| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jan 2024 19:59:31 +0100
From: Jonas Dreßler <verdre@...d.nl>
To: Marcel Holtmann <marcel@...tmann.org>,
Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>
Cc: Jonas Dreßler <verdre@...d.nl>,
linux-bluetooth@...r.kernel.org,
linux-kernel@...r.kernel.org,
netdev@...r.kernel.org
Subject: [PATCH 4/5] Bluetooth: hci_event: Do sanity checks before retrying to connect
When we receive "Command Disallowed" response to HCI_CREATE_CONNECTION,
we'll try to connect again later, assuming that the command failed either
because there's already concurrent "Create Connection" requests on the
card and all "slots" for new connections are exhausted, or the card is
in the middle of doing an HCI Inquiry.
Both of those conditions we should know about, so do some sanity checking
to ensure one of them actually applies. If they don't, log an error and
delete the connection.
Signed-off-by: Jonas Dreßler <verdre@...d.nl>
---
net/bluetooth/hci_event.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index e1f5b6f90..1376092c5 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2323,8 +2323,28 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
if (status) {
if (conn && conn->state == BT_CONNECT) {
+ /* If the request failed with "Command Disallowed", the
+ * card is either using all its available "slots" for
+ * attempting new connections, or it's currently
+ * doing an HCI Inquiry. In these cases we'll try to
+ * do the "Create Connection" request again later.
+ */
if (status == HCI_ERROR_COMMAND_DISALLOWED) {
conn->state = BT_CONNECT2;
+
+ if (!hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT) &&
+ !test_bit(HCI_INQUIRY, &hdev->flags)) {
+ bt_dev_err(hdev,
+ "\"Create Connection\" returned error "
+ "(0x%2.2x) indicating to try again, but "
+ "there's no concurrent \"Create "
+ "Connection\" nor an ongoing inquiry",
+ status);
+
+ conn->state = BT_CLOSED;
+ hci_connect_cfm(conn, status);
+ hci_conn_del(conn);
+ }
} else {
conn->state = BT_CLOSED;
hci_connect_cfm(conn, status);
--
2.43.0
Powered by blists - more mailing lists