Commit eb73b5a9 authored Apr 01, 2025 by Luiz Augusto von Dentz

Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address

This fixes sending MGMT_EV_DEVICE_FOUND for invalid address
(00:00:00:00:00:00) which is a regression introduced by
a2ec905d ("Bluetooth: fix kernel oops in store_pending_adv_report")
since in the attempt to skip storing data for extended advertisement it
actually made the code to skip the entire if statement supposed to send
MGMT_EV_DEVICE_FOUND without attempting to use the last_addr_adv which
is garanteed to be invalid for extended advertisement since we never
store anything on it.

Link: https://github.com/bluez/bluez/issues/1157
Link: https://github.com/bluez/bluez/issues/1149#issuecomment-2767215658


Fixes: a2ec905d ("Bluetooth: fix kernel oops in store_pending_adv_report")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

parent eaa517b7

net/bluetooth/hci_event.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -6160,11 +6160,12 @@ static void process_adv_report(struct hci_dev hdev, u8 type, bdaddr_t bdaddr,
		* event or send an immediate device found event if the data
		* should not be stored for later.
		*/
		if (!ext_adv && !has_pending_adv_report(hdev)) {
		if (!has_pending_adv_report(hdev)) {
		/* If the report will trigger a SCAN_REQ store it for
		* later merging.
		*/
		if (type == LE_ADV_IND \|\| type == LE_ADV_SCAN_IND) {
		if (!ext_adv && (type == LE_ADV_IND \|\|
		type == LE_ADV_SCAN_IND)) {
		store_pending_adv_report(hdev, bdaddr, bdaddr_type,
		rssi, flags, data, len);
		return;