Home Home > GIT Browse > SLE15
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-06-24 11:54:54 +0200
committerTakashi Iwai <tiwai@suse.de>2019-06-24 11:54:54 +0200
commit190eab52759c8ea0acba55b48e90fe88339fb354 (patch)
tree6ad5540e0882d9d410a93c52b980a002b83f93a0
parentdf28106c2c9c727c7c13faec38a714e4fcde3c67 (diff)
Replace the bluetooth fix with the upstream commit (bsc#1135556)
-rw-r--r--patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch154
-rw-r--r--patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch42
-rw-r--r--series.conf3
3 files changed, 155 insertions, 44 deletions
diff --git a/patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch b/patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch
new file mode 100644
index 0000000000..873a22aab4
--- /dev/null
+++ b/patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch
@@ -0,0 +1,154 @@
+From 693cd8ce3f882524a5d06f7800dd8492411877b3 Mon Sep 17 00:00:00 2001
+From: Marcel Holtmann <marcel@holtmann.org>
+Date: Sat, 22 Jun 2019 15:47:01 +0200
+Subject: [PATCH] Bluetooth: Fix regression with minimum encryption key size alignment
+Git-commit: 693cd8ce3f882524a5d06f7800dd8492411877b3
+Patch-mainline: v5.2-rc6
+References: bsc#1135556
+
+When trying to align the minimum encryption key size requirement for
+Bluetooth connections, it turns out doing this in a central location in
+the HCI connection handling code is not possible.
+
+Original Bluetooth version up to 2.0 used a security model where the
+L2CAP service would enforce authentication and encryption. Starting
+with Bluetooth 2.1 and Secure Simple Pairing that model has changed into
+that the connection initiator is responsible for providing an encrypted
+ACL link before any L2CAP communication can happen.
+
+Now connecting Bluetooth 2.1 or later devices with Bluetooth 2.0 and
+before devices are causing a regression. The encryption key size check
+needs to be moved out of the HCI connection handling into the L2CAP
+channel setup.
+
+To achieve this, the current check inside hci_conn_security() has been
+moved into l2cap_check_enc_key_size() helper function and then called
+from four decisions point inside L2CAP to cover all combinations of
+Secure Simple Pairing enabled devices and device using legacy pairing
+and legacy service security model.
+
+Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203643
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/bluetooth/hci_conn.c | 18 +++++++++---------
+ net/bluetooth/l2cap_core.c | 33 ++++++++++++++++++++++++++++-----
+ 2 files changed, 37 insertions(+), 14 deletions(-)
+
+diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
+index 3cf0764d5793..15d1cb5aee18 100644
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -1276,14 +1276,6 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
+ !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
+ return 0;
+
+- /* The minimum encryption key size needs to be enforced by the
+- * host stack before establishing any L2CAP connections. The
+- * specification in theory allows a minimum of 1, but to align
+- * BR/EDR and LE transports, a minimum of 7 is chosen.
+- */
+- if (conn->enc_key_size < HCI_MIN_ENC_KEY_SIZE)
+- return 0;
+-
+ return 1;
+ }
+
+@@ -1400,8 +1392,16 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type,
+ return 0;
+
+ encrypt:
+- if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
++ if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
++ /* Ensure that the encryption key size has been read,
++ * otherwise stall the upper layer responses.
++ */
++ if (!conn->enc_key_size)
++ return 0;
++
++ /* Nothing else needed, all requirements are met */
+ return 1;
++ }
+
+ hci_conn_encrypt(conn);
+ return 0;
+diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
+index b53acd6c9a3d..9f77432dbe38 100644
+--- a/net/bluetooth/l2cap_core.c
++++ b/net/bluetooth/l2cap_core.c
+@@ -1341,6 +1341,21 @@ static void l2cap_request_info(struct l2cap_conn *conn)
+ sizeof(req), &req);
+ }
+
++static bool l2cap_check_enc_key_size(struct hci_conn *hcon)
++{
++ /* The minimum encryption key size needs to be enforced by the
++ * host stack before establishing any L2CAP connections. The
++ * specification in theory allows a minimum of 1, but to align
++ * BR/EDR and LE transports, a minimum of 7 is chosen.
++ *
++ * This check might also be called for unencrypted connections
++ * that have no key size requirements. Ensure that the link is
++ * actually encrypted before enforcing a key size.
++ */
++ return (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags) ||
++ hcon->enc_key_size > HCI_MIN_ENC_KEY_SIZE);
++}
++
+ static void l2cap_do_start(struct l2cap_chan *chan)
+ {
+ struct l2cap_conn *conn = chan->conn;
+@@ -1358,9 +1373,14 @@ static void l2cap_do_start(struct l2cap_chan *chan)
+ if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
+ return;
+
+- if (l2cap_chan_check_security(chan, true) &&
+- __l2cap_no_conn_pending(chan))
++ if (!l2cap_chan_check_security(chan, true) ||
++ !__l2cap_no_conn_pending(chan))
++ return;
++
++ if (l2cap_check_enc_key_size(conn->hcon))
+ l2cap_start_connection(chan);
++ else
++ __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
+ }
+
+ static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
+@@ -1439,7 +1459,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
+ continue;
+ }
+
+- l2cap_start_connection(chan);
++ if (l2cap_check_enc_key_size(conn->hcon))
++ l2cap_start_connection(chan);
++ else
++ l2cap_chan_close(chan, ECONNREFUSED);
+
+ } else if (chan->state == BT_CONNECT2) {
+ struct l2cap_conn_rsp rsp;
+@@ -7490,7 +7513,7 @@ static void l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
+ }
+
+ if (chan->state == BT_CONNECT) {
+- if (!status)
++ if (!status && l2cap_check_enc_key_size(hcon))
+ l2cap_start_connection(chan);
+ else
+ __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
+@@ -7499,7 +7522,7 @@ static void l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
+ struct l2cap_conn_rsp rsp;
+ __u16 res, stat;
+
+- if (!status) {
++ if (!status && l2cap_check_enc_key_size(hcon)) {
+ if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
+ res = L2CAP_CR_PEND;
+ stat = L2CAP_CS_AUTHOR_PEND;
+--
+2.16.4
+
diff --git a/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch b/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch
deleted file mode 100644
index 15772982c9..0000000000
--- a/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Marcel Holtmann <marcel@holtmann.org>
-Subject: [RFC] Bluetooth: Check key sizes only when Secure Simple Pairing is enabled
-Date: Wed, 22 May 2019 09:05:40 +0200
-Message-id: <20190522070540.48895-1-marcel@holtmann.org>
-Patch-mainline: No, RFC
-References: bsc#1135556
-
-The encryption is only mandatory to be enforced when both sides are using
-Secure Simple Pairing and this means the key size check makes only sense
-in that case.
-
-On legacy Bluetooth 2.0 and earlier devices like mice the encryption was
-optional and thus causing an issue if the key size check is not bound to
-using Secure Simple Pairing.
-
-Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
-Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
----
- net/bluetooth/hci_conn.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
---- a/net/bluetooth/hci_conn.c
-+++ b/net/bluetooth/hci_conn.c
-@@ -1148,8 +1148,13 @@ int hci_conn_check_link_mode(struct hci_
- return 0;
- }
-
-- if (hci_conn_ssp_enabled(conn) &&
-- !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
-+ /* If Secure Simple Pairing is not enabled, then legacy connection
-+ * setup is used and no encryption or key sizes can be enforced.
-+ */
-+ if (!hci_conn_ssp_enabled(conn))
-+ return 1;
-+
-+ if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
- return 0;
-
- /* The minimum encryption key size needs to be enforced by the
diff --git a/series.conf b/series.conf
index acfffa595b..f491dfaec8 100644
--- a/series.conf
+++ b/series.conf
@@ -22609,6 +22609,7 @@
patches.fixes/tcp-tcp_fragment-should-apply-sane-memory-limits.patch
patches.fixes/tcp-add-tcp_min_snd_mss-sysctl.patch
patches.fixes/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch
+ patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch
# davem/net
patches.drivers/ibmvnic-Do-not-close-unopened-driver-during-reset.patch
@@ -23086,8 +23087,6 @@
patches.suse/ath10k-QCA9377-firmware-limit.patch
patches.kabi/bt_accept_enqueue-kabi-workaround.patch
- patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch
-
########################################################
# ISDN
########################################################