From patchwork Fri Aug 21 06:16:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sonny Sasaka X-Patchwork-Id: 11728201 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A260F739 for ; Fri, 21 Aug 2020 06:16:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 88860207DA for ; Fri, 21 Aug 2020 06:16:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="J67vyKvQ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725908AbgHUGQ7 (ORCPT ); Fri, 21 Aug 2020 02:16:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725268AbgHUGQ6 (ORCPT ); Fri, 21 Aug 2020 02:16:58 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A246DC061385 for ; Thu, 20 Aug 2020 23:16:58 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id mw10so380166pjb.2 for ; Thu, 20 Aug 2020 23:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DDwu5BrtHT0GUTjSCVzrISlqfRedLF7fjEJej4jrdw0=; b=J67vyKvQKaqoVBADWghS2x0hYbNL+miW3jRTs4563mo9NevCpvLYzrWuxL5zAPYPz0 XEgSH2G6rC6QGzYRLHgNQ0LFkkdx7mSUr5t52REDy/0VWWiRig3ow+9JZldOm6EA0whJ ydr5go4g14bLkCR/gJJ352iomAksNNDmw1UJg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DDwu5BrtHT0GUTjSCVzrISlqfRedLF7fjEJej4jrdw0=; b=CKlzqAVcbs6sT62/gE+Lnvs4TQYZu/apuPZ7JpeAwkWQg525LCZTK+dlhSPpllrqcM cAV8p/sj49U0N6f9wk/1dxOScF0brvvyfhgy7SnHhGZZd1/vHFJO0JsIDCtYHTzNDTZ2 kTK8+sQUhjhGLZodKxxtLkypYArMgdydWWNg5S0/ASM+qcCEOhLsElR45INgDQ4IaO8B Us+v2PiUuPq0+sJ0pq5IY5Xjm67yNMkvGx1aytZD6BC9s7mnrZlTtIH7nEDB32RaAVRs nhACksbUt1l1CM4s4bNr41Vw+xnB7mNY8epwJtCZsDaVGwt+zPkwBJiw1wK/TIghK6wL V5Kw== X-Gm-Message-State: AOAM5334JS1gE/GNwXbMil7UxYQKcQNKu+y7QK9laE1NMks88dBkZOrg DDHl/PR0tm5OMQnzQf+u2fnXD7v5RvTzmg== X-Google-Smtp-Source: ABdhPJz42FHgF+9Bli7lNnvQN69Wi60wbJ37qV2Pw9Xd++UNMA6KL+xYDuYauHUvRkev3trHCXTgIw== X-Received: by 2002:a17:902:fe0d:: with SMTP id g13mr1140105plj.287.1597990616558; Thu, 20 Aug 2020 23:16:56 -0700 (PDT) Received: from sonnysasaka-chrome.mtv.corp.google.com ([2620:15c:202:201:4a0f:cfff:fe66:e60c]) by smtp.gmail.com with ESMTPSA id h1sm927356pgs.77.2020.08.20.23.16.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Aug 2020 23:16:55 -0700 (PDT) From: Sonny Sasaka To: linux-bluetooth@vger.kernel.org Cc: Joseph Hwang Subject: [PATCH BlueZ 1/2] gatt: StartNotify is not allowed when device is disconnecting Date: Thu, 20 Aug 2020 23:16:42 -0700 Message-Id: <20200821061643.16278-1-sonnysasaka@chromium.org> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Joseph Hwang This patch fixed a bluetoothd crash in register_notify_cb(). The crash is incurred by an exception that under some situation, a characteristic may be freed when register_notify_cb() is invoked. When a device is disconnecting, the device interface would hold valid for a while until the disconnection procedure between the client and the server is completed. If another process happens to request to start notification of a characteristic on the disconnecting device, it may incur a problem. In this case, the client would still send the StartNotify request since the characteristic object is still valid. However, the characteristic may be freed soon and become invalid when the corresponding callback function is invoked later. This leads to the bluetoothd crash due to the segmentation fault. To handle the exception, if another process requests to start notification when the device is disconnecting, it should reject the request. Tested on Chrome OS that this patch fixes bluetoothd crash in register_notify_cb(). --- src/gatt-client.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/gatt-client.c b/src/gatt-client.c index 20c3fbec2..c706307c7 100644 --- a/src/gatt-client.c +++ b/src/gatt-client.c @@ -1545,6 +1545,12 @@ static DBusMessage *characteristic_start_notify(DBusConnection *conn, const char *sender = dbus_message_get_sender(msg); struct async_dbus_op *op; struct notify_client *client; + struct btd_device *device = chrc->service->client->device; + + if (device_is_disconnecting(device)) { + error("Device is disconnecting. StartNotify is not allowed."); + return btd_error_not_connected(msg); + } if (chrc->notify_io) return btd_error_not_permitted(msg, "Notify acquired"); From patchwork Fri Aug 21 06:16:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sonny Sasaka X-Patchwork-Id: 11728203 X-Patchwork-Delegate: luiz.dentz@gmail.com Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 44C4B739 for ; Fri, 21 Aug 2020 06:17:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 22B1921741 for ; Fri, 21 Aug 2020 06:17:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CX0npRCU" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726332AbgHUGRB (ORCPT ); Fri, 21 Aug 2020 02:17:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725268AbgHUGRA (ORCPT ); Fri, 21 Aug 2020 02:17:00 -0400 Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27A5DC061385 for ; Thu, 20 Aug 2020 23:17:00 -0700 (PDT) Received: by mail-pj1-x1041.google.com with SMTP id j13so376121pjd.4 for ; Thu, 20 Aug 2020 23:17:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=51rft0zd8lDE1RWSK7jDf9MZdT3wh7FXXkl7Ry3F10c=; b=CX0npRCU0PzecA4Px8UGqAWigN7MjREnLUFvogq/WcKTMyiSlyl9lr6y2H+thLXBMG wph736DPh8WGMxApMAfr6O5BSycP2LvkohTsL0as4yaxHjsRXSywatD8KOvcuTJg2TEj xNAL9b2JP2Kg7tAMngUimS11N2OR8tFlHsbX4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=51rft0zd8lDE1RWSK7jDf9MZdT3wh7FXXkl7Ry3F10c=; b=RcWQbV4vG56MieykIrXT3CFccts2SYCTdjrT7a1LqzuxL5QgzSrVVZG8u43jaegBSM gtPalSQgJBoEXHC53lNFapTwWKU3z6uGNoH+QCfRsKX5BOV1bqkbISA+6pI8UrcZf49v VjGs/5/tNfQPY1xVjMv1mUu+9a3KYj85Aq7YyR0c2lz1A0GK5XCD2AkYxFFFGtKbQcOg wv7B9AzNyEWVVqSkOKUM9qIKMB7x0SYTEe6vzRGf/28Y8EatVTHz2zipN3bC1txa1m8L ON+IdwDkrWjAIYQoiXLxKNpI6JjupXsuT/P0t4bhhUcZtJ905b7vMi9OlQi+7jy6732a WXCg== X-Gm-Message-State: AOAM532JPEYruXjiHXXdxleoHogxCAtphD7QgNCI4S8ZOghhFwBzipXg Sho8PRhlgjTED8kQLSwxzjn5uwFtaViw3g== X-Google-Smtp-Source: ABdhPJwLOE3yFWfFPUGWgU8bWD3qlm2BVz3nriWt7I4JaOe7U1pwhJXt0YxCRKB6u3nJlCdVpuRQSg== X-Received: by 2002:a17:902:7616:: with SMTP id k22mr1220002pll.25.1597990619465; Thu, 20 Aug 2020 23:16:59 -0700 (PDT) Received: from sonnysasaka-chrome.mtv.corp.google.com ([2620:15c:202:201:4a0f:cfff:fe66:e60c]) by smtp.gmail.com with ESMTPSA id h1sm927356pgs.77.2020.08.20.23.16.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Aug 2020 23:16:58 -0700 (PDT) From: Sonny Sasaka To: linux-bluetooth@vger.kernel.org Cc: Joseph Hwang Subject: [PATCH BlueZ 2/2] doc/gatt-api: Add new error for StartNotify Date: Thu, 20 Aug 2020 23:16:43 -0700 Message-Id: <20200821061643.16278-2-sonnysasaka@chromium.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200821061643.16278-1-sonnysasaka@chromium.org> References: <20200821061643.16278-1-sonnysasaka@chromium.org> MIME-Version: 1.0 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Joseph Hwang When a device is disconnecting, StartNotify is not allowed. This adds a new error type to the doc. --- doc/gatt-api.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/gatt-api.txt b/doc/gatt-api.txt index 98fe7487c..04789c6d3 100644 --- a/doc/gatt-api.txt +++ b/doc/gatt-api.txt @@ -186,6 +186,7 @@ Methods array{byte} ReadValue(dict options) Possible Errors: org.bluez.Error.Failed org.bluez.Error.NotPermitted org.bluez.Error.InProgress + org.bluez.Error.NotConnected org.bluez.Error.NotSupported void StopNotify()