[PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN

public inbox for linux-bluetooth@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
@ 2026-02-13 18:33 Luiz Augusto von Dentz
  2026-02-13 19:13 ` [v1] " bluez.test.bot
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2026-02-13 18:33 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.

Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/l2cap_core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 9452c6179acb..f73506c35dc5 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
 		goto response_unlock;
 	}
 
+	/* Check if Key Size is sufficient for the security level */
+	if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
+		result = L2CAP_CR_LE_BAD_KEY_SIZE;
+		chan = NULL;
+		goto response_unlock;
+	}
+
 	/* Check for valid dynamic CID range */
 	if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
 		result = L2CAP_CR_LE_INVALID_SCID;
-- 
2.52.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* RE: [v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
  2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
@ 2026-02-13 19:13 ` bluez.test.bot
  2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: bluez.test.bot @ 2026-02-13 19:13 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz

[-- Attachment #1: Type: text/plain, Size: 2961 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1054013

---Test result---

Test Summary:
CheckPatch                    PENDING   0.31 seconds
GitLint                       PENDING   0.34 seconds
SubjectPrefix                 PASS      0.09 seconds
BuildKernel                   PASS      26.30 seconds
CheckAllWarning               PASS      29.05 seconds
CheckSparse                   WARNING   32.73 seconds
BuildKernel32                 PASS      25.85 seconds
TestRunnerSetup               PASS      571.48 seconds
TestRunner_l2cap-tester       PASS      28.98 seconds
TestRunner_iso-tester         PASS      94.70 seconds
TestRunner_bnep-tester        PASS      6.58 seconds
TestRunner_mgmt-tester        FAIL      120.29 seconds
TestRunner_rfcomm-tester      PASS      9.93 seconds
TestRunner_sco-tester         FAIL      15.02 seconds
TestRunner_ioctl-tester       PASS      10.69 seconds
TestRunner_mesh-tester        FAIL      12.44 seconds
TestRunner_smp-tester         PASS      9.04 seconds
TestRunner_userchan-tester    PASS      7.10 seconds
IncrementalBuild              PENDING   0.88 seconds

Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:

##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:

##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/l2cap_core.c:7772:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7773:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7775:1: error: bad constant expressionnet/bluetooth/l2cap_core.c:7776:1: error: bad constant expression
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.115 seconds
##############################
Test: TestRunner_sco-tester - FAIL
Desc: Run sco-tester with test-runner
Output:
WARNING: possible circular locking dependency detected
BUG: sleeping function called from invalid context at net/core/sock.c:3782
Total: 30, Passed: 30 (100.0%), Failed: 0, Not Run: 0
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.414 seconds
Mesh - Send cancel - 2                               Timed out    1.992 seconds
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
  2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
  2026-02-13 19:13 ` [v1] " bluez.test.bot
@ 2026-02-17 14:40 ` Luiz Augusto von Dentz
  2026-02-23 16:31 ` Christian Eggers
  2026-02-23 22:56 ` patchwork-bot+bluetooth
  3 siblings, 0 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2026-02-17 14:40 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: Christian Eggers

Hi Christian,

On Fri, Feb 13, 2026 at 1:33 PM Luiz Augusto von Dentz
<luiz.dentz@gmail.com> wrote:
>
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
>
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> ---
>  net/bluetooth/l2cap_core.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 9452c6179acb..f73506c35dc5 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
>                 goto response_unlock;
>         }
>
> +       /* Check if Key Size is sufficient for the security level */
> +       if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
> +               result = L2CAP_CR_LE_BAD_KEY_SIZE;
> +               chan = NULL;
> +               goto response_unlock;
> +       }
> +
>         /* Check for valid dynamic CID range */
>         if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
>                 result = L2CAP_CR_LE_INVALID_SCID;
> --
> 2.52.0

Can you try with the changes above?

-- 
Luiz Augusto von Dentz

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
  2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
  2026-02-13 19:13 ` [v1] " bluez.test.bot
  2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
@ 2026-02-23 16:31 ` Christian Eggers
  2026-02-23 22:56 ` patchwork-bot+bluetooth
  3 siblings, 0 replies; 5+ messages in thread
From: Christian Eggers @ 2026-02-23 16:31 UTC (permalink / raw)
  To: linux-bluetooth, Luiz Augusto von Dentz

Hi Luiz,

sorry for the delay, I was away last week.

After setting the minimum encryption size, I get a PASS for L2CAP/LE/CFC/BV-15-C:

echo -n 16 > /sys/kernel/debug/bluetooth/hci0/min_encrypt_key_size
l2test -r -P 0x00F4 -V le_public -E

Thank you very much!

On Friday, 13 February 2026, 19:33:33 CET, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
> 
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> ---
>  net/bluetooth/l2cap_core.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
> index 9452c6179acb..f73506c35dc5 100644
> --- a/net/bluetooth/l2cap_core.c
> +++ b/net/bluetooth/l2cap_core.c
> @@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
>  		goto response_unlock;
>  	}
>  
> +	/* Check if Key Size is sufficient for the security level */
> +	if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
> +		result = L2CAP_CR_LE_BAD_KEY_SIZE;
> +		chan = NULL;
> +		goto response_unlock;
> +	}
> +
>  	/* Check for valid dynamic CID range */
>  	if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
>  		result = L2CAP_CR_LE_INVALID_SCID;
> 

Tested-by: Christian Eggers <ceggers@arri.de>




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
  2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
                   ` (2 preceding siblings ...)
  2026-02-23 16:31 ` Christian Eggers
@ 2026-02-23 22:56 ` patchwork-bot+bluetooth
  3 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+bluetooth @ 2026-02-23 22:56 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Fri, 13 Feb 2026 13:33:33 -0500 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> This adds a check for encryption key size upon receiving
> L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
> expects L2CAP_CR_LE_BAD_KEY_SIZE.
> 
> Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
> Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> [...]

Here is the summary with links:
  - [v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
    https://git.kernel.org/bluetooth/bluetooth-next/c/ea5263dc9312

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-02-23 22:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-13 18:33 [PATCH v1] Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ Luiz Augusto von Dentz
2026-02-13 19:13 ` [v1] " bluez.test.bot
2026-02-17 14:40 ` [PATCH v1] " Luiz Augusto von Dentz
2026-02-23 16:31 ` Christian Eggers
2026-02-23 22:56 ` patchwork-bot+bluetooth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox