Re: [PATCH] net: bluetooth: fix consistent connection failure caused by the loss of HCI_Connection_Complete event

Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> · Wed, 23 Aug 2023 14:26:00 -0700



Hi,

On Wed, Aug 23, 2023 at 5:52 AM Xin-Yu Liu <by2239112@xxxxxxxxxxx> wrote:
>
> During a connection attempt, if the HCI_Connection_Complete event
> is lost and not received by the Host, it will result in
> a connection failure.
>
> In that process, the hci_conn, the handle of which is still
> HCI_CONN_HANDLE_UNSET, will not be removed from the conn_hash
> as it would during a regular disconnection opration.
> Consequently, when an ACL connection is initiated for the same device,
> the hci_conn is found in hash_conn based on "ba", with its state remaining
> BT_CONNECT. Then the Host will send an HCI_Create_Connection_Cancel
> command, which will result in subsequent Bluetooth connections
> for the same device consistently failing.
>
> In order to solve the potential bug, if the hci_conn's state is
> BT_CONNECT and handle is HCI_CONN_HANDLE_UNSET, remove this hci_conn
> from conn_hash. This adjustment could potentially help ensure that the
> specific conn is cleaned up at the appropriate times, then the subsequent
> connection for the same device will no longer experience failures.
>
> Signed-off-by: Xin-Yu Liu <by2239112@xxxxxxxxxxx>
> ---
>  net/bluetooth/hci_conn.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 76222565e..219c62579 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -2886,6 +2886,10 @@ int hci_abort_conn(struct hci_conn *conn, u8 reason)
>                 } else if (conn->type == ACL_LINK) {
>                         if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
>                                 break;
> +                       if (conn->state == HCI_CONN_HANDLE_UNSET) {
> +                               hci_conn_cleanup(conn);
> +                               break;
> +                       }

This won't apply upstream if you are wondering why CI hasn't managed
to pick it up, this should be fixed by the following line if
connection cannot be aborted:

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/tree/net/bluetooth/hci_sync.c?id=c452805643ff9762626f2c87c2640ab7c7099eb8#n5432

>                         r = hci_send_cmd(conn->hdev,
>                                          HCI_OP_CREATE_CONN_CANCEL,
>                                          6, &conn->dst);
> --
> 2.25.1
>


-- 
Luiz Augusto von Dentz