summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThorsten Leemhuis <fedora@leemhuis.info>2021-01-09 15:35:27 +0100
committerThorsten Leemhuis <fedora@leemhuis.info>2021-01-09 15:35:27 +0100
commitd56e576844c21d2ac58449326caae81c7b4ec445 (patch)
treea15f60b014a89319b1646a7cccc4954e2a4dcf1a
parent6caba9ba76a7f8bdee939573e03da2c224ab2598 (diff)
parentff4c03858e1e4e258fedf53bc4bec86b8fe2dd22 (diff)
downloadkernel-d56e576844c21d2ac58449326caae81c7b4ec445.tar.gz
kernel-d56e576844c21d2ac58449326caae81c7b4ec445.tar.xz
kernel-d56e576844c21d2ac58449326caae81c7b4ec445.zip
Merge remote-tracking branch 'origin/stabilization' into stabilization-user-thl-vanilla-fedora
-rw-r--r--Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch56
-rw-r--r--kernel.spec6
2 files changed, 62 insertions, 0 deletions
diff --git a/Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch b/Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
new file mode 100644
index 000000000..f298a652e
--- /dev/null
+++ b/Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
@@ -0,0 +1,56 @@
+From MAILER-DAEMON Thu Jan 7 13:40:23 2021
+From: Edward Vear <edwardvear@gmail.com>
+To: linux-bluetooth@vger.kernel.org
+Cc: edwardvear@gmail.com, marcel@holtmann.org, johan.hedberg@gmail.com, davem@davemloft.net, kuba@kernel.org
+Subject: [PATCH] Bluetooth: hci_core: Fix attempting to set RPA timeout when unsupported
+Date: Tue, 27 Oct 2020 00:02:03 -0700
+Message-Id: <20201027070203.13561-1-edwardvear@gmail.com>
+List-ID: <linux-bluetooth.vger.kernel.org>
+X-Mailing-List: linux-bluetooth@vger.kernel.org
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 7bit
+
+During controller initialization, an LE Set RPA Timeout command is sent
+to the controller if supported. However, the value checked to determine
+if the command is supported is incorrect. Page 1921 of the Bluetooth
+Core Spec v5.2 shows that bit 2 of octet 35 of the Supported_Commands
+field corresponds to the LE Set RPA Timeout command, but currently
+bit 6 of octet 35 is checked. This patch checks the correct value
+instead.
+
+This issue led to the error seen in the following btmon output during
+initialization of an adapter (rtl8761b) and prevented initialization
+from completing.
+
+< HCI Command: LE Set Resolvable Private Address Timeout (0x08|0x002e) plen 2
+ Timeout: 900 seconds
+> HCI Event: Command Complete (0x0e) plen 4
+ LE Set Resolvable Private Address Timeout (0x08|0x002e) ncmd 2
+ Status: Unsupported Remote Feature / Unsupported LMP Feature (0x1a)
+= Close Index: 00:E0:4C:6B:E5:03
+
+The error did not appear when running with this patch.
+
+Signed-off-by: Edward Vear <edwardvear@gmail.com>
+---
+ net/bluetooth/hci_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
+index 502552d6e9af..c4aa2cbb9269 100644
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -763,7 +763,7 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
+ hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
+ }
+
+- if (hdev->commands[35] & 0x40) {
++ if (hdev->commands[35] & 0x04) {
+ __le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
+
+ /* Set RPA timeout */
+--
+2.29.1
+
+
diff --git a/kernel.spec b/kernel.spec
index 828017a0c..8f5620967 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -869,6 +869,9 @@ Patch104: 0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
Patch105: 0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
+# rhbz 1898495
+Patch106: Bluetooth-hci_core-Fix-attempting-to-set-RPA-timeout-when-unsupported.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -2985,6 +2988,9 @@ fi
#
#
%changelog
+* Thu Jan 7 2021 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix bluetooth controller initialization (rhbz 1898495)
+
* Wed Jan 6 12:53:15 CST 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.5-200
- Linux v5.10.5
- Fix CVE-2020-36158 (rhbz 1913348 1913349)