Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event

[ Upstream commit 23837a6d7a1a61818ed94a6b8af552d6cf7d32d5 ]

Error status of this event means that it has ended due reasons other
than a connection:

 'If advertising has terminated as a result of the advertising duration
 elapsing, the Status parameter shall be set to the error code
 Advertising Timeout (0x3C).'

 'If advertising has terminated because the
 Max_Extended_Advertising_Events was reached, the Status parameter
 shall be set to the error code Limit Reached (0x43).'

Fixes: acf0aeae431a0 ("Bluetooth: Handle ADv set terminated event")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 20f17d3..d62ac4b 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5256,8 +5256,19 @@ static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
 
        BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
 
-       if (ev->status)
+       if (ev->status) {
+               struct adv_info *adv;
+
+               adv = hci_find_adv_instance(hdev, ev->handle);
+               if (!adv)
+                       return;
+
+               /* Remove advertising as it has been terminated */
+               hci_remove_adv_instance(hdev, ev->handle);
+               mgmt_advertising_removed(NULL, hdev, ev->handle);
+
                return;
+       }
 
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
        if (conn) {