Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT

Vudentz · Vudentz · commit 3a7fdfb7d876 · 2025-03-25T15:22:32.000-04:00
Some controllers seems to generate HCI_EV_LE_DIRECT_ADV_REPORT even when scan_filter is not set to 0x02 or 0x03, which indicates that local privacy is enabled, causing them to be ignored thus breaking auto-connect logic: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Public (0x00) Filter policy: Ignore not in accept list (0x01) ... > HCI Event: LE Meta Event (0x3e) plen 18 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: XX:XX:XX:XX:XX:XX (Static) Direct address type: Random (0x01) Direct address: XX:XX:XX:XX:XX:XX (Non-Resolvable) RSSI: -54 dBm (0xca) So this attempts to mitigate the above problem by skipping checking of direct_addr if local privacy is not enabled. Link: bluez/bluez#1138 Fixes: e209e5c ("Bluetooth: MGMT: Mark LL Privacy as stable") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
@@ -6060,8 +6060,17 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
 	 * a LE Direct Advertising Report event. In that case it is
 	 * important to see if the address is matching the local
 	 * controller address.
+	 *
+	 * If local privacy is not enable the controller shall not be
+	 * generating such event since according to its documentation it is only
+	 * valid for filter_policy 0x02 and 0x03, but the fact that it did
+	 * generate LE Direct Advertising Report means it is probably broken and
+	 * won't generate any other event which can potentially break
+	 * auto-connect logic so in case local privacy is not enable this
+	 * ignores the direct_addr so it works as a regular report.
 	 */
-	if (!hci_dev_test_flag(hdev, HCI_MESH) && direct_addr) {
+	if (!hci_dev_test_flag(hdev, HCI_MESH) && direct_addr &&
+	    hci_dev_test_flag(hdev, HCI_PRIVACY)) {
 		direct_addr_type = ev_bdaddr_type(hdev, direct_addr_type,
 						  &bdaddr_resolved);
 
@@ -6071,12 +6080,6 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
 		if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
 			return;
 
-		/* If the controller is not using resolvable random
-		 * addresses, then this report can be ignored.
-		 */
-		if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
-			return;
-
 		/* If the local IRK of the controller does not match
 		 * with the resolvable random address provided, then
 		 * this report can be ignored.
