LinuxLists.cc - Race Condition between Read_Remote_Extended_Supported_Features and Remote_Name

2010-04-21 16:32:54

Subject: Race Condition between Read_Remote_Extended_Supported_Features and Remote_Name_Request causing BC6 crash

I am experiencing a race condition between
Read_Remote_Extended_Supported_Features and Remote_Name_Request which
is crashing our BC6 module. It seems that Bluez (in
security.c:conn_complete) is requesting the remote name at the same
time that the kernel is requesting the extended features. The
responses are coming out of order which is crashing the BC6 module
(given some time). After contacting CSR support, they have said this
is a known issue and that to fix I need that ensure that the response
comes back prior to sending another command.

"Input from the firmware team points to it being an issue with the
remote_name_request. Can you please verify that this is responded to
before sending the read_remote_supported_features request? Also check
that any pending requests are responded to and that the
remote_name_request is responded to before continuing."

Does anyone have any suggestions on the best way resolve the issue? I
have proven it out with a small delay but that is a really bad hack.

Please see dump below:

2007-09-20 12:01:24.263113 > HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 37 bdaddr 00:24:9F:F0:F8:DE type ACL encrypt 0x00
2007-09-20 12:01:24.263222 < HCI Command: Read Remote Supported
Features (0x01|0x001b) plen 2
handle 37
2007-09-20 12:01:24.263671 > HCI Event: Page Scan Repetition Mode
Change (0x20) plen 7
bdaddr 00:24:9F:F0:F8:DE mode 1
2007-09-20 12:01:24.265568 > HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 0
2007-09-20 12:01:24.268835 > HCI Event: Max Slots Change (0x1b) plen 3
handle 37 slots 5
2007-09-20 12:01:24.275646 > HCI Event: Command Status (0x0f) plen 4
Unknown (0x00|0x0000) status 0x00 ncmd 1
2007-09-20 12:01:24.280022 < HCI Command: Remote Name Request
(0x01|0x0019) plen 10
bdaddr 00:24:9F:F0:F8:DE mode 2 clkoffset 0x0000
2007-09-20 12:01:24.283066 > HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
2007-09-20 12:01:24.285635 > HCI Event: Read Remote Supported Features
(0x0b) plen 11
status 0x00 handle 37
Features: 0xbf 0xfe 0x8f 0xfe 0x98 0x19 0x59 0x83
2007-09-20 12:01:24.285733 < HCI Command: Read Remote Extended
Features (0x01|0x001c) plen 3
handle 37 page 1
2007-09-20 12:01:24.288261 > HCI Event: Command Status (0x0f) plen 4
Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1
2007-09-20 12:01:24.295597 > HCI Event: Read Remote Extended Features
(0x23) plen 13
status 0x00 handle 37 page 1 max 1
Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
2007-09-20 12:01:24.304385 > HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr 00:24:9F:F0:F8:DE name 'BlackBerry 9530 scoe'