Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4580648pxf; Tue, 23 Mar 2021 14:22:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGliuhCzPYT/Yf1NY1rc22aCpEmikg2Z9S4lOBhNwkSuXjxeIcW7Vy4jsj+jLdu1wa5Tzk X-Received: by 2002:a05:6402:4395:: with SMTP id o21mr6470676edc.22.1616534574155; Tue, 23 Mar 2021 14:22:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616534574; cv=none; d=google.com; s=arc-20160816; b=X85UabvweXF5U4k53APAzx48eORadlpeAy/rfZuekqWXMv4GOzXeF955WdNuiGLaqI LQH0u0zac5JxoMJmUEN9yooGqhhtGEHPdAkq5mAU0PqISsjs75zBUehIrisINfZyL4MI j6KmhnmhZwSwn5x+IjIsGTkXERBiVuIzkblcHebgRCCpv/P/G7b5Yyf6VQBCD/hIJ8qB VquahkUtVKqVWVgzXzpcrBow8orD1jWZ+BvU3OJTMTxF5HWXlDAGodpGHOB4bYJ9AUf8 jGNEGrAqQOMLoHTfmv7Vqpox87u+PNx1GGin0y8emHe74+wIHDECsIoBdxOdfYCHZBEp BpZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=IQhrNSzzRo5IK8pWj/871CxEvc5sDb7hvYKb9bWs5PY=; b=rwpZYvSwpTaQpTD4ZJi1iZyext+aomIHg26Z1R1jarCeJkTJb7LPEios4kS1zzDnHu RiKbI84H71XI1TQ/qJF6yVU6velIMRtqZ0FQXeFHCxNhnOPYgFX4EnU2DSN70MhZ8cz9 7hq1l0F4HbAhCCyjKpcNUD0GjJjO54sd60ruPgdYe413bokZq0mspn0p/0EXOpiUoA6L U+47qFNZkO2cikKCbO0ypOz37/8QRoP14RpGDaOf1S0JYgofnRQRKDQtOdA2Ed6cmLB+ O66IYCquZdstIcoA7fYrz32YRbQHfg0Z2XXMqag2t+8hxgrBy0zbtwpC35dg5xeEEx9k ofUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KN38NpSi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l19si113257edq.269.2021.03.23.14.22.30; Tue, 23 Mar 2021 14:22:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KN38NpSi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233502AbhCWVS7 (ORCPT + 99 others); Tue, 23 Mar 2021 17:18:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233523AbhCWVSc (ORCPT ); Tue, 23 Mar 2021 17:18:32 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5464C061763 for ; Tue, 23 Mar 2021 14:18:31 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id i1so158658pgg.20 for ; Tue, 23 Mar 2021 14:18:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=IQhrNSzzRo5IK8pWj/871CxEvc5sDb7hvYKb9bWs5PY=; b=KN38NpSiyK1jTjlQ83KhVeIAFt3K80SF6VSS1g2Jd6f/kh8nPpyuIJPztBAAMETnVu L1TuPqVmfYXaileuYB41opce3o14vJUEDGZFQm4mqdPltLJOh35UjMecsZT00vrZ45Z6 bMk6r664cLfto6awWP6eqYTsRL/seiWKh2zQiWoafJMIrHgxtgqehsGCuzcsuz8KJR/N qrMlrwM9B3xSJDl67Qq2r65EjcM2nEK8GohueBoYsEWv6SXRhh5Rnmj5Pp6KbTGKyr1e ohWDaFpB0qusp/s6H0LYK787EY8fWslgnUp35D6SDsQXXhOeAO00QXpFaRUJaRvhifnw Gkiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=IQhrNSzzRo5IK8pWj/871CxEvc5sDb7hvYKb9bWs5PY=; b=BhU8T779jljeQSQnwjiRtZ2J/3LVTyuqFNaeOo7bQ2pL0jp/lidq2peQQEprYsv4qD 99VTCQWhtwqNho8PnWgT5GUm/rS93csF3qmKLnbIKvcspTkxVXQ7BG0Vnr/p9z7UQn6g 7IIoIIV+byZP1MC2/bt2BiePnLuqP+su9+sLjp+2C67b87JXcBVVVcXdGTiDARau16v1 rO457vyKtQUxndngaLskbS4RBG+TMwEnMio1+6UF1y0TxDGnAlmKTPe+rr3vKDs2VlPE FFwXxHb0KPQBkbFwjpsSwGs2lCcWfctu6rN9ZK/fzdGT+wgA5CSA6nlYMOdYYdbk2SA5 xxUA== X-Gm-Message-State: AOAM533xj2lyVelxH9zmMemRsQX+/F7oDpp4aNXrNHFf55SCghwMXUwV 6LT4G2yWuYe45GkrOdgrOmJbnxTrz/fUn42STfG0 X-Received: from danielwinkler-linux.mtv.corp.google.com ([2620:15c:202:201:f18d:a314:46c6:7a97]) (user=danielwinkler job=sendgmr) by 2002:a05:6a00:2348:b029:21d:4e83:7898 with SMTP id j8-20020a056a002348b029021d4e837898mr132848pfj.65.1616534311315; Tue, 23 Mar 2021 14:18:31 -0700 (PDT) Date: Tue, 23 Mar 2021 14:18:21 -0700 Message-Id: <20210323141653.1.I53e6be1f7df0be198b7e55ae9fc45c7f5760132d@changeid> Mime-Version: 1.0 X-Mailer: git-send-email 2.31.0.291.g576ba9dcdaf-goog Subject: [PATCH] Bluetooth: Always call advertising disable before setting params From: Daniel Winkler To: linux-bluetooth@vger.kernel.org Cc: chromeos-bluetooth-upstreaming@chromium.org, Daniel Winkler , Miao-chen Chou , "David S. Miller" , Jakub Kicinski , Johan Hedberg , Luiz Augusto von Dentz , Marcel Holtmann , linux-kernel@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In __hci_req_enable_advertising, the HCI_LE_ADV hdev flag is temporarily cleared to allow the random address to be set, which exposes a race condition when an advertisement is configured immediately (<10ms) after software rotation starts to refresh an advertisement. In normal operation, the HCI_LE_ADV flag is updated as follows: 1. adv_timeout_expire is called, HCI_LE_ADV gets cleared in __hci_req_enable_advertising, but hci_req configures an enable request 2. hci_req is run, enable callback re-sets HCI_LE_ADV flag However, in this race condition, the following occurs: 1. adv_timeout_expire is called, HCI_LE_ADV gets cleared in __hci_req_enable_advertising, but hci_req configures an enable request 2. add_advertising is called, which also calls __hci_req_enable_advertising. Because HCI_LE_ADV was cleared in Step 1, no "disable" command is queued. 3. hci_req for adv_timeout_expire is run, which enables advertising and re-sets HCI_LE_ADV 4. hci_req for add_advertising is run, but because no "disable" command was queued, we try to set advertising parameters while advertising is active, causing a Command Disallowed error, failing the registration. To resolve the issue, this patch removes the check for the HCI_LE_ADV flag, and always queues the "disable" request, since HCI_LE_ADV could be very temporarily out-of-sync. According to the spec, there is no harm in calling "disable" when advertising is not active. Reviewed-by: Miao-chen Chou Signed-off-by: Daniel Winkler --- net/bluetooth/hci_request.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c index 8ace5d34b01efe..2b4b99f4cedf21 100644 --- a/net/bluetooth/hci_request.c +++ b/net/bluetooth/hci_request.c @@ -1547,8 +1547,10 @@ void __hci_req_enable_advertising(struct hci_request *req) if (!is_advertising_allowed(hdev, connectable)) return; - if (hci_dev_test_flag(hdev, HCI_LE_ADV)) - __hci_req_disable_advertising(req); + /* Request that the controller stop advertising. This can be called + * whether or not there is an active advertisement. + */ + __hci_req_disable_advertising(req); /* Clear the HCI_LE_ADV bit temporarily so that the * hci_update_random_address knows that it's safe to go ahead -- 2.31.0.291.g576ba9dcdaf-goog