| Message ID | 20200506195503.5837-1-sonnysasaka@chromium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Marcel Holtmann |
| Headers | show |
| Series | Bluetooth: Handle Inquiry Cancel error after Inquiry Complete | expand |
Hi Sonny, > After sending Inquiry Cancel command to the controller, it is possible > that Inquiry Complete event comes before Inquiry Cancel command complete > event. In this case the Inquiry Cancel command will have status of > Command Disallowed since there is no Inquiry session to be cancelled. > This case should not be treated as error, otherwise we can reach an > inconsistent state. > > Example of a btmon trace when this happened: > > < HCI Command: Inquiry Cancel (0x01|0x0002) plen 0 >> HCI Event: Inquiry Complete (0x01) plen 1 > Status: Success (0x00) >> HCI Event: Command Complete (0x0e) plen 4 > Inquiry Cancel (0x01|0x0002) ncmd 1 > Status: Command Disallowed (0x0c) > --- > net/bluetooth/hci_event.c | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel
Thanks, Marcel! On Wed, May 13, 2020 at 12:35 AM Marcel Holtmann <marcel@holtmann.org> wrote: > > Hi Sonny, > > > After sending Inquiry Cancel command to the controller, it is possible > > that Inquiry Complete event comes before Inquiry Cancel command complete > > event. In this case the Inquiry Cancel command will have status of > > Command Disallowed since there is no Inquiry session to be cancelled. > > This case should not be treated as error, otherwise we can reach an > > inconsistent state. > > > > Example of a btmon trace when this happened: > > > > < HCI Command: Inquiry Cancel (0x01|0x0002) plen 0 > >> HCI Event: Inquiry Complete (0x01) plen 1 > > Status: Success (0x00) > >> HCI Event: Command Complete (0x0e) plen 4 > > Inquiry Cancel (0x01|0x0002) ncmd 1 > > Status: Command Disallowed (0x0c) > > --- > > net/bluetooth/hci_event.c | 20 ++++++++++++++++++-- > > 1 file changed, 18 insertions(+), 2 deletions(-) > > patch has been applied to bluetooth-next tree. > > Regards > > Marcel >
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 3e7badb3ac2d..e8047175de10 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -41,12 +41,28 @@ /* Handle HCI Event packets */ -static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) +static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb, + u8 *new_status) { __u8 status = *((__u8 *) skb->data); BT_DBG("%s status 0x%2.2x", hdev->name, status); + /* It is possible that we receive Inquiry Complete event right + * before we receive Inquiry Cancel Command Complete event, in + * which case the latter event should have status of Command + * Disallowed (0x0c). This should not be treated as error, since + * we actually achieve what Inquiry Cancel wants to achieve, + * which is to end the last Inquiry session. + */ + if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) { + bt_dev_err(hdev, "Ignoring error of " + "HCI Inquiry Cancel command"); + status = 0x00; + } + + *new_status = status; + if (status) return; @@ -3036,7 +3052,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb, switch (*opcode) { case HCI_OP_INQUIRY_CANCEL: - hci_cc_inquiry_cancel(hdev, skb); + hci_cc_inquiry_cancel(hdev, skb, status); break; case HCI_OP_PERIODIC_INQ: