| Message ID | 20200228205146.161229-1-alainm@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Marcel Holtmann |
| Headers | show |
| Series | [v1] bluetooth: guard against controllers sending zero'd events | expand |
Hi Alain, > Some controllers have been observed to send zero'd events under some > conditions. This change guards against this condition as well as adding > a trace to facilitate diagnosability of this condition. can you include a trace for this as well please. > > Signed-off-by: Alain Michaud <alainm@chromium.org> > --- > > net/bluetooth/hci_event.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > index 591e7477e925..f865eddb8d69 100644 > --- a/net/bluetooth/hci_event.c > +++ b/net/bluetooth/hci_event.c > @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) > u8 status = 0, event = hdr->evt, req_evt = 0; > u16 opcode = HCI_OP_NOP; > > - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { > + if (hdev->sent_cmd && event && > + bt_cb(hdev->sent_cmd)->hci.req_event == event) { Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0? > struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; > opcode = __le16_to_cpu(cmd_hdr->opcode); > hci_req_cmd_complete(hdev, opcode, status, &req_complete, > @@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) > req_evt = event; > } > > + if (!event) > + BT_ERR("Received unexpected HCI Event 00000000"); > + We need to start using bt_dev_err if we want to do that. However in this case bt_dev_warn is better since we should be gracefully handling this anyway. Regards Marcel
Hi Marcel, On 29. Feb 2020, at 9.14, Marcel Holtmann <marcel@holtmann.org> wrote: >> --- a/net/bluetooth/hci_event.c >> +++ b/net/bluetooth/hci_event.c >> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) >> u8 status = 0, event = hdr->evt, req_evt = 0; >> u16 opcode = HCI_OP_NOP; >> >> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { >> + if (hdev->sent_cmd && event && >> + bt_cb(hdev->sent_cmd)->hci.req_event == event) { > > Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0? If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status. Johan
Hi Johan, >>> --- a/net/bluetooth/hci_event.c >>> +++ b/net/bluetooth/hci_event.c >>> @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) >>> u8 status = 0, event = hdr->evt, req_evt = 0; >>> u16 opcode = HCI_OP_NOP; >>> >>> - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { >>> + if (hdev->sent_cmd && event && >>> + bt_cb(hdev->sent_cmd)->hci.req_event == event) { >> >> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0? > > If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status. so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it. Regards Marcel
Hi Marcel, On 1. Mar 2020, at 4.44, Marcel Holtmann <marcel@holtmann.org> wrote: >>> Why are you bothering to check for event here. Do we have requests set with hci_req.event == 0? >> >> If I remember right, most requests are like that. req.event is only used then the request completes in something else than a command complete/status. > > so what do we do then if we get an event == 0 from the controller? Just bail out early? It seems kind pointless to keep processing it. Yeah, that’s what I’d do. Bail out early, but log a warning. Johan
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 591e7477e925..f865eddb8d69 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5868,7 +5868,8 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) u8 status = 0, event = hdr->evt, req_evt = 0; u16 opcode = HCI_OP_NOP; - if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { + if (hdev->sent_cmd && event && + bt_cb(hdev->sent_cmd)->hci.req_event == event) { struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; opcode = __le16_to_cpu(cmd_hdr->opcode); hci_req_cmd_complete(hdev, opcode, status, &req_complete, @@ -5876,6 +5877,9 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) req_evt = event; } + if (!event) + BT_ERR("Received unexpected HCI Event 00000000"); + /* If it looks like we might end up having to call * req_complete_skb, store a pristine copy of the skb since the * various handlers may modify the original one through
Some controllers have been observed to send zero'd events under some conditions. This change guards against this condition as well as adding a trace to facilitate diagnosability of this condition. Signed-off-by: Alain Michaud <alainm@chromium.org> --- net/bluetooth/hci_event.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)