Linux-Bluetooth Archive on lore.kernel.org
 help / color / Atom feed
* [RESEND PATCH v2] Bluetooth: Retry configure request if result is L2CAP_CONF_UNKNOWN
@ 2019-09-06  2:36 Andrey Smirnov
  0 siblings, 0 replies; only message in thread
From: Andrey Smirnov @ 2019-09-06  2:36 UTC (permalink / raw)
  To: Marcel Holtmann
  Cc: Andrey Smirnov, Pierre-Loup A . Griffais, Florian Dollinger,
	Johan Hedberg, linux-bluetooth, linux-kernel

Due to:

 * Current implementation of l2cap_config_rsp() dropping BT
   connection if sender of configuration response replied with unknown
   option failure (Result=0x0003/L2CAP_CONF_UNKNOWN)

 * Current implementation of l2cap_build_conf_req() adding
   L2CAP_CONF_RFC(0x04) option to initial configure request sent by
   the Linux host.

devices that do no recongninze L2CAP_CONF_RFC, such as Xbox One S
controllers, will get stuck in endless connect -> configure ->
disconnect loop, never connect and be generaly unusable.

To avoid this problem add code to do the following:

 1. Parse the body of response L2CAP_CONF_UNKNOWN and, in case of
    unsupported option being RFC, clear L2CAP_FEAT_ERTM and
    L2CAP_FEAT_STREAMING from connection's feature mask (in order to
    prevent RFC option from being added going forward)

 2. Retry configuration step the same way it's done for
    L2CAP_CONF_UNACCEPT

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Pierre-Loup A. Griffais <pgriffais@valvesoftware.com>
Cc: Florian Dollinger <dollinger.florian@gmx.de>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: linux-bluetooth@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---

Changes since [v1]:

   - Patch simplified to simply clear L2CAP_FEAT_ERTM |
     L2CAP_FEAT_STREAMING from feat_mask when device flags RFC options
     as unknown

[v1] lore.kernel.org/r/20190208025828.30901-1-andrew.smirnov@gmail.com

 net/bluetooth/l2cap_core.c | 58 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index dfc1edb168b7..77b65870b064 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4216,6 +4216,49 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
 	return err;
 }
 
+static inline int l2cap_config_rsp_unknown(struct l2cap_conn *conn,
+					   struct l2cap_chan *chan,
+					   const u8 *data,
+					   int len)
+{
+	char req[64];
+
+	if (!len || len > sizeof(req) -  sizeof(struct l2cap_conf_req))
+		return -ECONNRESET;
+
+	while (len--) {
+		const u8 option_type = *data++;
+
+		BT_DBG("chan %p, unknown option type: %u", chan,  option_type);
+
+		/* "...Hints shall not be included in the Response and
+		 * shall not be the sole cause for rejecting the
+		 * Request.."
+		 */
+		if (option_type & L2CAP_CONF_HINT)
+			return -ECONNRESET;
+
+		switch (option_type) {
+		case L2CAP_CONF_RFC:
+			/* Clearing the following feature should
+			 * prevent RFC option from being added next
+			 * connection attempt
+			 */
+			conn->feat_mask &= ~(L2CAP_FEAT_ERTM |
+					     L2CAP_FEAT_STREAMING);
+			break;
+		default:
+			return -ECONNRESET;
+		}
+	}
+
+	len = l2cap_build_conf_req(chan, req, sizeof(req));
+	l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, len, req);
+	chan->num_conf_req++;
+
+	return 0;
+}
+
 static inline int l2cap_config_rsp(struct l2cap_conn *conn,
 				   struct l2cap_cmd_hdr *cmd, u16 cmd_len,
 				   u8 *data)
@@ -4271,6 +4314,21 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn,
 		}
 		goto done;
 
+	case L2CAP_CONF_UNKNOWN:
+		if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
+			if (l2cap_config_rsp_unknown(conn, chan, rsp->data,
+						     len) < 0) {
+				l2cap_send_disconn_req(chan, ECONNRESET);
+				goto done;
+			}
+			break;
+		}
+		/* Once, chan->num_conf_rsp goes above
+		 * L2CAP_CONF_MAX_CONF_RSP we want to go down all the
+		 * way to default label (just like L2CAP_CONF_UNACCEPT
+		 * below)
+		 */
+		/* fall through */
 	case L2CAP_CONF_UNACCEPT:
 		if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
 			char req[64];
-- 
2.21.0


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-06  2:36 [RESEND PATCH v2] Bluetooth: Retry configure request if result is L2CAP_CONF_UNKNOWN Andrey Smirnov

Linux-Bluetooth Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-bluetooth/0 linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ https://lore.kernel.org/linux-bluetooth \
		linux-bluetooth@vger.kernel.org linux-bluetooth@archiver.kernel.org
	public-inbox-index linux-bluetooth


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-bluetooth


AGPL code for this site: git clone https://public-inbox.org/ public-inbox