CVE-2024-58238

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test

This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds.

Test procedure using bash script: <load btnxpuart.ko> hciconfig hci0 up //Enable Power Save feature hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done

Error log, after adding few more debug prints: Bluetooth: btnxpuartqueueskb(): 01 0A 20 01 00 Bluetooth: hci0: Set UART break: on, status=0 Bluetooth: hci0: btnxpuarttxwakeup() txwork scheduled Bluetooth: hci0: btnxpuarttx_work() dequeue: 01 0A 20 01 00 Can't set advertise mode on hci0: Connection timed out (110) Bluetooth: hci0: command 0x200a tx timeout

When the power save mechanism turns on UART break, and btnxpuarttxwork() is scheduled simultaneously, psdata->psstate is read as PSSTATE_AWAKE, which prevents the psdata->work from being scheduled, which is responsible to turn OFF UART break.

This issue is fixed by adding a pslock mutex around UART break on/off as well as around psstate read/write. btnxpuarttxwakeup() will now read updated psstate value. If psstate is PSSTATESLEEP, it will first schedule psdata->work, and then it will reschedule itself once UART break has been turned off and psstate is PSSTATE_AWAKE.

Tested above script for 50,000 iterations and TX timeout error was not observed anymore.