From 2065ba48f2cace4f42fcb7a23f60a2ae67081946 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Apr 20 2023 11:00:29 +0000 Subject: Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (bsc#1012628). --- diff --git a/patches.kernel.org/6.2.12-056-Bluetooth-hci_conn-Fix-not-cleaning-up-on-LE-C.patch b/patches.kernel.org/6.2.12-056-Bluetooth-hci_conn-Fix-not-cleaning-up-on-LE-C.patch new file mode 100644 index 0000000..128538b --- /dev/null +++ b/patches.kernel.org/6.2.12-056-Bluetooth-hci_conn-Fix-not-cleaning-up-on-LE-C.patch @@ -0,0 +1,120 @@ +From: Luiz Augusto von Dentz +Date: Fri, 24 Mar 2023 10:57:55 -0700 +Subject: [PATCH] Bluetooth: hci_conn: Fix not cleaning up on LE Connection + failure +References: bsc#1012628 +Patch-mainline: 6.2.12 +Git-commit: 19cf60bf63cbaf5262eac400c707966e19999b83 + +[ Upstream commit 19cf60bf63cbaf5262eac400c707966e19999b83 ] + +hci_connect_le_scan_cleanup shall always be invoked to cleanup the +states and re-enable passive scanning if necessary, otherwise it may +cause the pending action to stay active causing multiple attempts to +connect. + +Fixes: 9b3628d79b46 ("Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted") +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Sasha Levin +Signed-off-by: Jiri Slaby +--- + net/bluetooth/hci_conn.c | 52 +++++++++++++++++++--------------------- + 1 file changed, 24 insertions(+), 28 deletions(-) + +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c +index 17baea2b..6fbc1fe7 100644 +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -68,7 +68,7 @@ static const struct sco_param esco_param_msbc[] = { + }; + + /* This function requires the caller holds hdev->lock */ +-static void hci_connect_le_scan_cleanup(struct hci_conn *conn) ++static void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status) + { + struct hci_conn_params *params; + struct hci_dev *hdev = conn->hdev; +@@ -88,9 +88,28 @@ static void hci_connect_le_scan_cleanup(struct hci_conn *conn) + + params = hci_pend_le_action_lookup(&hdev->pend_le_conns, bdaddr, + bdaddr_type); +- if (!params || !params->explicit_connect) ++ if (!params) + return; + ++ if (params->conn) { ++ hci_conn_drop(params->conn); ++ hci_conn_put(params->conn); ++ params->conn = NULL; ++ } ++ ++ if (!params->explicit_connect) ++ return; ++ ++ /* If the status indicates successful cancellation of ++ * the attempt (i.e. Unknown Connection Id) there's no point of ++ * notifying failure since we'll go back to keep trying to ++ * connect. The only exception is explicit connect requests ++ * where a timeout + cancel does indicate an actual failure. ++ */ ++ if (status && status != HCI_ERROR_UNKNOWN_CONN_ID) ++ mgmt_connect_failed(hdev, &conn->dst, conn->type, ++ conn->dst_type, status); ++ + /* The connection attempt was doing scan for new RPA, and is + * in scan phase. If params are not associated with any other + * autoconnect action, remove them completely. If they are, just unmark +@@ -178,7 +197,7 @@ static void le_scan_cleanup(struct work_struct *work) + rcu_read_unlock(); + + if (c == conn) { +- hci_connect_le_scan_cleanup(conn); ++ hci_connect_le_scan_cleanup(conn, 0x00); + hci_conn_cleanup(conn); + } + +@@ -1191,31 +1210,8 @@ EXPORT_SYMBOL(hci_get_route); + static void hci_le_conn_failed(struct hci_conn *conn, u8 status) + { + struct hci_dev *hdev = conn->hdev; +- struct hci_conn_params *params; + +- params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, +- conn->dst_type); +- if (params && params->conn) { +- hci_conn_drop(params->conn); +- hci_conn_put(params->conn); +- params->conn = NULL; +- } +- +- /* If the status indicates successful cancellation of +- * the attempt (i.e. Unknown Connection Id) there's no point of +- * notifying failure since we'll go back to keep trying to +- * connect. The only exception is explicit connect requests +- * where a timeout + cancel does indicate an actual failure. +- */ +- if (status != HCI_ERROR_UNKNOWN_CONN_ID || +- (params && params->explicit_connect)) +- mgmt_connect_failed(hdev, &conn->dst, conn->type, +- conn->dst_type, status); +- +- /* Since we may have temporarily stopped the background scanning in +- * favor of connection establishment, we should restart it. +- */ +- hci_update_passive_scan(hdev); ++ hci_connect_le_scan_cleanup(conn, status); + + /* Enable advertising in case this was a failed connection + * attempt as a peripheral. +@@ -1252,7 +1248,7 @@ static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err) + hci_dev_lock(hdev); + + if (!err) { +- hci_connect_le_scan_cleanup(conn); ++ hci_connect_le_scan_cleanup(conn, 0x00); + goto done; + } + +-- +2.35.3 + diff --git a/series.conf b/series.conf index 287048b..067f766 100644 --- a/series.conf +++ b/series.conf @@ -2283,6 +2283,7 @@ patches.kernel.org/6.2.12-053-iavf-refactor-VLAN-filter-states.patch patches.kernel.org/6.2.12-054-iavf-remove-active_cvlans-and-active_svlans-bi.patch patches.kernel.org/6.2.12-055-net-openvswitch-fix-race-on-port-output.patch + patches.kernel.org/6.2.12-056-Bluetooth-hci_conn-Fix-not-cleaning-up-on-LE-C.patch ######################################################## # Build fixes that apply to the vanilla kernel too.