[PATCH AUTOSEL 6.16-6.1] Bluetooth: hci_sync: Avoid adding default advertising on startup

Archive-only list for patches
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Yang Li <yang.li@amlogic.com>,
	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
	Sasha Levin <sashal@kernel.org>,
	marcel@holtmann.org, johan.hedberg@gmail.com,
	luiz.dentz@gmail.com, linux-bluetooth@vger.kernel.org
Subject: [PATCH AUTOSEL 6.16-6.1] Bluetooth: hci_sync: Avoid adding default advertising on startup
Date: Mon, 25 Aug 2025 08:14:58 -0400	[thread overview]
Message-ID: <20250825121505.2983941-9-sashal@kernel.org> (raw)
In-Reply-To: <20250825121505.2983941-1-sashal@kernel.org>

From: Yang Li <yang.li@amlogic.com>

[ Upstream commit de5d7d3f27ddd4046736f558a40e252ddda82013 ]

list_empty(&hdev->adv_instances) is always true during startup,
so an advertising instance is added by default.

Call trace:
  dump_backtrace+0x94/0xec
  show_stack+0x18/0x24
  dump_stack_lvl+0x48/0x60
  dump_stack+0x18/0x24
  hci_setup_ext_adv_instance_sync+0x17c/0x328
  hci_powered_update_adv_sync+0xb4/0x12c
  hci_powered_update_sync+0x54/0x70
  hci_power_on_sync+0xe4/0x278
  hci_set_powered_sync+0x28/0x34
  set_powered_sync+0x40/0x58
  hci_cmd_sync_work+0x94/0x100
  process_one_work+0x168/0x444
  worker_thread+0x378/0x3f4
  kthread+0x108/0x10c
  ret_from_fork+0x10/0x20

Link: https://github.com/bluez/bluez/issues/1442
Signed-off-by: Yang Li <yang.li@amlogic.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

**Backport Status: YES**

This commit should be backported to stable kernel trees. Here's my
extensive analysis:

## Bug Analysis

The commit fixes a **logic error** in `hci_powered_update_adv_sync()`
that causes unnecessary default advertising instance creation during
Bluetooth startup. The problematic code at line 3290 uses an OR
condition:

```c
if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
    list_empty(&hdev->adv_instances))
```

This condition is **always true** during startup because
`list_empty(&hdev->adv_instances)` returns true when the advertising
instances list is initially empty. This causes the code block to execute
unconditionally, creating a default advertising instance even when not
needed.

## The Fix

The patch changes the OR (`||`) to AND (`&&`):

```c
if (hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
    list_empty(&hdev->adv_instances))
```

This ensures the default advertising setup only occurs when:
1. The HCI_ADVERTISING flag is explicitly set, AND
2. There are no advertising instances configured

## Why This Should Be Backported

1. **Clear Bug Fix**: This is a straightforward logic error that causes
   incorrect behavior during Bluetooth initialization. The stack trace
   in the commit message shows this happens during normal startup flow
   (`hci_power_on_sync` → `hci_powered_update_sync` →
   `hci_powered_update_adv_sync`).

2. **Small and Contained**: The fix is a single character change (|| to
   &&) that only affects the conditional logic. No architectural changes
   or new features are introduced.

3. **Prevents Resource Waste**: The bug causes unnecessary advertising
   instance creation on every Bluetooth startup, which wastes system
   resources and may interfere with user-configured advertising
   settings.

4. **Low Risk**: The change is minimal and only affects the specific
   condition for creating default advertising. The same pattern
   (checking both flags with AND) is already used in other parts of the
   codebase (e.g., `reenable_adv_sync()` function).

5. **User-Visible Impact**: The issue has an associated BlueZ bug report
   (#1442), indicating real users are affected by this problem.

6. **Long-Standing Issue**: The problematic code was introduced in
   commit cf75ad8b41d2a (October 2021), meaning this bug has been
   affecting users for an extended period across multiple kernel
   versions.

The fix follows stable kernel rules perfectly: it's a important bugfix
with minimal code change and very low regression risk, making it an
ideal candidate for stable backporting.

 net/bluetooth/hci_sync.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 7938c004071c..795952d5f921 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -3344,7 +3344,7 @@ static int hci_powered_update_adv_sync(struct hci_dev *hdev)
 	 * advertising data. This also applies to the case
 	 * where BR/EDR was toggled during the AUTO_OFF phase.
 	 */
-	if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
+	if (hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
 	    list_empty(&hdev->adv_instances)) {
 		if (ext_adv_capable(hdev)) {
 			err = hci_setup_ext_adv_instance_sync(hdev, 0x00);
-- 
2.50.1

next prev parent reply	other threads:[~2025-08-25 12:15 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-25 12:14 [PATCH AUTOSEL 6.16-5.15] fs: writeback: fix use-after-free in __mark_inode_dirty() Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16-6.1] cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16-6.6] LoongArch: Save LBT before FPU in setup_sigcontext() Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16] btrfs: clear block dirty if submit_one_sector() failed Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16] platform/x86/amd: pmc: Drop SMU F/W match for Cezanne Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16] LoongArch: Add cpuhotplug hooks to fix high cpu usage of vCPU threads Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16-6.12] btrfs: zoned: skip ZONE FINISH of conventional zones Sasha Levin
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16-5.10] drm/amd/display: Don't warn when missing DCE encoder caps Sasha Levin
2025-08-25 12:14 ` Sasha Levin [this message]
2025-08-25 12:14 ` [PATCH AUTOSEL 6.16-6.6] cpupower: Fix a bug where the -t option of the set subcommand was not working Sasha Levin
2025-08-25 12:15 ` [PATCH AUTOSEL 6.16-6.12] drm/rockchip: vop2: make vp registers nonvolatile Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7938c004071 dfblob:795952d5f92 )
 OR (
bs:"[PATCH AUTOSEL 6.16-6.1] Bluetooth: hci_sync: Avoid adding default advertising on startup" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250825121505.2983941-9-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=johan.hedberg@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=luiz.dentz@gmail.com \
    --cc=luiz.von.dentz@intel.com \
    --cc=marcel@holtmann.org \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    --cc=yang.li@amlogic.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox