From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 7 Jul 2014 18:45:33 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.4.98~45
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a581ed45ef2c9a0776ec1780d603da8586cd463;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch
	bluetooth-remove-unused-hci_le_ltk_reply.patch
---

diff --git a/queue-3.4/bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch b/queue-3.4/bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch
new file mode 100644
index 00000000000..90e94ac8362
--- /dev/null
+++ b/queue-3.4/bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch
@@ -0,0 +1,47 @@
+From ba15a58b179ed76a7e887177f2b06de12c58ec8f Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Mon, 9 Jun 2014 13:58:14 +0300
+Subject: Bluetooth: Fix SSP acceptor just-works confirmation without MITM
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit ba15a58b179ed76a7e887177f2b06de12c58ec8f upstream.
+
+From the Bluetooth Core Specification 4.1 page 1958:
+
+"if both devices have set the Authentication_Requirements parameter to
+one of the MITM Protection Not Required options, authentication stage 1
+shall function as if both devices set their IO capabilities to
+DisplayOnly (e.g., Numeric comparison with automatic confirmation on
+both devices)"
+
+So far our implementation has done user confirmation for all just-works
+cases regardless of the MITM requirements, however following the
+specification to the word means that we should not be doing confirmation
+when neither side has the MITM flag set.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Tested-by: Szymon Janc <szymon.janc@tieto.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/hci_event.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -3156,8 +3156,11 @@ static inline void hci_user_confirm_requ
+ 
+ 		/* If we're not the initiators request authorization to
+ 		 * proceed from user space (mgmt_user_confirm with
+-		 * confirm_hint set to 1). */
+-		if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
++		 * confirm_hint set to 1). The exception is if neither
++		 * side had MITM in which case we do auto-accept.
++		 */
++		if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
++		    (loc_mitm || rem_mitm)) {
+ 			BT_DBG("Confirming auto-accept as acceptor");
+ 			confirm_hint = 1;
+ 			goto confirm;
diff --git a/queue-3.4/bluetooth-remove-unused-hci_le_ltk_reply.patch b/queue-3.4/bluetooth-remove-unused-hci_le_ltk_reply.patch
new file mode 100644
index 00000000000..70a7fa16764
--- /dev/null
+++ b/queue-3.4/bluetooth-remove-unused-hci_le_ltk_reply.patch
@@ -0,0 +1,57 @@
+From e10b9969f217c948c5523045f44eba4d3a758ff0 Mon Sep 17 00:00:00 2001
+From: Syam Sidhardhan <s.syam@samsung.com>
+Date: Thu, 12 Apr 2012 20:33:17 +0530
+Subject: Bluetooth: Remove unused hci_le_ltk_reply()
+
+From: Syam Sidhardhan <s.syam@samsung.com>
+
+commit e10b9969f217c948c5523045f44eba4d3a758ff0 upstream.
+
+In this API, we were using sizeof operator for an array
+given as function argument, which is invalid.
+However this API is not used anywhere.
+
+Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>
+Signed-off-by: Gustavo Padovan <gustavo@padovan.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/bluetooth/hci_core.h |    1 -
+ net/bluetooth/hci_conn.c         |   16 ----------------
+ 2 files changed, 17 deletions(-)
+
+--- a/include/net/bluetooth/hci_core.h
++++ b/include/net/bluetooth/hci_core.h
+@@ -1068,7 +1068,6 @@ void hci_le_conn_update(struct hci_conn
+ 					u16 latency, u16 to_multiplier);
+ void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8],
+ 							__u8 ltk[16]);
+-void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]);
+ void hci_le_ltk_neg_reply(struct hci_conn *conn);
+ 
+ int hci_do_inquiry(struct hci_dev *hdev, u8 length);
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -224,22 +224,6 @@ void hci_le_start_enc(struct hci_conn *c
+ }
+ EXPORT_SYMBOL(hci_le_start_enc);
+ 
+-void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
+-{
+-	struct hci_dev *hdev = conn->hdev;
+-	struct hci_cp_le_ltk_reply cp;
+-
+-	BT_DBG("%p", conn);
+-
+-	memset(&cp, 0, sizeof(cp));
+-
+-	cp.handle = cpu_to_le16(conn->handle);
+-	memcpy(cp.ltk, ltk, sizeof(ltk));
+-
+-	hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
+-}
+-EXPORT_SYMBOL(hci_le_ltk_reply);
+-
+ void hci_le_ltk_neg_reply(struct hci_conn *conn)
+ {
+ 	struct hci_dev *hdev = conn->hdev;
diff --git a/queue-3.4/series b/queue-3.4/series
index d668b18e43b..d7a484d29f5 100644
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -13,3 +13,5 @@ drm-radeon-only-apply-hdmi-bpc-pll-flags-when-encoder-mode-is-hdmi.patch
 drm-radeon-fix-typo-in-radeon_connector_is_dp12_capable.patch
 drm-radeon-atom-fix-dithering-on-certain-panels.patch
 drm-vmwgfx-fix-incorrect-write-to-read-only-register-v2.patch
+bluetooth-fix-ssp-acceptor-just-works-confirmation-without-mitm.patch
+bluetooth-remove-unused-hci_le_ltk_reply.patch