Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp420986pxb; Tue, 1 Feb 2022 02:55:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJzNnm4k2U/MjKgMViWnTpxTAlckVu+4avkfcOKOgk27YMge33a60pB43u0z+CrkSgS5LxJV X-Received: by 2002:a17:906:1454:: with SMTP id q20mr20709241ejc.461.1643712954307; Tue, 01 Feb 2022 02:55:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643712954; cv=none; d=google.com; s=arc-20160816; b=P2WBaJgDRrJT+JOQ8sJHxLP19SDZU0eEyRpB0yl6bJb3EbWrEhCpfokj+bWjyR7c3s wWBOhqQ41+sX5DIrNNn7fB7eXXCdlxSUzw3iYsy+rbyTDGZOS4gFmKcLj7kpqGYkbGvs uShd262MUWMuGCr5/LLS0re8pP6fu1BD4rkZS3eHFY5qr2xd0Imp4tIPvOlMv9TfwjtI MgMPK4jvFz3icChoKn4SFonqW+GwzkUPRvAiQvr+gqhSyE6daToUDRDOo+ZbC9sp/SX3 yYu0OH0DJiUEO7cfOVtXppckQuptQ9B2tV3gqqXI/ggQuxS8mdh4LMWfMlJuv7l2+9iZ 6DpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:mime-version :dkim-signature; bh=A9rXa8MOMOqUl59jZILcjrVHPpj0gaywXdH3Ebep4zI=; b=EY1I5UzTPjyb0g2YCRo8IL8DvyIoL7y5ZCC00/NIl87Y3sqZvdHMmGP113rQY8P2zF v4uNd/q1h9mfhmz6I0Dossp1oRLGbi4s0fmaUChNB4rhqQRGGAK+w0GsW4lfXOXknBmw QnX3/PEmX2LueWQBAyx2SJt4Z/Ixim+YoVQJ9ZDAaxCbqq9lJmP2mcAzudKog4ee4TsS pYyKYtcxXyAZLNtIS6G5TpWQ4NNY201i96jHx1LKupwHIpsGb6StC4Vjf5df/mLCspcL EHxArSWIDvKQRvmBs2MUfslk2uLxq8APuxjcsbZt+bhMWHx2YymSLqG6Jdj6+26tr+GO s8jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kaishome.de header.s=google header.b="fcpnd6x/"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si11623234eda.1.2022.02.01.02.55.17; Tue, 01 Feb 2022 02:55:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kaishome.de header.s=google header.b="fcpnd6x/"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355371AbiA3PCz (ORCPT + 99 others); Sun, 30 Jan 2022 10:02:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355374AbiA3PCz (ORCPT ); Sun, 30 Jan 2022 10:02:55 -0500 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B367C061714 for ; Sun, 30 Jan 2022 07:02:54 -0800 (PST) Received: by mail-yb1-xb2e.google.com with SMTP id j2so19731002ybu.0 for ; Sun, 30 Jan 2022 07:02:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaishome.de; s=google; h=mime-version:from:date:message-id:subject:to; bh=A9rXa8MOMOqUl59jZILcjrVHPpj0gaywXdH3Ebep4zI=; b=fcpnd6x/yCzjJpJ4UJVM3bR8MB9UNlFJokooCvtABL/RkxtFAvFTxMcPq5wZMqdXJ/ tqL4U7B9L5FJ1uDLG3STX6aIPtaPz/76vniurYz/RolRiOUoVf9/eeHzROb3KbBXH/4j Xk8upP54EUwR95zRtYjOrYCJAJBUU0uZxgolE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=A9rXa8MOMOqUl59jZILcjrVHPpj0gaywXdH3Ebep4zI=; b=pN1cmkVoiuf0Yz5pQLo9mX6973KueKYlPB39p7dFeqCcVNXUSIBVAVw/8hhneUO1DB 5CxrtPBMNd5CIUvrPTic0Nb5X4BqadHsZZHFfuJBqvZCJBP+xuJbPTo7HMzMlTrHvJDm yyryu8Hh5bjKc8r0qXUpWeJqt8b/4tVtTwLM9kPrtpSpkkvIH1uQmtA3Ts/IbiMF5HPf ZpbNKfSTt/CvQP7q3015jIr4De4IRNcP7zFEHQsANNMEL7W7/V+XR8sAOECkGFsIhPph ST9b7udAAls7dNYSZwvVGezFnm50UYJ0zP68tsu2ELYOv5tCtH8GV0lO88v2N0jw4wiD spLQ== X-Gm-Message-State: AOAM5335PLH1ghIyQUsBAiy3tqds+AexHNZ41CDyN4rEe4oSBPQDrBfF TBa/Wpb823xKTmv6N7H/9HYUR0gU+bsoQVArrxWL09r1LXUd5w== X-Received: by 2002:a25:42c5:: with SMTP id p188mr24595258yba.154.1643554973588; Sun, 30 Jan 2022 07:02:53 -0800 (PST) MIME-Version: 1.0 From: Kai Krakow Date: Sun, 30 Jan 2022 16:02:43 +0100 Message-ID: Subject: kernel 5.15.17: Spamming dmesg with "Malicious advertising data" To: linux-bluetooth@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hello! Since kernel 5.15.17, dmesg is spammed with the following log, sometimes multiple times per second: > Bluetooth: hci0: Malicious advertising data. Stopping processing This was probably introduced by commit 2de0e6a71ceb056e17e4684dce8b7640367996f9. I'm not sure which device causes it, and it seems quite useless to repeat this message without any rate limiting, especially when no source of the incident is indicated. I'm suspecting that something is messed up here, and there's not really any malicious advertising going on. At least, there's a lot of LE advertising going on but that looks sane: ``` > HCI Event: LE Meta Event (0x3e) plen 40 #63 [hci0] 3.466120 LE Advertising Report (0x02) Num reports: 1 Event type: Non connectable undirected - ADV_NONCONN_IND (0x03) Address type: Public (0x00) Address: F8:04:2E:8A:20:C1 (SAMSUNG ELECTRO-MECHANICS(THAILAND)) Data length: 28 Company: Samsung Electronics Co. Ltd. (117) Data: 42040180aef8042e8a20c1fa042e8a20c001000000000000 RSSI: -68 dBm (0xbc) > HCI Event: LE Meta Event (0x3e) plen 40 #64 [hci0] 3.469127 LE Advertising Report (0x02) Num reports: 1 Event type: Connectable undirected - ADV_IND (0x00) Address type: Public (0x00) Address: 74:AC:B9:41:D2:23 (Ubiquiti Networks Inc.) Data length: 28 128-bit Service UUIDs (partial): 1 entry Vendor specific Service Data (UUID 0x252a): 74acb941d21c RSSI: -37 dBm (0xdb) > HCI Event: LE Meta Event (0x3e) plen 40 #65 [hci0] 3.540118 LE Advertising Report (0x02) Num reports: 1 Event type: Scannable undirected - ADV_SCAN_IND (0x02) Address type: Random (0x01) Address: 53:F3:43:9B:9D:13 (Resolvable) Data length: 28 16-bit Service UUIDs (complete): 1 entry Google (0xfe9f) Service Data (UUID 0xfe9f): 0000000000000000000000000000000000000000 RSSI: -70 dBm (0xba) > HCI Event: LE Meta Event (0x3e) plen 40 #66 [hci0] 3.596124 LE Advertising Report (0x02) Num reports: 1 Event type: Non connectable undirected - ADV_NONCONN_IND (0x03) Address type: Public (0x00) Address: 68:72:C3:A0:AA:75 (Samsung Electronics Co.,Ltd) Data length: 28 Company: Samsung Electronics Co. Ltd. (117) Data: 420401806e6872c3a0aa756a72c3a0aa7401000000000000 RSSI: -55 dBm (0xc9) ``` System info: > Linux jupiter 5.15.17-gentoo #1 SMP PREEMPT Sat Jan 29 07:32:24 CET 2022 x86_64 12th Gen Intel(R) Core(TM) i7-12700K GenuineIntel GNU/Linux > Bluetooth monitor ver 5.63 > = Note: Linux version 5.15.17-gentoo (x86_64) 0.256208 > = Note: Bluetooth subsystem version 2.22 0.256210 > = New Index: 00:1A:7D:DA:71:15 (Primary,USB,hci0) [hci0] 0.256211 > = Open Index: 00:1A:7D:DA:71:15 [hci0] 0.256212 > = Index Info: 00:1A:7D:DA:71:15 (Cambridge Silicon Radio) [hci0] 0.256212 > @ MGMT Open: bluetoothd (privileged) version 1.21 {0x0001} 0.256213 Regards, Kai