Commit b5793de3 authored Aug 05, 2023 by Pauli Virtanen Committed by Luiz Augusto von Dentz Aug 11, 2023

Bluetooth: hci_conn: avoid checking uninitialized CIG/CIS ids



The CIS/CIG ids of ISO connections are defined only when the connection
is unicast.

Fix the lookup functions to check for unicast first. Ensure CIG/CIS
IDs have valid value also in state BT_OPEN.

Signed-off-by: Pauli Virtanen <pav@iki.fi>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

parent 66dee215

include/net/bluetooth/hci_core.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -1219,7 +1219,7 @@ static inline struct hci_conn hci_conn_hash_lookup_cis(struct hci_dev hdev,
		rcu_read_lock();

		list_for_each_entry_rcu(c, &h->list, list) {
		if (c->type != ISO_LINK)
		if (c->type != ISO_LINK \|\| !bacmp(&c->dst, BDADDR_ANY))
		continue;

		/* Match CIG ID if set */
		@@ -1251,7 +1251,7 @@ static inline struct hci_conn hci_conn_hash_lookup_cig(struct hci_dev hdev,
		rcu_read_lock();

		list_for_each_entry_rcu(c, &h->list, list) {
		if (c->type != ISO_LINK)
		if (c->type != ISO_LINK \|\| !bacmp(&c->dst, BDADDR_ANY))
		continue;

		if (handle == c->iso_qos.ucast.cig) {

net/bluetooth/hci_conn.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1866,6 +1866,8 @@ struct hci_conn hci_bind_cis(struct hci_dev hdev, bdaddr_t *dst,
		return ERR_PTR(-ENOMEM);
		cis->cleanup = cis_cleanup;
		cis->dst_type = dst_type;
		cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
		cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
		}

		if (cis->state == BT_CONNECTED)