Message ID | 20240723035203.7260-2-leo.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | Fix L2CAP/LE/CPU/BI-02-C bluetooth certification failure | expand |
2024-07-23 12:52 KST, Yo-Jung (Leo) Lin: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > BugLink: https://bugs.launchpad.net/bugs/2072858 > > This removes the bogus check for max > hcon->le_conn_max_interval since > the later is just the initial maximum conn interval not the maximum the > stack could support which is really 3200=4000ms. > > In order to pass GAP/CONN/CPUP/BV-05-C one shall probably enter values > of the following fields in IXIT that would cause hci_check_conn_params > to fail: > > TSPX_conn_update_int_min > TSPX_conn_update_int_max > TSPX_conn_update_peripheral_latency > TSPX_conn_update_supervision_timeout > > Link: https://github.com/bluez/bluez/issues/847 > Fixes: e4b019515f95 ("Bluetooth: Enforce validation on max value of connection interval") > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > (cherry picked from commit 806a5198c05987b748b50f3d0c0cfb3d417381a4 linux-next) > Signed-off-by: Yo-Jung (Leo) Lin <leo.lin@canonical.com> > --- > include/net/bluetooth/hci_core.h | 36 ++++++++++++++++++++++++++++---- > net/bluetooth/l2cap_core.c | 8 +------ > 2 files changed, 33 insertions(+), 11 deletions(-) > > diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h > index 5277c6d5134c..c4781aec3c08 100644 > --- a/include/net/bluetooth/hci_core.h > +++ b/include/net/bluetooth/hci_core.h > @@ -2114,18 +2114,46 @@ static inline int hci_check_conn_params(u16 min, u16 max, u16 latency, > { > u16 max_latency; > > - if (min > max || min < 6 || max > 3200) > + if (min > max) { > + BT_WARN("min %d > max %d", min, max); > return -EINVAL; > + } > + > + if (min < 6) { > + BT_WARN("min %d < 6", min); > + return -EINVAL; > + } > + > + if (max > 3200) { > + BT_WARN("max %d > 3200", max); > + return -EINVAL; > + } > + > + if (to_multiplier < 10) { > + BT_WARN("to_multiplier %d < 10", to_multiplier); > + return -EINVAL; > + } > > - if (to_multiplier < 10 || to_multiplier > 3200) > + if (to_multiplier > 3200) { > + BT_WARN("to_multiplier %d > 3200", to_multiplier); > return -EINVAL; > + } > > - if (max >= to_multiplier * 8) > + if (max >= to_multiplier * 8) { > + BT_WARN("max %d >= to_multiplier %d * 8", max, to_multiplier); > return -EINVAL; > + } > > max_latency = (to_multiplier * 4 / max) - 1; > - if (latency > 499 || latency > max_latency) > + if (latency > 499) { > + BT_WARN("latency %d > 499", latency); > return -EINVAL; > + } > + > + if (latency > max_latency) { > + BT_WARN("latency %d > max_latency %d", latency, max_latency); > + return -EINVAL; > + } > > return 0; > } > diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c > index 4a633c1b6882..e3f5d830e42b 100644 > --- a/net/bluetooth/l2cap_core.c > +++ b/net/bluetooth/l2cap_core.c > @@ -4645,13 +4645,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, > > memset(&rsp, 0, sizeof(rsp)); > > - if (max > hcon->le_conn_max_interval) { > - BT_DBG("requested connection interval exceeds current bounds."); > - err = -EINVAL; > - } else { > - err = hci_check_conn_params(min, max, latency, to_multiplier); > - } > - > + err = hci_check_conn_params(min, max, latency, to_multiplier); > if (err) > rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED); > else Missing cover letter email.
On 23.07.24 07:56, Agathe Porte wrote: > 2024-07-23 12:52 KST, Yo-Jung (Leo) Lin: >> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> >> >> BugLink: https://bugs.launchpad.net/bugs/2072858 >> >> This removes the bogus check for max > hcon->le_conn_max_interval since >> the later is just the initial maximum conn interval not the maximum the >> stack could support which is really 3200=4000ms. >> >> In order to pass GAP/CONN/CPUP/BV-05-C one shall probably enter values >> of the following fields in IXIT that would cause hci_check_conn_params >> to fail: >> >> TSPX_conn_update_int_min >> TSPX_conn_update_int_max >> TSPX_conn_update_peripheral_latency >> TSPX_conn_update_supervision_timeout >> >> Link: https://github.com/bluez/bluez/issues/847 >> Fixes: e4b019515f95 ("Bluetooth: Enforce validation on max value of connection interval") >> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> >> (cherry picked from commit 806a5198c05987b748b50f3d0c0cfb3d417381a4 linux-next) >> Signed-off-by: Yo-Jung (Leo) Lin <leo.lin@canonical.com> >> --- >> include/net/bluetooth/hci_core.h | 36 ++++++++++++++++++++++++++++---- >> net/bluetooth/l2cap_core.c | 8 +------ >> 2 files changed, 33 insertions(+), 11 deletions(-) >> >> diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h >> index 5277c6d5134c..c4781aec3c08 100644 >> --- a/include/net/bluetooth/hci_core.h >> +++ b/include/net/bluetooth/hci_core.h >> @@ -2114,18 +2114,46 @@ static inline int hci_check_conn_params(u16 min, u16 max, u16 latency, >> { >> u16 max_latency; >> >> - if (min > max || min < 6 || max > 3200) >> + if (min > max) { >> + BT_WARN("min %d > max %d", min, max); >> return -EINVAL; >> + } >> + >> + if (min < 6) { >> + BT_WARN("min %d < 6", min); >> + return -EINVAL; >> + } >> + >> + if (max > 3200) { >> + BT_WARN("max %d > 3200", max); >> + return -EINVAL; >> + } >> + >> + if (to_multiplier < 10) { >> + BT_WARN("to_multiplier %d < 10", to_multiplier); >> + return -EINVAL; >> + } >> >> - if (to_multiplier < 10 || to_multiplier > 3200) >> + if (to_multiplier > 3200) { >> + BT_WARN("to_multiplier %d > 3200", to_multiplier); >> return -EINVAL; >> + } >> >> - if (max >= to_multiplier * 8) >> + if (max >= to_multiplier * 8) { >> + BT_WARN("max %d >= to_multiplier %d * 8", max, to_multiplier); >> return -EINVAL; >> + } >> >> max_latency = (to_multiplier * 4 / max) - 1; >> - if (latency > 499 || latency > max_latency) >> + if (latency > 499) { >> + BT_WARN("latency %d > 499", latency); >> return -EINVAL; >> + } >> + >> + if (latency > max_latency) { >> + BT_WARN("latency %d > max_latency %d", latency, max_latency); >> + return -EINVAL; >> + } >> >> return 0; >> } >> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c >> index 4a633c1b6882..e3f5d830e42b 100644 >> --- a/net/bluetooth/l2cap_core.c >> +++ b/net/bluetooth/l2cap_core.c >> @@ -4645,13 +4645,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, >> >> memset(&rsp, 0, sizeof(rsp)); >> >> - if (max > hcon->le_conn_max_interval) { >> - BT_DBG("requested connection interval exceeds current bounds."); >> - err = -EINVAL; >> - } else { >> - err = hci_check_conn_params(min, max, latency, to_multiplier); >> - } >> - >> + err = hci_check_conn_params(min, max, latency, to_multiplier); >> if (err) >> rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED); >> else > > Missing cover letter email. > Hm, I see "[SRU][N/J][PATCH 0/1] Fix L2CAP/LE/CPU/BI-02-C bluetooth certification failure" as the cover email...
On Tue, Jul 23, 2024 at 1:56 PM Agathe Porte <agathe.porte@canonical.com> wrote: > > Missing cover letter email. The cover letter ([SRU][N/J][PATCH 0/1] Fix L2CAP/LE/CPU/BI-02-C bluetooth certification failure) was sent alone with the patch. See the mailing list archive[1]. [1] https://lists.ubuntu.com/archives/kernel-team/2024-July/152386.html
2024-07-23 15:47 KST, Leo Lin: > On Tue, Jul 23, 2024 at 1:56 PM Agathe Porte <agathe.porte@canonical.com> wrote: > > > > Missing cover letter email. > > The cover letter ([SRU][N/J][PATCH 0/1] Fix L2CAP/LE/CPU/BI-02-C > bluetooth certification failure) was sent alone with the patch. See > the mailing list archive[1]. > > [1] https://lists.ubuntu.com/archives/kernel-team/2024-July/152386.html My bad, this email got lost and I did not see it. Please ignore my NAK. Thanks.
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 5277c6d5134c..c4781aec3c08 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -2114,18 +2114,46 @@ static inline int hci_check_conn_params(u16 min, u16 max, u16 latency, { u16 max_latency; - if (min > max || min < 6 || max > 3200) + if (min > max) { + BT_WARN("min %d > max %d", min, max); return -EINVAL; + } + + if (min < 6) { + BT_WARN("min %d < 6", min); + return -EINVAL; + } + + if (max > 3200) { + BT_WARN("max %d > 3200", max); + return -EINVAL; + } + + if (to_multiplier < 10) { + BT_WARN("to_multiplier %d < 10", to_multiplier); + return -EINVAL; + } - if (to_multiplier < 10 || to_multiplier > 3200) + if (to_multiplier > 3200) { + BT_WARN("to_multiplier %d > 3200", to_multiplier); return -EINVAL; + } - if (max >= to_multiplier * 8) + if (max >= to_multiplier * 8) { + BT_WARN("max %d >= to_multiplier %d * 8", max, to_multiplier); return -EINVAL; + } max_latency = (to_multiplier * 4 / max) - 1; - if (latency > 499 || latency > max_latency) + if (latency > 499) { + BT_WARN("latency %d > 499", latency); return -EINVAL; + } + + if (latency > max_latency) { + BT_WARN("latency %d > max_latency %d", latency, max_latency); + return -EINVAL; + } return 0; } diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 4a633c1b6882..e3f5d830e42b 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -4645,13 +4645,7 @@ static inline int l2cap_conn_param_update_req(struct l2cap_conn *conn, memset(&rsp, 0, sizeof(rsp)); - if (max > hcon->le_conn_max_interval) { - BT_DBG("requested connection interval exceeds current bounds."); - err = -EINVAL; - } else { - err = hci_check_conn_params(min, max, latency, to_multiplier); - } - + err = hci_check_conn_params(min, max, latency, to_multiplier); if (err) rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED); else