• Luiz Augusto von Dentz's avatar
    Bluetooth: hci_event: Fix checking for invalid handle on error status · c86cc5a3
    Luiz Augusto von Dentz authored
    Commit d5ebaa7c introduces checks for handle range
    (e.g HCI_CONN_HANDLE_MAX) but controllers like Intel AX200 don't seem
    to respect the valid range int case of error status:
    
    > HCI Event: Connect Complete (0x03) plen 11
            Status: Page Timeout (0x04)
            Handle: 65535
            Address: 94:DB:56:XX:XX:XX (Sony Home Entertainment&
    	Sound Products Inc)
            Link type: ACL (0x01)
            Encryption: Disabled (0x00)
    [1644965.827560] Bluetooth: hci0: Ignoring HCI_Connection_Complete for invalid handle
    
    Because of it is impossible to cleanup the connections properly since
    the stack would attempt to cancel the connection which is no longer in
    progress causing the following trace:
    
    < HCI Command: Create Connection Cancel (0x01|0x0008) plen 6
            Address: 94:DB:56:XX:XX:XX (Sony Home Entertainment&
    	Sound Products Inc)
    = bluetoothd: src/profile.c:record_cb() Unable to get Hands-Free Voice
    	gateway SDP record: Connection timed out
    > HCI Event: Command Complete (0x0e) plen 10
          Create Connection Cancel (0x01|0x0008) ncmd 1
            Status: Unknown Connection Identifier (0x02)
            Address: 94:DB:56:XX:XX:XX (Sony Home Entertainment&
    	Sound Products Inc)
    < HCI Command: Create Connection Cancel (0x01|0x0008) plen 6
            Address: 94:DB:56:XX:XX:XX (Sony Home Entertainment&
    	Sound Products Inc)
    
    Fixes: d5ebaa7c ("Bluetooth: hci_event: Ignore multiple conn complete events")
    Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
    Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
    c86cc5a3
hci.h 62.2 KB