| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABBYNZJ9jLwiieHC=ohp+EjtoO7_4Umd2giRKNe1y0u-qpP1ww@mail.gmail.com>
Date: Tue, 8 Jul 2025 14:45:45 -0400
From: Luiz Augusto von Dentz <luiz.dentz@...il.com>
To: Alessandro Gasbarroni <alex.gasbarroni@...il.com>
Cc: marcel@...tmann.org, johan.hedberg@...il.com,
linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: hci_sync: fix connectable extended advertising
when using static random address
Hi Alessandro,
On Tue, Jul 8, 2025 at 10:17 AM Alessandro Gasbarroni
<alex.gasbarroni@...il.com> wrote:
>
> Currently, the connectable flag used by the setup of an extended
> advertising instance drives whether we require privacy when trying to pass
> a random address to the advertising parameters (Own Address).
> If privacy is not required, then it automatically falls back to using the
> controller's public address. This can cause problems when using controllers
> that do not have a public address set, but instead use a static random
> address.
>
> e.g. Assume a BLE controller that does not have a public address set.
> The controller upon powering is set with a random static address by default
> by the kernel.
>
> < HCI Command: LE Set Random Address (0x08|0x0005) plen 6
> Address: E4:AF:26:D8:3E:3A (Static)
> > HCI Event: Command Complete (0x0e) plen 4
> LE Set Random Address (0x08|0x0005) ncmd 1
> Status: Success (0x00)
>
> Setting non-connectable extended advertisement parameters in bluetoothctl
> mgmt
>
> add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g 1
>
> correctly sets Own address type as Random
>
> < HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
> plen 25
> ...
> Own address type: Random (0x01)
>
> Setting connectable extended advertisement parameters in bluetoothctl mgmt
>
> add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g -c 1
>
> mistakenly sets Own address type to Public (which causes to use Public
> Address 00:00:00:00:00:00)
>
> < HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
> plen 25
> ...
> Own address type: Public (0x00)
>
> This causes either the controller to emit an Invalid Parameters error or to
> mishandle the advertising.
>
> This patch makes sure that we use the already set static random address
> when requesting a connectable extended advertising when we don't require
> privacy and our public address is not set (00:00:00:00:00:00).
>
> Signed-off-by: Alessandro Gasbarroni <alex.gasbarroni@...il.com>
> ---
> net/bluetooth/hci_sync.c | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
> index 77b3691f3423..012a9e9a4f9b 100644
> --- a/net/bluetooth/hci_sync.c
> +++ b/net/bluetooth/hci_sync.c
> @@ -6815,8 +6815,19 @@ int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
> return 0;
> }
>
> - /* No privacy so use a public address. */
> - *own_addr_type = ADDR_LE_DEV_PUBLIC;
> + /* No privacy
> + *
> + * Even though no privacy is requested, we have to use the assigned random static address
> + * if we don't have a public address.
> + */
> + if (bacmp(&hdev->bdaddr, BDADDR_ANY) == 0 && bacmp(&hdev->static_addr, BDADDR_ANY) != 0) {
> + /* Re-use the static address if one is set */
> + bacpy(rand_addr, &hdev->static_addr);
> + *own_addr_type = ADDR_LE_DEV_RANDOM;
> + } else {
> + /* Use a public address. */
> + *own_addr_type = ADDR_LE_DEV_PUBLIC;
> + }
Hmm, we should probably be using hci_copy_identity_address instead
here, or have you tried and it didn't work?
>
> return 0;
> }
> --
> 2.50.0
>
--
Luiz Augusto von Dentz
Powered by blists - more mailing lists