[PATCH 2/2] Bluetooth : Errata Service Release 8, Erratum 3253

Mallikarjun Phulari <mallikarjun.phulari@xxxxxxxxx> · Thu, 4 Oct 2018 10:59:47 +0530

L2CAP: New result values
	0x0006 - Connection refused – Invalid Source CID
	0x0007 - Connection refused – Source CID already allocated

As per the ESR08_V1.0.0, 1.11.2 Erratum 3253, Page No. 54,
"Remote CID invalid Issue".
Applies to Core Specification versions: V5.0, V4.2, v4.1, v4.0, and v3.0 + HS
Vol 3, Part A, Section 4.2, 4.3, 4.14, 4.15.

Core Specification Version 5.0, Page No.1753, Table 4.6 and
Page No. 1767, Table 4.14

New result values are added to l2cap connect/create channel response as
0x0006 - Connection refused – Invalid Source CID
0x0007 - Connection refused – Source CID already allocated

Signed-off-by: Mallikarjun Phulari <mallikarjun.phulari@xxxxxxxxx>
---
 include/net/bluetooth/l2cap.h |  6 ++++++
 net/bluetooth/l2cap_core.c    | 17 ++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 35788d9..fd3998a 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -275,6 +275,10 @@ struct l2cap_conn_rsp {
  * And changing the old result value wherever they were used
  */
 
+/* Adding two new connect/create channel results
+ * As per ESR08_V1.0.0, Erratum 3253
+ */
+
 /* connect/create channel results */
 #define L2CAP_CR_SUCCESS		0x0000
 #define L2CAP_CR_PEND			0x0001
@@ -282,6 +286,8 @@ struct l2cap_conn_rsp {
 #define L2CAP_CR_SEC_BLOCK		0x0003
 #define L2CAP_CR_NO_MEM			0x0004
 #define L2CAP_CR_BAD_AMP		0x0005
+#define L2CAP_CR_INVALID_SCID		0x0006
+#define L2CAP_CR_SCID_IN_USE		0x0007
 #define L2CAP_CR_LE_AUTHENTICATION	0x0005
 #define L2CAP_CR_LE_AUTHORIZATION	0x0006
 #define L2CAP_CR_LE_BAD_KEY_SIZE	0x0007
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 1c49419..85179ac 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3815,9 +3815,24 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn,
 
 	result = L2CAP_CR_NO_MEM;
 
+	/* As per ESR08_V1.0.0, Erratum 3253, check the CID is in valid
+	 * dynamic range and is not allocated already.
+	 * Send the new result values accordingly
+	 */
+
+	/* Check for valid dynamic CID range */
+	if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_DYN_END) {
+		result = L2CAP_CR_INVALID_SCID;
+		chan = NULL;
+		goto response;
+	}
+
 	/* Check if we already have channel with that dcid */
-	if (__l2cap_get_chan_by_dcid(conn, scid))
+	if (__l2cap_get_chan_by_dcid(conn, scid)) {
+		result = L2CAP_CR_SCID_IN_USE;
+		chan = NULL;
 		goto response;
+	}
 
 	chan = pchan->ops->new_connection(pchan);
 	if (!chan)
-- 
2.7.4







