--- /dev/null
+From a9ea3ed9b71cc3271dd59e76f65748adcaa76422 Mon Sep 17 00:00:00 2001
+From: Szymon Janc <szymon.janc@tieto.com>
+Date: Thu, 19 Jul 2012 14:46:08 +0200
+Subject: Bluetooth: Fix legacy pairing with some devices
+
+From: Szymon Janc <szymon.janc@tieto.com>
+
+commit a9ea3ed9b71cc3271dd59e76f65748adcaa76422 upstream.
+
+Some devices e.g. some Android based phones don't do SDP search before
+pairing and cancel legacy pairing when ACL is disconnected.
+
+PIN Code Request event which changes ACL timeout to HCI_PAIRING_TIMEOUT
+is only received after remote user entered PIN.
+
+In that case no L2CAP is connected so default HCI_DISCONN_TIMEOUT
+(2 seconds) is being used to timeout ACL connection. This results in
+problems with legacy pairing as remote user has only few seconds to
+enter PIN before ACL is disconnected.
+
+Increase disconnect timeout for incomming connection to
+HCI_PAIRING_TIMEOUT if SSP is disabled and no linkey exists.
+
+To avoid keeping ACL alive for too long after SDP search set ACL
+timeout back to HCI_DISCONN_TIMEOUT when L2CAP is connected.
+
+2012-07-19 13:24:43.413521 < HCI Command: Create Connection (0x01|0x0005) plen 13
+ bdaddr 00:02:72:D6:6A:3F ptype 0xcc18 rswitch 0x01 clkoffset 0x0000
+ Packet type: DM1 DM3 DM5 DH1 DH3 DH5
+2012-07-19 13:24:43.425224 > HCI Event: Command Status (0x0f) plen 4
+ Create Connection (0x01|0x0005) status 0x00 ncmd 1
+2012-07-19 13:24:43.885222 > HCI Event: Role Change (0x12) plen 8
+ status 0x00 bdaddr 00:02:72:D6:6A:3F role 0x01
+ Role: Slave
+2012-07-19 13:24:44.054221 > HCI Event: Connect Complete (0x03) plen 11
+ status 0x00 handle 42 bdaddr 00:02:72:D6:6A:3F type ACL encrypt 0x00
+2012-07-19 13:24:44.054313 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
+ handle 42
+2012-07-19 13:24:44.055176 > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
+ bdaddr 00:02:72:D6:6A:3F mode 0
+2012-07-19 13:24:44.056217 > HCI Event: Max Slots Change (0x1b) plen 3
+ handle 42 slots 5
+2012-07-19 13:24:44.059218 > HCI Event: Command Status (0x0f) plen 4
+ Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 0
+2012-07-19 13:24:44.062192 > HCI Event: Command Status (0x0f) plen 4
+ Unknown (0x00|0x0000) status 0x00 ncmd 1
+2012-07-19 13:24:44.067219 > HCI Event: Read Remote Supported Features (0x0b) plen 11
+ status 0x00 handle 42
+ Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87
+2012-07-19 13:24:44.067248 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
+ handle 42 page 1
+2012-07-19 13:24:44.071217 > HCI Event: Command Status (0x0f) plen 4
+ Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
+2012-07-19 13:24:44.076218 > HCI Event: Read Remote Extended Features (0x23) plen 13
+ status 0x00 handle 42 page 1 max 1
+ Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
+2012-07-19 13:24:44.076249 < HCI Command: Remote Name Request (0x01|0x0019) plen 10
+ bdaddr 00:02:72:D6:6A:3F mode 2 clkoffset 0x0000
+2012-07-19 13:24:44.081218 > HCI Event: Command Status (0x0f) plen 4
+ Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
+2012-07-19 13:24:44.105214 > HCI Event: Remote Name Req Complete (0x07) plen 255
+ status 0x00 bdaddr 00:02:72:D6:6A:3F name 'uw000951-0'
+2012-07-19 13:24:44.105284 < HCI Command: Authentication Requested (0x01|0x0011) plen 2
+ handle 42
+2012-07-19 13:24:44.111207 > HCI Event: Command Status (0x0f) plen 4
+ Authentication Requested (0x01|0x0011) status 0x00 ncmd 1
+2012-07-19 13:24:44.112220 > HCI Event: Link Key Request (0x17) plen 6
+ bdaddr 00:02:72:D6:6A:3F
+2012-07-19 13:24:44.112249 < HCI Command: Link Key Request Negative Reply (0x01|0x000c) plen 6
+ bdaddr 00:02:72:D6:6A:3F
+2012-07-19 13:24:44.115215 > HCI Event: Command Complete (0x0e) plen 10
+ Link Key Request Negative Reply (0x01|0x000c) ncmd 1
+ status 0x00 bdaddr 00:02:72:D6:6A:3F
+2012-07-19 13:24:44.116215 > HCI Event: PIN Code Request (0x16) plen 6
+ bdaddr 00:02:72:D6:6A:3F
+2012-07-19 13:24:48.099184 > HCI Event: Auth Complete (0x06) plen 3
+ status 0x13 handle 42
+ Error: Remote User Terminated Connection
+2012-07-19 13:24:48.179182 > HCI Event: Disconn Complete (0x05) plen 4
+ status 0x00 handle 42 reason 0x13
+ Reason: Remote User Terminated Connection
+
+Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
+Acked-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c | 7 ++++++-
+ net/bluetooth/l2cap_core.c | 1 +
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -1760,7 +1760,12 @@ static inline void hci_conn_complete_evt
+ if (conn->type == ACL_LINK) {
+ conn->state = BT_CONFIG;
+ hci_conn_hold(conn);
+- conn->disc_timeout = HCI_DISCONN_TIMEOUT;
++
++ if (!conn->out && !hci_conn_ssp_enabled(conn) &&
++ !hci_find_link_key(hdev, &ev->bdaddr))
++ conn->disc_timeout = HCI_PAIRING_TIMEOUT;
++ else
++ conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+ } else
+ conn->state = BT_CONNECTED;
+
+--- a/net/bluetooth/l2cap_core.c
++++ b/net/bluetooth/l2cap_core.c
+@@ -893,6 +893,7 @@ static void l2cap_le_conn_ready(struct l
+ sk = chan->sk;
+
+ hci_conn_hold(conn->hcon);
++ conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
+
+ bacpy(&bt_sk(sk)->src, conn->src);
+ bacpy(&bt_sk(sk)->dst, conn->dst);
--- /dev/null
+From 7cc8380eb10347016d95bf6f9d842c2ae6d12932 Mon Sep 17 00:00:00 2001
+From: Ram Malovany <ramm@ti.com>
+Date: Thu, 19 Jul 2012 10:26:10 +0300
+Subject: Bluetooth: Fix using a NULL inquiry cache entry
+
+From: Ram Malovany <ramm@ti.com>
+
+commit 7cc8380eb10347016d95bf6f9d842c2ae6d12932 upstream.
+
+If the device was not found in a list of found devices names of which
+are pending.This may happen in a case when HCI Remote Name Request
+was sent as a part of incoming connection establishment procedure.
+Hence there is no need to continue resolving a next name as it will
+be done upon receiving another Remote Name Request Complete Event.
+This will fix a kernel crash when trying to use this entry to resolve
+the next name.
+
+Signed-off-by: Ram Malovany <ramm@ti.com>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -1388,12 +1388,18 @@ static void hci_check_pending_name(struc
+ return;
+
+ e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
+- if (e) {
++ /* If the device was not found in a list of found devices names of which
++ * are pending. there is no need to continue resolving a next name as it
++ * will be done upon receiving another Remote Name Request Complete
++ * Event */
++ if (!e)
++ return;
++
++ list_del(&e->list);
++ if (name) {
+ e->name_state = NAME_KNOWN;
+- list_del(&e->list);
+- if (name)
+- mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+- e->data.rssi, name, name_len);
++ mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
++ e->data.rssi, name, name_len);
+ }
+
+ if (hci_resolve_next_name(hdev))
--- /dev/null
+From c810089c27e48b816181b454fcc493d19fdbc2ba Mon Sep 17 00:00:00 2001
+From: Ram Malovany <ramm@ti.com>
+Date: Thu, 19 Jul 2012 10:26:09 +0300
+Subject: Bluetooth: Fix using NULL inquiry entry
+
+From: Ram Malovany <ramm@ti.com>
+
+commit c810089c27e48b816181b454fcc493d19fdbc2ba upstream.
+
+If entry wasn't found in the hci_inquiry_cache_lookup_resolve do not
+resolve the name.This will fix a kernel crash when trying to use NULL
+pointer.
+
+Signed-off-by: Ram Malovany <ramm@ti.com>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -1357,6 +1357,9 @@ static bool hci_resolve_next_name(struct
+ return false;
+
+ e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
++ if (!e)
++ return false;
++
+ if (hci_resolve_name(hdev, e) == 0) {
+ e->name_state = NAME_PENDING;
+ return true;
--- /dev/null
+From c3e7c0d90b14a3e7ac091d24cef09efb516d587b Mon Sep 17 00:00:00 2001
+From: Ram Malovany <ramm@ti.com>
+Date: Thu, 19 Jul 2012 10:26:11 +0300
+Subject: Bluetooth: Set name_state to unknown when entry name is empty
+
+From: Ram Malovany <ramm@ti.com>
+
+commit c3e7c0d90b14a3e7ac091d24cef09efb516d587b upstream.
+
+When the name of the given entry is empty , the state needs to be
+updated accordingly.
+
+Signed-off-by: Ram Malovany <ramm@ti.com>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -1400,6 +1400,8 @@ static void hci_check_pending_name(struc
+ e->name_state = NAME_KNOWN;
+ mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+ e->data.rssi, name, name_len);
++ } else {
++ e->name_state = NAME_NOT_KNOWN;
+ }
+
+ if (hci_resolve_next_name(hdev))
nfsv4.1-remove-a-bogus-bug_on-in-nfs4_layoutreturn_done.patch
nfs-clear-key-construction-data-if-the-idmap-upcall-fails.patch
nfs-return-enokey-when-the-upcall-fails-to-map-the-name.patch
+ubifs-fix-complaints-about-too-small-debug-buffer-size.patch
+bluetooth-fix-using-null-inquiry-entry.patch
+bluetooth-fix-using-a-null-inquiry-cache-entry.patch
+bluetooth-set-name_state-to-unknown-when-entry-name-is-empty.patch
+bluetooth-fix-legacy-pairing-with-some-devices.patch
--- /dev/null
+From 65b455b123c7e2b835a0b7148f9bae584f95000e Mon Sep 17 00:00:00 2001
+From: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
+Date: Tue, 21 Aug 2012 21:50:58 +0300
+Subject: UBIFS: fix complaints about too small debug buffer size
+
+From: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
+
+commit 65b455b123c7e2b835a0b7148f9bae584f95000e upstream.
+
+When debugging is enabled, we use a temporary on-stack buffer for formatting
+the key strings like "(11368871, direntry, 0xcd0750)". The buffer size is
+32 bytes and sometimes it is not enough to fit the key string - e.g., when
+inode numbers are high. This is not fatal, but the key strings are incomplete
+and UBIFS complains like this:
+
+ UBIFS assert failed in dbg_snprintf_key at 137 (pid 1)
+
+This is a regression caused by "515315a UBIFS: fix key printing".
+
+Fix the issue by increasing the buffer to 48 bytes.
+
+Reported-by: Michael Hench <michaelhench@gmail.com>
+Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
+Tested-by: Michael Hench <michaelhench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ubifs/debug.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ubifs/debug.h
++++ b/fs/ubifs/debug.h
+@@ -170,7 +170,7 @@ struct ubifs_global_debug_info {
+ #define ubifs_dbg_msg(type, fmt, ...) \
+ pr_debug("UBIFS DBG " type ": " fmt "\n", ##__VA_ARGS__)
+
+-#define DBG_KEY_BUF_LEN 32
++#define DBG_KEY_BUF_LEN 48
+ #define ubifs_dbg_msg_key(type, key, fmt, ...) do { \
+ char __tmp_key_buf[DBG_KEY_BUF_LEN]; \
+ pr_debug("UBIFS DBG " type ": " fmt "%s\n", ##__VA_ARGS__, \
projects / thirdparty / kernel / stable-queue.git / commitdiff
