Bluetooth: Fix missing hdev locking in smp_cmd_ident_addr_info

The hdev lock must be held before calling into smp_distribute_keys. Also things such as hci_add_irk() require the lock. This patch fixes the issue by adding the necessary locking into the smp_cmd_ident_addr_info function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Bluetooth: Fix missing hdev locking in smp_cmd_ident_addr_info
The hdev lock must be held before calling into smp_distribute_keys. Also things such as hci_add_irk() require the lock. This patch fixes the issue by adding the necessary locking into the smp_cmd_ident_addr_info function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
31dd624e · Johan Hedberg · Marcel Holtmann · dbbfa2ab · 31dd624e
Commit 31dd624e authored Jun 27, 2014 by Johan Hedberg Committed by Marcel Holtmann Jul 03, 2014
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

net/bluetooth/smp.c net/bluetooth/smp.c +6 -2

No files found.
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1076,6 +1076,8 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
 	skb_pull(skb, sizeof(*info));
+	hci_dev_lock(hcon->hdev);
 	/* Strictly speaking the Core Specification (4.1) allows sending
 	 * an empty address which would force us to rely on just the IRK
 	 * as "identity information". However, since such
@@ -1085,8 +1087,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
 	 */
 	if (!bacmp(&info->bdaddr, BDADDR_ANY)) {
 		BT_ERR("Ignoring IRK with no identity address");
-		smp_distribute_keys(conn);
+		goto distribute;
-		return 0;
 	}
 	bacpy(&smp->id_addr, &info->bdaddr);
@@ -1100,8 +1101,11 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn,
 	smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr,
 				      smp->id_addr_type, smp->irk, &rpa);
+distribute:
 	smp_distribute_keys(conn);
+	hci_dev_unlock(hcon->hdev);
 	return 0;
 }