* Pull request: bluetooth-2.6 2010-07-08
@ 2010-07-08 23:40 Marcel Holtmann
2010-07-08 23:40 ` [PATCH 1/3] Bluetooth: Check L2CAP pending status before sending connect request Marcel Holtmann
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Marcel Holtmann @ 2010-07-08 23:40 UTC (permalink / raw)
To: David Miller; +Cc: netdev
Hi Dave,
so I took the two security fixes and the interoperability fix for basic
mode L2CAP connections and combined them here.
All the other patches where bug fixes with L2CAP ERTM support and I will
send them separately.
Regards
Marcel
Please pull from
git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6.git master
This will update the following files:
net/bluetooth/hci_conn.c | 5 +++++
net/bluetooth/hci_event.c | 2 ++
net/bluetooth/l2cap.c | 14 +++++++++++---
3 files changed, 18 insertions(+), 3 deletions(-)
through these ChangeSets:
Andrei Emeltchenko (1):
Bluetooth: Check L2CAP pending status before sending connect request
Johan Hedberg (1):
Bluetooth: Reset the security level after an authentication failure
Ville Tervo (1):
Bluetooth: Update sec_level/auth_type for already existing connections
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/3] Bluetooth: Check L2CAP pending status before sending connect request
2010-07-08 23:40 Pull request: bluetooth-2.6 2010-07-08 Marcel Holtmann
@ 2010-07-08 23:40 ` Marcel Holtmann
2010-07-08 23:40 ` [PATCH 2/3] Bluetooth: Reset the security level after an authentication failure Marcel Holtmann
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Marcel Holtmann @ 2010-07-08 23:40 UTC (permalink / raw)
To: David Miller; +Cc: netdev
From: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Due to race condition in L2CAP state machine L2CAP Connection Request
may be sent twice for SDP with the same source channel id. Problems
reported connecting to Apple products, some carkit, Blackberry phones.
...
2010-06-07 21:18:03.651031 < ACL data: handle 1 flags 0x02 dlen 12
L2CAP(s): Connect req: psm 1 scid 0x0040
2010-06-07 21:18:03.653473 > HCI Event: Number of Completed Packets (0x13) plen 5
handle 1 packets 1
2010-06-07 21:18:03.653808 > HCI Event: Auth Complete (0x06) plen 3
status 0x00 handle 1
2010-06-07 21:18:03.653869 < ACL data: handle 1 flags 0x02 dlen 12
L2CAP(s): Connect req: psm 1 scid 0x0040
...
Patch uses L2CAP_CONF_CONNECT_PEND flag to mark that L2CAP Connection
Request has been sent already.
Modified version of patch from Ville Tervo.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/l2cap.c | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index 1b682a5..cf3c407 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -401,6 +401,11 @@ static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
l2cap_send_sframe(pi, control);
}
+static inline int __l2cap_no_conn_pending(struct sock *sk)
+{
+ return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
+}
+
static void l2cap_do_start(struct sock *sk)
{
struct l2cap_conn *conn = l2cap_pi(sk)->conn;
@@ -409,12 +414,13 @@ static void l2cap_do_start(struct sock *sk)
if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
return;
- if (l2cap_check_security(sk)) {
+ if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
struct l2cap_conn_req req;
req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
req.psm = l2cap_pi(sk)->psm;
l2cap_pi(sk)->ident = l2cap_get_ident(conn);
+ l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
L2CAP_CONN_REQ, sizeof(req), &req);
@@ -464,12 +470,14 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
}
if (sk->sk_state == BT_CONNECT) {
- if (l2cap_check_security(sk)) {
+ if (l2cap_check_security(sk) &&
+ __l2cap_no_conn_pending(sk)) {
struct l2cap_conn_req req;
req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
req.psm = l2cap_pi(sk)->psm;
l2cap_pi(sk)->ident = l2cap_get_ident(conn);
+ l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
L2CAP_CONN_REQ, sizeof(req), &req);
@@ -2912,7 +2920,6 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd
l2cap_pi(sk)->ident = 0;
l2cap_pi(sk)->dcid = dcid;
l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
-
l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
@@ -4404,6 +4411,7 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
req.psm = l2cap_pi(sk)->psm;
l2cap_pi(sk)->ident = l2cap_get_ident(conn);
+ l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
L2CAP_CONN_REQ, sizeof(req), &req);
--
1.7.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] Bluetooth: Reset the security level after an authentication failure
2010-07-08 23:40 Pull request: bluetooth-2.6 2010-07-08 Marcel Holtmann
2010-07-08 23:40 ` [PATCH 1/3] Bluetooth: Check L2CAP pending status before sending connect request Marcel Holtmann
@ 2010-07-08 23:40 ` Marcel Holtmann
2010-07-08 23:40 ` [PATCH 3/3] Bluetooth: Update sec_level/auth_type for already existing connections Marcel Holtmann
2010-07-09 0:28 ` Pull request: bluetooth-2.6 2010-07-08 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Marcel Holtmann @ 2010-07-08 23:40 UTC (permalink / raw)
To: David Miller; +Cc: netdev
From: Johan Hedberg <johan.hedberg@nokia.com>
When authentication fails for a connection the assumed security level
should be set back to BT_SECURITY_LOW so that subsequent connect
attempts over the same link don't falsely assume that security is
adequate enough.
Signed-off-by: Johan Hedberg <johan.hedberg@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/hci_event.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6c57fc7..786b5de 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1049,6 +1049,8 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
if (conn) {
if (!ev->status)
conn->link_mode |= HCI_LM_AUTH;
+ else
+ conn->sec_level = BT_SECURITY_LOW;
clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
--
1.7.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] Bluetooth: Update sec_level/auth_type for already existing connections
2010-07-08 23:40 Pull request: bluetooth-2.6 2010-07-08 Marcel Holtmann
2010-07-08 23:40 ` [PATCH 1/3] Bluetooth: Check L2CAP pending status before sending connect request Marcel Holtmann
2010-07-08 23:40 ` [PATCH 2/3] Bluetooth: Reset the security level after an authentication failure Marcel Holtmann
@ 2010-07-08 23:40 ` Marcel Holtmann
2010-07-09 0:28 ` Pull request: bluetooth-2.6 2010-07-08 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Marcel Holtmann @ 2010-07-08 23:40 UTC (permalink / raw)
To: David Miller; +Cc: netdev
From: Ville Tervo <ville.tervo@nokia.com>
Update auth level for already existing connections if it is lower
than required by new connection.
Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Reviewed-by: Emeltchenko Andrei <andrei.emeltchenko@nokia.com>
Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com>
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
net/bluetooth/hci_conn.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b10e3cd..800b6b9 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -358,6 +358,11 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
acl->sec_level = sec_level;
acl->auth_type = auth_type;
hci_acl_connect(acl);
+ } else {
+ if (acl->sec_level < sec_level)
+ acl->sec_level = sec_level;
+ if (acl->auth_type < auth_type)
+ acl->auth_type = auth_type;
}
if (type == ACL_LINK)
--
1.7.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: Pull request: bluetooth-2.6 2010-07-08
2010-07-08 23:40 Pull request: bluetooth-2.6 2010-07-08 Marcel Holtmann
` (2 preceding siblings ...)
2010-07-08 23:40 ` [PATCH 3/3] Bluetooth: Update sec_level/auth_type for already existing connections Marcel Holtmann
@ 2010-07-09 0:28 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2010-07-09 0:28 UTC (permalink / raw)
To: marcel; +Cc: netdev
From: Marcel Holtmann <marcel@holtmann.org>
Date: Thu, 8 Jul 2010 20:40:50 -0300
> Hi Dave,
>
> so I took the two security fixes and the interoperability fix for basic
> mode L2CAP connections and combined them here.
>
> All the other patches where bug fixes with L2CAP ERTM support and I will
> send them separately.
...
> Please pull from
>
> git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6.git master
Pulled, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-07-09 0:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-08 23:40 Pull request: bluetooth-2.6 2010-07-08 Marcel Holtmann
2010-07-08 23:40 ` [PATCH 1/3] Bluetooth: Check L2CAP pending status before sending connect request Marcel Holtmann
2010-07-08 23:40 ` [PATCH 2/3] Bluetooth: Reset the security level after an authentication failure Marcel Holtmann
2010-07-08 23:40 ` [PATCH 3/3] Bluetooth: Update sec_level/auth_type for already existing connections Marcel Holtmann
2010-07-09 0:28 ` Pull request: bluetooth-2.6 2010-07-08 David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.