* [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
@ 2026-02-13 18:33 Luiz Augusto von Dentz
2026-02-13 19:13 ` [v1] " bluez.test.bot
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2026-02-13 18:33 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.
Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
net/bluetooth/l2cap_core.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 9452c6179acb..f73506c35dc5 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
goto response_unlock;
}
+ /* Check if Key Size is sufficient for the security level */
+ if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
+ result = L2CAP_CR_LE_BAD_KEY_SIZE;
+ chan = NULL;
+ goto response_unlock;
+ }
+
/* Check for valid dynamic CID range */
if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
result = L2CAP_CR_LE_INVALID_SCID;
--
2.52.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: [v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
@ 2026-02-13 19:13 ` bluez.test.bot
2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: bluez.test.bot @ 2026-02-13 19:13 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 2961 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1054013
---Test result---
Test Summary:
CheckPatch PENDING 0.31 seconds
GitLint PENDING 0.34 seconds
SubjectPrefix PASS 0.09 seconds
BuildKernel PASS 26.30 seconds
CheckAllWarning PASS 29.05 seconds
CheckSparse WARNING 32.73 seconds
BuildKernel32 PASS 25.85 seconds
TestRunnerSetup PASS 571.48 seconds
TestRunner_l2cap-tester PASS 28.98 seconds
TestRunner_iso-tester PASS 94.70 seconds
TestRunner_bnep-tester PASS 6.58 seconds
TestRunner_mgmt-tester FAIL 120.29 seconds
TestRunner_rfcomm-tester PASS 9.93 seconds
TestRunner_sco-tester FAIL 15.02 seconds
TestRunner_ioctl-tester PASS 10.69 seconds
TestRunner_mesh-tester FAIL 12.44 seconds
TestRunner_smp-tester PASS 9.04 seconds
TestRunner_userchan-tester PASS 7.10 seconds
IncrementalBuild PENDING 0.88 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/l2cap_core.c:7772:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7773:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7775:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7776:1: error: bad constant expression
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.115 seconds
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
WARNING: possible circular locking dependency detected
BUG: sleeping function called from invalid context at net/core/sock.c:3782
Total: 30, Passed: 30 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.414 seconds
Mesh - Send cancel - 2 Timed out 1.992 seconds
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
2026-02-13 19:13 ` [v1] " bluez.test.bot
@ 2026-02-17 14:40 ` Luiz Augusto von Dentz
2026-02-23 16:31 ` Christian Eggers
2026-02-23 22:56 ` patchwork-bot+bluetooth
3 siblings, 0 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2026-02-17 14:40 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Christian Eggers
Hi Christian,
On Fri, Feb 13, 2026 at 1:33 PM Luiz Augusto von Dentz
<luiz.dentz@gmail.com> wrote:
>
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
>
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> ---
> net/bluetooth/l2cap_core.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 9452c6179acb..f73506c35dc5 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
> goto response_unlock;
> }
>
> + /* Check if Key Size is sufficient for the security level */
> + if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
> + result = L2CAP_CR_LE_BAD_KEY_SIZE;
> + chan = NULL;
> + goto response_unlock;
> + }
> +
> /* Check for valid dynamic CID range */
> if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
> result = L2CAP_CR_LE_INVALID_SCID;
> --
> 2.52.0
Can you try with the changes above?
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
2026-02-13 19:13 ` [v1] " bluez.test.bot
2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
@ 2026-02-23 16:31 ` Christian Eggers
2026-02-23 22:56 ` patchwork-bot+bluetooth
3 siblings, 0 replies; 5+ messages in thread
From: Christian Eggers @ 2026-02-23 16:31 UTC (permalink / raw)
To: linux-bluetooth, Luiz Augusto von Dentz
Hi Luiz,
sorry for the delay, I was away last week.
After setting the minimum encryption size, I get a PASS for L2CAP/LE/CFC/BV-15-C:
echo -n 16 > /sys/kernel/debug/bluetooth/hci0/min_encrypt_key_size
l2test -r -P 0x00F4 -V le_public -E
Thank you very much!
On Friday, 13 February 2026, 19:33:33 CET, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
>
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> ---
> net/bluetooth/l2cap_core.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 9452c6179acb..f73506c35dc5 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
> goto response_unlock;
> }
>
> + /* Check if Key Size is sufficient for the security level */
> + if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
> + result = L2CAP_CR_LE_BAD_KEY_SIZE;
> + chan = NULL;
> + goto response_unlock;
> + }
> +
> /* Check for valid dynamic CID range */
> if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
> result = L2CAP_CR_LE_INVALID_SCID;
>
Tested-by: Christian Eggers <ceggers@arri.de>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
` (2 preceding siblings ...)
2026-02-23 16:31 ` Christian Eggers
@ 2026-02-23 22:56 ` patchwork-bot+bluetooth
3 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+bluetooth @ 2026-02-23 22:56 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Fri, 13 Feb 2026 13:33:33 -0500 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
>
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> [...]
Here is the summary with links:
- [v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
https://git.kernel.org/bluetooth/bluetooth-next/c/ea5263dc9312
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-02-23 22:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
2026-02-13 19:13 ` [v1] " bluez.test.bot
2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
2026-02-23 16:31 ` Christian Eggers
2026-02-23 22:56 ` patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox