From: Johan Hedberg <johan.hedberg@intel.com>
Date: Sun, 17 Aug 2014 21:41:44 +0000 (+0300)
Subject: Bluetooth: Ignore incoming data after initiating disconnection
X-Git-Tag: firefly_0821_release~176^2~3001^2~75^2~221
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f94b665dcf15324f5ac8aa639e47be0829b6409d;p=firefly-linux-kernel-4.4.55.git

Bluetooth: Ignore incoming data after initiating disconnection

When hci_chan_del is called the disconnection routines get scheduled
through a workqueue. If there's any incoming ACL data before the
routines get executed there's a chance that a new hci_chan is created
and the disconnection never happens. This patch adds a new hci_conn flag
to indicate that we're in the process of driving the connection down. We
set the flag in hci_chan_del and check for it in hci_chan_create so that
no new channels are created for the same connection.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 18c24f6fce6c..dbe73642c54c 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -553,6 +553,7 @@ enum {
 	HCI_CONN_FIPS,
 	HCI_CONN_STK_ENCRYPT,
 	HCI_CONN_AUTH_INITIATOR,
+	HCI_CONN_DROP,
 };
 
 static inline bool hci_conn_ssp_enabled(struct hci_conn *conn)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index cb04a4e3c829..aaa7e388d026 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1291,6 +1291,11 @@ struct hci_chan *hci_chan_create(struct hci_conn *conn)
 
 	BT_DBG("%s hcon %p", hdev->name, conn);
 
+	if (test_bit(HCI_CONN_DROP, &conn->flags)) {
+		BT_DBG("Refusing to create new hci_chan");
+		return NULL;
+	}
+
 	chan = kzalloc(sizeof(*chan), GFP_KERNEL);
 	if (!chan)
 		return NULL;
@@ -1318,6 +1323,7 @@ void hci_chan_del(struct hci_chan *chan)
 
 	/* Force the connection to be immediately dropped */
 	conn->disc_timeout = 0;
+	set_bit(HCI_CONN_DROP, &conn->flags);
 
 	hci_conn_drop(conn);
 	hci_conn_put(conn);