Commit 31dd624e authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann

Bluetooth: Fix missing hdev locking in smp_cmd_ident_addr_info

The hdev lock must be held before calling into smp_distribute_keys. Also
things such as hci_add_irk() require the lock. This patch fixes the
issue by adding the necessary locking into the smp_cmd_ident_addr_info
function.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent dbbfa2ab
...@@ -1076,6 +1076,8 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, ...@@ -1076,6 +1076,8 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
skb_pull(skb, sizeof(*info)); skb_pull(skb, sizeof(*info));
hci_dev_lock(hcon->hdev);
/* Strictly speaking the Core Specification (4.1) allows sending /* Strictly speaking the Core Specification (4.1) allows sending
* an empty address which would force us to rely on just the IRK * an empty address which would force us to rely on just the IRK
* as "identity information". However, since such * as "identity information". However, since such
...@@ -1085,8 +1087,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, ...@@ -1085,8 +1087,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
*/ */
if (!bacmp(&info->bdaddr, BDADDR_ANY)) { if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
BT_ERR("Ignoring IRK with no identity address"); BT_ERR("Ignoring IRK with no identity address");
smp_distribute_keys(conn); goto distribute;
return 0;
} }
bacpy(&smp->id_addr, &info->bdaddr); bacpy(&smp->id_addr, &info->bdaddr);
...@@ -1100,8 +1101,11 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, ...@@ -1100,8 +1101,11 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
smp->id_addr_type, smp->irk, &rpa); smp->id_addr_type, smp->irk, &rpa);
distribute:
smp_distribute_keys(conn); smp_distribute_keys(conn);
hci_dev_unlock(hcon->hdev);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment