23 Nov, 2016
1 commit
-
The hci_get_route() API is used to look up local HCI devices, however
so far it has been incapable of dealing with anything else than the
public address of HCI devices. This completely breaks with LE-only HCI
devices that do not come with a public address, but use a static
random address instead.This patch exteds the hci_get_route() API with a src_type parameter
that's used for comparing with the right address of each HCI device.Signed-off-by: Johan Hedberg
Signed-off-by: Marcel Holtmann
20 Oct, 2016
1 commit
-
Append maximum of 10 + 1 bytes of name to scan response data.
Complete name is appended only if exists and is
Signed-off-by: Marcel Holtmann
06 Oct, 2016
3 commits
-
Use eir_append_data to remove code duplication.
Signed-off-by: Michał Narajowski
Signed-off-by: Marcel Holtmann -
Add appearance value to beginning of scan rsp data for
default advertising instance if the value is not 0.Signed-off-by: Michał Narajowski
Signed-off-by: Marcel Holtmann -
Use complete name if it fits. If not and there is short name
check if it fits. If not then use shortened name as prefix
of complete name.Signed-off-by: Michał Narajowski
Signed-off-by: Marcel Holtmann
22 Sep, 2016
2 commits
-
Scan response data should not be updated unless there
is an advertising instance.Signed-off-by: Michał Narajowski
Signed-off-by: Marcel Holtmann -
Adds missing callback assignment to cmd_complete in pending management command
context. Dump path involves security procedure performed on legacy (pre-SSP)
devices with service security requirements set to HIGH (16digits PIN).
It fails when shorter PIN is delivered by user.[ 1.517950] Bluetooth: PIN code is not 16 bytes long
[ 1.518491] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 1.518584] IP: [< (null)>] (null)
[ 1.518584] PGD 9e08067 PUD 9fdf067 PMD 0
[ 1.518584] Oops: 0010 [#1] SMP
[ 1.518584] Modules linked in:
[ 1.518584] CPU: 0 PID: 1002 Comm: kworker/u3:2 Not tainted 4.8.0-rc6-354649-gaf4168c #16
[ 1.518584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.9.3-20160701_074356-anatol 04/01/2014
[ 1.518584] Workqueue: hci0 hci_rx_work
[ 1.518584] task: ffff880009ce14c0 task.stack: ffff880009e10000
[ 1.518584] RIP: 0010:[] [< (null)>] (null)
[ 1.518584] RSP: 0018:ffff880009e13bc8 EFLAGS: 00010293
[ 1.518584] RAX: 0000000000000000 RBX: ffff880009eed100 RCX: 0000000000000006
[ 1.518584] RDX: ffff880009ddc000 RSI: 0000000000000000 RDI: ffff880009eed100
[ 1.518584] RBP: ffff880009e13be0 R08: 0000000000000000 R09: 0000000000000001
[ 1.518584] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1.518584] R13: ffff880009e13ccd R14: ffff880009ddc000 R15: ffff880009ddc010
[ 1.518584] FS: 0000000000000000(0000) GS:ffff88000bc00000(0000) knlGS:0000000000000000
[ 1.518584] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.518584] CR2: 0000000000000000 CR3: 0000000009fdd000 CR4: 00000000000006f0
[ 1.518584] Stack:
[ 1.518584] ffffffff81909808 ffff880009e13cce ffff880009e0d40b ffff880009e13c68
[ 1.518584] ffffffff818f428d 00000000024000c0 ffff880009e13c08 ffffffff810ca903
[ 1.518584] ffff880009e13c48 ffffffff811ade34 ffffffff8178c31f ffff880009ee6200
[ 1.518584] Call Trace:
[ 1.518584] [] ? mgmt_pin_code_neg_reply_complete+0x38/0x60
[ 1.518584] [] hci_cmd_complete_evt+0x69d/0x3200
[ 1.518584] [] ? rcu_read_lock_sched_held+0x53/0x60
[ 1.518584] [] ? kmem_cache_alloc+0x1a4/0x200
[ 1.518584] [] ? skb_clone+0x4f/0xa0
[ 1.518584] [] hci_event_packet+0x8e1/0x28e0
[ 1.518584] [] ? _raw_spin_unlock_irqrestore+0x31/0x50
[ 1.518584] [] ? trace_hardirqs_on_caller+0xee/0x1b0
[ 1.518584] [] hci_rx_work+0x1e1/0x5b0
[ 1.518584] [] ? process_one_work+0x1ed/0x6b0
[ 1.518584] [] process_one_work+0x268/0x6b0
[ 1.518584] [] ? process_one_work+0x1ed/0x6b0
[ 1.518584] [] worker_thread+0x43/0x4e0
[ 1.518584] [] ? process_one_work+0x6b0/0x6b0
[ 1.518584] [] ? process_one_work+0x6b0/0x6b0
[ 1.518584] [] kthread+0xdf/0x100
[ 1.518584] [] ret_from_fork+0x1f/0x40
[ 1.518584] [] ? kthread_create_on_node+0x210/0x210Signed-off-by: Arek Lichwa
Signed-off-by: Marcel Holtmann
20 Sep, 2016
33 commits
-
Setting appearance on controllers without LE support will result
in No Supported error.Signed-off-by: Michał Narajowski
Signed-off-by: Johan Hedberg -
This patch adds missing event when setting appearance, just like
in the set local name command.Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
This patch adds EIR data to extended info changed event.
Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
If LE is enabled appearance is added to EIR data.
Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
This will also be used for Extended Information Event handling.
Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
There is no need to allocate heap for reply only to copy stack data to
it. This also fix rp memory leak and missing hdev unlock if kmalloc
failed.Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
Increment the mgmt revision due to the recently added
Read Extended Controller Information and Set Appearance commands.Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
Flags are not allowed in Scan Response.
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
This unifies max length and TLV validity checks.
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
hdev parameter is not used in function.
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
This patch enables prepending appearance value to scan response data.
It also adds support for setting appearance value through mgmt command.
If currently advertised instance has apperance flag set it is expired
immediately.Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
This patch enables appending local name to scan response data. If
currently advertised instance has name flag set it is expired
immediately.Signed-off-by: Michał Narajowski
Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
If force_bredr is set SMP BR/EDR channel should also be for non-SC
capable controllers. Since hcidev flag is persistent wrt power toggle
it can be already set when calling smp_register(). This resulted in
SMP BR/EDR channel not being registered even if HCI_FORCE_BREDR_SMP
flag was set.This also fix NULL pointer dereference when trying to disable
force_bredr after power cycle.BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
IP: [] smp_del_chan+0x18/0x80 [bluetooth]Call Trace:
[] force_bredr_smp_write+0xba/0x100 [bluetooth]
[] full_proxy_write+0x54/0x90
[] __vfs_write+0x37/0x160
[] ? selinux_file_permission+0xd7/0x110
[] ? security_file_permission+0x3d/0xc0
[] ? percpu_down_read+0x12/0x50
[] vfs_write+0xb5/0x1a0
[] SyS_write+0x55/0xc0
[] entry_SYSCALL_64_fastpath+0x1a/0xa4
Code: 48 8b 45 f0 eb c1 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
44 00 00 f6 05 c6 3b 02 00 04 55 48 89 e5 41 54 53 49 89 fc 75
4b
8b 9c 24 88 03 00 00 48 85 db 74 31 49 c7 84 24 88 03 00 00
RIP [] smp_del_chan+0x18/0x80 [bluetooth]
RSP
CR2: 0000000000000388Signed-off-by: Szymon Janc
Signed-off-by: Marcel Holtmann -
Use kzalloc rather than kmalloc followed by memset with 0.
Generated by: scripts/coccinelle/api/alloc/kzalloc-simple.cocci
Signed-off-by: Wei Yongjun
Signed-off-by: Marcel Holtmann -
A comment in the code states that SCO connection should be rejected
with the proper error value between 0xd-0xf. The code uses
HCI_ERROR_REMOTE_LOW_RESOURCES which is 0x14.This led to following error:
< HCI Command: Reject Synchronous Co.. (0x01|0x002a) plen 7
Address: 34:51:C9:EF:02:CA (Apple, Inc.)
Reason: Remote Device Terminated due to Low Resources (0x14)
> HCI Event: Command Status (0x0f) plen 4
Reject Synchronous Connection Request (0x01|0x002a) ncmd 1
Status: Invalid HCI Command Parameters (0x12)Instead make use of HCI_ERROR_REJ_LIMITED_RESOURCES which is 0xd.
Signed-off-by: Frédéric Dalleau
Signed-off-by: Marcel Holtmann -
When closing HCI User Channel, the New Settings event was send out to
inform about changed settings. However such event is wrong since the
exclusive HCI User Channel access is active until the Index Added event
has been sent.@ USER Close: test
@ MGMT Event: New Settings (0x0006) plen 4
Current settings: 0x00000ad0
Bondable
Secure Simple Pairing
BR/EDR
Low Energy
Secure Connections
= Close Index: 00:14:EF:22:04:12
@ MGMT Event: Index Added (0x0004) plen 0Calling __mgmt_power_off from hci_dev_do_close requires an extra check
for an active HCI User Channel.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
When opening and closing HCI user channel, send monitoring messages to
be able to trace its behavior.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
This adds device class, complete local name and short local name
to EIR data in Extended Controller Info as specified in docs.Signed-off-by: Michał Narajowski
Signed-off-by: Marcel Holtmann -
This command is used to retrieve the current state and basic
information of a controller. It is typically used right after
getting the response to the Read Controller Index List command
or an Index Added event (or its extended counterparts).When any of the values in the EIR_Data field changes, the event
Extended Controller Information Changed will be used to inform
clients about the updated information.Signed-off-by: Marcel Holtmann
Signed-off-by: Michał Narajowski -
In case an unbound HCI raw socket is later on bound, ensure that the
monitor notification messages indicate a close and re-open. None of
the userspace tools use the socket this, but it is actually possible
to use an ioctl on an unbound socket and then later bind it.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
When opening and closing HCI raw sockets their main usage is for legacy
userspace. To track interaction with the modern mgmt interface, send
open and close monitoring messages for these action.The HCI raw sockets is special since it supports unbound ioctl operation
and for that special case delay the notification message until at least
one ioctl has been executed. The difference between a bound and unbound
socket will be detailed by the fact the HCI index is present or not.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
The control open and close monitoring events require special channel
checks to ensure messages are only send when the right events happen.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
Assignment of the hci_pi(sk)->channel should be done early when binding
the HCI socket. This avoids confusion with the RAW channel that is used
for legacy access.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
Only when the cookie has been assigned, then send the open and close
monitor messages. Also if the socket is bound to a device, then include
the index into the message.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
Instead of keeping a version string around, use version and revision
numbers and then stringify them for use as module parameter.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
Instead of manually allocating cookie information each time, use helper
functions for generating and releasing cookies.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
In case of failure, the Set IO Capability command is suppose to return
command status and not command complete.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
The address information of the Get Clock Information return parameters
is copying from a different memory location. It uses &cmd->param while
it actually needs to be cmd->param.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
Instead of hiding everything behind a general managment events flag,
introduce indivdual flags that allow fine control over which events are
send to a given management channel.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
When an Advertising Instance is removed, the Advertising Removed event
shouldn't be sent to the same socket that issued the Remove
Advertising command (it gets a command complete event instead). The
mgmt_advertising_removed() function already has a parameter for
skipping a specific socket, but there was no code to propagate the
right value to this parameter. This patch fixes the issue by making
sure the intermediate hci_req_clear_adv_instance() function gets the
socket pointer.Signed-off-by: Johan Hedberg
Signed-off-by: Marcel Holtmann -
This adds support for tracing all management commands and events via the
monitor interface.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
This sends new notifications to the monitor support whenever a
management channel has been opened or closed. This allows tracing of
control channels really easily.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg -
The mgmt version information will be also needed for the control
changell tracing feature. This provides a helper to pack them.Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg
