From: Greg Kroah-Hartman Date: Sat, 28 Jun 2014 15:26:27 +0000 (-0400) Subject: 3.15-stable patches X-Git-Tag: v3.4.96~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bd309249c76bb4127c426c1378dd8772a00404e9;p=thirdparty%2Fkernel%2Fstable-queue.git 3.15-stable patches added patches: bluetooth-clearly-distinguish-mgmt-ltk-type-from-authenticated-property.patch bluetooth-fix-properly-ignoring-ltks-of-unknown-types.patch --- diff --git a/queue-3.15/bluetooth-clearly-distinguish-mgmt-ltk-type-from-authenticated-property.patch b/queue-3.15/bluetooth-clearly-distinguish-mgmt-ltk-type-from-authenticated-property.patch new file mode 100644 index 00000000000..ad49ed2fb6c --- /dev/null +++ b/queue-3.15/bluetooth-clearly-distinguish-mgmt-ltk-type-from-authenticated-property.patch @@ -0,0 +1,88 @@ +From d7b2545023ecfde94d3ea9c03c5480ac18da96c9 Mon Sep 17 00:00:00 2001 +From: Johan Hedberg +Date: Fri, 23 May 2014 13:19:53 +0300 +Subject: Bluetooth: Clearly distinguish mgmt LTK type from authenticated property + +From: Johan Hedberg + +commit d7b2545023ecfde94d3ea9c03c5480ac18da96c9 upstream. + +On the mgmt level we have a key type parameter which currently accepts +two possible values: 0x00 for unauthenticated and 0x01 for +authenticated. However, in the internal struct smp_ltk representation we +have an explicit "authenticated" boolean value. + +To make this distinction clear, add defines for the possible mgmt values +and do conversion to and from the internal authenticated value. + +Signed-off-by: Johan Hedberg +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/bluetooth/mgmt.h | 3 +++ + net/bluetooth/mgmt.c | 19 ++++++++++++++++--- + 2 files changed, 19 insertions(+), 3 deletions(-) + +--- a/include/net/bluetooth/mgmt.h ++++ b/include/net/bluetooth/mgmt.h +@@ -181,6 +181,9 @@ struct mgmt_cp_load_link_keys { + } __packed; + #define MGMT_LOAD_LINK_KEYS_SIZE 3 + ++#define MGMT_LTK_UNAUTHENTICATED 0x00 ++#define MGMT_LTK_AUTHENTICATED 0x01 ++ + struct mgmt_ltk_info { + struct mgmt_addr_info addr; + __u8 type; +--- a/net/bluetooth/mgmt.c ++++ b/net/bluetooth/mgmt.c +@@ -4530,7 +4530,7 @@ static int load_long_term_keys(struct so + + for (i = 0; i < key_count; i++) { + struct mgmt_ltk_info *key = &cp->keys[i]; +- u8 type, addr_type; ++ u8 type, addr_type, authenticated; + + if (key->addr.type == BDADDR_LE_PUBLIC) + addr_type = ADDR_LE_DEV_PUBLIC; +@@ -4542,8 +4542,13 @@ static int load_long_term_keys(struct so + else + type = HCI_SMP_LTK_SLAVE; + ++ if (key->type == MGMT_LTK_UNAUTHENTICATED) ++ authenticated = 0x00; ++ else ++ authenticated = 0x01; ++ + hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type, +- key->type, key->val, key->enc_size, key->ediv, ++ authenticated, key->val, key->enc_size, key->ediv, + key->rand); + } + +@@ -5005,6 +5010,14 @@ void mgmt_new_link_key(struct hci_dev *h + mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); + } + ++static u8 mgmt_ltk_type(struct smp_ltk *ltk) ++{ ++ if (ltk->authenticated) ++ return MGMT_LTK_AUTHENTICATED; ++ ++ return MGMT_LTK_UNAUTHENTICATED; ++} ++ + void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent) + { + struct mgmt_ev_new_long_term_key ev; +@@ -5030,7 +5043,7 @@ void mgmt_new_ltk(struct hci_dev *hdev, + + bacpy(&ev.key.addr.bdaddr, &key->bdaddr); + ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); +- ev.key.type = key->authenticated; ++ ev.key.type = mgmt_ltk_type(key); + ev.key.enc_size = key->enc_size; + ev.key.ediv = key->ediv; + ev.key.rand = key->rand; diff --git a/queue-3.15/bluetooth-fix-properly-ignoring-ltks-of-unknown-types.patch b/queue-3.15/bluetooth-fix-properly-ignoring-ltks-of-unknown-types.patch new file mode 100644 index 00000000000..95188166c3b --- /dev/null +++ b/queue-3.15/bluetooth-fix-properly-ignoring-ltks-of-unknown-types.patch @@ -0,0 +1,44 @@ +From 61b433579b6ffecb1d3534fd482dcd48535277c8 Mon Sep 17 00:00:00 2001 +From: Johan Hedberg +Date: Thu, 29 May 2014 19:36:53 +0300 +Subject: Bluetooth: Fix properly ignoring LTKs of unknown types + +From: Johan Hedberg + +commit 61b433579b6ffecb1d3534fd482dcd48535277c8 upstream. + +In case there are new LTK types in the future we shouldn't just blindly +assume that != MGMT_LTK_UNAUTHENTICATED means that the key is +authenticated. This patch adds explicit checks for each allowed key type +in the form of a switch statement and skips any key which has an unknown +value. + +Signed-off-by: Johan Hedberg +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman + +--- + net/bluetooth/mgmt.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/net/bluetooth/mgmt.c ++++ b/net/bluetooth/mgmt.c +@@ -4542,10 +4542,16 @@ static int load_long_term_keys(struct so + else + type = HCI_SMP_LTK_SLAVE; + +- if (key->type == MGMT_LTK_UNAUTHENTICATED) ++ switch (key->type) { ++ case MGMT_LTK_UNAUTHENTICATED: + authenticated = 0x00; +- else ++ break; ++ case MGMT_LTK_AUTHENTICATED: + authenticated = 0x01; ++ break; ++ default: ++ continue; ++ } + + hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type, + authenticated, key->val, key->enc_size, key->ediv, diff --git a/queue-3.15/series b/queue-3.15/series index 7eb42e2ff27..a1ad7eeafda 100644 --- a/queue-3.15/series +++ b/queue-3.15/series @@ -129,3 +129,5 @@ btrfs-don-t-check-nodes-for-extent-items.patch btrfs-use-right-type-to-get-real-comparison.patch btrfs-fix-scrub_print_warning-to-handle-skinny-metadata-extents.patch btrfs-fix-use-of-uninit-ret-in-end_extent_writepage.patch +bluetooth-clearly-distinguish-mgmt-ltk-type-from-authenticated-property.patch +bluetooth-fix-properly-ignoring-ltks-of-unknown-types.patch