Commit Graph

427084 Commits

Author SHA1 Message Date
Andrea Merello fc32ac911e rtl8180: add rtl8187se params to eeprom reading
rtl8187se nees extra parameters to be read from the eeprom.
This patch adds support for it

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:08 -04:00
Andrea Merello f1026df86a rtl8180: config carbus register for rtl8187se
configuration of carbus-related registers is different for
rtl8187se.
Introduce a dedicated function that does it for all cards in the
proper way

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:08 -04:00
Andrea Merello 3ee44d6011 rtl8180: add TX queue mapping and support for rtl8187se
This patch adds tx queue mapping for rtl8187se and a long comment
block about their usages.
It adapts the TX function to use that map and it sets properly
the TX descriptor rtl8187se-only fields

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:08 -04:00
Andrea Merello f18f112bde rtl8180: don't write MAR registers for rtl8187se
MAR registers are not present in rtl8187se, and attempting to
write to them must be avoided

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:08 -04:00
Andrea Merello 732c893206 rtl8180: introduce functions to enable/disable ints and add support for rtl8187se
This patch introduces two dedicated functions for enabling and
disabling ints.
Support for rtl8187se is also added to them

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello a373ebcb5a rtl8180: add ISR for rtl8187se
rtl8187se has more queues and different ISR flags.
This patch adds a separated ISR handler for rtl8187se

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello 21025920cc rtl8180: support for rtl8187se RX descriptors
Currently RX status descriptor and RX command descriptor are
represented using the same struct type.
This patch splits this by introducing different types for
rx status and command descriptor.
Doing this make it possible to handle rtl8187se RX descriptors
easier.
This patch do also this by adding specific cases where needed.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello d209f3b473 rtl8180: add basic rate configuration support for rtl8187se
Basic rate configuration is a bit different for rtl8187se.
Adding this also fixes the gcc warning introduced in last patch
about unhandled case in switch.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello ac546bfb30 rtl8180: add rtl8187se fields to TX descriptor
This patch modifies the TX descriptor struct so it can work also
for rtl8187se.
Some reserved field is now meaningful, and where needed union is
used.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello 20296bf062 rtl8180: add rtl8187se chip type
Add back rtl8187se chip type to the enum for known chips.
This causes unhandled switch/case warning that will be fixed
in following patch

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:07 -04:00
Andrea Merello 247341e659 rtl818x: add registers for rtl8187se
Adds registers for rtl8187se to the rtl818x common struct

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:06 -04:00
Amitkumar Karwar c0dbba6688 mwifiex: cancel pending commands during host sleep
Sometimes we may end up downloading other commands when host
sleep is configured. This patch makes sure that pending
commands are cancelled and we stop queueing further commands
during host sleep.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:06 -04:00
Amitkumar Karwar b49f639f84 mwifiex: correction in sleep confirm command sequence number
Incremented sequence number was not being used for SLEEP confirm
command. This patch fixes the issue.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:06 -04:00
Amitkumar Karwar f5e8560ee0 mwifiex: corner case NULL pointer dereference fix
When next scan command is delayed due to Tx traffic and
meanwhile synchronous command is received followed by a signal,
we cance all pending commands. NULL pointer dereference is seen
in this case while queueing next command in scan delay timer.
This patch adds a check to fix this issue.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:06 -04:00
Daniel Kim 87b7e9e2f6 brcmfmac: use mfp if required from user-space
The struct cfg80211_connect_params indicate whether the connection
should use management frame protection (mfp). If required set the
MFP_CAPABLE flag in the firmware command. This is supported from
user-space by wpa_supplicant since v2.1.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:06 -04:00
Joe Perches 1851cb4a0f rtlwifi: Remove casts of pointer to same type
Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Around these changes:

o Remove unnecessary parentheses
o Use consistent dereference style (change ptr[0] to *ptr)
o Argument alignment

Done via coccinelle script: (and some typing)

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

-	(T *)foo
+	foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:05 -04:00
Joe Perches 45d18c562a mwifiex: Remove casts of pointer to same type
Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

-	(T *)foo
+	foo

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:05 -04:00
Joe Perches 8986992de4 carl9170: Remove casts of pointer to same type
Casting a pointer to a pointer of the same type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast_2.cocci
@@
type T;
T *foo;
@@

-	(T *)foo
+	foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:05 -04:00
Joe Perches 9cb76aa994 rtlwifi: Remove addressof casts to same type
Using addressof then casting to the original type is pointless,
so remove these unnecessary casts.

Done via coccinelle script:

$ cat typecast.cocci
@@
type T;
T foo;
@@

-	(T *)&foo
+	&foo

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:05 -04:00
Andrea Merello fd6564fcdc rtl8180: rationalize TX queues
On currently supported HW there are four TX queues (three for normal
packets and one for beacons).

The driver uses just one TX queue, and declare to mac80211 to
support just one queue, but it allocates coherent memory for all
queues.
Furthermore the TX is code is written assumimg four queues exists,
and even if we decide to enable more queues in future, its mapping
rule to mac80211 is fixed.

This means we have memory waste on rtl8180/rtl8185, and we have also
not enough flexibility to add support for boards (rtl8187se) that
will use more queues.

This patch changes things in order to allocate coherent memory only
for the queues effectively used and it make it possible to specify
how to map hardware queues on mac80211 queues, that will be used
by rtl8187se code as soon it will be merged.

Note: even if the beacon queue is currently unused, this should
change, so I kept it.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:04 -04:00
Andrea Merello 4818d82899 rtl8180: fix DMA register are written two times
Hw DMA registers are written in rtl8180_init_hw function.
They are also written again just after calling rtl8180_init_hw.
There is no point in doing this twice.

Remove those redundant register writes from rtl8180_start.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:04 -04:00
Rafał Miłecki 0f8ca01461 bcma: gpio: register 32 GPIOs on BCM5357
Some Broadcom boards have more GPIOs available. For example Linksys
E3200 home router is based on SoC id 0x5357, package 0x0A and uses GPIO
23 to reset internal USB WiFi (gpio23=wombo_reset).

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-27 14:20:04 -04:00
John W. Linville 2de21e5899 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2014-03-27 14:16:50 -04:00
Johan Hedberg e8b1ab9e6d Bluetooth: Fix returning peer address in pending connect state
We should let user space request the peer address also in the pending
connect states, i.e. BT_CONNECT and BT_CONNECT2. There is existing user
space code that tries to do this and will fail without extending the set
of allowed states for the peer address information.

This patch adds the two states to the allowed ones in the L2CAP and
RFCOMM sock_getname functions, thereby preventing ENOTCONN from being
returned.

Reported-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Tested-by: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-26 09:31:33 -07:00
Johan Hedberg 8396215d48 Bluetooth: Remove unnecessary assignment in SMP
The smp variable in smp_conn_security is not used anywhere before the
smp = smp_chan_create() call in the smp_conn_security function so it
makes no sense to assign any other value to it before that.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 08:43:50 -07:00
Johan Hedberg 61b3b2b6f4 Bluetooth: Fix potential NULL pointer dereference in smp_conn_security
The smp pointer might not be initialized for jumps to the "done" label
in the smp_conn_security function. Furthermore doing the set_bit after
done might "overwrite" a previous value of the flag in case pairing was
already in progress. This patch moves the call to set_bit before the
label so that it is only done for a newly created smp context (as
returned by smp_chan_create).

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 08:43:47 -07:00
Johan Hedberg 1d98bf4fda Bluetooth: Remove LTK re-encryption procedure
Due to several devices being unable to handle this procedure reliably
(resulting in forced disconnections before pairing completes) it's
better to remove it altogether.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:56 -07:00
Johan Hedberg a82505c7bc Bluetooth: Don't try to confirm locally initiated SMP pairing
In the case that the just-works model would be triggered we only want to
confirm remotely initiated pairings (i.e. those triggered by a Security
Request or Pairing Request). This patch adds the necessary check to the
tk_request function to fall back to the JUST_WORKS method in the case of
a locally initiated pairing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:56 -07:00
Johan Hedberg edca792c03 Bluetooth: Add SMP flag to track which side is the initiator
For remotely initiated just-works pairings we want to show the user a
confirmation dialog for the pairing. However, we can only know which
side was the initiator by tracking which side sends the first Security
Request or Pairing Request PDU. This patch adds a new SMP flag to
indicate whether our side was the initiator for the pairing.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:56 -07:00
Johan Hedberg 4eb65e667b Bluetooth: Fix SMP confirmation callback handling
In the case that a local pairing confirmation (JUST_CFM) has been
selected as the method we need to use the user confirm request mgmt
event for it with the confirm_hint set to 1 (to indicate confirmation
without any specific passkey value). Without this (if passkey_notify was
used) the pairing would never proceed. This patch adds the necessary
call to mgmt_user_confirm_request in this scenario.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:56 -07:00
Johan Hedberg 81d0c8ad71 Bluetooth: Add missing cmd_status handler for LE_Start_Encryption
It is possible that the HCI_LE_Start_Encryption command fails in an
early stage and triggers a command status event with the failure code.
In such a case we need to properly notify the hci_conn object and
cleanly bring the connection down. This patch adds the missing command
status handler for this HCI command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:55 -07:00
Johan Hedberg 0a66cf2036 Bluetooth: Fix potential NULL pointer dereference in SMP
If a sudden disconnection happens the l2cap_conn pointer may already
have been cleaned up by the time hci_conn_security gets called,
resulting in the following oops if we don't have a proper NULL check:

BUG: unable to handle kernel NULL pointer dereference at 000000c8
IP: [<c132e2ed>] smp_conn_security+0x26/0x151
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
CPU: 1 PID: 673 Comm: memcheck-x86-li Not tainted 3.14.0-rc2+ #437
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: f0ef0520 ti: f0d6a000 task.ti: f0d6a000
EIP: 0060:[<c132e2ed>] EFLAGS: 00010246 CPU: 1
EIP is at smp_conn_security+0x26/0x151
EAX: f0ec1770 EBX: f0ec1770 ECX: 00000002 EDX: 00000002
ESI: 00000002 EDI: 00000000 EBP: f0d6bdc0 ESP: f0d6bda0
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 80050033 CR2: 000000c8 CR3: 30f0f000 CR4: 00000690
Stack:
 f4f55000 00000002 f0d6bdcc c1097a2b c1319f40 f0ec1770 00000002 f0d6bdd0
 f0d6bde8 c1312a82 f0d6bdfc c1312a82 c1319f84 00000008 f4d81c20 f0e5fd86
 f0ec1770 f0d6bdfc f0d6be28 c131be3b c131bdc1 f0d25270 c131be3b 00000008
Call Trace:
 [<c1097a2b>] ? __kmalloc+0x118/0x128
 [<c1319f40>] ? mgmt_pending_add+0x49/0x9b
 [<c1312a82>] hci_conn_security+0x4a/0x1dd
 [<c1312a82>] ? hci_conn_security+0x4a/0x1dd
 [<c1319f84>] ? mgmt_pending_add+0x8d/0x9b
 [<c131be3b>] pair_device+0x1e1/0x206
 [<c131bdc1>] ? pair_device+0x167/0x206
 [<c131be3b>] ? pair_device+0x1e1/0x206
 [<c131ed44>] mgmt_control+0x275/0x2d6

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-24 07:51:55 -07:00
Thomas Gleixner d8ff9cdf68 Bluetooth: bluecard: Use del_timer_sync() in teardown path
Make sure no timer callback is running before releasing the
datastructure which contains it.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-23 10:30:22 -07:00
Marcel Holtmann 533553f873 Bluetooth: Track current configured LE scan type parameter
The LE scan type paramter defines if active scanning or passive scanning
is in use. Track the currently set value so it can be used for decision
making from other pieces in the core.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-21 22:02:12 +02:00
Amitkumar Karwar d986b4a648 Bluetooth: btmrvl: don't consume all vendor specific events
If vendor specific HCI commands are received from application,
we should send corresponding events to stack.
These events should be consumed in driver, only if they are for
the internal HCI commands generated by driver.

This patch fixes the vendor command 0x3f stuck problem with
above mentioned change. For example,

hcitool cmd 3f 22 fe 06 22 21 20 43 50 00

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-20 20:29:48 -07:00
Johan Hedberg 61b1a7fbda Bluetooth: Fix address value for early disconnection events
We need to ensure that we do not send events to user space with the
identity address if we have not yet notified user space of the IRK. The
code was previously trying to handle this for the mgmt_pair_device
response (which worked well enough) but this is not the only connection
related event that might be sent to user space before pairing is
successful: another important event is Device Disconnected.

The issue can actually be solved more simply than the solution
previously used for mgmt_pair_device. Since we do have the identity
address tracked as part of the remote IRK struct we can just copy it
over from there to the hci_conn struct once we've for real sent the mgmt
event for the new IRK.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-20 09:14:26 -07:00
Arend van Spriel 67b3bd4e65 brcmfmac: fallback to mimo_bw_cap for older firmwares
In order to support the driver behaviour introduced by:

   commit d0575a5a703978c43e25128421158c78534ba100
   Author: Daniel Kim <dekim@broadcom.com>
   Date:   Wed Mar 12 18:12:14 2014 -0700

       brcmfmac: Enable 40MHz bandwidth in 2GHz band and OBSS scanning

in devices that do not support bwcap firmware command a fallback
is added.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-20 11:55:41 -04:00
Arend van Spriel 4d1a4f16c9 brcmfmac: only show error message when brcmf_sdiod_regrw_helper() fails
In the function brcmf_sdiod_request_data() an error message is logged,
but the calling function retries it. This patch will only log an error
message when retry limit is reached. The low-level error is still
logged by a SDIO debug message.

Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-20 11:55:40 -04:00
Arend van Spriel 58e9df462f brcmfmac: reinit watchdog completion after handling watchdog
The watchdog thread waits on completion that is set from a timer. As
the completion is count based this could mean that on a busy system
the watchdog is handled multiple times with a very short interval.
This is not the intended behaviour. After handling the watchdog it
should wait for the next timer expiry. This is accomplished by
reinitializing the completion.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-20 11:55:40 -04:00
Daniel Kim d235367960 brcmfmac: Enable 40MHz bandwidth in 2GHz band and OBSS scanning operations
This patch enables 40MHz bandwidth in 2GHz band after checking whether
cfg80211 allows it or not, and enables OBSS scanning operations to
to support 20/40 BSS coexistence.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Signed-off-by: Daniel Kim <dekim@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2014-03-20 11:55:40 -04:00
John W. Linville 370c5acef0 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2014-03-20 11:54:22 -04:00
John W. Linville 7eb2450a51 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2014-03-20 11:53:20 -04:00
Johan Hedberg 39adbffe4b Bluetooth: Fix passkey endianess in user_confirm and notify_passkey
The passkey_notify and user_confirm functions in mgmt.c were expecting
different endianess for the passkey, leading to a big endian bug and
sparse warning in recently added SMP code. This patch converts both
functions to expect host endianess and do the conversion to little
endian only when assigning to the mgmt event struct.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-19 23:22:07 -07:00
Marcel Holtmann 40b552aa5a Bluetooth: Enforce strict Secure Connections Only mode security
In Secure Connections Only mode, it is required that Secure Connections
is used for pairing and that the link key is encrypted with AES-CCM using
a P-256 authenticated combination key. If this is not the case, then new
connection shall be refused or existing connections shall be dropped.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
2014-03-19 23:30:32 +02:00
Johan Hedberg 4e7b2030c4 Bluetooth: Fix Pair Device response parameters for pairing failure
It is possible that pairing fails after we've already received remote
identity information. One example of such a situation is when
re-encryption using the LTK fails. In this case the hci_conn object has
already been updated with the identity address but user space does not
yet know about it (since we didn't notify it of the new IRK yet).

To ensure user space doesn't get a Pair Device command response with an
unknown address always use the same address in the response as was used
for the original command.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-19 13:56:30 -07:00
Johan Hedberg 01ad34d267 Bluetooth: Fix SMP user passkey notification mgmt event
When performing SMP pairing with MITM protection one side needs to
enter the passkey while the other side displays to the user what needs
to be entered. Nowhere in the SMP specification does it say that the
displaying side needs to any kind of confirmation of the passkey, even
though a code comment in smp.c implies this.

This patch removes the misleading comment and converts the code to use
the passkey notification mgmt event instead of the passkey confirmation
mgmt event.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-19 13:55:06 -07:00
Johan Hedberg 5ed884d765 Bluetooth: Increase SMP re-encryption delay to 500ms
In some cases the current 250ms delay is not enough for the remote to
receive the keys, as can be witnessed by the following log:

> ACL Data RX: Handle 64 flags 0x02 dlen 21               [hci1] 231.414217
      SMP: Signing Information (0x0a) len 16
        Signature key: 555bb66b7ab3abc9d5c287c97fe6eb29
< ACL Data TX: Handle 64 flags 0x00 dlen 21               [hci1] 231.414414
      SMP: Encryption Information (0x06) len 16
        Long term key: 2a7cdc233c9a4b1f3ed31dd9843fea29
< ACL Data TX: Handle 64 flags 0x00 dlen 15               [hci1] 231.414466
      SMP: Master Identification (0x07) len 10
        EDIV: 0xeccc
        Rand: 0x322e0ef50bd9308a
< ACL Data TX: Handle 64 flags 0x00 dlen 21               [hci1] 231.414505
      SMP: Signing Information (0x0a) len 16
        Signature key: bbda1b2076e2325aa66fbcdd5388f745
> HCI Event: Number of Completed Packets (0x13) plen 5    [hci1] 231.483130
        Num handles: 1
        Handle: 64
        Count: 2
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28  [hci1] 231.664211
        Handle: 64
        Random number: 0x5052ad2b75fed54b
        Encrypted diversifier: 0xb7c2
        Long term key: a336ede66711b49a84bde9b41426692e
> HCI Event: Command Status (0x0f) plen 4                 [hci1] 231.666937
      LE Start Encryption (0x08|0x0019) ncmd 1
        Status: Success (0x00)
> HCI Event: Number of Completed Packets (0x13) plen 5    [hci1] 231.712646
        Num handles: 1
        Handle: 64
        Count: 1
> HCI Event: Disconnect Complete (0x05) plen 4            [hci1] 232.562587
        Status: Success (0x00)
        Handle: 64
        Reason: Remote User Terminated Connection (0x13)

As can be seen, the last key (Signing Information) is sent at 231.414505
but the completed packets event for it comes only at 231.712646,
i.e. roughly 298ms later.

To have a better margin of error this patch increases the delay to
500ms.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-19 13:55:06 -07:00
Johan Hedberg 18e4aeb9b8 Bluetooth: Simplify logic when checking SMP_FLAG_TK_VALID
This is a trivial coding style simplification by instead of having an
extra early return to instead revert the if condition and do the single
needed queue_work() call there.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2014-03-19 13:55:05 -07:00
Zhao, Gang 73fb08e24a cfg80211: remove macro ASSERT_RDEV_LOCK(rdev)
Macro ASSERT_RDEV_LOCK(rdev) is equal to ASSERT_RTNL(), so replace it
with ASSERT_RTNL() and remove it.

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-19 21:29:58 +01:00
Zhao, Gang 4da6462213 cfg80211: remove unnecessary check
RCU pointer bss->pub.beacon_ies is checked before in previous
statement:

if (rcu_access_pointer(bss->pub.beacon_ies))
	continue;

There is no need to check it twice(and in the wrong way :) ).

Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-19 21:29:57 +01:00