Bluetooth encryption request overrides ongoing phy update

[thoh-ot]

Describe the bug
It has been seen that a phone can initiate an LLCP encryption request while a PHY update procedure is waiting for it's instant to pass, triggering a design bug in the LLCP implementation where the assumption is that the encryption procedure and procedures with instant are mutually exclusive, which is not the case when the instant-based procedure is complete and waiting for it's instant to pass. The result is that the encryption procedure is never performed and the ACL connection is disconnected.

Expected behavior
Encryption requests works while PHY update is waiting for it's instant to pass.

Impact
When the phone does not receive a response on the LL_ENC_REQ it will trigger an LLCP timeout and disconnects the ACL connection (as it is supposed to do).

Environment (please complete the following information):

• v2.2

Additional context
Also looks like a problem in master.

[cvinayak]

BT Spec Version 5.2, Vol 6, Part B, Section 5.1.10 PHY Update Procedure

The procedure has completed when:
• an LL_REJECT_EXT_IND PDU has been sent or received;
• an LL_PHY_UPDATE_IND PDU indicating that neither PHY will change has
been sent or received; or
• the master sends an LL_PHY_UPDATE_IND PDU indicating that at least
one PHY will change and the instant has been reached. In this case, the
procedure response timeout shall be stopped on the master when it sends
that PDU and on the slave when it receives that PDU.

And Section 5 Link Layer Control:

The Termination procedure may be initiated at any time, even if any other Link
Layer control procedure is currently active. For all other Link Layer control
procedures, only one Link Layer control procedure shall be initiated in the Link
Layer at a time per connection per device. A new Link Layer control procedure
can be initiated only after a previous Link Layer control procedure has
completed. However, except where forbidden elsewhere in this section, a Link
Layer may initiate an LL control procedure while responding to a procedure
initiated by its peer device.

And Section 5.1.3.1 Encryption Start procedure

Before transmitting the LL_ENC_REQ PDU, the Link Layer of the master shall
finalize the sending of the current Data Physical Channel PDU and may finalize
the sending of additional Data Physical Channel PDUs queued in the
Controller. After these Data Physical Channel PDUs are acknowledged, until
this procedure is complete or specifies otherwise, the Link Layer of the master
shall only send Empty PDUs, LL_TERMINATE_IND PDUs, and PDUs required
by this procedure.

case 1: If there was a race between slave initiated PHY update and master initiated encryption procedure, then master shall delay the response (PHY_UPDATE_IND PDU) to until encryption procedure is complete.

case 2: If the slave initiated PHY update was responded with PHY_UPDATE_IND PDU, and there after master initiated an encryption procedure, then there is a bug that the conn->llcp_ack value is corrupted.

Can delaying the peer initiated encryption setup be a workaround? #28911

[github-actions]

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.