From: Dean Jenkins <Dean_Jenkins@xxxxxxxxxx>
There is a L2CAP protocol race between the local peer and
the remote peer demanding disconnection of the L2CAP link.
When L2CAP ERTM is used, l2cap_sock_shutdown() can be called
from userland to disconnect L2CAP. However, there can be a
delay introduced by waiting for ACKs. During this waiting
period, the remote peer may have sent a Disconnection Request.
Therefore, recheck the shutdown status of the socket
after waiting for ACKs because there is no need to do
further processing if the connection has gone.
Signed-off-by: Dean Jenkins <Dean_Jenkins@xxxxxxxxxx>
Signed-off-by: Harish Jenny K N <harish_kandiga@xxxxxxxxxx>
Signed-off-by: Marcel Holtmann <marcel@xxxxxxxxxxxx>
---
net/bluetooth/l2cap_sock.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index efc0326f6823..e01f1557e1cc 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -1123,9 +1123,17 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
if (chan->mode == L2CAP_MODE_ERTM &&
chan->unacked_frames > 0 &&
- chan->state == BT_CONNECTED)
+ chan->state == BT_CONNECTED) {
err = __l2cap_wait_ack(sk, chan);
+ /* After waiting for ACKs, check whether shutdown
+ * has already been actioned to close the L2CAP
+ * link such as by l2cap_disconnection_req().
+ */
+ if (sk->sk_shutdown)
+ goto has_shutdown;
+ }
+
sk->sk_shutdown = SHUTDOWN_MASK;
release_sock(sk);
@@ -1156,6 +1164,7 @@ static int l2cap_sock_shutdown(struct socket *sock, int how)
err = bt_sock_wait_state(sk, BT_CLOSED,
sk->sk_lingertime);
+has_shutdown:
l2cap_chan_put(chan);
sock_put(sk);
--
2.17.1
