diff mbox series

Bluetooth: Check inquiry status before sending one

Message ID 20210401111036.1.I26d172ded4e4ac8ad334516a8d196539777fba2a@changeid
State New
Headers show
Series Bluetooth: Check inquiry status before sending one | expand

Commit Message

Archie Pusaka April 1, 2021, 3:11 a.m. UTC 
From: Archie Pusaka <apusaka@chromium.org>

There is a possibility where HCI_INQUIRY flag is set but we still
send HCI_OP_INQUIRY anyway.

Such a case can be reproduced by connecting to an LE device while
active scanning. When the device is discovered, we initiate a
connection, stop LE Scan, and send Discovery MGMT with status
disabled, but we don't cancel the inquiry.

Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
---

 net/bluetooth/hci_request.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Marcel Holtmann April 2, 2021, 9:09 a.m. UTC | #1 
Hi Archie,

> There is a possibility where HCI_INQUIRY flag is set but we still
> send HCI_OP_INQUIRY anyway.
> 
> Such a case can be reproduced by connecting to an LE device while
> active scanning. When the device is discovered, we initiate a
> connection, stop LE Scan, and send Discovery MGMT with status
> disabled, but we don't cancel the inquiry.
> 
> Signed-off-by: Archie Pusaka <apusaka@chromium.org>
> Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
> ---
> 
> net/bluetooth/hci_request.c | 3 +++
> 1 file changed, 3 insertions(+)

patch has been applied to bluetooth-next tree.

Regards

Marcel
diff mbox series

Patch

diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index 8ace5d34b01e..5a5ec7ed15ea 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -2952,6 +2952,9 @@  static int bredr_inquiry(struct hci_request *req, unsigned long opt)
 	const u8 liac[3] = { 0x00, 0x8b, 0x9e };
 	struct hci_cp_inquiry cp;
 
+	if (test_bit(HCI_INQUIRY, &req->hdev->flags))
+		return 0;
+
 	bt_dev_dbg(req->hdev, "");
 
 	hci_dev_lock(req->hdev);