diff options
Diffstat (limited to 'net/bluetooth/mgmt.c')
-rw-r--r-- | net/bluetooth/mgmt.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index f7c2969d8829..3db8525b0293 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c | |||
@@ -2281,8 +2281,9 @@ failed: | |||
2281 | return err; | 2281 | return err; |
2282 | } | 2282 | } |
2283 | 2283 | ||
2284 | static int stop_discovery(struct sock *sk, u16 index) | 2284 | static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len) |
2285 | { | 2285 | { |
2286 | struct mgmt_cp_stop_discovery *mgmt_cp = data; | ||
2286 | struct hci_dev *hdev; | 2287 | struct hci_dev *hdev; |
2287 | struct pending_cmd *cmd; | 2288 | struct pending_cmd *cmd; |
2288 | struct hci_cp_remote_name_req_cancel cp; | 2289 | struct hci_cp_remote_name_req_cancel cp; |
@@ -2291,6 +2292,10 @@ static int stop_discovery(struct sock *sk, u16 index) | |||
2291 | 2292 | ||
2292 | BT_DBG("hci%u", index); | 2293 | BT_DBG("hci%u", index); |
2293 | 2294 | ||
2295 | if (len != sizeof(*mgmt_cp)) | ||
2296 | return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, | ||
2297 | MGMT_STATUS_INVALID_PARAMS); | ||
2298 | |||
2294 | hdev = hci_dev_get(index); | 2299 | hdev = hci_dev_get(index); |
2295 | if (!hdev) | 2300 | if (!hdev) |
2296 | return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, | 2301 | return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, |
@@ -2299,8 +2304,16 @@ static int stop_discovery(struct sock *sk, u16 index) | |||
2299 | hci_dev_lock(hdev); | 2304 | hci_dev_lock(hdev); |
2300 | 2305 | ||
2301 | if (!hci_discovery_active(hdev)) { | 2306 | if (!hci_discovery_active(hdev)) { |
2302 | err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, | 2307 | err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, |
2303 | MGMT_STATUS_REJECTED); | 2308 | MGMT_STATUS_REJECTED, |
2309 | &mgmt_cp->type, sizeof(mgmt_cp->type)); | ||
2310 | goto unlock; | ||
2311 | } | ||
2312 | |||
2313 | if (hdev->discovery.type != mgmt_cp->type) { | ||
2314 | err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, | ||
2315 | MGMT_STATUS_INVALID_PARAMS, | ||
2316 | &mgmt_cp->type, sizeof(mgmt_cp->type)); | ||
2304 | goto unlock; | 2317 | goto unlock; |
2305 | } | 2318 | } |
2306 | 2319 | ||
@@ -2323,7 +2336,7 @@ static int stop_discovery(struct sock *sk, u16 index) | |||
2323 | if (!e) { | 2336 | if (!e) { |
2324 | mgmt_pending_remove(cmd); | 2337 | mgmt_pending_remove(cmd); |
2325 | err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0, | 2338 | err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0, |
2326 | NULL, 0); | 2339 | &mgmt_cp->type, sizeof(mgmt_cp->type)); |
2327 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); | 2340 | hci_discovery_set_state(hdev, DISCOVERY_STOPPED); |
2328 | goto unlock; | 2341 | goto unlock; |
2329 | } | 2342 | } |
@@ -2706,7 +2719,7 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) | |||
2706 | err = start_discovery(sk, index, cp, len); | 2719 | err = start_discovery(sk, index, cp, len); |
2707 | break; | 2720 | break; |
2708 | case MGMT_OP_STOP_DISCOVERY: | 2721 | case MGMT_OP_STOP_DISCOVERY: |
2709 | err = stop_discovery(sk, index); | 2722 | err = stop_discovery(sk, index, cp, len); |
2710 | break; | 2723 | break; |
2711 | case MGMT_OP_CONFIRM_NAME: | 2724 | case MGMT_OP_CONFIRM_NAME: |
2712 | err = confirm_name(sk, index, cp, len); | 2725 | err = confirm_name(sk, index, cp, len); |
@@ -3369,7 +3382,9 @@ int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) | |||
3369 | if (!cmd) | 3382 | if (!cmd) |
3370 | return -ENOENT; | 3383 | return -ENOENT; |
3371 | 3384 | ||
3372 | err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); | 3385 | err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status), |
3386 | &hdev->discovery.type, | ||
3387 | sizeof(hdev->discovery.type)); | ||
3373 | mgmt_pending_remove(cmd); | 3388 | mgmt_pending_remove(cmd); |
3374 | 3389 | ||
3375 | return err; | 3390 | return err; |
@@ -3389,12 +3404,8 @@ int mgmt_discovering(struct hci_dev *hdev, u8 discovering) | |||
3389 | if (cmd != NULL) { | 3404 | if (cmd != NULL) { |
3390 | u8 type = hdev->discovery.type; | 3405 | u8 type = hdev->discovery.type; |
3391 | 3406 | ||
3392 | if (discovering) | 3407 | cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, |
3393 | cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, | ||
3394 | &type, sizeof(type)); | 3408 | &type, sizeof(type)); |
3395 | else | ||
3396 | cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, | ||
3397 | NULL, 0); | ||
3398 | mgmt_pending_remove(cmd); | 3409 | mgmt_pending_remove(cmd); |
3399 | } | 3410 | } |
3400 | 3411 | ||