[3.13.y.z extended stable] Patch "Bluetooth: Fix triggering BR/EDR L2CAP Connect too early" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Jun 10 19:29:20 UTC 2014


This is a note to let you know that I have just added a patch titled

    Bluetooth: Fix triggering BR/EDR L2CAP Connect too early

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.3.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From b7dac9c030d2a9d03e62462573013d644f39f5f2 Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg at intel.com>
Date: Fri, 11 Apr 2014 12:02:31 -0700
Subject: Bluetooth: Fix triggering BR/EDR L2CAP Connect too early

commit 9eb1fbfa0a737fd4d3a6d12d71c5ea9af622b887 upstream.

Commit 1c2e004183178 introduced an event handler for the encryption key
refresh complete event with the intent of fixing some LE/SMP cases.
However, this event is shared with BR/EDR and there we actually want to
act only on the auth_complete event (which comes after the key refresh).

If we do not do this we may trigger an L2CAP Connect Request too early
and cause the remote side to return a security block error.

Signed-off-by: Johan Hedberg <johan.hedberg at intel.com>
Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/bluetooth/hci_event.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 75d34d1..e70a426 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3012,6 +3012,12 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
 	if (!conn)
 		goto unlock;

+	/* For BR/EDR the necessary steps are taken through the
+	 * auth_complete event.
+	 */
+	if (conn->type != LE_LINK)
+		goto unlock;
+
 	if (!ev->status)
 		conn->sec_level = conn->pending_sec_level;

--
1.9.1





More information about the kernel-team mailing list