[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABBYNZKQi+Ma3spkJcn-FrhojsMCVxQqhW_Mhp5Z42u8_f2vBw@mail.gmail.com>
Date: Wed, 23 Aug 2023 14:26:00 -0700
From: Luiz Augusto von Dentz <luiz.dentz@...il.com>
To: Xin-Yu Liu <by2239112@...a.edu.cn>
Cc: marcel@...tmann.org, johan.hedberg@...il.com, baijiaju@...a.edu.cn,
sy2239101@...a.edu.cn, linux-bluetooth@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: bluetooth: fix consistent connection failure caused
by the loss of HCI_Connection_Complete event
Hi,
On Wed, Aug 23, 2023 at 5:52 AM Xin-Yu Liu <by2239112@...a.edu.cn> wrote:
>
> During a connection attempt, if the HCI_Connection_Complete event
> is lost and not received by the Host, it will result in
> a connection failure.
>
> In that process, the hci_conn, the handle of which is still
> HCI_CONN_HANDLE_UNSET, will not be removed from the conn_hash
> as it would during a regular disconnection opration.
> Consequently, when an ACL connection is initiated for the same device,
> the hci_conn is found in hash_conn based on "ba", with its state remaining
> BT_CONNECT. Then the Host will send an HCI_Create_Connection_Cancel
> command, which will result in subsequent Bluetooth connections
> for the same device consistently failing.
>
> In order to solve the potential bug, if the hci_conn's state is
> BT_CONNECT and handle is HCI_CONN_HANDLE_UNSET, remove this hci_conn
> from conn_hash. This adjustment could potentially help ensure that the
> specific conn is cleaned up at the appropriate times, then the subsequent
> connection for the same device will no longer experience failures.
>
> Signed-off-by: Xin-Yu Liu <by2239112@...a.edu.cn>
> ---
> net/bluetooth/hci_conn.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 76222565e..219c62579 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -2886,6 +2886,10 @@ int hci_abort_conn(struct hci_conn *conn, u8 reason)
> } else if (conn->type == ACL_LINK) {
> if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
> break;
> + if (conn->state == HCI_CONN_HANDLE_UNSET) {
> + hci_conn_cleanup(conn);
> + break;
> + }
This won't apply upstream if you are wondering why CI hasn't managed
to pick it up, this should be fixed by the following line if
connection cannot be aborted:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/tree/net/bluetooth/hci_sync.c?id=c452805643ff9762626f2c87c2640ab7c7099eb8#n5432
> r = hci_send_cmd(conn->hdev,
> HCI_OP_CREATE_CONN_CANCEL,
> 6, &conn->dst);
> --
> 2.25.1
>
--
Luiz Augusto von Dentz
Powered by blists - more mailing lists