[PATCH v3 6/7] Bluetooth: hci_sync: fix hci_conn_del() use in hci_le_create_conn_sync

Next message: Pauli Virtanen: "[PATCH v3 7/7] Bluetooth: hci_sync: remove unnecessary hci_conn_get in create_conn_sync"
Previous message: Pauli Virtanen: "[PATCH v3 5/7] Bluetooth: hci_sync: hold conn in hci_past_sync() callback"
In reply to: Pauli Virtanen: "[PATCH v3 5/7] Bluetooth: hci_sync: hold conn in hci_past_sync() callback"
Next in thread: Pauli Virtanen: "[PATCH v3 7/7] Bluetooth: hci_sync: remove unnecessary hci_conn_get in create_conn_sync"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pauli Virtanen

Date: Sun Jun 28 2026 - 08:15:10 EST

hci_conn_del() caller must hold hdev->lock, check the conn was not
concurrently deleted, and usually inform socket the conn is going to be
deleted.

Use hci_abort_conn_sync() instead of calling hci_conn_del() without
locks etc.

Fixes: 8e8b92ee60de5 ("Bluetooth: hci_sync: Add hci_le_create_conn_sync")
Signed-off-by: Pauli Virtanen <pav@xxxxxx>
---

Notes:
v3:
- use hci_abort_conn_sync instead of lock + hci_conn_valid + hci_conn_del

net/bluetooth/hci_sync.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 0bbc57792206..ab5436e548f9 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -6623,7 +6623,9 @@ static int hci_le_create_conn_sync(struct hci_dev *hdev, void *data)
if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
hdev->le_scan_type == LE_SCAN_ACTIVE &&
!hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES)) {
- hci_conn_del(conn);
+ conn->state = BT_OPEN;
+ hci_abort_conn_sync(hdev, conn,
+ HCI_ERROR_REJ_LIMITED_RESOURCES);
hci_conn_put(conn);
return -EBUSY;
}
--
2.54.0