From a0349689ff5e0919ac560a106e0a1670b1554853 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Tue, 7 Jan 2020 09:52:14 +0100 Subject: [PATCH] Bluetooth: host: Fix conn object assigned to wrong connection Fix conn object assigned to the wrong controller connection in the connection complete handler. This could happen when running a directed advertiser and establishing a connection at the same time to the same peer. Signed-off-by: Joakim Andersson --- subsys/bluetooth/host/hci_core.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/subsys/bluetooth/host/hci_core.c b/subsys/bluetooth/host/hci_core.c index 761ca22fa19..7e8a6e6ef73 100644 --- a/subsys/bluetooth/host/hci_core.c +++ b/subsys/bluetooth/host/hci_core.c @@ -1096,7 +1096,7 @@ static void update_pending_id(struct bt_keys *keys, void *data) } #endif -static struct bt_conn *find_pending_connect(bt_addr_le_t *peer_addr) +static struct bt_conn *find_pending_connect(u8_t role, bt_addr_le_t *peer_addr) { struct bt_conn *conn; @@ -1104,12 +1104,18 @@ static struct bt_conn *find_pending_connect(bt_addr_le_t *peer_addr) * Make lookup to check if there's a connection object in * CONNECT or DIR_ADV state associated with passed peer LE address. */ - conn = bt_conn_lookup_state_le(peer_addr, BT_CONN_CONNECT); - if (conn) { + if (IS_ENABLED(CONFIG_BT_CENTRAL) && role == BT_HCI_ROLE_MASTER) { + conn = bt_conn_lookup_state_le(peer_addr, BT_CONN_CONNECT); return conn; } - return bt_conn_lookup_state_le(peer_addr, BT_CONN_CONNECT_DIR_ADV); + if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && role == BT_HCI_ROLE_SLAVE) { + conn = bt_conn_lookup_state_le(peer_addr, + BT_CONN_CONNECT_DIR_ADV); + return conn; + } + + return NULL; } static void conn_auto_initiate(struct bt_conn *conn) @@ -1185,7 +1191,7 @@ static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt) * * Depending on error code address might not be valid anyway. */ - conn = find_pending_connect(NULL); + conn = find_pending_connect(evt->role, NULL); if (!conn) { return; } @@ -1248,7 +1254,7 @@ static void enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt) bt_addr_le_copy(&peer_addr, &evt->peer_addr); } - conn = find_pending_connect(&id_addr); + conn = find_pending_connect(evt->role, &id_addr); if (IS_ENABLED(CONFIG_BT_PERIPHERAL) && evt->role == BT_HCI_ROLE_SLAVE) {