Bluetooth: Call l2cap_conn_shutdown() when SMP recv callback fails

To restore pre-l2cap_chan functionality we should be trying to disconnect the connection when receviving garbage SMP data (i.e. when the SMP command handler fails). This patch renames the command handler back to smp_sig_channel() and adds a smp_recv_cb() wrapper function for calling it. If smp_sig_channel() fails the code calls l2cap_conn_shutdown(). Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
author: Johan Hedberg <johan.hedberg@intel.com> 2014-08-11 15:06:38 -0400
committer: Marcel Holtmann <marcel@holtmann.org> 2014-08-14 02:49:22 -0400
commit: 4befb867b9de8adc56c683f4cf6c9e6c035e94e3 (patch)
tree: b3b009cad24b75f82e11a46024e9c1ff506b9854 /net/bluetooth
parent: dec5b49235e2526d7aacf5b93ea48f5e30c2f7c3 (diff)
1 files changed, 19 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 28014ad3d2d3..7a295d7edc44 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1375,7 +1375,7 @@ static int smp_cmd_sign_info(struct l2cap_conn *conn, struct sk_buff *skb)
        return 0;
 }
-static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
+static int smp_sig_channel(struct l2cap_chan *chan, struct sk_buff *skb)
 {
        struct l2cap_conn *conn = chan->conn;
        struct hci_conn *hcon = conn->hcon;
@@ -1514,6 +1514,24 @@ static void smp_ready_cb(struct l2cap_chan *chan)
        l2cap_chan_hold(chan);
 }
+static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
+{
+        int err;
+        BT_DBG("chan %p", chan);
+        err = smp_sig_channel(chan, skb);
+        if (err) {
+                struct l2cap_conn *conn = chan->conn;
+                cancel_delayed_work_sync(&conn->security_timer);
+                l2cap_conn_shutdown(chan->conn, -err);
+        }
+        return err;
+}
 static struct sk_buff *smp_alloc_skb_cb(struct l2cap_chan *chan,
                                        unsigned long hdr_len,
                                        unsigned long len, int nb)
author	Johan Hedberg <johan.hedberg@intel.com>	2014-08-11 15:06:38 -0400
committer	Marcel Holtmann <marcel@holtmann.org>	2014-08-14 02:49:22 -0400
commit	4befb867b9de8adc56c683f4cf6c9e6c035e94e3 (patch)
tree	b3b009cad24b75f82e11a46024e9c1ff506b9854 /net/bluetooth
parent	dec5b49235e2526d7aacf5b93ea48f5e30c2f7c3 (diff)

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 28014ad3d2d3..7a295d7edc44 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c
@@ -1375,7 +1375,7 @@ static int smp_cmd_sign_info(struct l2cap_conn conn, struct sk_buff skb)
1375	return 0;	1375	return 0;
1376	}	1376	}
1377		1377
1378	static int smp_recv_cb(struct l2cap_chan chan, struct sk_buff skb)	1378	static int smp_sig_channel(struct l2cap_chan chan, struct sk_buff skb)
1379	{	1379	{
1380	struct l2cap_conn *conn = chan->conn;	1380	struct l2cap_conn *conn = chan->conn;
1381	struct hci_conn *hcon = conn->hcon;	1381	struct hci_conn *hcon = conn->hcon;
@@ -1514,6 +1514,24 @@ static void smp_ready_cb(struct l2cap_chan *chan)
1514	l2cap_chan_hold(chan);	1514	l2cap_chan_hold(chan);
1515	}	1515	}
1516		1516
		1517	static int smp_recv_cb(struct l2cap_chan chan, struct sk_buff skb)
		1518	{
		1519	int err;
		1520
		1521	BT_DBG("chan %p", chan);
		1522
		1523	err = smp_sig_channel(chan, skb);
		1524	if (err) {
		1525	struct l2cap_conn *conn = chan->conn;
		1526
		1527	cancel_delayed_work_sync(&conn->security_timer);
		1528
		1529	l2cap_conn_shutdown(chan->conn, -err);
		1530	}
		1531
		1532	return err;
		1533	}
		1534
1517	static struct sk_buff smp_alloc_skb_cb(struct l2cap_chan chan,	1535	static struct sk_buff smp_alloc_skb_cb(struct l2cap_chan chan,
1518	unsigned long hdr_len,	1536	unsigned long hdr_len,
1519	unsigned long len, int nb)	1537	unsigned long len, int nb)