Bluetooth: Check inquiry status before sending one

There is a possibility where HCI_INQUIRY flag is set but we still
send HCI_OP_INQUIRY anyway.

Such a case can be reproduced by connecting to an LE device while
active scanning. When the device is discovered, we initiate a
connection, stop LE Scan, and send Discovery MGMT with status
disabled, but we don't cancel the inquiry.

Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index 6cd9d41..5b4eb87 100644 (file)
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -2950,6 +2950,9 @@ static int bredr_inquiry(struct hci_request *req, unsigned long opt)
        const u8 liac[3] = { 0x00, 0x8b, 0x9e };
        struct hci_cp_inquiry cp;
 
+       if (test_bit(HCI_INQUIRY, &req->hdev->flags))
+               return 0;
+
        bt_dev_dbg(req->hdev, "");
 
        hci_dev_lock(req->hdev);