Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags

[ Upstream commit 1e2e3044c1bc64a64aa0eaf7c17f7832c26c9775 ]

Device flags could be updated in the meantime while MGMT_OP_ADD_DEVICE
is pending on hci_update_passive_scan_sync so instead of setting the
current_flags as cmd->user_data just do a lookup using
hci_conn_params_lookup and use the latest stored flags.

Fixes: a182d9c84f9c ("Bluetooth: MGMT: Fix Add Device to responding before completing")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 29e420e9754bb30b53b7054cabd818b812d60992..589c3a481e4c1006cb6a605103044ed8ca087b9b 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -7605,11 +7605,16 @@ static void add_device_complete(struct hci_dev *hdev, void *data, int err)
        struct mgmt_cp_add_device *cp = cmd->param;
 
        if (!err) {
+               struct hci_conn_params *params;
+
+               params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
+                                               le_addr_type(cp->addr.type));
+
                device_added(cmd->sk, hdev, &cp->addr.bdaddr, cp->addr.type,
                             cp->action);
                device_flags_changed(NULL, hdev, &cp->addr.bdaddr,
                                     cp->addr.type, hdev->conn_flags,
-                                    PTR_UINT(cmd->user_data));
+                                    params ? params->flags : 0);
        }
 
        mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEVICE,
@@ -7712,8 +7717,6 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
                goto unlock;
        }
 
-       cmd->user_data = UINT_PTR(current_flags);
-
        err = hci_cmd_sync_queue(hdev, add_device_sync, cmd,
                                 add_device_complete);
        if (err < 0) {