Received: by 2002:a05:7412:7c14:b0:fa:6e18:a558 with SMTP id ii20csp417435rdb; Mon, 22 Jan 2024 08:07:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IEWDO0cT5F1RaF3CReb3Rwe/UhyuAjZ2v9w917+IoguSSmUa/0O9eWRC1PZhJ9moL1AskQv X-Received: by 2002:a17:906:fa8e:b0:a1d:8d09:d07d with SMTP id lt14-20020a170906fa8e00b00a1d8d09d07dmr4502385ejb.47.1705939636907; Mon, 22 Jan 2024 08:07:16 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705939636; cv=pass; d=google.com; s=arc-20160816; b=jCIKoaLGoOD4v9XvSG+XptsuRBE/jRdmp70kPg5JoVt3srFfa27UrA6N945o3dw0e9 TmqbOn46D/3uNVd1qLnTgj49MYs7tjFpy+oT/UTs3ZmHY6HwLpZjFINGI3OekKWMSp6b vO5oZ85ZNdf9RFWzgVvYuLFxDjtWjvkNV9qeDzg1tdeW8oH9Ivg0fQNziegRc/X/Xn5z mATBOUl9QQJLW11YHTn0iq7PgfZp86BWaP2joo9usunNU1W7ssWaOzmhaNpO636fgLta ojidDhQehm0pMkFok/siEH6q20Fkh7fW2FpOjoEdFWtjipLPxeMVfeUa/cpj6wzxgOqe rUyg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=BemZgJRskQRS9fjqFMrR9EbGfogLzA2Wg9/T5IbwFkE=; fh=vX3DmmqVy5qOXOz5EipqMiGgeJhQGUlvtaD1e8XWdcc=; b=mxjWHIY7tXC4YqzLZAXPv9UY9G3MY1WkQz+I/ZAAI+6TvAPSwwoQquuMN/gK1xxCmT Lh55t3SD3Nk6U8JlKgt02HCkRXgieOCkdmyqWZwNRUjPoMjjTA0YH7VI4MS22gInOcYa FDjirLI0mKKbQ8T7mYo64jkF9aV+cnHQMUc+Z9uZu+gQRvSqWnc8Bvh0mAb2ScQhu+YI oIP4D0a85AMIEEFUhmCnLJD0/6LxkDJL+C/qNFdbsk8393VmnVP//pUWuPshnrlFLqY6 W53zojEMb6ADwttPFyaV440nSGpIeZEPbwxpiQPUC4VFM0As1h5cFWmJikjKQAHz1MBP eLRw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Sk/MjHTD"; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-1222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-1222-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id g6-20020a170906198600b00a2ed29b609asi5830678ejd.610.2024.01.22.08.07.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 08:07:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-1222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="Sk/MjHTD"; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-1222-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-1222-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0989A1F23E8B for ; Mon, 22 Jan 2024 16:06:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 36AAA4E1CB; Mon, 22 Jan 2024 15:11:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Sk/MjHTD" X-Original-To: linux-bluetooth@vger.kernel.org Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F19A24E1C4 for ; Mon, 22 Jan 2024 15:11:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705936273; cv=none; b=Xpr36JrkL8ZKKYE3/KcgvZGumwscofIMEvjdQwSN3hlO5gTOHu+/o8LuIqOc3dHYhpr+yMHm7nbypAzLvDEq75TqyMNyTEB2Iry3CtPYIqDRzuDzBd9T1aUs1HCZ/PL2c6TSiwUwmL82s/Ybm/coSXqoxhPTKvP0p+Xp3yPhj4E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705936273; c=relaxed/simple; bh=UMJ8Gy1hnTQZrA0Pmf78FFanz0xBG0pCV+b+BbsuOwQ=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=EX0UmXBaec6MZFGf1gZnmn6HTnK241IMJ9MYOqOhDrJnVMDo68V6SL39mHtaXFVJXGMw0qd918uPUKo90YzFdKhBoIUjU9YrDfU1Vs1bU5/4bCD3txy0YgRth+kEv8JMPEYBGLt9n1R279Gpm9vC34MIoAstEUkUYIYTmWNlEp0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Sk/MjHTD; arc=none smtp.client-ip=209.85.208.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2cd04078ebeso42079741fa.1 for ; Mon, 22 Jan 2024 07:11:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705936270; x=1706541070; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=BemZgJRskQRS9fjqFMrR9EbGfogLzA2Wg9/T5IbwFkE=; b=Sk/MjHTDzfVpMpYdeJDm0OzztZO1lc/h6yhe6cjrlUy4garHQ8FxafngzWP6t5DHna MHDTtAAy+2qfMAE2O3TaRN9ZpMIfT0ZozVGIA/tofHawI8gJrkTOwLeCvuubybwErHex VTM89V1k7VVrEVp1KoR2tuwwQwiQLg/dkGYZM+ToNwIgwTR0js9GSX7ZVYvWnOpBARsD ApYzu8LiPcgWXOMkOj5N0ybzkCr3n4eog19dEBwlpyrAUI9SqFSC6h64DkciBebeNhTc khslQtAFwlApe3RZf624FtR5XPBsj2C8QKZQhPwb616SVFn61VrMHjdsfuXd9iQUqZwX mLZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705936270; x=1706541070; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BemZgJRskQRS9fjqFMrR9EbGfogLzA2Wg9/T5IbwFkE=; b=Dg3yIDNvkvHbCZ/ITIM9OTQbI8BEBP7WX+MxL5gfxAOOYRFGoarCfs7hln7mc217d2 bgG4hW4bqFkRO/tZvUxWaOrOzZ9O5bJx9ngSWNXmZmY5pJDbeYqY6BGYOYs0WhM1fQ4B aEYcayGbk2MNTsUdcbRyk+AnwcKilg9nmEhLCv0eKbnldTInojmk0NxbmhNIRsuAwZSg Y+86QGDlFQMZ6LCfK4ecM6HlKxXYUVTTKs3GqZpyeGFmCDObE2s+FwazmqSvqGYVErFt p/NXkf6OlpIUv510OnvmmEAjVm6AGAg/U9CFzFrN0HdsAX/hhitH7M5Ew+TjH7HFb6BI W7sg== X-Gm-Message-State: AOJu0YxGf3W0W/4EmrBpDcQFOTVDUvkDoSB2Emwcalhd+BGRjNtPerh7 Mox7ig8X5ItPwht49vtDTAPkz+DNoV6ccsmDJQwvSD2o5gvR4N10sUrFXWoXtPPVYjDzugfYMFu KVTbsUlwmoX+SIdXFoiP+OPlNKCoZV7QMELg= X-Received: by 2002:a2e:8486:0:b0:2cd:4164:5d68 with SMTP id b6-20020a2e8486000000b002cd41645d68mr3175935ljh.13.1705936269522; Mon, 22 Jan 2024 07:11:09 -0800 (PST) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <747030d8-a06f-4d7d-bf93-0e95f54b9bbf@munic.io> In-Reply-To: <747030d8-a06f-4d7d-bf93-0e95f54b9bbf@munic.io> From: Luiz Augusto von Dentz Date: Mon, 22 Jan 2024 10:10:56 -0500 Message-ID: Subject: Re: regression in c7f59461f5a78: Bluetooth: Fix a refcnt underflow problem for hci_conn To: Andrei Volkov Cc: linux-bluetooth@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Andrei, On Mon, Jan 22, 2024 at 9:45=E2=80=AFAM Andrei Volkov wrote: > > Hi Luiz, > > Wouldn't it be better to add a 'yet-another' flag as an addition to > HCI_CONN_SSP_ENABLED, and clear it unconditionally at the top of > 'hci_remote_ext_features_evt', before > > " conn =3D hci_conn_hash_lookup_handle " > > check? > > In this case broken ext_features response (with ev->status !=3D 0 or conn > =3D=3D NULL) will not indirectly enable the SSP feature. HCI_CONN_SSP_ENABLED is already at conn level, besides that it is too late to clear it if the SSP procedure has already taken place and on top of it I don't want to change the code too much and risk having more regressions like this. Btw, something tells me that Android is not actually doing the HCI_OP_READ_REMOTE_EXT_FEATURES since we do have CI testing SSP and this change hasn't cause us any problems, do you know what command it uses? Perhaps it tries SSP right-away or does it cache the previous response? > Regards > Andrei VOLKOV > > Le 22/01/2024 =C3=A0 15:02, Luiz Augusto von Dentz a =C3=A9crit : > > > Hi Andrei, > > > > On Mon, Jan 22, 2024 at 7:18=E2=80=AFAM Andrei Volkov > > wrote: > >> Hello, > >> > >> Lately we've bumped with regression introduced by commit: > >> > >> c7f59461f5a78 ("Bluetooth: Fix a refcnt underflow problem for > >> hci_conn", 2023-10-04) > >> > >> The regression related with adding "hci_conn_ssp_enabled()" check in > >> "hci_io_capa_request_evt()" handler, and broke pairing process initiat= ed > >> by the external device. > >> > >> Precisely, some ext. devices, like any phone equipped with Android ver= < > >> 14 (we have not latest one, so we didn't check), always send "IO > >> Capability Request" before "Read Remote Extended Features" command, as > >> consequence the flag "HCI_CONN_SSP_ENABLED" not yet activated at the > >> time of "hci_io_capa_request_evt()" execution and > >> "hci_conn_ssp_enabled()" always returns false in time of the pairing. > >> > >> As a result, pairing always fails. The quick and dirty fix is revert t= he > >> ssp check introduced in the subj. commit, like below: > >> > >> --- a/net/bluetooth/hci_event.c > >> +++ b/net/bluetooth/hci_event.c > >> @@ -5329,7 +5329,7 @@ static void hci_io_capa_request_evt(struct hci_d= ev > >> *hdev, void *data, > >> hci_dev_lock(hdev); > >> > >> conn =3D hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr= ); > >> - if (!conn || !hci_conn_ssp_enabled(conn)) > >> + if (!conn) > >> goto unlock; > >> > >> hci_conn_hold(conn); > >> > >> > >> However, a more thorough and correct fix requires discussion and > >> testing. Therefore, I would like to get any comments/suggestion from t= he > >> community before doing this. > > I think we need to do something like this, so we consider only the > > local SSP flag when evaluating if we should proceed to respond or just > > drop: > > > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > > index 6130c969f361..a15924db83d9 100644 > > --- a/net/bluetooth/hci_event.c > > +++ b/net/bluetooth/hci_event.c > > @@ -5327,9 +5327,12 @@ static void hci_io_capa_request_evt(struct > > hci_dev *hdev, void *data, > > hci_dev_lock(hdev); > > > > conn =3D hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); > > - if (!conn || !hci_conn_ssp_enabled(conn)) > > + if (!conn || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) > > goto unlock; > > > > + /* Assume remote supports SSP since it has triggered this event= */ > > + set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); > > + > > hci_conn_hold(conn); > > > > if (!hci_dev_test_flag(hdev, HCI_MGMT)) > > > > > >> Regards > >> Andrey VOLKOV > >> > >> > > --=20 Luiz Augusto von Dentz