From 79fa8ef2d15219eb7c41ee9af313047120f998b3 Mon Sep 17 00:00:00 2001
From: Szymon Janc <szymon.janc@tieto.com>
Date: Fri, 18 Jan 2013 12:51:35 +0100
Subject: [PATCH] core: Add workaround for device pairing kernel bug

Some kernels reply to device pairing command with bogus command status
instead of command complete event if adapter was not powered.

Command status event doesn't provide remote device address and type
needed to properly complete bonding request.

Pass possibly missing data as user_data to mgmt_send and use it in
pair_device_complete function if needed.
---
 src/adapter.c | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/src/adapter.c b/src/adapter.c
index 1a5b1ad82..4438eda91 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -4643,17 +4643,39 @@ static void adapter_bonding_complete(struct btd_adapter *adapter,
 	check_oob_bonding_complete(adapter, bdaddr, status);
 }
 
+struct pair_device_data {
+	struct btd_adapter *adapter;
+	bdaddr_t bdaddr;
+	uint8_t addr_type;
+};
+
+static void free_pair_device_data(void *user_data)
+{
+	struct pair_device_data *data = user_data;
+
+	g_free(data);
+}
+
 static void pair_device_complete(uint8_t status, uint16_t length,
 					const void *param, void *user_data)
 {
 	const struct mgmt_rp_pair_device *rp = param;
-	struct btd_adapter *adapter = user_data;
+	struct pair_device_data *data = user_data;
 
 	DBG("%s (0x%02x)", mgmt_errstr(status), status);
 
+	/* Workaround for a kernel bug
+	 *
+	 * Broken kernels may reply to device pairing command with command
+	 * status instead of command complete event e.g. if adapter was not
+	 * powered.
+	 */
 	if (status != MGMT_STATUS_SUCCESS && length < sizeof(*rp)) {
 		error("Pair device failed: %s (0x%02x)",
 						mgmt_errstr(status), status);
+
+		adapter_bonding_complete(data->adapter, &data->bdaddr,
+						data->addr_type, status);
 		return;
 	}
 
@@ -4662,8 +4684,8 @@ static void pair_device_complete(uint8_t status, uint16_t length,
 		return;
 	}
 
-	adapter_bonding_complete(adapter, &rp->addr.bdaddr, rp->addr.type,
-								status);
+	adapter_bonding_complete(data->adapter, &rp->addr.bdaddr,
+						rp->addr.type, status);
 }
 
 int adapter_create_bonding(struct btd_adapter *adapter, const bdaddr_t *bdaddr,
@@ -4671,6 +4693,7 @@ int adapter_create_bonding(struct btd_adapter *adapter, const bdaddr_t *bdaddr,
 {
 	struct mgmt_cp_pair_device cp;
 	char addr[18];
+	struct pair_device_data *data;
 
 	suspend_discovery(adapter);
 
@@ -4683,13 +4706,21 @@ int adapter_create_bonding(struct btd_adapter *adapter, const bdaddr_t *bdaddr,
 	cp.addr.type = addr_type;
 	cp.io_cap = io_cap;
 
+	data = g_new0(struct pair_device_data, 1);
+	data->adapter = adapter;
+	bacpy(&data->bdaddr, bdaddr);
+	data->addr_type = addr_type;
+
 	if (mgmt_send(adapter->mgmt, MGMT_OP_PAIR_DEVICE,
 				adapter->dev_id, sizeof(cp), &cp,
-				pair_device_complete, adapter, NULL) > 0)
+				pair_device_complete, data,
+				free_pair_device_data) > 0)
 		return 0;
 
 	error("Failed to pair %s for hci%u", addr, adapter->dev_id);
 
+	free_pair_device_data(data);
+
 	return -EIO;
 }
 
-- 
2.47.3