| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
commit e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[dh79.pyun: Cherry-pick from mainline to fix CVE-2017-1000251]
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Change-Id: Ia665b17aa7bfaa6ee13d652cce494da10b19b56d
|
|
If BT controller's buffer is occupied by another profile such as
OPP or SPP, and it is blocked due to RF condition, A2DP packets
couldn't be sent properly. It causes the A2DP chopping issue.
It is because HCI buffer is limited but another tx requests
occupy it and audio sreaming packet delay is occurred. So this
patch reserves some HCI buffer for A2DP to guarantee A2DP QoS
better.
Change-Id: I7f423f885ef6b7b0a56880d259fd7cd47ce60213
Signed-off-by: Seungyoun Ju <sy39.ju@samsung.com>
|
|
[ Upstream commit 197c949e7798fbf28cfadc69d9ca0c2abbf93191 ]
Backport of this upstream commit into stable kernels :
89c22d8c3b27 ("net: Fix skb csum races when peeking")
exposed a bug in udp stack vs MSG_PEEK support, when user provides
a buffer smaller than skb payload.
In this case,
skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr),
msg->msg_iov);
returns -EFAULT.
This bug does not happen in upstream kernels since Al Viro did a great
job to replace this into :
skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg);
This variant is safe vs short buffers.
For the time being, instead reverting Herbert Xu patch and add back
skb->ip_summed invalid changes, simply store the result of
udp_lib_checksum_complete() so that we avoid computing the checksum a
second time, and avoid the problematic
skb_copy_and_csum_datagram_iovec() call.
This patch can be applied on recent kernels as it avoids a double
checksumming, then backported to stable kernels as a bug fix.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[Applied missed stable commit from linux-4.4.y tree to resolve CVE-2016-10229]
Reported-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I736f7d244cade936e8991e2419466e803fead571
|
|
When packet_set_ring creates a ring buffer it will initialize a
struct timer_list if the packet version is TPACKET_V3. This value
can then be raced by a different thread calling setsockopt to
set the version to TPACKET_V1 before packet_set_ring has finished.
This leads to a use-after-free on a function pointer in the
struct timer_list when the socket is closed as the previously
initialized timer will not be deleted.
The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
changing the packet version while also taking the lock at the start
of packet_set_ring.
Ps. This is CVE-2016-8655 patch,
http://seclists.org/oss-sec/2016/q4/607
Change-Id: I3396f1bfe60b03082a981ae9d8a787b41cb5a529
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Signed-off-by: Philip Pettersson <philip.pettersson@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
RPA resolution support of peer device to be checked before starting
directed advertising. This patch load the resolution support info of
device and check before starting directed advertising.
Change-Id: Ia1e7b2ae1ef9d5e12877d96759cb9089b52c20b7
Signed-off-by: paras.kumar <paras.kumar@samsung.com>
Signed-off-by: h.sandeep <h.sandeep@samsung.com>
[Fix coding style and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
The devices, like Android 6.x, which don't support privacy 1.2
couldn't make BLE connection to the device which doesn't distribute
IRK when pairing because they use use wrong address type.
For compatibility, it needs to distribute IRK even though Privacy
feature is disabled. So setting IRK interface is added and BlueZ
will set IRK if privacy feature is disabled. And when BLE pairing,
IRK will be always distributed.
Change-Id: I6dbcef9663a1a0cb2b7db89cad6e725025e41fa1
Signed-off-by: h.sandeep <h.sandeep@samsung.com>
|
|
It is required to set IRK from BlueZ if privacy feature is disabled,
so this patch adds setting IRK interface to MGMT.
Change-Id: I68183b6003c6292e0f7c95b8fe9c0d04890063b5
Signed-off-by: h.sandeep <h.sandeep@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
There are BCM sco WBC/NBC commands, and they are only for BCM chips.
So this patch fix not to send the sco commands to non BCM vendor
chips which causes sco command timeout and disconnection.
Change-Id: Iae67b6e6de2ecf68b79e47136c2b80aa530a281c
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Too small supervision timeout causes sudden link loss when remote
device has multiple links and it cannot manage those properly. To
protect such a case, it needs to widen supervision timeout.
Change-Id: I6e0cef7d5d5b6f1c3635ee1c1b59c550438dfd9f
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Sets the data length for the le data packet with in the
advised limits. MGMT command and event are added to handle
the setting of data length.
Change-Id: I3dbcbba83098e17f0e6da209753f8924ffb67678
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch adds MGMT command and code for supporting reading
default le data length value set at the controller.
Change-Id: I2b81982dc26ed5af4a8f8a3d3913db5d64625260
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch adds MGMT command and code for supporting write
default le data length command to the controller.
Change-Id: I3d2c8b622b7913a3ed542342e3ba8076c30dc279
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch adds the MGMT command and code to support reading
the maximum data length supported command for LE.
Change-Id: I4dc0041f2070de2ccb6a4164c8823612863c941e
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch fixes the IPSP connection callback event issue
between kernel and bluez layer.
Change-Id: Ia4d625aa8a6dbc9da89a7d9f12308af9c90d0594
Signed-off-by: h.sandeep <h.sandeep@samsung.com>
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch adds MGMT code to support IPSP connect and
disconnect apis and handle connection state changed event.
Change-Id: I1c41ec4f38cf9a108e443def3bc23c1b964e2985
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch supports MGMT commands and code to enable or disable
IPSP 6LowPan features.
Change-Id: Ia866ecfa517c7d7e4320f17d94d80dfeb9261e59
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch fixes not to check the hdev power before setting
LE Privacy.
Change-Id: I344ea13b1d90527e3e7554ec616cdc640b85159c
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch allows to store the key after authentication
if auth type is "HCI_LK_AUTH_COMBINATION_P192"
Change-Id: Ie44dbe7dfec361edab61aceaf9b2ca4057b88fa5
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Add a check for BT socket before using it to unlink
in bt_accept_unlink(). This helps to avoid kernel panic.
Change-Id: Ie8919dedce239a3476c06ad48ebb3a0f731b9856
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[update patch title]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds code to cancel the sniff timer.
Change-Id: I756d3b08acf6462044d1fb204064fe12ce1238c1
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Add provision to set the link poilicy to enable sniff mode
for incoming connection.
Change-Id: Ifff9e9f0838f26a6c96d81f4cbaae43429aa231f
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch modifies the fast connectable function
to just set the type.
Change-Id: I0cce96f85d823f9798ae7f147c4e33ce7b18e0e3
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch allows to send HCI_OP_AUTH_REQUESTED command
to the remote device if pairing failure happens because
of pin or key missing error.
Change-Id: I9c28394dc06b22fd5fe9e58ac0b7d728c086bde4
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch enables the inquiry and page scan after ACL
disconnection with one device and if there are no other
devices connected.
Change-Id: Ifb28be7d23f237d35112b2e0739ed55169baacf7
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch updates the authentication requirement to general
MITM if local and remote device IO capabilities are not
NO_INPUT_NO_OUTPUT.
Change-Id: Ie3955c3f8287418e74af20d40bdf30d0f1963e31
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch allows to set the supervision timeout for a connection
if the device role is master.
Change-Id: I7897167ec07803f3059f2ab4d3314b0b7a951533
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch sets the filter policy to a default value 0x01 during
LE auto connection if the destination address is not set. And it
updates the destination address once the LE connection complete
event is recieved during LE auto connection. And for it checks
valid destination address before cancelling LE connection when
connection timeout occurs.
Change-Id: I9877556c0b0ab4826f5f4934ead4d85b7837036d
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[squash patches, LE connection policy, set dest address and check dest address before cancelling connection]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds MGMT command to read the advertising TX power.
Change-Id: Ide9e5d332f034928d2eae2cbd68a025a0d42be1b
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch sets the link policy for SCO/eSCO connection.
Change-Id: I71caef5a3887f73a10329b6886c8cf52b80e8d37
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[add link policy setting in sco connection]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Added code to set sco settings.
Change-Id: I37aa572436241b06e00d1e9e75964aac747eeba5
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[remove sco link policy part]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds code for providing multiple LE advertisement state
changed event to upper layer.
Change-Id: I58fb8044e74402376ec30b121081edce7c8709d1
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[divide hci_vendor_mutli_adv_state_change_evt and remove hci event structure from mgmt]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds new MGMT event for LE device discovery and allows
the handling of all advertisement packets in platform.
Change-Id: I1927acb75eff0b60a5899898c6d7a000e1a108ef
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch sends the H/W TX timeout error MGMT event if HCI command
timeout occurs after sending HCI commands.
Change-Id: I5eb593f2fe4d31c404dd94ef582790e47d03b10a
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Add code to handle hardware error MGMT event.
Change-Id: I5875ea2aeae7aba95c1f8e15b456704dc6bcdee4
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch fixes style for rssi link alert event from vendor
specific group ext.
Change-Id: I0e7003e417c5f5a590cce8264caccad515dd3c10
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds the vendor specific LE meta event handler.
It handles the vendor specific handles like,
LE_MULTI_ADV_STATE_CHANGE_SUB_EVENT, LE_RSSI_LINK_ALERT.
Change-Id: I1f344a31e36f9c7442fe0bd8b598e67d9f5fb9bf
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
[divide hci vendor speicif group event function]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Added new MGMT command to set LE scan parameters
Change-Id: I5ea660f97e93dfcc72273971ad0250e7f582f718
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Added new MGMT command to set the manufacturer data
in the BR/EDR packet.
Change-Id: Ie08062f4cad0c676deab94fd95fdc1a8c5602135
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Added new MGMT command to update LE connection parameters
Change-Id: I6ae16513437cd42d40e75958aa8415baa1cbedbb
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
Added new MGMT command to disable LE auto connection.
Change-Id: I1f5f61b83227501ad54019008b405fd47fd722a3
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
|
|
This patch adds new MGMT commands to start LE discovery separately
and handles LE discovery state.
Change-Id: I85958b8c2b5c7e28f57c69e86037ab1e61a75db0
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch updates the device name on receiving the HCI event
remote_name_event during connection establishment.
Change-Id: I9a217e6760b1803a70af201a3f6903e722079749
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Added feature support for monitoring the RSSI value.
Commands and events for enabling, disabling and setting
rssi threshold values are added.
Change-Id: I850643a9228afc017e54217a11826b9c6a68a96b
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch provides MGMT commands to manage the white
list which includes, adding, removing and clearing the
devices from white list.
Change-Id: If71107129d3a090ae81448a8122b76accd4f5522
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
|
|
This patch provides new MGMT commands to configure
the advertising data and scan response data packets for
LE peripheral devices.
Change-Id: I914d13795f4fb58e5f2e1cadb55086f4bcbc82df
Signed-off-by: Sudha Bheemanna <b.sudha@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
|
|
Added the basic skeleton code for tizen_mgmt_handlers and
mgmt_tizen.h header file.
Change-Id: I8f3100aa79e6673840ba561f0a9c50238ca0880b
Signed-off-by: h.sandeep <h.sandeep@samsung.com>
|
|
This patch adds an additional attribute when sending
packet information via netlink in netfilter_queue module.
It will send additional security context data, so that
userspace applications can verify this context against
their own security databases.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[backport from mainline for security nether service]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Some drivers needs to have ability to reinit NCI core, for example after
updating firmware in setup() of post_setup() callback. This patch makes
nci_core_reset() and nci_core_init() functions public, to make it possible.
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
|
|
Some drivers require non-standard configuration after NCI_CORE_INIT
request, because they need to know ndev->manufact_specific_info or
ndev->manufact_id. This patch adds post_setup handler allowing to do
such custom configuration.
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
|
|
Allow for drivers to explicitly define handlers for each
proprietary notifications and responses they expect to support.
Reviewed-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
|
