Hi Maintainers,
This series addresses a race condition where an advertisement
registration can conflict with a software rotation advertisement
refresh. I found that this issue was only occurring with the new
extended MGMT advertising interface. A bad use of the
hdev->cur_adv_instance caused every new instance to be immediately sent
to the controller rather than queued for software rotation, opening a
path for the race to occur.
This series improves the way new extended advertising hci callbacks
track the relevant adv handle, removing the need for the
cur_adv_instance use. In a separate patch, the incorrect usage of
cur_adv_instance is removed, to align the extended MGMT commands to the
original add_advertising usage. The series was tested on both extended
and non-extended bluetooth controllers to confirm that the race
condition is resolved, and that multi- and single-advertising automated
test scenarios are still successful.
Thanks in advance,
Daniel
Daniel Winkler (2):
Bluetooth: Use ext adv handle from requests in CCs
Bluetooth: Do not set cur_adv_instance in adv param MGMT request
net/bluetooth/hci_event.c | 16 +++++++---------
net/bluetooth/mgmt.c | 1 -
2 files changed, 7 insertions(+), 10 deletions(-)
--
2.31.0.208.g409f899ff0-goog
We set hdev->cur_adv_instance in the adv param MGMT request to allow the
callback to the hci param request to set the tx power to the correct
instance. Now that the callbacks use the advertising handle from the hci
request (as they should), this workaround is no longer necessary.
Furthermore, this change resolves a race condition that is more
prevalent when using the extended advertising MGMT calls - if
hdev->cur_adv_instance is set in the params request, then when the data
request is called, we believe our new instance is already active. This
treats it as an update and immediately schedules the instance with the
controller, which has a potential race with the software rotation adv
update. By not setting hdev->cur_adv_instance too early, the new
instance is queued as it should be, to be used when the rotation comes
around again.
This change is tested on harrison peak to confirm that it resolves the
race condition on registration, and that there is no regression in
single- and multi-advertising automated tests.
Reviewed-by: Miao-chen Chou <[email protected]>
Signed-off-by: Daniel Winkler <[email protected]>
---
net/bluetooth/mgmt.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 09e099c419f251..59f8016c486626 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -7979,7 +7979,6 @@ static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
goto unlock;
}
- hdev->cur_adv_instance = cp->instance;
/* Submit request for advertising params if ext adv available */
if (ext_adv_capable(hdev)) {
hci_req_init(&req, hdev);
--
2.31.0.208.g409f899ff0-goog
Hi Daniel,
> This series addresses a race condition where an advertisement
> registration can conflict with a software rotation advertisement
> refresh. I found that this issue was only occurring with the new
> extended MGMT advertising interface. A bad use of the
> hdev->cur_adv_instance caused every new instance to be immediately sent
> to the controller rather than queued for software rotation, opening a
> path for the race to occur.
>
> This series improves the way new extended advertising hci callbacks
> track the relevant adv handle, removing the need for the
> cur_adv_instance use. In a separate patch, the incorrect usage of
> cur_adv_instance is removed, to align the extended MGMT commands to the
> original add_advertising usage. The series was tested on both extended
> and non-extended bluetooth controllers to confirm that the race
> condition is resolved, and that multi- and single-advertising automated
> test scenarios are still successful.
>
> Thanks in advance,
> Daniel
>
>
> Daniel Winkler (2):
> Bluetooth: Use ext adv handle from requests in CCs
> Bluetooth: Do not set cur_adv_instance in adv param MGMT request
>
> net/bluetooth/hci_event.c | 16 +++++++---------
> net/bluetooth/mgmt.c | 1 -
> 2 files changed, 7 insertions(+), 10 deletions(-)
both patches have been applied to bluetooth-next tree.
Regards
Marcel