--- /dev/null
+From 92d1372e1a9fec00e146b74e8b9ad7a385b9b37f Mon Sep 17 00:00:00 2001
+From: Marcin Kraglak <marcin.kraglak@tieto.com>
+Date: Fri, 13 Jun 2014 14:08:22 +0200
+Subject: Bluetooth: Allow change security level on ATT_CID in slave role
+
+From: Marcin Kraglak <marcin.kraglak@tieto.com>
+
+commit 92d1372e1a9fec00e146b74e8b9ad7a385b9b37f upstream.
+
+Kernel supports SMP Security Request so don't block increasing security
+when we are slave.
+
+Signed-off-by: Marcin Kraglak <marcin.kraglak@tieto.com>
+Acked-by: Johan Hedberg <johan.hedberg@intel.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/l2cap_sock.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/net/bluetooth/l2cap_sock.c
++++ b/net/bluetooth/l2cap_sock.c
+@@ -778,11 +778,6 @@ static int l2cap_sock_setsockopt(struct
+
+ /*change security for LE channels */
+ if (chan->scid == L2CAP_CID_ATT) {
+- if (!conn->hcon->out) {
+- err = -EINVAL;
+- break;
+- }
+-
+ if (smp_conn_security(conn->hcon, sec.level))
+ break;
+ sk->sk_state = BT_CONFIG;
--- /dev/null
+From c73f94b8c093a615ce80eabbde0ac6eb9abfe31a Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Fri, 13 Jun 2014 10:22:28 +0300
+Subject: Bluetooth: Fix locking of hdev when calling into SMP code
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit c73f94b8c093a615ce80eabbde0ac6eb9abfe31a upstream.
+
+The SMP code expects hdev to be unlocked since e.g. crypto functions
+will try to (re)lock it. Therefore, we need to release the lock before
+calling into smp.c from mgmt.c. Without this we risk a deadlock whenever
+the smp_user_confirm_reply() function is called.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Tested-by: Lukasz Rymanowski <lukasz.rymanowski@tieto.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/mgmt.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/bluetooth/mgmt.c
++++ b/net/bluetooth/mgmt.c
+@@ -2826,8 +2826,13 @@ static int user_pairing_resp(struct sock
+ }
+
+ if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
+- /* Continue with pairing via SMP */
++ /* Continue with pairing via SMP. The hdev lock must be
++ * released as SMP may try to recquire it for crypto
++ * purposes.
++ */
++ hci_dev_unlock(hdev);
+ err = smp_user_confirm_reply(conn, mgmt_op, passkey);
++ hci_dev_lock(hdev);
+
+ if (!err)
+ err = cmd_complete(sk, hdev->id, mgmt_op,
bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch
bluetooth-fix-check-for-connection-encryption.patch
bluetooth-fix-indicating-discovery-state-when-canceling-inquiry.patch
+bluetooth-fix-locking-of-hdev-when-calling-into-smp-code.patch
+bluetooth-allow-change-security-level-on-att_cid-in-slave-role.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
