Fix bluetooth controller initialization (rhbz 1898495)
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes
parent
bcf7511bad
commit
ff4c03858e
2 changed files with 62 additions and 0 deletions
|
|
@ -0,0 +1,56 @@
|
|||
From MAILER-DAEMON Thu Jan 7 13:40:23 2021
|
||||
From: Edward Vear <edwardvear@gmail.com>
|
||||
To: linux-bluetooth@vger.kernel.org
|
||||
Cc: edwardvear@gmail.com, marcel@holtmann.org, johan.hedberg@gmail.com, davem@davemloft.net, kuba@kernel.org
|
||||
Subject: [PATCH] Bluetooth: hci_core: Fix attempting to set RPA timeout when unsupported
|
||||
Date: Tue, 27 Oct 2020 00:02:03 -0700
|
||||
Message-Id: <20201027070203.13561-1-edwardvear@gmail.com>
|
||||
List-ID: <linux-bluetooth.vger.kernel.org>
|
||||
X-Mailing-List: linux-bluetooth@vger.kernel.org
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
Content-Transfer-Encoding: 7bit
|
||||
|
||||
During controller initialization, an LE Set RPA Timeout command is sent
|
||||
to the controller if supported. However, the value checked to determine
|
||||
if the command is supported is incorrect. Page 1921 of the Bluetooth
|
||||
Core Spec v5.2 shows that bit 2 of octet 35 of the Supported_Commands
|
||||
field corresponds to the LE Set RPA Timeout command, but currently
|
||||
bit 6 of octet 35 is checked. This patch checks the correct value
|
||||
instead.
|
||||
|
||||
This issue led to the error seen in the following btmon output during
|
||||
initialization of an adapter (rtl8761b) and prevented initialization
|
||||
from completing.
|
||||
|
||||
< HCI Command: LE Set Resolvable Private Address Timeout (0x08|0x002e) plen 2
|
||||
Timeout: 900 seconds
|
||||
> HCI Event: Command Complete (0x0e) plen 4
|
||||
LE Set Resolvable Private Address Timeout (0x08|0x002e) ncmd 2
|
||||
Status: Unsupported Remote Feature / Unsupported LMP Feature (0x1a)
|
||||
= Close Index: 00:E0:4C:6B:E5:03
|
||||
|
||||
The error did not appear when running with this patch.
|
||||
|
||||
Signed-off-by: Edward Vear <edwardvear@gmail.com>
|
||||
---
|
||||
net/bluetooth/hci_core.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
|
||||
index 502552d6e9af..c4aa2cbb9269 100644
|
||||
--- a/net/bluetooth/hci_core.c
|
||||
+++ b/net/bluetooth/hci_core.c
|
||||
@@ -763,7 +763,7 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
|
||||
hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
|
||||
}
|
||||
|
||||
- if (hdev->commands[35] & 0x40) {
|
||||
+ if (hdev->commands[35] & 0x04) {
|
||||
__le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
|
||||
|
||||
/* Set RPA timeout */
|
||||
--
|
||||
2.29.1
|
||||
|
||||
|
||||
|
|
@ -852,6 +852,9 @@ Patch104: 0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
|
|||
|
||||
Patch105: 0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
|
||||
|
||||
# rhbz 1898495
|
||||
Patch106: Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2965,6 +2968,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Jan 7 2021 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix bluetooth controller initialization (rhbz 1898495)
|
||||
|
||||
* Wed Jan 6 12:53:15 CST 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.5-200
|
||||
- Linux v5.10.5
|
||||
- Fix CVE-2020-36158 (rhbz 1913348 1913349)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue