diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2009-02-06 17:56:36 -0500 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2009-02-27 00:14:41 -0500 |
commit | 6a8d3010b313d99adbb28f1826fac0234395bb26 (patch) | |
tree | e116cd7033e05e0e59b225484991e2a27188fc3e /net | |
parent | 984947dc64f82bc6cafa4d84ba1a139718f634a8 (diff) |
Bluetooth: Fix double L2CAP connection request
If the remote L2CAP server uses authentication pending stage and
encryption is enabled it can happen that a L2CAP connection request is
sent twice due to a race condition in the connection state machine.
When the remote side indicates any kind of connection pending, then
track this state and skip sending of L2CAP commands for this period.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/l2cap.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c index 07fdbc7dd54d..01f750142d55 100644 --- a/net/bluetooth/l2cap.c +++ b/net/bluetooth/l2cap.c | |||
@@ -1946,11 +1946,14 @@ static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hd | |||
1946 | l2cap_pi(sk)->dcid = dcid; | 1946 | l2cap_pi(sk)->dcid = dcid; |
1947 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; | 1947 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT; |
1948 | 1948 | ||
1949 | l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND; | ||
1950 | |||
1949 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, | 1951 | l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, |
1950 | l2cap_build_conf_req(sk, req), req); | 1952 | l2cap_build_conf_req(sk, req), req); |
1951 | break; | 1953 | break; |
1952 | 1954 | ||
1953 | case L2CAP_CR_PEND: | 1955 | case L2CAP_CR_PEND: |
1956 | l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND; | ||
1954 | break; | 1957 | break; |
1955 | 1958 | ||
1956 | default: | 1959 | default: |
@@ -2478,6 +2481,11 @@ static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt) | |||
2478 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { | 2481 | for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) { |
2479 | bh_lock_sock(sk); | 2482 | bh_lock_sock(sk); |
2480 | 2483 | ||
2484 | if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) { | ||
2485 | bh_unlock_sock(sk); | ||
2486 | continue; | ||
2487 | } | ||
2488 | |||
2481 | if (!status && (sk->sk_state == BT_CONNECTED || | 2489 | if (!status && (sk->sk_state == BT_CONNECTED || |
2482 | sk->sk_state == BT_CONFIG)) { | 2490 | sk->sk_state == BT_CONFIG)) { |
2483 | l2cap_check_encryption(sk, encrypt); | 2491 | l2cap_check_encryption(sk, encrypt); |