kernel/linux.git/net/bluetooth/msft.h, branch v6.19.12

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

2024-05-03T17:05:28+00:00

Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309 Fixes: bf6a4e30ffbd ("Bluetooth: disable advertisement filters during suspend") Signed-off-by: Sungwoo Kim Signed-off-by: Luiz Augusto von Dentz

Bluetooth: hci_sync: Refactor remove Adv Monitor

2022-07-22T00:14:55+00:00

Make use of hci_cmd_sync_queue for removing an advertisement monitor. Signed-off-by: Manish Mandlik Reviewed-by: Miao-chen Chou Signed-off-by: Luiz Augusto von Dentz

Bluetooth: msft: Fix compilation when CONFIG_BT_MSFTEXT is not set

2021-12-07T16:05:51+00:00

This fixes compilation when CONFIG_BT_MSFTEXT is not set. Fixes: 6b3d4c8fcf3f2 ("Bluetooth: hci_event: Use of a function table to handle HCI events") Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann

Bluetooth: hci_event: Use of a function table to handle HCI events

2021-12-07T16:05:50+00:00

This change the use of switch statement to a function table which is easier to extend and can include min/max length of each HCI event. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann

Bluetooth: hci_sync: Rework hci_suspend_notifier

2021-10-29T14:52:00+00:00

This makes hci_suspend_notifier use the hci_*_sync which can be executed synchronously which is allowed in the suspend_notifier and simplifies a lot of the handling since the status of each command can be checked inline so no other work need to be scheduled thus can be performed without using of a state machine. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann

Bluetooth: Fix Advertisement Monitor Suspend/Resume

2021-09-28T08:01:35+00:00

During system suspend, advertisement monitoring is disabled by setting the HCI_VS_MSFT_LE_Set_Advertisement_Filter_Enable to False. This disables the monitoring during suspend, however, if the controller is monitoring a device, it sends HCI_VS_MSFT_LE_Monitor_Device_Event to indicate that the monitoring has been stopped for that particular device. This event may occur after suspend depending on the low_threshold_timeout and peer device advertisement frequency, which causes early wake up. Right way to disable the monitoring for suspend is by removing all the monitors before suspend and re-monitor after resume to ensure no events are received during suspend. This patch fixes this suspend/resume issue. Following tests are performed: - Add monitors before suspend and make sure DeviceFound gets triggered - Suspend the system and verify that all monitors are removed by kernel but not Released by bluetoothd - Wake up and verify that all monitors are added again and DeviceFound gets triggered Signed-off-by: Manish Mandlik Reviewed-by: Archie Pusaka Reviewed-by: Miao-chen Chou Signed-off-by: Marcel Holtmann

Bluetooth: Keep MSFT ext info throughout a hci_dev's life cycle

2021-09-10T07:27:13+00:00

This splits the msft_do_{open/close} to msft_do_{open/close} and msft_{register/unregister}. With this change it is possible to retain the MSFT extension info irrespective of controller power on/off state. This helps bluetoothd to report correct 'supported features' of the controller to the D-Bus clients event if the controller is off. It also re-reads the MSFT info upon every msft_do_open(). The following test steps were performed. 1. Boot the test device and verify the MSFT support debug log in syslog. 2. Power off the controller and read the 'supported features', power on and read again. 3. Restart the bluetoothd and verify the 'supported features' value. Signed-off-by: Miao-chen Chou Reviewed-by: Abhishek Pandit-Subedi Reviewed-by: Archie Pusaka Reviewed-by: Alain Michaud Signed-off-by: Manish Mandlik Signed-off-by: Marcel Holtmann

Bluetooth: Allow Microsoft extension to indicate curve validation

2021-04-08T10:26:34+00:00

Some controllers don't support the Simple Pairing Options feature that can indicate the support for P-192 and P-256 public key validation. However they might support the Microsoft vendor extension that can indicate the validiation capability as well. Signed-off-by: Marcel Holtmann Signed-off-by: Luiz Augusto von Dentz

Bluetooth: disable advertisement filters during suspend

2021-01-25T15:07:37+00:00

This adds logic to disable and reenable advertisement filters during suspend and resume. After this patch, we would only receive packets from devices in allow list during suspend. Signed-off-by: Howard Chung Reviewed-by: Abhishek Pandit-Subedi Signed-off-by: Marcel Holtmann

Bluetooth: advmon offload MSFT handle filter enablement

2021-01-25T15:07:36+00:00

Implements the feature to disable/enable the filter used for advertising monitor on MSFT controller, effectively have the same effect as "remove all monitors" and "add all previously removed monitors". This feature would be needed when suspending, where we would not want to get packets from anything outside the allowlist. Note that the integration with the suspending part is not included in this patch. Signed-off-by: Archie Pusaka Reviewed-by: Miao-chen Chou Reviewed-by: Yun-Hao Chung Signed-off-by: Marcel Holtmann