[3.19.y-ckt stable] Patch "Bluetooth: Fix removing connection parameters when unpairing" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Mon Nov 30 22:09:38 UTC 2015 

This is a note to let you know that I have just added a patch titled

    Bluetooth: Fix removing connection parameters when unpairing

to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue

This patch is scheduled to be released in version 3.19.8-ckt11.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 52e77d447ef09592f510d1ff92bfc3c56c557bea Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg at intel.com>
Date: Mon, 19 Oct 2015 10:51:47 +0300
Subject: Bluetooth: Fix removing connection parameters when unpairing

commit a6ad2a6b9cc1d9d791aee5462cfb8528f366f1d4 upstream.

The commit 89cbb0638e9b7 introduced support for deferred connection
parameter removal when unpairing by removing them only once an
existing connection gets disconnected. However, it failed to address
the scenario when we're *not* connected and do an unpair operation.

What makes things worse is that most user space BlueZ versions will
first issue a disconnect request and only then unpair, meaning the
buggy code will be triggered every time. This effectively causes the
kernel to resume scanning and reconnect to a device for which we've
removed all keys and GATT database information.

This patch fixes the issue by adding the missing call to the
hci_conn_params_del() function to a branch which handles the case of
no existing connection.

Signed-off-by: Johan Hedberg <johan.hedberg at intel.com>
Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/bluetooth/mgmt.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 1775dbf..13bfd37 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2772,6 +2772,11 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
 	} else {
 		u8 addr_type;

+		if (cp->addr.type == BDADDR_LE_PUBLIC)
+			addr_type = ADDR_LE_DEV_PUBLIC;
+		else
+			addr_type = ADDR_LE_DEV_RANDOM;
+
 		conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
 					       &cp->addr.bdaddr);
 		if (conn) {
@@ -2787,13 +2792,10 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
 			 */
 			if (!cp->disconnect)
 				conn = NULL;
+		} else {
+			hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
 		}

-		if (cp->addr.type == BDADDR_LE_PUBLIC)
-			addr_type = ADDR_LE_DEV_PUBLIC;
-		else
-			addr_type = ADDR_LE_DEV_RANDOM;
-
 		hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);

 		err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
--
1.9.1

More information about the kernel-team mailing list