1. 02 Oct, 2013 1 commit
  2. 27 Sep, 2013 1 commit
  3. 25 Sep, 2013 7 commits
  4. 23 Sep, 2013 1 commit
    • Ken O'Brien's avatar
      Bluetooth: btusb: Add support for Belkin F8065bf · 5bcecf32
      Ken O'Brien authored
      Add generic rule on encountering Belkin bluetooth usb device F8065bf.
      
      Relevant section from /sys/kernel/debug/usb/devices:
      
      T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
      D:  Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=050d ProdID=065a Rev= 1.12
      S:  Manufacturer=Broadcom Corp
      S:  Product=BCM20702A0
      S:  SerialNumber=0002723E2D29
      C:* #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      Signed-off-by: default avatarKen O'Brien <kernel@kenobrien.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      5bcecf32
  5. 22 Sep, 2013 1 commit
  6. 20 Sep, 2013 1 commit
    • Gianluca Anzolin's avatar
      Bluetooth: don't release the port in rfcomm_dev_state_change() · 29cd718b
      Gianluca Anzolin authored
      When the dlc is closed, rfcomm_dev_state_change() tries to release the
      port in the case it cannot get a reference to the tty. However this is
      racy and not even needed.
      
      Infact as Peter Hurley points out:
      
      1. Only consider dlcs that are 'stolen' from a connected socket, ie.
         reused. Allocated dlcs cannot have been closed prior to port
         activate and so for these dlcs a tty reference will always be avail
         in rfcomm_dev_state_change() -- except for the conditions covered by
         #2b below.
      2. If a tty was at some point previously created for this rfcomm, then
         either
         (a) the tty reference is still avail, so rfcomm_dev_state_change()
             will perform a hangup. So nothing to do, or,
         (b) the tty reference is no longer avail, and the tty_port will be
             destroyed by the last tty_port_put() in rfcomm_tty_cleanup.
             Again, no action required.
      3. Prior to obtaining the dlc lock in rfcomm_dev_add(),
         rfcomm_dev_state_change() will not 'see' a rfcomm_dev so nothing to
         do here.
      4. After releasing the dlc lock in rfcomm_dev_add(),
         rfcomm_dev_state_change() will 'see' an incomplete rfcomm_dev if a
         tty reference could not be obtained. Again, the best thing to do here
         is nothing. Any future attempted open() will block on
         rfcomm_dev_carrier_raised(). The unconnected device will exist until
         released by ioctl(RFCOMMRELEASEDEV).
      
      The patch removes the aforementioned code and uses the
      tty_port_tty_hangup() helper to hangup the tty.
      Signed-off-by: default avatarGianluca Anzolin <gianluca@sottospazio.it>
      Reviewed-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      29cd718b
  7. 19 Sep, 2013 2 commits
  8. 18 Sep, 2013 10 commits
  9. 16 Sep, 2013 16 commits
    • Syam Sidhardhan's avatar
      Bluetooth: Fix ACL alive for long in case of non pariable devices · 330b6c15
      Syam Sidhardhan authored
      For certain devices (ex: HID mouse), support for authentication,
      pairing and bonding is optional. For such devices, the ACL alive
      for too long after the L2CAP disconnection.
      
      To avoid the ACL alive for too long after L2CAP disconnection, reset the
      ACL disconnect timeout back to HCI_DISCONN_TIMEOUT during L2CAP connect.
      
      While merging the commit id:a9ea3ed9
      this issue might have introduced.
      
      Hcidump info:
      sh-4.1# /opt/hcidump -Xt
      2013-08-05 16:49:00.894129 < ACL data: handle 12 flags 0x00 dlen 12
          L2CAP(s): Disconn req: dcid 0x004a scid 0x0041
      2013-08-05 16:49:00.894195 < HCI Command: Exit Sniff Mode (0x02|0x0004)
          plen 2
          handle 12
      2013-08-05 16:49:00.894269 < ACL data: handle 12 flags 0x00 dlen 12
          L2CAP(s): Disconn req: dcid 0x0049 scid 0x0040
      2013-08-05 16:49:00.895645 > HCI Event: Command Status (0x0f) plen 4
          Exit Sniff Mode (0x02|0x0004) status 0x00 ncmd 1
      2013-08-05 16:49:00.934391 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x00 interval 0
          Mode: Active
      2013-08-05 16:49:00.936592 > HCI Event: Number of Completed Packets
          (0x13) plen 5
          handle 12 packets 2
      2013-08-05 16:49:00.951577 > ACL data: handle 12 flags 0x02 dlen 12
          L2CAP(s): Disconn rsp: dcid 0x004a scid 0x0041
      2013-08-05 16:49:00.952820 > ACL data: handle 12 flags 0x02 dlen 12
          L2CAP(s): Disconn rsp: dcid 0x0049 scid 0x0040
      2013-08-05 16:49:00.969165 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x02 interval 50
          Mode: Sniff
      
      2013-08-05 16:49:48.175533 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x00 interval 0
          Mode: Active
      2013-08-05 16:49:48.219045 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x02 interval 108
          Mode: Sniff
      
      2013-08-05 16:51:00.968209 < HCI Command: Disconnect (0x01|0x0006) plen 3
          handle 12 reason 0x13
          Reason: Remote User Terminated Connection
      2013-08-05 16:51:00.969056 > HCI Event: Command Status (0x0f) plen 4
          Disconnect (0x01|0x0006) status 0x00 ncmd 1
      2013-08-05 16:51:01.013495 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x00 interval 0
          Mode: Active
      2013-08-05 16:51:01.073777 > HCI Event: Disconn Complete (0x05) plen 4
          status 0x00 handle 12 reason 0x16
          Reason: Connection Terminated by Local Host
      
      ============================ After  fix ================================
      
      2013-08-05 16:57:35.986648 < ACL data: handle 11 flags 0x00 dlen 12
          L2CAP(s): Disconn req: dcid 0x004c scid 0x0041
      2013-08-05 16:57:35.986713 < HCI Command: Exit Sniff Mode (0x02|0x0004)
          plen 2
          handle 11
      2013-08-05 16:57:35.986785 < ACL data: handle 11 flags 0x00 dlen 12
          L2CAP(s): Disconn req: dcid 0x004b scid 0x0040
      2013-08-05 16:57:35.988110 > HCI Event: Command Status (0x0f) plen 4
          Exit Sniff Mode (0x02|0x0004) status 0x00 ncmd 1
      2013-08-05 16:57:36.030714 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 11 mode 0x00 interval 0
          Mode: Active
      2013-08-05 16:57:36.032950 > HCI Event: Number of Completed Packets
          (0x13) plen 5
          handle 11 packets 2
      2013-08-05 16:57:36.047926 > ACL data: handle 11 flags 0x02 dlen 12
          L2CAP(s): Disconn rsp: dcid 0x004c scid 0x0041
      2013-08-05 16:57:36.049200 > ACL data: handle 11 flags 0x02 dlen 12
          L2CAP(s): Disconn rsp: dcid 0x004b scid 0x0040
      2013-08-05 16:57:36.065509 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 11 mode 0x02 interval 50
          Mode: Sniff
      
      2013-08-05 16:57:40.052006 < HCI Command: Disconnect (0x01|0x0006) plen 3
          handle 11 reason 0x13
          Reason: Remote User Terminated Connection
      2013-08-05 16:57:40.052869 > HCI Event: Command Status (0x0f) plen 4
          Disconnect (0x01|0x0006) status 0x00 ncmd 1
      2013-08-05 16:57:40.104731 > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 11 mode 0x00 interval 0
          Mode: Active
      2013-08-05 16:57:40.146935 > HCI Event: Disconn Complete (0x05) plen 4
          status 0x00 handle 11 reason 0x16
          Reason: Connection Terminated by Local Host
      Signed-off-by: default avatarSang-Ki Park <sangki79.park@samsung.com>
      Signed-off-by: default avatarChan-yeol Park <chanyeol.park@samsung.com>
      Signed-off-by: default avatarJaganath Kanakkassery <jaganath.k@samsung.com>
      Signed-off-by: default avatarSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: default avatarSyam Sidhardhan <s.syam@samsung.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      330b6c15
    • Raphael Kubo da Costa's avatar
      Bluetooth: Add support for BCM20702A0 [0b05, 17cb] · 38a172be
      Raphael Kubo da Costa authored
      Yet another vendor specific ID for this chipset; this one for the ASUS
      USB-BT400 Bluetooth 4.0 adapter.
      
      T:  Bus=03 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#=  6 Spd=12  MxCh= 0
      D:  Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0b05 ProdID=17cb Rev=01.12
      S:  Manufacturer=Broadcom Corp
      S:  Product=BCM20702A0
      S:  SerialNumber=000272C64400
      C:  #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=100mA
      I:  If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
      I:  If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
      I:  If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
      I:  If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarRaphael Kubo da Costa <rakuco@FreeBSD.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      38a172be
    • Andre Guedes's avatar
      Bluetooth: Fix encryption key size for peripheral role · 89cbb4da
      Andre Guedes authored
      This patch fixes the connection encryption key size information when
      the host is playing the peripheral role. We should set conn->enc_key_
      size in hci_le_ltk_request_evt, otherwise it is left uninitialized.
      
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      89cbb4da
    • Andre Guedes's avatar
      Bluetooth: Fix security level for peripheral role · f8776218
      Andre Guedes authored
      While playing the peripheral role, the host gets a LE Long Term Key
      Request Event from the controller when a connection is established
      with a bonded device. The host then informs the LTK which should be
      used for the connection. Once the link is encrypted, the host gets
      an Encryption Change Event.
      
      Therefore we should set conn->pending_sec_level instead of conn->
      sec_level in hci_le_ltk_request_evt. This way, conn->sec_level is
      properly updated in hci_encrypt_change_evt.
      
      Moreover, since we have a LTK associated to the device, we have at
      least BT_SECURITY_MEDIUM security level.
      
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarAndre Guedes <andre.guedes@openbossa.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      f8776218
    • Peng Chen's avatar
      Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012. · 0a3658cc
      Peng Chen authored
      usb device info:
      
      T:  Bus=06 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 15 Spd=12   MxCh= 0
      D:  Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0cf3 ProdID=e005 Rev= 0.02
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarPeng Chen <pengchen@qca.qualcomm.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      0a3658cc
    • Marcel Holtmann's avatar
      Bluetooth: Only schedule raw queue when user channel is active · 52de599e
      Marcel Holtmann authored
      When the user channel is set and an user application has full control
      over the device, do not bother trying to schedule any queues except
      the raw queue.
      
      This is an optimization since with user channel, only the raw queue
      is in use.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Acked-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      52de599e
    • Marcel Holtmann's avatar
      Bluetooth: Use GFP_KERNEL when cloning SKB in a workqueue · a675d7f1
      Marcel Holtmann authored
      There is no need to use GFP_ATOMIC with skb_clone() when the code is
      executed in a workqueue.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Acked-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      a675d7f1
    • Marcel Holtmann's avatar
      Bluetooth: Disable upper layer connections when user channel is active · af750e94
      Marcel Holtmann authored
      When the device has the user channel flag set, it means it is driven by
      an user application. In that case do not allow any connections from
      L2CAP or SCO sockets.
      
      This is the same situation as when the device has the raw flag set and
      it will then return EHOSTUNREACH.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Acked-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      af750e94
    • Marcel Holtmann's avatar
      Bluetooth: Add support creating virtual AMP controllers · 23424c0d
      Marcel Holtmann authored
      So far the only option to create a virtual AMP controller was by
      setting a module parameter for the hci_vhci driver. This patch adds
      the functionality to define inline to create either a BR/EDR or an
      AMP controller.
      
      In addition the client will be informed which HCI controller index
      it got assigned. That is especially useful for automated end-to-end
      testing.
      
      To keep backwards compatibility with existing userspace, the command
      for creating a controller type needs to be send right after opening
      the device node. If the command is not send, it defaults back to
      automatically creating a BR/EDR controller.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      23424c0d
    • Marcel Holtmann's avatar
      Bluetooth: Use devname:vhci module alias for virtual HCI driver · bfacbb9a
      Marcel Holtmann authored
      To allow creating /dev/vhci device node, add the proper module alias for
      this driver.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      bfacbb9a
    • Marcel Holtmann's avatar
      Bluetooth: Introduce new HCI socket channel for user operation · 23500189
      Marcel Holtmann authored
      This patch introcuces a new HCI socket channel that allows user
      applications to take control over a specific HCI device. The application
      gains exclusive access to this device and forces the kernel to stay away
      and not manage it. In case of the management interface it will actually
      hide the device.
      
      Such operation is useful for security testing tools that need to operate
      underneath the Bluetooth stack and need full control over a device. The
      advantage here is that the kernel still provides the service of hardware
      abstraction and HCI level access. The use of Bluetooth drivers for
      hardware access also means that sniffing tools like btmon or hcidump
      are still working and the whole set of transaction can be traced with
      existing tools.
      
      With the new channel it is possible to send HCI commands, ACL and SCO
      data packets and receive HCI events, ACL and SCO packets from the
      device. The format follows the well established H:4 protocol.
      
      The new HCI user channel can only be established when a device has been
      through its setup routine and is currently powered down. This is
      enforced to not cause any problems with current operations. In addition
      only one user channel per HCI device is allowed. It is exclusive access
      for one user application. Access to this channel is limited to process
      with CAP_NET_RAW capability.
      
      Using this new facility does not require any external library or special
      ioctl or socket filters. Just create the socket and bind it. After that
      the file descriptor is ready to speak H:4 protocol.
      
              struct sockaddr_hci addr;
              int fd;
      
              fd = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
      
              memset(&addr, 0, sizeof(addr));
              addr.hci_family = AF_BLUETOOTH;
              addr.hci_dev = 0;
              addr.hci_channel = HCI_CHANNEL_USER;
      
              bind(fd, (struct sockaddr *) &addr, sizeof(addr));
      
      The example shows on how to create a user channel for hci0 device. Error
      handling has been left out of the example. However with the limitations
      mentioned above it is advised to handle errors. Binding of the user
      cahnnel socket can fail for various reasons. Specifically if the device
      is currently activated by BlueZ or if the access permissions are not
      present.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      23500189
    • Marcel Holtmann's avatar
      Bluetooth: Introduce user channel flag for HCI devices · 0736cfa8
      Marcel Holtmann authored
      This patch introduces a new user channel flag that allows to give full
      control of a HCI device to a user application. The kernel will stay away
      from the device and does not allow any further modifications of the
      device states.
      
      The existing raw flag is not used since it has a bit of unclear meaning
      due to its legacy. Using a new flag makes the code clearer.
      
      A device with the user channel flag set can still be enumerate using the
      legacy API, but it does not longer enumerate using the new management
      interface used by BlueZ 5 and beyond. This is intentional to not confuse
      users of modern systems.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      0736cfa8
    • Marcel Holtmann's avatar
      Bluetooth: Restrict ioctls to HCI raw channel sockets · c1c4f956
      Marcel Holtmann authored
      The various legacy ioctls used with HCI sockets are limited to raw
      channel only. They are not used on the other channels and also have
      no meaning there. So return an error if tried to use them.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      c1c4f956
    • Marcel Holtmann's avatar
      Bluetooth: Fix error handling for HCI socket options · c2371e80
      Marcel Holtmann authored
      The HCI sockets for monitor and control do not support any HCI specific
      socket options and if tried, an error will be returned. However the
      error used is EINVAL and that is not really descriptive. To make it
      clear that these sockets are not handling HCI socket options, return
      EBADFD instead.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      c2371e80
    • Marcel Holtmann's avatar
      Bluetooth: Report error for HCI reset ioctl when device is down · 808a049e
      Marcel Holtmann authored
      Even if this is legacy API, there is no reason to not report a proper
      error when trying to reset a HCI device that is down.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      808a049e
    • Marcel Holtmann's avatar
      Bluetooth: Fix handling of getsockname() for HCI sockets · 9d4b68b2
      Marcel Holtmann authored
      The hci_dev check is not protected and so move it into the socket lock. In
      addition return the HCI channel identifier instead of always 0 channel.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      9d4b68b2