Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3703719pxk;
        Tue, 29 Sep 2020 04:15:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxheuDpTqDMZa8sorJOqnTbR17BxfE45jobXiSATTn008UuJt/NenO7QpLxnb9XwpoRnYWj
X-Received: by 2002:a05:6402:142c:: with SMTP id c12mr2745682edx.41.1601378141161;
        Tue, 29 Sep 2020 04:15:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1601378141; cv=none;
        d=google.com; s=arc-20160816;
        b=QSlhDGDCRgjKuwCXjnzaTuTFc4sVIJOghGAwUmS9z4ZkA0CslE4sU4r5o2hh722LDg
         0HKr70Y1J5y5rvqb6Vgw6YGuqulDytnBC/MyTnWz2OLwYkBX8cEwJizw+KpXTPPAk4xs
         emEhe6DziEoAdVYgSLKmhI7FqTYOtZBZH6FQ3Q9Nc2TlXr0sTVh+M3YlXTGVlc0wyvnz
         yRgn2twrn9X6BTzRbXE+lcePvqa9TryUY6unG5ro38qN2AG14a3C6vN1yGWYbxiA3uXM
         +0e9oTrcf1+a9Zyuwg9802frBht3xU7XUmhoSalHYkwlScNRbM2Hg0s1noWNjZlofWDM
         AaDQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=nQzVFjwWb0GptouAacs1trMfZTusYKMC+SV/GXcUJq0=;
        b=dXXGHKMrbY6kDZr7LIFz+Sm6Bm+weWj87o+k/RW0zjIm/e9/Ngd72S/7crUz1cgCr8
         8L5BOH2V5vwZH7kqvCINrWXES5nqd8ug7gas2IXgLGUramZkoeFapBIpnM4+R7arS+MF
         AfgaQ/xJ7u+n+tqF+zC2cPdClqUSht6vgxoKH3THSfjQA1F0mXhCgQRshcOuo0E0Xf9X
         J3tZFxr7ih/RFFQy/mH9Br5+5iu68yFqywODBVf2a9K/ZmMOOL1CiD/GezckQJLoNSrz
         ic34MG2fZAuOOyTKzJFWtyse4JOIvmxsjZsdCxVKjqxm4GaoDGiJHKM6hbvZCI+ltVGL
         rvhg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=bGrM2ooB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lu5si2402715ejb.377.2020.09.29.04.15.18;
        Tue, 29 Sep 2020 04:15:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=bGrM2ooB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729215AbgI2LLF (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Tue, 29 Sep 2020 07:11:05 -0400
Received: from mail.kernel.org ([198.145.29.99]:51576 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728403AbgI2LKj (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 Sep 2020 07:10:39 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 758B42158C;
        Tue, 29 Sep 2020 11:10:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1601377838;
        bh=I9bS6SkRc7TyTmXyDzVNh/4sq7YSRbmQQLhzA2EijBw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=bGrM2ooBSiivRLW24uVEEXrAUQk+yz6skls4WkLRT/cCF1/3ge/TS9uQu7RCveLxd
         4849jM91uVcR8JzhHoXd1LcPSTYIfwHODkrEbsW8S6fQ4bZHzpCpm2hfUIh0Revmuj
         TThdyirKrMMBzoeG8B3whTt5OL/ZQ4RFdJ9DU5z8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sonny Sasaka <sonnysasaka@chromium.org>,
        Marcel Holtmann <marcel@holtmann.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 083/121] Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
Date:   Tue, 29 Sep 2020 13:00:27 +0200
Message-Id: <20200929105934.294458239@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200929105930.172747117@linuxfoundation.org>
References: <20200929105930.172747117@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sonny Sasaka <sonnysasaka@chromium.org>

[ Upstream commit adf1d6926444029396861413aba8a0f2a805742a ]

After sending Inquiry Cancel command to the controller, it is possible
that Inquiry Complete event comes before Inquiry Cancel command complete
event. In this case the Inquiry Cancel command will have status of
Command Disallowed since there is no Inquiry session to be cancelled.
This case should not be treated as error, otherwise we can reach an
inconsistent state.

Example of a btmon trace when this happened:

< HCI Command: Inquiry Cancel (0x01|0x0002) plen 0
> HCI Event: Inquiry Complete (0x01) plen 1
        Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4
      Inquiry Cancel (0x01|0x0002) ncmd 1
        Status: Command Disallowed (0x0c)

Signed-off-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bluetooth/hci_event.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 700a2eb161490..d6da119f5082e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -41,12 +41,27 @@
 
 /* Handle HCI Event packets */
 
-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
+static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
+				  u8 *new_status)
 {
 	__u8 status = *((__u8 *) skb->data);
 
 	BT_DBG("%s status 0x%2.2x", hdev->name, status);
 
+	/* It is possible that we receive Inquiry Complete event right
+	 * before we receive Inquiry Cancel Command Complete event, in
+	 * which case the latter event should have status of Command
+	 * Disallowed (0x0c). This should not be treated as error, since
+	 * we actually achieve what Inquiry Cancel wants to achieve,
+	 * which is to end the last Inquiry session.
+	 */
+	if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
+		bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
+		status = 0x00;
+	}
+
+	*new_status = status;
+
 	if (status)
 		return;
 
@@ -2772,7 +2787,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
 
 	switch (*opcode) {
 	case HCI_OP_INQUIRY_CANCEL:
-		hci_cc_inquiry_cancel(hdev, skb);
+		hci_cc_inquiry_cancel(hdev, skb, status);
 		break;
 
 	case HCI_OP_PERIODIC_INQ:
-- 
2.25.1