From 31dd624e1cf937655a06fa4eeec06f4bafa34ab7 Mon Sep 17 00:00:00 2001 From: Johan Hedberg Date: Fri, 27 Jun 2014 14:23:02 +0300 Subject: [PATCH] Bluetooth: Fix missing hdev locking in smp_cmd_ident_addr_info The hdev lock must be held before calling into smp_distribute_keys. Also things such as hci_add_irk() require the lock. This patch fixes the issue by adding the necessary locking into the smp_cmd_ident_addr_info function. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann --- net/bluetooth/smp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 976fce2315fd..a38941593e8b 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -1076,6 +1076,8 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, skb_pull(skb, sizeof(*info)); + hci_dev_lock(hcon->hdev); + /* Strictly speaking the Core Specification (4.1) allows sending * an empty address which would force us to rely on just the IRK * as "identity information". However, since such @@ -1085,8 +1087,7 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, */ if (!bacmp(&info->bdaddr, BDADDR_ANY)) { BT_ERR("Ignoring IRK with no identity address"); - smp_distribute_keys(conn); - return 0; + goto distribute; } bacpy(&smp->id_addr, &info->bdaddr); @@ -1100,8 +1101,11 @@ static int smp_cmd_ident_addr_info(struct l2cap_conn *conn, smp->remote_irk = hci_add_irk(conn->hcon->hdev, &smp->id_addr, smp->id_addr_type, smp->irk, &rpa); +distribute: smp_distribute_keys(conn); + hci_dev_unlock(hcon->hdev); + return 0; } -- 2.34.1