From patchwork Mon Jun 8 22:01:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 11594079 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 25EC21667 for ; Mon, 8 Jun 2020 22:01:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0D9062074B for ; Mon, 8 Jun 2020 22:01:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y9/RbQYT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726814AbgFHWB6 (ORCPT ); Mon, 8 Jun 2020 18:01:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55876 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726723AbgFHWBz (ORCPT ); Mon, 8 Jun 2020 18:01:55 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A769FC08C5C2 for ; Mon, 8 Jun 2020 15:01:55 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id bh7so7183641plb.11 for ; Mon, 08 Jun 2020 15:01:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=SFwhvWeQNH04wTs4J/45GqFN3ZOCDGWRHJk/tXLr8Zc=; b=Y9/RbQYT32Rk+paK8iTo4VbBeTT63RlWaFTYFJyrhBys3cuwjSurgCaY44uLPsjNBJ WUyGmwsG2VRVVGpbvLJhCg+c3iAzdJB7WFiV52dUD2MP+YmuYO4RQnBODAeHJnH40jm+ js0r+AZ06bL1dll+TcI/hYc7OlT7kCSAC2PrxiFexnvFUgzUuPfv+dIInpD5bTDq6dJN NC+U//2ZVjRpgFtF8C4ETwO52AkOZZSRlnCK+27YBKUkjIiUw4rFG+igi7N+Id9leHlO HW4YS54UCSKmCq9RYdZleIKal0QrT3RxdOyLYnKQd3m8kwhqi6Z3va+UPN/Jljq3+tSb r1fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=SFwhvWeQNH04wTs4J/45GqFN3ZOCDGWRHJk/tXLr8Zc=; b=SrAS8hKDR6uLFfguZtHHTSxS6H9fdCP906+rPrLsYbLQHL+P0oFu47U3jl9/zgUtwj zWcraa8gUGnTN0+QflD6dbRqFuPEwilUHzE2H3qLuD1UdbGOguxMuaLwLLDOb5IqEeyA up8PH03Akgkt9Zuzg8s7j3UspvEcFZF6Ck5khHHWlUawxp3qXMoyFFDAlSJI8ICjkjDN MMduBRrOeCdgRyfKbzB6x2kWgdhlVO29Y+eGbiJ7mN0uLfcPOHUYzYZx6HjglJMoj/oS cCXRaNJH4NCzFbpNBmhy0BEoLONyAp5t2S8a0cV1f/kJmh9lp6KzrHj9oCiVQKHPDYbC 6rYg== X-Gm-Message-State: AOAM533O1l5UuBxP3UyNtmjb/I8XPIcLEe1RV2zvxqehyJ3A+GJDw/SW nbaHXuBGSqAyFUb4cxJJhjfhw76/ X-Google-Smtp-Source: ABdhPJxD+MhwfhFioNyzqZI8MGzht6QR7OvkL9Hx53UzJuuXmssvKJjlbdbAxOBuQntqdv9qu/umfQ== X-Received: by 2002:a17:902:b110:: with SMTP id q16mr666307plr.221.1591653714689; Mon, 08 Jun 2020 15:01:54 -0700 (PDT) Received: from localhost.localdomain (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id b140sm7870172pfb.119.2020.06.08.15.01.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 15:01:53 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 1/3] adapter: Do not remove client watch directly if discovery fails Date: Mon, 8 Jun 2020 15:01:51 -0700 Message-Id: <20200608220153.880790-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.25.3 MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz Client watch is used for both discovery and it filters so in case the client has set the later the watch shall be perserved. --- src/adapter.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/adapter.c b/src/adapter.c index 76acfea70..bf51b120b 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1651,7 +1651,6 @@ fail: if (client->msg) { reply = btd_error_busy(client->msg); g_dbus_send_message(dbus_conn, reply); - g_dbus_remove_watch(dbus_conn, client->watch); discovery_remove(client, false); return; } From patchwork Mon Jun 8 22:01:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 11594077 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CC83660D for ; Mon, 8 Jun 2020 22:01:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B27B12076A for ; Mon, 8 Jun 2020 22:01:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Clg5EOZw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726765AbgFHWB6 (ORCPT ); Mon, 8 Jun 2020 18:01:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726725AbgFHWB5 (ORCPT ); Mon, 8 Jun 2020 18:01:57 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2D8DC08C5C3 for ; Mon, 8 Jun 2020 15:01:56 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id y17so7188624plb.8 for ; Mon, 08 Jun 2020 15:01:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7Wu918VVQjfTfn4c+k4NFCZO3B0rpXcFmwElpmzGXWE=; b=Clg5EOZw/sUKlqPAoGq70bx4KRDPWU7OCjhaOBNqV0grBL7bA1h6d81L7nMHiai97i G/ICnkS5yGGAh8wFeoFAMdt4qUya9e1R0ZPQZFu8JEjgRN3pxmdx+oNy20/OI0NYR5t/ afX96KoMzA28zBEuPVnLQKdYLzv8olITAPtUavUp+gBYhfFq4EVgC4KIPYAxOL4SQqSC vAJDwHdyZRam82FLwFijvKMia8CvSyBU0jCsK0LPvppgRQmB6KGqLjZKiiTa9p+0d0Vz LfYb58y5LQAo/0quRcmsqSHV6fnaxHz5mTQrX27B8bBLk2FiFA82ytsBblsK/RU7eIwp HEog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7Wu918VVQjfTfn4c+k4NFCZO3B0rpXcFmwElpmzGXWE=; b=OC/8cLLSNzmUNSU8FimEwtAbpNLwg080boYajnfSdQcuNiI0yNn205g62V9SiOMFiK M9voc6kqZpt4HEgGTjClZh/yyZ37RpBTvIuciie/4jjTQwD0QlQliiy6A9ZO7uwwiRqX SFV51WbYyFfnasn9EF9xduRR+U8uNmN5vcns+LzVCp8cyYPcSRPrOOU8iy5Yxp+lBHOh azgfxx9+2eDiuiZOc5ziSeehdFi3QharT4T270Dr4kTEa54DsmIsAl2/SJXCdXgizLd7 xRAFmTveGxe9gTfEPLhnBJFnHe13o1F/t/DA8/3vJIb9jnPT7wv/aOZXLyfi0Be7L8RX O2Uw== X-Gm-Message-State: AOAM531IRq5fsvB7PxyG0l7D2KZVciO9YCJuO4segUWeY5GOl6bUTNfB ZO2I7O8fp6IgmR/3OmqYJ821Z0y1 X-Google-Smtp-Source: ABdhPJyIcXq/6udjn7oHvKlkZ06lKgh0EbAN8nWC+c/KRmXJbv5nP4ZtlIPNBjmQCJERHFBuQGQDzg== X-Received: by 2002:a17:902:9a4a:: with SMTP id x10mr673338plv.343.1591653715829; Mon, 08 Jun 2020 15:01:55 -0700 (PDT) Received: from localhost.localdomain (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id b140sm7870172pfb.119.2020.06.08.15.01.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 15:01:54 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 2/3] adapter: Consolitate code for discovery reply Date: Mon, 8 Jun 2020 15:01:52 -0700 Message-Id: <20200608220153.880790-2-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200608220153.880790-1-luiz.dentz@gmail.com> References: <20200608220153.880790-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This consolidate code that were used to reply discovery commands in a single function so it easier to reuse and maintain. --- src/adapter.c | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/src/adapter.c b/src/adapter.c index bf51b120b..c23c84175 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1584,13 +1584,30 @@ static void discovery_remove(struct watch_client *client, bool exit) static void trigger_start_discovery(struct btd_adapter *adapter, guint delay); +static void discovery_reply(struct watch_client *client, uint8_t status) +{ + DBusMessage *reply; + + if (!client->msg) + return; + + if (!status) { + g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); + } else { + reply = btd_error_busy(client->msg); + g_dbus_send_message(dbus_conn, reply); + } + + dbus_message_unref(client->msg); + client->msg = NULL; +} + static void start_discovery_complete(uint8_t status, uint16_t length, const void *param, void *user_data) { struct btd_adapter *adapter = user_data; struct watch_client *client; const struct mgmt_cp_start_discovery *rp = param; - DBusMessage *reply; DBG("status 0x%02x", status); @@ -1630,12 +1647,7 @@ static void start_discovery_complete(uint8_t status, uint16_t length, else adapter->filtered_discovery = false; - if (client->msg) { - g_dbus_send_reply(dbus_conn, client->msg, - DBUS_TYPE_INVALID); - dbus_message_unref(client->msg); - client->msg = NULL; - } + discovery_reply(client, status); if (adapter->discovering) return; @@ -1649,8 +1661,7 @@ static void start_discovery_complete(uint8_t status, uint16_t length, fail: /* Reply with an error if the first discovery has failed */ if (client->msg) { - reply = btd_error_busy(client->msg); - g_dbus_send_message(dbus_conn, reply); + discovery_reply(client, status); discovery_remove(client, false); return; } @@ -1917,23 +1928,13 @@ static void stop_discovery_complete(uint8_t status, uint16_t length, { struct watch_client *client = user_data; struct btd_adapter *adapter = client->adapter; - DBusMessage *reply; DBG("status 0x%02x", status); - if (status != MGMT_STATUS_SUCCESS) { - if (client->msg) { - reply = btd_error_busy(client->msg); - g_dbus_send_message(dbus_conn, reply); - } - goto done; - } + discovery_reply(client, status); - if (client->msg) { - g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID); - dbus_message_unref(client->msg); - client->msg = NULL; - } + if (status != MGMT_STATUS_SUCCESS) + goto done; adapter->discovery_type = 0x00; adapter->discovery_enable = 0x00; From patchwork Mon Jun 8 22:01:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 11594081 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 903771392 for ; Mon, 8 Jun 2020 22:01:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 73C272076C for ; Mon, 8 Jun 2020 22:01:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H5Ow6BFA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726820AbgFHWB7 (ORCPT ); Mon, 8 Jun 2020 18:01:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726794AbgFHWB6 (ORCPT ); Mon, 8 Jun 2020 18:01:58 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E665FC08C5C4 for ; Mon, 8 Jun 2020 15:01:57 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id d10so9372403pgn.4 for ; Mon, 08 Jun 2020 15:01:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=aCeukELY0ktEDa4JcWYXXOlSHj1N5l5OhM42CLYrj2I=; b=H5Ow6BFAmQ/m0mqI67xkgyLBWRlq5f+PtfHeGgJMZdtnOzSRarfqXFbqs7EVd64igw 0Sl5x3S8khCxTtgasSg4BVtKc6JUKT9M4+gaRdmAGTQWEj1TaEAXqDSOAR4HQ+pt6yCa DFXYTg1Grp/earOjmEdAZyCToWZDJX4TvE57d0JXFEIVS6ki7tePN1QlNtR5GlR6kEks nT5UoPdQnNiGF4naf9gM79RdZ1Is0ZYQuwjjC/2onZcWMaMJW2aOp7HlBzcZN7EpLBKP z++Y7/F5+9TxcZWmraWVbZPvgAv0sLIrUXgWftrxDuza3hD3H+56ncDl7CltaLjFM6MC pRHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aCeukELY0ktEDa4JcWYXXOlSHj1N5l5OhM42CLYrj2I=; b=iAJ7N5qugsEqjUjtV5NnXMBB9JGYotvR4aOHWwqb3h6mGW1CIgqG3Ro2+B4fcbVXj7 u5yof34PzwpNs0FCfXKVUhbo7lIvBVT/ZHVqlRh5494sybO+V9teoiU3Avljw1LASZS4 1TwAoWfevfZ7y/dd6OXrUAV0PICYQQvU9O6tBvF0xbo/GBct4NpIKI4OWRnzA1TgHskK pcmpw1jfsC6j9OSfQspm07KQ473srRMA5XOQzjxSAitQxHxAaadk7u1dVklHAYrobpTK 9lXM0IDH2Nrwfy9ZGN5p8GQ4tJekRo+/I9NTxsevGYD2mPN7N4MKr/f5itQQZ5n4e5eJ 3m7Q== X-Gm-Message-State: AOAM530T9iD5rlP6B+vAqfwKedav/fqZ3SfrQSODI6/7fc7eMZN25nFy 9Mb5t16L0MGOsh5B9AbxIW6UwlzD X-Google-Smtp-Source: ABdhPJyWenKks0tAY0mPFxkOVr9iKDuwtLrpOjX1HXtVv6jnLaBagC/mChCRkNycvvyq9ZRyoCXMDg== X-Received: by 2002:a05:6a00:1510:: with SMTP id q16mr21895979pfu.164.1591653717085; Mon, 08 Jun 2020 15:01:57 -0700 (PDT) Received: from localhost.localdomain (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id b140sm7870172pfb.119.2020.06.08.15.01.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 15:01:56 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 3/3] adapter: Fix possible crash when stopping discovery Date: Mon, 8 Jun 2020 15:01:53 -0700 Message-Id: <20200608220153.880790-3-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200608220153.880790-1-luiz.dentz@gmail.com> References: <20200608220153.880790-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz If the client disconnect/crash while MGMT_OP_STOP_DISCOVERY was pending it would possibly cause a crash as the client pointer is passed to mgmt_send and accessed in the callback after being freed. To fix this the adapter itself is now passed to the callback so the client is not accessed directly, instead the code now checks if discovery_list has not been cleared in the meantime and only then proceed to access the client pointer which is how MGMT_OP_START_DISCOVERY is handled. --- src/adapter.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/adapter.c b/src/adapter.c index c23c84175..64815ecd2 100644 --- a/src/adapter.c +++ b/src/adapter.c @@ -1926,11 +1926,19 @@ static bool set_discovery_discoverable(struct btd_adapter *adapter, bool enable) static void stop_discovery_complete(uint8_t status, uint16_t length, const void *param, void *user_data) { - struct watch_client *client = user_data; - struct btd_adapter *adapter = client->adapter; + struct btd_adapter *adapter = user_data; + struct watch_client *client; DBG("status 0x%02x", status); + /* Is there are no clients the discovery must have been stopped while + * discovery command was pending. + */ + if (!adapter->discovery_list) + return; + + client = adapter->discovery_list->data; + discovery_reply(client, status); if (status != MGMT_STATUS_SUCCESS)