Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp2718730ybf; Mon, 2 Mar 2020 14:13:10 -0800 (PST) X-Google-Smtp-Source: ADFU+vsX9Cyoh/VqE2N4strBDUXjkhzktAKqdvevz90oJ6hq1+C0/7EWtDbBH48gpFr4PWLL7hDe X-Received: by 2002:a9d:7ad9:: with SMTP id m25mr1009418otn.13.1583187189874; Mon, 02 Mar 2020 14:13:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583187189; cv=none; d=google.com; s=arc-20160816; b=R/XYpQFD0iY75eCm/Zg/OUyc0xuDbjT4tf6fKV3kl/XXj+rRbG7Wd9gAxCbtkgVY/p OTGUvfqbgU/ywfqevARTeLkgmn7t0dhrDk+auWG+VNkkVf9exehahH9hXa1/FPxoqcrm +yvvKi7Nh7PJ+GbqoJa8Y4Oq4NEX4I9FAG7h4s9o44kIdf0qHljo98u8HhejMsIcR15J 6lQtW9+gzgUTSJ2CCNe6Ltp3njsB/41nrZYAiMUpX8AYP45YFG+R9D9mzQDtxeA0b2Bq w1yROB2Ap9EiZ4V5o9zWWqqrvsMpYXx6LeQvUEAHTNUpXwDjTv6LH3J6rKOTUoCM+EoS TjpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version; bh=Mn8dgY6EFr0zNk3iIPutqL8JhUnn1HXO8nHfWQ+gpCI=; b=KTLzjzUPcmKyOAqf01KCQkB0UND/BTOv/aaCqHbp3PLjbVN74dncrZ1V53SUN8sGbE nhIZiWplxwotQgKTr/AxEq4ZB0Nrt8J0lQtzOPK2Tm1OcnCdzcZ1caeAx3VVfqmrlm0T Fh9mKx4A/ZhCN1TC3FFTRY4dQQHZJZc35AQL5bza5cr/SNruq9yvjVnBphRLPHGDPSlO SsovHKmnl9bjC+NlbJYtSWg+eOE+TTd890GUJwc6pG3pYCL6vAWVtoQjo1o99qvxFH8k 3HBfFuDhUIowOIrl3hvJHFAxVGWcsKXGOYiytiE4fR8s8VfZ1RGKizF8YkcuGJiwSe/G 2Jrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v19si2405385otq.57.2020.03.02.14.12.58; Mon, 02 Mar 2020 14:13:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726232AbgCBWMx convert rfc822-to-8bit (ORCPT + 99 others); Mon, 2 Mar 2020 17:12:53 -0500 Received: from coyote.holtmann.net ([212.227.132.17]:48079 "EHLO mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725781AbgCBWMx (ORCPT ); Mon, 2 Mar 2020 17:12:53 -0500 Received: from marcel-macbook.fritz.box (p4FEFC5A7.dip0.t-ipconnect.de [79.239.197.167]) by mail.holtmann.org (Postfix) with ESMTPSA id 109EDCECC4; Mon, 2 Mar 2020 23:22:19 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\)) Subject: Re: [PATCH v2] bluetooth: guard against controllers sending zero'd events From: Marcel Holtmann In-Reply-To: <20200302154249.25047-1-alainm@chromium.org> Date: Mon, 2 Mar 2020 23:12:51 +0100 Cc: Bluez mailing list Content-Transfer-Encoding: 8BIT Message-Id: References: <20200302154249.25047-1-alainm@chromium.org> To: Alain Michaud X-Mailer: Apple Mail (2.3608.60.0.2.5) Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Alain, > Some controllers have been observed to send zero'd events under some > conditions. This change guards against this condition as well as adding > a trace to facilitate diagnosability of this condition. > > Signed-off-by: Alain Michaud > --- > > net/bluetooth/hci_event.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > index 591e7477e925..56305b3a865e 100644 > --- a/net/bluetooth/hci_event.c > +++ b/net/bluetooth/hci_event.c > @@ -5868,6 +5868,12 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) > u8 status = 0, event = hdr->evt, req_evt = 0; > u16 opcode = HCI_OP_NOP; > > + if (!event) { > + bt_dev_warn(hdev, "Received unexpected HCI Event 00000000"); > + kfree_skb(skb); > + hdev->stat.evt_rx++; > + } > + > if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { > struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; > opcode = __le16_to_cpu(cmd_hdr->opcode); what about doing just this: @@ -5868,6 +5868,11 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) u8 status = 0, event = hdr->evt, req_evt = 0; u16 opcode = HCI_OP_NOP; + if (!event) { + bt_dev_warn(hdev, ..); + goto done; + } + if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; opcode = __le16_to_cpu(cmd_hdr->opcode); @@ -6079,6 +6084,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) req_complete_skb(hdev, status, opcode, orig_skb); } +done: kfree_skb(orig_skb); kfree_skb(skb); hdev->stat.evt_rx++; Regards Marcel