On 1/9/2024 5:58 PM, Paul Menzel wrote:
Dear Zijun,
Thank you very much for your patch. Should you resent, some nits for the commit message. For the summary, I suggest:
Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
will take your suggestions and send v2 patch
Am 09.01.24 um 09:37 schrieb Zijun Hu:
hci_store_wake_reason() wrongly parses event HCI_Connection_Request as HCI_Connection_Complete and HCI_Connection_Complete as HCI_Connection_Request, so causes recording wakeup BD_ADDR error and stability issue, it is fixed by this change.
Maybe: … stability issue. Fix it by using the correct field. will correct commit messages based on your suggestions. How did you reproduce the stability issues?
As you sent it to stable@vger.kernel.org, could you please add a Fixes: tag?
i will take it as potential stability issue since it maybe access unexpected memory area. don't send it to stable@vger.kernel.org any more.
actually. i just read code and find this issue.
Signed-off-by: Zijun Hu quic_zijuhu@quicinc.com
net/bluetooth/hci_event.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index ef8c3bed7361..22b22c264c2a 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -7420,10 +7420,10 @@ static void hci_store_wake_reason(struct hci_dev *hdev, u8 event, * keep track of the bdaddr of the connection event that woke us up. */ if (event == HCI_EV_CONN_REQUEST) { - bacpy(&hdev->wake_addr, &conn_complete->bdaddr); + bacpy(&hdev->wake_addr, &conn_request->bdaddr); hdev->wake_addr_type = BDADDR_BREDR; } else if (event == HCI_EV_CONN_COMPLETE) { - bacpy(&hdev->wake_addr, &conn_request->bdaddr); + bacpy(&hdev->wake_addr, &conn_complete->bdaddr); hdev->wake_addr_type = BDADDR_BREDR; } else if (event == HCI_EV_LE_META) { struct hci_ev_le_meta *le_ev = (void *)skb->data;
Reviewed-by: Paul Menzel pmenzel@molgen.mpg.de
Kind regards,
Paul