Due to race condition in the vhci kernel driver, we might read not a
vendor response packet, but a HCI reset command. This extra check will
ensure that kernel driver behaves correctly. Otherwise, the HCI setup
process will fail, because our controller will not respond to "missing"
HCI reset command. In result the virtual HCI will be DOWN and without
initialized Bluetooth address, e.g:
> hciconfig
hci2: Type: Primary Bus: Virtual
BD Address: 00:AA:01:01:00:02 ACL MTU: 192:1 SCO MTU: 0:0
UP RUNNING
RX bytes:0 acl:0 sco:0 events:66 errors:0
TX bytes:3086 acl:0 sco:0 commands:66 errors:0
hci1: Type: Primary Bus: Virtual
BD Address: 00:00:00:00:00:00 ACL MTU: 0:0 SCO MTU: 0:0
DOWN
RX bytes:0 acl:0 sco:0 events:0 errors:0
TX bytes:8 acl:0 sco:0 commands:1 errors:0
> dmesg
[1754256.640122] Bluetooth: MGMT ver 1.22
[1754263.023806] Bluetooth: MGMT ver 1.22
[1754265.043775] Bluetooth: hci1: Opcode 0x c03 failed: -110
---
emulator/hciemu.c | 2 +-
emulator/vhci.c | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/emulator/hciemu.c b/emulator/hciemu.c
index 25874ded5..e53fec0a2 100644
--- a/emulator/hciemu.c
+++ b/emulator/hciemu.c
@@ -313,7 +313,7 @@ static struct hciemu_client *hciemu_client_new(struct hciemu *hciemu,
if (!client)
return NULL;
- client->dev = btdev_create(hciemu->btdev_type, id++);
+ client->dev = btdev_create(hciemu->btdev_type, id);
if (!client->dev) {
free(client);
return NULL;
diff --git a/emulator/vhci.c b/emulator/vhci.c
index 7b363009a..80e1825f3 100644
--- a/emulator/vhci.c
+++ b/emulator/vhci.c
@@ -122,14 +122,15 @@ struct vhci *vhci_open(uint8_t type)
break;
}
- if (write(fd, &req, sizeof(req)) < 0) {
+ if (write(fd, &req, sizeof(req)) != sizeof(req)) {
close(fd);
return NULL;
}
memset(&rsp, 0, sizeof(rsp));
- if (read(fd, &rsp, sizeof(rsp)) < 0) {
+ if (read(fd, &rsp, sizeof(rsp)) != sizeof(rsp) ||
+ !(rsp.pkt_type == HCI_VENDOR_PKT && rsp.opcode == req.opcode)) {
close(fd);
return NULL;
}
--
2.39.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=785988
---Test result---
Test Summary:
CheckPatch FAIL 0.67 seconds
GitLint PASS 0.30 seconds
BuildEll PASS 27.52 seconds
BluezMake PASS 781.14 seconds
MakeCheck PASS 12.21 seconds
MakeDistcheck PASS 160.15 seconds
CheckValgrind PASS 254.18 seconds
CheckSmatch PASS 345.37 seconds
bluezmakeextell PASS 104.92 seconds
IncrementalBuild PASS 649.07 seconds
ScanBuild PASS 1031.05 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ] vhci: Check whether vhci open setup succeeded
WARNING:LONG_LINE: line length of 88 exceeds 80 columns
#144: FILE: emulator/vhci.c:133:
+ !(rsp.pkt_type == HCI_VENDOR_PKT && rsp.opcode == req.opcode)) {
/github/workspace/src/src/13393018.patch total: 0 errors, 1 warnings, 25 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13393018.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
---
Regards,
Linux Bluetooth
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:
On Wed, 20 Sep 2023 20:43:13 +0200 you wrote:
> Due to race condition in the vhci kernel driver, we might read not a
> vendor response packet, but a HCI reset command. This extra check will
> ensure that kernel driver behaves correctly. Otherwise, the HCI setup
> process will fail, because our controller will not respond to "missing"
> HCI reset command. In result the virtual HCI will be DOWN and without
> initialized Bluetooth address, e.g:
>
> [...]
Here is the summary with links:
- [BlueZ] vhci: Check whether vhci open setup succeeded
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=a2d47ef05226
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html