From: Johan Hedberg <johan.hedberg@gmail.com>
To: Andreas Kemnade <andreas@kemnade.info>
Cc: marcel@holtmann.org, davem@davemloft.net,
linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH RFC] bluetooth: fix paring problems with 0cf3:0036 and certain devices
Date: Thu, 14 Jun 2018 22:35:00 +0200 [thread overview]
Message-ID: <20180614203500.GA7182@x1c> (raw)
In-Reply-To: <20180614193330.28410-1-andreas@kemnade.info>
Hi Andreas,
On Thu, Jun 14, 2018, Andreas Kemnade wrote:
> This is clearly a RFC patch, things should be fixed in a cleaner way.
> With the bluetooth usb adapter 0cf3:0036 (Atheros), there are pairing
> problems in combination with certain remove devices. The cause is that
> smp_resume_cb() gets called after SMP_CMD_IDENT_INFO arrives in the end
> of a SC pairing with numerical comparison. so that there are unexpected
> packet messages in dmesg and although an ltk is known, bluetoothd
> considers the device as unpaired and not even the ltk is not stored.
>
> The patch makes the smp code be more tolerant with the order but that
> does not feel like a safe thing to do.
> Maybe the pairing result should be given back to userspace without the
> irk related stuff.
This sounds like the well known race between ACL data and HCI events
that's inherent with the way the USB HCI transport is designed. So
what's happening is that to the host it looks like some packets were
delivered over an unencrypted connection even though they in reality
came over an encrypted one. Not enforcing the encrypted connection
requirement is not really a solution since it creates a security
vulnerabilty. The best option (as far as I know) is to consider
switching to some other transport (e.g. H:4 over USB where both ACL data
and HCI events share a single "pipe").
Johan
next prev parent reply other threads:[~2018-06-14 20:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 19:33 [PATCH RFC] bluetooth: fix paring problems with 0cf3:0036 and certain devices Andreas Kemnade
2018-06-14 20:35 ` Johan Hedberg [this message]
2018-06-15 5:45 ` Andreas Kemnade
2018-06-15 9:01 ` Marcel Holtmann
2018-06-15 13:30 ` Andreas Kemnade
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180614203500.GA7182@x1c \
--to=johan.hedberg@gmail.com \
--cc=andreas@kemnade.info \
--cc=davem@davemloft.net \
--cc=linux-bluetooth@vger.kernel.org \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox