2 files changed, 40 insertions, 16 deletions

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 6ee7de26cbb6..96291530606d 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4263,25 +4263,26 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
 }
 
 /* This function requires the caller holds hdev->lock */
-static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
-                                  u8 addr_type, u8 adv_type)
+static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
+                                              bdaddr_t *addr,
+                                              u8 addr_type, u8 adv_type)
 {
         struct hci_conn *conn;
         struct hci_conn_params *params;
 
         /* If the event is not connectable don't proceed further */
         if (adv_type != LE_ADV_IND && adv_type != LE_ADV_DIRECT_IND)
-                return;
+                return NULL;
 
         /* Ignore if the device is blocked */
         if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
-                return;
+                return NULL;
 
         /* Most controller will fail if we try to create new connections
          * while we have an existing one in slave role.
          */
         if (hdev->conn_hash.le_num_slave > 0)
-                return;
+                return NULL;
 
         /* If we're not connectable only connect devices that we have in
          * our pend_le_conns list.
@@ -4289,7 +4290,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
         params = hci_pend_le_action_lookup(&hdev->pend_le_conns,
                                            addr, addr_type);
         if (!params)
-                return;
+                return NULL;
 
         switch (params->auto_connect) {
         case HCI_AUTO_CONN_DIRECT:
@@ -4298,7 +4299,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
                  * incoming connections from slave devices.
                  */
                 if (adv_type != LE_ADV_DIRECT_IND)
-                        return;
+                        return NULL;
                 break;
         case HCI_AUTO_CONN_ALWAYS:
                 /* Devices advertising with ADV_IND or ADV_DIRECT_IND
@@ -4309,7 +4310,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
                  */
                 break;
         default:
-                return;
+                return NULL;
         }
 
         conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW,
@@ -4322,7 +4323,7 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
                  * count consistent once the connection is established.
                  */
                 params->conn = hci_conn_get(conn);
-                return;
+                return conn;
         }
 
         switch (PTR_ERR(conn)) {
@@ -4335,7 +4336,10 @@ static void check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr,
                 break;
         default:
                 BT_DBG("Failed to connect: err %ld", PTR_ERR(conn));
+                return NULL;
         }
+
+        return NULL;
 }
 
 static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
@@ -4343,6 +4347,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
 {
         struct discovery_state *d = &hdev->discovery;
         struct smp_irk *irk;
+        struct hci_conn *conn;
         bool match;
         u32 flags;
 
@@ -4354,7 +4359,14 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
         }
 
         /* Check if we have been requested to connect to this device */
-        check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
+        conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type);
+        if (conn && type == LE_ADV_IND) {
+                /* Store report for later inclusion by
+                 * mgmt_device_connected
+                 */
+                memcpy(conn->le_adv_data, data, len);
+                conn->le_adv_data_len = len;
+        }
 
         /* Passive scanning shouldn't trigger any device found events,
          * except for devices marked as CONN_REPORT for which we do send
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index fc275dca94f8..10caab587cca 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -6183,13 +6183,25 @@ void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
 
         ev->flags = __cpu_to_le32(flags);
 
-        if (name_len > 0)
-                eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
-                                          name, name_len);
+        /* We must ensure that the EIR Data fields are ordered and
+         * unique. Keep it simple for now and avoid the problem by not
+         * adding any BR/EDR data to the LE adv.
+         */
+        if (conn->le_adv_data_len > 0) {
+                memcpy(&ev->eir[eir_len],
+                       conn->le_adv_data, conn->le_adv_data_len);
+                eir_len = conn->le_adv_data_len;
+        } else {
+                if (name_len > 0)
+                        eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
+                                                  name, name_len);
 
-        if (conn->dev_class && memcmp(conn->dev_class, "\0\0\0", 3) != 0)
-                eir_len = eir_append_data(ev->eir, eir_len,
-                                          EIR_CLASS_OF_DEV, conn->dev_class, 3);
+                if (conn->dev_class &&
+                    memcmp(conn->dev_class, "\0\0\0", 3) != 0)
+                        eir_len = eir_append_data(ev->eir, eir_len,
+                                                  EIR_CLASS_OF_DEV,
+                                                  conn->dev_class, 3);
+        }
 
         ev->eir_len = cpu_to_le16(eir_len);