Re: bug? kernel does not send HCI Create Connection Cancel Command on shutdown() or close() of a connecting rfcomm socket

[Nick Pelly <npelly@xxxxxxxxxx>]

For the RFCOMM issue.

This is the log when shutdown() is called on the rfcomm socket while
the ACL link is connecting:

[  132.856414] rfcomm:rfcomm_sock_shutdown: sock c5cb3a20, sk c63fca00
[  132.856933] rfcomm:__rfcomm_sock_close: sk c63fca00 state 5 socket c5cb3a20
[  132.857788] rfcomm:__rfcomm_dlc_close: dlc c61ea240 state 7 dlci 38
err 0 session c63d4ba0
[  132.858612] rfcomm:rfcomm_send_disc: c63d4ba0 dlci 38
[  132.859069] rfcomm:rfcomm_send_frame: session c63d4ba0 len 4
[  132.859893] l2cap:l2cap_sock_sendmsg: sock c5cb38c0, sk c63fc800
[  132.860351] rfcomm:rfcomm_dlc_set_timer: dlc c61ea240 state 8 timeout 2000
[  133.863739] rfcomm:rfcomm_sock_release: sock c5cb3a20, sk c63fca00
[  133.864257] rfcomm:rfcomm_sock_shutdown: sock c5cb3a20, sk c63fca00
[  133.865081] rfcomm:rfcomm_sock_kill: sk c63fca00 state 5 refcnt 2
[  133.865539] rfcomm:rfcomm_sock_destruct: sk c63fca00 dlc c61ea240



I'm surprised to see d->state for the rfcomm_dlc is BT_CONFIG at
__rfcomm_dlc_close(), but looking at __rfcomm_dlc_open() this appears
to be intentional.

We do not hit __l2cap_sock_close()

We attempt a graceful rfcomm disconnected by sending the dlci
disconnected frame - but this does not make sense - since there is no
rfcomm connection yet.


Assuming that d->state == BT_CONFIG during this phase is correct, then
the attached patch will fix this issue.

However - I don't know the rfcomm state machine - so this patch may
having side effects. Requesting comments.

Nick

From d90a0cd7a0219808e8183eb74f76a61d043ab4c2 Mon Sep 17 00:00:00 2001
From: Nick Pelly <npelly@xxxxxxxxxx>
Date: Thu, 9 Jul 2009 12:23:44 -0700
Subject: [PATCH] Bluetooth: Do not attempt to send dlci disconnect when in BT_CONFIG.

This fixes a bug where shutdown() and close() on a rfcomm socket during ACL
connection would not cause HCI Create Connection Cancel.

Signed-off-by: Nick Pelly <npelly@xxxxxxxxxx>
---
 net/bluetooth/rfcomm/core.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 1d0fb0f..c109a3a 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -428,7 +428,6 @@ static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
 
 	switch (d->state) {
 	case BT_CONNECT:
-	case BT_CONFIG:
 		if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
 			set_bit(RFCOMM_AUTH_REJECT, &d->flags);
 			rfcomm_schedule(RFCOMM_SCHED_AUTH);
-- 
1.6.3.1