Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp884433ybf; Sat, 29 Feb 2020 18:49:42 -0800 (PST) X-Google-Smtp-Source: APXvYqwQkef4MiAdRUeyU2imHCPwPOrPIYd0FKXD6o63IHnwiAny6kalMWJ5pZTzI8v0f/HDgbyf X-Received: by 2002:a05:6808:a83:: with SMTP id q3mr8180726oij.0.1583030982832; Sat, 29 Feb 2020 18:49:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583030982; cv=none; d=google.com; s=arc-20160816; b=o6tNhyYgY3M6Rg7BhnoyW+7XdQDsY7SgF+OGg61hVNpQDqWfYsnQEue6oHETK5h4Hw CQFDnj61AcJmKvW5G29XASw4urG5Nd7QLFAdVsD/wQKNAqn3eaGBuPN/DHYMtJbcpDhR SttpN3XT8BUjnMUOaUGCvDokI23Cs18ubv3cHl0y55E8QCyz9xod/VL36EOTPuDeSguG e8JGR1Q0e7ZG1d9PJ+I8b3c325bO0CKCzM7mDRNKeuPYlgTACt+JX+bpTZ6HU9KW8pIy OY30xnsxfMPanXXjFJ+uvTMptkd9C3d2GJK7pLYGSbk9/4VocEGq5iSRwGrPxLNaTTEV xbPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=9AdQJasfUKNLjxDNc8ssNhZmmPcQo7mAx80OVEouxOg=; b=KWXivc4DqQfNzp6D2NMK9Ed/+Sf3zgePLC6swR6q9kAsme6LQeFxmD943PzldFNCxT 6z5cfU2sltEv0dw4dlt0omTO6LqEXv77RJwmlPJN4eTCUv9TiWUT434ck0J9c5IijfJe d9vXlqckst+BCCBDhIFxmvInmva54njlG4ilsZMDBObY7xcwrQafM2SfPx9ZD8w0kzYi sN3j/wB66PWIsAfSY6K5dbd5ri4naAA3eU6UYCBrxsLdHLRSoocnfQIrzTU4RSDWgyJV yaY0VOFWto3XbyKn6t453VV88QhE+L4Ri69UWMmr3FXY20qGx5WlIV/zGFp1aSOgtRch poLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a21si3000923oib.166.2020.02.29.18.49.31; Sat, 29 Feb 2020 18:49:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727228AbgCACog convert rfc822-to-8bit (ORCPT + 99 others); Sat, 29 Feb 2020 21:44:36 -0500 Received: from coyote.holtmann.net ([212.227.132.17]:39290 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726786AbgCACog (ORCPT ); Sat, 29 Feb 2020 21:44:36 -0500 Received: from marcel-macbook.fritz.box (p4FEFC5A7.dip0.t-ipconnect.de [79.239.197.167]) by mail.holtmann.org (Postfix) with ESMTPSA id D4FCDCED13; Sun, 1 Mar 2020 03:54:01 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Re: [PATCH v1] bluetooth: guard against controllers sending zero'd events From: Marcel Holtmann In-Reply-To: Date: Sun, 1 Mar 2020 03:44:34 +0100 Cc: Alain Michaud , linux-bluetooth@vger.kernel.org Content-Transfer-Encoding: 8BIT Message-Id: <14FD24FA-1455-4FE4-832B-9851D9E22780@holtmann.org> References: <20200228205146.161229-1-alainm@chromium.org> <788439D3-E0CC-4CBA-99C2-0B9C3703B23D@holtmann.org> To: Johan Hedberg X-Mailer: Apple Mail (2.3608.60.0.2.5) Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Johan, >>> --- a/net/bluetooth/hci_event.c >>> +++ b/net/bluetooth/hci_event.c >>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) >>> u8 status = 0, event = hdr->evt, req_evt = 0; >>> u16 opcode = HCI_OP_NOP; >>> >>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { >>> + if (hdev->sent_cmd && event && >>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) { >> >> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0? > > If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status. so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it. Regards Marcel