From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sonny Sasaka <sonnysasaka@chromium.org>,
Marcel Holtmann <marcel@holtmann.org>,
Sasha Levin <sashal@kernel.org>,
linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 261/330] Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
Date: Thu, 17 Sep 2020 22:00:01 -0400 [thread overview]
Message-ID: <20200918020110.2063155-261-sashal@kernel.org> (raw)
In-Reply-To: <20200918020110.2063155-1-sashal@kernel.org>
From: Sonny Sasaka <sonnysasaka@chromium.org>
[ Upstream commit adf1d6926444029396861413aba8a0f2a805742a ]
After sending Inquiry Cancel command to the controller, it is possible
that Inquiry Complete event comes before Inquiry Cancel command complete
event. In this case the Inquiry Cancel command will have status of
Command Disallowed since there is no Inquiry session to be cancelled.
This case should not be treated as error, otherwise we can reach an
inconsistent state.
Example of a btmon trace when this happened:
< HCI Command: Inquiry Cancel (0x01|0x0002) plen 0
> HCI Event: Inquiry Complete (0x01) plen 1
Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4
Inquiry Cancel (0x01|0x0002) ncmd 1
Status: Command Disallowed (0x0c)
Signed-off-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1bbeb14b8b64e..fd436e5d7b542 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -41,12 +41,27 @@
/* Handle HCI Event packets */
-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
+static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
+ u8 *new_status)
{
__u8 status = *((__u8 *) skb->data);
BT_DBG("%s status 0x%2.2x", hdev->name, status);
+ /* It is possible that we receive Inquiry Complete event right
+ * before we receive Inquiry Cancel Command Complete event, in
+ * which case the latter event should have status of Command
+ * Disallowed (0x0c). This should not be treated as error, since
+ * we actually achieve what Inquiry Cancel wants to achieve,
+ * which is to end the last Inquiry session.
+ */
+ if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
+ bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
+ status = 0x00;
+ }
+
+ *new_status = status;
+
if (status)
return;
@@ -3142,7 +3157,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
switch (*opcode) {
case HCI_OP_INQUIRY_CANCEL:
- hci_cc_inquiry_cancel(hdev, skb);
+ hci_cc_inquiry_cancel(hdev, skb, status);
break;
case HCI_OP_PERIODIC_INQ:
--
2.25.1
next prev parent reply other threads:[~2020-09-18 2:57 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200918020110.2063155-1-sashal@kernel.org>
2020-09-18 1:55 ` [PATCH AUTOSEL 5.4 011/330] ath10k: fix array out-of-bounds access Sasha Levin
2020-09-18 1:55 ` [PATCH AUTOSEL 5.4 012/330] ath10k: fix memory leak for tpc_stats_final Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 031/330] net: silence data-races on sk_backlog.tail Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 037/330] ice: Fix to change Rx/Tx ring descriptor size via ethtool with DCBx Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 058/330] mt76: do not use devm API for led classdev Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 059/330] mt76: add missing locking around ampdu action Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 061/330] SUNRPC: Capture completion of all RPC tasks Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 078/330] tipc: fix link overflow issue at socket shutdown Sasha Levin
2020-09-18 1:56 ` [PATCH AUTOSEL 5.4 079/330] vcc_seq_next should increase position index Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 080/330] neigh_stat_seq_next() " Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 081/330] rt_cpu_seq_next " Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 082/330] ipv6_route_seq_next " Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 090/330] sctp: move trace_sctp_probe_path into sctp_outq_sack Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 107/330] ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 111/330] Bluetooth: Fix refcount use-after-free issue Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 114/330] Bluetooth: prefetch channel before killing sock Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 117/330] skbuff: fix a data race in skb_queue_len() Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 129/330] mt76: clear skb pointers from rx aggregation reorder buffer during cleanup Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 130/330] mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw Sasha Levin
2020-09-18 1:57 ` [PATCH AUTOSEL 5.4 139/330] bpf: Remove recursion prevention from rcu free callback Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 145/330] iavf: use tc_cls_can_offload_and_chain0() instead of chain check Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 151/330] Bluetooth: guard against controllers sending zero'd events Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 166/330] ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 168/330] Bluetooth: L2CAP: handle l2cap config request during open state Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 189/330] r8169: improve RTL8168b FIFO overflow workaround Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 194/330] net: axienet: Convert DMA error handler to a work queue Sasha Levin
2020-09-18 1:58 ` [PATCH AUTOSEL 5.4 195/330] net: axienet: Propagate failure of DMA descriptor setup Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 208/330] brcmfmac: Fix double freeing in the fmac usb data path Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 213/330] SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 214/330] svcrdma: Fix leak of transport addresses Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 215/330] netfilter: nf_tables: silence a RCU-list warning in nft_table_lookup() Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 229/330] SUNRPC: Don't start a timer on an already queued rpc task Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 244/330] net: openvswitch: use u64 for meter bucket Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 250/330] dpaa2-eth: fix error return code in setup_dpni() Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 252/330] devlink: Fix reporter's recovery condition Sasha Levin
2020-09-18 1:59 ` [PATCH AUTOSEL 5.4 253/330] atm: fix a memory leak of vcc->user_back Sasha Levin
2020-09-18 2:00 ` Sasha Levin [this message]
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 264/330] tipc: fix memory leak in service subscripting Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 271/330] svcrdma: Fix backchannel return code Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 280/330] e1000: Do not perform reset in reset_task if we are already down Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 296/330] perf metricgroup: Free metric_events on error Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 300/330] wlcore: fix runtime pm imbalance in wl1271_tx_work Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 301/330] wlcore: fix runtime pm imbalance in wlcore_regdomain_config Sasha Levin
2020-09-18 2:00 ` [PATCH AUTOSEL 5.4 315/330] mac80211: skip mpath lookup also for control port tx Sasha Levin
2020-09-18 2:01 ` [PATCH AUTOSEL 5.4 324/330] mt76: fix LED link time failure Sasha Levin
2020-09-18 2:01 ` [PATCH AUTOSEL 5.4 329/330] net: openvswitch: use div_u64() for 64-by-32 divisions Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200918020110.2063155-261-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=sonnysasaka@chromium.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).