Our fleet has BalenaFin (CM3) devices where it has the latest balenaOS, version 2022.10.0. For these device, the syslog, it fills up with message kernel: Bluetooth: hci0: Malicious advertising data. Stopping processing due to Bluetooth: stop proccessing malicious adv data · torvalds/linux@3a56ef7 · GitHub. When will that next BalenaOS be released that has a newer kernel version that has the fix Bluetooth: refactor malicious adv data check · torvalds/linux@899663b · GitHub?
Hi,
I am checking with our OS team on the above query. Just for my understanding, the two commits you pointed to are fairly close in Nov,. 2021 timeframe and point v6.2rc1 tag - Do you see a reason for them to be not bundled under a single release?
They definitely were not bundled in the same release since the kernel message in the syslog
kernel: Bluetooth: hci0: Malicious advertising data. Stopping processing
was removed from the code in the second pull request.
Hi Ron, sorry for the delay in coming back to you.
balenOS 2022.10.0 is using the rpi-5.10.y branch for the raspberrypi kernel. The upstream maintainers have backported the commit that introduces the problem (Bluetooth: stop proccessing malicious adv data · raspberrypi/linux@ffc9019 · GitHub), but they have not backported the fix.
We are working on a Kirkstone update for the balena-raspberrypi repository that will update the kernel to 5.15. That branch does contain the patch that addressed this problem. However, this update is still undergoing validation.
As you are using an ESR, we could also backport that specific patch to the ESR branch and release a 2022.10.1 version to address this.
Would you rather wait for the kirkstone update, or do you need us to backport and release a new ESR version?
When are you expecting the kirkstone update to be completed and released?
Hi Ron, the kirkstone update PR is Update to kirkstone by alexgg · Pull Request #900 · balena-os/balena-raspberrypi · GitHub.
It currently passes tests for all device types in that repository except the balenaFin - we are looking into why that is.
Most of the team is on Xmas break - but this is one of the work in progress so I would expect it to be merged and released in a 2 weeks timeframe, although we can’t commit to it.
I saw that Update to kirkstone by alexgg · Pull Request #900 · balena-os/balena-raspberrypi · GitHub.was merged.
The message: kernel: Bluetooth: hci0: Malicious advertising data. Stopping processing
is still in balenaOS 2023.1.0 (Supervisor version14.4.8).
When do you expect this to be released?