Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3758452pxk;
        Tue, 29 Sep 2020 05:41:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwQYOBUdNhsAMZ3qffYrmVYQaW9PDTMhFOQX7h4ahe9BKHKeLxFyOp7KPdMrd6o31yeDCJp
X-Received: by 2002:a17:906:3913:: with SMTP id f19mr3863839eje.83.1601383266053;
        Tue, 29 Sep 2020 05:41:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1601383266; cv=none;
        d=google.com; s=arc-20160816;
        b=VEZGcIojquCJg/fzWs4zGvbw6HhahNb+4Mx2IJxkfQKIOXkEeL68H+ffJFva+VEIIh
         fnclWz4SM1KJHeiz25ehR+q+ILtb18q3ykuyIjGHyk+Egz26U4SGyhY0wMbhciE3YQGj
         u9WJnzdOZIlKMR9g0pQqB0PbDjQzfj/EsXE8Uvs2Y45MnMur+DKEku2o9xAxmlBe4ZeU
         n96NHqnEpxry1ClOFBm5EFGxg0rMmnpTOG52PC5DfSlDnEsgaV5rpVcQh6c6g8h21rpN
         sBVNi7eMHejksnpqGcZL0oHnl6N6gE7iJtZmfMIxr0vxUSISTjnvGrbLvPwBVnsAMCi8
         J58A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=avkaEvEThHVGxJu8X70gCESDdgKGBNqXlK6KTzPKQ0w=;
        b=fnVOTK9LIZyK9GleJQsJ3e7aF6VNaHj88BhDL3fKhwP9LJVLY6dEkA36ZanJWDtIOl
         P81I2uFvGIKCHtItKDnOEviwtRyiGORV4OrgMs8Mg2UaahQ7og7eU5ymF2lezHL3M5R5
         /4sF86V65fmFOSvY+OOhRh6dxYG7PgwBALm5L9z3zmPc6H97LHrM7mJuERnHkJ54y15t
         YNiwaTw4voig1VFt3CzVbHiKmk2O7IZie/8fCbNPnNGQNiMIIOTV938L4H6B+rJTx75F
         hc8jd0w8B5UshwZo84TSHg8618Qr2olpJhzNVdx7RLfHdP1VGLhXBbaSRVeW9lhLr1Kv
         iG0w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=DNp4QTAU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k1si2855415edx.88.2020.09.29.05.40.43;
        Tue, 29 Sep 2020 05:41:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=DNp4QTAU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733239AbgI2MiQ (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Tue, 29 Sep 2020 08:38:16 -0400
Received: from mail.kernel.org ([198.145.29.99]:34396 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729479AbgI2LRc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 Sep 2020 07:17:32 -0400
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 5E0DC206A5;
        Tue, 29 Sep 2020 11:17:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1601378252;
        bh=u9c61BB/SYikuE4euw2IsfCpiyy5RJgPbFEEYfWkLUY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=DNp4QTAU7TXnRdXtA4uvJwZOU+ufKZXksc1OQc5Yx0gq05v3Lk5tkTTtJscXyOUZV
         scigH/wQV2mMUHjHLoFUgi9mGBY7hma9Uuw0lyI38d0E4/PKFiGiZG1gXi9aUwt/qP
         n9wU9rt0vVLl/I76g7Iwko01PEeG3qJ3oAXdc+Go=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sonny Sasaka <sonnysasaka@chromium.org>,
        Marcel Holtmann <marcel@holtmann.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 114/166] Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
Date:   Tue, 29 Sep 2020 13:00:26 +0200
Message-Id: <20200929105940.888925817@linuxfoundation.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200929105935.184737111@linuxfoundation.org>
References: <20200929105935.184737111@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sonny Sasaka <sonnysasaka@chromium.org>

[ Upstream commit adf1d6926444029396861413aba8a0f2a805742a ]

After sending Inquiry Cancel command to the controller, it is possible
that Inquiry Complete event comes before Inquiry Cancel command complete
event. In this case the Inquiry Cancel command will have status of
Command Disallowed since there is no Inquiry session to be cancelled.
This case should not be treated as error, otherwise we can reach an
inconsistent state.

Example of a btmon trace when this happened:

< HCI Command: Inquiry Cancel (0x01|0x0002) plen 0
> HCI Event: Inquiry Complete (0x01) plen 1
        Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4
      Inquiry Cancel (0x01|0x0002) ncmd 1
        Status: Command Disallowed (0x0c)

Signed-off-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bluetooth/hci_event.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1d2f439043669..587b674bbcd64 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -41,12 +41,27 @@
 
 /* Handle HCI Event packets */
 
-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
+static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
+				  u8 *new_status)
 {
 	__u8 status = *((__u8 *) skb->data);
 
 	BT_DBG("%s status 0x%2.2x", hdev->name, status);
 
+	/* It is possible that we receive Inquiry Complete event right
+	 * before we receive Inquiry Cancel Command Complete event, in
+	 * which case the latter event should have status of Command
+	 * Disallowed (0x0c). This should not be treated as error, since
+	 * we actually achieve what Inquiry Cancel wants to achieve,
+	 * which is to end the last Inquiry session.
+	 */
+	if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
+		bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
+		status = 0x00;
+	}
+
+	*new_status = status;
+
 	if (status)
 		return;
 
@@ -2772,7 +2787,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
 
 	switch (*opcode) {
 	case HCI_OP_INQUIRY_CANCEL:
-		hci_cc_inquiry_cancel(hdev, skb);
+		hci_cc_inquiry_cancel(hdev, skb, status);
 		break;
 
 	case HCI_OP_PERIODIC_INQ:
-- 
2.25.1