Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 77a3afc9 authored by Hsin-chen Chuang's avatar Hsin-chen Chuang
Browse files

BTM: RNR: Validate page scan repetition mode before send out a request 

An invalid parameter would cause bta_dm_device_search get stuck in the
BTA_DM_SEARCH_CANCELLING state.

Bug: 339945771
Bug: 344520866
Tag: #floss
Test: mmm packages/modules/Bluetooth
Test: bluetooth_AdapterQuickHealth.AVL.all_floss
Change-Id: I2978ea591bb7db791174a15dd79c44b3de1532fd
parent 43b58986

system/stack/btm/btm_inq.cc

+13 −3
Original line number Diff line number Diff line
@@ -1891,9 +1891,19 @@ tBTM_STATUS btm_initiate_rem_name(const RawAddress& remote_bda, 
          clock_offset = clock_offset_in_cfg;

        }

      }

      bluetooth::shim::ACL_RemoteNameRequest(

          remote_bda, p_cur->results.page_scan_rep_mode,

          p_cur->results.page_scan_mode, clock_offset);

      uint8_t page_scan_rep_mode = p_cur->results.page_scan_rep_mode;

      if (com::android::bluetooth::flags::

              rnr_validate_page_scan_repetition_mode() &&

          page_scan_rep_mode >= HCI_PAGE_SCAN_REP_MODE_RESERVED_START) {

        log::info(

            "Invalid page scan repetition mode {} from remote_bda:{}, "

            "fallback to R1",

            page_scan_rep_mode, remote_bda);

        page_scan_rep_mode = HCI_PAGE_SCAN_REP_MODE_R1;

      }

      bluetooth::shim::ACL_RemoteNameRequest(remote_bda, page_scan_rep_mode,

                                             p_cur->results.page_scan_mode,

                                             clock_offset);

    } else {

      uint16_t clock_offset = 0;

      int clock_offset_in_cfg = 0;

system/stack/include/hcidefs.h

+1 −0
Original line number Diff line number Diff line
@@ -708,6 +708,7 @@ typedef enum : uint16_t { 


/* Page scan period modes */

#define HCI_PAGE_SCAN_REP_MODE_R1 0x01

#define HCI_PAGE_SCAN_REP_MODE_RESERVED_START 0x03



/* Page scan modes */

#define HCI_MANDATARY_PAGE_SCAN_MODE 0x00