From: Marcel Holtmann <marcel@holtmann.org>
To: Antti Julku <antti.julku@nokia.com>
Cc: Lukasz.Rymanowski@tieto.com, mika.linnanoja@nokia.com,
linux-bluetooth@vger.kernel.org, ville.tervo@nokia.com,
linus.walleij@stericsson.com,
par-gunnar.p.hjalmdahl@stericsson.com, padovan@profusion.mobi
Subject: Re: [PATCH] bluetooth: Fix for security block issue.
Date: Wed, 21 Sep 2011 10:01:56 +0200 [thread overview]
Message-ID: <1316592118.1937.114.camel@aeonflux> (raw)
In-Reply-To: <4E7990A9.2070709@nokia.com>
Hi Antti,
> >>> It's easy to reproduce at least with these dongles:
> >>>
> >>> Alink BLUEUSB21 (BCM)
> >>> Belkin BT2.1 F8T017 (BCM)
> >>> DeLock 2.1 (CSR)
> >>> PTS 2.1 (CSR)
> >>>
> >>> So most of our BT 2.1 dongles seem to be buggy. It would be nice to
> >>> have a workaround since it happens with so many dongles.
> >>
> >> If there is so many buggy devices I think Gustavo and Marcel could consider to take this patch.
> >
> > The patch is too hackish, I don't wanna have such workaround in the tree.
> > It is a good idea check the USB stack for possible causes for this bug.
> >
>
> We checked this with USB sniffer. Data comes from USB in the same order
> as shown in hcidump, so USB seems to work correctly.
and this means that the Bluetooth controller is screwing this up.
If you take a real Bluetooth air sniffer then you see that the packet is
most likely encrypted. Problem is just that we do not know for sure. And
the Bluetooth specification is pretty clear on what to do in these
cases. There is even a special qualification test case for this.
The real problem is that the HCI event packets and HCI data packets are
on a different endpoint when you do this over USB. And there is no real
guarantee of ordering in USB when you go over different endpoints.
This is essentially the same problem when some controllers send the
first data packet before we received the Connect Complete event with the
connection handle.
Fact is that the chip manufactures need to start testing for this. And
BlueZ is faster with its event processing than other stacks. That is
something they have to deal with.
Regards
Marcel
next prev parent reply other threads:[~2011-09-21 8:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-25 14:27 [PATCH] bluetooth: Fix for security block issue Lukasz Rymanowski
2011-01-25 16:13 ` Marcel Holtmann
2011-04-28 9:39 ` Antti Julku
2011-04-28 9:51 ` Ville Tervo
2011-04-29 7:49 ` Mika Linnanoja
2011-05-04 7:53 ` Lukasz.Rymanowski
2011-05-04 15:03 ` Luiz Augusto von Dentz
2011-05-05 19:09 ` Gustavo F. Padovan
2011-09-21 7:22 ` Antti Julku
2011-09-21 8:01 ` Marcel Holtmann [this message]
2011-05-05 19:02 ` Gustavo F. Padovan
2011-05-06 6:10 ` Mika Linnanoja
2011-05-06 7:28 ` Mika Linnanoja
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1316592118.1937.114.camel@aeonflux \
--to=marcel@holtmann.org \
--cc=Lukasz.Rymanowski@tieto.com \
--cc=antti.julku@nokia.com \
--cc=linus.walleij@stericsson.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=mika.linnanoja@nokia.com \
--cc=padovan@profusion.mobi \
--cc=par-gunnar.p.hjalmdahl@stericsson.com \
--cc=ville.tervo@nokia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).