[PATCH] LMP transaction collision at Set encryption

[PATCH] LMP transaction collision at Set encryption

[rajmohan.mohanan]

From: mohanan <rajmohan.mohanan@intel.com>

ISSUE:
1. started pairing from my device(DUT) to a remote device (Lenovo T500). After successful bonding bluez send device discovery in the same ACL connection createdprior to BONDING
2. Changed to DUT role as slave.
3. From Host ,sending Set Connection Encryption, getting LMP Error Transaction Collision as status of  encryption command sent by DUT(Slave).(Remote guy who is a master has also initiated Set encryption).
4. In between bluez has initiated SDP search after bonding process complete(device_bonding_complete()).
5. From the encryption change event (event status is 0x23(LMP transaction collision),Bluez disconnecting l2cap and then acl link.
We are not able Find the services of remote device because application written in spite of service discovery has initiated after bonding process

FIX:
Made changes in hci_event.c  for solving LMP Transaction collision.

When we gets Encrypt change event with error code as LMP  transaction collision , Ignoring the change event because From Master Encrypt change event will process and will get encrypt change event with success second time.

If we are not getting Encrypt change event from master we are sending again Set encryption from slave( because we already sent a set encryption which result in to a collision) after 1 second delay.

If we getting a encrypt change event from master after collision event then we delete timer and process it normally.

HCIDUMP:

HCI sniffer - Bluetooth packet analyzer ver 1.42

device: hci0 snap_len: 1028 filter: 0xffffffff

2004-01-01 00:24:28.201531 < HCI Command: Create Connection (0x01|0x0005) plen 13

    bdaddr C4:17:FE:F5:74:DF ptype 0xcc18 rswitch 0x01 clkoffset 0x0000

    Packet type: DM1 DM3 DM5 DH1 DH3 DH5

2004-01-01 00:24:28.214399 > HCI Event: Command Status (0x0f) plen 4

    Create Connection (0x01|0x0005) status 0x00 ncmd 1

2004-01-01 00:24:33.329983 > HCI Event: Connect Complete (0x03) plen 11

    status 0x04 handle 65535 bdaddr C4:17:FE:F5:74:DF type ACL encrypt 0x00

    Error: Page Timeout

2004-01-01 00:24:45.458623 < HCI Command: Create Connection (0x01|0x0005) plen 13

    bdaddr C4:17:FE:F5:74:DF ptype 0xcc18 rswitch 0x01 clkoffset 0x0000

    Packet type: DM1 DM3 DM5 DH1 DH3 DH5

2004-01-01 00:24:45.466521 > HCI Event: Command Status (0x0f) plen 4

    Create Connection (0x01|0x0005) status 0x00 ncmd 1

2004-01-01 00:24:47.052369 > HCI Event: Role Change (0x12) plen 8

    status 0x00 bdaddr C4:17:FE:F5:74:DF role 0x01

    Role: Slave

2004-01-01 00:24:47.213870 > HCI Event: Connect Complete (0x03) plen 11

    status 0x00 handle 256 bdaddr C4:17:FE:F5:74:DF type ACL encrypt 0x00

2004-01-01 00:24:47.214457 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2

    handle 256

2004-01-01 00:24:47.234339 > HCI Event: Max Slots Change (0x1b) plen 3

    handle 256 slots 5

2004-01-01 00:24:47.234397 > HCI Event: Command Status (0x0f) plen 4

    Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1

2004-01-01 00:24:47.234405 > HCI Event: Read Remote Supported Features (0x0b) plen 11

    status 0x00 handle 256

    Features: 0xff 0xff 0x8f 0xfe 0x9b 0xff 0x79 0x83

2004-01-01 00:24:47.234917 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3

    handle 256 page 1

2004-01-01 00:24:47.236452 > HCI Event: Command Status (0x0f) plen 4

    Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1

2004-01-01 00:24:47.244773 > HCI Event: Read Remote Extended Features (0x23) plen 13

    status 0x00 handle 256 page 1 max 0

    Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00

2004-01-01 00:24:47.244923 < HCI Command: Authentication Requested (0x01|0x0011) plen 2

    handle 256

2004-01-01 00:24:47.246853 > HCI Event: Command Status (0x0f) plen 4

    Authentication Requested (0x01|0x0011) status 0x00 ncmd 1

2004-01-01 00:24:47.246882 > HCI Event: Link Key Request (0x17) plen 6

    bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:47.264148 < HCI Command: Remote Name Request (0x01|0x0019) plen 10

    bdaddr C4:17:FE:F5:74:DF mode 2 clkoffset 0x0000

2004-01-01 00:24:47.266043 > HCI Event: Command Status (0x0f) plen 4

    Remote Name Request (0x01|0x0019) status 0x00 ncmd 1

2004-01-01 00:24:47.270761 < HCI Command: Link Key Request Negative Reply (0x01|0x000c) plen 6

    bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:47.272375 > HCI Event: Command Complete (0x0e) plen 10

    Link Key Request Negative Reply (0x01|0x000c) ncmd 1

    status 0x00 bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:47.272536 > HCI Event: IO Capability Request (0x31) plen 6

    bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:47.280195 < HCI Command: IO Capability Request Reply (0x01|0x002b) plen 9

    bdaddr C4:17:FE:F5:74:DF capability 0x01 oob 0x00 auth 0x03

    Capability: DisplayYesNo (OOB data not present)

    Authentication: Dedicated Bonding (MITM Protection)

2004-01-01 00:24:47.282037 > HCI Event: Command Complete (0x0e) plen 10

    IO Capability Request Reply (0x01|0x002b) ncmd 1

    status 0x00 bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:48.026091 > HCI Event: IO Capability Response (0x32) plen 9

    bdaddr C4:17:FE:F5:74:DF capability 0x01 oob 0x00 auth 0x05

    Capability: DisplayYesNo (OOB data not present)

    Authentication: General Bonding (MITM Protection)

2004-01-01 00:24:48.027156 > HCI Event: Remote Name Req Complete (0x07) plen 255

    status 0x00 bdaddr C4:17:FE:F5:74:DF name 'ICHAUHAX-MOBL'

2004-01-01 00:24:49.023901 > HCI Event: User Confirmation Request (0x33) plen 10

    bdaddr C4:17:FE:F5:74:DF passkey 733849

2004-01-01 00:24:53.594371 < HCI Command: User Confirmation Request Reply (0x01|0x002c) plen 6

    bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:53.596301 > HCI Event: Command Complete (0x0e) plen 10

    User Confirmation Request Reply (0x01|0x002c) ncmd 1

    status 0x00 bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:58.224051 > HCI Event: Simple Pairing Complete (0x36) plen 7

    status 0x00 bdaddr C4:17:FE:F5:74:DF

2004-01-01 00:24:58.329211 > HCI Event: Link Key Notification (0x18) plen 23

    bdaddr C4:17:FE:F5:74:DF key 9DAA63E15700DAC5E321CFA90C251CAC type 5

    Type: Authenticated Combination Key

2004-01-01 00:24:58.329246 > HCI Event: Auth Complete (0x06) plen 3

    status 0x00 handle 256

2004-01-01 00:24:58.329536 < HCI Command: Set Connection Encryption (0x01|0x0013) plen 3

    handle 256 encrypt 0x01

2004-01-01 00:24:58.330803 > HCI Event: Command Status (0x0f) plen 4

    Set Connection Encryption (0x01|0x0013) status 0x00 ncmd 1

2004-01-01 00:24:58.331115 > HCI Event: Encrypt Change (0x08) plen 4

    status 0x23 handle 256 encrypt 0x00

    Error: LMP Error Transaction Collision

2004-01-01 00:24:58.334127 < HCI Command: Disconnect (0x01|0x0006) plen 3

    handle 256 reason 0x13

    Reason: Remote User Terminated Connection

2004-01-01 00:24:58.335829 > HCI Event: Command Status (0x0f) plen 4

    Disconnect (0x01|0x0006) status 0x00 ncmd 1

2004-01-01 00:24:58.505066 > HCI Event: Disconn Complete (0x05) plen 4

    status 0x00 handle 256 reason 0x16

    Reason: Connection Terminated by Local Host

2004-01-01 00:25:01.005023 < HCI Command: Create Connection (0x01|0x0005) plen 13

    bdaddr C4:17:FE:F5:74:DF ptype 0xcc18 rswitch 0x01 clkoffset 0x0000

    Packet type: DM1 DM3 DM5 DH1 DH3 DH5

2004-01-01 00:25:01.012243 > HCI Event: Command Status (0x0f) plen 4

    Create Connection (0x01|0x0005) status 0x00 ncmd 1

2004-01-01 00:25:04.143950 > HCI Event: Role Change (0x12) plen 8

    status 0x00 bdaddr C4:17:FE:F5:74:DF role 0x01

    Role: Slave

2004-01-01 00:25:04.302687 > HCI Event: Connect Complete (0x03) plen 11

    status 0x00 handle 256 bdaddr C4:17:FE:F5:74:DF type ACL encrypt 0x00

2004-01-01 00:25:04.302884 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2

    handle 256

2004-01-01 00:25:04.309310 > HCI Event: Command Status (0x0f) plen 4

    Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1

2004-01-01 00:25:04.309339 > HCI Event: Max Slots Change (0x1b) plen 3

    handle 256 slots 5

2004-01-01 00:25:04.316336 > HCI Event: Read Remote Supported Features (0x0b) plen 11

    status 0x00 handle 256

    Features: 0xff 0xff 0x8f 0xfe 0x9b 0xff 0x79 0x83

2004-01-01 00:25:04.316805 < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3

    handle 256 page 1

2004-01-01 00:25:04.318293 > HCI Event: Command Status (0x0f) plen 4

    Read Remote Extended Features (0x01|0x001c) status 0x00 ncmd 1

2004-01-01 00:25:04.323696 > HCI Event: Read Remote Extended Features (0x23) plen 13

    status 0x00 handle 256 page 1 max 0

    Features: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00

2004-01-01 00:25:04.323868 < ACL data: handle 256 flags 0x00 dlen 10

    L2CAP(s): Info req: type 2

2004-01-01 00:25:04.342133 > HCI Event: Number of Completed Packets (0x13) plen 5

    handle 256 packets 1

2004-01-01 00:25:04.347449 > ACL data: handle 256 flags 0x02 dlen 12

    L2CAP(s): Info rsp: type 2 result 1

      Not supported

2004-01-01 00:25:04.347614 < ACL data: handle 256 flags 0x00 dlen 10

    L2CAP(s): Info req: type 3

2004-01-01 00:25:04.364833 < HCI Command: Remote Name Request (0x01|0x0019) plen 10

    bdaddr C4:17:FE:F5:74:DF mode 2 clkoffset 0x0000

2004-01-01 00:25:04.366772 > HCI Event: Command Status (0x0f) plen 4

    Remote Name Request (0x01|0x0019) status 0x00 ncmd 1

2004-01-01 00:25:10.563930 > HCI Event: Number of Completed Packets (0x13) plen 5

    handle 256 packets 1

2004-01-01 00:25:10.565921 > ACL data: handle 256 flags 0x02 dlen 12

    L2CAP(s): Info rsp: type 3 result 1

      Not supported

2004-01-01 00:25:10.566069 < ACL data: handle 256 flags 0x00 dlen 12

    L2CAP(s): Connect req: psm 1 scid 0x0040

2004-01-01 00:25:40.756957 > HCI Event: Remote Name Req Complete (0x07) plen 255

    status 0x22 bdaddr C4:17:FE:F5:74:DF name ''

    Error: LMP Response Timeout

2004-01-01 00:25:40.756993 > HCI Event: Disconn Complete (0x05) plen 4

    status 0x00 handle 256 reason 0x22

    Reason: LMP Response Timeout

Signed-off-by: mohanan <rajmohan.mohanan@intel.com>
---
 include/net/bluetooth/hci.h      |    1 +
 include/net/bluetooth/hci_core.h |   11 ++++++-----
 net/bluetooth/hci_conn.c         |   22 +++++++++++++++++++++-
 net/bluetooth/hci_event.c        |   16 ++++++++++------
 4 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 22ddaf3..e2eefdd 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -108,6 +108,7 @@ enum {
 #define HCI_PAIRING_TIMEOUT	(60000)	/* 60 seconds */
 #define HCI_IDLE_TIMEOUT	(6000)	/* 6 seconds */
 #define HCI_INIT_TIMEOUT	(10000)	/* 10 seconds */
+#define HCI_ENCRYPTION_TIMEOUT (1000) /*1 seconds*/
 
 /* HCI data types */
 #define HCI_COMMAND_PKT		0x01
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 7a1c03d..e426786 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -197,10 +197,11 @@ struct hci_conn {
 	__u16            pkt_type;
 	__u16            link_policy;
 	__u32		 link_mode;
-	__u8             auth_type;
-	__u8             sec_level;
-	__u8             power_save;
-	__u16            disc_timeout;
+	__u8         auth_type;
+	__u8         sec_level;
+	__u8         power_save;
+	__u16        disc_timeout;
+	__u16        encrypt_timeout;   
 	unsigned long	 pend;
 
 	unsigned int	 sent;
@@ -209,7 +210,7 @@ struct hci_conn {
 
 	struct timer_list disc_timer;
 	struct timer_list idle_timer;
-
+    struct timer_list encrypt_timer;
 	struct work_struct work_add;
 	struct work_struct work_del;
 
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2f4d30f..22a6df0 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -195,7 +195,23 @@ static void hci_conn_idle(unsigned long arg)
 
 	hci_conn_enter_sniff_mode(conn);
 }
+static void hci_conn_encryption(unsigned long arg)
+{
+	struct hci_conn *conn = (void *) arg;
+    
+	BT_DBG("Encryption status check");
 
+	if((conn) && (test_and_clear_bit(HCI_CONN_ENCRYPT_PEND,&conn->pend)))
+	{
+		struct hci_dev *hdev = conn->hdev;
+		del_timer(&conn->encrypt_timer);
+		struct hci_cp_set_conn_encrypt cp;
+		cp.handle  = conn->handle;
+		cp.encrypt = 0x01;
+		hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
+					sizeof(cp), &cp);
+	}
+}
 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
 					__u16 pkt_type, bdaddr_t *dst)
 {
@@ -216,6 +232,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
 
 	conn->power_save = 1;
 	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
+	conn->encrypt_timeout = HCI_ENCRYPTION_TIMEOUT;
 
 	switch (type) {
 	case ACL_LINK:
@@ -245,6 +262,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
 
 	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
 	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
+	setup_timer(&conn->encrypt_timer, hci_conn_encryption, (unsigned long)conn);
 
 	atomic_set(&conn->refcnt, 0);
 
@@ -275,6 +293,8 @@ int hci_conn_del(struct hci_conn *conn)
 
 	del_timer(&conn->disc_timer);
 
+	del_timer(&conn->encrypt_timer);
+
 	if (conn->type == ACL_LINK) {
 		struct hci_conn *sco = conn->link;
 		if (sco)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index f7229d2..75719b4 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1,6 +1,5 @@
 /*
    BlueZ - Bluetooth protocol stack for Linux
-   Copyright (C) 2012 Intel Mobile Communications GmbH
    Copyright (C) 2000-2001 Qualcomm Incorporated
 
    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
@@ -21,9 +20,6 @@
    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
    SOFTWARE IS DISCLAIMED.
-
-notes:
-   18-Jan-2012 Added handling for hci flowspec complete event.
 */
 
 /* Bluetooth HCI event handling. */
@@ -1107,7 +1103,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
 {
 	struct hci_ev_encrypt_change *ev = (void *) skb->data;
 	struct hci_conn *conn;
-
+    unsigned long timeo;
 	BT_DBG("%s status %d", hdev->name, ev->status);
 
 	hci_dev_lock(hdev);
@@ -1115,6 +1111,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
 	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
 	if (conn) {
 		if (!ev->status) {
+			del_timer(&conn->encrypt_timer);
 			if (ev->encrypt) {
 				/* Encryption implies authentication */
 				conn->link_mode |= HCI_LM_AUTH;
@@ -1122,6 +1119,13 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
 			} else
 				conn->link_mode &= ~HCI_LM_ENCRYPT;
 		}
+	   else if(ev->status == 0x23)
+	   {
+	   		BT_DBG("LMP transactioon collision happened, we need to wait");
+			timeo = msecs_to_jiffies(conn->encrypt_timeout);
+		    mod_timer(&conn->encrypt_timer, jiffies + timeo);
+			goto done;
+	   }
 
 		clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
 
@@ -1134,7 +1138,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
 		} else
 			hci_encrypt_cfm(conn, ev->status, ev->encrypt);
 	}
-
+done:
 	hci_dev_unlock(hdev);
 }
 
-- 
1.7.0.4

Re: [PATCH] LMP transaction collision at Set encryption

[Luiz Augusto von Dentz]

Hi,

On Tue, Feb 14, 2012 at 10:57 AM,  <rajmohan.mohanan@intel.com> wrote:
> From: mohanan <rajmohan.mohanan@intel.com>
>
> ISSUE:
> 1. started pairing from my device(DUT) to a remote device (Lenovo T500). After successful bonding bluez send device discovery in the same ACL connection createdprior to BONDING
> 2. Changed to DUT role as slave.
> 3. From Host ,sending Set Connection Encryption, getting LMP Error Transaction Collision as status of  encryption command sent by DUT(Slave).(Remote guy who is a master has also initiated Set encryption).
> 4. In between bluez has initiated SDP search after bonding process complete(device_bonding_complete()).
> 5. From the encryption change event (event status is 0x23(LMP transaction collision),Bluez disconnecting l2cap and then acl link.
> We are not able Find the services of remote device because application written in spite of service discovery has initiated after bonding process

This stack that you are running in Lenovo T500 is really weird,
forcing master every time it connects and always starting sdp
immediately will for sure cause problems with other stacks too, afaik
even BITE tester does not like our reverse sdp which is not
immediately (2 sec.).

Anyway the point of not disconnecting on collision seems valid, btw
please start with "Bluetooth:..." when submitting patches to Linux
kernel.

> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
> index 22ddaf3..e2eefdd 100644
> --- a/include/net/bluetooth/hci.h
> +++ b/include/net/bluetooth/hci.h
> @@ -108,6 +108,7 @@ enum {
>  #define HCI_PAIRING_TIMEOUT    (60000) /* 60 seconds */
>  #define HCI_IDLE_TIMEOUT       (6000)  /* 6 seconds */
>  #define HCI_INIT_TIMEOUT       (10000) /* 10 seconds */
> +#define HCI_ENCRYPTION_TIMEOUT (1000) /*1 seconds*/
>
>  /* HCI data types */
>  #define HCI_COMMAND_PKT                0x01
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 7a1c03d..e426786 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -197,10 +197,11 @@ struct hci_conn {
>        __u16            pkt_type;
>        __u16            link_policy;
>        __u32            link_mode;
> -       __u8             auth_type;
> -       __u8             sec_level;
> -       __u8             power_save;
> -       __u16            disc_timeout;
> +       __u8         auth_type;
> +       __u8         sec_level;
> +       __u8         power_save;
> +       __u16        disc_timeout;
> +       __u16        encrypt_timeout;

It seems you are changing other lines instead of just adding
encrypt_timeout, make sure you/your editor is not adding spaces
instead of tabs for some reason.

>        unsigned long    pend;
>
>        unsigned int     sent;
> @@ -209,7 +210,7 @@ struct hci_conn {
>
>        struct timer_list disc_timer;
>        struct timer_list idle_timer;
> -
> +    struct timer_list encrypt_timer;
>        struct work_struct work_add;
>        struct work_struct work_del;

Grouping timer_list together but you don't need to remove the empty
line that separate them to the work_struct.

> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 2f4d30f..22a6df0 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -195,7 +195,23 @@ static void hci_conn_idle(unsigned long arg)
>
>        hci_conn_enter_sniff_mode(conn);
>  }
> +static void hci_conn_encryption(unsigned long arg)
> +{
> +       struct hci_conn *conn = (void *) arg;
> +
> +       BT_DBG("Encryption status check");
>
> +       if((conn) && (test_and_clear_bit(HCI_CONN_ENCRYPT_PEND,&conn->pend)))
> +       {
> +               struct hci_dev *hdev = conn->hdev;
> +               del_timer(&conn->encrypt_timer);
> +               struct hci_cp_set_conn_encrypt cp;
> +               cp.handle  = conn->handle;
> +               cp.encrypt = 0x01;
> +               hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
> +                                       sizeof(cp), &cp);
> +       }
> +}

No need to duplicate code of hci_conn_encrypt, you can just call it,
also I would call it hci_conn_encrypt_timeout to make clear this run
on timer context and avoid confusion with hci_conn_encrypt. Btw I
don't think you really need to use del_timer inside the callback since
we don't use on other timeout handlers.

> -   Copyright (C) 2012 Intel Mobile Communications GmbH

This is not upstream, it wont apply.

>    Copyright (C) 2000-2001 Qualcomm Incorporated
>
>    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
> @@ -21,9 +20,6 @@
>    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
>    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
>    SOFTWARE IS DISCLAIMED.
> -
> -notes:
> -   18-Jan-2012 Added handling for hci flowspec complete event.

Neither this.

> +          else if(ev->status == 0x23)
> +          {
> +                       BT_DBG("LMP transactioon collision happened, we need to wait");
> +                       timeo = msecs_to_jiffies(conn->encrypt_timeout);
> +                   mod_timer(&conn->encrypt_timer, jiffies + timeo);
> +                       goto done;
> +          }

Formatting here is wrong please check the coding style, also if the
remote stack run the same code (BlueZ vs BlueZ) it is going to collide
again after timer expire, so perhaps you should be checking if it is
master resend immediately otherwise wait for master.

-- 
Luiz Augusto von Dentz

RE: [PATCH] LMP transaction collision at Set encryption

[Mohanan, Rajmohan]

Hi,
      I could not really get what is the point " No need to duplicate code of hci_conn_encrypt, you can just call it ".Could you please explain ?
I will change the function name as you suggested and will remove the delete timer.

> +static void hci_conn_encryption(unsigned long arg) {
> +       struct hci_conn *conn = (void *) arg;
> +
> +       BT_DBG("Encryption status check");
>
> +       if((conn) && 
> +(test_and_clear_bit(HCI_CONN_ENCRYPT_PEND,&conn->pend)))
> +       {
> +               struct hci_dev *hdev = conn->hdev;
> +               del_timer(&conn->encrypt_timer);
> +               struct hci_cp_set_conn_encrypt cp;
> +               cp.handle  = conn->handle;
> +               cp.encrypt = 0x01;
> +               hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
> +                                       sizeof(cp), &cp);
> +       }
> +}

No need to duplicate code of hci_conn_encrypt, you can just call it, also I would call it hci_conn_encrypt_timeout to make clear this run on timer context and avoid confusion with hci_conn_encrypt. Btw I don't think you really need to use del_timer inside the callback since we don't use on other timeout handlers.

Regards
Rajmohan
-----Original Message-----
From: Luiz Augusto von Dentz [mailto:luiz.dentz@gmail.com] 
Sent: Tuesday, February 14, 2012 5:03 PM
To: Mohanan, Rajmohan
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH] LMP transaction collision at Set encryption

Hi,

On Tue, Feb 14, 2012 at 10:57 AM,  <rajmohan.mohanan@intel.com> wrote:
> From: mohanan <rajmohan.mohanan@intel.com>
>
> ISSUE:
> 1. started pairing from my device(DUT) to a remote device (Lenovo 
> T500). After successful bonding bluez send device discovery in the same ACL connection createdprior to BONDING 2. Changed to DUT role as slave.
> 3. From Host ,sending Set Connection Encryption, getting LMP Error Transaction Collision as status of  encryption command sent by DUT(Slave).(Remote guy who is a master has also initiated Set encryption).
> 4. In between bluez has initiated SDP search after bonding process complete(device_bonding_complete()).
> 5. From the encryption change event (event status is 0x23(LMP transaction collision),Bluez disconnecting l2cap and then acl link.
> We are not able Find the services of remote device because application 
> written in spite of service discovery has initiated after bonding 
> process

This stack that you are running in Lenovo T500 is really weird, forcing master every time it connects and always starting sdp immediately will for sure cause problems with other stacks too, afaik even BITE tester does not like our reverse sdp which is not immediately (2 sec.).

Anyway the point of not disconnecting on collision seems valid, btw please start with "Bluetooth:..." when submitting patches to Linux kernel.

> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h 
> index 22ddaf3..e2eefdd 100644
> --- a/include/net/bluetooth/hci.h
> +++ b/include/net/bluetooth/hci.h
> @@ -108,6 +108,7 @@ enum {
>  #define HCI_PAIRING_TIMEOUT    (60000) /* 60 seconds */
>  #define HCI_IDLE_TIMEOUT       (6000)  /* 6 seconds */
>  #define HCI_INIT_TIMEOUT       (10000) /* 10 seconds */
> +#define HCI_ENCRYPTION_TIMEOUT (1000) /*1 seconds*/
>
>  /* HCI data types */
>  #define HCI_COMMAND_PKT                0x01 diff --git 
> a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 7a1c03d..e426786 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -197,10 +197,11 @@ struct hci_conn {
>        __u16            pkt_type;
>        __u16            link_policy;
>        __u32            link_mode;
> -       __u8             auth_type;
> -       __u8             sec_level;
> -       __u8             power_save;
> -       __u16            disc_timeout;
> +       __u8         auth_type;
> +       __u8         sec_level;
> +       __u8         power_save;
> +       __u16        disc_timeout;
> +       __u16        encrypt_timeout;

It seems you are changing other lines instead of just adding encrypt_timeout, make sure you/your editor is not adding spaces instead of tabs for some reason.

>        unsigned long    pend;
>
>        unsigned int     sent;
> @@ -209,7 +210,7 @@ struct hci_conn {
>
>        struct timer_list disc_timer;
>        struct timer_list idle_timer;
> -
> +    struct timer_list encrypt_timer;
>        struct work_struct work_add;
>        struct work_struct work_del;

Grouping timer_list together but you don't need to remove the empty line that separate them to the work_struct.

> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 
> 2f4d30f..22a6df0 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -195,7 +195,23 @@ static void hci_conn_idle(unsigned long arg)
>
>        hci_conn_enter_sniff_mode(conn);
>  }
> +static void hci_conn_encryption(unsigned long arg) {
> +       struct hci_conn *conn = (void *) arg;
> +
> +       BT_DBG("Encryption status check");
>
> +       if((conn) && 
> +(test_and_clear_bit(HCI_CONN_ENCRYPT_PEND,&conn->pend)))
> +       {
> +               struct hci_dev *hdev = conn->hdev;
> +               del_timer(&conn->encrypt_timer);
> +               struct hci_cp_set_conn_encrypt cp;
> +               cp.handle  = conn->handle;
> +               cp.encrypt = 0x01;
> +               hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
> +                                       sizeof(cp), &cp);
> +       }
> +}

No need to duplicate code of hci_conn_encrypt, you can just call it, also I would call it hci_conn_encrypt_timeout to make clear this run on timer context and avoid confusion with hci_conn_encrypt. Btw I don't think you really need to use del_timer inside the callback since we don't use on other timeout handlers.

> -   Copyright (C) 2012 Intel Mobile Communications GmbH

This is not upstream, it wont apply.

>    Copyright (C) 2000-2001 Qualcomm Incorporated
>
>    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> @@ -21,9 
> +20,6 @@
>    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
>    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
>    SOFTWARE IS DISCLAIMED.
> -
> -notes:
> -   18-Jan-2012 Added handling for hci flowspec complete event.

Neither this.

> +          else if(ev->status == 0x23)
> +          {
> +                       BT_DBG("LMP transactioon collision happened, 
> + we need to wait");
> +                       timeo = 
> + msecs_to_jiffies(conn->encrypt_timeout);
> +                   mod_timer(&conn->encrypt_timer, jiffies + timeo);
> +                       goto done;
> +          }

Formatting here is wrong please check the coding style, also if the remote stack run the same code (BlueZ vs BlueZ) it is going to collide again after timer expire, so perhaps you should be checking if it is master resend immediately otherwise wait for master.

--
Luiz Augusto von Dentz

Re: [PATCH] LMP transaction collision at Set encryption

[Marcel Holtmann]

Hi Rajmohan,

> ISSUE:
> 1. started pairing from my device(DUT) to a remote device (Lenovo T500). After successful bonding bluez send device discovery in the same ACL connection createdprior to BONDING
> 2. Changed to DUT role as slave.
> 3. From Host ,sending Set Connection Encryption, getting LMP Error Transaction Collision as status of  encryption command sent by DUT(Slave).(Remote guy who is a master has also initiated Set encryption).
> 4. In between bluez has initiated SDP search after bonding process complete(device_bonding_complete()).
> 5. From the encryption change event (event status is 0x23(LMP transaction collision),Bluez disconnecting l2cap and then acl link.
> We are not able Find the services of remote device because application written in spite of service discovery has initiated after bonding process

please reformat this to keep it under 72 characters per line. Mainly so
that a git log in a 80 char wide terminal stays readable.

> FIX:
> Made changes in hci_event.c  for solving LMP Transaction collision.
> 
> When we gets Encrypt change event with error code as LMP  transaction collision , Ignoring the change event because From Master Encrypt change event will process and will get encrypt change event with success second time.
> 
> If we are not getting Encrypt change event from master we are sending again Set encryption from slave( because we already sent a set encryption which result in to a collision) after 1 second delay.
> 
> If we getting a encrypt change event from master after collision event then we delete timer and process it normally.

Same here.

> 
> HCIDUMP:
> 
> HCI sniffer - Bluetooth packet analyzer ver 1.42
> 
> device: hci0 snap_len: 1028 filter: 0xffffffff
> 
> 2004-01-01 00:24:28.201531 < HCI Command: Create Connection (0x01|0x0005) plen 13
> 
>     bdaddr C4:17:FE:F5:74:DF ptype 0xcc18 rswitch 0x01 clkoffset 0x0000
> 
>     Packet type: DM1 DM3 DM5 DH1 DH3 DH5

Please fix this up and remove the empty lines. I bet that you send this
through Exchange and one point and it messed it up for you, but it still
needs to be fixed.

> Signed-off-by: mohanan <rajmohan.mohanan@intel.com>

Please have a proper full name signed-off-by line. Same goes for From:.

> ---
>  include/net/bluetooth/hci.h      |    1 +
>  include/net/bluetooth/hci_core.h |   11 ++++++-----
>  net/bluetooth/hci_conn.c         |   22 +++++++++++++++++++++-
>  net/bluetooth/hci_event.c        |   16 ++++++++++------
>  4 files changed, 38 insertions(+), 12 deletions(-)
> 
> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
> index 22ddaf3..e2eefdd 100644
> --- a/include/net/bluetooth/hci.h
> +++ b/include/net/bluetooth/hci.h
> @@ -108,6 +108,7 @@ enum {
>  #define HCI_PAIRING_TIMEOUT	(60000)	/* 60 seconds */
>  #define HCI_IDLE_TIMEOUT	(6000)	/* 6 seconds */
>  #define HCI_INIT_TIMEOUT	(10000)	/* 10 seconds */
> +#define HCI_ENCRYPTION_TIMEOUT (1000) /*1 seconds*/

Follow the coding style for comments. Example is right above.

>  
>  /* HCI data types */
>  #define HCI_COMMAND_PKT		0x01
> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
> index 7a1c03d..e426786 100644
> --- a/include/net/bluetooth/hci_core.h
> +++ b/include/net/bluetooth/hci_core.h
> @@ -197,10 +197,11 @@ struct hci_conn {
>  	__u16            pkt_type;
>  	__u16            link_policy;
>  	__u32		 link_mode;
> -	__u8             auth_type;
> -	__u8             sec_level;
> -	__u8             power_save;
> -	__u16            disc_timeout;
> +	__u8         auth_type;
> +	__u8         sec_level;
> +	__u8         power_save;
> +	__u16        disc_timeout;
> +	__u16        encrypt_timeout;   

Follow our indentation and do not re-format things.

>  	unsigned long	 pend;
>  
>  	unsigned int	 sent;
> @@ -209,7 +210,7 @@ struct hci_conn {
>  
>  	struct timer_list disc_timer;
>  	struct timer_list idle_timer;
> -
> +    struct timer_list encrypt_timer;

I don't think this is against Johan's bluetooth-next tree. We converted
to workqueues.

>  	struct work_struct work_add;
>  	struct work_struct work_del;
>  
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 2f4d30f..22a6df0 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -195,7 +195,23 @@ static void hci_conn_idle(unsigned long arg)
>  
>  	hci_conn_enter_sniff_mode(conn);
>  }

Extra empty line here between functions. Please follow coding
convention.

> +static void hci_conn_encryption(unsigned long arg)
> +{
> +	struct hci_conn *conn = (void *) arg;
> +    
> +	BT_DBG("Encryption status check");
>  
> +	if((conn) && (test_and_clear_bit(HCI_CONN_ENCRYPT_PEND,&conn->pend)))

No (conn) and it is if<space>(. Please follow coding convention as you
see all through the code.

> +	{
> +		struct hci_dev *hdev = conn->hdev;
> +		del_timer(&conn->encrypt_timer);
> +		struct hci_cp_set_conn_encrypt cp;
> +		cp.handle  = conn->handle;
> +		cp.encrypt = 0x01;
> +		hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
> +					sizeof(cp), &cp);
> +	}
> +}
>  struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
>  					__u16 pkt_type, bdaddr_t *dst)
>  {
> @@ -216,6 +232,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
>  
>  	conn->power_save = 1;
>  	conn->disc_timeout = HCI_DISCONN_TIMEOUT;
> +	conn->encrypt_timeout = HCI_ENCRYPTION_TIMEOUT;

Why are we doing this? It makes no sense. The timeout is always the
same. The case of the disconnect timeout is different since it changes.
So please remove this.

>  
>  	switch (type) {
>  	case ACL_LINK:
> @@ -245,6 +262,7 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type,
>  
>  	setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
>  	setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
> +	setup_timer(&conn->encrypt_timer, hci_conn_encryption, (unsigned long)conn);

This reminds me. Shortcut encryption to encrypt like we do everywhere
else.

>  
>  	atomic_set(&conn->refcnt, 0);
>  
> @@ -275,6 +293,8 @@ int hci_conn_del(struct hci_conn *conn)
>  
>  	del_timer(&conn->disc_timer);
>  
> +	del_timer(&conn->encrypt_timer);
> +
>  	if (conn->type == ACL_LINK) {
>  		struct hci_conn *sco = conn->link;
>  		if (sco)
> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
> index f7229d2..75719b4 100644
> --- a/net/bluetooth/hci_event.c
> +++ b/net/bluetooth/hci_event.c
> @@ -1,6 +1,5 @@
>  /*
>     BlueZ - Bluetooth protocol stack for Linux
> -   Copyright (C) 2012 Intel Mobile Communications GmbH
>     Copyright (C) 2000-2001 Qualcomm Incorporated
>  
>     Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
> @@ -21,9 +20,6 @@
>     ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
>     COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
>     SOFTWARE IS DISCLAIMED.
> -
> -notes:
> -   18-Jan-2012 Added handling for hci flowspec complete event.
>  */

No idea where this comes from, but it is not upstream. Patch has to
apply cleanly against Johan's bluetooth-next tree.
 
>  /* Bluetooth HCI event handling. */
> @@ -1107,7 +1103,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
>  {
>  	struct hci_ev_encrypt_change *ev = (void *) skb->data;
>  	struct hci_conn *conn;
> -
> +    unsigned long timeo;
>  	BT_DBG("%s status %d", hdev->name, ev->status);

Please keep the coding style.

>  
>  	hci_dev_lock(hdev);
> @@ -1115,6 +1111,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
>  	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
>  	if (conn) {
>  		if (!ev->status) {
> +			del_timer(&conn->encrypt_timer);
>  			if (ev->encrypt) {
>  				/* Encryption implies authentication */
>  				conn->link_mode |= HCI_LM_AUTH;
> @@ -1122,6 +1119,13 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
>  			} else
>  				conn->link_mode &= ~HCI_LM_ENCRYPT;
>  		}
> +	   else if(ev->status == 0x23)
> +	   {

Please keep the coding style.

> +	   		BT_DBG("LMP transactioon collision happened, we need to wait");
> +			timeo = msecs_to_jiffies(conn->encrypt_timeout);
> +		    mod_timer(&conn->encrypt_timer, jiffies + timeo);

And once more.

> +			goto done;
> +	   }
>  
>  		clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
>  
> @@ -1134,7 +1138,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
>  		} else
>  			hci_encrypt_cfm(conn, ev->status, ev->encrypt);
>  	}
> -
> +done:
>  	hci_dev_unlock(hdev);
>  }
>  

Regards

Marcel

RE: [PATCH] LMP transaction collision at Set encryption

[Mohanan, Rajmohan]

SGksDQogICAgICBJbiBMbXAgdHJhbnNhY3Rpb24gY29sbGlzaW9uIGhhcHBlbnMgYXQgc2V0IGVu
Y3J5cHRpb24gcmVxdWVzdCAsDQogICAgIGlmIGVuY3J5cHQgY2hhbmdlIGV2ZW50IHdpdGggc3Rh
dHVzIGNvZGUgIiBMTVAgdHJhbnNhY3Rpb24gY29sbGlzaW9uICJjb21lcyBhbmQgd2lsbCBzdGFy
dCB0aGUgZGlzY29ubmVjdGlvbiBwcm9jZWR1cmUuDQogICAgIElmIGVuY3J5cHRpb24gY2hhbmdl
IGV2ZW50IHdpdGggc3VjY2VzcyhNYXN0ZXIgaW5pdGlhdGVkKSAgY29tZXMgd2l0aCBpbiAxMCBt
aWxsaXNlY29uZCwgdGhlbiBjb25uLT5yZWZjb3VudCB3aWxsIGdvIHRvIGEgbmVnYXRpdmUgICB2
YWx1ZShiZWNhdXNlIGhjaV9jb25uX3B1dCBpcyBjYWxsaW5nIGFuZCBpdCB3aWxsIGRlY3JlbWVu
dCB0aGUgcmVmZXJlbmNlIGNvdW50IHdoaWNoIHdhcyB6ZXJvIGFscmVhZHkgIGluIHRoZSBwcmV2
aW91cyBlcnJvciByZXNwb25zZSkuIEF0IHRoaXMgdGltZSBkaXNjb25uZWN0aW9uIHdvbid0IGhh
cHBlbiBidXQgdGhlIHJlZmVyZW5jZSBjb3VudCB2YWx1ZSB3ZW50IHRvIG5lZ2F0aXZlIHdoaWNo
IHdpbGwgbWFrZSB0aGUgdGltZXIgb3BlcmF0aW9ucyBpbiBhIGJhZCBzdGF0ZS4gSSBoYXZlIGZh
Y2VkIHRoaXMgaXNzdWUgdHdvIHRpbWVzLg0KDQpJZiBJJ20gbWlzdW5kZXJzdG9vZCBwbGVhc2Ug
Y29ycmVjdCBtZS4NCg0KU28gdGhlIHBhdGNoICBzb2x2ZXMgdGhpcyBpc3N1ZSBhbHNvLg0KDQpS
ZWdhcmRzDQpSYWptb2hhbg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTWFy
Y2VsIEhvbHRtYW5uIFttYWlsdG86bWFyY2VsQGhvbHRtYW5uLm9yZ10gDQpTZW50OiBXZWRuZXNk
YXksIEZlYnJ1YXJ5IDE1LCAyMDEyIDY6MDAgUE0NClRvOiBNb2hhbmFuLCBSYWptb2hhbg0KQ2M6
IGxpbnV4LWJsdWV0b290aEB2Z2VyLmtlcm5lbC5vcmcNClN1YmplY3Q6IFJlOiBbUEFUQ0hdIExN
UCB0cmFuc2FjdGlvbiBjb2xsaXNpb24gYXQgU2V0IGVuY3J5cHRpb24NCg0KSGkgUmFqbW9oYW4s
DQoNCj4gSVNTVUU6DQo+IDEuIHN0YXJ0ZWQgcGFpcmluZyBmcm9tIG15IGRldmljZShEVVQpIHRv
IGEgcmVtb3RlIGRldmljZSAoTGVub3ZvIA0KPiBUNTAwKS4gQWZ0ZXIgc3VjY2Vzc2Z1bCBib25k
aW5nIGJsdWV6IHNlbmQgZGV2aWNlIGRpc2NvdmVyeSBpbiB0aGUgc2FtZSBBQ0wgY29ubmVjdGlv
biBjcmVhdGVkcHJpb3IgdG8gQk9ORElORyAyLiBDaGFuZ2VkIHRvIERVVCByb2xlIGFzIHNsYXZl
Lg0KPiAzLiBGcm9tIEhvc3QgLHNlbmRpbmcgU2V0IENvbm5lY3Rpb24gRW5jcnlwdGlvbiwgZ2V0
dGluZyBMTVAgRXJyb3IgVHJhbnNhY3Rpb24gQ29sbGlzaW9uIGFzIHN0YXR1cyBvZiAgZW5jcnlw
dGlvbiBjb21tYW5kIHNlbnQgYnkgRFVUKFNsYXZlKS4oUmVtb3RlIGd1eSB3aG8gaXMgYSBtYXN0
ZXIgaGFzIGFsc28gaW5pdGlhdGVkIFNldCBlbmNyeXB0aW9uKS4NCj4gNC4gSW4gYmV0d2VlbiBi
bHVleiBoYXMgaW5pdGlhdGVkIFNEUCBzZWFyY2ggYWZ0ZXIgYm9uZGluZyBwcm9jZXNzIGNvbXBs
ZXRlKGRldmljZV9ib25kaW5nX2NvbXBsZXRlKCkpLg0KPiA1LiBGcm9tIHRoZSBlbmNyeXB0aW9u
IGNoYW5nZSBldmVudCAoZXZlbnQgc3RhdHVzIGlzIDB4MjMoTE1QIHRyYW5zYWN0aW9uIGNvbGxp
c2lvbiksQmx1ZXogZGlzY29ubmVjdGluZyBsMmNhcCBhbmQgdGhlbiBhY2wgbGluay4NCj4gV2Ug
YXJlIG5vdCBhYmxlIEZpbmQgdGhlIHNlcnZpY2VzIG9mIHJlbW90ZSBkZXZpY2UgYmVjYXVzZSBh
cHBsaWNhdGlvbiANCj4gd3JpdHRlbiBpbiBzcGl0ZSBvZiBzZXJ2aWNlIGRpc2NvdmVyeSBoYXMg
aW5pdGlhdGVkIGFmdGVyIGJvbmRpbmcgDQo+IHByb2Nlc3MNCg0KcGxlYXNlIHJlZm9ybWF0IHRo
aXMgdG8ga2VlcCBpdCB1bmRlciA3MiBjaGFyYWN0ZXJzIHBlciBsaW5lLiBNYWlubHkgc28gdGhh
dCBhIGdpdCBsb2cgaW4gYSA4MCBjaGFyIHdpZGUgdGVybWluYWwgc3RheXMgcmVhZGFibGUuDQoN
Cj4gRklYOg0KPiBNYWRlIGNoYW5nZXMgaW4gaGNpX2V2ZW50LmMgIGZvciBzb2x2aW5nIExNUCBU
cmFuc2FjdGlvbiBjb2xsaXNpb24uDQo+IA0KPiBXaGVuIHdlIGdldHMgRW5jcnlwdCBjaGFuZ2Ug
ZXZlbnQgd2l0aCBlcnJvciBjb2RlIGFzIExNUCAgdHJhbnNhY3Rpb24gY29sbGlzaW9uICwgSWdu
b3JpbmcgdGhlIGNoYW5nZSBldmVudCBiZWNhdXNlIEZyb20gTWFzdGVyIEVuY3J5cHQgY2hhbmdl
IGV2ZW50IHdpbGwgcHJvY2VzcyBhbmQgd2lsbCBnZXQgZW5jcnlwdCBjaGFuZ2UgZXZlbnQgd2l0
aCBzdWNjZXNzIHNlY29uZCB0aW1lLg0KPiANCj4gSWYgd2UgYXJlIG5vdCBnZXR0aW5nIEVuY3J5
cHQgY2hhbmdlIGV2ZW50IGZyb20gbWFzdGVyIHdlIGFyZSBzZW5kaW5nIGFnYWluIFNldCBlbmNy
eXB0aW9uIGZyb20gc2xhdmUoIGJlY2F1c2Ugd2UgYWxyZWFkeSBzZW50IGEgc2V0IGVuY3J5cHRp
b24gd2hpY2ggcmVzdWx0IGluIHRvIGEgY29sbGlzaW9uKSBhZnRlciAxIHNlY29uZCBkZWxheS4N
Cj4gDQo+IElmIHdlIGdldHRpbmcgYSBlbmNyeXB0IGNoYW5nZSBldmVudCBmcm9tIG1hc3RlciBh
ZnRlciBjb2xsaXNpb24gZXZlbnQgdGhlbiB3ZSBkZWxldGUgdGltZXIgYW5kIHByb2Nlc3MgaXQg
bm9ybWFsbHkuDQoNClNhbWUgaGVyZS4NCg0KPiANCj4gSENJRFVNUDoNCj4gDQo+IEhDSSBzbmlm
ZmVyIC0gQmx1ZXRvb3RoIHBhY2tldCBhbmFseXplciB2ZXIgMS40Mg0KPiANCj4gZGV2aWNlOiBo
Y2kwIHNuYXBfbGVuOiAxMDI4IGZpbHRlcjogMHhmZmZmZmZmZg0KPiANCj4gMjAwNC0wMS0wMSAw
MDoyNDoyOC4yMDE1MzEgPCBIQ0kgQ29tbWFuZDogQ3JlYXRlIENvbm5lY3Rpb24gDQo+ICgweDAx
fDB4MDAwNSkgcGxlbiAxMw0KPiANCj4gICAgIGJkYWRkciBDNDoxNzpGRTpGNTo3NDpERiBwdHlw
ZSAweGNjMTggcnN3aXRjaCAweDAxIGNsa29mZnNldCANCj4gMHgwMDAwDQo+IA0KPiAgICAgUGFj
a2V0IHR5cGU6IERNMSBETTMgRE01IERIMSBESDMgREg1DQoNClBsZWFzZSBmaXggdGhpcyB1cCBh
bmQgcmVtb3ZlIHRoZSBlbXB0eSBsaW5lcy4gSSBiZXQgdGhhdCB5b3Ugc2VuZCB0aGlzIHRocm91
Z2ggRXhjaGFuZ2UgYW5kIG9uZSBwb2ludCBhbmQgaXQgbWVzc2VkIGl0IHVwIGZvciB5b3UsIGJ1
dCBpdCBzdGlsbCBuZWVkcyB0byBiZSBmaXhlZC4NCg0KPiBTaWduZWQtb2ZmLWJ5OiBtb2hhbmFu
IDxyYWptb2hhbi5tb2hhbmFuQGludGVsLmNvbT4NCg0KUGxlYXNlIGhhdmUgYSBwcm9wZXIgZnVs
bCBuYW1lIHNpZ25lZC1vZmYtYnkgbGluZS4gU2FtZSBnb2VzIGZvciBGcm9tOi4NCg0KPiAtLS0N
Cj4gIGluY2x1ZGUvbmV0L2JsdWV0b290aC9oY2kuaCAgICAgIHwgICAgMSArDQo+ICBpbmNsdWRl
L25ldC9ibHVldG9vdGgvaGNpX2NvcmUuaCB8ICAgMTEgKysrKysrLS0tLS0NCj4gIG5ldC9ibHVl
dG9vdGgvaGNpX2Nvbm4uYyAgICAgICAgIHwgICAyMiArKysrKysrKysrKysrKysrKysrKystDQo+
ICBuZXQvYmx1ZXRvb3RoL2hjaV9ldmVudC5jICAgICAgICB8ICAgMTYgKysrKysrKysrKy0tLS0t
LQ0KPiAgNCBmaWxlcyBjaGFuZ2VkLCAzOCBpbnNlcnRpb25zKCspLCAxMiBkZWxldGlvbnMoLSkN
Cj4gDQo+IGRpZmYgLS1naXQgYS9pbmNsdWRlL25ldC9ibHVldG9vdGgvaGNpLmggYi9pbmNsdWRl
L25ldC9ibHVldG9vdGgvaGNpLmggDQo+IGluZGV4IDIyZGRhZjMuLmUyZWVmZGQgMTAwNjQ0DQo+
IC0tLSBhL2luY2x1ZGUvbmV0L2JsdWV0b290aC9oY2kuaA0KPiArKysgYi9pbmNsdWRlL25ldC9i
bHVldG9vdGgvaGNpLmgNCj4gQEAgLTEwOCw2ICsxMDgsNyBAQCBlbnVtIHsNCj4gICNkZWZpbmUg
SENJX1BBSVJJTkdfVElNRU9VVAkoNjAwMDApCS8qIDYwIHNlY29uZHMgKi8NCj4gICNkZWZpbmUg
SENJX0lETEVfVElNRU9VVAkoNjAwMCkJLyogNiBzZWNvbmRzICovDQo+ICAjZGVmaW5lIEhDSV9J
TklUX1RJTUVPVVQJKDEwMDAwKQkvKiAxMCBzZWNvbmRzICovDQo+ICsjZGVmaW5lIEhDSV9FTkNS
WVBUSU9OX1RJTUVPVVQgKDEwMDApIC8qMSBzZWNvbmRzKi8NCg0KRm9sbG93IHRoZSBjb2Rpbmcg
c3R5bGUgZm9yIGNvbW1lbnRzLiBFeGFtcGxlIGlzIHJpZ2h0IGFib3ZlLg0KDQo+ICANCj4gIC8q
IEhDSSBkYXRhIHR5cGVzICovDQo+ICAjZGVmaW5lIEhDSV9DT01NQU5EX1BLVAkJMHgwMQ0KPiBk
aWZmIC0tZ2l0IGEvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2hjaV9jb3JlLmggDQo+IGIvaW5jbHVk
ZS9uZXQvYmx1ZXRvb3RoL2hjaV9jb3JlLmgNCj4gaW5kZXggN2ExYzAzZC4uZTQyNjc4NiAxMDA2
NDQNCj4gLS0tIGEvaW5jbHVkZS9uZXQvYmx1ZXRvb3RoL2hjaV9jb3JlLmgNCj4gKysrIGIvaW5j
bHVkZS9uZXQvYmx1ZXRvb3RoL2hjaV9jb3JlLmgNCj4gQEAgLTE5NywxMCArMTk3LDExIEBAIHN0
cnVjdCBoY2lfY29ubiB7DQo+ICAJX191MTYgICAgICAgICAgICBwa3RfdHlwZTsNCj4gIAlfX3Ux
NiAgICAgICAgICAgIGxpbmtfcG9saWN5Ow0KPiAgCV9fdTMyCQkgbGlua19tb2RlOw0KPiAtCV9f
dTggICAgICAgICAgICAgYXV0aF90eXBlOw0KPiAtCV9fdTggICAgICAgICAgICAgc2VjX2xldmVs
Ow0KPiAtCV9fdTggICAgICAgICAgICAgcG93ZXJfc2F2ZTsNCj4gLQlfX3UxNiAgICAgICAgICAg
IGRpc2NfdGltZW91dDsNCj4gKwlfX3U4ICAgICAgICAgYXV0aF90eXBlOw0KPiArCV9fdTggICAg
ICAgICBzZWNfbGV2ZWw7DQo+ICsJX191OCAgICAgICAgIHBvd2VyX3NhdmU7DQo+ICsJX191MTYg
ICAgICAgIGRpc2NfdGltZW91dDsNCj4gKwlfX3UxNiAgICAgICAgZW5jcnlwdF90aW1lb3V0OyAg
IA0KDQpGb2xsb3cgb3VyIGluZGVudGF0aW9uIGFuZCBkbyBub3QgcmUtZm9ybWF0IHRoaW5ncy4N
Cg0KPiAgCXVuc2lnbmVkIGxvbmcJIHBlbmQ7DQo+ICANCj4gIAl1bnNpZ25lZCBpbnQJIHNlbnQ7
DQo+IEBAIC0yMDksNyArMjEwLDcgQEAgc3RydWN0IGhjaV9jb25uIHsNCj4gIA0KPiAgCXN0cnVj
dCB0aW1lcl9saXN0IGRpc2NfdGltZXI7DQo+ICAJc3RydWN0IHRpbWVyX2xpc3QgaWRsZV90aW1l
cjsNCj4gLQ0KPiArICAgIHN0cnVjdCB0aW1lcl9saXN0IGVuY3J5cHRfdGltZXI7DQoNCkkgZG9u
J3QgdGhpbmsgdGhpcyBpcyBhZ2FpbnN0IEpvaGFuJ3MgYmx1ZXRvb3RoLW5leHQgdHJlZS4gV2Ug
Y29udmVydGVkIHRvIHdvcmtxdWV1ZXMuDQoNCj4gIAlzdHJ1Y3Qgd29ya19zdHJ1Y3Qgd29ya19h
ZGQ7DQo+ICAJc3RydWN0IHdvcmtfc3RydWN0IHdvcmtfZGVsOw0KPiAgDQo+IGRpZmYgLS1naXQg
YS9uZXQvYmx1ZXRvb3RoL2hjaV9jb25uLmMgYi9uZXQvYmx1ZXRvb3RoL2hjaV9jb25uLmMgaW5k
ZXggDQo+IDJmNGQzMGYuLjIyYTZkZjAgMTAwNjQ0DQo+IC0tLSBhL25ldC9ibHVldG9vdGgvaGNp
X2Nvbm4uYw0KPiArKysgYi9uZXQvYmx1ZXRvb3RoL2hjaV9jb25uLmMNCj4gQEAgLTE5NSw3ICsx
OTUsMjMgQEAgc3RhdGljIHZvaWQgaGNpX2Nvbm5faWRsZSh1bnNpZ25lZCBsb25nIGFyZykNCj4g
IA0KPiAgCWhjaV9jb25uX2VudGVyX3NuaWZmX21vZGUoY29ubik7DQo+ICB9DQoNCkV4dHJhIGVt
cHR5IGxpbmUgaGVyZSBiZXR3ZWVuIGZ1bmN0aW9ucy4gUGxlYXNlIGZvbGxvdyBjb2RpbmcgY29u
dmVudGlvbi4NCg0KPiArc3RhdGljIHZvaWQgaGNpX2Nvbm5fZW5jcnlwdGlvbih1bnNpZ25lZCBs
b25nIGFyZykgew0KPiArCXN0cnVjdCBoY2lfY29ubiAqY29ubiA9ICh2b2lkICopIGFyZzsNCj4g
KyAgICANCj4gKwlCVF9EQkcoIkVuY3J5cHRpb24gc3RhdHVzIGNoZWNrIik7DQo+ICANCj4gKwlp
ZigoY29ubikgJiYgDQo+ICsodGVzdF9hbmRfY2xlYXJfYml0KEhDSV9DT05OX0VOQ1JZUFRfUEVO
RCwmY29ubi0+cGVuZCkpKQ0KDQpObyAoY29ubikgYW5kIGl0IGlzIGlmPHNwYWNlPiguIFBsZWFz
ZSBmb2xsb3cgY29kaW5nIGNvbnZlbnRpb24gYXMgeW91IHNlZSBhbGwgdGhyb3VnaCB0aGUgY29k
ZS4NCg0KPiArCXsNCj4gKwkJc3RydWN0IGhjaV9kZXYgKmhkZXYgPSBjb25uLT5oZGV2Ow0KPiAr
CQlkZWxfdGltZXIoJmNvbm4tPmVuY3J5cHRfdGltZXIpOw0KPiArCQlzdHJ1Y3QgaGNpX2NwX3Nl
dF9jb25uX2VuY3J5cHQgY3A7DQo+ICsJCWNwLmhhbmRsZSAgPSBjb25uLT5oYW5kbGU7DQo+ICsJ
CWNwLmVuY3J5cHQgPSAweDAxOw0KPiArCQloY2lfc2VuZF9jbWQoaGRldiwgSENJX09QX1NFVF9D
T05OX0VOQ1JZUFQsDQo+ICsJCQkJCXNpemVvZihjcCksICZjcCk7DQo+ICsJfQ0KPiArfQ0KPiAg
c3RydWN0IGhjaV9jb25uICpoY2lfY29ubl9hZGQoc3RydWN0IGhjaV9kZXYgKmhkZXYsIGludCB0
eXBlLA0KPiAgCQkJCQlfX3UxNiBwa3RfdHlwZSwgYmRhZGRyX3QgKmRzdCkNCj4gIHsNCj4gQEAg
LTIxNiw2ICsyMzIsNyBAQCBzdHJ1Y3QgaGNpX2Nvbm4gKmhjaV9jb25uX2FkZChzdHJ1Y3QgaGNp
X2RldiANCj4gKmhkZXYsIGludCB0eXBlLA0KPiAgDQo+ICAJY29ubi0+cG93ZXJfc2F2ZSA9IDE7
DQo+ICAJY29ubi0+ZGlzY190aW1lb3V0ID0gSENJX0RJU0NPTk5fVElNRU9VVDsNCj4gKwljb25u
LT5lbmNyeXB0X3RpbWVvdXQgPSBIQ0lfRU5DUllQVElPTl9USU1FT1VUOw0KDQpXaHkgYXJlIHdl
IGRvaW5nIHRoaXM/IEl0IG1ha2VzIG5vIHNlbnNlLiBUaGUgdGltZW91dCBpcyBhbHdheXMgdGhl
IHNhbWUuIFRoZSBjYXNlIG9mIHRoZSBkaXNjb25uZWN0IHRpbWVvdXQgaXMgZGlmZmVyZW50IHNp
bmNlIGl0IGNoYW5nZXMuDQpTbyBwbGVhc2UgcmVtb3ZlIHRoaXMuDQoNCj4gIA0KPiAgCXN3aXRj
aCAodHlwZSkgew0KPiAgCWNhc2UgQUNMX0xJTks6DQo+IEBAIC0yNDUsNiArMjYyLDcgQEAgc3Ry
dWN0IGhjaV9jb25uICpoY2lfY29ubl9hZGQoc3RydWN0IGhjaV9kZXYgDQo+ICpoZGV2LCBpbnQg
dHlwZSwNCj4gIA0KPiAgCXNldHVwX3RpbWVyKCZjb25uLT5kaXNjX3RpbWVyLCBoY2lfY29ubl90
aW1lb3V0LCAodW5zaWduZWQgbG9uZyljb25uKTsNCj4gIAlzZXR1cF90aW1lcigmY29ubi0+aWRs
ZV90aW1lciwgaGNpX2Nvbm5faWRsZSwgKHVuc2lnbmVkIGxvbmcpY29ubik7DQo+ICsJc2V0dXBf
dGltZXIoJmNvbm4tPmVuY3J5cHRfdGltZXIsIGhjaV9jb25uX2VuY3J5cHRpb24sICh1bnNpZ25l
ZCANCj4gK2xvbmcpY29ubik7DQoNClRoaXMgcmVtaW5kcyBtZS4gU2hvcnRjdXQgZW5jcnlwdGlv
biB0byBlbmNyeXB0IGxpa2Ugd2UgZG8gZXZlcnl3aGVyZSBlbHNlLg0KDQo+ICANCj4gIAlhdG9t
aWNfc2V0KCZjb25uLT5yZWZjbnQsIDApOw0KPiAgDQo+IEBAIC0yNzUsNiArMjkzLDggQEAgaW50
IGhjaV9jb25uX2RlbChzdHJ1Y3QgaGNpX2Nvbm4gKmNvbm4pDQo+ICANCj4gIAlkZWxfdGltZXIo
JmNvbm4tPmRpc2NfdGltZXIpOw0KPiAgDQo+ICsJZGVsX3RpbWVyKCZjb25uLT5lbmNyeXB0X3Rp
bWVyKTsNCj4gKw0KPiAgCWlmIChjb25uLT50eXBlID09IEFDTF9MSU5LKSB7DQo+ICAJCXN0cnVj
dCBoY2lfY29ubiAqc2NvID0gY29ubi0+bGluazsNCj4gIAkJaWYgKHNjbykNCj4gZGlmZiAtLWdp
dCBhL25ldC9ibHVldG9vdGgvaGNpX2V2ZW50LmMgYi9uZXQvYmx1ZXRvb3RoL2hjaV9ldmVudC5j
IA0KPiBpbmRleCBmNzIyOWQyLi43NTcxOWI0IDEwMDY0NA0KPiAtLS0gYS9uZXQvYmx1ZXRvb3Ro
L2hjaV9ldmVudC5jDQo+ICsrKyBiL25ldC9ibHVldG9vdGgvaGNpX2V2ZW50LmMNCj4gQEAgLTEs
NiArMSw1IEBADQo+ICAvKg0KPiAgICAgQmx1ZVogLSBCbHVldG9vdGggcHJvdG9jb2wgc3RhY2sg
Zm9yIExpbnV4DQo+IC0gICBDb3B5cmlnaHQgKEMpIDIwMTIgSW50ZWwgTW9iaWxlIENvbW11bmlj
YXRpb25zIEdtYkgNCj4gICAgIENvcHlyaWdodCAoQykgMjAwMC0yMDAxIFF1YWxjb21tIEluY29y
cG9yYXRlZA0KPiAgDQo+ICAgICBXcml0dGVuIDIwMDAsMjAwMSBieSBNYXhpbSBLcmFzbnlhbnNr
eSA8bWF4a0BxdWFsY29tbS5jb20+IEBAIA0KPiAtMjEsOSArMjAsNiBAQA0KPiAgICAgQUxMIExJ
QUJJTElUWSwgSU5DTFVESU5HIExJQUJJTElUWSBGT1IgSU5GUklOR0VNRU5UIE9GIEFOWSBQQVRF
TlRTLA0KPiAgICAgQ09QWVJJR0hUUywgVFJBREVNQVJLUyBPUiBPVEhFUiBSSUdIVFMsIFJFTEFU
SU5HIFRPIFVTRSBPRiBUSElTDQo+ICAgICBTT0ZUV0FSRSBJUyBESVNDTEFJTUVELg0KPiAtDQo+
IC1ub3RlczoNCj4gLSAgIDE4LUphbi0yMDEyIEFkZGVkIGhhbmRsaW5nIGZvciBoY2kgZmxvd3Nw
ZWMgY29tcGxldGUgZXZlbnQuDQo+ICAqLw0KDQpObyBpZGVhIHdoZXJlIHRoaXMgY29tZXMgZnJv
bSwgYnV0IGl0IGlzIG5vdCB1cHN0cmVhbS4gUGF0Y2ggaGFzIHRvIGFwcGx5IGNsZWFubHkgYWdh
aW5zdCBKb2hhbidzIGJsdWV0b290aC1uZXh0IHRyZWUuDQogDQo+ICAvKiBCbHVldG9vdGggSENJ
IGV2ZW50IGhhbmRsaW5nLiAqLw0KPiBAQCAtMTEwNyw3ICsxMTAzLDcgQEAgc3RhdGljIGlubGlu
ZSB2b2lkIGhjaV9lbmNyeXB0X2NoYW5nZV9ldnQoc3RydWN0IA0KPiBoY2lfZGV2ICpoZGV2LCBz
dHJ1Y3Qgc2tfYnVmZiAqICB7DQo+ICAJc3RydWN0IGhjaV9ldl9lbmNyeXB0X2NoYW5nZSAqZXYg
PSAodm9pZCAqKSBza2ItPmRhdGE7DQo+ICAJc3RydWN0IGhjaV9jb25uICpjb25uOw0KPiAtDQo+
ICsgICAgdW5zaWduZWQgbG9uZyB0aW1lbzsNCj4gIAlCVF9EQkcoIiVzIHN0YXR1cyAlZCIsIGhk
ZXYtPm5hbWUsIGV2LT5zdGF0dXMpOw0KDQpQbGVhc2Uga2VlcCB0aGUgY29kaW5nIHN0eWxlLg0K
DQo+ICANCj4gIAloY2lfZGV2X2xvY2soaGRldik7DQo+IEBAIC0xMTE1LDYgKzExMTEsNyBAQCBz
dGF0aWMgaW5saW5lIHZvaWQgaGNpX2VuY3J5cHRfY2hhbmdlX2V2dChzdHJ1Y3QgaGNpX2RldiAq
aGRldiwgc3RydWN0IHNrX2J1ZmYgKg0KPiAgCWNvbm4gPSBoY2lfY29ubl9oYXNoX2xvb2t1cF9o
YW5kbGUoaGRldiwgX19sZTE2X3RvX2NwdShldi0+aGFuZGxlKSk7DQo+ICAJaWYgKGNvbm4pIHsN
Cj4gIAkJaWYgKCFldi0+c3RhdHVzKSB7DQo+ICsJCQlkZWxfdGltZXIoJmNvbm4tPmVuY3J5cHRf
dGltZXIpOw0KPiAgCQkJaWYgKGV2LT5lbmNyeXB0KSB7DQo+ICAJCQkJLyogRW5jcnlwdGlvbiBp
bXBsaWVzIGF1dGhlbnRpY2F0aW9uICovDQo+ICAJCQkJY29ubi0+bGlua19tb2RlIHw9IEhDSV9M
TV9BVVRIOw0KPiBAQCAtMTEyMiw2ICsxMTE5LDEzIEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBoY2lf
ZW5jcnlwdF9jaGFuZ2VfZXZ0KHN0cnVjdCBoY2lfZGV2ICpoZGV2LCBzdHJ1Y3Qgc2tfYnVmZiAq
DQo+ICAJCQl9IGVsc2UNCj4gIAkJCQljb25uLT5saW5rX21vZGUgJj0gfkhDSV9MTV9FTkNSWVBU
Ow0KPiAgCQl9DQo+ICsJICAgZWxzZSBpZihldi0+c3RhdHVzID09IDB4MjMpDQo+ICsJICAgew0K
DQpQbGVhc2Uga2VlcCB0aGUgY29kaW5nIHN0eWxlLg0KDQo+ICsJICAgCQlCVF9EQkcoIkxNUCB0
cmFuc2FjdGlvb24gY29sbGlzaW9uIGhhcHBlbmVkLCB3ZSBuZWVkIHRvIHdhaXQiKTsNCj4gKwkJ
CXRpbWVvID0gbXNlY3NfdG9famlmZmllcyhjb25uLT5lbmNyeXB0X3RpbWVvdXQpOw0KPiArCQkg
ICAgbW9kX3RpbWVyKCZjb25uLT5lbmNyeXB0X3RpbWVyLCBqaWZmaWVzICsgdGltZW8pOw0KDQpB
bmQgb25jZSBtb3JlLg0KDQo+ICsJCQlnb3RvIGRvbmU7DQo+ICsJICAgfQ0KPiAgDQo+ICAJCWNs
ZWFyX2JpdChIQ0lfQ09OTl9FTkNSWVBUX1BFTkQsICZjb25uLT5wZW5kKTsNCj4gIA0KPiBAQCAt
MTEzNCw3ICsxMTM4LDcgQEAgc3RhdGljIGlubGluZSB2b2lkIGhjaV9lbmNyeXB0X2NoYW5nZV9l
dnQoc3RydWN0IGhjaV9kZXYgKmhkZXYsIHN0cnVjdCBza19idWZmICoNCj4gIAkJfSBlbHNlDQo+
ICAJCQloY2lfZW5jcnlwdF9jZm0oY29ubiwgZXYtPnN0YXR1cywgZXYtPmVuY3J5cHQpOw0KPiAg
CX0NCj4gLQ0KPiArZG9uZToNCj4gIAloY2lfZGV2X3VubG9jayhoZGV2KTsNCj4gIH0NCj4gIA0K
DQpSZWdhcmRzDQoNCk1hcmNlbA0KDQoNCg==

RE: [PATCH] LMP transaction collision at Set encryption

[Marcel Holtmann]

Hi Rajmohan,

please refrain from top-posting on the mailing list. Please do inline
quoting.

>       In Lmp transaction collision happens at set encryption request ,
>      if encrypt change event with status code " LMP transaction collision "comes and will start the disconnection procedure.
>      If encryption change event with success(Master initiated)  comes with in 10 millisecond, then conn->refcount will go to a negative   value(because hci_conn_put is calling and it will decrement the reference count which was zero already  in the previous error response). At this time disconnection won't happen but the reference count value went to negative which will make the timer operations in a bad state. I have faced this issue two times.
> 
> If I'm misunderstood please correct me.
> 
> So the patch  solves this issue also.

Please reply to patches properly. I have not idea what the above
statement has to do with my review.

Regards

Marcel