summaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2006-09-26 09:43:48 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-28 18:01:33 -0700
commit6ac59344ef25d5f0ebadb5663cf700d25d2a3886 (patch)
treeb4dbdf1589e0a7b6d3ed04d38fb7615a54f0d7af /net/bluetooth
parent1143e5a6d4d69cd36d44e0184769aa2b17041a10 (diff)
downloadkernel-crypto-6ac59344ef25d5f0ebadb5663cf700d25d2a3886.tar.gz
kernel-crypto-6ac59344ef25d5f0ebadb5663cf700d25d2a3886.tar.xz
kernel-crypto-6ac59344ef25d5f0ebadb5663cf700d25d2a3886.zip
[Bluetooth] Support create connection cancel command
In case of non-blocking connects it is possible that the last user of an ACL link quits before the connection has been fully established. This will lead to a race condition where the internal state of a connection is closed, but the actual link has been established and is active. In case of Bluetooth 1.2 and later devices it is possible to call create connection cancel to abort the connect. For older devices the disconnect timer will be used to trigger the needed disconnect. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_conn.c31
-rw-r--r--net/bluetooth/hci_event.c4
2 files changed, 31 insertions, 4 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 7e9515b41cc..90e3a285a17 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -84,6 +84,20 @@ static void hci_acl_connect(struct hci_conn *conn)
hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
}
+static void hci_acl_connect_cancel(struct hci_conn *conn)
+{
+ struct hci_cp_create_conn_cancel cp;
+
+ BT_DBG("%p", conn);
+
+ if (conn->hdev->hci_ver < 2)
+ return;
+
+ bacpy(&cp.bdaddr, &conn->dst);
+ hci_send_cmd(conn->hdev, OGF_LINK_CTL,
+ OCF_CREATE_CONN_CANCEL, sizeof(cp), &cp);
+}
+
void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
{
struct hci_cp_disconnect cp;
@@ -94,7 +108,8 @@ void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
cp.handle = __cpu_to_le16(conn->handle);
cp.reason = reason;
- hci_send_cmd(conn->hdev, OGF_LINK_CTL, OCF_DISCONNECT, sizeof(cp), &cp);
+ hci_send_cmd(conn->hdev, OGF_LINK_CTL,
+ OCF_DISCONNECT, sizeof(cp), &cp);
}
void hci_add_sco(struct hci_conn *conn, __u16 handle)
@@ -124,12 +139,20 @@ static void hci_conn_timeout(unsigned long arg)
return;
hci_dev_lock(hdev);
- if (conn->state == BT_CONNECTED)
+
+ switch (conn->state) {
+ case BT_CONNECT:
+ hci_acl_connect_cancel(conn);
+ break;
+ case BT_CONNECTED:
hci_acl_disconn(conn, 0x13);
- else
+ break;
+ default:
conn->state = BT_CLOSED;
+ break;
+ }
+
hci_dev_unlock(hdev);
- return;
}
static void hci_conn_idle(unsigned long arg)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 7518bdbf34c..bb25484b874 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -750,6 +750,8 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
if (test_bit(HCI_ENCRYPT, &hdev->flags))
conn->link_mode |= HCI_LM_ENCRYPT;
+ hci_conn_hold(conn);
+
/* Get remote features */
if (conn->type == ACL_LINK) {
struct hci_cp_read_remote_features cp;
@@ -778,6 +780,8 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
hci_send_cmd(hdev, OGF_LINK_CTL,
OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
}
+
+ hci_conn_put(conn);
} else
conn->state = BT_CLOSED;