Bluetooth: hci_conn: avoid checking uninitialized CIG/CIS ids

The CIS/CIG ids of ISO connections are defined only when the connection
is unicast.

Fix the lookup functions to check for unicast first. Ensure CIG/CIS
IDs have valid value also in state BT_OPEN.

Signed-off-by: Pauli Virtanen <pav@iki.fi>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index f4462c3..c53d742 100644 (file)
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -1219,7 +1219,7 @@ static inline struct hci_conn *hci_conn_hash_lookup_cis(struct hci_dev *hdev,
        rcu_read_lock();
 
        list_for_each_entry_rcu(c, &h->list, list) {
-               if (c->type != ISO_LINK)
+               if (c->type != ISO_LINK || !bacmp(&c->dst, BDADDR_ANY))
                        continue;
 
                /* Match CIG ID if set */
@@ -1251,7 +1251,7 @@ static inline struct hci_conn *hci_conn_hash_lookup_cig(struct hci_dev *hdev,
        rcu_read_lock();
 
        list_for_each_entry_rcu(c, &h->list, list) {
-               if (c->type != ISO_LINK)
+               if (c->type != ISO_LINK || !bacmp(&c->dst, BDADDR_ANY))
                        continue;
 
                if (handle == c->iso_qos.ucast.cig) {

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 4ad6af4..2347467 100644 (file)
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -1866,6 +1866,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
                        return ERR_PTR(-ENOMEM);
                cis->cleanup = cis_cleanup;
                cis->dst_type = dst_type;
+               cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
+               cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
        }
 
        if (cis->state == BT_CONNECTED)