diff mbox series

[v2,1/5] Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL

Message ID 20230804001115.907885-1-luiz.dentz@gmail.com (mailing list archive)
State Accepted
Commit 0e4cdf2f6122b47e2a3776c0c2d696cb5ec62c06
Headers show
Series [v2,1/5] Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success

Commit Message

Luiz Augusto von Dentz Aug. 4, 2023, 12:11 a.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When sending HCI_OP_CREATE_CONN_CANCEL it shall Wait for
HCI_EV_CONN_COMPLETE, not HCI_EV_CMD_STATUS, when the reason is
anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is used when
suspending or powering off, where we don't want to wait for the peer's
response.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/hci_sync.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

Comments

bluez.test.bot@gmail.com Aug. 4, 2023, 12:51 a.m. UTC | #1 
This is an automated email and please do not reply to this email.

Dear Submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.

----- Output -----

error: patch failed: net/bluetooth/hci_sync.c:5389
error: net/bluetooth/hci_sync.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch

Please resolve the issue and submit the patches again.


---
Regards,
Linux Bluetooth
patchwork-bot+bluetooth@kernel.org Aug. 4, 2023, 10:50 p.m. UTC | #2 
Hello:

This series was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Thu,  3 Aug 2023 17:11:11 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> When sending HCI_OP_CREATE_CONN_CANCEL it shall Wait for
> HCI_EV_CONN_COMPLETE, not HCI_EV_CMD_STATUS, when the reason is
> anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is used when
> suspending or powering off, where we don't want to wait for the peer's
> response.
> 
> [...]

Here is the summary with links:
  - [v2,1/5] Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL
    https://git.kernel.org/bluetooth/bluetooth-next/c/0e4cdf2f6122
  - [v2,2/5] Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
    https://git.kernel.org/bluetooth/bluetooth-next/c/bdc83c443c30
  - [v2,3/5] Bluetooth: ISO: Fix not checking for valid CIG/CIS IDs
    https://git.kernel.org/bluetooth/bluetooth-next/c/e5ab05c24643
  - [v2,4/5] Bluetooth: hci_conn: Fix modifying handle while aborting
    (no matching commit)
  - [v2,5/5] Bluetooth: hci_conn: Fix not allowing valid CIS ID
    https://git.kernel.org/bluetooth/bluetooth-next/c/90b1f9ebdea4

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index e114409628d1..a9b048d7b419 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5321,6 +5321,17 @@  static int hci_connect_cancel_sync(struct hci_dev *hdev, struct hci_conn *conn,
 	if (hdev->hci_ver < BLUETOOTH_VER_1_2)
 		return 0;
 
+	/* Wait for HCI_EV_CONN_COMPLETE, not HCI_EV_CMD_STATUS, when the
+	 * reason is anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is
+	 * used when suspending or powering off, where we don't want to wait
+	 * for the peer's response.
+	 */
+	if (reason != HCI_ERROR_REMOTE_POWER_OFF)
+		return __hci_cmd_sync_status_sk(hdev, HCI_OP_CREATE_CONN_CANCEL,
+						6, &conn->dst,
+						HCI_EV_CONN_COMPLETE,
+						HCI_CMD_TIMEOUT, NULL);
+
 	return __hci_cmd_sync_status(hdev, HCI_OP_CREATE_CONN_CANCEL,
 				     6, &conn->dst, HCI_CMD_TIMEOUT);
 }