lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 Jul 2020 08:27:33 +0200
From:   Marcel Holtmann <marcel@...tmann.org>
To:     Vasily Khoruzhick <anarsoul@...il.com>
Cc:     Rob Herring <robh+dt@...nel.org>,
        Maxime Ripard <mripard@...nel.org>,
        Chen-Yu Tsai <wens@...e.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        devicetree <devicetree@...r.kernel.org>,
        arm-linux <linux-arm-kernel@...ts.infradead.org>,
        kernel list <linux-kernel@...r.kernel.org>,
        linux-bluetooth <linux-bluetooth@...r.kernel.org>,
        "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
        Ondrej Jirman <megous@...ous.com>
Subject: Re: [PATCH 1/3] Bluetooth: Add new quirk for broken local ext
 features max_page

Hi Vasily,

>>> Some adapters (e.g. RTL8723CS) advertise that they have more than
>>> 2 pages for local ext features, but they don't support any features
>>> declared in these pages. RTL8723CS reports max_page = 2 and declares
>>> support for sync train and secure connection, but it responds with
>>> either garbage or with error in status on corresponding commands.
>> 
>> please send the btmon for this so I can see what the controller is responding.
> 
> Here is relevant part:
> 
> < HCI Command: Read Local Extend.. (0x04|0x0004) plen 1  #228 [hci0] 6.889869
>        Page: 2
>> HCI Event: Command Complete (0x0e) plen 14             #229 [hci0] 6.890487
>      Read Local Extended Features (0x04|0x0004) ncmd 2
>        Status: Success (0x00)
>        Page: 2/2
>        Features: 0x5f 0x03 0x00 0x00 0x00 0x00 0x00 0x00
>          Connectionless Slave Broadcast - Master
>          Connectionless Slave Broadcast - Slave
>          Synchronization Train
>          Synchronization Scan
>          Inquiry Response Notification Event
>          Coarse Clock Adjustment
>          Secure Connections (Controller Support)
>          Ping
> < HCI Command: Delete Stored Lin.. (0x03|0x0012) plen 7  #230 [hci0] 6.890559
>        Address: 00:00:00:00:00:00 (OUI 00-00-00)
>        Delete all: 0x01
>> HCI Event: Command Complete (0x0e) plen 6              #231 [hci0] 6.891170
>      Delete Stored Link Key (0x03|0x0012) ncmd 2
>        Status: Success (0x00)
>        Num keys: 0
> < HCI Command: Read Synchronizat.. (0x03|0x0077) plen 0  #232 [hci0] 6.891199
>> HCI Event: Command Complete (0x0e) plen 9              #233 [hci0] 6.891788
>      Read Synchronization Train Parameters (0x03|0x0077) ncmd 2
>        invalid packet size
>        01 ac bd 11 80 80                                ......
> = Close Index: 00:E0:4C:23:99:87                              [hci0] 6.891832
> 
> hci0 registration stops here and bluetoothctl doesn't even see the controller.

maybe just the read sync train params command is broken? Can you change the init code and not send it and see if the rest of the init phase proceeds. I would rather have the secure connections actually tested before dismissing it altogether.

Mind you, there were broken Broadcom implementation of connectionless slave broadcast as well. Maybe this is similar.

Regards

Marcel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ