Received: by 10.213.65.68 with SMTP id h4csp753934imn;
        Fri, 6 Apr 2018 08:19:55 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/kUf7t6W4W7WFaAfnnkBs9FrfzTRWx/ik9ACQeBzZ75TSkJL/MkmeGNzUn5XfN6ptsyDCe
X-Received: by 10.101.66.6 with SMTP id c6mr18370100pgq.35.1523027995384;
        Fri, 06 Apr 2018 08:19:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523027995; cv=none;
        d=google.com; s=arc-20160816;
        b=BNZrkai3B8tNOFsYAtNduyxyTbATC0P6QwC0pDcPfLToJIu89BLIMGBBWbnis8Gd9I
         AkzccQOJ7HMCQ/eYSPggRTWBA2JDZm6wLhoU3xebMdfbPYUjt4TV6tsXadds6sF/EViF
         euXE4scd/Y325D8zkNFNmMpsBrwQ3jQBO9o7sXt7nUTaSxFEIj11P7rU9hgejn2Pw6M9
         j9b8dBa0MqhRU8XiHYj9l1lfZ9piOC9QRIfHjkKiT5eZnf+OiXEVEqPbTKbu7Ozu7fBS
         zBoXe2jjlntvbIYcEQtZbjU9rO2HyGcwLclZhU5kwQeh9x/ryQ8Z3VVHIYKFNHkFWQp8
         dF0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=ftOp224C/EFcUi/cNoHoqxwiSwqSmi6LE/eTn4QnWoY=;
        b=Tv5Q04aYL75tN7aSdfbDN82DXlZCj2D8ILTT//MAFX1JRJ6sEh8rhHST+dDMrQwjf6
         hPJvAcQbePXrXqPA3PELf3HJMgIfIGz+6zCfmBodAKRyhBVnVa4829GPXxbyxU8fXP/O
         vC2WA/V7wVnWgZRqacplWdQddc5rd+VQ2jKzQTl32INiUAqxOgFXAugwSxNHKWeGNmVX
         MkTdRWAlgAIe9zWB8eBf+ZmAKEwq5Ky1dQH3XZZtnWYnAMIb3Jsj0PzsNRYYzAJta+Ns
         bBF9wC0alXQHVSwZHu1rWGKyzPmW7L7u+b268kSo0UGNvqGRQYQYrgcHCLFoSIArzDcH
         eIgA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g12-v6si8596575plt.294.2018.04.06.08.19.19;
        Fri, 06 Apr 2018 08:19:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752343AbeDFPQf (ORCPT <rfc822;tuxbino@gmail.com> + 99 others);
        Fri, 6 Apr 2018 11:16:35 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:55436 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753930AbeDFN2k (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 6 Apr 2018 09:28:40 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id A7933C24;
        Fri,  6 Apr 2018 13:28:39 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Szymon Janc <szymon.janc@codecoup.pl>,
        Marcel Holtmann <marcel@holtmann.org>
Subject: [PATCH 3.18 55/93] Bluetooth: Fix missing encryption refresh on Security Request
Date:   Fri,  6 Apr 2018 15:23:24 +0200
Message-Id: <20180406084227.307581569@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180406084224.918716300@linuxfoundation.org>
References: <20180406084224.918716300@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Szymon Janc <szymon.janc@codecoup.pl>

commit 64e759f58f128730b97a3c3a26d283c075ad7c86 upstream.

If Security Request is received on connection that is already encrypted
with sufficient security master should perform encryption key refresh
procedure instead of just ignoring Slave Security Request
(Core Spec 5.0 Vol 3 Part H 2.4.6).

> ACL Data RX: Handle 3585 flags 0x02 dlen 6
      SMP: Security Request (0x0b) len 1
        Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
        Handle: 3585
        Random number: 0x0000000000000000
        Encrypted diversifier: 0x0000
        Long term key: 44264272a5c426a9e868f034cf0e69f3
> HCI Event: Command Status (0x0f) plen 4
      LE Start Encryption (0x08|0x0019) ncmd 1
        Status: Success (0x00)
> HCI Event: Encryption Key Refresh Complete (0x30) plen 3
        Status: Success (0x00)
        Handle: 3585

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bluetooth/smp.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1178,8 +1178,14 @@ static u8 smp_cmd_security_req(struct l2
 	else
 		sec_level = authreq_to_seclevel(auth);
 
-	if (smp_sufficient_security(hcon, sec_level))
+	if (smp_sufficient_security(hcon, sec_level)) {
+		/* If link is already encrypted with sufficient security we
+		 * still need refresh encryption as per Core Spec 5.0 Vol 3,
+		 * Part H 2.4.6
+		 */
+		smp_ltk_encrypt(conn, hcon->sec_level);
 		return 0;
+	}
 
 	if (sec_level > hcon->pending_sec_level)
 		hcon->pending_sec_level = sec_level;