[Bluetooth] Fix reference counting during ACL config stage

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The ACL config stage keeps holding a reference count on incoming
connections when requesting the extended features. This results in
keeping an ACL link up without any users. The problem here is that
the Bluetooth specification doesn't define an ownership of the ACL
link and thus it can happen that the implementation on the initiator
side doesn't care about disconnecting unused links. In this case the
acceptor needs to take care of this.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Marcel Holtmann 17 years ago f1c08ca5 24342c34

+4 -7

1 changed file

expand all

net

bluetooth

hci_event.c

+4 -7

net/bluetooth/hci_event.c

··· 1605 1605 1606 1606 if (conn->state == BT_CONFIG) { 1607 1607 if (!ev->status && hdev->ssp_mode > 0 && 1608 - conn->ssp_mode > 0) { 1609 - if (conn->out) { 1610 - struct hci_cp_auth_requested cp; 1611 - cp.handle = ev->handle; 1612 - hci_send_cmd(hdev, 1613 - HCI_OP_AUTH_REQUESTED, 1608 + conn->ssp_mode > 0 && conn->out) { 1609 + struct hci_cp_auth_requested cp; 1610 + cp.handle = ev->handle; 1611 + hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, 1614 1612 sizeof(cp), &cp); 1615 - } 1616 1613 } else { 1617 1614 conn->state = BT_CONNECTED; 1618 1615 hci_proto_connect_cfm(conn, ev->status);