| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The handler for variable length commands were trying to calculate the
expected length of the command based on the given parameter count, and
then comparing that with the received data. However, the expected count
was stored in a u16 which can easily overflow. With a carefully crafted
command this can then be made to match the given data even though the
parameter count is actually way too big, resulting in a buffer overflow
when parsing the parameters.
This patch fixes the issue by calculating a per-command maximum
parameter count and returns INVALID_PARAMS if it is exceeded.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
When we're scanning for specific devices that use an RPA we need to
convert the RPA to the identity address before looking up the entry in
the connection parameters. This patch adds the necessary code to do this
in the process_adv_report() function.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
If we have one or more devices with HCI_AUTO_CONN_REPORT we should do
background scanning and emit mgmt_device_found events. This patch
modifies the hci_update_background_scan() function to extend the
conditions needed to trigger scanning, and adds the necessary code to
process_adv_report() to emit mgmt_device_found events.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
When the kernel is doing LE scanning because of one or more devices
added with action 0x00 through the Add Device command we do want to let
mgmt_device_found() to proceed with sending an event. This kind of
devices are tracked with hdev->pend_le_reports, so check this value
before bailing out from the function.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
To be able to make the right choice of whether to start passive scanning
or to send out a mgmt_device_found event we need to know if there are
any devices in the le_conn_params list with the auto_connect value set
to HCI_AUTO_CONN_REPORT. This patch adds a counter for this kind of
devices.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This command allows to get the list of currently known controller that
are in unconfigured state.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
When a controller in an unconfigured state gets removed, then send
Unconfigured Index Removed events.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
When a controller is in unconfigured state it is currently hidden
from the management interface. This change now announces the new
controller with an Unconfigured Index Added event and allows clients
to easily detect the controller.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
With the new unconfigured controller state it is possible to provide a
fully functional HCI transport, but disable the higher level operations
that would normally happen. This way userspace can try to configure the
controller before releases the unconfigured state.
The internal state is represented by HCI_UNCONFIGURED. This replaces the
HCI_QUIRK_RAW_DEVICE quirk as internal state representation. This is now
a real state and drivers can use the quirk to actually trigger this
state. In the future this will allow a more fine grained switching from
unconfigured state to configured state for controller inititialization.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
If we don't have an identity address for connection parameters it
doesn't really make sense to send them to user space. Instead just
ignore them for now. Later we can add support for sending them when we
eventually get the identity through pairing.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
There are more places that can take advantage of is_identity_address()
besides hci_core.c. This patch moves the function to hci_core.h and
gives it the appropriate hci_ prefix.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The calling functions of mgmt_new_conn_param have more information about
the parameters, such as whether the kernel is tracking them or not. It
makes therefore sense to have them pass an initial store_hint value to
the mgmt_new_conn_param function.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The caller of hci_le_conn_update is directly interested in knowing what
the best value is for the store_hint parameter of the corresponding
mgmt event. Since hci_le_conn_update knows whether there were stored
parameters that were updated or not we can have it return an initial
store_hint value to the caller.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
We should update any stored connection parameters when we receive the LE
Remote Connection Parameter Request HCI event. This patch adds the
necessary code to the function that handles the event.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch implements the new Load Connection Parameters mgmt command
that's intended to load the desired connection parameters for LE
devices.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The Remove Device mgmt command is supposed to undo what the Add Device
command does. An entry added by Add Device cannot have the
HCI_AUTO_CONN_DISABLED auto_connect value, so we should treat this as an
invalid entry to remove. This patch adds the necessary pieces to the
Remove Device command handler so that it only removes entries which were
added by Add Device.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The 0x00 action value of mgmt means "scan and report" but do not
connect. This is different from HCI_AUTO_CONN_DISABLED so we need a new
value for it.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
In some circumstances we'll need to either clear only the enabled
parameters or only the disabled ones. This patch adds convenience
functions for this purpose.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
We'll soon have specific clear functions for clearing enabled or
disabled entries, so rename the function that removes everything to
clear_all().
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
When allocating a new controller structure, then default to the internal
use value 0xffff first. Default to 0x0000 is a bad idea since that is
the manufacturer identifier of Ericsson Technology Licensing.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
Unlike BR/EDR we cannot reject LE connections of blocked devices but
have to do it as soon as we get a LE Connection Complete event. The
patch adds a blacklist check to the hci_le_conn_complete_evt function
and drops all connections for blocked devices.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The ATT channel isn't the only one that we should ensure doesn't receive
data from blocked devices. SMP is another, and in general we don't want
data packets going to any of the various handlers. Therefore, add a
single check to the l2cap_recv_frame function.
The patch fixes at the same time the use of a correct address type. The
blacklist stores the values with the user space facing triple type
wheras hci_conn->dst_type uses the HCI address type (0x00 or 0x01).
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
Some embedded controllers allow the programming of a public address
and this adds vendor support for supporting OEM confguration of such
addresses.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
This patch introduces a new Mgmt event called "New Connection Parameter".
This event indicates to userspace the connection parameters values the
remote device requested.
The user may store these values and load them into kernel. This way, next
time a connection is established to that device, the kernel will use those
parameters values instead of the default ones.
This event is sent when the remote device requests new connection
parameters through connection parameter update procedure. This event is
not sent for slave connections.
Signed-off-by: Andre Guedes <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The Bluetooth 4.1 introduces a new LE meta event called "LE Remote
Connection Parameter Request" event. In order to the controller
sends this event to host, we should enable it during controller
initialization.
Signed-off-by: Andre Guedes <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
During init2 phase, the LE local features have not be read yet so
we aren't able to rely on hdev->le_features to determine if the
controller supports the Connection Parameters Request Procedure.
For that reason, this patch moves LE event mask setting from init2
into init3 initialization phase.
The hdev->le_features mask will be checked by the next patch in order
to know if "LE Remote Connection Parameter Request Event" should be
enabled.
Signed-off-by: Andre Guedes <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch adds support for LE Connection Parameters Request Link
Layer control procedure introduced in Core spec 4.1. This procedure
allows a Peripheral or Central to update the Link Layer connection
parameters of an established connection.
Regarding the acceptance of connection parameters, the LL procedure
follows the same approach of L2CAP procedure (see l2cap_conn_param_
update_req function). We accept any connection parameters values as
long as they are within the valid range.
Signed-off-by: Andre Guedes <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
For the Block/Unblock Device mgmt commands we should only emit the
Blocked/Unblocked events on any socket except for the one which received
the command. The code was previously incorrectly trying to look up a
non-existent pending command and thereby ending up not skipping the
command socket for the event.
We can simplify the code a lot by simply sending the event directly from
the command handler functions. We have the reference to the command
socket available there which makes it easy to pass to the mgmt_event
function for skipping.
The only notable side-effect of this is that the old blacklisting
ioctl's no-longer cause mgmt events to be emitted, however as user space
versions using these ioctl's are not mgmt-aware this is acceptable.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The background scanning normally gets enabled during power on by
adding devices to the pending connection list. However devices
might be already on that list and the list of devices is empty,
then it is better to trigger the background manually.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
When a new controller is initialized, but not powered from userspace
at the moment, the HCI_AUTO_OFF flag is still set. During this period,
userspace might program device for auto-connection, but never power
on the controller. In this case do not try to start background
scanning and leave it for later to be started.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
If we're encrypted with the STK we should allow re-encryption with an
LTK even though the achieved security level is the same. This patch adds
the necessary logic to the smp_sufficient_security function which is
used to determine whether to proceed with encryption or not.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
There are certain subtle differences in behavior when we're encrypted
with the STK, such as allowing re-encryption even though the security
level stays the same. Because of this, add a flag to track whether we're
encrypted with an STK or not.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
If we're already encrypted with a good enough LTK we should just ignore
an incoming SMP Security Request. The code was already taking care of
this in the smp_conn_security function before calling smp_ltk_encrypt
but failed to do the same in smp_cmd_security_req. This patch fixes the
issue by moving up the smp_sufficient_security function and using it in
the Security Request handler before trying to request encryption.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
The Device Found events of the management interface should indicate if
it is possible to connect to a remote device or if it is broadcaster
only advertising. To allow this differentation the Not Connectable flag
is introduced that will be set when it is known that a device can not
be connected.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
Providing the flags parameter directly to mgmt_device_found function
makes the core simpler and more readable. With this it becomes a lot
easier to add new flags in the future.
This also changes hci_inquiry_cache_update to just return that flags
needed for mgmt_device_found since that is its only use for the two
return parameters anyway.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
The advertising data and scan response data are merged in the wrong
order. It should be advertsing data first and then scan response data
and not the other way around.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
Cc: [email protected] # 3.16
|
|
The connection interval parameter of hci_conn_params_set are always used
with the controller defaults. So just let hci_conn_params_add set the
controller default and not bother resetting them to controller defaults
every time the hci_conn_params_set is called.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
The hci_conn_params_add function provides the default allocation of
connection parameters. To avoid code duplication, use that code from
hci_conn_params_set to allocate or lookup parameter struct.
As a benefit the connection latency and supervision timeout parameters
are no longer reset to default when calling hci_conn_params_set.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
When adding new connection parameters, it is useful to return either
the existing struct or the newly created one.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
The return value of smp_ltk_encrypt is simple boolean, so just use
bool and make the code a bit more readable.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
This is to support the Motorola HF850 carkit which reports the error
code 0x10 for an eSCO attempt, even though it advertises eSCO support.
With this patch we will retry with a SCO connection, which succeeds.
Signed-off-by: Nick Pelly <[email protected]>
Signed-off-by: Kiran Kumar Raparthy <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
We have all the necessary remote information for getpeername() when we
are in the BT_CONFIG state so this should be allowed. This is
particularly important for LE sockets where changing the security level
will temporarily move the socket into BT_CONFIG state.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
bt_seq_ops is only used with __seq_open_private as
const struct seq_operations *
Signed-off-by: Fabian Frederick <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch renames l2cap_check_conn_param() to hci_check_conn_params()
and moves it to hci_core.h so it can reused in others files. This helper
will be reused in the next patch.
Signed-off-by: Andre Guedes <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
When the controller is not active or in init/setup phase, do not
try to start or stop background scanning.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
When trying to pair a new Bluetooth Low Energy device, then make sure
that the default connections parameters are in place before trying to
establish the first connection to that device. With the connection
parameters structure allocated, the slave preferred values can now
easily be tracked and all future connections will use the correct
values from that start decreasing connection establishment time.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
In some cases it is useful to not overwrite connection parametes and
instead just create default ones if they don't exist. This function
does exactly that. hci_conn_params_add will allow to create new
default connection parameters. hci_conn_params_set will set the
values and also create new parameters if they don't exist.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
The controller has a default value for the supervision timeout. Expose
this via debugfs for testing purposes.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
The controller has a default value for the connection latency. Expose
this via debugfs for testing purposes.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|
|
Store the connection latency and supervision timeout default values
with all the other controller defaults. And when needed use them
for new connections.
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Johan Hedberg <[email protected]>
|