Re: bug? kernel does not send HCI Create Connection Cancel Command on shutdown() or close() of a connecting rfcomm socket

[Nick Pelly <npelly@google.com>]

[-- Attachment #1: Type: text/plain, Size: 971 bytes --]

On Mon, Jul 13, 2009 at 2:27 PM, Luiz Augusto von
Dentz<luiz.dentz@gmail.com> wrote:
> Hi Nick,
>
> On Mon, Jul 13, 2009 at 12:46 PM, Nick Pelly<npelly@google.com> wrote:
>> Any comments on this patch?
>>
>> It works for me, but my understanding of the RFCOMM state machine is naive.
>>
>
> iirc BT_CONFIG(PN frame) means the DLC is being configured than we got
> into connecting phase (BT_CONNECT) and send SABM frame. Only when
> receiving UA frame DLC is consider connected (BT_CONNECTED), so your
> patch seems good by assuming that we don't need to send a DISC for a
> DLC not connected. But there is still a good use for it to cancel the
> DLC connection attempt, so perhaps a better alternative would be to
> use a much shorter timeout in those cases.

Thanks for the advice.

I have prepared a new patch which uses a very short timeout (10ms) on
the DLC disconnect when in BT_CONFIG. I have tested this patch and it
also resolves the issue. Patch attached.

Nick

[-- Attachment #2: 0001-Bluetooth-Use-a-very-short-timeout-for-dlci-disconne.patch --]
[-- Type: text/x-patch, Size: 2434 bytes --]

From 80bc07e9703e4303f04c26158b096bcbd00fd665 Mon Sep 17 00:00:00 2001
From: Nick Pelly <npelly@google.com>
Date: Tue, 14 Jul 2009 07:57:54 -0700
Subject: [PATCH] Bluetooth: Use a very short timeout for dlci disconnect when in BT_CONFIG.

This fixes a bug where shutdown() and close() on a rfcomm socket during ACL
connection would not cause HCI Create Connection Cancel.

Signed-off-by: Nick Pelly <npelly@google.com>
---
 include/net/bluetooth/rfcomm.h |    7 ++++---
 net/bluetooth/rfcomm/core.c    |   10 +++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
index 8007261..eeb3ffa 100644
--- a/include/net/bluetooth/rfcomm.h
+++ b/include/net/bluetooth/rfcomm.h
@@ -26,9 +26,10 @@
 
 #define RFCOMM_PSM 3
 
-#define RFCOMM_CONN_TIMEOUT (HZ * 30)
-#define RFCOMM_DISC_TIMEOUT (HZ * 20)
-#define RFCOMM_AUTH_TIMEOUT (HZ * 25)
+#define RFCOMM_CONN_TIMEOUT 		(HZ * 30)
+#define RFCOMM_DISC_TIMEOUT 		(HZ * 20)
+#define RFCOMM_AUTH_TIMEOUT 		(HZ * 25)
+#define RFCOMM_CONFIG_DISC_TIMEOUT 	(HZ / 100)
 
 #define RFCOMM_DEFAULT_MTU	127
 #define RFCOMM_DEFAULT_CREDITS	7
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 1d0fb0f..476d856 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -419,6 +419,7 @@ int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 chann
 
 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
 {
+	long timeout = RFCOMM_DISC_TIMEOUT;
 	struct rfcomm_session *s = d->session;
 	if (!s)
 		return 0;
@@ -427,8 +428,11 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
 			d, d->state, d->dlci, err, s);
 
 	switch (d->state) {
-	case BT_CONNECT:
 	case BT_CONFIG:
+		timeout = RFCOMM_CONFIG_DISC_TIMEOUT;
+		/* Fall-through */
+
+	case BT_CONNECT:
 		if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
 			set_bit(RFCOMM_AUTH_REJECT, &d->flags);
 			rfcomm_schedule(RFCOMM_SCHED_AUTH);
@@ -440,10 +444,10 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
 		d->state = BT_DISCONN;
 		if (skb_queue_empty(&d->tx_queue)) {
 			rfcomm_send_disc(s, d->dlci);
-			rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
+			rfcomm_dlc_set_timer(d, timeout);
 		} else {
 			rfcomm_queue_disc(d);
-			rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
+			rfcomm_dlc_set_timer(d, timeout * 2);
 		}
 		break;
 
-- 
1.6.3.1