From nobody Thu Apr 2 18:53:50 2026 Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazon11021130.outbound.protection.outlook.com [52.101.70.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 897AC4266B5; Thu, 26 Mar 2026 17:31:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.70.130 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774546292; cv=fail; b=It3ftWurmGFexTzc0yPoVoAlITDs/JNoka8tvja3yRziQjxe/Zvn04nHfdiGnOIz/+J7p6EikF+4vIN2NyS79xXAgFFg8gbh423m3tTqOU5VGtED86FZqGSuXRBn9RCtV/5my3m4nqEEtWRXZPEcWoqEPFkLrHLJCmjl1b2K9RI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774546292; c=relaxed/simple; bh=bHjouV73JetLUH92DnLgUlkGCJJPQBuxvhP4fJ5P4h4=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=op6Y3rUQxrBx7TUXKKGSysWZWGo8lZ5qG0LDa80EEjAsinHAjE2l7DXlJy+yz3Rvilv9eIKPokkOymyul5ioHryb210XF/l2xEV2m5GnAsvQjAMrz9WWUsMtipic+2Xt3SKBGBUNCg07gR2o54GrXSx8PH0gRd3o8uwv56XsSRI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=1seal.org; spf=pass smtp.mailfrom=1seal.org; dkim=pass (2048-bit key) header.d=1seal.org header.i=@1seal.org header.b=dP3hhc5w; arc=fail smtp.client-ip=52.101.70.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=1seal.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=1seal.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=1seal.org header.i=@1seal.org header.b="dP3hhc5w" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=paC48HUGEXnKMnD+W25rOfqlM4H3TVAq07js6iBKiNP4YcKsZ81C/ONSI2G6yGDLc73VTboCHd6/4C3c1HIMkdO9lXS1iZzgDD6V+TZYF8EH7zomrvpbO3st3zfLfQ9/l6aUCoRLIUxtoyuwlmb0AyuGoeVbIOiodmZQwoBk9v1MTVI3Q5eVesmyzHqUjGCe6BuxhdUAKxSvEaycIEND8A7gO1CvnjPhwvJlPTeFC6n2nrWJALkFtm4KGv1ycgYxZmvkZ5FtTitAYsSs0hwaO2vM5BpWJFEndZ8HXPko6fii0QU0vEonzMEp6EG08m64ByZKbHy1AaTpnM9p4cnsuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bHjouV73JetLUH92DnLgUlkGCJJPQBuxvhP4fJ5P4h4=; b=gql6CQMSQxRCrkvonNjuVZnEZZNcNyFr783NLVbwkZ4qgRL1afZGHkXxcIPBaPOUqdxJ2xqP98XvnlcJ+n7z/LP8ozWKh2DRWd0LxTr/nVqA+iN4nr7QoSUXlGZVjsKwDChpx4b5z+uZLdieBTw68NeB1JNzF84PtUDn5nlpgFYfzixoyrcrGjv9wgm7Yx2Lrw2F9IMTRr3DT/mKyD5x/5WhuL8AEcqnCzXoWdB/DQ1WfyFc+o+2ROAwEqrIpsqn13GEU7Q7b4O0eRaR68AvpYI/a/PAysjI2RWRDBbnX2xhF/Zas9+2RXICxpr9JGO0hxr4RpN/xl9hHiE/HoY/pg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=1seal.org; dmarc=pass action=none header.from=1seal.org; dkim=pass header.d=1seal.org; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1seal.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bHjouV73JetLUH92DnLgUlkGCJJPQBuxvhP4fJ5P4h4=; b=dP3hhc5wo5FCZ+A+w/jAZ56xx0zBOFiX4baK4xOeDYQIc2xJ0B8+/9nNUv2JkNhR8bRpsLkGEyzUCpmXnTBLxgoGl5UAJanqomrnzuj6RkNIriWDPyZkjKysnf0t+en84D75hkl7HYw4lLOmibY7U3OcAK4/O5+drLexqUP2bSgYlDkIQZLjhfsy5SwBfps6Dfnoe0ENUigsWIwo9X8gjo9gskoa0hDrKmM7j2cVK/W1EE3iv+qWS8b0etPzBt1v4ffK0CivvvORCXvYYL732N+JWDSfc8+kIBQHshhS3lipj6R4KTuZzjYwEI0pWDugyXR3CFDUcCpAVc/ppUDn4g== Received: from DBBPR04MB7673.eurprd04.prod.outlook.com (2603:10a6:10:202::5) by DUZPR04MB9846.eurprd04.prod.outlook.com (2603:10a6:10:4db::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.20; Thu, 26 Mar 2026 17:31:25 +0000 Received: from DBBPR04MB7673.eurprd04.prod.outlook.com ([fe80::cf39:9ba0:2b9c:419]) by DBBPR04MB7673.eurprd04.prod.outlook.com ([fe80::cf39:9ba0:2b9c:419%3]) with mapi id 15.20.9745.023; Thu, 26 Mar 2026 17:31:24 +0000 From: Oleh Konko To: "linux-bluetooth@vger.kernel.org" CC: "marcel@holtmann.org" , "luiz.dentz@gmail.com" , "gregkh@linuxfoundation.org" , "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" Subject: [PATCH v6] Bluetooth: hci_event: move wake reason storage into validated event handlers Thread-Topic: [PATCH v6] Bluetooth: hci_event: move wake reason storage into validated event handlers Thread-Index: AQHcvUZe1IFDuNvgEUSZcjFrIyW0zw== Date: Thu, 26 Mar 2026 17:31:24 +0000 Message-ID: <09ff4368485242cdb6bc707082fccc4d.security@1.0.0.127.in-addr.arpa> Accept-Language: ru-RU, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=1seal.org; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DBBPR04MB7673:EE_|DUZPR04MB9846:EE_ x-ms-office365-filtering-correlation-id: ae07d74e-e08c-46ab-62d5-08de8b5d8138 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700021|18002099003|7055299006|56012099003; x-microsoft-antispam-message-info: up8UN0RZsh/xkqPyhH5yvUM6nAnRiWHMZfqYY7XgBsoOpvpd4dHJTiTxb6P0PoAUkwvVvgnDcSFYxZhzW0kOD4r5JlPbTVGDtEru8pwN2XqEVvu1o1eU05rIyPgHf27l7keX+lOuy38DGsODvDhO/LxoI8do7ggs7DS4sQ6FLpujhMudFGPLDgfqKvTH4G75fUvQu9+VN2FufQzE39Z4OLAqQKGG134at2YtToJiu/8DlbMnmb0P9sJHl9kNaHG63J2ZyL2bVAYcoqkS9t/gZN3G0jpGLN6p3g4mAa4sUa8lX1QRnwP0od1+7K+QGRpC47sJC/0h0EOr8QfVBZCldp0jbHfn4WTOeR0bYSm+xWtfhIqtQsjDsw40MTR7HH8ejXzIY6ZhrTbxUY5eeV6gPG1BNaHdIrBm+f+dzKpCa8LYx3s2NyOL5eceqdIjWGdMSK6r4yQQ/cnyJbMBB/OKG+0DaJubm65Ew+XjyhDMH8pCJqkhwiyST4HgvmfNOlU26hwc2tNXI40QzqjDxIXfwVhSuwtmdsT4soPojUelvGfEat0Qn7/HfbpdP1adLUoTEaZgqxNglfAWN8l9jCVtYHpdV3HSrLIYXXtMxtPlY5sfIEvTXgoM9FlZW5/kTxaW4UQP+piZZj5TLmc3REZ3MjauZ18qL8FSwXpmISvRB6ux/GedDMNJxgV4anWeRMLH3MOCOCK05nSPEAMEOfLwLV7u19j8o1tugWySxYAskNoQmIssO9S/OoNaK8LrUaeYLQhp4crC38Ros/D3pfaZhj+Zan3MfFZMRPG3Y1gudiyMmTZlSaQwoaux/JiXsgbL x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DBBPR04MB7673.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700021)(18002099003)(7055299006)(56012099003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?N1RvOGJFY0dXZnJodk5HQ1UyclRKa1lZNVd4R2lBR3M2UDZzT3NyMGJEYVRE?= =?utf-8?B?czFZYUt5N0JQTnZMWTAzWDhTWjZkK1g4WUhYNnZxbXNTRkNmeWhScWlFUnlG?= =?utf-8?B?OGFqazlPVktKYUtEcDFVVEk2QjRxVEswOG83RmFkL0plWFVOMHZuVWN5RGtV?= =?utf-8?B?TjF4TkFMSWx0ejB2RjBxWHFxdExLdW5Wb09kdFBxa0F4bjlZMVY0dll2elB1?= =?utf-8?B?N0VKUUREVGI4cnV4eXFSN24xYmVtZVFQVTFybjh4ZjE0RTVMcXhZeEVzalV2?= =?utf-8?B?STdwcmRXd3Nkb1dneWduNGNHWmdPRnduK1VoK29qTXZ4MUZNMWhSWTVQSHlD?= =?utf-8?B?L29zTjdJMnlvSTFEL0hRclpVTENSQ3c4TFlKN09HT2k1dzBvUTNmK0x0Vzcv?= =?utf-8?B?TW9EOXdjbHlsY3NETDFFK01UeEkrT1lWNGg4RU54dWcyZEI4T1ljaGJENFBy?= =?utf-8?B?YVdTRzY4aE5TNHpIV1Q2WTE0U0hiSkh2WDA5N3lJWTFXckZsMmpEUVFlTFZi?= =?utf-8?B?L2FTTU00Qi96K0FFYk9KdmlxZGJsUmR1ZlRUNUJ5cjgzbWdsbDhSbUhMNVc5?= =?utf-8?B?QXhTWThjZVc0TDJMNGdVYldCRHZ3cGZjMlF4Z3h5enMxYXZQYVV3YTZ1c05k?= =?utf-8?B?UjRYV2tGWHoySmFiaVlZY0I5YW5ZckluWFBOK3Y0QXNGQ2VBMGpSbjFqQXp5?= =?utf-8?B?MHZvOVFWcVBtMldHWEpxL3RZM3kwVWhzOFRHUkVtUU5oSndrZGxPZ0xmRXFS?= =?utf-8?B?c3EySHBUdFh0OGhKN0l1eThnRnFSYmFuSnEzRWZNUnNxTEEreUhGbnhMMDlh?= =?utf-8?B?UytmdnFEY3BwTk5JMm9od0Jhb0NjeVY3T2tFYk44S0dZUXNwWkJJWGNUTkdW?= =?utf-8?B?eXhxblZsbm1UcExVRXFUVjNoZEZVR2RxRFRvRFRML2ozcFBSZlk0Mk9EZFky?= =?utf-8?B?Ti9hSUc4WXJocFJFTmdFWStvMmZ2dFc2YlB2emd2cU92b1hIcFZFR0hhbExr?= =?utf-8?B?dEF5b1hGSW5FdXM3MGtiTnlRMFVBQ0lzY2J3RDBTY2E4T3VnSzFtL1ZjTENr?= =?utf-8?B?Z1hJTExXZ3E1bW0yQ1NPRTQ5cWk2WEx6TXlNRXNIRUJIL2E4NVZxRCtWWm5t?= =?utf-8?B?SlMvWmFUbUtPaG1mQmZjVmlOZUpiQ1pTZjVtcDlWbTdyR3hlMlEvL1BvMGlW?= =?utf-8?B?YVpEbFEzN1FtSFQ2MjR4dEV4OG1wenZiWklTZ1pHdWk3cnVpb3ptMU9tM1l3?= =?utf-8?B?UTJnbnFLeklSb2ErTDVwRENmckVsWW9FMURPb3hmbXFFbFFNYmFRNCtxbmJE?= =?utf-8?B?WmNIZ25JM2daVFlib1NRTk9Fc3ZNNzhYaEdKZFFDQUh0Zkg3dHJReXZHYzFX?= =?utf-8?B?OU9hd0l6RnltcU1DaytQWURCRUdseGxaNEJpVmpwOXdUalZ3SnRCb0V4OGpX?= =?utf-8?B?aFk2RkVnTDdWNmw4MlZLSjFCZmF4dFFMMy9waXB4aitCL1cvRjJ6REcvci95?= =?utf-8?B?ekZ3WUdlODQ4Q3JkNzUxV1BqcjkyWXN0OG15dmFQdUJMZzV6KzF2VmF4dGNW?= =?utf-8?B?anp1UW02alZtTys5NUpDR0FZTktRTzNZTGM2ZHpXTEFVSzBHaXVLSGlTZWs0?= =?utf-8?B?MjRZaHhOMEJ2OHg5QUdyZ25qSXFzUEtoeDM4VDRLMkpQc2VGQTdaZVFBWkRm?= =?utf-8?B?STBkYlFRb0hZVkM5Y2s1N2tXVkdkeEM5ZlE4Z2pUT0tEZ1hzdFhxaXhqU3BN?= =?utf-8?B?TmhoUmRWMWFSb3Z5NGZYQ2F4c0V2TUpqb2o4bDhDV0N1QlNkbnNXNmpSaXkw?= =?utf-8?B?MmVjc01sMUxZcmRCUmZoUUFVNHJlcm1pM1BrWUp1SnNhRTd3Q1dvWXZhbTVR?= =?utf-8?B?cEdJWkVpdSsvVVZva00zYTVyOWNRK0dZVEg3b0pzY1oyY3NZbDlEUjdZK1JM?= =?utf-8?B?YUg2QWl4c2FjYnAzOUo4ZG1NcS80QjRwT21sVmwxbWMvTStZNC9vQWRVeENN?= =?utf-8?B?RGFEY214WXZnZnZmdjFFU3Z2QzlDK2w3eUFLd2szRU4wWDJ1NTkydms4QWFa?= =?utf-8?B?OEZRQm56OEFpWksrbGlyWnE4emdJN1FmSG03OGJwazY2KzZaWlVUY3QzZEJj?= =?utf-8?B?bHgyT3JHNGNXYlNXYXRyUDlDU3RpVjBXU2xGWDl4MjNRd1c0cW9uR3FlcEFa?= =?utf-8?B?WlN4Z3VSSE5hTUtIdXFiOXNtclMwU0lGQitxYUk5TlFTYXdpeERxa2JPSS90?= =?utf-8?B?S1BOSXZtb0wzVHF4ck9DeXhVekM2Y2hWc0dOMlJVd3lzNlIyZkhMTGRMTlZV?= =?utf-8?Q?1ka6l1pUR1+R61nPgn?= Content-Type: text/plain; charset="utf-8" Content-ID: <52D41E071E84B248B1D191DE2341E682@eurprd04.prod.outlook.com> Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: 1seal.org X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DBBPR04MB7673.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ae07d74e-e08c-46ab-62d5-08de8b5d8138 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2026 17:31:24.8816 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: e701d992-0f02-433e-a019-4256abe96ea1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ywH+Vswa0UJTnkkFW37vOY0IyvCzcS2iWEZoSH9xLv7nrmk1mx/842duBic6rkGdtcZBG10lqWRulwuBDDtmfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DUZPR04MB9846 hci_store_wake_reason() is called from hci_event_packet() immediately after stripping the HCI event header but before hci_event_func() enforces the per-event minimum payload length from hci_ev_table. This means a short HCI event frame can reach bacpy() before any bounds check runs. Rather than duplicating skb parsing and per-event length checks inside hci_store_wake_reason(), move wake-address storage into the individual event handlers after their existing event-length validation has succeeded. Convert hci_store_wake_reason() into a small helper that only stores an already-validated bdaddr while the caller holds hci_dev_lock(). Use the same helper after hci_event_func() with a NULL address to preserve the existing unexpected-wake fallback semantics when no validated event handler records a wake address. Annotate the helper with __must_hold(&hdev->lock) and add lockdep_assert_held(&hdev->lock) so future call paths keep the lock contract explicit. Call the helper from hci_conn_request_evt(), hci_conn_complete_evt(), hci_sync_conn_complete_evt(), le_conn_complete_evt(), hci_le_adv_report_evt(), hci_le_ext_adv_report_evt(), hci_le_direct_adv_report_evt(), hci_le_pa_sync_established_evt(), and hci_le_past_received_evt(). Fixes: 2f20216c1d6f ("Bluetooth: Emit controller suspend and resume events") Cc: stable@vger.kernel.org Signed-off-by: Oleh Konko --- net/bluetooth/hci_event.c | 94 +++++++++++++++------------------------ 1 file changed, 35 insertions(+), 59 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 286529d2e554..81d2f9a3eec9 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -80,6 +80,10 @@ static void *hci_le_ev_skb_pull(struct hci_dev *hdev, st= ruct sk_buff *skb, return data; } =20 +static void hci_store_wake_reason(struct hci_dev *hdev, + const bdaddr_t *bdaddr, u8 addr_type) + __must_hold(&hdev->lock); + static u8 hci_cc_inquiry_cancel(struct hci_dev *hdev, void *data, struct sk_buff *skb) { @@ -3111,6 +3115,7 @@ static void hci_conn_complete_evt(struct hci_dev *hde= v, void *data, bt_dev_dbg(hdev, "status 0x%2.2x", status); =20 hci_dev_lock(hdev); + hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR); =20 /* Check for existing connection: * @@ -3274,6 +3279,10 @@ static void hci_conn_request_evt(struct hci_dev *hde= v, void *data, =20 bt_dev_dbg(hdev, "bdaddr %pMR type 0x%x", &ev->bdaddr, ev->link_type); =20 + hci_dev_lock(hdev); + hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR); + hci_dev_unlock(hdev); + /* Reject incoming connection from device with same BD ADDR against * CVE-2020-26555 */ @@ -5021,6 +5030,7 @@ static void hci_sync_conn_complete_evt(struct hci_dev= *hdev, void *data, bt_dev_dbg(hdev, "status 0x%2.2x", status); =20 hci_dev_lock(hdev); + hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR); =20 conn =3D hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr); if (!conn) { @@ -5713,6 +5723,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev= , u8 status, int err; =20 hci_dev_lock(hdev); + hci_store_wake_reason(hdev, bdaddr, bdaddr_type); =20 /* All controllers implicitly stop advertising in the event of a * connection, so ensure that the state bit is cleared. @@ -6005,6 +6016,7 @@ static void hci_le_past_received_evt(struct hci_dev *= hdev, void *data, bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); =20 hci_dev_lock(hdev); + hci_store_wake_reason(hdev, &ev->bdaddr, ev->bdaddr_type); =20 hci_dev_clear_flag(hdev, HCI_PA_SYNC); =20 @@ -6403,6 +6415,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hde= v, void *data, info->length + 1)) break; =20 + hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type); + if (info->length <=3D max_adv_len(hdev)) { rssi =3D info->data[info->length]; process_adv_report(hdev, info->type, &info->bdaddr, @@ -6491,6 +6505,8 @@ static void hci_le_ext_adv_report_evt(struct hci_dev = *hdev, void *data, info->length)) break; =20 + hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type); + evt_type =3D __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK; legacy_evt_type =3D ext_evt_type_to_legacy(hdev, evt_type); =20 @@ -6536,6 +6552,7 @@ static void hci_le_pa_sync_established_evt(struct hci= _dev *hdev, void *data, bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); =20 hci_dev_lock(hdev); + hci_store_wake_reason(hdev, &ev->bdaddr, ev->bdaddr_type); =20 hci_dev_clear_flag(hdev, HCI_PA_SYNC); =20 @@ -6834,6 +6851,8 @@ static void hci_le_direct_adv_report_evt(struct hci_d= ev *hdev, void *data, for (i =3D 0; i < ev->num; i++) { struct hci_ev_le_direct_adv_info *info =3D &ev->info[i]; =20 + hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type); + process_adv_report(hdev, info->type, &info->bdaddr, info->bdaddr_type, &info->direct_addr, info->direct_addr_type, HCI_ADV_PHY_1M, 0, @@ -7517,73 +7536,29 @@ static bool hci_get_cmd_complete(struct hci_dev *hd= ev, u16 opcode, return true; } =20 -static void hci_store_wake_reason(struct hci_dev *hdev, u8 event, - struct sk_buff *skb) +static void hci_store_wake_reason(struct hci_dev *hdev, + const bdaddr_t *bdaddr, u8 addr_type) + __must_hold(&hdev->lock) { - struct hci_ev_le_advertising_info *adv; - struct hci_ev_le_direct_adv_info *direct_adv; - struct hci_ev_le_ext_adv_info *ext_adv; - const struct hci_ev_conn_complete *conn_complete =3D (void *)skb->data; - const struct hci_ev_conn_request *conn_request =3D (void *)skb->data; - - hci_dev_lock(hdev); + lockdep_assert_held(&hdev->lock); =20 /* If we are currently suspended and this is the first BT event seen, * save the wake reason associated with the event. */ if (!hdev->suspended || hdev->wake_reason) - goto unlock; + return; + + if (!bdaddr) { + hdev->wake_reason =3D MGMT_WAKE_REASON_UNEXPECTED; + return; + } =20 /* Default to remote wake. Values for wake_reason are documented in the * Bluez mgmt api docs. */ hdev->wake_reason =3D MGMT_WAKE_REASON_REMOTE_WAKE; - - /* Once configured for remote wakeup, we should only wake up for - * reconnections. It's useful to see which device is waking us up so - * keep track of the bdaddr of the connection event that woke us up. - */ - if (event =3D=3D HCI_EV_CONN_REQUEST) { - bacpy(&hdev->wake_addr, &conn_request->bdaddr); - hdev->wake_addr_type =3D BDADDR_BREDR; - } else if (event =3D=3D HCI_EV_CONN_COMPLETE) { - bacpy(&hdev->wake_addr, &conn_complete->bdaddr); - hdev->wake_addr_type =3D BDADDR_BREDR; - } else if (event =3D=3D HCI_EV_LE_META) { - struct hci_ev_le_meta *le_ev =3D (void *)skb->data; - u8 subevent =3D le_ev->subevent; - u8 *ptr =3D &skb->data[sizeof(*le_ev)]; - u8 num_reports =3D *ptr; - - if ((subevent =3D=3D HCI_EV_LE_ADVERTISING_REPORT || - subevent =3D=3D HCI_EV_LE_DIRECT_ADV_REPORT || - subevent =3D=3D HCI_EV_LE_EXT_ADV_REPORT) && - num_reports) { - adv =3D (void *)(ptr + 1); - direct_adv =3D (void *)(ptr + 1); - ext_adv =3D (void *)(ptr + 1); - - switch (subevent) { - case HCI_EV_LE_ADVERTISING_REPORT: - bacpy(&hdev->wake_addr, &adv->bdaddr); - hdev->wake_addr_type =3D adv->bdaddr_type; - break; - case HCI_EV_LE_DIRECT_ADV_REPORT: - bacpy(&hdev->wake_addr, &direct_adv->bdaddr); - hdev->wake_addr_type =3D direct_adv->bdaddr_type; - break; - case HCI_EV_LE_EXT_ADV_REPORT: - bacpy(&hdev->wake_addr, &ext_adv->bdaddr); - hdev->wake_addr_type =3D ext_adv->bdaddr_type; - break; - } - } - } else { - hdev->wake_reason =3D MGMT_WAKE_REASON_UNEXPECTED; - } - -unlock: - hci_dev_unlock(hdev); + bacpy(&hdev->wake_addr, bdaddr); + hdev->wake_addr_type =3D addr_type; } =20 #define HCI_EV_VL(_op, _func, _min_len, _max_len) \ @@ -7830,14 +7805,15 @@ void hci_event_packet(struct hci_dev *hdev, struct = sk_buff *skb) =20 skb_pull(skb, HCI_EVENT_HDR_SIZE); =20 - /* Store wake reason if we're suspended */ - hci_store_wake_reason(hdev, event, skb); - bt_dev_dbg(hdev, "event 0x%2.2x", event); =20 hci_event_func(hdev, event, skb, &opcode, &status, &req_complete, &req_complete_skb); =20 + hci_dev_lock(hdev); + hci_store_wake_reason(hdev, NULL, 0); + hci_dev_unlock(hdev); + if (req_complete) { req_complete(hdev, status, opcode); } else if (req_complete_skb) { --=20 2.50.0