mwifiex: avoid processing RX packets with invalid length
If rx_len received in interface header from FW is more than
RX buffer size, skb_put for such length results into skb_panic.
Avoid this by not processing such packets. We just print a warning
for such packets and free skb.
Reviewed-by: Paul Stewart <pstew@chromium.org> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com> Signed-off-by: Bing Zhao <bzhao@marvell.com> Signed-off-by: Marc Yang <yangyang@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: fix probable memory corruption while processing TDLS frame
Size of RSN IE buffer in driver is 254 while maximum size of received buffer
to be copied to RSN IE buffer can be 255. Add boundary check to copy maximum
of 254 bytes into RSN IE buffer.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
mwifiex: set fw api info for backword compatibility
If we dont set FW API info here, for older FW releases where FW API
is not available in GET_HW_SPEC, API version would remain 0.
This may cause issues with 11ac if older FW is used with newer driver.
Signed-off-by: Avinash Patil <patila@marvell.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
When interfaces of different types are present
in a context and an offchannel request is received
on a STA interface, we end up trying to process
beacons received when we are offchannel. This hits
the below warning since offchannel will not have proper
beacon parameters.
Fix this by not processing beacons received when we
are offchannel.
John W. Linville [Mon, 15 Sep 2014 18:51:23 +0000 (14:51 -0400)]
Merge tag 'mac80211-next-for-john-2014-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
Johannes Berg <johannes@sipsolutions.net> says:
"This time, I have some rate minstrel improvements, support for a very
small feature from CCX that Steinar reverse-engineered, dynamic ACK
timeout support, a number of changes for TDLS, early support for radio
resource measurement and many fixes. Also, I'm changing a number of
places to clear key memory when it's freed and Intel claims copyright
for code they developed."
Conflicts:
net/mac80211/iface.c
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Simplify the code and check for TDLS stations just before sending the
MAC_POWER_TABLE command. The previous version of the code still allowed
PM in some multi-interface scenarios even with TDLS connected.
Avri Altman [Wed, 27 Aug 2014 16:58:56 +0000 (19:58 +0300)]
iwlwifi: mvm: Fix skip over dtim configuration in d0i3
There was some confusion concerning the units of the beacon interval.
The driver assumed that it was in msec where it was in TU - so fix that.
Skip over dtim was capped by 300TU where it should be by 306TU.
It should also be subjected to several conditions:
Not a DFS channel, dtim period < 10, and the multicast wake-lock
is off. Concerning multicast lock - there is an implementation gap
in the supplicant, so just leave a TODO.
Johannes Berg [Tue, 9 Sep 2014 13:49:19 +0000 (15:49 +0200)]
iwlwifi: mvm: update QoS parameters when they change
The QoS parameters can change during the lifetime of the BSS,
and more importantly hostapd only sets up the correct ones
after having started the AP/GO. Resend the MAC context when
the parameters change, with the updated parameters.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg [Thu, 11 Sep 2014 12:12:06 +0000 (14:12 +0200)]
iwlwifi: mvm: fix quota update avoidance
When not updating the quota, the new command shouldn't be stored
as otherwise slowly drifting quota would never update the firmware.
Fix this by storing the command only when it was also sent.
Since the error message also only makes sense when attempting to
send the command, just short-circuit the function when there's no
need to send the command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: use the firmware to get the temperature during CT kill
Reading the temperature directly from the hardware, without the help
of the firmware, is a complex process and is not entirely the same for
different hardware. Also, some NICs don't easily allow access to the
sensors when the firmware is not running, which would add even more
complexity to the code.
To reduce the code complexity and to avoid code duplication between
the firmware and the driver, boot the firmware briefly to read the
current temperature while in CT kill mode.
Johannes Berg [Mon, 8 Sep 2014 14:42:54 +0000 (16:42 +0200)]
iwlwifi: mvm: don't update quota in firmware too often
When updating quota in the firmware, it has to reset quite a bit
of internal state, which apparently can have an adverse impact on
its operation.
Avoid that by only updating the quota command when there are any
signification changes, i.e. added/removed bindings or changes in
quota that are bigger than 8 TU within a binding.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: define the non shared antenna per hardware
The sharing model will differ in new hardware. Define the
non shared antenna based on the device so that different
devices can have different names for the non shared antenna.
Johannes Berg [Tue, 9 Sep 2014 19:16:06 +0000 (21:16 +0200)]
iwlwifi: pcie: clear command data on freeing
When freeing the structures used for command data, clear their
memory as they may have contained key material at some point.
Also clear the duplicated buffer when freeing it to be safe;
currently key material is never put there but that may change.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johannes Berg [Tue, 5 Aug 2014 13:24:44 +0000 (15:24 +0200)]
iwlwifi: mvm: disable aggregation queues in station DB in FW
When disabling aggregation, disable the queues in the station
DB in the firmware, otherwise we leave the tfd_queue_mask in
a wrong state after an aggregation session has been torn down.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Eyal Shapira [Fri, 15 Aug 2014 22:30:30 +0000 (01:30 +0300)]
iwlwifi: mvm: rs: don't zero tx stats after idle
Move the tx stats to the persistent area of lq_sta to
avoid them being zeroed out every time rs reinitializes
which happens after tx idle for 5 secs for example.
The automatic zeroing out made them difficult to use.
Luciano Coelho [Wed, 20 Aug 2014 08:49:11 +0000 (11:49 +0300)]
iwlwifi: mvm: reset ucode_loaded flag when mac80211 stop is called
We rely on the value of the mvm->ucode_loaded flag to decide whether
or not we can perform certain operations (e.g. access to some debugfs
entries), so we need to reset it when the mac80211 stop operation is
called and the hardware is shutdown.
Eyal Shapira [Sat, 30 Aug 2014 23:33:33 +0000 (02:33 +0300)]
iwlwifi: mvm: rs: remove max_rate_idx
max_rate_idx constraint is deprecated and it's handling is
faulty as well as it is relevant only for legacy rates but
was considered in HT/VHT. In most cases there was no side effect
as max_rate_idx was set to -1 but in certain cases like P2P
it got set to an actual rate idx which would limit the maximum
rate in HT/VHT by mistake.
max_rate_idx should be replaced by the masks fields but for
now remove it.
The firwmare now allows the driver to disable dummy
notifications. These notifications sent by the firmware
are an overhead for slow buses. They are still useful for
fast buses.
Add a hardware switch to prevent these notifications only
on devices that work on slow buses.
Signed-off-by: Eran <eran.harary@intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Johan Hedberg [Fri, 12 Sep 2014 16:31:52 +0000 (09:31 -0700)]
Bluetooth: Fix re-setting RPA as expired when deferring update
The hci_update_random_address will clear the RPA_EXPIRED flag and
proceed with setting a new one if the flag was set. However, the
set_random_addr() function that is called may choose to defer the update
to a later moment. In such a case the flag would incorrectly remain
unset unless set_random_addr() re-sets it. This patch fixes the issue.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
The NoA duration for a GO is half the beacon interval
and a concurrent context like a STA can be active only
for that duration, before switching back to the GO's
operating channel.
Currently, when multiple beacons are missed, the dwell
time for the STA context is extended to improve the
chances of receiving a beacon. But the NoA is not updated
and this will cause problems since the GO is offline
for a period that is longer than the advertised duration.
Fix this by ensuring that the NoA is updated first before
extending the time slot for the STA context. Also make
sure that non-periodic NoA is used for a one-time, longer
absence period.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Clearing the offchannel duration value in the
scheduler unconditionally breaks NoA when
multiple contexts are active and an offchannel
request is deferred, for example, in a scan run.
Fix this by clearing the duration only if there
is no pending offchannel request.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
* The index has to incremented only when advertising
a new NoA schedule.
* Switch to non-periodic NoA when starting a scan operation
and multiple channel contexts are active.
* Make sure that periodic NoA is advertised again when
scan ends. Since the offchannel timer moves the offchannel
state to IDLE after the GO operating channel becomes
active, use a flag "force_noa_update" to update the
NoA contents.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
In multi-channel mode, an offchannel request will
be deferred if both contexts are active. The duration
of the offchannel operation is calculated but is
not stored in the scheduler state. Fix this.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Reason is the following: when removing Rx vring
(wil_netdev_ops.ndo_stop -> wil_stop -> wil_down -> __wil_down -> wil_rx_fini),
Rx interrupt occurs. It trigger Rx NAPI, calling wil_rx_handle() that reaps
(already cleaned) buffer, causing skb referring to garbage memory being set into reorder buffer.
Then, network stack trying to access this buffer and fails.
Prevent Rx NAPI from being scheduled if device going to stop. Bit wil_status_napi_en reflects
NAPI enablement state, check it when triggering Rx NAPI.
Testing shows that check for wil_status_napi_en sometimes gets negative, and new error message
get printed - in this case kernel oops would be observed. Original oops is no more reproducible.
This change requires also changes in the AP flows.
Properly enable/disable NAPI for the AP. Make sure Rx VRING is disabled
when resetting target.
For this, promote __wil_up() and __wil_down() to the module scope, and use it
in the relevant flows.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
re-use of wmi_ready for both FW ready event and for wmi_call was causing
false "FW not ready" indication in case wmi_call() was invoked while reset
took place.
add wmi_call completion variable instead of re-using wmi_ready.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
HW supports upto 2304 packet size on the air.
HW is responsible for adding (Tx) or removing (Rx) the following headers:
802.11 hdr: 26B
SNAP: 8B
CRC: 4B
Security (optional): 24B
HW adds max 62B to the payload passed from driver. It means driver can use
max packet size of 2304-62 = 2242B
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This allows updating IEs (e.g. from hostapd) when AP is already started
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wil6210: send connect request IEs to FW also for non-secure connection
Driver is sending connect request IEs to FW only for secure connection and
ignores them for non-secure connection.
This is fixed by always sending the IEs to FW upon connect request
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wil6210: fix race condition between BACK event and Rx data
While handling Rx packet, BACK event arrives and frees tid_ampdu_rx array.
This causes kernel panic while accessing already freed spinlock
The fix is to remove tid_ampdu_rx[]'s spinlock and instead use single
sta's spinlock to guard the whole tid_ampdu_rx array.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
When WMI event received when driver not ready to accept it, the printed error
message is misleading and hints that HW is stuck. Modify the error message
to make it clearer
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
wil6210: fix race condition of disconnect while BACK event
This race condition was causing double free of tid_ampdu_rx structures
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Driver disabled PCI master before making sure HW is idle.
This caused memory corruption in case HW access system memory after
PCI master got disabled.
The fix is to change uninit sequence. Make sure FW/HW is idle before
disabling PCI
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
After setting interrupt handler, driver enabled interrupts.
This caused stale (old) HW interrupts to fire before driver is
fully initialized.
The fix is to enable interrupts only when driver is fully initialized
and after FW/HW reset (to prevent any stale interrupts)
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
added misc printouts in some init/uninit functions for better traceability
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
New module (wil_platform) for handling platform specific tasks
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com> Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Firmware download implemented but is still experimental feature;
flag controlling it added, no_fw_load. It is true by default,
use no_fw_load=N to activate feature.
Reset flows also got some adjustment for the fw download to work
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Larry Finger [Tue, 9 Sep 2014 20:57:46 +0000 (15:57 -0500)]
rtlwifi: btcoexist: Fix "always true" warning from commit ed364abffd6e
The 0-DAY kernel build testing backend reports the following warning:
drivers/net/wireless/rtlwifi/btcoexist/halbtcoutsrc.c:516 halbtc_bitmask_write_1byte()
warn: always true condition '(bit_mask != 4294967295) => (0-255 != u32max)'
This problem was introduced in commit ed364abffd6e19bec67b7ccda8237213b8b37640,
and arises because the caller of halbtc_bitmask_write_1byte() is using a
u8 rather than a u32 for the data.
Reported-by: Kbuild test robot <kbuild-all@01.org> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: Kbuild test robot <kbuild-all@01.org> Signed-off-by: John W. Linville <linville@tuxdriver.com>
b43: HT-PHY: Move radio preparation into init function
Radio should be prepared only before initialization. We need this to be
able to call b43_radio_2059_init conditionally (in the future).
This also documents RF control register a bit.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Add feature bits to indicate device support for
static-smps and dynamic-smps modes.
Add a new NL80211_ATTR_SMPS_MODE attribue to allow
configuring the smps mode to be used by the ap
(e.g. configuring to ap to dynamic smps mode will
reduce power consumption while having minor effect
on throughput)
Johannes Berg [Tue, 9 Sep 2014 19:55:35 +0000 (22:55 +0300)]
cfg80211: add WMM traffic stream API
Add nl80211 and driver API to validate, add and delete traffic
streams with appropriate settings.
The API calls for userspace doing the action frame handshake
with the peer, and then allows only to set up the parameters
in the driver. To avoid setting up a session only to tear it
down again, the validate API is provided, but the real usage
later can still fail so userspace must be prepared for that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Adding a timeout for tearing down a TDLS connection that
hasn't had ACKed traffic sent through it for a certain
amount of time.
Since we have no other monitoring facility to indicate the
existance (or non-existance) of a peer, this patch will
cause a peer to be considered as unavailable if for some X
time at least some Y packets have all not been ACKed.
Thomas Huehn [Tue, 9 Sep 2014 21:22:14 +0000 (23:22 +0200)]
mac80211: improve minstrel_ht rate sorting by throughput & probability
This patch improves the way minstrel_ht sorts rates according to throughput
and success probability. 3 FOR-loops across the entire rate and mcs group set
in function minstrel_ht_update_stats() which where used to determine the
fastest, second fastest and most robust rate are reduced to 2 FOR-loop.
The sorted list of rates according throughput is extended to the best four
rates as we need them in upcoming joint rate and power control. The sorting
is done via the new function minstrel_ht_sort_best_tp_rates(). The annotation
of those 4 best throughput rates in the debugfs file rc-stats is changes to:
"A,B,C,D", where A is the fastest rate and C the 4th fastest.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Tested-by: Stefan Venz <ikstream86@gmail.com> Acked-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Huehn [Tue, 9 Sep 2014 21:22:13 +0000 (23:22 +0200)]
mac80211: Unify rate statistic variables between Minstrel & Minstrel_HT
Minstrel and Mintrel_HT used there own structs to keep track of rate
statistics. Unify those variables in struct minstrel_rate_states and
move it to rc80211_minstrel.h for common usage. This is a clean-up
patch to prepare Minstrel and Minstrel_HT codebase for upcoming TPC.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Acked-by: Felix Fietkau <nbd@openwrt.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 10 Sep 2014 19:28:06 +0000 (22:28 +0300)]
cfg80211: don't put kek/kck/replay counter on the stack
There's no need to put the values on the stack, just pass a
pointer to the data in the nl80211 message. This reduces stack
usage and avoids potential issues with putting sensitive data
on the stack.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 10 Sep 2014 10:39:56 +0000 (13:39 +0300)]
cfg80211: clear wext keys when freeing and removing them
When freeing the keys stored for wireless extensions, clear the memory
to avoid having the key material stick around in memory "forever".
Similarly, when userspace overwrites a key, actually clear it instead
of just setting the key length to zero.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johan Hedberg [Thu, 11 Sep 2014 05:16:35 +0000 (22:16 -0700)]
Bluetooth: Expire RPA if encryption fails
If encryption fails and we're using an RPA it may be because of a
conflict with another device. To avoid repeated failures the safest
action is to simply mark the RPA as expired so that a new one gets
generated as soon as the connection drops.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 11 Sep 2014 00:37:46 +0000 (17:37 -0700)]
Bluetooth: Fix L2CAP information request handling for fixed channels
Even if we have no connection-oriented channels we should perform the
L2CAP Information Request procedures before notifying L2CAP channels of
the connection. This is so that the L2CAP channel implementations can
perform checks on what the remote side supports (e.g. does it support
the fixed channel in question).
So far the code has relied on the l2cap_do_start() function to initiate
the Information Request, however l2cap_do_start() is used on a
per-channel basis and only for connection-oriented channels. This means
that if there are no connection-oriented channels on the system we would
never start the Information Request procedure.
This patch creates a new l2cap_request_info() helper function to
initiate the Information Request procedure, and ensures that it is
called whenever a BR/EDR connection has been established. The patch also
updates fixed channels to be notified of connection readiness only once
the Information Request procedure has completed.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 11 Sep 2014 00:37:45 +0000 (17:37 -0700)]
Bluetooth: Add smp_ltk_sec_level() helper function
There are several places that need to determine the security level that
an LTK can provide. This patch adds a convenience function for this to
help make the code more readable.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 11 Sep 2014 00:37:44 +0000 (17:37 -0700)]
Bluetooth: Fix SMP security level when we have no IO capabilities
When the local IO capability is NoInputNoOutput any attempt to convert
the remote authentication requirement to a target security level is
futile. This patch makes sure that we set the target security level at
most to MEDIUM if the local IO capability is NoInputNoOutput.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 11 Sep 2014 00:37:43 +0000 (17:37 -0700)]
Bluetooth: Centralize disallowing SMP commands to a single place
All the cases where we mark SMP commands as dissalowed are their
respective command handlers. We can therefore simplify the code by
always clearing the bit immediately after testing it. This patch
converts the corresponding test_bit() call to a test_and_clear_bit()
call and also removes the now unused SMP_DISALLOW_CMD macro.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
The SMP specification states that we should ignore any unknown bits from
the authentication requirement. We already have a define for masking out
unknown bits but we haven't used it in all places so far. This patch
adds usage of the AUTH_REQ_MASK to all places that need it and ensures
that we don't pass unknown bits onward to other functions.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Thu, 11 Sep 2014 00:37:41 +0000 (17:37 -0700)]
Bluetooth: Remove unnecessary early initialization of variable
We do nothing else with the auth variable in smp_cmd_pairing_rsp()
besides passing it to tk_request() which in turn only cares about
whether one of the sides had the MITM bit set. It is therefore
unnecessary to assign a value to it until just before calling
tk_request(), and this value can simply be the bit-wise or of the local
and remote requirements.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Johan Hedberg [Tue, 9 Sep 2014 23:21:46 +0000 (16:21 -0700)]
Bluetooth: Fix allowing SMP Signing info PDU
If the remote side is not distributing its IRK but is distributing the
CSRK the next PDU after master identification is the Signing
Information. This patch fixes a missing SMP_ALLOW_CMD() for this in the
smp_cmd_master_ident() function.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>