tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
ipv6: Fix OOPS in ip6_dst_lookup_tail().
ipsec: Restore larval states and socket policies in dump
[Bluetooth] Reject L2CAP connections on an insecure ACL link
[Bluetooth] Enforce correct authentication requirements
[Bluetooth] Fix reference counting during ACL config stage

Linus Torvalds 91cd99f6 5b0dac74

+86 -48
+2 -1
include/net/bluetooth/hci_core.h
··· 325 325 void hci_conn_hash_flush(struct hci_dev *hdev); 326 326 void hci_conn_check_pending(struct hci_dev *hdev); 327 327 328 - struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *src); 328 + struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type); 329 + int hci_conn_check_link_mode(struct hci_conn *conn); 329 330 int hci_conn_auth(struct hci_conn *conn); 330 331 int hci_conn_encrypt(struct hci_conn *conn); 331 332 int hci_conn_change_link_key(struct hci_conn *conn);
+1 -1
net/bluetooth/af_bluetooth.c
··· 49 49 #define BT_DBG(D...) 50 50 #endif 51 51 52 - #define VERSION "2.12" 52 + #define VERSION "2.13" 53 53 54 54 /* Bluetooth sockets */ 55 55 #define BT_MAX_PROTO 8
+18 -3
net/bluetooth/hci_conn.c
··· 330 330 331 331 /* Create SCO or ACL connection. 332 332 * Device _must_ be locked */ 333 - struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst) 333 + struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 auth_type) 334 334 { 335 335 struct hci_conn *acl; 336 336 struct hci_conn *sco; ··· 344 344 345 345 hci_conn_hold(acl); 346 346 347 - if (acl->state == BT_OPEN || acl->state == BT_CLOSED) 347 + if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 348 + acl->auth_type = auth_type; 348 349 hci_acl_connect(acl); 350 + } 349 351 350 352 if (type == ACL_LINK) 351 353 return acl; ··· 376 374 } 377 375 EXPORT_SYMBOL(hci_connect); 378 376 377 + /* Check link security requirement */ 378 + int hci_conn_check_link_mode(struct hci_conn *conn) 379 + { 380 + BT_DBG("conn %p", conn); 381 + 382 + if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0 && 383 + !(conn->link_mode & HCI_LM_ENCRYPT)) 384 + return 0; 385 + 386 + return 1; 387 + } 388 + EXPORT_SYMBOL(hci_conn_check_link_mode); 389 + 379 390 /* Authenticate remote device */ 380 391 int hci_conn_auth(struct hci_conn *conn) 381 392 { ··· 396 381 397 382 if (conn->ssp_mode > 0 && conn->hdev->ssp_mode > 0) { 398 383 if (!(conn->auth_type & 0x01)) { 399 - conn->auth_type = HCI_AT_GENERAL_BONDING_MITM; 384 + conn->auth_type |= 0x01; 400 385 conn->link_mode &= ~HCI_LM_AUTH; 401 386 } 402 387 }
+4 -7
net/bluetooth/hci_event.c
··· 1605 1605 1606 1606 if (conn->state == BT_CONFIG) { 1607 1607 if (!ev->status && hdev->ssp_mode > 0 && 1608 - conn->ssp_mode > 0) { 1609 - if (conn->out) { 1610 - struct hci_cp_auth_requested cp; 1611 - cp.handle = ev->handle; 1612 - hci_send_cmd(hdev, 1613 - HCI_OP_AUTH_REQUESTED, 1608 + conn->ssp_mode > 0 && conn->out) { 1609 + struct hci_cp_auth_requested cp; 1610 + cp.handle = ev->handle; 1611 + hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1614 1612 sizeof(cp), &cp); 1615 - } 1616 1613 } else { 1617 1614 conn->state = BT_CONNECTED; 1618 1615 hci_proto_connect_cfm(conn, ev->status);
+28 -6
net/bluetooth/l2cap.c
··· 55 55 #define BT_DBG(D...) 56 56 #endif 57 57 58 - #define VERSION "2.10" 58 + #define VERSION "2.11" 59 59 60 60 static u32 l2cap_feat_mask = 0x0000; 61 61 ··· 778 778 struct l2cap_conn *conn; 779 779 struct hci_conn *hcon; 780 780 struct hci_dev *hdev; 781 + __u8 auth_type; 781 782 int err = 0; 782 783 783 784 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm); ··· 790 789 791 790 err = -ENOMEM; 792 791 793 - hcon = hci_connect(hdev, ACL_LINK, dst); 792 + if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH || 793 + l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT || 794 + l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE) { 795 + if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) 796 + auth_type = HCI_AT_NO_BONDING_MITM; 797 + else 798 + auth_type = HCI_AT_GENERAL_BONDING_MITM; 799 + } else { 800 + if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) 801 + auth_type = HCI_AT_NO_BONDING; 802 + else 803 + auth_type = HCI_AT_GENERAL_BONDING; 804 + } 805 + 806 + hcon = hci_connect(hdev, ACL_LINK, dst, auth_type); 794 807 if (!hcon) 795 808 goto done; 796 809 ··· 1568 1553 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; 1569 1554 struct l2cap_conn_rsp rsp; 1570 1555 struct sock *sk, *parent; 1571 - int result, status = 0; 1556 + int result, status = L2CAP_CS_NO_INFO; 1572 1557 1573 1558 u16 dcid = 0, scid = __le16_to_cpu(req->scid); 1574 - __le16 psm = req->psm; 1559 + __le16 psm = req->psm; 1575 1560 1576 1561 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid); 1577 1562 ··· 1580 1565 if (!parent) { 1581 1566 result = L2CAP_CR_BAD_PSM; 1582 1567 goto sendresp; 1568 + } 1569 + 1570 + /* Check if the ACL is secure enough (if not SDP) */ 1571 + if (psm != cpu_to_le16(0x0001) && 1572 + !hci_conn_check_link_mode(conn->hcon)) { 1573 + result = L2CAP_CR_SEC_BLOCK; 1574 + goto response; 1583 1575 } 1584 1576 1585 1577 result = L2CAP_CR_NO_MEM; ··· 2246 2224 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2247 2225 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2248 2226 rsp.result = cpu_to_le16(result); 2249 - rsp.status = cpu_to_le16(0); 2227 + rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 2250 2228 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2251 2229 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2252 2230 } ··· 2318 2296 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid); 2319 2297 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid); 2320 2298 rsp.result = cpu_to_le16(result); 2321 - rsp.status = cpu_to_le16(0); 2299 + rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO); 2322 2300 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, 2323 2301 L2CAP_CONN_RSP, sizeof(rsp), &rsp); 2324 2302 }
+1 -1
net/bluetooth/sco.c
··· 200 200 else 201 201 type = SCO_LINK; 202 202 203 - hcon = hci_connect(hdev, type, dst); 203 + hcon = hci_connect(hdev, type, dst, HCI_AT_NO_BONDING); 204 204 if (!hcon) 205 205 goto done; 206 206
+29 -29
net/ipv6/ip6_output.c
··· 943 943 } 944 944 945 945 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 946 - /* 947 - * Here if the dst entry we've looked up 948 - * has a neighbour entry that is in the INCOMPLETE 949 - * state and the src address from the flow is 950 - * marked as OPTIMISTIC, we release the found 951 - * dst entry and replace it instead with the 952 - * dst entry of the nexthop router 953 - */ 954 - if (!((*dst)->neighbour->nud_state & NUD_VALID)) { 955 - struct inet6_ifaddr *ifp; 956 - struct flowi fl_gw; 957 - int redirect; 946 + /* 947 + * Here if the dst entry we've looked up 948 + * has a neighbour entry that is in the INCOMPLETE 949 + * state and the src address from the flow is 950 + * marked as OPTIMISTIC, we release the found 951 + * dst entry and replace it instead with the 952 + * dst entry of the nexthop router 953 + */ 954 + if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) { 955 + struct inet6_ifaddr *ifp; 956 + struct flowi fl_gw; 957 + int redirect; 958 958 959 - ifp = ipv6_get_ifaddr(net, &fl->fl6_src, 960 - (*dst)->dev, 1); 959 + ifp = ipv6_get_ifaddr(net, &fl->fl6_src, 960 + (*dst)->dev, 1); 961 961 962 - redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 963 - if (ifp) 964 - in6_ifa_put(ifp); 962 + redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 963 + if (ifp) 964 + in6_ifa_put(ifp); 965 965 966 - if (redirect) { 967 - /* 968 - * We need to get the dst entry for the 969 - * default router instead 970 - */ 971 - dst_release(*dst); 972 - memcpy(&fl_gw, fl, sizeof(struct flowi)); 973 - memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); 974 - *dst = ip6_route_output(net, sk, &fl_gw); 975 - if ((err = (*dst)->error)) 976 - goto out_err_release; 977 - } 966 + if (redirect) { 967 + /* 968 + * We need to get the dst entry for the 969 + * default router instead 970 + */ 971 + dst_release(*dst); 972 + memcpy(&fl_gw, fl, sizeof(struct flowi)); 973 + memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); 974 + *dst = ip6_route_output(net, sk, &fl_gw); 975 + if ((err = (*dst)->error)) 976 + goto out_err_release; 978 977 } 978 + } 979 979 #endif 980 980 981 981 return 0;
+1
net/xfrm/xfrm_policy.c
··· 1077 1077 struct hlist_head *chain = policy_hash_bysel(&pol->selector, 1078 1078 pol->family, dir); 1079 1079 1080 + list_add_tail(&pol->bytype, &xfrm_policy_bytype[pol->type]); 1080 1081 hlist_add_head(&pol->bydst, chain); 1081 1082 hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index)); 1082 1083 xfrm_policy_count[dir]++;
+2
net/xfrm/xfrm_state.c
··· 858 858 859 859 if (km_query(x, tmpl, pol) == 0) { 860 860 x->km.state = XFRM_STATE_ACQ; 861 + list_add_tail(&x->all, &xfrm_state_all); 861 862 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 862 863 h = xfrm_src_hash(daddr, saddr, family); 863 864 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h); ··· 1056 1055 xfrm_state_hold(x); 1057 1056 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; 1058 1057 add_timer(&x->timer); 1058 + list_add_tail(&x->all, &xfrm_state_all); 1059 1059 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 1060 1060 h = xfrm_src_hash(daddr, saddr, family); 1061 1061 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);