* [PATCH] Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF
@ 2025-08-07 7:56 ` Yang Li via B4 Relay
0 siblings, 0 replies; 3+ messages in thread
From: Yang Li @ 2025-08-07 7:56 UTC (permalink / raw)
To: Marcel Holtmann, Johan Hedberg, Luiz Augusto von Dentz
Cc: linux-bluetooth, linux-kernel, Yang Li
After LE Extended Scan times out, conn->sid remains 0xFF,
so the PA sync creation process should be aborted.
Btmon snippet from PA sync with SID=0xFF:
< HCI Command: LE Set Extended.. (0x08|0x0042) plen 6 #74726 [hci0] 863.107927
Extended scan: Enabled (0x01)
Filter duplicates: Enabled (0x01)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Command Complete (0x0e) plen 4 #74727 [hci0] 863.109389
LE Set Extended Scan Enable (0x08|0x0042) ncmd 1
Status: Success (0x00)
< HCI Command: LE Periodic Ad.. (0x08|0x0044) plen 14 #74728 [hci0] 865.141168
Options: 0x0000
Use advertising SID, Advertiser Address Type and address
Reporting initially enabled
SID: 0xff
Adv address type: Random (0x01)
Adv address: 0D:D7:2C:E7:42:46 (Non-Resolvable)
Skip: 0x0000
Sync timeout: 20000 msec (0x07d0)
Sync CTE type: 0x0000
> HCI Event: Command Status (0x0f) plen 4 #74729 [hci0] 865.143223
LE Periodic Advertising Create Sync (0x08|0x0044) ncmd 1
Status: Success (0x00)
Signed-off-by: Yang Li <yang.li@amlogic.com>
---
net/bluetooth/hci_sync.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 387c128f2ba0..540794a4495f 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -7045,10 +7045,13 @@ static int hci_le_pa_create_sync(struct hci_dev *hdev, void *data)
/* SID has not been set listen for HCI_EV_LE_EXT_ADV_REPORT to update
* it.
*/
- if (conn->sid == HCI_SID_INVALID)
- __hci_cmd_sync_status_sk(hdev, HCI_OP_NOP, 0, NULL,
+ if (conn->sid == HCI_SID_INVALID) {
+ err = __hci_cmd_sync_status_sk(hdev, HCI_OP_NOP, 0, NULL,
HCI_EV_LE_EXT_ADV_REPORT,
conn->conn_timeout, NULL);
+ if (err == -ETIMEDOUT)
+ goto done;
+ }
memset(&cp, 0, sizeof(cp));
cp.options = qos->bcast.options;
@@ -7078,6 +7081,7 @@ static int hci_le_pa_create_sync(struct hci_dev *hdev, void *data)
__hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC_CANCEL,
0, NULL, HCI_CMD_TIMEOUT);
+done:
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
/* Update passive scan since HCI_PA_SYNC flag has been cleared */
---
base-commit: df18778595f9423542f38784749feca5471f9de7
change-id: 20250807-sid_invalid-2c8b626af2ef
Best regards,
--
Yang Li <yang.li@amlogic.com>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH] Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF
@ 2025-08-07 7:56 ` Yang Li via B4 Relay
0 siblings, 0 replies; 3+ messages in thread
From: Yang Li via B4 Relay @ 2025-08-07 7:56 UTC (permalink / raw)
To: Marcel Holtmann, Johan Hedberg, Luiz Augusto von Dentz
Cc: linux-bluetooth, linux-kernel, Yang Li
From: Yang Li <yang.li@amlogic.com>
After LE Extended Scan times out, conn->sid remains 0xFF,
so the PA sync creation process should be aborted.
Btmon snippet from PA sync with SID=0xFF:
< HCI Command: LE Set Extended.. (0x08|0x0042) plen 6 #74726 [hci0] 863.107927
Extended scan: Enabled (0x01)
Filter duplicates: Enabled (0x01)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Command Complete (0x0e) plen 4 #74727 [hci0] 863.109389
LE Set Extended Scan Enable (0x08|0x0042) ncmd 1
Status: Success (0x00)
< HCI Command: LE Periodic Ad.. (0x08|0x0044) plen 14 #74728 [hci0] 865.141168
Options: 0x0000
Use advertising SID, Advertiser Address Type and address
Reporting initially enabled
SID: 0xff
Adv address type: Random (0x01)
Adv address: 0D:D7:2C:E7:42:46 (Non-Resolvable)
Skip: 0x0000
Sync timeout: 20000 msec (0x07d0)
Sync CTE type: 0x0000
> HCI Event: Command Status (0x0f) plen 4 #74729 [hci0] 865.143223
LE Periodic Advertising Create Sync (0x08|0x0044) ncmd 1
Status: Success (0x00)
Signed-off-by: Yang Li <yang.li@amlogic.com>
---
net/bluetooth/hci_sync.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 387c128f2ba0..540794a4495f 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -7045,10 +7045,13 @@ static int hci_le_pa_create_sync(struct hci_dev *hdev, void *data)
/* SID has not been set listen for HCI_EV_LE_EXT_ADV_REPORT to update
* it.
*/
- if (conn->sid == HCI_SID_INVALID)
- __hci_cmd_sync_status_sk(hdev, HCI_OP_NOP, 0, NULL,
+ if (conn->sid == HCI_SID_INVALID) {
+ err = __hci_cmd_sync_status_sk(hdev, HCI_OP_NOP, 0, NULL,
HCI_EV_LE_EXT_ADV_REPORT,
conn->conn_timeout, NULL);
+ if (err == -ETIMEDOUT)
+ goto done;
+ }
memset(&cp, 0, sizeof(cp));
cp.options = qos->bcast.options;
@@ -7078,6 +7081,7 @@ static int hci_le_pa_create_sync(struct hci_dev *hdev, void *data)
__hci_cmd_sync_status(hdev, HCI_OP_LE_PA_CREATE_SYNC_CANCEL,
0, NULL, HCI_CMD_TIMEOUT);
+done:
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
/* Update passive scan since HCI_PA_SYNC flag has been cleared */
---
base-commit: df18778595f9423542f38784749feca5471f9de7
change-id: 20250807-sid_invalid-2c8b626af2ef
Best regards,
--
Yang Li <yang.li@amlogic.com>
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF
2025-08-07 7:56 ` Yang Li via B4 Relay
(?)
@ 2025-08-07 8:42 ` bluez.test.bot
-1 siblings, 0 replies; 3+ messages in thread
From: bluez.test.bot @ 2025-08-07 8:42 UTC (permalink / raw)
To: linux-bluetooth, yang.li
[-- Attachment #1: Type: text/plain, Size: 2377 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=989014
---Test result---
Test Summary:
CheckPatch PENDING 0.38 seconds
GitLint PENDING 0.33 seconds
SubjectPrefix PASS 0.12 seconds
BuildKernel PASS 24.16 seconds
CheckAllWarning PASS 26.81 seconds
CheckSparse PASS 29.59 seconds
BuildKernel32 PASS 23.84 seconds
TestRunnerSetup PASS 480.63 seconds
TestRunner_l2cap-tester PASS 24.91 seconds
TestRunner_iso-tester PASS 37.85 seconds
TestRunner_bnep-tester PASS 6.04 seconds
TestRunner_mgmt-tester FAIL 126.92 seconds
TestRunner_rfcomm-tester PASS 9.28 seconds
TestRunner_sco-tester PASS 14.69 seconds
TestRunner_ioctl-tester PASS 10.11 seconds
TestRunner_mesh-tester FAIL 11.42 seconds
TestRunner_smp-tester PASS 11.96 seconds
TestRunner_userchan-tester PASS 6.43 seconds
IncrementalBuild PENDING 0.61 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 490, Passed: 484 (98.8%), Failed: 2, Not Run: 4
Failed Test Cases
LL Privacy - Add Device 2 (2 Devices to AL) Failed 0.176 seconds
LL Privacy - Set Flags 3 (2 Devices to RL) Failed 0.184 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.098 seconds
Mesh - Send cancel - 2 Timed out 1.997 seconds
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-08-07 8:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-07 7:56 [PATCH] Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Yang Li
2025-08-07 7:56 ` Yang Li via B4 Relay
2025-08-07 8:42 ` bluez.test.bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.