Skip to content

[backport v2.2] Bluetooth: controller: split: Validate chan map and hop value #23963

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 22, 2020
Merged

[backport v2.2] Bluetooth: controller: split: Validate chan map and hop value #23963

merged 1 commit into from
Apr 22, 2020

Conversation

cvinayak
Copy link
Contributor

Add validation of channel map and hop increment value
received in CONNECT_IND PDU.

Zero bit count leads to controller assert or divide-by-zero
fault.

Hop increment shall be between 5 and 16 by BT Specification.

Relates to #23705.

Signed-off-by: Vinayak Kariappa Chettimada [email protected]

erbr-ot
erbr-ot reviewed Apr 3, 2020
View reviewed changes
subsys/bluetooth/controller/ll_sw/ull_slave.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the compare '< 2' and not '< 1' ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4.5.8.1 Channel classification
The master’s, periodic advertiser’s, and isochronous broadcaster’s Link Layer
shall classify the RF channels in the general-purpose group into used channels
(used for transmitting data) and unused channels (not used for transmitting
data). This is called the channel map. The minimum number of used channels
shall be 2.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cvinayak The function "util ones_count_get" detects all bits, which will result in including 37 38 39 channels. When the channel map is equal to 0xE000000000, Zephyr will bypass the channel detection and use the broadcast channel for communication.

Should this be considered?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not cause any fatal error in the implementation. Do send a pull request to add the checks.

@cvinayak cvinayak force-pushed the github_chap_map_hop_v2.2_fix branch from d55ac93 to 5541fe9 Compare April 3, 2020 11:38
@cvinayak
Bluetooth: controller: split: Validate chan map and hop value
c264010 
Add validation of channel map and hop increment value
received in CONNECT_IND PDU.

Zero bit count leads to controller assert or divide-by-zero
fault.

Hop increment shall be between 5 and 16 by BT Specification.

Relates to zephyrproject-rtos#23705.

Signed-off-by: Vinayak Kariappa Chettimada <[email protected]>
@cvinayak cvinayak force-pushed the github_chap_map_hop_v2.2_fix branch from 5541fe9 to c264010 Compare April 3, 2020 12:15
@carlescufi carlescufi added this to the v2.2.1 milestone Apr 14, 2020
@jhedberg jhedberg merged commit 5255001 into zephyrproject-rtos:v2.2-branch Apr 22, 2020
@cvinayak cvinayak deleted the github_chap_map_hop_v2.2_fix branch March 1, 2021 00:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erbr-ot erbr-ot erbr-ot left review comments

@thoh-ot thoh-ot thoh-ot approved these changes

@carlescufi carlescufi Awaiting requested review from carlescufi carlescufi is a code owner

+1 more reviewer

@JiaDuo JiaDuo JiaDuo left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
area: Bluetooth
Projects
Backports
Status: Done
Milestone
v2.2.1
Development

Successfully merging this pull request may close these issues.
7 participants
@cvinayak @JiaDuo @thoh-ot @erbr-ot @jhedberg @carlescufi @zephyrbot