--- /dev/null
+From c73f94b8c093a615ce80eabbde0ac6eb9abfe31a Mon Sep 17 00:00:00 2001
+From: Johan Hedberg <johan.hedberg@intel.com>
+Date: Fri, 13 Jun 2014 10:22:28 +0300
+Subject: Bluetooth: Fix locking of hdev when calling into SMP code
+
+From: Johan Hedberg <johan.hedberg@intel.com>
+
+commit c73f94b8c093a615ce80eabbde0ac6eb9abfe31a upstream.
+
+The SMP code expects hdev to be unlocked since e.g. crypto functions
+will try to (re)lock it. Therefore, we need to release the lock before
+calling into smp.c from mgmt.c. Without this we risk a deadlock whenever
+the smp_user_confirm_reply() function is called.
+
+Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
+Tested-by: Lukasz Rymanowski <lukasz.rymanowski@tieto.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/mgmt.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/bluetooth/mgmt.c
++++ b/net/bluetooth/mgmt.c
+@@ -2333,8 +2333,13 @@ static int user_pairing_resp(struct sock
+ }
+
+ if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
+- /* Continue with pairing via SMP */
++ /* Continue with pairing via SMP. The hdev lock must be
++ * released as SMP may try to recquire it for crypto
++ * purposes.
++ */
++ hci_dev_unlock(hdev);
+ err = smp_user_confirm_reply(conn, mgmt_op, passkey);
++ hci_dev_lock(hdev);
+
+ if (!err)
+ err = cmd_complete(sk, hdev->id, mgmt_op,
projects / thirdparty / kernel / stable-queue.git / commitdiff
