Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp874715pxk; Thu, 17 Sep 2020 19:59:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzRxeYo4vp0CaoFSQGgvyjyzYDjqr2tJ3cVzbrBB840dHTL3vbUUWRIp66K/NTlQ2dhq5Wl X-Received: by 2002:a17:907:2141:: with SMTP id rk1mr33575686ejb.256.1600397984185; Thu, 17 Sep 2020 19:59:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600397984; cv=none; d=google.com; s=arc-20160816; b=mcFyOVtoipn1ukHLPyDFc2ly9IeTRDc7y+fJjdSv5hP6rv4T8DQZg2Q3AZVP/ImuLO fj7bOiiB+Qo3PC6hTcEulxcvwH6CnkXYuLWNvootMu0ieOSTkb1Lv2YoCd4ruI32y6k/ UVz3Cez7hzgU63gxfqY26CK9j79alSnOwHzHQrcBuhFocebjrLLhVBzL4OZvFa7nkRuc CG9IgdHziU/pIWSgJ9c+xOfj37OKAhHbyUboF/D7fJEevEmz84iR2tNclpE2E+j0aeHD WEZVwSWJXfHwiGbA3x94vWqStYELqIpFqnWc1QRDB0GbKCgEUPoIuXFcK/tdau9uToZP VYzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=G9VRMwUTCWHfODhuNRtR/KsZfDRkPkOHDcB7c13vISU=; b=N/aMW2H+PSCCk6nxJI7kyB1tYBCgw2aNeoHgT5wRYQeKmBz0Lg3539fHEmPknyG/D8 kFQRbUa634SyrDEKVRZRMkJ0zUzCPuvURzsHK+OZM11RUMZvHxHEahGRx9GM19nGdqv5 Kx7RLBiNHltjxwD432iYAkoLk6PPsw4I4QFQ/encQJit2HbGKMEPZwWj+gNDdCsTDJ5N wShs5TZX/TJTPLvx6UyyeG1Zw8gov1+HwN+0Z5rsKRUuda8LbhHooI2LLh/ViBYvLLyh xfOO5KK0VWzFvoB9zYNaxiVd1+YQFUy/6bw8f/Gb5rwyOLlK7p93NddaTp4tYty3Y3iG iXLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D5oXv4aU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k15si1312606eji.77.2020.09.17.19.59.21; Thu, 17 Sep 2020 19:59:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D5oXv4aU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727868AbgIRC5c (ORCPT + 99 others); Thu, 17 Sep 2020 22:57:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:55196 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727771AbgIRCGc (ORCPT ); Thu, 17 Sep 2020 22:06:32 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3FD92239EC; Fri, 18 Sep 2020 02:06:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600394791; bh=RK3AbwBa2NgsAA07P5kgrjrF7BKAX7Rf4zov5MVkw7w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D5oXv4aUH36AbIwIB4WhEZN2HcQV3/56lwZMs1JlnssLDbHwtWSXYjJ9p0J5MOnMD KrxcBkdpSnAbqE4uonz0evrl3ShykEGnKqZSz+DdDb7CVYfxKe7sVgNxTgz6racKbW uc+LrntZ905fWeZ2AvQymgqqIE/yOG+NMk4bWvDA= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sonny Sasaka , Marcel Holtmann , Sasha Levin , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 261/330] Bluetooth: Handle Inquiry Cancel error after Inquiry Complete Date: Thu, 17 Sep 2020 22:00:01 -0400 Message-Id: <20200918020110.2063155-261-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200918020110.2063155-1-sashal@kernel.org> References: <20200918020110.2063155-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sonny Sasaka [ Upstream commit adf1d6926444029396861413aba8a0f2a805742a ] After sending Inquiry Cancel command to the controller, it is possible that Inquiry Complete event comes before Inquiry Cancel command complete event. In this case the Inquiry Cancel command will have status of Command Disallowed since there is no Inquiry session to be cancelled. This case should not be treated as error, otherwise we can reach an inconsistent state. Example of a btmon trace when this happened: < HCI Command: Inquiry Cancel (0x01|0x0002) plen 0 > HCI Event: Inquiry Complete (0x01) plen 1 Status: Success (0x00) > HCI Event: Command Complete (0x0e) plen 4 Inquiry Cancel (0x01|0x0002) ncmd 1 Status: Command Disallowed (0x0c) Signed-off-by: Sonny Sasaka Signed-off-by: Marcel Holtmann Signed-off-by: Sasha Levin --- net/bluetooth/hci_event.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 1bbeb14b8b64e..fd436e5d7b542 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -41,12 +41,27 @@ /* Handle HCI Event packets */ -static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) +static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb, + u8 *new_status) { __u8 status = *((__u8 *) skb->data); BT_DBG("%s status 0x%2.2x", hdev->name, status); + /* It is possible that we receive Inquiry Complete event right + * before we receive Inquiry Cancel Command Complete event, in + * which case the latter event should have status of Command + * Disallowed (0x0c). This should not be treated as error, since + * we actually achieve what Inquiry Cancel wants to achieve, + * which is to end the last Inquiry session. + */ + if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) { + bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command"); + status = 0x00; + } + + *new_status = status; + if (status) return; @@ -3142,7 +3157,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb, switch (*opcode) { case HCI_OP_INQUIRY_CANCEL: - hci_cc_inquiry_cancel(hdev, skb); + hci_cc_inquiry_cancel(hdev, skb, status); break; case HCI_OP_PERIODIC_INQ: -- 2.25.1