Bluetooth: L2CAP: Fix returning correct LE CoC response codes

The core spec defines specific response codes for situations when the
received CID is incorrect. Add the defines for these and return them
as appropriate from the LE Connect Request handler function.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index c98afc08cc2612e046cd070b22d25aa18a88c457..52899291f40144c0dab97e135b0c9762ade5c8d1 100644 (file)
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -275,6 +275,8 @@ struct l2cap_conn_rsp {
 #define L2CAP_CR_AUTHORIZATION 0x0006
 #define L2CAP_CR_BAD_KEY_SIZE  0x0007
 #define L2CAP_CR_ENCRYPTION    0x0008
+#define L2CAP_CR_INVALID_SCID  0x0009
+#define L2CAP_CR_SCID_IN_USE   0x0010
 
 /* connect/create channel status */
 #define L2CAP_CS_NO_INFO       0x0000

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 7c65ee200c29215c6b3f050cfbb881873be4946a..8fd36f59dcdef344d02d5d6f27df5a4af4d561e5 100644 (file)
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -5437,9 +5437,16 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
                goto response_unlock;
        }
 
+       /* Check for valid dynamic CID range */
+       if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
+               result = L2CAP_CR_INVALID_SCID;
+               chan = NULL;
+               goto response_unlock;
+       }
+
        /* Check if we already have channel with that dcid */
        if (__l2cap_get_chan_by_dcid(conn, scid)) {
-               result = L2CAP_CR_NO_MEM;
+               result = L2CAP_CR_SCID_IN_USE;
                chan = NULL;
                goto response_unlock;
        }