Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp208395pxf; Wed, 24 Mar 2021 03:14:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzS/zMf9ISFJYoCDasmfqQRrIw9qrkKkv+JTXKDMl0EA0Y4E1v/asIXp9/ys4StRJSKII28 X-Received: by 2002:a17:906:4d94:: with SMTP id s20mr2915442eju.286.1616580876875; Wed, 24 Mar 2021 03:14:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616580876; cv=none; d=google.com; s=arc-20160816; b=Ug7aBb59cU/ypKcmpq2zuFqbwUf0PIx1sB2BuTaRVwLgisbMeEQd/6GZZeT6Ut2+Iq wUCRGG1N0JL7W1yO3vm6i4mOiZz3Xf4mHAfT4cjm5+O0NKsv+XKTXKS15pU04HZjXqul yPjUS3TNGk7wAEOG5lPiqA9rlMf4PE571fQaq6be7jtpayyimfZnUhJMbxjcuuB3K1PP yDXH0QTbSF/S9OK9NdEGh1EFfadDXfl7qZtDX2SoluBECaWlOpKrAmE4fKLbJNkIPAcr tdqOhN9bmMqVV4eGHipJiFKheO1iiHi189INBfgzn6RGVwFAc3oZnbniwWI49K5/loYR kpaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=4W/acOUMQIyxqNRz6GtxSs/zfhArgVDIgU9U2stjxpE=; b=ZDVQL3+rfn9P+vDWWHRWoJ6yezw7MGdqqlWKSEoil6Olb73ibdm/KsoV5/mTMvK56+ UjXrwrnZvbMiuBs7MGJ5sC2PuS7MOPOeRgZ3wROThcqW2C0v1QEl/WFky2gGpRTEgsRW PmhrysjhkuoNR9k7bc+yAsed2/ZFJR08JYWtw4xos8AlAsPb601ni7zKK1gUZAIiPxHs oWHmtbT04WzUhn1oIyi9MxZBJnDUj9GM1ryVrKsIAf/qN9HHvHdiYGBAQWf2I3TaM4Q4 ir+163+IhFcx6GYuNcCPS2YHyRf3Aq/AgYi66okTYJASQdNctMJJ0g0AIMYvF1AjjMtJ +RJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b15si1404317ejv.689.2021.03.24.03.14.14; Wed, 24 Mar 2021 03:14:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235684AbhCXHGn convert rfc822-to-8bit (ORCPT + 99 others); Wed, 24 Mar 2021 03:06:43 -0400 Received: from coyote.holtmann.net ([212.227.132.17]:37100 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235676AbhCXHGi (ORCPT ); Wed, 24 Mar 2021 03:06:38 -0400 Received: from mac-pro.holtmann.net (p4fefce19.dip0.t-ipconnect.de [79.239.206.25]) by mail.holtmann.org (Postfix) with ESMTPSA id 4D665CECD2; Wed, 24 Mar 2021 08:14:11 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: [PATCH] Bluetooth: Always call advertising disable before setting params From: Marcel Holtmann In-Reply-To: <20210323141653.1.I53e6be1f7df0be198b7e55ae9fc45c7f5760132d@changeid> Date: Wed, 24 Mar 2021 08:06:32 +0100 Cc: linux-bluetooth , CrosBT Upstreaming , Miao-chen Chou , "David S. Miller" , Jakub Kicinski , Johan Hedberg , Luiz Augusto von Dentz , LKML , netdev@vger.kernel.org Content-Transfer-Encoding: 8BIT Message-Id: <8E70C497-BDCE-471F-9ECD-790E2FE3B024@holtmann.org> References: <20210323141653.1.I53e6be1f7df0be198b7e55ae9fc45c7f5760132d@changeid> To: Daniel Winkler X-Mailer: Apple Mail (2.3654.60.0.2.21) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Daniel, > In __hci_req_enable_advertising, the HCI_LE_ADV hdev flag is temporarily > cleared to allow the random address to be set, which exposes a race > condition when an advertisement is configured immediately (<10ms) after > software rotation starts to refresh an advertisement. > > In normal operation, the HCI_LE_ADV flag is updated as follows: > > 1. adv_timeout_expire is called, HCI_LE_ADV gets cleared in > __hci_req_enable_advertising, but hci_req configures an enable > request > 2. hci_req is run, enable callback re-sets HCI_LE_ADV flag > > However, in this race condition, the following occurs: > > 1. adv_timeout_expire is called, HCI_LE_ADV gets cleared in > __hci_req_enable_advertising, but hci_req configures an enable > request > 2. add_advertising is called, which also calls > __hci_req_enable_advertising. Because HCI_LE_ADV was cleared in Step > 1, no "disable" command is queued. > 3. hci_req for adv_timeout_expire is run, which enables advertising and > re-sets HCI_LE_ADV > 4. hci_req for add_advertising is run, but because no "disable" command > was queued, we try to set advertising parameters while advertising is > active, causing a Command Disallowed error, failing the registration. > > To resolve the issue, this patch removes the check for the HCI_LE_ADV > flag, and always queues the "disable" request, since HCI_LE_ADV could be > very temporarily out-of-sync. According to the spec, there is no harm in > calling "disable" when advertising is not active. > > Reviewed-by: Miao-chen Chou > Signed-off-by: Daniel Winkler > --- > > net/bluetooth/hci_request.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c > index 8ace5d34b01efe..2b4b99f4cedf21 100644 > --- a/net/bluetooth/hci_request.c > +++ b/net/bluetooth/hci_request.c > @@ -1547,8 +1547,10 @@ void __hci_req_enable_advertising(struct hci_request *req) > if (!is_advertising_allowed(hdev, connectable)) > return; > > - if (hci_dev_test_flag(hdev, HCI_LE_ADV)) > - __hci_req_disable_advertising(req); > + /* Request that the controller stop advertising. This can be called > + * whether or not there is an active advertisement. > + */ > + __hci_req_disable_advertising(req); can you include a btmon trace that shows that we don’t get a HCI error. Since if we get one, then the complete request will fail. And that has further side effects. Regards Marcel