL;
switch (params->auto_connect) {
case HCI_AUTO_CONN_DIRECT:
@@ -4304,7 +4382,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
* incoming connections from slave devices.
*/
if (adv_type != LE_ADV_DIRECT_IND)
return;
return NULL;
break;
case HCI_AUTO_CONN_ALWAYS:
/* Devices advertising with ADV_IND or ADV_DIRECT_IND
@@ -4315,7 +4393,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
*/
break;
default:
return;
return NULL;
}
conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
@@ -4328,7 +4406,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
* count consistent once the connection is established.
*/
params->conn = hci_conn_get(conn);
return;
return conn;
}
switch (PTR_ERR(conn)) {
@@ -4341,17 +4419,48 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
break;
default:
BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
return NULL;
}
return NULL;
}
static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
u8 bdaddr_type, s8 rssi, u8 *data, u8 len)
u8 bdaddr_type, bdaddr_t *direct_addr,
u8 direct_addr_type, s8 rssi, u8 *data, u8 len)
{
struct discovery_state *d = &hdev->discovery;
struct smp_irk *irk;
struct hci_conn *conn;
bool match;
u32 flags;
/* If the direct address is present, then this report is from
* a LE Direct Advertising Report event. In that case it is
* important to see if the address is matching the local
* controller address.
*/
if (direct_addr) {
/* Only resolvable random addresses are valid for these
* kind of reports and others can be ignored.
*/
if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
return;
/* If the controller is not using resolvable random
* addresses, then this report can be ignored.
*/
if (!test_bit(HCI_PRIVACY, &hdev->dev_flags))
return;
/* If the local IRK of the controller does not match
* with the resolvable random address provided, then
* this report can be ignored.
*/
if (!smp_irk_matches(hdev, hdev->irk, direct_addr))
return;
}
/* Check if we need to convert to identity address */
irk = hci_get_irk(hdev, bdaddr, bdaddr_type);
if (irk) {
@@ -4360,7 +4469,14 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
}
/* Check if we have been requested to connect to this device */
check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
if (conn && type == LE_ADV_IND) {
/* Store report for later inclusion by
* mgmt_device_connected
*/
memcpy(conn->le_adv_data, data, len);
conn->le_adv_data_len = len;
}
/* Passive scanning shouldn't trigger any device found events,
* except for devices marked as CONN_REPORT for which we do send
@@ -4481,7 +4597,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
rssi = ev->data[ev->length];
process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
ev->bdaddr_type, rssi, ev->data, ev->length);
ev->bdaddr_type, NULL, 0, rssi,
ev->data, ev->length);
ptr += sizeof(*ev) + ev->length + 1;
}
@@ -4505,10 +4622,20 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
if (conn == NULL)
goto not_found;
ltk = hci_find_ltk(hdev, ev->ediv, ev->rand, conn->role);
if (ltk == NULL)
ltk = hci_find_ltk(hdev, &conn->dst, conn->dst_type, conn->role);
if (!ltk)
goto not_found;
if (smp_ltk_is_sc(ltk)) {
/* With SC both EDiv and Rand are set to zero */
if (ev->ediv || ev->rand)
goto not_found;
} else {
/* For non-SC keys check that EDiv and Rand match */
if (ev->ediv != ltk->ediv || ev->rand != ltk->rand)
goto not_found;
}
memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
cp.handle = cpu_to_le16(conn->handle);
@@ -4526,8 +4653,8 @@ static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
*/
if (ltk->type == SMP_STK) {
set_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
list_del(&ltk->list);
kfree(ltk);
list_del_rcu(&ltk->list);
kfree_rcu(ltk, rcu);
} else {
clear_bit(HCI_CONN_STK_ENCRYPT, &conn->flags);
}
@@ -4612,6 +4739,27 @@ static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev,
hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
}
static void hci_le_direct_adv_report_evt(struct hci_dev *hdev,
struct sk_buff *skb)
{
u8 num_reports = skb->data[0];
void *ptr = &skb->data[1];
hci_dev_lock(hdev);
while (num_reports--) {
struct hci_ev_le_direct_adv_info *ev = ptr;
process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
ev->bdaddr_type, &ev->direct_addr,
ev->direct_addr_type, ev->rssi, NULL, 0);
ptr += sizeof(*ev);
}
hci_dev_unlock(hdev);
}
static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
{
struct hci_ev_le_meta *le_ev = (void *) skb->data;
@@ -4639,6 +4787,10 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
hci_le_remote_conn_param_req_evt(hdev, skb);
break;
case HCI_EV_LE_DIRECT_ADV_REPORT:
hci_le_direct_adv_report_evt(hdev, skb);
break;
default:
break;
}
@@ -4735,6 +4887,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
hci_cmd_status_evt(hdev, skb);
break;
case HCI_EV_HARDWARE_ERROR:
hci_hardware_error_evt(hdev, skb);
break;
case HCI_EV_ROLE_CHANGE:
hci_role_change_evt(hdev, skb);
break;

6
net/bluetooth/hci_sock.c
查看文件

@@ -878,7 +878,7 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
}
skb_reset_transport_header(skb);
err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
err = skb_copy_datagram_msg(skb, 0, msg, copied);
switch (hci_pi(sk)->channel) {
case HCI_CHANNEL_RAW:
@@ -947,7 +947,7 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
if (!skb)
goto done;
if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
err = -EFAULT;
goto drop;
}
@@ -987,7 +987,7 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
skb_queue_tail(&hdev->raw_q, skb);
queue_work(hdev->workqueue, &hdev->tx_work);
} else {
/* Stand-alone HCI commands must be flaged as
/* Stand-alone HCI commands must be flagged as
* single-command requests.
*/
bt_cb(skb)->req.start = true;

2
net/bluetooth/hidp/Kconfig
查看文件

@@ -1,6 +1,6 @@
config BT_HIDP
tristate "HIDP protocol support"
depends on BT && INPUT
depends on BT_BREDR && INPUT
select HID
help
HIDP (Human Interface Device Protocol) is a transport layer

10
net/bluetooth/hidp/core.c
查看文件

@@ -736,14 +736,10 @@ static int hidp_setup_hid(struct hidp_session *session,
struct hid_device *hid;
int err;
session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
if (!session->rd_data)
return -ENOMEM;
session->rd_data = memdup_user(req->rd_data, req->rd_size);
if (IS_ERR(session->rd_data))
return PTR_ERR(session->rd_data);
if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
err = -EFAULT;
goto fault;
}
session->rd_size = req->rd_size;
hid = hid_allocate_device();

104
net/bluetooth/l2cap_core.c
查看文件

@@ -46,7 +46,6 @@
bool disable_ertm;
static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN | L2CAP_FEAT_UCD;
static u8 l2cap_fixed_chan[8] = { L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS, };
static LIST_HEAD(chan_list);
static DEFINE_RWLOCK(chan_list_lock);
@@ -424,6 +423,9 @@ struct l2cap_chan *l2cap_chan_create(void)
mutex_init(&chan->lock);
/* Set default lock nesting level */
atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL);
write_lock(&chan_list_lock);
list_add(&chan->global_l, &chan_list);
write_unlock(&chan_list_lock);
@@ -567,7 +569,8 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
__clear_chan_timer(chan);
BT_DBG("chan %p, conn %p, err %d", chan, conn, err);
BT_DBG("chan %p, conn %p, err %d, state %s", chan, conn, err,
state_to_string(chan->state));
chan->ops->teardown(chan, err);
@@ -836,7 +839,10 @@ static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
if (!skb)
return;
if (lmp_no_flush_capable(conn->hcon->hdev))
/* Use NO_FLUSH if supported or we have an LE link (which does
* not support auto-flushing packets) */
if (lmp_no_flush_capable(conn->hcon->hdev) ||
conn->hcon->type == LE_LINK)
flags = ACL_START_NO_FLUSH;
else
flags = ACL_START;
@@ -870,8 +876,13 @@ static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
return;
}
if (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
lmp_no_flush_capable(hcon->hdev))
/* Use NO_FLUSH for LE links (where this is the only option) or
* if the BR/EDR link supports it and flushing has not been
* explicitly requested (through FLAG_FLUSHABLE).
*/
if (hcon->type == LE_LINK ||
(!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
lmp_no_flush_capable(hcon->hdev)))
flags = ACL_START_NO_FLUSH;
else
flags = ACL_START;
@@ -1108,10 +1119,10 @@ static bool __amp_capable(struct l2cap_chan *chan)
struct hci_dev *hdev;
bool amp_available = false;
if (!conn->hs_enabled)
if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
return false;
if (!(conn->fixed_chan_mask & L2CAP_FC_A2MP))
if (!(conn->remote_fixed_chan & L2CAP_FC_A2MP))
return false;
read_lock(&hci_dev_list_lock);
@@ -2092,8 +2103,7 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
struct sk_buff **frag;
int sent = 0;
if (chan->ops->memcpy_fromiovec(chan, skb_put(skb, count),
msg->msg_iov, count))
if (copy_from_iter(skb_put(skb, count), count, &msg->msg_iter) != count)
return -EFAULT;
sent += count;
@@ -2113,8 +2123,8 @@ static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
*frag = tmp;
if (chan->ops->memcpy_fromiovec(chan, skb_put(*frag, count),
msg->msg_iov, count))
if (copy_from_iter(skb_put(*frag, count), count,
&msg->msg_iter) != count)
return -EFAULT;
sent += count;
@@ -3084,12 +3094,14 @@ static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
static inline bool __l2cap_ews_supported(struct l2cap_conn *conn)
{
return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_WINDOW;
return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
(conn->feat_mask & L2CAP_FEAT_EXT_WINDOW));
}
static inline bool __l2cap_efs_supported(struct l2cap_conn *conn)
{
return conn->hs_enabled && conn->feat_mask & L2CAP_FEAT_EXT_FLOW;
return ((conn->local_fixed_chan & L2CAP_FC_A2MP) &&
(conn->feat_mask & L2CAP_FEAT_EXT_FLOW));
}
static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
@@ -3318,7 +3330,7 @@ static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
break;
case L2CAP_CONF_EWS:
if (!chan->conn->hs_enabled)
if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP))
return -ECONNREFUSED;
set_bit(FLAG_EXT_CTRL, &chan->flags);
@@ -3873,9 +3885,7 @@ static int l2cap_connect_req(struct l2cap_conn *conn,
hci_dev_lock(hdev);
if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
mgmt_device_connected(hdev, &hcon->dst, hcon->type,
hcon->dst_type, 0, NULL, 0,
hcon->dev_class);
mgmt_device_connected(hdev, hcon, 0, NULL, 0);
hci_dev_unlock(hdev);
l2cap_connect(conn, cmd, data, L2CAP_CONN_RSP, 0);
@@ -4084,7 +4094,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
chan->num_conf_req++;
}
/* Got Conf Rsp PENDING from remote side and asume we sent
/* Got Conf Rsp PENDING from remote side and assume we sent
Conf Rsp PENDING in the code above */
if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
@@ -4324,7 +4334,7 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
if (!disable_ertm)
feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
| L2CAP_FEAT_FCS;
if (conn->hs_enabled)
if (conn->local_fixed_chan & L2CAP_FC_A2MP)
feat_mask |= L2CAP_FEAT_EXT_FLOW
| L2CAP_FEAT_EXT_WINDOW;
@@ -4335,14 +4345,10 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
u8 buf[12];
struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
if (conn->hs_enabled)
l2cap_fixed_chan[0] |= L2CAP_FC_A2MP;
else
l2cap_fixed_chan[0] &= ~L2CAP_FC_A2MP;
rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
memcpy(rsp->data, l2cap_fixed_chan, sizeof(l2cap_fixed_chan));
rsp->data[0] = conn->local_fixed_chan;
memset(rsp->data + 1, 0, 7);
l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf),
buf);
} else {
@@ -4408,7 +4414,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn,
break;
case L2CAP_IT_FIXED_CHAN:
conn->fixed_chan_mask = rsp->data[0];
conn->remote_fixed_chan = rsp->data[0];
conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
conn->info_ident = 0;
@@ -4432,7 +4438,7 @@ static int l2cap_create_channel_req(struct l2cap_conn *conn,
if (cmd_len != sizeof(*req))
return -EPROTO;
if (!conn->hs_enabled)
if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
return -EINVAL;
psm = le16_to_cpu(req->psm);
@@ -4862,7 +4868,7 @@ static inline int l2cap_move_channel_req(struct l2cap_conn *conn,
BT_DBG("icid 0x%4.4x, dest_amp_id %d", icid, req->dest_amp_id);
if (!conn->hs_enabled)
if (!(conn->local_fixed_chan & L2CAP_FC_A2MP))
return -EINVAL;
chan = l2cap_get_chan_by_dcid(conn, icid);
@@ -5217,9 +5223,10 @@ static int l2cap_le_connect_rsp(struct l2cap_conn *conn,
u8 *data)
{
struct l2cap_le_conn_rsp *rsp = (struct l2cap_le_conn_rsp *) data;
struct hci_conn *hcon = conn->hcon;
u16 dcid, mtu, mps, credits, result;
struct l2cap_chan *chan;
int err;
int err, sec_level;
if (cmd_len < sizeof(*rsp))
return -EPROTO;
@@ -5258,6 +5265,26 @@ static int l2cap_le_connect_rsp(struct l2cap_conn *conn,
l2cap_chan_ready(chan);
break;
case L2CAP_CR_AUTHENTICATION:
case L2CAP_CR_ENCRYPTION:
/* If we already have MITM protection we can't do
* anything.
*/
if (hcon->sec_level > BT_SECURITY_MEDIUM) {
l2cap_chan_del(chan, ECONNREFUSED);
break;
}
sec_level = hcon->sec_level + 1;
if (chan->sec_level < sec_level)
chan->sec_level = sec_level;
/* We'll need to send a new Connect Request */
clear_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags);
smp_conn_security(hcon, chan->sec_level);
break;
default:
l2cap_chan_del(chan, ECONNREFUSED);
break;
@@ -5390,7 +5417,8 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
mutex_lock(&conn->chan_lock);
l2cap_chan_lock(pchan);
if (!smp_sufficient_security(conn->hcon, pchan->sec_level)) {
if (!smp_sufficient_security(conn->hcon, pchan->sec_level,
SMP_ALLOW_STK)) {
result = L2CAP_CR_AUTHENTICATION;
chan = NULL;
goto response_unlock;
@@ -5494,6 +5522,7 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn,
if (credits > max_credits) {
BT_ERR("LE credits overflow");
l2cap_send_disconn_req(chan, ECONNRESET);
l2cap_chan_unlock(chan);
/* Return 0 so that we don't trigger an unnecessary
* command reject packet.
@@ -6931,9 +6960,15 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
conn->feat_mask = 0;
if (hcon->type == ACL_LINK)
conn->hs_enabled = test_bit(HCI_HS_ENABLED,
&hcon->hdev->dev_flags);
conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS;
if (hcon->type == ACL_LINK &&
test_bit(HCI_HS_ENABLED, &hcon->hdev->dev_flags))
conn->local_fixed_chan |= L2CAP_FC_A2MP;
if (bredr_sc_enabled(hcon->hdev) &&
test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR;
mutex_init(&conn->ident_lock);
mutex_init(&conn->chan_lock);
@@ -7330,7 +7365,8 @@ int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
l2cap_start_connection(chan);
else
__set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
} else if (chan->state == BT_CONNECT2) {
} else if (chan->state == BT_CONNECT2 &&
chan->mode != L2CAP_MODE_LE_FLOWCTL) {
struct l2cap_conn_rsp rsp;
__u16 res, stat;

37
net/bluetooth/l2cap_sock.c
查看文件

@@ -285,6 +285,12 @@ static int l2cap_sock_listen(struct socket *sock, int backlog)
sk->sk_max_ack_backlog = backlog;
sk->sk_ack_backlog = 0;
/* Listening channels need to use nested locking in order not to
* cause lockdep warnings when the created child channels end up
* being locked in the same thread as the parent channel.
*/
atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
chan->state = BT_LISTEN;
sk->sk_state = BT_LISTEN;
@@ -301,7 +307,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
long timeo;
int err = 0;
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
lock_sock_nested(sk, L2CAP_NESTING_PARENT);
timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
@@ -333,7 +339,7 @@ static int l2cap_sock_accept(struct socket *sock, struct socket *newsock,
release_sock(sk);
timeo = schedule_timeout(timeo);
lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
lock_sock_nested(sk, L2CAP_NESTING_PARENT);
}
__set_current_state(TASK_RUNNING);
remove_wait_queue(sk_sleep(sk), &wait);
@@ -1096,6 +1102,8 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
chan = l2cap_pi(sk)->chan;
conn = chan->conn;
BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
if (conn)
mutex_lock(&conn->chan_lock);
@@ -1153,12 +1161,16 @@ static void l2cap_sock_cleanup_listen(struct sock *parent)
{
struct sock *sk;
BT_DBG("parent %p", parent);
BT_DBG("parent %p state %s", parent,
state_to_string(parent->sk_state));
/* Close not yet accepted channels */
while ((sk = bt_accept_dequeue(parent, NULL))) {
struct l2cap_chan *chan = l2cap_pi(sk)->chan;
BT_DBG("child chan %p state %s", chan,
state_to_string(chan->state));
l2cap_chan_lock(chan);
__clear_chan_timer(chan);
l2cap_chan_close(chan, ECONNRESET);
@@ -1246,7 +1258,16 @@ static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
struct sock *sk = chan->data;
struct sock *parent;
lock_sock(sk);
BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
/* This callback can be called both for server (BT_LISTEN)
* sockets as well as "normal" ones. To avoid lockdep warnings
* with child socket locking (through l2cap_sock_cleanup_listen)
* we need separation into separate nesting levels. The simplest
* way to accomplish this is to inherit the nesting level used
* for the channel.
*/
lock_sock_nested(sk, atomic_read(&chan->nesting));
parent = bt_sk(sk)->parent;
@@ -1315,13 +1336,6 @@ static struct sk_buff *l2cap_sock_alloc_skb_cb(struct l2cap_chan *chan,
return skb;
}
static int l2cap_sock_memcpy_fromiovec_cb(struct l2cap_chan *chan,
unsigned char *kdata,
struct iovec *iov, int len)
{
return memcpy_fromiovec(kdata, iov, len);
}
static void l2cap_sock_ready_cb(struct l2cap_chan *chan)
{
struct sock *sk = chan->data;
@@ -1406,7 +1420,6 @@ static const struct l2cap_ops l2cap_chan_ops = {
.set_shutdown = l2cap_sock_set_shutdown_cb,
.get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
.alloc_skb = l2cap_sock_alloc_skb_cb,
.memcpy_fromiovec = l2cap_sock_memcpy_fromiovec_cb,
};
static void l2cap_sock_destruct(struct sock *sk)

1008
net/bluetooth/mgmt.c
查看文件

文件差异内容过多而无法显示 加载差异

2
net/bluetooth/rfcomm/Kconfig
查看文件

@@ -1,6 +1,6 @@
config BT_RFCOMM
tristate "RFCOMM protocol support"
depends on BT
depends on BT_BREDR
help
RFCOMM provides connection oriented stream transport. RFCOMM
support is required for Dialup Networking, OBEX and other Bluetooth

12
net/bluetooth/rfcomm/core.c
查看文件

@@ -78,8 +78,10 @@ static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
#define __get_type(b) ((b & 0xef))
#define __test_ea(b) ((b & 0x01))
#define __test_cr(b) ((b & 0x02))
#define __test_pf(b) ((b & 0x10))
#define __test_cr(b) (!!(b & 0x02))
#define __test_pf(b) (!!(b & 0x10))
#define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
@@ -388,7 +390,7 @@ static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst,
return err;
}
dlci = __dlci(!s->initiator, channel);
dlci = __dlci(__session_dir(s), channel);
/* Check if DLCI already exists */
if (rfcomm_dlc_get(s, dlci))
@@ -543,7 +545,7 @@ struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
rfcomm_lock();
s = rfcomm_session_get(src, dst);
if (s) {
dlci = __dlci(!s->initiator, channel);
dlci = __dlci(__session_dir(s), channel);
dlc = rfcomm_dlc_get(s, dlci);
}
rfcomm_unlock();
@@ -904,7 +906,7 @@ static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
hdr->len = __len8(sizeof(*mcc) + 1);
mcc = (void *) ptr; ptr += sizeof(*mcc);
mcc->type = __mcc_type(cr, RFCOMM_NSC);
mcc->type = __mcc_type(0, RFCOMM_NSC);
mcc->len = __len8(1);
/* Type that we didn't like */

2
net/bluetooth/rfcomm/sock.c
查看文件

@@ -588,7 +588,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
}
skb_reserve(skb, RFCOMM_SKB_HEAD_RESERVE);
err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
err = memcpy_from_msg(skb_put(skb, size), msg, size);
if (err) {
kfree_skb(skb);
if (sent == 0)

2
net/bluetooth/sco.c
查看文件

@@ -285,7 +285,7 @@ static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len)
if (!skb)
return err;
if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
if (memcpy_from_msg(skb_put(skb, len), msg, len)) {
kfree_skb(skb);
return -EFAULT;
}

1637
net/bluetooth/smp.c
查看文件

文件差异内容过多而无法显示 加载差异

60
net/bluetooth/smp.h
查看文件

@@ -50,10 +50,13 @@ struct smp_cmd_pairing {
#define SMP_DIST_ENC_KEY 0x01
#define SMP_DIST_ID_KEY 0x02
#define SMP_DIST_SIGN 0x04
#define SMP_DIST_LINK_KEY 0x08
#define SMP_AUTH_NONE 0x00
#define SMP_AUTH_BONDING 0x01
#define SMP_AUTH_MITM 0x04
#define SMP_AUTH_SC 0x08
#define SMP_AUTH_KEYPRESS 0x10
#define SMP_CMD_PAIRING_CONFIRM 0x03
struct smp_cmd_pairing_confirm {
@@ -102,7 +105,23 @@ struct smp_cmd_security_req {
__u8 auth_req;
} __packed;
#define SMP_CMD_MAX 0x0b
#define SMP_CMD_PUBLIC_KEY 0x0c
struct smp_cmd_public_key {
__u8 x[32];
__u8 y[32];
} __packed;
#define SMP_CMD_DHKEY_CHECK 0x0d
struct smp_cmd_dhkey_check {
__u8 e[16];
} __packed;
#define SMP_CMD_KEYPRESS_NOTIFY 0x0e
struct smp_cmd_keypress_notify {
__u8 value;
} __packed;
#define SMP_CMD_MAX 0x0e
#define SMP_PASSKEY_ENTRY_FAILED 0x01
#define SMP_OOB_NOT_AVAIL 0x02
@@ -114,6 +133,10 @@ struct smp_cmd_security_req {
#define SMP_UNSPECIFIED 0x08
#define SMP_REPEATED_ATTEMPTS 0x09
#define SMP_INVALID_PARAMS 0x0a
#define SMP_DHKEY_CHECK_FAILED 0x0b
#define SMP_NUMERIC_COMP_FAILED 0x0c
#define SMP_BREDR_PAIRING_IN_PROGRESS 0x0d
#define SMP_CROSS_TRANSP_NOT_ALLOWED 0x0e
#define SMP_MIN_ENC_KEY_SIZE 7
#define SMP_MAX_ENC_KEY_SIZE 16
@@ -123,23 +146,48 @@ enum {
SMP_STK,
SMP_LTK,
SMP_LTK_SLAVE,
SMP_LTK_P256,
SMP_LTK_P256_DEBUG,
};
static inline bool smp_ltk_is_sc(struct smp_ltk *key)
{
switch (key->type) {
case SMP_LTK_P256:
case SMP_LTK_P256_DEBUG:
return true;
}
return false;
}
static inline u8 smp_ltk_sec_level(struct smp_ltk *key)
{
if (key->authenticated)
return BT_SECURITY_HIGH;
if (key->authenticated) {
if (smp_ltk_is_sc(key))
return BT_SECURITY_FIPS;
else
return BT_SECURITY_HIGH;
}
return BT_SECURITY_MEDIUM;
}
/* Key preferences for smp_sufficient security */
enum smp_key_pref {
SMP_ALLOW_STK,
SMP_USE_LTK,
};
/* SMP Commands */
bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level);
bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level,
enum smp_key_pref key_pref);
int smp_conn_security(struct hci_conn *hcon, __u8 sec_level);
int smp_user_confirm_reply(struct hci_conn *conn, u16 mgmt_op, __le32 passkey);
bool smp_irk_matches(struct hci_dev *hdev, u8 irk[16], bdaddr_t *bdaddr);
int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa);
bool smp_irk_matches(struct hci_dev *hdev, const u8 irk[16],
const bdaddr_t *bdaddr);
int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa);
int smp_register(struct hci_dev *hdev);
void smp_unregister(struct hci_dev *hdev);