| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABBYNZ+eVbYr4+08-qCccV+2BpUibV7jA55jJti9+PFS_4L1yg@mail.gmail.com>
Date: Mon, 30 Jun 2025 15:24:03 -0400
From: Luiz Augusto von Dentz <luiz.dentz@...il.com>
To: yang.li@...ogic.com
Cc: Marcel Holtmann <marcel@...tmann.org>, Johan Hedberg <johan.hedberg@...il.com>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] Bluetooth: hci_event: Add support for handling LE BIG
Sync Lost event
Hi,
On Mon, Jun 30, 2025 at 2:45 AM Yang Li via B4 Relay
<devnull+yang.li.amlogic.com@...nel.org> wrote:
>
> From: Yang Li <yang.li@...ogic.com>
>
> When the BIS source stops, the controller sends an LE BIG Sync Lost
> event (subevent 0x1E). Currently, this event is not handled, causing
> the BIS stream to remain active in BlueZ and preventing recovery.
>
> Signed-off-by: Yang Li <yang.li@...ogic.com>
> ---
> Changes in v3:
> - Delete the PA sync connection separately.
> - Add state and role check when lookup BIS connections
> - Link to v2: https://lore.kernel.org/r/20250625-handle_big_sync_lost_event-v2-1-81f163057a21@amlogic.com
>
> Changes in v2:
> - Matching the BIG handle is required when looking up a BIG connection.
> - Use ev->reason to determine the cause of disconnection.
> - Call hci_conn_del after hci_disconnect_cfm to remove the connection entry
> - Delete the big connection
> - Link to v1: https://lore.kernel.org/r/20250624-handle_big_sync_lost_event-v1-1-c32ce37dd6a5@amlogic.com
> ---
> include/net/bluetooth/hci.h | 6 ++++++
> include/net/bluetooth/hci_core.h | 16 ++++++++++++----
> net/bluetooth/hci_conn.c | 3 ++-
> net/bluetooth/hci_event.c | 39 ++++++++++++++++++++++++++++++++++++++-
> 4 files changed, 58 insertions(+), 6 deletions(-)
>
> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
> index 82cbd54443ac..48389a64accb 100644
> --- a/include/net/bluetooth/hci.h
> +++ b/include/net/bluetooth/hci.h
> @@ -2849,6 +2849,12 @@ struct hci_evt_le_big_sync_estabilished {
> __le16 bis[];
> } __packed;
>
> +#define HCI_EVT_LE_BIG_SYNC_LOST 0x1e
> +struct hci_evt_le_big_sync_lost {
> + __u8 handle;
> + __u8 reason;
> +} __packed;
> +
> #define HCI_EVT_LE_BIG_INFO_ADV_REPORT 0x22
> struct hci_evt_le_big_info_adv_report {
> __le16 sync_handle;
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index a760f05fa3fb..5ab19d4fef93 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -1340,7 +1340,8 @@ hci_conn_hash_lookup_big_sync_pend(struct hci_dev *hdev,
> }
>
> static inline struct hci_conn *
> -hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state)
> +hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle,
> + __u16 state, __u8 role)
> {
> struct hci_conn_hash *h = &hdev->conn_hash;
> struct hci_conn *c;
> @@ -1348,9 +1349,16 @@ hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state)
> rcu_read_lock();
>
> list_for_each_entry_rcu(c, &h->list, list) {
> - if (c->type != BIS_LINK || bacmp(&c->dst, BDADDR_ANY) ||
> - c->state != state)
> - continue;
> + if (role == HCI_ROLE_MASTER) {
> + if (c->type != BIS_LINK || bacmp(&c->dst, BDADDR_ANY) ||
> + c->state != state || c->role != role)
> + continue;
We don't really need to compare the address anymore since we now have
dedicated types for CIS and BIS, Id probably fix that in a leading
patch since that should have been added as a Fixes to the commit that
introduced the separate types, I will send a fix for it just make sure
you rebase your tree on top of bluetooth-next.
> + } else {
> + if (c->type != BIS_LINK ||
> + c->state != state ||
> + c->role != role)
> + continue;
> + }
Then all we need to do is add the role check.
>
> if (handle == c->iso_qos.bcast.big) {
> rcu_read_unlock();
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 4f379184df5b..6bb1ab42db39 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -2146,7 +2146,8 @@ struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, __u8 sid,
> struct hci_link *link;
>
> /* Look for any BIS that is open for rebinding */
> - conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN);
> + conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big,
> + BT_OPEN, HCI_ROLE_MASTER);
> if (conn) {
> memcpy(qos, &conn->iso_qos, sizeof(*qos));
> conn->state = BT_CONNECTED;
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index 66052d6aaa1d..f3e3e4964677 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -3903,6 +3903,8 @@ static u8 hci_cc_le_setup_iso_path(struct hci_dev *hdev, void *data,
> goto unlock;
> }
>
> + conn->state = BT_CONNECTED;
> +
> switch (cp->direction) {
> /* Input (Host to Controller) */
> case 0x00:
> @@ -6913,7 +6915,7 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
>
> /* Connect all BISes that are bound to the BIG */
> while ((conn = hci_conn_hash_lookup_big_state(hdev, ev->handle,
> - BT_BOUND))) {
> + BT_BOUND, HCI_ROLE_MASTER))) {
> if (ev->status) {
> hci_connect_cfm(conn, ev->status);
> hci_conn_del(conn);
> @@ -6968,6 +6970,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
> }
>
> clear_bit(HCI_CONN_CREATE_BIG_SYNC, &conn->flags);
> + conn->state = BT_CONNECTED;
Wrong line, anyway I have fixed this upstream already so you need to rebase.
> conn->num_bis = 0;
> memset(conn->bis, 0, sizeof(conn->num_bis));
> @@ -7026,6 +7029,35 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
> hci_dev_unlock(hdev);
> }
>
> +static void hci_le_big_sync_lost_evt(struct hci_dev *hdev, void *data,
> + struct sk_buff *skb)
> +{
> + struct hci_evt_le_big_sync_lost *ev = data;
> + struct hci_conn *bis, *conn;
> +
> + bt_dev_dbg(hdev, "big handle 0x%2.2x", ev->handle);
> +
> + hci_dev_lock(hdev);
> +
> + /* Delete the pa sync connection */
> + bis = hci_conn_hash_lookup_pa_sync_big_handle(hdev, ev->handle);
> + if (bis) {
> + conn = hci_conn_hash_lookup_pa_sync_handle(hdev, bis->sync_handle);
> + if (conn)
> + hci_conn_del(conn);
> + }
> +
> + /* Delete each bis connection */
> + while ((bis = hci_conn_hash_lookup_big_state(hdev, ev->handle,
> + BT_CONNECTED, HCI_ROLE_SLAVE))) {
> + clear_bit(HCI_CONN_BIG_SYNC, &bis->flags);
> + hci_disconn_cfm(bis, ev->reason);
> + hci_conn_del(bis);
> + }
> +
> + hci_dev_unlock(hdev);
> +}
> +
> static void hci_le_big_info_adv_report_evt(struct hci_dev *hdev, void *data,
> struct sk_buff *skb)
> {
> @@ -7149,6 +7181,11 @@ static const struct hci_le_ev {
> hci_le_big_sync_established_evt,
> sizeof(struct hci_evt_le_big_sync_estabilished),
> HCI_MAX_EVENT_SIZE),
> + /* [0x1e = HCI_EVT_LE_BIG_SYNC_LOST] */
> + HCI_LE_EV_VL(HCI_EVT_LE_BIG_SYNC_LOST,
> + hci_le_big_sync_lost_evt,
> + sizeof(struct hci_evt_le_big_sync_lost),
> + HCI_MAX_EVENT_SIZE),
After you fix the comments I do expect some code to introduce support
into our emulator and then add some test to iso-tester that causes the
test to generate HCI_EVT_LE_BIG_SYNC_LOST so we can confirm this is
working as intended.
> /* [0x22 = HCI_EVT_LE_BIG_INFO_ADV_REPORT] */
> HCI_LE_EV_VL(HCI_EVT_LE_BIG_INFO_ADV_REPORT,
> hci_le_big_info_adv_report_evt,
>
> ---
> base-commit: bd35cd12d915bc410c721ba28afcada16f0ebd16
> change-id: 20250612-handle_big_sync_lost_event-4c7dc64390a2
>
> Best regards,
> --
> Yang Li <yang.li@...ogic.com>
>
>
--
Luiz Augusto von Dentz
Powered by blists - more mailing lists