Some controllers have been observed to send zero'd events under some
conditions. This change guards against this condition as well as adding
a trace to facilitate diagnosability of this condition.
Signed-off-by: Alain Michaud <[email protected]>
---
net/bluetooth/hci_event.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 591e7477e925..f865eddb8d69 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
u8 status = 0, event = hdr->evt, req_evt = 0;
u16 opcode = HCI_OP_NOP;
- if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
+ if (hdev->sent_cmd && event &&
+ bt_cb(hdev->sent_cmd)->hci.req_event == event) {
struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
opcode = __le16_to_cpu(cmd_hdr->opcode);
hci_req_cmd_complete(hdev, opcode, status, &req_complete,
@@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
req_evt = event;
}
+ if (!event)
+ BT_ERR("Received unexpected HCI Event 00000000");
+
/* If it looks like we might end up having to call
* req_complete_skb, store a pristine copy of the skb since the
* various handlers may modify the original one through
--
2.25.0.265.gbab2e86ba0-goog
Hi Alain,
> Some controllers have been observed to send zero'd events under some
> conditions. This change guards against this condition as well as adding
> a trace to facilitate diagnosability of this condition.
can you include a trace for this as well please.
>
> Signed-off-by: Alain Michaud <[email protected]>
> ---
>
> net/bluetooth/hci_event.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index 591e7477e925..f865eddb8d69 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
> u8 status = 0, event = hdr->evt, req_evt = 0;
> u16 opcode = HCI_OP_NOP;
>
> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
> + if (hdev->sent_cmd && event &&
> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
> struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
> opcode = __le16_to_cpu(cmd_hdr->opcode);
> hci_req_cmd_complete(hdev, opcode, status, &req_complete,
> @@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
> req_evt = event;
> }
>
> + if (!event)
> + BT_ERR("Received unexpected HCI Event 00000000");
> +
We need to start using bt_dev_err if we want to do that. However in this case bt_dev_warn is better since we should be gracefully handling this anyway.
Regards
Marcel
Hi Marcel,
On 29. Feb 2020, at 9.14, Marcel Holtmann <[email protected]> wrote:
>> --- a/net/bluetooth/hci_event.c
>> +++ b/net/bluetooth/hci_event.c
>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
>> u8 status = 0, event = hdr->evt, req_evt = 0;
>> u16 opcode = HCI_OP_NOP;
>>
>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>> + if (hdev->sent_cmd && event &&
>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>
> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
Johan
Hi Johan,
>>> --- a/net/bluetooth/hci_event.c
>>> +++ b/net/bluetooth/hci_event.c
>>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
>>> u8 status = 0, event = hdr->evt, req_evt = 0;
>>> u16 opcode = HCI_OP_NOP;
>>>
>>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>>> + if (hdev->sent_cmd && event &&
>>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>>
>> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
>
> If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it.
Regards
Marcel
Hi Marcel,
On 1. Mar 2020, at 4.44, Marcel Holtmann <[email protected]> wrote:
>>> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
>>
>> If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
>
> so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it.
Yeah, that’s what I’d do. Bail out early, but log a warning.
Johan