stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Sonny Sasaka <sonnysasaka@chromium.org>,
	Marcel Holtmann <marcel@holtmann.org>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 083/121] Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
Date: Tue, 29 Sep 2020 13:00:27 +0200	[thread overview]
Message-ID: <20200929105934.294458239@linuxfoundation.org> (raw)
In-Reply-To: <20200929105930.172747117@linuxfoundation.org>

From: Sonny Sasaka <sonnysasaka@chromium.org>

[ Upstream commit adf1d6926444029396861413aba8a0f2a805742a ]

After sending Inquiry Cancel command to the controller, it is possible
that Inquiry Complete event comes before Inquiry Cancel command complete
event. In this case the Inquiry Cancel command will have status of
Command Disallowed since there is no Inquiry session to be cancelled.
This case should not be treated as error, otherwise we can reach an
inconsistent state.

Example of a btmon trace when this happened:

< HCI Command: Inquiry Cancel (0x01|0x0002) plen 0
> HCI Event: Inquiry Complete (0x01) plen 1
        Status: Success (0x00)
> HCI Event: Command Complete (0x0e) plen 4
      Inquiry Cancel (0x01|0x0002) ncmd 1
        Status: Command Disallowed (0x0c)

Signed-off-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/bluetooth/hci_event.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 700a2eb161490..d6da119f5082e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -41,12 +41,27 @@
 
 /* Handle HCI Event packets */
 
-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
+static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb,
+				  u8 *new_status)
 {
 	__u8 status = *((__u8 *) skb->data);
 
 	BT_DBG("%s status 0x%2.2x", hdev->name, status);
 
+	/* It is possible that we receive Inquiry Complete event right
+	 * before we receive Inquiry Cancel Command Complete event, in
+	 * which case the latter event should have status of Command
+	 * Disallowed (0x0c). This should not be treated as error, since
+	 * we actually achieve what Inquiry Cancel wants to achieve,
+	 * which is to end the last Inquiry session.
+	 */
+	if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) {
+		bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command");
+		status = 0x00;
+	}
+
+	*new_status = status;
+
 	if (status)
 		return;
 
@@ -2772,7 +2787,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
 
 	switch (*opcode) {
 	case HCI_OP_INQUIRY_CANCEL:
-		hci_cc_inquiry_cancel(hdev, skb);
+		hci_cc_inquiry_cancel(hdev, skb, status);
 		break;
 
 	case HCI_OP_PERIODIC_INQ:
-- 
2.25.1




  parent reply	other threads:[~2020-09-29 11:11 UTC|newest]

Thread overview: 129+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-29 10:59 [PATCH 4.9 000/121] 4.9.238-rc1 review Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 001/121] af_key: pfkey_dump needs parameter validation Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 002/121] KVM: fix memory leak in kvm_io_bus_unregister_dev() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 003/121] kprobes: fix kill kprobe which has been marked as gone Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 004/121] RDMA/ucma: ucma_context reference leak in error path Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 005/121] mtd: Fix comparison in map_word_andequal() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 006/121] hdlc_ppp: add range checks in ppp_cp_parse_cr() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 007/121] ip: fix tos reflection in ack and reset packets Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 008/121] tipc: use skb_unshare() instead in tipc_buf_append() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 009/121] bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 010/121] net: phy: Avoid NPD upon phy_detach() when driver is unbound Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 011/121] net/hsr: Check skb_put_padto() return value Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 012/121] net: add __must_check to skb_put_padto() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 013/121] serial: 8250: Avoid error message on reprobe Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 014/121] scsi: aacraid: fix illegal IO beyond last LBA Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 015/121] m68k: q40: Fix info-leak in rtc_ioctl Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 016/121] gma/gma500: fix a memory disclosure bug due to uninitialized bytes Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 017/121] ASoC: kirkwood: fix IRQ error handling Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 018/121] ALSA: usb-audio: Add delay quirk for H570e USB headsets Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 019/121] PM / devfreq: tegra30: Fix integer overflow on CPUs freq max out Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 020/121] clk/ti/adpll: allocate room for terminating null Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 021/121] mtd: cfi_cmdset_0002: dont free cfi->cfiq in error path of cfi_amdstd_setup() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 022/121] mfd: mfd-core: Protect against NULL call-back function pointer Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 023/121] tracing: Adding NULL checks for trace_array descriptor pointer Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 024/121] bcache: fix a lost wake-up problem caused by mca_cannibalize_lock Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 025/121] RDMA/i40iw: Fix potential use after free Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 026/121] xfs: fix attr leaf header freemap.size underflow Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 027/121] RDMA/iw_cgxb4: Fix an error handling path in c4iw_connect() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 028/121] debugfs: Fix !DEBUG_FS debugfs_create_automount Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 029/121] CIFS: Properly process SMB3 lease breaks Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 030/121] kernel/sys.c: avoid copying possible padding bytes in copy_to_user Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 031/121] neigh_stat_seq_next() should increase position index Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 032/121] rt_cpu_seq_next " Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 033/121] seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 034/121] media: ti-vpe: cal: Restrict DMA to avoid memory corruption Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 035/121] ACPI: EC: Reference count query handlers under lock Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 036/121] dmaengine: zynqmp_dma: fix burst length configuration Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 037/121] tracing: Set kernel_stacks caller size properly Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 038/121] ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 039/121] Bluetooth: Fix refcount use-after-free issue Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 040/121] mm: pagewalk: fix termination condition in walk_pte_range() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 041/121] Bluetooth: prefetch channel before killing sock Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 042/121] KVM: fix overflow of zero page refcount with ksm running Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 043/121] ALSA: hda: Clear RIRB status before reading WP Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 044/121] skbuff: fix a data race in skb_queue_len() Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 045/121] audit: CONFIG_CHANGE dont log internal bookkeeping as an event Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 046/121] selinux: sel_avc_get_stat_idx should increase position index Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 047/121] scsi: lpfc: Fix RQ buffer leakage when no IOCBs available Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 048/121] scsi: lpfc: Fix coverity errors in fmdi attribute handling Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 049/121] drm/omap: fix possible object reference leak Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 050/121] RDMA/rxe: Fix configuration of atomic queue pair attributes Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 051/121] KVM: x86: fix incorrect comparison in trace event Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 052/121] x86/pkeys: Add check for pkey "overflow" Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 053/121] bpf: Remove recursion prevention from rcu free callback Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 054/121] dmaengine: tegra-apb: Prevent race conditions on channels freeing Greg Kroah-Hartman
2020-09-29 10:59 ` [PATCH 4.9 055/121] media: go7007: Fix URB type for interrupt handling Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 056/121] Bluetooth: guard against controllers sending zerod events Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 057/121] timekeeping: Prevent 32bit truncation in scale64_check_overflow() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 058/121] drm/amdgpu: increase atombios cmd timeout Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 059/121] Bluetooth: L2CAP: handle l2cap config request during open state Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 060/121] media: tda10071: fix unsigned sign extension overflow Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 061/121] xfs: dont ever return a stale pointer from __xfs_dir3_free_read Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 062/121] tpm: ibmvtpm: Wait for buffer to be set before proceeding Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 063/121] tracing: Use address-of operator on section symbols Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 064/121] serial: 8250_port: Dont service RX FIFO if throttled Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 065/121] serial: 8250_omap: Fix sleeping function called from invalid context during probe Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 066/121] serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 067/121] cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 068/121] tools: gpio-hammer: Avoid potential overflow in main Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 069/121] SUNRPC: Fix a potential buffer overflow in svc_print_xprts() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 070/121] svcrdma: Fix leak of transport addresses Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 071/121] ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 072/121] ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 073/121] mm/filemap.c: clear page error before actual read Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 074/121] mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 075/121] serial: uartps: Add a timeout to the tx empty wait Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 076/121] serial: uartps: Wait for tx_empty in console setup Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 077/121] KVM: Remove CREATE_IRQCHIP/SET_PIT2 race Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 078/121] bdev: Reduce time holding bd_mutex in sync in blkdev_close() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 079/121] drivers: char: tlclk.c: Avoid data race between init and interrupt handler Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 080/121] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 081/121] atm: fix a memory leak of vcc->user_back Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 082/121] phy: samsung: s5pv210-usb2: Add delay after reset Greg Kroah-Hartman
2020-09-29 11:00 ` Greg Kroah-Hartman [this message]
2020-09-29 11:00 ` [PATCH 4.9 084/121] USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 085/121] tty: serial: samsung: Correct clock selection logic Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 086/121] ALSA: hda: Fix potential race in unsol event handler Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 087/121] fuse: dont check refcount after stealing page Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 088/121] USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 089/121] e1000: Do not perform reset in reset_task if we are already down Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 090/121] printk: handle blank console arguments passed in Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 091/121] btrfs: dont force read-only after error in drop snapshot Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 092/121] vfio/pci: fix memory leaks of eventfd ctx Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 093/121] perf util: Fix memory leak of prefix_if_not_in Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 094/121] perf kcore_copy: Fix module map when there are no modules loaded Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 095/121] mtd: rawnand: omap_elm: Fix runtime PM imbalance on error Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 096/121] ceph: fix potential race in ceph_check_caps Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 097/121] mtd: parser: cmdline: Support MTD names containing one or more colons Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 098/121] x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 099/121] vfio/pci: Clear error and request eventfd ctx after releasing Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 100/121] cifs: Fix double add page to memcg when cifs_readpages Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 101/121] selftests/x86/syscall_nt: Clear weird flags after each test Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 102/121] vfio/pci: fix racy on error and request eventfd ctx Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 103/121] s390/init: add missing __init annotations Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 104/121] i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 105/121] objtool: Fix noreturn detection for ignored functions Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 106/121] ieee802154/adf7242: check status of adf7242_read_reg Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 107/121] clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 108/121] mwifiex: Increase AES key storage size to 256 bits Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 109/121] batman-adv: bla: fix type misuse for backbone_gw hash indexing Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 110/121] atm: eni: fix the missed pci_disable_device() for eni_init_one() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 111/121] batman-adv: mcast/TT: fix wrongly dropped or rerouted packets Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 112/121] mac802154: tx: fix use-after-free Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 113/121] batman-adv: Add missing include for in_interrupt() Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 114/121] batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh Greg Kroah-Hartman
2020-09-29 11:00 ` [PATCH 4.9 115/121] ALSA: asihpi: fix iounmap in error handler Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 116/121] MIPS: Add the missing CPU_1074K into __get_cpu_type() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 117/121] kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 118/121] lib/string.c: implement stpcpy Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 119/121] ata: define AC_ERR_OK Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 120/121] ata: make qc_prep return ata_completion_errors Greg Kroah-Hartman
2020-09-29 11:01 ` [PATCH 4.9 121/121] ata: sata_mv, avoid trigerrable BUG_ON Greg Kroah-Hartman
2020-09-29 15:15 ` [PATCH 4.9 000/121] 4.9.238-rc1 review Jon Hunter
2020-09-29 18:58 ` Guenter Roeck
2020-09-29 20:48 ` Guenter Roeck
2020-10-01  9:01   ` Greg Kroah-Hartman
2020-09-30 14:40 ` Shuah Khan
2020-10-01  1:40 ` Dan Rue
2020-10-01  8:30 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200929105934.294458239@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=sashal@kernel.org \
    --cc=sonnysasaka@chromium.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).