For some broadcast scenarios, the user might open a nonblocking socket
and might call connect without defer setup - this will queue the
commands for adding an advertising instance and creating a BIG.
If the socket is closed before the LE BIG Complete event arrives
(connection is still pending), the conn should be properly cleaned up:
it should be removed from the hash list, the adv set should be removed,
and the BIG will be terminated once the LE BIG Complete event arrives,
since no active connections will be found at that point.
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@xxxxxxx>
---
net/bluetooth/iso.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c
index b9a008fd10b1..261e26ec8f16 100644
--- a/net/bluetooth/iso.c
+++ b/net/bluetooth/iso.c
@@ -655,13 +655,15 @@ static void __iso_sock_close(struct sock *sk)
iso_conn_defer_reject(iso_pi(sk)->conn->hcon);
iso_chan_del(sk, ECONNRESET);
break;
+
case BT_CONNECT:
- /* In case of DEFER_SETUP the hcon would be bound to CIG which
- * needs to be removed so just call hci_conn_del so the cleanup
- * callback do what is needed.
+ /* In case hcon is bound to a CIG/BIG, just call
+ * hci_conn_del so the cleanup callback does what
+ * is needed.
*/
- if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
- iso_pi(sk)->conn->hcon) {
+ if ((!bacmp(&iso_pi(sk)->dst, BDADDR_ANY) ||
+ test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) &&
+ iso_pi(sk)->conn->hcon) {
hci_conn_del(iso_pi(sk)->conn->hcon);
iso_pi(sk)->conn->hcon = NULL;
}
--
2.34.1
