From: Luiz Augusto von Dentz Date: Mon, 20 Nov 2023 15:04:39 +0000 (-0500) Subject: Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent X-Git-Tag: dma-mapping-6.9-2024-03-11~485^2~8^2~6 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=99e67d46e5ff3c7c901af6009edec72d3d363be8;p=users%2Fhch%2Fdma-mapping.git Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent Before setting HCI_INQUIRY bit check if HCI_OP_INQUIRY was really sent otherwise the controller maybe be generating invalid events or, more likely, it is a result of fuzzing tools attempting to test the right behavior of the stack when unexpected events are generated. Cc: stable@vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=218151 Signed-off-by: Luiz Augusto von Dentz --- diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 5b6fd625fc09..a94decff233e 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2302,7 +2302,8 @@ static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status) return; } - set_bit(HCI_INQUIRY, &hdev->flags); + if (hci_sent_cmd_data(hdev, HCI_OP_INQUIRY)) + set_bit(HCI_INQUIRY, &hdev->flags); } static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)