Bluetooth: Use hci_disconnect for immediate disconnection from SMP

Relying on the l2cap_conn_del procedure (triggered through the
l2cap_conn_shutdown API) to get the connection disconnected is not
reliable as it depends on all users releasing (through hci_conn_drop)
and that there's at least one user (so hci_conn_drop is called at least
one time).

A much simpler and more reliable solution is to call hci_disconnect()
directly from the SMP code when we want to disconnect. One side-effect
this has is that it prevents any SMP Failure PDU from being sent before
the disconnection, however neither one of the scenarios where
l2cap_conn_shutdown was used really requires this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 07ca4ce..4965849 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -829,7 +829,7 @@ static void smp_timeout(struct work_struct *work)
 
        BT_DBG("conn %p", conn);
 
-       l2cap_conn_shutdown(conn, ETIMEDOUT);
+       hci_disconnect(conn->hcon, HCI_ERROR_REMOTE_USER_TERM);
 }
 
 static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
@@ -1569,7 +1569,7 @@ static int smp_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
                if (smp)
                        cancel_delayed_work_sync(&smp->security_timer);
 
-               l2cap_conn_shutdown(chan->conn, -err);
+               hci_disconnect(chan->conn->hcon, HCI_ERROR_AUTH_FAILURE);
        }
 
        return err;