Linux-Bluetooth Archive on lore.kernel.org
 help / color / Atom feed
From: Brian Gix <brian.gix@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: brian.gix@intel.com, inga.stotland@intel.com,
	michal.lowas-rzechonek@silvair.com, jakub.witowski@silvair.com
Subject: [PATCH BlueZ v3 1/1] mesh: Sequence number related fixes
Date: Thu, 16 Jan 2020 08:39:08 -0800
Message-ID: <20200116163908.18041-2-brian.gix@intel.com> (raw)
In-Reply-To: <20200116163908.18041-1-brian.gix@intel.com>

From: Jakub Witowski <jakub.witowski@silvair.com>

---
 mesh/crypto.c           |  3 +++
 mesh/mesh-config-json.c | 16 ++++++++++++++--
 mesh/net.c              |  9 +++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/mesh/crypto.c b/mesh/crypto.c
index 8ea906ac9..596a289f9 100644
--- a/mesh/crypto.c
+++ b/mesh/crypto.c
@@ -637,6 +637,9 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
 	uint32_t hdr;
 	size_t n;
 
+	if (seq > SEQ_MASK)
+		return false;
+
 	l_put_be32(seq, packet + 1);
 	packet[1] = (ctl ? CTL : 0) | (ttl & TTL_MASK);
 
diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 755caab0e..5855149e3 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -40,6 +40,7 @@
 #include "mesh/mesh-defs.h"
 #include "mesh/util.h"
 #include "mesh/mesh-config.h"
+#include "mesh/net.h"
 
 /* To prevent local node JSON cache thrashing, minimum update times */
 #define MIN_SEQ_CACHE_TRIGGER	32
@@ -365,7 +366,7 @@ static bool read_seq_number(json_object *jobj, uint32_t *seq_number)
 	if (!val && errno == EINVAL)
 		return false;
 
-	if (val < 0 || val > 0xffffff)
+	if (val < 0 || val > SEQ_MASK + 1)
 		return false;
 
 	*seq_number = (uint32_t) val;
@@ -2019,10 +2020,21 @@ bool mesh_config_write_seq_number(struct mesh_config *cfg, uint32_t seq,
 		if (cached < seq + MIN_SEQ_CACHE_VALUE)
 			cached = seq + MIN_SEQ_CACHE_VALUE;
 
-		l_debug("Seq Cache: %d -> %d", seq, cached);
+		/* Cap the seq cache maximum to fixed out-of-range value.
+		 * If daemon restarts with out-of-range value, no packets
+		 * are to be sent until IV Update procedure completes.
+		 */
+		if (cached > SEQ_MASK)
+			cached = SEQ_MASK + 1;
 
 		cfg->write_seq = seq;
 
+		/* Don't rewrite NVM storage if unchanged */
+		if (value == (int) cached)
+			return true;
+
+		l_debug("Seq Cache: %d -> %d", seq, cached);
+
 		if (!write_int(cfg->jnode, "sequenceNumber", cached))
 		    return false;
 
diff --git a/mesh/net.c b/mesh/net.c
index f0f0dbdbd..35388beec 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -511,6 +511,15 @@ uint32_t mesh_net_next_seq_num(struct mesh_net *net)
 {
 	uint32_t seq = net->seq_num++;
 
+	/* Cap out-of-range seq_num max value to +1. Out of range
+	 * seq_nums will not be sent as they would violate spec.
+	 * This condition signals a runaway seq_num condition, and
+	 * the node must wait for a completed IV Index update procedure
+	 * before it can send again.
+	 */
+	if (net->seq_num > SEQ_MASK)
+		net->seq_num = SEQ_MASK + 1;
+
 	node_set_sequence_number(net->node, net->seq_num);
 	return seq;
 }
-- 
2.21.1


  reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-16 16:39 [PATCH BlueZ v3 0/1] " Brian Gix
2020-01-16 16:39 ` Brian Gix [this message]
2020-01-16 18:16 ` Michał Lowas-Rzechonek
2020-01-16 20:51 ` Gix, Brian

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200116163908.18041-2-brian.gix@intel.com \
    --to=brian.gix@intel.com \
    --cc=inga.stotland@intel.com \
    --cc=jakub.witowski@silvair.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=michal.lowas-rzechonek@silvair.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Bluetooth Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-bluetooth/0 linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ https://lore.kernel.org/linux-bluetooth \
		linux-bluetooth@vger.kernel.org
	public-inbox-index linux-bluetooth

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-bluetooth


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git