From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 28 May 2025 18:53:11 +0000 (-0400)
Subject: Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
X-Git-Tag: v5.10.239~252
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a1104b6ba6cffc47c38bc1f595f4e0aa7683630d;p=thirdparty%2Fkernel%2Fstable.git

Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION

[ Upstream commit 03dba9cea72f977e873e4e60e220fa596959dd8f ]

Depending on the security set the response to L2CAP_LE_CONN_REQ shall be
just L2CAP_CR_LE_ENCRYPTION if only encryption when BT_SECURITY_MEDIUM
is selected since that means security mode 2 which doesn't require
authentication which is something that is covered in the qualification
test L2CAP/LE/CFC/BV-25-C.

Link: https://github.com/bluez/bluez/issues/1270
Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index be281a95a0a8b..08d91a3d3460d 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -5861,7 +5861,8 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
 
 	if (!smp_sufficient_security(conn->hcon, pchan->sec_level,
 				     SMP_ALLOW_STK)) {
-		result = L2CAP_CR_LE_AUTHENTICATION;
+		result = pchan->sec_level == BT_SECURITY_MEDIUM ?
+			L2CAP_CR_LE_ENCRYPTION : L2CAP_CR_LE_AUTHENTICATION;
 		chan = NULL;
 		goto response_unlock;
 	}