Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT

Some controllers seems to generate HCI_EV_LE_DIRECT_ADV_REPORT even when
scan_filter is not set to 0x02 or 0x03, which indicates that local
privacy is enabled, causing them to be ignored thus breaking
auto-connect logic:

< HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7
        Type: Passive (0x00)
        Interval: 60.000 msec (0x0060)
        Window: 30.000 msec (0x0030)
        Own address type: Public (0x00)
        Filter policy: Ignore not in accept list (0x01)
...
> HCI Event: LE Meta Event (0x3e) plen 18
      LE Direct Advertising Report (0x0b)
        Num reports: 1
        Event type: Connectable directed - ADV_DIRECT_IND (0x01)
        Address type: Random (0x01)
        Address: XX:XX:XX:XX:XX:XX (Static)
        Direct address type: Random (0x01)
        Direct address: XX:XX:XX:XX:XX:XX (Non-Resolvable)
        RSSI: -54 dBm (0xca)

So this attempts to mitigate the above problem by skipping checking of
direct_addr if local privacy is not enabled.

Link: https://github.com/bluez/bluez/issues/1138
Fixes: e209e5ccc5ac ("Bluetooth: MGMT: Mark LL Privacy as stable")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 83990c975c1f609c5f428d6f354dd9c52466e4b0..1d8616f2e740ae0285a8b24648f1cf9078c93208 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6060,8 +6060,17 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
         * a LE Direct Advertising Report event. In that case it is
         * important to see if the address is matching the local
         * controller address.
+        *
+        * If local privacy is not enable the controller shall not be
+        * generating such event since according to its documentation it is only
+        * valid for filter_policy 0x02 and 0x03, but the fact that it did
+        * generate LE Direct Advertising Report means it is probably broken and
+        * won't generate any other event which can potentially break
+        * auto-connect logic so in case local privacy is not enable this
+        * ignores the direct_addr so it works as a regular report.
         */
-       if (!hci_dev_test_flag(hdev, HCI_MESH) && direct_addr) {
+       if (!hci_dev_test_flag(hdev, HCI_MESH) && direct_addr &&
+           hci_dev_test_flag(hdev, HCI_PRIVACY)) {
                direct_addr_type = ev_bdaddr_type(hdev, direct_addr_type,
                                                  &bdaddr_resolved);
 
@@ -6071,12 +6080,6 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
                if (!hci_bdaddr_is_rpa(direct_addr, direct_addr_type))
                        return;
 
-               /* If the controller is not using resolvable random
-                * addresses, then this report can be ignored.
-                */
-               if (!hci_dev_test_flag(hdev, HCI_PRIVACY))
-                       return;
-
                /* If the local IRK of the controller does not match
                 * with the resolvable random address provided, then
                 * this report can be ignored.