[SRU][J][PATCH 0/1] Cherry-pick a patch to reject connection when malformed L2CAP signal packet is received

Hui Wang hui.wang at canonical.com
Tue Jan 9 03:07:11 UTC 2024 

BugLink: https://bugs.launchpad.net/bugs/2047634

The patch is merged in mainline kernel v6.7-rc7, so Noble kernel
already have this fix. And this patch is CCed to stable at vger.kernel.org,
M and L kernel will have this fix with the SRU update sooner or later.
For Jammy kernel, an OEM customer is waiting for this patch
to be merged to Jammy kernel and OEM kernel, here I submit the
review reqeust for Jammy only.

[Impact]
An OEM customer want to do the bluetooth profile testing suite (PTS)
test, and they found if sending 2 commands and one of them is "unknown
comands", the bluetooth stack doesn't reply the ack as expected, this
broke the customer's PTS test.

[Fix]
Cherry-pick a mainline kernel patch, this could fix this issue.

[Test]
After applying the patch, test it with PTS:

1. Configure the PTS: set PSM to 0x1011, so that it initiates L2CAP connection
   over PSM 0x1011, which is the default PSM for l2test, the testing tool for
   L2CAP layer provided by bluez.

2. Set device as connectable:
 $ sudo btmgmt connectable on

3. Run l2test on the device in preparation for testing:
 $ sudo l2test -d

4. Run the L2CAP/COS/CED/BI-02-C test on PTS. The test suite will initiate
   L2CAP connection automatically.

5. Verify that the test verdict on the PTS is PASS.

And I also tested the patched kernel with 2 bt headsets, 1 bt keyboard and
my mobile phone, all worked as well as before.

[Where problems could occur]
This makes L2CAP implementation more conforming to the specification.
It has possibility to make some bt devices could not work with patched
kernel, but this possibility is very low, I tested the patched kernel
with 2 bt headsets, 1 bt keyboard and my Android mobile phone, all
worked as well as before.


Frédéric Danis (1):
  Bluetooth: L2CAP: Send reject on command corrupted request

 net/bluetooth/l2cap_core.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

-- 
2.34.1

More information about the kernel-team mailing list