| From c73f94b8c093a615ce80eabbde0ac6eb9abfe31a Mon Sep 17 00:00:00 2001 |
| From: Johan Hedberg <johan.hedberg@intel.com> |
| Date: Fri, 13 Jun 2014 10:22:28 +0300 |
| Subject: Bluetooth: Fix locking of hdev when calling into SMP code |
| |
| From: Johan Hedberg <johan.hedberg@intel.com> |
| |
| commit c73f94b8c093a615ce80eabbde0ac6eb9abfe31a upstream. |
| |
| The SMP code expects hdev to be unlocked since e.g. crypto functions |
| will try to (re)lock it. Therefore, we need to release the lock before |
| calling into smp.c from mgmt.c. Without this we risk a deadlock whenever |
| the smp_user_confirm_reply() function is called. |
| |
| Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> |
| Tested-by: Lukasz Rymanowski <lukasz.rymanowski@tieto.com> |
| Signed-off-by: Marcel Holtmann <marcel@holtmann.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/bluetooth/mgmt.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| --- a/net/bluetooth/mgmt.c |
| +++ b/net/bluetooth/mgmt.c |
| @@ -2826,8 +2826,13 @@ static int user_pairing_resp(struct sock |
| } |
| |
| if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) { |
| - /* Continue with pairing via SMP */ |
| + /* Continue with pairing via SMP. The hdev lock must be |
| + * released as SMP may try to recquire it for crypto |
| + * purposes. |
| + */ |
| + hci_dev_unlock(hdev); |
| err = smp_user_confirm_reply(conn, mgmt_op, passkey); |
| + hci_dev_lock(hdev); |
| |
| if (!err) |
| err = cmd_complete(sk, hdev->id, mgmt_op, |