diff --git a/conf/include/vendor_pkg_versions.inc b/conf/include/vendor_pkg_versions.inc index 51d9efb..8eb2060 100644 --- a/conf/include/vendor_pkg_versions.inc +++ b/conf/include/vendor_pkg_versions.inc @@ -182,7 +182,7 @@ SRCREV_pn-wayland-default-egl = "1.18.0" # RDKV HAL component versions # RDKV HAL component versions of raspberrypi4 -SRCREV_pn-devicesettings-hal-raspberrypi4 = "1.0.4" +SRCREV_pn-devicesettings-hal-raspberrypi4 = "1.0.5" PV_pn-devicesettings-hal-raspberrypi4 = "2.0.0" PR_pn-devicesettings-hal-raspberrypi4 = "r0" PACKAGE_ARCH_pn-devicesettings-hal-raspberrypi4 = "${VENDOR_LAYER_EXTENSION}" diff --git a/recipes-kernel/android/android-raspberrypi_%.bbappend b/recipes-kernel/android/android-raspberrypi_%.bbappend index 0b5ca34..ab7b36f 100644 --- a/recipes-kernel/android/android-raspberrypi_%.bbappend +++ b/recipes-kernel/android/android-raspberrypi_%.bbappend @@ -4,6 +4,9 @@ SRC_URI_append_hybrid = " file://rdkv.cfg" SRC_URI_append_client = " file://rdkv.cfg" SRC_URI_append_ipclient = " file://rdkv.cfg" +# Fix for annoying HCI logs in console; only need to be patched in dunfell. Kirkstone already has this. +SRC_URI_append_dunfell = " file://Bluetooth-refactor-malicious-adv-data-check.patch" + do_deploy_append() { if [ "${@bb.utils.contains("DISTRO_FEATURES", "DOBBY_CONTAINERS", "yes", "no", d)}" = "yes" ]; then if [ -f "${DEPLOYDIR}/bootfiles/cmdline.txt" ]; then diff --git a/recipes-kernel/android/files/Bluetooth-refactor-malicious-adv-data-check.patch b/recipes-kernel/android/files/Bluetooth-refactor-malicious-adv-data-check.patch new file mode 100644 index 0000000..f0ac2a6 --- /dev/null +++ b/recipes-kernel/android/files/Bluetooth-refactor-malicious-adv-data-check.patch @@ -0,0 +1,48 @@ +From: Brian Gix +To: linux-bluetooth@vger.kernel.org +Cc: marcel@holtmann.org, paskripkin@gmail.com, + Brian Gix +Subject: [PATCH v2] Bluetooth: refactor malicious adv data check +Date: Wed, 24 Nov 2021 12:16:28 -0800 [thread overview] +Message-ID: <20211124201628.405647-1-brian.gix@intel.com> (raw) + +Check for out-of-bound read was being performed at the end of while +num_reports loop, and would fill journal with false positives. Added +check to beginning of loop processing so that it doesn't get checked +after ptr has been advanced. + +Signed-off-by: Brian Gix +--- + net/bluetooth/hci_event.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index efc5458b1345..dee4ef22fc88 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -5920,6 +5920,11 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) + struct hci_ev_le_advertising_info *ev = ptr; + s8 rssi; + ++ if (ptr > (void *)skb_tail_pointer(skb) - sizeof(*ev)) { ++ bt_dev_err(hdev, "Malicious advertising data."); ++ break; ++ } ++ + if (ev->length <= HCI_MAX_AD_LENGTH && + ev->data + ev->length <= skb_tail_pointer(skb)) { + rssi = ev->data[ev->length]; +@@ -5931,11 +5936,6 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) + } + + ptr += sizeof(*ev) + ev->length + 1; +- +- if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) { +- bt_dev_err(hdev, "Malicious advertising data. Stopping processing"); +- break; +- } + } + + hci_dev_unlock(hdev); +-- +2.31.1 diff --git a/recipes-kernel/android/files/rdkv.cfg b/recipes-kernel/android/files/rdkv.cfg index eecbcc1..bfafb75 100644 --- a/recipes-kernel/android/files/rdkv.cfg +++ b/recipes-kernel/android/files/rdkv.cfg @@ -1,2 +1,5 @@ CONFIG_CFG80211=m CONFIG_BRCMFMAC=m +CONFIG_BT_HIDP=y +CONFIG_UHID=y +CONFIG_INPUT_UINPUT=y