lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1476795449-20592-1-git-send-email-akarwar@marvell.com>
Date:   Tue, 18 Oct 2016 18:27:29 +0530
From:   Amitkumar Karwar <akarwar@...vell.com>
To:     <linux-bluetooth@...r.kernel.org>
CC:     <marcel@...tmann.org>, <linux-kernel@...r.kernel.org>,
        Cathy Luo <cluo@...vell.com>,
        Nishant Sarmukadam <nishants@...vell.com>,
        Ganapathi Bhat <gbhat@...vell.com>,
        Amitkumar Karwar <akarwar@...vell.com>
Subject: [PATCH] btusb: fix zero BD address problem during stress test

From: Ganapathi Bhat <gbhat@...vell.com>

We came across a corner case issue during reboot stress test
in which hciconfig shows BD address is all zero. Reason is we
don't get response for HCI RESET command during initialization

The issue is tracked to a race where USB subsystem calls
btusb_intr_complete() to deliver a data(NOOP frame) received
on interrupt endpoint. HCI_RUNNING flag is not yet set by
bluetooth subsystem. So we ignore that frame and return.

As we missed to resubmit the buffer to interrupt endpoint in
this case, we don't get response for BT reset command downloaded
after this.

This patch handles the corner case to resolve zero BD address
problem.

Signed-off-by: Ganapathi Bhat <gbhat@...vell.com>
Signed-off-by: Amitkumar Karwar <akarwar@...vell.com>
---
 drivers/bluetooth/btusb.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 811f9b9..b5596ac 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -607,10 +607,7 @@ static void btusb_intr_complete(struct urb *urb)
 	BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
 	       urb->actual_length);
 
-	if (!test_bit(HCI_RUNNING, &hdev->flags))
-		return;
-
-	if (urb->status == 0) {
+	if (urb->status == 0 && test_bit(HCI_RUNNING, &hdev->flags)) {
 		hdev->stat.byte_rx += urb->actual_length;
 
 		if (btusb_recv_intr(data, urb->transfer_buffer,
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ