When using mark-based routing, sockets returned from accept()
may need to be marked differently depending on the incoming
connection request.
This is the case, for example, if different socket marks identify
different networks: a listening socket may want to accept
connections from all networks, but each connection should be
marked with the network that the request came in on, so that
subsequent packets are sent on the correct network.
This patch adds a sysctl to mark TCP sockets based on the fwmark
of the incoming SYN packet. If enabled, and an unmarked socket
receives a SYN, then the SYN packet's fwmark is written to the
connection's inet_request_sock, and later written back to the
accepted socket when the connection is established. If the
socket already has a nonzero mark, then the behaviour is the same
as it is today, i.e., the listening socket's fwmark is used.
Black-box tested using user-mode linux:
- IPv4/IPv6 SYN+ACK, FIN, etc. packets are routed based on the
mark of the incoming SYN packet.
- The socket returned by accept() is marked with the mark of the
incoming SYN packet.
- Tested with syncookies=1 and syncookies=2.
Change-Id: I5e8c9b989762a93f3eb5a0c1b4df44f62d57f3cb
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Kernel-originated IP packets that have no user socket associated
with them (e.g., ICMP errors and echo replies, TCP RSTs, etc.)
are emitted with a mark of zero. Add a sysctl to make them have
the same mark as the packet they are replying to.
This allows an administrator that wishes to do so to use
mark-based routing, firewalling, etc. for these replies by
marking the original packets inbound.
Tested using user-mode linux:
- ICMP/ICMPv6 echo replies and errors.
- TCP RST packets (IPv4 and IPv6).
Change-Id: I95d896647b278d092ef331d1377b959da1deb042
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Currently, IPv6 router discovery always puts routes into
RT6_TABLE_MAIN. This causes problems for connection managers
that want to support multiple simultaneous network connections
and want control over which one is used by default (e.g., wifi
and wired).
To work around this connection managers typically take the routes
they prefer and copy them to static routes with low metrics in
the main table. This puts the burden on the connection manager
to watch netlink to see if the routes have changed, delete the
routes when their lifetime expires, etc.
Instead, this patch adds a per-interface sysctl to have the
kernel put autoconf routes into different tables. This allows
each interface to have its own autoconf table, and choosing the
default interface (or using different interfaces at the same
time for different types of traffic) can be done using
appropriate ip rules.
The sysctl behaves as follows:
- = 0: default. Put routes into RT6_TABLE_MAIN as before.
- > 0: manual. Put routes into the specified table.
- < 0: automatic. Add the absolute value of the sysctl to the
device's ifindex, and use that table.
The automatic mode is most useful in conjunction with
net.ipv6.conf.default.accept_ra_rt_table. A connection manager
or distribution could set it to, say, -100 on boot, and
thereafter just use IP rules.
Change-Id: I093d39fb06ec413905dc0d0d5792c1bc5d5c73a9
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
802.11 cards may have different country IE parsing behavioural
preferences and vendors may want to support these. These preferences
were managed by the WIPHY_FLAG_CUSTOM_REGULATORY and the
WIPHY_FLAG_STRICT_REGULATORY flags and their combination.
Instead of using this existing notation, split out the country IE
behavioural preferences to a new flag. This will allow us to add more
customizations easily and make the code more maintainable. Also add
a new flag to disable country IE hints issued by the CORE as the
first customization.
Change-Id: I66ba4a92ac0f029a115eea0a274b02db11279787
CRs-Fixed: 542802
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
The default initial rwnd is hardcoded to 10.
Now we allow it to be controlled via
/proc/sys/net/ipv4/tcp_default_init_rwnd
which limits the values from 3 to 100
This is somewhat needed because ipv6 routes are
autoconfigured by the kernel.
See "An Argument for Increasing TCP's Initial Congestion Window"
in https://developers.google.com/speed/articles/tcp_initcwnd_paper.pdf
Change-Id: I386b2a9d62de0ebe05c1ebe1b4bd91b314af5c54
Signed-off-by: JP Abgrall <jpa@google.com>
Conflicts:
include/net/tcp.h
[ Upstream commit 85fbaa7503 ]
Commit bceaa90240 ("inet: prevent leakage
of uninitialized memory to user in recv syscalls") conditionally updated
addr_len if the msg_name is written to. The recv_error and rxpmtu
functions relied on the recvmsg functions to set up addr_len before.
As this does not happen any more we have to pass addr_len to those
functions as well and set it to the size of the corresponding sockaddr
length.
This broke traceroute and such.
Fixes: bceaa90240 ("inet: prevent leakage of uninitialized memory to user in recv syscalls")
Reported-by: Brad Spengler <spender@grsecurity.net>
Reported-by: Tom Labanowski
Cc: mpb <mpb.mail@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit f2e5ddcc0d ]
When CONFIG_NETLABEL is disabled, the cipso_v4_validate() function could loop
forever in the main loop if opt[opt_iter +1] == 0, this will causing a kernel
crash in an SMP system, since the CPU executing this function will
stall /not respond to IPIs.
This problem can be reproduced by running the IP Stack Integrity Checker
(http://isic.sourceforge.net) using the following command on a Linux machine
connected to DUT:
"icmpsic -s rand -d <DUT IP address> -r 123456"
wait (1-2 min)
Signed-off-by: Seif Mazareeb <seif@marvell.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e87b3998d7 ]
dst->xfrm is conditionally defined. Provide accessor funtion that
is always available.
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 703133de33 ]
If local fragmentation is allowed, then ip_select_ident() and
ip_select_ident_more() need to generate unique IDs to ensure
correct defragmentation on the peer.
For example, if IPsec (tunnel mode) has to encrypt large skbs
that have local_df bit set, then all IP fragments that belonged
to different ESP datagrams would have used the same identificator.
If one of these IP fragments would get lost or reordered, then
peer could possibly stitch together wrong IP fragments that did
not belong to the same datagram. This would lead to a packet loss
or data corruption.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Instead of feeding net_secret[] at boot time, defer the init
at the point first socket is created.
This permits some platforms to use better entropy sources than
the ones available at boot time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
It looks like its possible to open thousands of TCP IPv6
sessions on a server, all landing in a single slot of TCP hash
table. Incoming packets have to lookup sockets in a very
long list.
We should hash all bits from foreign IPv6 addresses, using
a salt and hash mix, not a simple XOR.
inet6_ehashfn() can also separately use the ports, instead
of xoring them.
Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Iliyan Malchev <malchev@google.com>
Conflicts:
include/net/ipv6.h
Add API to enable drivers to implement MAC address based
access control in AP/P2P GO mode. Capable drivers advertise
this capability by setting the maximum number of MAC
addresses in such a list in wiphy->max_acl_mac_addrs.
An initial ACL may be given to the NL80211_CMD_START_AP
command and/or changed later with NL80211_CMD_SET_MAC_ACL.
Black- and whitelists are supported, but not simultaneously.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
[rewrite commit log, many cleanups]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 77765eaf5c
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
CRs-fixed: 487410
Change-Id: I9593b887941be5efa5e96546ad92cd6c6bf8fb87
[duttus@codeaurora.org: resolved 3.4 backport issues]
Signed-off-by: Sunil Dutt <duttus@codeaurora.org>
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver and NL80211_CMD_FT_EVENT to send FT events from the
WLAN driver. This will carry the target AP's MAC address along
cfg80211: Extend support for IEEE 802.11r Fast BSS Transition
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver and NL80211_CMD_FT_EVENT to send FT events from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE). These
changes allow FT to be supported with drivers that use an internal
SME instead of user space option (like FT implementation in
wpa_supplicant with mac80211-based drivers).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 355199e02b
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/linville/
wireless-testing.git/
Change-Id: I439155b3d7bf4df9c45087a4deb6ec0cd7577225
CRs-fixed: 434525
[duttus@codeaurora.org: backport to 3.4-This commit includes the
changes from following commits to compile for jb_2.5.
5314526b17 : cfg80211: add channel
switch notify event
98104fdeda : cfg80211: add P2P
Device abstraction
f4e583c893 : nl/cfg80211: add the
NL80211_CMD_SET_MCAST_RATE command
ed44a951c7 : cfg80211/nl80211: Notify
connection request failure in AP mode
77765eaf5c : cfg80211/nl80211: add
API for MAC address ACLs.
04f39047af : nl80211/cfg80211: add
radar detection command/event.
3713b4e364 : nl80211: allow splitting
wiphy information in dumps.
ee2aca343c : cfg80211: add ability
to override VHT capabilities.
355199e02b : cfg80211: Extend
support for IEEE 802.11r Fast BSS Transition.]
Signed-off-by: Sunil Dutt <duttus@codeaurora.org>
The information of the peer's capabilities and extended capabilities are
required for the driver to perform TDLS Peer UAPSD operations and off
channel operations. This information of the peer is passed from user space
using NL80211_CMD_SET_STATION command. This commit enhances
the function nl80211_set_station to pass the capability information of
the peer to the driver.
Similarly, there may be need for capability information for other modes,
so allow this to be provided with both add_station and change_station.
Change-Id: I1e626512a0f849ae05bbbd24c4e262d303b8f8ea
CRs-fixed: 452921
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
To save STAs VHT caps in AP mode
Change-Id: I1930ec05a3e079733c00837c93bda615289fceda
CRs-fixed: 452921
Signed-off-by: Mahesh Palivela <maheshp@posedge.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow drivers to advertise their VHT capabilities
and export them to userspace via nl80211.
Change-Id: I2d2825a09dfddccca1bd3edacd7fc382d765bea5
CRs-fixed: 452921
Signed-off-by: Mahesh Palivela <maheshp@posedge.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
[msm/android-3.4 commit 1f0675844e3b63a765e5bd32bc5af051ccd951c0]
This adds the ability to send ICMPv6 echo requests without a
raw socket. The equivalent ability for ICMPv4 was added in
2011.
Instead of having separate code paths for IPv4 and IPv6, make
most of the code in net/ipv4/ping.c dual-stack and only add a
few IPv6-specific bits (like the protocol definition) to a new
net/ipv6/ping.c. Hopefully this will reduce divergence and/or
duplication of bugs in the future.
Caveats:
- Setting options via ancillary data (e.g., using IPV6_PKTINFO
to specify the outgoing interface) is not yet supported.
- There are no separate security settings for IPv4 and IPv6;
everything is controlled by /proc/net/ipv4/ping_group_range.
- The proc interface does not yet display IPv6 ping sockets
properly.
Tested with a patched copy of ping6 and using raw socket calls.
Compiles and works with all of CONFIG_IPV6={n,m,y}.
Conflicts:
net/ipv4/ping.c
Bug: 9469865
Change-Id: I752190e680c009c371d177d8f84af242d3990813
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[lorenzo@google.com: backported to 3.4]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
[lorenzo@google.com: include export.h to fix missing THIS_MODULE]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
[msm/android-3.4 commit 2c75b248e5243d0af7cc97522148db7415a70f8a]
__ipv6_addr_needs_scope_id checks if an ipv6 address needs to supply
a 'sin6_scope_id != 0'. 'sin6_scope_id != 0' was enforced in case
of link-local addresses. To support interface-local multicast these
checks had to be enhanced and are now consolidated into these new helper
functions.
v2:
a) migrated to struct ipv6_addr_props
v3:
a) reverted changes for ipv6_addr_props
b) test for address type instead of comparing scope
v4:
a) unchanged
Bug: 9469865
Change-Id: Ib2ac81050a001c5a370198b34c8973dfd86439dd
Suggested-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
commit 96570ffcca upstream.
If hci_dev_open fails we need to ensure that the corresponding
mgmt_set_powered command gets an appropriate response. This patch fixes
the missing response by adding a new mgmt_set_powered_failed function
that's used to indicate a power on failure to mgmt. Since a situation
with the device being rfkilled may require special handling in user
space the patch uses a new dedicated mgmt status code for this.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit f77d602124 ]
We have seen multiple NULL dereferences in __inet6_lookup_established()
After analysis, I found that inet6_sk() could be NULL while the
check for sk_family == AF_INET6 was true.
Bug was added in linux-2.6.29 when RCU lookups were introduced in UDP
and TCP stacks.
Once an IPv6 socket, using SLAB_DESTROY_BY_RCU is inserted in a hash
table, we no longer can clear pinet6 field.
This patch extends logic used in commit fcbdf09d96
("net: fix nulls list corruptions in sk_prot_alloc")
TCP/UDP/UDPLite IPv6 protocols provide their own .clear_sk() method
to make sure we do not clear pinet6 field.
At socket clone phase, we do not really care, as cloning the parent (non
NULL) pinet6 is not adding a fatal race.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 093162553c ]
Before escaping RCU protected section and adding packet into
prequeue, make sure the dst is refcounted.
Reported-by: Mike Galbraith <bitbucket@online.de>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 83f1b4ba91 ]
Commit 257b5358b3 ("scm: Capture the full credentials of the scm
sender") changed the credentials passing code to pass in the effective
uid/gid instead of the real uid/gid.
Obviously this doesn't matter most of the time (since normally they are
the same), but it results in differences for suid binaries when the wrong
uid/gid ends up being used.
This just undoes that (presumably unintentional) part of the commit.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add support for reporting and calculating VHT MCSes.
Note that I'm not completely sure that the bitrate
calculations are correct, nor that they can't be
simplified.
Change-Id: Id4c132850a85ff59f0fc16396763ed717689bec0
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: db9c64cf8d
Git-repo:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
[ Upstream commit 5a3da1fe95 ]
This patch introduces a constant limit of the fragment queue hash
table bucket list lengths. Currently the limit 128 is choosen somewhat
arbitrary and just ensures that we can fill up the fragment cache with
empty packets up to the default ip_frag_high_thresh limits. It should
just protect from list iteration eating considerable amounts of cpu.
If we reach the maximum length in one hash bucket a warning is printed.
This is implemented on the caller side of inet_frag_find to distinguish
between the different users of inet_fragment.c.
I dropped the out of memory warning in the ipv4 fragment lookup path,
because we already get a warning by the slab allocator.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 5b9e12dbf9 ]
a long time ago by the commit
commit 93456b6d77
Author: Denis V. Lunev <den@openvz.org>
Date: Thu Jan 10 03:23:38 2008 -0800
[IPV4]: Unify access to the routing tables.
the defenition of FIB_HASH_TABLE size has obtained wrong dependency:
it should depend upon CONFIG_IP_MULTIPLE_TABLES (as was in the original
code) but it was depended from CONFIG_IP_ROUTE_MULTIPATH
This patch returns the situation to the original state.
The problem was spotted by Tingwei Liu.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Tingwei Liu <tingw.liu@gmail.com>
CC: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Keep the Clock offset valid for one Hour and read it again after
connection complete so that we have most recent value. This helps
for faster ACL connections.
CRs-fixed: 430132
Change-Id: I1526878a7365f9cc0c654e0af6c4dd214fac4cd8
Signed-off-by: Mallikarjuna GB <gbmalli@codeaurora.org>
The NL80211_CMD_TDLS_OPER command was previously used only for userspace
request for the kernel code to perform TDLS operations. However, there
are also cases where the driver may need to request operations from
userspace, e.g., when using security on the AP path. Add a new cfg80211
function for generating a TDLS operation event for drivers to request a
new link to be set up (NL80211_TDLS_SETUP) or an existing link to be
torn down (NL80211_TDLS_TEARDOWN). Drivers can optionally use these
events, e.g., based on noticing data traffic being sent to a peer
station that is seen with good signal strength.
Change-Id: I778f5136fc4518bedcaed14a5412de4be6c85cf3
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-by: Ng Chilam <chilamng@qca.qualcomm.com>
[Madan Mohan Koyyalamudi <mkoyya@codeaurora.org>: move changes from
include/uapi/linux/nl80211.h to include/linux/nl80211.h, remove trace.h,
remove trace_cfg80211_tdls_oper_request() in nl80211.c ]
Signed-off-by: Madan Mohan Koyyalamudi <mkoyya@codeaurora.org>
Export a function from sch_api.c that will look up
desired qdisc and call it's registered change function
to enable/disable flow.
Change-Id: I5b6dc7a6fd2b09b796c92b3770ba83423d19c864
CRs-Fixed: 355156
Acked-by: Jimi Shah <jimis@qualcomm.com>
Signed-off-by: Tianyi Gou <tgou@codeaurora.org>
(cherry picked from commit b8419fe690053b76658d49565c57ac654faf2eaa)
(cherry picked from commit 3a30e7aa4487f56a74f12c12f11cece6ce1f2100)
Add support to create connection to LE devices using
whitelist. With this, the Controller can try to connect
to multiple devices at the same time. The following
interfaces are added.
1. Add/Remove device from whitelist
2. Clear all the devices from whitelist
3. Create Connection to devices from whitelist
4. Cancel create connection to whitelist devices
CRs-fixed: 388980
Change-Id: I3900c71255e754f80bb2873ae19a41b94cca76c3
Signed-off-by: Sunny Kapdi <sunnyk@codeaurora.org>
(cherry picked from commit 93bef895b01b79f49af60ba1394c9c3f6e563212)
(cherry picked from commit 377ee2bf1fc37bcbeae872661646bdd6a5f8da31)
Send device disconnection reason to bluez on receiving the
diconnection complete event so that low energy profiles
such as proximity can decide to reconnect if the reason
is link loss.
CRs-Fixed: 378240
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
(cherry picked from commit da09d26a75ee1c7c1911dcfbe0128fd09f6631f4)
Change-Id: Iab1fede47f44342d87be6c3c5aa7590754fd950c
Signed-off-by: Sudhir Sharma <sudsha@codeaurora.org>
Found in a rare case there is possibility that remote device
sent disconnect on a connection and DUT is trying send data
on the same. In that case accessing some released wakelock
is causing issue. The current changes are to use locking
mechanism to validate the connection before acting on the
wake lock.
CRs-Fixed: 394651
Change-Id: I6a4188a7d0d05a8cfbe66d3680473d549157917a
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
(cherry picked from commit 6aadc41fcbd28dc3899a4b5d098e5f316588a029)
Signed-off-by: Sudhir Sharma <sudsha@codeaurora.org>
Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).
This bug was introduced in commit 16e5726269
(af_unix: dont send SCM_CREDENTIALS by default)
This patch forces passing credentials for netlink, as
before the regression.
Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.
With help from Florian Weimer & Petr Matousek
This issue is designated as CVE-2012-3520
Change-Id: Id4f36301d407ef5c8218c5ef9f66d299766cdf57
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[ Upstream commit 08dcdbf6a7 ]
It looks like its possible to open thousands of TCP IPv6
sessions on a server, all landing in a single slot of TCP hash
table. Incoming packets have to lookup sockets in a very
long list.
We should hash all bits from foreign IPv6 addresses, using
a salt and hash mix, not a simple XOR.
inet6_ehashfn() can also separately use the ports, instead
of xoring them.
Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit dec34fb0f5 ]
When SOCK_REFCNT_DEBUG is enabled, below build error is met:
kernel/sysctl_binary.o: In function `sk_refcnt_debug_release':
include/net/sock.h:1025: multiple definition of `sk_refcnt_debug_release'
kernel/sysctl.o:include/net/sock.h:1025: first defined here
kernel/audit.o: In function `sk_refcnt_debug_release':
include/net/sock.h:1025: multiple definition of `sk_refcnt_debug_release'
kernel/sysctl.o:include/net/sock.h:1025: first defined here
make[1]: *** [kernel/built-in.o] Error 1
make: *** [kernel] Error 2
So we decide to make sk_refcnt_debug_release static to eliminate
the error.
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Have maximum blocking time for shutdown operation as DISCONNECT_TIMEOUT.
During this period when SCO connection closes, the userspace will be
updated on the close operation. Existing approach of immidiate return
on shutdown call can cause synchronization issues on SCO state between
kernel and userspace. This happens when disconnect operation takes
more time at kernel space.
Change-Id: Id9e6a61c2c3d4ba2cf6da574fc49bc6894a8f96a
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
Added support to let the userspace know about the updated
LE connection parameters. On receiving successful connection
complete and connection parameters update event from the BT
Controller, send a mgmt event to the userspace bluetoothd.
CRs-fixed: 380271
Change-Id: If8c3d785188e0d4f38c7431d01c016f399137408
Signed-off-by: Sunny Kapdi <sunnyk@codeaurora.org>
If due to timing issues out of our control, an outbound ATT Indicate
is delayed to the point that user space code does not receive
confirmation within it time-out period, both Client and Server
sockets must be torn down. We also must always respond to incoming
ATT Indicate pkt with a Confirmation, as the Error Response is an
illegal response for Indicate.
CRs-Fixed: 363355
Change-Id: I4003a59e1a731a08818f18d5b79db537e2aa2619
Signed-off-by: Brian Gix <bgix@codeaurora.org>
This change addresses an L2CAP ERTM throughput problem when a remote
device does not fully utilize the available transmit window.
The L2CAP ERTM transmit window size determines the maximum number of
unacked frames that may be outstanding at any time. It is configured
separately for each direction of an ERTM connection. Each side sends a
configuration request with a tx_win field indicating how many unacked
frames it is capable of receiving before sending an ack. The
configuration response's tx_win field shows how many frames the
transmitter will actually send before waiting for an ack.
It's important to trace both the actual transmit window (to check for
validity of incoming frames) and the number of frames that the
transmitter will send before waiting (to send acks at the appropriate
time). Now there are separate tx_win and ack_win values. ack_win is
updated based on configuration responses, and is used to determine
when acks are sent.
CRs-fixed: 370909
Change-Id: I6d9ef55a2ff2f5f3d0117ad376a09e4cc26fe742
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Holding a wakelock avoids suspend power collapse, which
allow the BT idle timer to kick in, which eventually
initiates BT low power modes.
CRs-Fixed: 361067
Change-Id: I93e3950b6f854e70dbce092a5529120ec008c2b8
Signed-off-by: Rahul Kashyap <rkashyap@codeaurora.org>
Various LE profiles require very specific LE parameters for
both establishing and maintaining LE connections to remote
peripherals. These LE only parameters are encapsulated into
a single sockopts structure, and may be passed from user space.
CRs-Fixed: 335971
Change-Id: I408edb97ab0fa9717c7d3fe5fc8ad6ac179a2fff
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Some Remote device disconnects service level connection but do not initiate
ACL disconnect hence ACL connection remains alive for 40s. Reducing timer
value to 8s as reconnection initated by remote device was rejected due to
existing ACL connection.
Change-Id: I26c2665bb9754ad08e3bc8d8a58f192c47c41764
CRs-Fixed: 337702
Signed-off-by: Rohit Singh <singhr@codeaurora.org>
If the remote device does not support Encryption Pause,
It might disable Encryption during role switch. Allow a
Grace period of 500 ms for such devices to re-enable.
Change-Id: I8af8082e16e185fe8c15adaf07169cc73179c59f
CRs-fixed: 336828
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Fix issue where when setting up an AMP link the socket pointer
is not set when the logical link complete callback is called,
resulting in the L2CAP channel being disconnected.
The socket pointer must be set before the HCI logical link
create command is sent, as it is possible for the logical link
complete event to arrive before the HCI command send logic
has returned.
Change-Id: I5d89c14d45bd6b4cf47d5754f822b435ce8076a8
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
CRs-fixed: 344553
Take a reference on the hci_conn and do not de-reference l2cap_conn
while setting up the A2MP fixed channel. l2cap_conn is not reference
counted and may go away before the channel is set up.
This fixes scenario where the ACL disconnects (and l2cap_conn goes
away) while amp_conn_ind worker is running or is on the workqueue
waiting to run.
Change-Id: I10fc6d9b146fcc5e010f26a046f7e0570f2b93dd
CRs-fixed: 347079
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Increase the L2CAP move timeout to allow adequate time for both
controllers to exit sniff mode and exchange move signals. This
fixes an issue where sending a move request to move a channel
from AMP back to BR-EDR and both controllers need to exit sniff
first the move response is not received before the move timeout
expires and the channel is disconnected. This value needs to be
at least 4X the sniff interval.
Change-Id: I31d5b3fc52489a5e78818aa3bec654cb777f66f1
CRs-fixed: 341368
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
This feature is required for implementing Low energy
proximity client immediate alert service. The proximtiy
client registers with the kernel for receiving RSSI updates
of the remote device. The kernel starts polling for RSSI
value using READ_RSSI HCI command and When it reaches
a particular threshold set by the proximity client,
updates are sent to the client.
Change-Id: I723dd140ad3bf02978c57b3ab127bb6768f28cca
CRs-fixed: 344936
Signed-off-by: Archana Ramachandran <archanar@codeaurora.org>
Connection security level is modified based on remote device's
extended feature. Deciding SSP capability of remote device
by EIR response is incorrect, because few BT2.1 devices do not
send EIR and few BT2.1 devices which send EIR do not support
SSP. SSP capability of remote device has to be decided based on
remote_extended_features event. This patch makes sure that
MEDIUM_SECURITY is set for non ssp devices' pairing process.
Change-Id: I328a35a30895f2ab6abaaeec51b364ecd633e642
CRs-fixed: 339166
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Expose Bluetooth remote features to the userspace. A2DP profile
setup in the userspace would need this information to
determine if the remote side supports EDR ACL link or not.
Change-Id: Ib6713707baaf30ffe872247313b2185ae2897385
Signed-off-by: Sunny Kapdi <sunnyk@codeaurora.org>
When a Bluetooth device is powered down while RFCOMM connections are
open, there are race conditions where RFCOMM tries to use an HCI
connection after the data structures have been deleted. Since the
powerdown procedure runs in process context, it is possible to lock
sockets before accessing them to close connections. This change adds
that locking, which will serialize socket access between processors
during powerdown.
Change-Id: I587720799b35d9ee6e66340bdeda8a2b9e2ea7b5
CRs-fixed: 336893
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Because traffic between the local GATT client(s) and
remote servers are subject to different controls than
remote clients and the local server, all on the shared
fixed CID, it is important to manage the traffic on
seperate sockets.
Change-Id: I62385143c86522f4b123b32592b69f2a0ae6dc76
CRs-fixed: 336029
Signed-off-by: Brian Gix <bgix@codeaurora.org>
We only support a 23 octet MTU, so auto-respond to all
MTU change requests with the 23 octet response.
Change-Id: Ic69d5f068759d983f8cd98b329acbb9d3a481c49
CRs-fixed: 336025
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Some rebalancing of refcnts due to issues found during testing:
Refcnt was not being released on security completion, if local side
was paired but the remote side had deleted the pairing info, and then
the re-pair failed to complete successfully.
Additionally, the refcnt was not held-released properly if pairing
was initiated due to the client socket being opened with security
level elevated from the start.
Change-Id: I120fed4dc74035d280781ca949a23d4cbcfa3f3e
CRs-fixed: 335993
Signed-off-by: Brian Gix <bgix@codeaurora.org>
On ACL connection complete with a remote device, the remote
device lmp version should be available with Controller. The
current change is to read this information from controller to
host and update to bluez userspace through management APIs.
Change-Id: Ie152ed98fa0a6cf9ab170a6bb8c6a05b5b9dfcb0
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When doing L2CAP configuration, use the correct retransmit and monitor
timeouts when configuring (or reconfiguring) AMP channels. The host
stack needs to use the timeouts read from incoming configuration
responses, and write appropriate timeouts when sending configuration
responses.
Change-Id: I1271ade93dbfee58a1cac115280704a327e901b2
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
This change prevents running timers from being re-initialized
which causes system instablility. Also prevents starting a
discovery operation when already in progress.
CRs-fixed: 328673
Change-Id: Icda36a25fdcb40dab4f95f9cc39ca124b299e308
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Added Flush Timeout parameter setting for l2cap channel. Bluetooth
profiles using l2cap can set this parameter to flush out the data
when it cannot be sent over the air with in timeout duration.
Change-Id: I60420c5be3a790aff26bc30e8089fdca47a99222
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When connection initiated from the remote device the class of device
information is required to be updated to userspace through this
event.
Change-Id: I97d715a0b80e12d414ecf03d099955c8b12c82b4
Signed-off-by: Srinivas Krovvidi <skrovvid@codeaurora.org>
When the connection is not in BT_CONNECTED state it was possible
for code in hci_chan_modify() to attempt to access the hci_chan
structure after it had already been deleted by hci_chan_put().
Change-Id: I5ae352ac12aa3b456e7bcf30633015d98b03e44b
CRs-fixed: 319934
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
To prevent timers from expiring on potentiatially free'd dynamic memory.
Change-Id: I8b9685150bcee72fa7ca71b221bc54b54516021e
Signed-off-by: Brian Gix <bgix@codeaurora.org>
mgmt_encrypt_link procedure is added by implementing
MGMT_OP_ENCRYPT_LINK and MGMT_EV_ENCRYPT_CHANGE
Change-Id: Ibed6e24c67bbea83318a67c636e02a93518de29d
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Previously an offset was added to the hci dev number to generate the
AMP controller ID, because it was possible for the PAL to register
as hci0, and 0 is invalid for an AMP controller ID. Since this commit
462bf76d294a480c775a040476bd7eb81f718ec2 it is not possible for
the PAL to register as hci0, so this offset is no longer necessary.
Change-Id: I4b01ddca5fad3aebeb4c138b5aee8819bb146f3d
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
On some platforms, device state data can be left around, and some
commands may take longer than 1 second to execute. This change increases
the per command time-out, and reinitializes the features mask.
Change-Id: Ib707996b97139c97e9a0deacd4a11019cf75da8c
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Include auto-setting connection parameters during Pairing for
low latenecy, and default (high latency) settings for non-Pairing
connections.
Change-Id: Ie8e3f65da52213451dcc01fce38d95ae07d1b13b
Signed-off-by: Brian Gix <bgix@codeaurora.org>
The upstream kernel has acquired new BT socket options since
BT_AMP_POLICY was first defined, now BT_FLUSHABLE is option 8 and
BT_POWER is option 9. It will save us some future pain if we align
with upstream code now and make BT_AMP_POLICY be option 10.
In addition, the option values for BT_AMP_POLICY were changed during
the upstreaming process.
CRs-fixed: 313757
Change-Id: Ia31e9c8cfd5207a6dd44e40a605d3021f5ce9fd9
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
LE-Only devices require that an Address Type (Public or Random) be
included in Connection Requests. This info is available at Pairing
but must be cached so that it is available at reconnection time.
This change includes the Address type with the Pairing data.
Change-Id: I50c78ad31d8be70f5c3f49a0529039e4a26daaac
Signed-off-by: Brian Gix <bgix@codeaurora.org>
The A2MP response timeout should be greater than the Connection
Accept timeout set for AMP links, but less than the Link Supervision
Timeout on the BR-EDR link.
This allows for A2MP to fail, but the ACL connection can remain
established, so transfer can continue on BR-EDR.
Change-Id: I654ed12149d9cf194c07b1eb3433e8c23720a209
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Use the EIR flags to prevent LE pairing attempts to
BR/EDR capable (Dual Mode) devices.
Change-Id: I41fc96ea5d912b49502ff15ab5f77da5190beaf4
Signed-off-by: Brian Gix <bgix@codeaurora.org>
Timer that was started at beginning of LE Pairing did not correctly
terminate pairing process when it fired, and was not properly cleaned
up on pairing completion.
Change-Id: Idf51bc8bf85cd6939d1d42fc16c7ee3071ab2420
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When remote device is connected outside the control of BlueZ, it
needs to be informed of whether the new connection is LE or BR/EDR.
Change-Id: I58efe8ed3cf5db2b7cc0b3417447b1e3abcdc1c2
Signed-off-by: Brian Gix <bgix@codeaurora.org>
SAP profile requires 16 pin length authentication for BT 1.2/2.0
devices as per specification. These changes were present for hciops
pluging, the current changes are for Management operations plugin.
Change-Id: I4c27c3f833a001dfe7a4abf3db42253939544658
Signed-off-by: Prabhakaran Mc <prabhakaranmc@codeaurora.org>
Enabled ECB Block encoding for Low Energy pairing
Implemented missing components of MGMTOPS interface
Differentiated as needed between BR/EDR pairing and LE pairing
Change-Id: Ifb26a9c8ca0c57286fcee92e840835560930c093
Signed-off-by: Brian Gix <bgix@codeaurora.org>
When multiple Best Effort flow specs with known data rates exist
on an AMP logical link they must be combined and the Flow Spec Modify
command issued for the aggregate flow spec.
Change-Id: Iacab516c3caa4aac8415c107e7f2ec132ea5ddd2
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Add send and receive of Extended Flow Spec option during L2CAP
lockstep configuration and passing the flow specs to HCI.
Change-Id: I3b229afb5c5e27fd5f36eb0e671c1d2739322c64
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
The change enables the Bluez user space to read
security and ssp_mode of current connection.
Change-Id: Ia30a99b6a3d9aaf912ac19548ff7dbf9190113d1
Signed-off-by: Prabhakaran MC <prabhakaranmc@codeaurora.org>
When setting up an initial link over AMP, use "create channel" signals
to start the link rather than doing an initial connection over BR/EDR
and moving the channel to AMP.
Change-Id: I5ebef97d6214e5333f0d1475d90b6f66f89e2d87
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
BT 3.0 spec states MTU and MPS for A2MP fixed channel are to be
equal.
Change-Id: Iad068234c2f5393c96b2ae33d0b7b65e09683e36
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Changes made for BT 4.0 mean the A2MP CID must be set before
kernel_bind() and kernel_connect() are used to create the A2MP
kernel socket.
Change-Id: Ie0d471701f0f323bd589b1f92b3044ab91537ec8
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
The Bluetooth spec requires that AMP data packets be flagged as a
"complete L2CAP PDU".
Change-Id: I81339ec4beef40ade3b56e32a923cf52ead07ae2
CRs-fixed: 288928
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
The Qualcomm AMP PAL needs room to add 802.11 headers to outgoing
frames, but the extra memory overhead is not necessary in other
cases.
CRs-fixed: 288438
Change-Id: Ie546bf702d56e80918c54019b4b0bb4c8bb40e0b
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Two L2CAP timeouts constants were defined in units of milliseconds but
used as if they were jiffies. Change definition to jiffies.
Change-Id: Ia2837a62bff2a891956b70096c2a9a271060f212
Signed-off-by: Peter Krystad <pkrystad@codeaurora.org>
Commit 98b351bd from Google incorrectly set the LMP_NO_FLUSH flag
to 0x01, which is actually the extended inquiry flag.
Change-Id: I1014c155105db168f9a67bb6065bbd3c18137345
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Bluesleep driver, out-of-band sleep protocol, needs to be
notified in case of MSM initiated datatransfer to wakeup
BTS chip. This notification is required to turn on UART
clocks. This change was missing in the .38 kernel
which is vital for Bluetooth to work in 7x27.
Change-Id: I6e2004c13d140901c9bdee7a98ca43e2f9c07dc3
Signed-off-by: NaveenKumar <naveenr@codeaurora.org>
Packet-based and block-based flow control use the same counting
method, so re-use the hci_dev fields instead of making a second set.
Change-Id: I2022ae49487a2a56f27d803f3bf522bd5350e60c
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Discard any frames received while in the local busy state. This makes
the code less complex, and results in fewer retransmitted packets
when dealing with lost data.
Change-Id: Id06f923609df1c4e5f7c553355bb8db7794bbe2d
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
According to the current distributed security logic between
kernel-userspace, the kernel is not aware of the level of
security that a link-key provides when userspace responds
to the link key request. Adding a ioctl entry which will
update the kernel space auth_key's level of security as soon
as userspace responds to the link key request.
CRs-fixed: 264601
Change-Id: I6765cce92a6f8b761742d57ea94e81502f6e7fcf
Signed-off-by: NaveenKumar <naveenr@codeaurora.org>
AMP controllers have different optimal settings for packet sizes
and checksums, so BT3.0+HS includes the ability to reconfigure
the L2CAP settings when a channel is moved between controllers.
Change-Id: Iad1592104ebc6ac4a9d9ed54b1d763b1786f4a1b
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Bluetooth 3.0+HS depends on an AMP manager to coordinate the setup and
teardown of AMP physical and logical links using the A2MP protocol.
There are also new L2CAP signals that allow two Bluetooth devices to
move L2CAP channels to and from a high-speed link, and a new socket
option for applications to use to control the type of Bluetooth link
used for L2CAP traffic.
Change-Id: I98067e0781b31f5d694e7b7da5cf5006dc21f514
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
The A2MP protocol uses a reliable ERTM channel to coordinate
high-speed AMP channels between two Bluetooth devices. This
is done using a fixed channel ID, but ERTM carries a lot of
state so the existing approach of hard-coded fixed channel
handlers does not work. This adds hooks for creation and
use of fixed channel sockets for use within the kernel.
Change-Id: I27363b7882ffc8ec643ffe792b078f253700089b
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
This adds support for AMP controllers to the Bluetooth HCI layer.
The architecture was agreed upon at the 2010 BlueZ Summit.
A new notion of an "HCI channel" is introduced, which corresponds
with AMP logical links. AMP controllers are also a new device type,
with a new set of HCI commands and events that need to be supported.
Change-Id: I6dbf96f800cbd6878a37c0a463f5261c8681134c
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
Enhanced Retransmission Mode (ERTM) is a new feature in BT3.0, and
is a requirement for BT3.0+HS with high-speed AMP controllers.
Some work had already been done to add ERTM support to BlueZ,
but the high-speed feature is more demanding in terms of efficiency
and needs some extended control over ERTM operation. This commit
includes more robust state machines, no copying of received data,
improved transmit queue management, support for extended headers,
and more robust locking.
Change-Id: I21aba0e3fecb02e901bb174787a37533a923c327
Signed-off-by: Mat Martineau <mathewm@codeaurora.org>
