lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABBYNZLhhdKLqYu-5OWQcHs22aeEJw0tSjVNhgpMCj_ctH+Ldg@mail.gmail.com> Date: Wed, 10 Aug 2022 12:58:36 -0700 From: Luiz Augusto von Dentz <luiz.dentz@...il.com> To: Archie Pusaka <apusaka@...gle.com> Cc: linux-bluetooth <linux-bluetooth@...r.kernel.org>, Marcel Holtmann <marcel@...tmann.org>, CrosBT Upstreaming <chromeos-bluetooth-upstreaming@...omium.org>, Archie Pusaka <apusaka@...omium.org>, Ying Hsu <yinghsu@...omium.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Johan Hedberg <johan.hedberg@...il.com>, Paolo Abeni <pabeni@...hat.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org> Subject: Re: [PATCH] Bluetooth: Honor name resolve evt regardless of discov state Hi Archie, On Wed, Aug 10, 2022 at 1:47 AM Archie Pusaka <apusaka@...gle.com> wrote: > > From: Archie Pusaka <apusaka@...omium.org> > > Currently, we don't update the name resolving cache when receiving > a name resolve event if the discovery phase is not in the resolving > stage. > > However, if the user connect to a device while we are still resolving > remote name for another device, discovery will be stopped, and because > we are no longer in the discovery resolving phase, the corresponding > remote name event will be ignored, and thus the device being resolved > will stuck in NAME_PENDING state. > > If discovery is then restarted and then stopped, this will cause us to > try cancelling the name resolve of the same device again, which is > incorrect and might upset the controller. Please add the Fixes tag. > Signed-off-by: Archie Pusaka <apusaka@...omium.org> > Reviewed-by: Ying Hsu <yinghsu@...omium.org> > > --- > The following steps are performed: > (1) Prepare 2 classic peer devices that needs RNR. Put device A > closer to DUT and device B (much) farther from DUT. > (2) Remove all cache and previous connection from DUT > (3) Put both peers into pairing mode, then start scanning on DUT > (4) After ~8 sec, turn off peer B. > *This is done so DUT can discover peer B (discovery time is 10s), > but it hasn't started RNR. Peer is turned off to buy us the max > time in the RNR phase (5s). > (5) Immediately as device A is shown on UI, click to connect. > *We thus know that the DUT is in the RNR phase and trying to > resolve the name of peer B when we initiate connection to peer A. > (6) Forget peer A. > (7) Restart scan and stop scan. > *Before the CL, stop scan is broken because we will try to cancel > a nonexistent RNR > (8) Restart scan again. Observe DUT can scan normally. > > > net/bluetooth/hci_event.c | 17 ++++++++++------- > 1 file changed, 10 insertions(+), 7 deletions(-) > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > index 395c6479456f..95e145e278c9 100644 > --- a/net/bluetooth/hci_event.c > +++ b/net/bluetooth/hci_event.c > @@ -2453,6 +2453,16 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, > !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) > mgmt_device_connected(hdev, conn, name, name_len); > > + e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); > + > + if (e) { > + list_del(&e->list); > + > + e->name_state = name ? NAME_KNOWN : NAME_NOT_KNOWN; > + mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, e->data.rssi, > + name, name_len); > + } > + > if (discov->state == DISCOVERY_STOPPED) > return; > > @@ -2462,7 +2472,6 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, > if (discov->state != DISCOVERY_RESOLVING) > return; > > - e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); > /* If the device was not found in a list of found devices names of which > * are pending. there is no need to continue resolving a next name as it > * will be done upon receiving another Remote Name Request Complete > @@ -2470,12 +2479,6 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn, > if (!e) > return; > > - list_del(&e->list); > - > - e->name_state = name ? NAME_KNOWN : NAME_NOT_KNOWN; > - mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00, e->data.rssi, > - name, name_len); > - > if (hci_resolve_next_name(hdev)) > return; > > -- > 2.37.1.595.g718a3a8f04-goog > -- Luiz Augusto von Dentz
Powered by blists - more mailing lists