1. 27 Feb, 2009 33 commits
    • Marcel Holtmann's avatar
      Bluetooth: Disallow usage of L2CAP CID setting for now · 2a517ca6
      Marcel Holtmann authored
      In the future the L2CAP layer will have full support for fixed channels
      and right now it already can export the channel assignment, but for the
      functions bind() and connect() the usage of only CID 0 is allowed. This
      allows an easy detection if the kernel supports fixed channels or not,
      because otherwise it would impossible for application to tell.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      2a517ca6
    • Marcel Holtmann's avatar
      Bluetooth: Change RFCOMM to use BT_CONNECT2 for BT_DEFER_SETUP · 8bf47941
      Marcel Holtmann authored
      When BT_DEFER_SETUP is enabled on a RFCOMM socket, then switch its
      current state from BT_OPEN to BT_CONNECT2. This gives the Bluetooth
      core a unified way to handle L2CAP and RFCOMM sockets. The BT_CONNECT2
      state is designated for incoming connections.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      8bf47941
    • Marcel Holtmann's avatar
      Bluetooth: Fix poll() misbehavior when using BT_DEFER_SETUP · d5f2d2be
      Marcel Holtmann authored
      When BT_DEFER_SETUP has been enabled on a Bluetooth socket it keeps
      signaling POLLIN all the time. This is a wrong behavior. The POLLIN
      should only be signaled if the client socket is in BT_CONNECT2 state
      and the parent has been BT_DEFER_SETUP enabled.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      d5f2d2be
    • Marcel Holtmann's avatar
      Bluetooth: Set authentication requirement before requesting it · 96a31833
      Marcel Holtmann authored
      The authentication requirement got only updated when the security level
      increased. This is a wrong behavior. The authentication requirement is
      read by the Bluetooth daemon to make proper decisions when handling the
      IO capabilities exchange. So set the value that is currently expected by
      the higher layers like L2CAP and RFCOMM.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      96a31833
    • Marcel Holtmann's avatar
      Bluetooth: Fix authentication requirements for L2CAP security check · 00ae4af9
      Marcel Holtmann authored
      The L2CAP layer can trigger the authentication via an ACL connection or
      later on to increase the security level. When increasing the security
      level it didn't use the same authentication requirements when triggering
      a new ACL connection. Make sure that exactly the same authentication
      requirements are used. The only exception here are the L2CAP raw sockets
      which are only used for dedicated bonding.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      00ae4af9
    • Marcel Holtmann's avatar
      Bluetooth: Ask upper layers for HCI disconnect reason · 2950f21a
      Marcel Holtmann authored
      Some of the qualification tests demand that in case of failures in L2CAP
      the HCI disconnect should indicate a reason why L2CAP fails. This is a
      bluntly layer violation since multiple L2CAP connections could be using
      the same ACL and thus forcing a disconnect reason is not a good idea.
      
      To comply with the Bluetooth test specification, the disconnect reason
      is now stored in the L2CAP connection structure and every time a new
      L2CAP channel is added it will set back to its default. So only in the
      case where the L2CAP channel with the disconnect reason is really the
      last one, it will propagated to the HCI layer.
      
      The HCI layer has been extended with a disconnect indication that allows
      it to ask upper layers for a disconnect reason. The upper layer must not
      support this callback and in that case it will nicely default to the
      existing behavior. If an upper layer like L2CAP can provide a disconnect
      reason that one will be used to disconnect the ACL or SCO link.
      
      No modification to the ACL disconnect timeout have been made. So in case
      of Linux to Linux connection the initiator will disconnect the ACL link
      before the acceptor side can signal the specific disconnect reason. That
      is perfectly fine since Linux doesn't make use of this value anyway. The
      L2CAP layer has a perfect valid error code for rejecting connection due
      to a security violation. It is unclear why the Bluetooth specification
      insists on having specific HCI disconnect reason.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      2950f21a
    • Marcel Holtmann's avatar
      Bluetooth: Add CID field to L2CAP socket address structure · f29972de
      Marcel Holtmann authored
      In preparation for L2CAP fixed channel support, the CID value of a
      L2CAP connection needs to be accessible via the socket interface. The
      CID is the connection identifier and exists as source and destination
      value. So extend the L2CAP socket address structure with this field and
      change getsockname() and getpeername() to fill it in.
      
      The bind() and connect() functions have been modified to handle L2CAP
      socket address structures of variable sizes. This makes them future
      proof if additional fields need to be added.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      f29972de
    • Marcel Holtmann's avatar
      Bluetooth: Request L2CAP fixed channel list if available · e1027a7c
      Marcel Holtmann authored
      If the extended features mask indicates support for fixed channels,
      request the list of available fixed channels. This also enables the
      fixed channel features bit so remote implementations can request
      information about it. Currently only the signal channel will be
      listed.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      e1027a7c
    • Marcel Holtmann's avatar
      Bluetooth: Don't enforce authentication for L2CAP PSM 1 and 3 · 435fef20
      Marcel Holtmann authored
      The recommendation for the L2CAP PSM 1 (SDP) is to not use any kind
      of authentication or encryption. So don't trigger authentication
      for incoming and outgoing SDP connections.
      
      For L2CAP PSM 3 (RFCOMM) there is no clear requirement, but with
      Bluetooth 2.1 the initiator is required to enable authentication
      and encryption first and this gets enforced. So there is no need
      to trigger an additional authentication step. The RFCOMM service
      security will make sure that a secure enough link key is present.
      
      When the encryption gets enabled after the SDP connection setup,
      then switch the security level from SDP to low security.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      435fef20
    • Marcel Holtmann's avatar
      Bluetooth: Fix double L2CAP connection request · 6a8d3010
      Marcel Holtmann authored
      If the remote L2CAP server uses authentication pending stage and
      encryption is enabled it can happen that a L2CAP connection request is
      sent twice due to a race condition in the connection state machine.
      
      When the remote side indicates any kind of connection pending, then
      track this state and skip sending of L2CAP commands for this period.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      6a8d3010
    • Marcel Holtmann's avatar
      Bluetooth: Fix race condition with L2CAP information request · 984947dc
      Marcel Holtmann authored
      When two L2CAP connections are requested quickly after the ACL link has
      been established there exists a window for a race condition where a
      connection request is sent before the information response has been
      received. Any connection request should only be sent after an exchange
      of the extended features mask has been finished.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      984947dc
    • Marcel Holtmann's avatar
      Bluetooth: Set authentication requirements if not available · 657e17b0
      Marcel Holtmann authored
      When no authentication requirements are selected, but an outgoing or
      incoming connection has requested any kind of security enforcement,
      then set these authentication requirements.
      
      This ensures that the userspace always gets informed about the
      authentication requirements (if available). Only when no security
      enforcement has happened, the kernel will signal invalid requirements.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      657e17b0
    • Marcel Holtmann's avatar
      Bluetooth: Use general bonding whenever possible · 0684e5f9
      Marcel Holtmann authored
      When receiving incoming connection to specific services, always use
      general bonding. This ensures that the link key gets stored and can be
      used for further authentications.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      0684e5f9
    • Marcel Holtmann's avatar
      Bluetooth: Add SCO fallback for eSCO connection attempts · efc7688b
      Marcel Holtmann authored
      When attempting to setup eSCO connections it can happen that some link
      manager implementations fail to properly negotiate the eSCO parameters
      and thus fail the eSCO setup. Normally the link manager is responsible
      for the negotiation of the parameters and actually fallback to SCO if
      no agreement can be reached. In cases where the link manager is just too
      stupid, then at least try to establish a SCO link if eSCO fails.
      
      For the Bluetooth devices with EDR support this includes handling packet
      types of EDR basebands. This is particular tricky since for the EDR the
      logic of enabling/disabling one specific packet type is turned around.
      This fix contains an extra bitmask to disable eSCO EDR packet when
      trying to fallback to a SCO connection.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      efc7688b
    • Marcel Holtmann's avatar
      Bluetooth: Don't check encryption for L2CAP raw sockets · 255c7601
      Marcel Holtmann authored
      For L2CAP sockets with medium and high security requirement a missing
      encryption will enforce the closing of the link. For the L2CAP raw
      sockets this is not needed, so skip that check.
      
      This fixes a crash when pairing Bluetooth 2.0 (and earlier) devices
      since the L2CAP state machine got confused and then locked up the whole
      system.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      255c7601
    • Marcel Holtmann's avatar
      Bluetooth: Submit bulk URBs along with interrupt URBs · 43c2e57f
      Marcel Holtmann authored
      Submitting the bulk URBs for ACL data transfers only on demand has no
      real benefit compared to just submit them when a Bluetooth device gets
      opened. So when submitting the interrupt URBs for HCI events, just
      submit the bulk URBs, too.
      
      This solves a problem with some Bluetooth USB dongles that has been
      reported over the last few month. These devices require that the bulk
      URBs are actually present. These devices are really broken, but there
      is nothing we can do about it.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      43c2e57f
    • Jaikumar Ganesh's avatar
      Bluetooth: When encryption is dropped, do not send RFCOMM packets · 6e1031a4
      Jaikumar Ganesh authored
      During a role change with pre-Bluetooth 2.1 devices, the remote side drops
      the encryption of the RFCOMM connection. We allow a grace period for the
      encryption to be re-established, before dropping the connection. During
      this grace period, the RFCOMM_SEC_PENDING flag is set. Check this flag
      before sending RFCOMM packets.
      Signed-off-by: default avatarJaikumar Ganesh <jaikumar@google.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      6e1031a4
    • Andre Haupt's avatar
      Bluetooth: Eliminate a sparse warning in bt3c driver · 34a55eda
      Andre Haupt authored
      This eliminates a sparse warning that symbol 'stat' shadows an earlier one.
      Signed-off-by: default avatarAndre Haupt <andre@bitwigglers.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      34a55eda
    • Dave Young's avatar
      Bluetooth: Remove CONFIG_DEBUG_LOCK_ALLOC ifdefs · dd2efd03
      Dave Young authored
      Due to lockdep changes, the CONFIG_DEBUG_LOCK_ALLOC ifdef is not needed
      now. So just remove it here.
      
      The following commit fixed the !lockdep build warnings:
      
      commit e8f6fbf6
      Author: Ingo Molnar <mingo@elte.hu>
      Date:   Wed Nov 12 01:38:36 2008 +0000
      
          lockdep: include/linux/lockdep.h - fix warning in net/bluetooth/af_bluetooth.c
      Signed-off-by: default avatarDave Young <hidave.darkstar@gmail.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      dd2efd03
    • Marcel Holtmann's avatar
      Bluetooth: Update version numbers · 5f9018af
      Marcel Holtmann authored
      With the support for the enhanced security model and the support for
      deferring connection setup, it is a good idea to increase various
      version numbers.
      
      This is purely cosmetic and has no effect on the behavior, but can
      be really helpful when debugging problems in different kernel versions.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      5f9018af
    • Marcel Holtmann's avatar
      Bluetooth: Restrict application of socket options · 0588d94f
      Marcel Holtmann authored
      The new socket options should only be evaluated for SOL_BLUETOOTH level
      and not for every other level. Previously this causes some minor issues
      when detecting if a kernel with certain features is available.
      
      Also restrict BT_SECURITY to SOCK_SEQPACKET for L2CAP and SOCK_STREAM for
      the RFCOMM protocol.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      0588d94f
    • Marcel Holtmann's avatar
      Bluetooth: Disconnect L2CAP connections without encryption · f62e4323
      Marcel Holtmann authored
      For L2CAP connections with high security setting, the link will be
      immediately dropped when the encryption gets disabled. For L2CAP
      connections with medium security there will be grace period where
      the remote device has the chance to re-enable encryption. If it
      doesn't happen then the link will also be disconnected.
      
      The requirement for the grace period with medium security comes from
      Bluetooth 2.0 and earlier devices that require role switching.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      f62e4323
    • Marcel Holtmann's avatar
      Bluetooth: Pause RFCOMM TX when encryption drops · 8c84b830
      Marcel Holtmann authored
      A role switch with devices following the Bluetooth pre-2.1 standards
      or without Encryption Pause and Resume support is not possible if
      encryption is enabled. Most newer headsets require the role switch,
      but also require that the connection is encrypted.
      
      For connections with a high security mode setting, the link will be
      immediately dropped. When the connection uses medium security mode
      setting, then a grace period is introduced where the TX is halted and
      the remote device gets a change to re-enable encryption after the
      role switch. If not re-enabled the link will be dropped.
      
      Based on initial work by Ville Tervo <ville.tervo@nokia.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      8c84b830
    • Marcel Holtmann's avatar
      Bluetooth: Replace RFCOMM link mode with security level · 9f2c8a03
      Marcel Holtmann authored
      Change the RFCOMM internals to use the new security levels and remove
      the link mode details.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      9f2c8a03
    • Marcel Holtmann's avatar
      Bluetooth: Replace L2CAP link mode with security level · 2af6b9d5
      Marcel Holtmann authored
      Change the L2CAP internals to use the new security levels and remove
      the link mode details.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      2af6b9d5
    • Marcel Holtmann's avatar
      Bluetooth: Add enhanced security model for Simple Pairing · 8c1b2355
      Marcel Holtmann authored
      The current security model is based around the flags AUTH, ENCRYPT and
      SECURE. Starting with support for the Bluetooth 2.1 specification this is
      no longer sufficient. The different security levels are now defined as
      SDP, LOW, MEDIUM and SECURE.
      
      Previously it was possible to set each security independently, but this
      actually doesn't make a lot of sense. For Bluetooth the encryption depends
      on a previous successful authentication. Also you can only update your
      existing link key if you successfully created at least one before. And of
      course the update of link keys without having proper encryption in place
      is a security issue.
      
      The new security levels from the Bluetooth 2.1 specification are now
      used internally. All old settings are mapped to the new values and this
      way it ensures that old applications still work. The only limitation
      is that it is no longer possible to set authentication without also
      enabling encryption. No application should have done this anyway since
      this is actually a security issue. Without encryption the integrity of
      the authentication can't be guaranteed.
      
      As default for a new L2CAP or RFCOMM connection, the LOW security level
      is used. The only exception here are the service discovery sessions on
      PSM 1 where SDP level is used. To have similar security strength as with
      a Bluetooth 2.0 and before combination key, the MEDIUM level should be
      used. This is according to the Bluetooth specification. The MEDIUM level
      will not require any kind of man-in-the-middle (MITM) protection. Only
      the HIGH security level will require this.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      8c1b2355
    • Marcel Holtmann's avatar
      Bluetooth: Fix SCO state handling for incoming connections · c89b6e6b
      Marcel Holtmann authored
      When the remote device supports only SCO connections, on receipt of
      the HCI_EV_CONN_COMPLETE event packet, the connect state is changed to
      BT_CONNECTED, but the socket state is not updated. Hence, the connect()
      call times out even though the SCO connection has been successfully
      established.
      
      Based on a report by Jaikumar Ganesh <jaikumar@google.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c89b6e6b
    • Marcel Holtmann's avatar
      Bluetooth: Reject incoming SCO connections without listeners · 71aeeaa1
      Marcel Holtmann authored
      All SCO and eSCO connection are auto-accepted no matter if there is a
      corresponding listening socket for them. This patch changes this and
      connection requests for SCO and eSCO without any socket are rejected.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      71aeeaa1
    • Marcel Holtmann's avatar
      Bluetooth: Add support for deferring L2CAP connection setup · f66dc81f
      Marcel Holtmann authored
      In order to decide if listening L2CAP sockets should be accept()ed
      the BD_ADDR of the remote device needs to be known. This patch adds
      a socket option which defines a timeout for deferring the actual
      connection setup.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      f66dc81f
    • Marcel Holtmann's avatar
      Bluetooth: Add support for deferring RFCOMM connection setup · bb23c0ab
      Marcel Holtmann authored
      In order to decide if listening RFCOMM sockets should be accept()ed
      the BD_ADDR of the remote device needs to be known. This patch adds
      a socket option which defines a timeout for deferring the actual
      connection setup.
      
      The connection setup is done after reading from the socket for the
      first time. Until then writing to the socket returns ENOTCONN.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      bb23c0ab
    • Marcel Holtmann's avatar
      Bluetooth: Add global deferred socket parameter · c4f912e1
      Marcel Holtmann authored
      The L2CAP and RFCOMM applications require support for authorization
      and the ability of rejecting incoming connection requests. The socket
      interface is not really able to support this.
      
      This patch does the ground work for a socket option to defer connection
      setup. Setting this option allows calling of accept() and then the
      first read() will trigger the final connection setup. Calling close()
      would reject the connection.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c4f912e1
    • Marcel Holtmann's avatar
      Bluetooth: Preparation for usage of SOL_BLUETOOTH · d58daf42
      Marcel Holtmann authored
      The socket option levels SOL_L2CAP, SOL_RFOMM and SOL_SCO are currently
      in use by various Bluetooth applications. Going forward the common
      option level SOL_BLUETOOTH should be used. This patch prepares the clean
      split of the old and new option levels while keeping everything backward
      compatibility.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      d58daf42
    • Victor Shcherbatyuk's avatar
      Bluetooth: Fix issue with return value of rfcomm_sock_sendmsg() · 91aa35a5
      Victor Shcherbatyuk authored
      In case of connection failures the rfcomm_sock_sendmsg() should return
      an error and not a 0 value.
      Signed-off-by: default avatarVictor Shcherbatyuk <victor.shcherbatyuk@tomtom.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      91aa35a5
  2. 25 Feb, 2009 7 commits