* [PATCH v1] bluetooth: guard against controllers sending zero'd events
@ 2020-02-28 20:51 Alain Michaud
2020-02-29 7:14 ` Marcel Holtmann
0 siblings, 1 reply; 5+ messages in thread
From: Alain Michaud @ 2020-02-28 20:51 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Alain Michaud
Some controllers have been observed to send zero'd events under some
conditions. This change guards against this condition as well as adding
a trace to facilitate diagnosability of this condition.
Signed-off-by: Alain Michaud <alainm@chromium.org>
---
net/bluetooth/hci_event.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 591e7477e925..f865eddb8d69 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
u8 status = 0, event = hdr->evt, req_evt = 0;
u16 opcode = HCI_OP_NOP;
- if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
+ if (hdev->sent_cmd && event &&
+ bt_cb(hdev->sent_cmd)->hci.req_event == event) {
struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
opcode = __le16_to_cpu(cmd_hdr->opcode);
hci_req_cmd_complete(hdev, opcode, status, &req_complete,
@@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
req_evt = event;
}
+ if (!event)
+ BT_ERR("Received unexpected HCI Event 00000000");
+
/* If it looks like we might end up having to call
* req_complete_skb, store a pristine copy of the skb since the
* various handlers may modify the original one through
--
2.25.0.265.gbab2e86ba0-goog
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v1] bluetooth: guard against controllers sending zero'd events
2020-02-28 20:51 [PATCH v1] bluetooth: guard against controllers sending zero'd events Alain Michaud
@ 2020-02-29 7:14 ` Marcel Holtmann
2020-02-29 8:44 ` Johan Hedberg
0 siblings, 1 reply; 5+ messages in thread
From: Marcel Holtmann @ 2020-02-29 7:14 UTC (permalink / raw)
To: Alain Michaud; +Cc: linux-bluetooth
Hi Alain,
> Some controllers have been observed to send zero'd events under some
> conditions. This change guards against this condition as well as adding
> a trace to facilitate diagnosability of this condition.
can you include a trace for this as well please.
>
> Signed-off-by: Alain Michaud <alainm@chromium.org>
> ---
>
> net/bluetooth/hci_event.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index 591e7477e925..f865eddb8d69 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
> u8 status = 0, event = hdr->evt, req_evt = 0;
> u16 opcode = HCI_OP_NOP;
>
> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
> + if (hdev->sent_cmd && event &&
> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
> struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data;
> opcode = __le16_to_cpu(cmd_hdr->opcode);
> hci_req_cmd_complete(hdev, opcode, status, &req_complete,
> @@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
> req_evt = event;
> }
>
> + if (!event)
> + BT_ERR("Received unexpected HCI Event 00000000");
> +
We need to start using bt_dev_err if we want to do that. However in this case bt_dev_warn is better since we should be gracefully handling this anyway.
Regards
Marcel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] bluetooth: guard against controllers sending zero'd events
2020-02-29 7:14 ` Marcel Holtmann
@ 2020-02-29 8:44 ` Johan Hedberg
2020-03-01 2:44 ` Marcel Holtmann
0 siblings, 1 reply; 5+ messages in thread
From: Johan Hedberg @ 2020-02-29 8:44 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: Alain Michaud, linux-bluetooth
Hi Marcel,
On 29. Feb 2020, at 9.14, Marcel Holtmann <marcel@holtmann.org> wrote:
>> --- a/net/bluetooth/hci_event.c
>> +++ b/net/bluetooth/hci_event.c
>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
>> u8 status = 0, event = hdr->evt, req_evt = 0;
>> u16 opcode = HCI_OP_NOP;
>>
>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>> + if (hdev->sent_cmd && event &&
>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>
> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
Johan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] bluetooth: guard against controllers sending zero'd events
2020-02-29 8:44 ` Johan Hedberg
@ 2020-03-01 2:44 ` Marcel Holtmann
2020-03-01 8:38 ` Johan Hedberg
0 siblings, 1 reply; 5+ messages in thread
From: Marcel Holtmann @ 2020-03-01 2:44 UTC (permalink / raw)
To: Johan Hedberg; +Cc: Alain Michaud, linux-bluetooth
Hi Johan,
>>> --- a/net/bluetooth/hci_event.c
>>> +++ b/net/bluetooth/hci_event.c
>>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
>>> u8 status = 0, event = hdr->evt, req_evt = 0;
>>> u16 opcode = HCI_OP_NOP;
>>>
>>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>>> + if (hdev->sent_cmd && event &&
>>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) {
>>
>> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
>
> If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it.
Regards
Marcel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] bluetooth: guard against controllers sending zero'd events
2020-03-01 2:44 ` Marcel Holtmann
@ 2020-03-01 8:38 ` Johan Hedberg
0 siblings, 0 replies; 5+ messages in thread
From: Johan Hedberg @ 2020-03-01 8:38 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: Alain Michaud, linux-bluetooth
Hi Marcel,
On 1. Mar 2020, at 4.44, Marcel Holtmann <marcel@holtmann.org> wrote:
>>> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0?
>>
>> If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status.
>
> so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it.
Yeah, that’s what I’d do. Bail out early, but log a warning.
Johan
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-03-01 8:38 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-28 20:51 [PATCH v1] bluetooth: guard against controllers sending zero'd events Alain Michaud
2020-02-29 7:14 ` Marcel Holtmann
2020-02-29 8:44 ` Johan Hedberg
2020-03-01 2:44 ` Marcel Holtmann
2020-03-01 8:38 ` Johan Hedberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.