* [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident
@ 2026-03-17 16:02 Luiz Augusto von Dentz
2026-03-17 17:25 ` [v1] " bluez.test.bot
2026-03-17 17:57 ` [PATCH v1] " Luiz Augusto von Dentz
0 siblings, 2 replies; 5+ messages in thread
From: Luiz Augusto von Dentz @ 2026-03-17 16:02 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This attempt to fix regressions caused by reusing ident which apparently
is not handled well on certain stacks causing the stack to not respond to
requests, so instead of simple returning the first unallocated id this
stores the last used tx_ident and then attempt to use the next until all
available ids are exausted and then cycle starting over to 1.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=221120
Link: https://bugzilla.kernel.org/show_bug.cgi?id=221177
Fixes: 6c3ea155e5ee ("Bluetooth: L2CAP: Fix not tracking outstanding TX ident")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
include/net/bluetooth/l2cap.h | 1 +
net/bluetooth/l2cap_core.c | 39 +++++++++++++++++++++++++++--------
2 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index 010f1a8fd15f..5172afee5494 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -658,6 +658,7 @@ struct l2cap_conn {
struct sk_buff *rx_skb;
__u32 rx_len;
struct ida tx_ida;
+ __u8 tx_ident;
struct sk_buff_head pending_rx;
struct work_struct pending_rx_work;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index ead51dc0f3f1..4dbd7b1bd72f 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -926,16 +926,37 @@ int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator)
static int l2cap_get_ident(struct l2cap_conn *conn)
{
- /* LE link does not support tools like l2ping so use the full range */
- if (conn->hcon->type == LE_LINK)
- return ida_alloc_range(&conn->tx_ida, 1, 255, GFP_ATOMIC);
+ int ident;
- /* Get next available identificator.
- * 1 - 128 are used by kernel.
- * 129 - 199 are reserved.
- * 200 - 254 are used by utilities like l2ping, etc.
- */
- return ida_alloc_range(&conn->tx_ida, 1, 128, GFP_ATOMIC);
+ /* LE link does not support tools like l2ping so use the full range */
+ if (conn->hcon->type == LE_LINK) {
+ /* Allocate ident using min as last used + 1 (cyclic) */
+ ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident,
+ 255, GFP_ATOMIC);
+ /* Force min 1 to start over */
+ if (ident < 0)
+ ident = ida_alloc_range(&conn->tx_ida, 1, 255,
+ GFP_ATOMIC);
+ } else {
+ /* Get next available identificator.
+ * 1 - 128 are used by kernel.
+ * 129 - 199 are reserved.
+ * 200 - 254 are used by utilities like l2ping, etc.
+ */
+
+ /* Allocate ident using min as last used + 1 (cyclic) */
+ ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident,
+ 128, GFP_ATOMIC);
+ /* Force min 1 to start over */
+ if (ident < 0)
+ ident = ida_alloc_range(&conn->tx_ida, 1, 128,
+ GFP_ATOMIC);
+ }
+
+ if (ident > 0)
+ conn->tx_ident = ident;
+
+ return ident;
}
static void l2cap_send_acl(struct l2cap_conn *conn, struct sk_buff *skb,
--
2.53.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* RE: [v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident 2026-03-17 16:02 [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident Luiz Augusto von Dentz @ 2026-03-17 17:25 ` bluez.test.bot 2026-03-17 17:57 ` [PATCH v1] " Luiz Augusto von Dentz 1 sibling, 0 replies; 5+ messages in thread From: bluez.test.bot @ 2026-03-17 17:25 UTC (permalink / raw) To: linux-bluetooth, luiz.dentz [-- Attachment #1: Type: text/plain, Size: 2833 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1068106 ---Test result--- Test Summary: CheckPatch PENDING 0.54 seconds GitLint PENDING 0.54 seconds SubjectPrefix PASS 0.06 seconds BuildKernel PASS 27.06 seconds CheckAllWarning PASS 29.69 seconds CheckSparse PASS 28.44 seconds BuildKernel32 PASS 25.51 seconds TestRunnerSetup PASS 575.15 seconds TestRunner_l2cap-tester PASS 28.26 seconds TestRunner_iso-tester FAIL 35.32 seconds TestRunner_bnep-tester PASS 6.23 seconds TestRunner_mgmt-tester FAIL 116.16 seconds TestRunner_rfcomm-tester PASS 9.30 seconds TestRunner_sco-tester FAIL 18.56 seconds TestRunner_ioctl-tester PASS 10.23 seconds TestRunner_mesh-tester FAIL 12.50 seconds TestRunner_smp-tester PASS 8.57 seconds TestRunner_userchan-tester PASS 6.70 seconds IncrementalBuild PENDING 0.70 seconds Details ############################## Test: CheckPatch - PENDING Desc: Run checkpatch.pl script Output: ############################## Test: GitLint - PENDING Desc: Run gitlint Output: ############################## Test: TestRunner_iso-tester - FAIL Desc: Run iso-tester with test-runner Output: BUG: KASAN: slab-use-after-free in le_read_features_complete+0x7e/0x2b0 Total: 141, Passed: 141 (100.0%), Failed: 0, Not Run: 0 ############################## Test: TestRunner_mgmt-tester - FAIL Desc: Run mgmt-tester with test-runner Output: Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4 Failed Test Cases Read Exp Feature - Success Failed 0.112 seconds ############################## Test: TestRunner_sco-tester - FAIL Desc: Run sco-tester with test-runner Output: WARNING: possible circular locking dependency detected BUG: sleeping function called from invalid context at net/core/sock.c:3782 Total: 30, Passed: 30 (100.0%), Failed: 0, Not Run: 0 ############################## Test: TestRunner_mesh-tester - FAIL Desc: Run mesh-tester with test-runner Output: Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0 Failed Test Cases Mesh - Send cancel - 1 Timed out 2.736 seconds Mesh - Send cancel - 2 Timed out 1.994 seconds ############################## Test: IncrementalBuild - PENDING Desc: Incremental build with the patches in the series Output: --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident 2026-03-17 16:02 [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident Luiz Augusto von Dentz 2026-03-17 17:25 ` [v1] " bluez.test.bot @ 2026-03-17 17:57 ` Luiz Augusto von Dentz 2026-03-18 13:33 ` Christian Eggers 1 sibling, 1 reply; 5+ messages in thread From: Luiz Augusto von Dentz @ 2026-03-17 17:57 UTC (permalink / raw) To: linux-bluetooth, Christian Eggers Hi Christian, On Tue, Mar 17, 2026 at 12:03 PM Luiz Augusto von Dentz <luiz.dentz@gmail.com> wrote: > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > This attempt to fix regressions caused by reusing ident which apparently > is not handled well on certain stacks causing the stack to not respond to > requests, so instead of simple returning the first unallocated id this > stores the last used tx_ident and then attempt to use the next until all > available ids are exausted and then cycle starting over to 1. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221120 > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221177 > Fixes: 6c3ea155e5ee ("Bluetooth: L2CAP: Fix not tracking outstanding TX ident") > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > --- > include/net/bluetooth/l2cap.h | 1 + > net/bluetooth/l2cap_core.c | 39 +++++++++++++++++++++++++++-------- > 2 files changed, 31 insertions(+), 9 deletions(-) > > diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h > index 010f1a8fd15f..5172afee5494 100644 > --- a/include/net/bluetooth/l2cap.h > +++ b/include/net/bluetooth/l2cap.h > @@ -658,6 +658,7 @@ struct l2cap_conn { > struct sk_buff *rx_skb; > __u32 rx_len; > struct ida tx_ida; > + __u8 tx_ident; > > struct sk_buff_head pending_rx; > struct work_struct pending_rx_work; > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > index ead51dc0f3f1..4dbd7b1bd72f 100644 > --- a/net/bluetooth/l2cap_core.c > +++ b/net/bluetooth/l2cap_core.c > @@ -926,16 +926,37 @@ int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator) > > static int l2cap_get_ident(struct l2cap_conn *conn) > { > - /* LE link does not support tools like l2ping so use the full range */ > - if (conn->hcon->type == LE_LINK) > - return ida_alloc_range(&conn->tx_ida, 1, 255, GFP_ATOMIC); > + int ident; > > - /* Get next available identificator. > - * 1 - 128 are used by kernel. > - * 129 - 199 are reserved. > - * 200 - 254 are used by utilities like l2ping, etc. > - */ > - return ida_alloc_range(&conn->tx_ida, 1, 128, GFP_ATOMIC); > + /* LE link does not support tools like l2ping so use the full range */ > + if (conn->hcon->type == LE_LINK) { > + /* Allocate ident using min as last used + 1 (cyclic) */ > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > + 255, GFP_ATOMIC); > + /* Force min 1 to start over */ > + if (ident < 0) > + ident = ida_alloc_range(&conn->tx_ida, 1, 255, > + GFP_ATOMIC); > + } else { > + /* Get next available identificator. > + * 1 - 128 are used by kernel. > + * 129 - 199 are reserved. > + * 200 - 254 are used by utilities like l2ping, etc. > + */ > + > + /* Allocate ident using min as last used + 1 (cyclic) */ > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > + 128, GFP_ATOMIC); > + /* Force min 1 to start over */ > + if (ident < 0) > + ident = ida_alloc_range(&conn->tx_ida, 1, 128, > + GFP_ATOMIC); > + } > + > + if (ident > 0) > + conn->tx_ident = ident; > + > + return ident; > } > > static void l2cap_send_acl(struct l2cap_conn *conn, struct sk_buff *skb, > -- > 2.53.0 > Do you have any capacity to test the above with L2CAP/COS/CED/BI-29-C? -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident 2026-03-17 17:57 ` [PATCH v1] " Luiz Augusto von Dentz @ 2026-03-18 13:33 ` Christian Eggers 2026-03-18 15:10 ` Luiz Augusto von Dentz 0 siblings, 1 reply; 5+ messages in thread From: Christian Eggers @ 2026-03-18 13:33 UTC (permalink / raw) To: linux-bluetooth, Luiz Augusto von Dentz Hi Luiz, On Tuesday, 17 March 2026, 18:57:27 CET, Luiz Augusto von Dentz wrote: > Hi Christian, > > On Tue, Mar 17, 2026 at 12:03 PM Luiz Augusto von Dentz > <luiz.dentz@gmail.com> wrote: > > > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > > > This attempt to fix regressions caused by reusing ident which apparently > > is not handled well on certain stacks causing the stack to not respond to > > requests, so instead of simple returning the first unallocated id this > > stores the last used tx_ident and then attempt to use the next until all > > available ids are exausted and then cycle starting over to 1. > > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221120 > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221177 > > Fixes: 6c3ea155e5ee ("Bluetooth: L2CAP: Fix not tracking outstanding TX ident") > > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > --- > > include/net/bluetooth/l2cap.h | 1 + > > net/bluetooth/l2cap_core.c | 39 +++++++++++++++++++++++++++-------- > > 2 files changed, 31 insertions(+), 9 deletions(-) > > > > diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h > > index 010f1a8fd15f..5172afee5494 100644 > > --- a/include/net/bluetooth/l2cap.h > > +++ b/include/net/bluetooth/l2cap.h > > @@ -658,6 +658,7 @@ struct l2cap_conn { > > struct sk_buff *rx_skb; > > __u32 rx_len; > > struct ida tx_ida; > > + __u8 tx_ident; > > > > struct sk_buff_head pending_rx; > > struct work_struct pending_rx_work; > > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > > index ead51dc0f3f1..4dbd7b1bd72f 100644 > > --- a/net/bluetooth/l2cap_core.c > > +++ b/net/bluetooth/l2cap_core.c > > @@ -926,16 +926,37 @@ int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator) > > > > static int l2cap_get_ident(struct l2cap_conn *conn) > > { > > - /* LE link does not support tools like l2ping so use the full range */ > > - if (conn->hcon->type == LE_LINK) > > - return ida_alloc_range(&conn->tx_ida, 1, 255, GFP_ATOMIC); > > + int ident; > > > > - /* Get next available identificator. > > - * 1 - 128 are used by kernel. > > - * 129 - 199 are reserved. > > - * 200 - 254 are used by utilities like l2ping, etc. > > - */ > > - return ida_alloc_range(&conn->tx_ida, 1, 128, GFP_ATOMIC); > > + /* LE link does not support tools like l2ping so use the full range */ > > + if (conn->hcon->type == LE_LINK) { > > + /* Allocate ident using min as last used + 1 (cyclic) */ > > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > > + 255, GFP_ATOMIC); > > + /* Force min 1 to start over */ > > + if (ident < 0) > > + ident = ida_alloc_range(&conn->tx_ida, 1, 255, > > + GFP_ATOMIC); > > + } else { > > + /* Get next available identificator. > > + * 1 - 128 are used by kernel. > > + * 129 - 199 are reserved. > > + * 200 - 254 are used by utilities like l2ping, etc. > > + */ > > + > > + /* Allocate ident using min as last used + 1 (cyclic) */ > > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > > + 128, GFP_ATOMIC); > > + /* Force min 1 to start over */ > > + if (ident < 0) > > + ident = ida_alloc_range(&conn->tx_ida, 1, 128, > > + GFP_ATOMIC); > > + } > > + > > + if (ident > 0) > > + conn->tx_ident = ident; > > + > > + return ident; > > } > > > > static void l2cap_send_acl(struct l2cap_conn *conn, struct sk_buff *skb, > > -- > > 2.53.0 > > > > Do you have any capacity to test the above with L2CAP/COS/CED/BI-29-C? Today my test system seems a little bit bitchy, so L2CAP/COS/CED/BI-29-C even doesn't complete with my latest working version... After applying this patch on top of my latest version (6.19.9 + the BT patches I already submitted), I see a new error (log is below). At 40344 ms, the connection request sent by the IUT has an identifier value of '0' (just after wrapping around) which is not a valid identifier as of Core Vol 3, part A, chapter 4 (page 1122): "Signaling identifier 0x00 is an invalid identifier and shall never be used in any command." Any idea why the identifier used by the IUT wraps around from 255 to 0 instead of 1? regards, Christian +40078 ms Verdict Description: Received CMD:LE Credit Based Connection REQ: Code: [20 (0x14)] Code Identifier: [254 (0xFE)] Length: [10 (0x000A)] SPSM: [128 (0x0080)] Source CID: [64 (0x0040)] MTU: [672 (0x02A0)] MPS: [23 (0x0017)] Initial Credits: [30 (0x001E)] +40078 ms Verdict Description: Sent=LE Credit Based Connection RSP: Code: [21 (0x15)] Code Identifier: [0 (0x00)] Length: [10 (0x000A)] Destination CID: [79 (0x004F)] MTU: [64 (0x0040)] MPS: [64 (0x0040)] Initial Credits: [2 (0x0002)] Result: [0 (0x0000)] Connection Successful +40078 ms Send Event HCI!ACL_DATA_REQ{ connectionHandle=0x0010, boundary=0x00, broadcasting=0x00, length=0x0012, p_data[0]=0x0E } +40250 ms Receive Event HCI?ACL_DATA{ connHandle=0x0010, length=18, boundaryFlag=0x02, broadcastFlag=0x00 } +40250 ms Verdict Description: ReceivePacket! receive=0E00050014FF0A0080004000A00217001E00, CID=5 +40250 ms Verdict Description: Received CMD:LE Credit Based Connection REQ: Code: [20 (0x14)] Code Identifier: [255 (0xFF)] Length: [10 (0x000A)] SPSM: [128 (0x0080)] Source CID: [64 (0x0040)] MTU: [672 (0x02A0)] MPS: [23 (0x0017)] Initial Credits: [30 (0x001E)] +40250 ms Verdict Description: Sent=LE Credit Based Connection RSP: Code: [21 (0x15)] Code Identifier: [0 (0x00)] Length: [10 (0x000A)] Destination CID: [80 (0x0050)] MTU: [64 (0x0040)] MPS: [64 (0x0040)] Initial Credits: [2 (0x0002)] Result: [0 (0x0000)] Connection Successful +40250 ms Send Event HCI!ACL_DATA_REQ{ connectionHandle=0x0010, boundary=0x00, broadcasting=0x00, length=0x0012, p_data[0]=0x0E } +40344 ms Receive Event HCI?ACL_DATA{ connHandle=0x0010, length=18, boundaryFlag=0x02, broadcastFlag=0x00 } +40344 ms Verdict Description: ReceivePacket! receive=0E00050014000A0080004000A00217001E00, CID=5 +40344 ms Verdict Description: Received CMD:LE Credit Based Connection REQ: Code: [20 (0x14)] Code Identifier: [0 (0x00)] Length: [10 (0x000A)] SPSM: [128 (0x0080)] Source CID: [64 (0x0040)] MTU: [672 (0x02A0)] MPS: [23 (0x0017)] Initial Credits: [30 (0x001E)] +40344 ms Verdict Description: Sent=LE Credit Based Connection RSP: Code: [21 (0x15)] Code Identifier: [0 (0x00)] Length: [10 (0x000A)] Destination CID: [81 (0x0051)] MTU: [64 (0x0040)] MPS: [64 (0x0040)] Initial Credits: [2 (0x0002)] Result: [0 (0x0000)] Connection Successful +40344 ms Send Event HCI!ACL_DATA_REQ{ connectionHandle=0x0010, boundary=0x00, broadcasting=0x00, length=0x0012, p_data[0]=0x0E } +40422 ms Indecisive: Received Identifier is not unique. Received=0 +40422 ms Verdict Description: Received Identifier is not unique. Received=0 +40625 ms Send Event HCI!HCI_RESET ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident 2026-03-18 13:33 ` Christian Eggers @ 2026-03-18 15:10 ` Luiz Augusto von Dentz 0 siblings, 0 replies; 5+ messages in thread From: Luiz Augusto von Dentz @ 2026-03-18 15:10 UTC (permalink / raw) To: Christian Eggers; +Cc: linux-bluetooth Hi Christian, On Wed, Mar 18, 2026 at 9:33 AM Christian Eggers <ceggers@arri.de> wrote: > > Hi Luiz, > > On Tuesday, 17 March 2026, 18:57:27 CET, Luiz Augusto von Dentz wrote: > > Hi Christian, > > > > On Tue, Mar 17, 2026 at 12:03 PM Luiz Augusto von Dentz > > <luiz.dentz@gmail.com> wrote: > > > > > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > > > > > This attempt to fix regressions caused by reusing ident which apparently > > > is not handled well on certain stacks causing the stack to not respond to > > > requests, so instead of simple returning the first unallocated id this > > > stores the last used tx_ident and then attempt to use the next until all > > > available ids are exausted and then cycle starting over to 1. > > > > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221120 > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=221177 > > > Fixes: 6c3ea155e5ee ("Bluetooth: L2CAP: Fix not tracking outstanding TX ident") > > > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > > --- > > > include/net/bluetooth/l2cap.h | 1 + > > > net/bluetooth/l2cap_core.c | 39 +++++++++++++++++++++++++++-------- > > > 2 files changed, 31 insertions(+), 9 deletions(-) > > > > > > diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h > > > index 010f1a8fd15f..5172afee5494 100644 > > > --- a/include/net/bluetooth/l2cap.h > > > +++ b/include/net/bluetooth/l2cap.h > > > @@ -658,6 +658,7 @@ struct l2cap_conn { > > > struct sk_buff *rx_skb; > > > __u32 rx_len; > > > struct ida tx_ida; > > > + __u8 tx_ident; > > > > > > struct sk_buff_head pending_rx; > > > struct work_struct pending_rx_work; > > > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > > > index ead51dc0f3f1..4dbd7b1bd72f 100644 > > > --- a/net/bluetooth/l2cap_core.c > > > +++ b/net/bluetooth/l2cap_core.c > > > @@ -926,16 +926,37 @@ int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator) > > > > > > static int l2cap_get_ident(struct l2cap_conn *conn) > > > { > > > - /* LE link does not support tools like l2ping so use the full range */ > > > - if (conn->hcon->type == LE_LINK) > > > - return ida_alloc_range(&conn->tx_ida, 1, 255, GFP_ATOMIC); > > > + int ident; > > > > > > - /* Get next available identificator. > > > - * 1 - 128 are used by kernel. > > > - * 129 - 199 are reserved. > > > - * 200 - 254 are used by utilities like l2ping, etc. > > > - */ > > > - return ida_alloc_range(&conn->tx_ida, 1, 128, GFP_ATOMIC); > > > + /* LE link does not support tools like l2ping so use the full range */ > > > + if (conn->hcon->type == LE_LINK) { > > > + /* Allocate ident using min as last used + 1 (cyclic) */ > > > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > > > + 255, GFP_ATOMIC); > > > + /* Force min 1 to start over */ > > > + if (ident < 0) > > > + ident = ida_alloc_range(&conn->tx_ida, 1, 255, > > > + GFP_ATOMIC); > > > + } else { > > > + /* Get next available identificator. > > > + * 1 - 128 are used by kernel. > > > + * 129 - 199 are reserved. > > > + * 200 - 254 are used by utilities like l2ping, etc. > > > + */ > > > + > > > + /* Allocate ident using min as last used + 1 (cyclic) */ > > > + ident = ida_alloc_range(&conn->tx_ida, ++conn->tx_ident, > > > + 128, GFP_ATOMIC); > > > + /* Force min 1 to start over */ > > > + if (ident < 0) > > > + ident = ida_alloc_range(&conn->tx_ida, 1, 128, > > > + GFP_ATOMIC); > > > + } > > > + > > > + if (ident > 0) > > > + conn->tx_ident = ident; > > > + > > > + return ident; > > > } > > > > > > static void l2cap_send_acl(struct l2cap_conn *conn, struct sk_buff *skb, > > > -- > > > 2.53.0 > > > > > > > Do you have any capacity to test the above with L2CAP/COS/CED/BI-29-C? > > Today my test system seems a little bit bitchy, so L2CAP/COS/CED/BI-29-C even > doesn't complete with my latest working version... > > After applying this patch on top of my latest version (6.19.9 + > the BT patches I already submitted), I see a new error (log is below). > At 40344 ms, the connection request sent by the IUT has an identifier value of > '0' (just after wrapping around) which is not a valid identifier as of > Core Vol 3, part A, chapter 4 (page 1122): > > "Signaling identifier 0x00 is an invalid identifier and shall never be used in any > command." > > Any idea why the identifier used by the IUT wraps around from 255 to 0 > instead of 1? Yeah, that seem to be a bug in the new version, let me check how to fix it. > regards, > Christian > > > > +40078 ms > Verdict Description: Received CMD:LE Credit Based Connection REQ: > Code: [20 (0x14)] Code > Identifier: [254 (0xFE)] > Length: [10 (0x000A)] > SPSM: [128 (0x0080)] > Source CID: [64 (0x0040)] > MTU: [672 (0x02A0)] > MPS: [23 (0x0017)] > Initial Credits: [30 (0x001E)] > > > > +40078 ms > Verdict Description: Sent=LE Credit Based Connection RSP: > Code: [21 (0x15)] Code > Identifier: [0 (0x00)] > Length: [10 (0x000A)] > Destination CID: [79 (0x004F)] > MTU: [64 (0x0040)] > MPS: [64 (0x0040)] > Initial Credits: [2 (0x0002)] > Result: [0 (0x0000)] Connection Successful > > > > +40078 ms > Send Event HCI!ACL_DATA_REQ{ > connectionHandle=0x0010, > boundary=0x00, > broadcasting=0x00, > length=0x0012, > p_data[0]=0x0E > } > > > +40250 ms > Receive Event HCI?ACL_DATA{ > connHandle=0x0010, > length=18, > boundaryFlag=0x02, > broadcastFlag=0x00 > } > > > +40250 ms > Verdict Description: ReceivePacket! > receive=0E00050014FF0A0080004000A00217001E00, CID=5 > > > > +40250 ms > Verdict Description: Received CMD:LE Credit Based Connection REQ: > Code: [20 (0x14)] Code > Identifier: [255 (0xFF)] > Length: [10 (0x000A)] > SPSM: [128 (0x0080)] > Source CID: [64 (0x0040)] > MTU: [672 (0x02A0)] > MPS: [23 (0x0017)] > Initial Credits: [30 (0x001E)] > > > > +40250 ms > Verdict Description: Sent=LE Credit Based Connection RSP: > Code: [21 (0x15)] Code > Identifier: [0 (0x00)] > Length: [10 (0x000A)] > Destination CID: [80 (0x0050)] > MTU: [64 (0x0040)] > MPS: [64 (0x0040)] > Initial Credits: [2 (0x0002)] > Result: [0 (0x0000)] Connection Successful > > > > +40250 ms > Send Event HCI!ACL_DATA_REQ{ > connectionHandle=0x0010, > boundary=0x00, > broadcasting=0x00, > length=0x0012, > p_data[0]=0x0E > } > > > +40344 ms > Receive Event HCI?ACL_DATA{ > connHandle=0x0010, > length=18, > boundaryFlag=0x02, > broadcastFlag=0x00 > } > > > +40344 ms > Verdict Description: ReceivePacket! > receive=0E00050014000A0080004000A00217001E00, CID=5 > > > > +40344 ms > Verdict Description: Received CMD:LE Credit Based Connection REQ: > Code: [20 (0x14)] Code > Identifier: [0 (0x00)] > Length: [10 (0x000A)] > SPSM: [128 (0x0080)] > Source CID: [64 (0x0040)] > MTU: [672 (0x02A0)] > MPS: [23 (0x0017)] > Initial Credits: [30 (0x001E)] > > > > +40344 ms > Verdict Description: Sent=LE Credit Based Connection RSP: > Code: [21 (0x15)] Code > Identifier: [0 (0x00)] > Length: [10 (0x000A)] > Destination CID: [81 (0x0051)] > MTU: [64 (0x0040)] > MPS: [64 (0x0040)] > Initial Credits: [2 (0x0002)] > Result: [0 (0x0000)] Connection Successful > > > > +40344 ms > Send Event HCI!ACL_DATA_REQ{ > connectionHandle=0x0010, > boundary=0x00, > broadcasting=0x00, > length=0x0012, > p_data[0]=0x0E > } > > > +40422 ms > Indecisive: Received Identifier is not unique. Received=0 > > > > +40422 ms > Verdict Description: Received Identifier is not unique. Received=0 > > > > +40625 ms > Send Event HCI!HCI_RESET > > > > > -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-03-18 15:10 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-03-17 16:02 [PATCH v1] Bluetooth: L2CAP: Fix regressions caused by reusing ident Luiz Augusto von Dentz 2026-03-17 17:25 ` [v1] " bluez.test.bot 2026-03-17 17:57 ` [PATCH v1] " Luiz Augusto von Dentz 2026-03-18 13:33 ` Christian Eggers 2026-03-18 15:10 ` Luiz Augusto von Dentz
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox