[PATCH] Bluetooth: hci_sync: fix connectable extended advertising when using static random address

[PATCH] Bluetooth: hci_sync: fix connectable extended advertising when using static random address

[Alessandro Gasbarroni]

Currently, the connectable flag used by the setup of an extended
advertising instance drives whether we require privacy when trying to pass
a random address to the advertising parameters (Own Address).
If privacy is not required, then it automatically falls back to using the
controller's public address. This can cause problems when using controllers
that do not have a public address set, but instead use a static random
address.

e.g. Assume a BLE controller that does not have a public address set.
The controller upon powering is set with a random static address by default
by the kernel.

	< HCI Command: LE Set Random Address (0x08|0x0005) plen 6
        	Address: E4:AF:26:D8:3E:3A (Static)
	> HCI Event: Command Complete (0x0e) plen 4
	      LE Set Random Address (0x08|0x0005) ncmd 1
	        Status: Success (0x00)

Setting non-connectable extended advertisement parameters in bluetoothctl
mgmt

	add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g 1

correctly sets Own address type as Random

	< HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
	plen 25
		...
	    Own address type: Random (0x01)

Setting connectable extended advertisement parameters in bluetoothctl mgmt

	add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g -c 1

mistakenly sets Own address type to Public (which causes to use Public
Address 00:00:00:00:00:00)

	< HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
	plen 25
		...
	    Own address type: Public (0x00)

This causes either the controller to emit an Invalid Parameters error or to
mishandle the advertising.

This patch makes sure that we use the already set static random address
when requesting a connectable extended advertising when we don't require
privacy and our public address is not set (00:00:00:00:00:00).

Signed-off-by: Alessandro Gasbarroni <alex.gasbarroni@gmail.com>
---
 net/bluetooth/hci_sync.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 77b3691f3423..012a9e9a4f9b 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -6815,8 +6815,19 @@ int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
 		return 0;
 	}
 
-	/* No privacy so use a public address. */
-	*own_addr_type = ADDR_LE_DEV_PUBLIC;
+	/* No privacy
+	 *
+	 * Even though no privacy is requested, we have to use the assigned random static address
+	 * if we don't have a public address.
+	 */
+	if (bacmp(&hdev->bdaddr, BDADDR_ANY) == 0 && bacmp(&hdev->static_addr, BDADDR_ANY) != 0) {
+		/* Re-use the static address if one is set */
+		bacpy(rand_addr, &hdev->static_addr);
+		*own_addr_type = ADDR_LE_DEV_RANDOM;
+	} else {
+		/* Use a public address. */
+		*own_addr_type = ADDR_LE_DEV_PUBLIC;
+	}
 
 	return 0;
 }
-- 
2.50.0

RE: Bluetooth: hci_sync: fix connectable extended advertising when using static random address

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 2028 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=980080

---Test result---

Test Summary:
CheckPatch                    PENDING   0.36 seconds
GitLint                       PENDING   0.28 seconds
SubjectPrefix                 PASS      0.11 seconds
BuildKernel                   PASS      23.92 seconds
CheckAllWarning               PASS      26.39 seconds
CheckSparse                   PASS      29.64 seconds
BuildKernel32                 PASS      23.89 seconds
TestRunnerSetup               PASS      466.10 seconds
TestRunner_l2cap-tester       PASS      24.91 seconds
TestRunner_iso-tester         PASS      40.61 seconds
TestRunner_bnep-tester        PASS      5.94 seconds
TestRunner_mgmt-tester        PASS      129.85 seconds
TestRunner_rfcomm-tester      PASS      9.27 seconds
TestRunner_sco-tester         PASS      14.62 seconds
TestRunner_ioctl-tester       PASS      10.01 seconds
TestRunner_mesh-tester        FAIL      11.97 seconds
TestRunner_smp-tester         PASS      8.53 seconds
TestRunner_userchan-tester    PASS      6.12 seconds
IncrementalBuild              PENDING   0.51 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.164 seconds
Mesh - Send cancel - 2                               Timed out    1.997 seconds
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth

Re: [PATCH] Bluetooth: hci_sync: fix connectable extended advertising when using static random address

[Luiz Augusto von Dentz]

Hi Alessandro,

On Tue, Jul 8, 2025 at 10:17 AM Alessandro Gasbarroni
<alex.gasbarroni@gmail.com> wrote:
>
> Currently, the connectable flag used by the setup of an extended
> advertising instance drives whether we require privacy when trying to pass
> a random address to the advertising parameters (Own Address).
> If privacy is not required, then it automatically falls back to using the
> controller's public address. This can cause problems when using controllers
> that do not have a public address set, but instead use a static random
> address.
>
> e.g. Assume a BLE controller that does not have a public address set.
> The controller upon powering is set with a random static address by default
> by the kernel.
>
>         < HCI Command: LE Set Random Address (0x08|0x0005) plen 6
>                 Address: E4:AF:26:D8:3E:3A (Static)
>         > HCI Event: Command Complete (0x0e) plen 4
>               LE Set Random Address (0x08|0x0005) ncmd 1
>                 Status: Success (0x00)
>
> Setting non-connectable extended advertisement parameters in bluetoothctl
> mgmt
>
>         add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g 1
>
> correctly sets Own address type as Random
>
>         < HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
>         plen 25
>                 ...
>             Own address type: Random (0x01)
>
> Setting connectable extended advertisement parameters in bluetoothctl mgmt
>
>         add-ext-adv-params -r 0x801 -x 0x802 -P 2M -g -c 1
>
> mistakenly sets Own address type to Public (which causes to use Public
> Address 00:00:00:00:00:00)
>
>         < HCI Command: LE Set Extended Advertising Parameters (0x08|0x0036)
>         plen 25
>                 ...
>             Own address type: Public (0x00)
>
> This causes either the controller to emit an Invalid Parameters error or to
> mishandle the advertising.
>
> This patch makes sure that we use the already set static random address
> when requesting a connectable extended advertising when we don't require
> privacy and our public address is not set (00:00:00:00:00:00).
>
> Signed-off-by: Alessandro Gasbarroni <alex.gasbarroni@gmail.com>
> ---
>  net/bluetooth/hci_sync.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
> index 77b3691f3423..012a9e9a4f9b 100644
> --- a/net/bluetooth/hci_sync.c
> +++ b/net/bluetooth/hci_sync.c
> @@ -6815,8 +6815,19 @@ int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
>                 return 0;
>         }
>
> -       /* No privacy so use a public address. */
> -       *own_addr_type = ADDR_LE_DEV_PUBLIC;
> +       /* No privacy
> +        *
> +        * Even though no privacy is requested, we have to use the assigned random static address
> +        * if we don't have a public address.
> +        */
> +       if (bacmp(&hdev->bdaddr, BDADDR_ANY) == 0 && bacmp(&hdev->static_addr, BDADDR_ANY) != 0) {
> +               /* Re-use the static address if one is set */
> +               bacpy(rand_addr, &hdev->static_addr);
> +               *own_addr_type = ADDR_LE_DEV_RANDOM;
> +       } else {
> +               /* Use a public address. */
> +               *own_addr_type = ADDR_LE_DEV_PUBLIC;
> +       }

Hmm, we should probably be using hci_copy_identity_address instead
here, or have you tried and it didn't work?

>
>         return 0;
>  }
> --
> 2.50.0
>


-- 
Luiz Augusto von Dentz

Re: [PATCH] Bluetooth: hci_sync: fix connectable extended advertising when using static random address

[Alessandro Gasbarroni]

Hi Luiz,

> Hmm, we should probably be using hci_copy_identity_address instead
> here, or have you tried and it didn't work?

I wasn't aware of that function. You are absolutely right, that works
and behaves exactly how I would expect. I'll send a v2.