Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp530196ybc; Tue, 12 Nov 2019 05:27:34 -0800 (PST) X-Google-Smtp-Source: APXvYqwOL7MRS6TL111Tm2aoQto6NRG9szrhhOf3lZuJiFTyP8rjXmnns+Nvl90fgJHu1W5vOQFw X-Received: by 2002:a17:906:134c:: with SMTP id x12mr29095249ejb.269.1573565254605; Tue, 12 Nov 2019 05:27:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573565254; cv=none; d=google.com; s=arc-20160816; b=KpDPNbezsgS5y8vljunz0i8OW8n122UaDQhb5df13LhiWcwJkU+eVu/tl7NT+uWIVb /rO25H7INHSJuN9rwnH4pHwhA2tpyLpLCjYoUmsoV0h87xqENaSm2aqM4Lu96MCb0g5y H0FJLBBBIePCC2Gif/zrLsSainENGj//DwfDIAgfDtLfI4AUQd3oW5a+yCjYm/fRmrnr 8FEw7BMtsCjTy0za5LIJaXozGRc+jlqeXVQFn0sbn6TzV9+060jE2tCYsw2piFxu4VQN +pvtXd69dzcS0wJO6S5DXBNlqc1+rh4bz/42aDw94XPvjMYJ0guGouvlkG57JQeHd3Fo alwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Rr4P0MnGa5jxj3NEZPm/k9oyCAG7d4ZUDtLWVxZhj+w=; b=rLEk4mxwTZnvfKbhWnzz21axwMFXy4NrNBOmnMCCJHv9tBEKaSQtfl1WBuURNRzdkX xtEm9qGK3k2x/UNNQSbQD14vYhA26BOEqYli43ahAe8BxPidRXBtDYOe9s4lKYPfbBs9 8wqf8ept0RMsUkJmh7r/5nopSS0dv7Uu5ETVD3/UEysVUkLBYfAJfIhmI7Jk/NF6WLxG neKVeLKJ0WvYC9SPtqYpRvUM/hswthG17y8LAEarthG349iNj2epmhaaKB2C68i75gqJ 82LXCdeH9ecpy4CfBdzyKwu+XyAivSp9cXlw0cq0lOUMrkir7yul7Eg5MlnexldxlDIM 5zkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=d6CWRR5C; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g15si14139747edl.95.2019.11.12.05.27.01; Tue, 12 Nov 2019 05:27:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=d6CWRR5C; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727047AbfKLN05 (ORCPT + 99 others); Tue, 12 Nov 2019 08:26:57 -0500 Received: from mail-oi1-f193.google.com ([209.85.167.193]:43957 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727012AbfKLN05 (ORCPT ); Tue, 12 Nov 2019 08:26:57 -0500 Received: by mail-oi1-f193.google.com with SMTP id l20so14717646oie.10 for ; Tue, 12 Nov 2019 05:26:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Rr4P0MnGa5jxj3NEZPm/k9oyCAG7d4ZUDtLWVxZhj+w=; b=d6CWRR5CYdiVfMO4fmPQj00z43EKM893TJ5BTtqMsPY/sF1vO42XDOqu94MNML0TZg e2EFb3NfuZxYSBgcVzn4i0nc2cff3+2HLbcKIrOKsXDoSQb8g1Ro/mqE+hycclVmk2Ck whGhx3b3oWoC4QbDD/X+H4QX3Vmg1aLiLVi9jm9u+DsENQlvbH1VMhuVs5ZIPWa6YCUj U9sCdwbNbhTq05WNG5281Zr4NWFIoc9TIdCkcyTR16IaycnBijUVF8052r/flhOFQu+g iJ6sLe0TkYwUAbN+vym0odzlUpAlA64QkM+2xbWBA9AXbNWshnh/ysg78U2IICC0T6hG I+Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Rr4P0MnGa5jxj3NEZPm/k9oyCAG7d4ZUDtLWVxZhj+w=; b=jmLeA2jC6saR/WvigTMeCfcWtAD0nlhZ/HMabgDfwbNoLzcEyGag4bqSm4oarwwVwv ep3kk6xQ7u0Dt9I0xSRDOggBg4HqkW0jkd5tfePNmMRNy7UhLo+SZesBQ7PXavi4rtN+ ClSctdsAYbx1yFLA88Cx93ZzeQUjB3jFdhv2e2ALyYCGx0Np7m/oFRdN/dEHVD/sQhYm zxM9yep9ktn5eOlfBPOQzE9Pmv+gSOFTnpwcu84d4gSK4gnAbGEAfilfCd0XdJ2fvXvO 0wXMUGC82fKs4Q5o9G9EARBvq7H93EAn7EClbw3JJ5bxALcu2VB4MKyLImc7f/AILuoF MrpQ== X-Gm-Message-State: APjAAAU0G9jPNBALEpGwtr11lUgYy9PX2TEYkAB/AlwN6CCIt4QEUNTj C9lhR23bQyd1M7F6xkol8lNePA9AALgL9iNZYWE= X-Received: by 2002:aca:da06:: with SMTP id r6mr3977498oig.82.1573565216086; Tue, 12 Nov 2019 05:26:56 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Luiz Augusto von Dentz Date: Tue, 12 Nov 2019 15:26:43 +0200 Message-ID: Subject: Re: [PATCH BlueZ 1/2] core/advertising: Fix crash when unregistering advertisement too fast To: Simon Mikuda Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Simon, On Tue, Nov 12, 2019 at 3:13 PM Simon Mikuda wrote: > > When advertisement is unregistered during MGMT_OP_ADD_ADVERTISING it will > crash in add_adv_callback because struct btd_adv_client no longer exist. > > This is seen also in debug log from bluetoothd: > bluetoothd[29698]: src/advertising.c:register_advertisement() > RegisterAdvertisement > bluetoothd[29698]: src/advertising.c:client_create() Adding proxy for > /org/bluez/example/advertisement0 > bluetoothd[29698]: src/advertising.c:register_advertisement() Registered > advertisement at path /org/bluez/example/advertisement0 > bluetoothd[29698]: src/advertising.c:parse_service_uuids() Adding > ServiceUUID: 180D > bluetoothd[29698]: src/advertising.c:parse_service_uuids() Adding > ServiceUUID: 180F > bluetoothd[29698]: src/advertising.c:parse_manufacturer_data() Adding > ManufacturerData for ffff > bluetoothd[29698]: src/advertising.c:parse_service_data() Adding > ServiceData for 9999 > bluetoothd[29698]: src/advertising.c:parse_data() Adding Data for type > 0x26 len 3 > bluetoothd[29698]: src/advertising.c:refresh_adv() Refreshing > advertisement: /org/bluez/example/advertisement0 > bluetoothd[29698]: src/advertising.c:unregister_advertisement() > UnregisterAdvertisement > bluetoothd[29698]: src/advertising.c:add_adv_callback() Advertisement > registered: =EF=BF=BD > Segmentation fault (core dumped) > > Signed-off-by: Simon Mikuda > --- > src/advertising.c | 34 ++++++++++++++++++++++++++-------- > 1 file changed, 26 insertions(+), 8 deletions(-) > > diff --git a/src/advertising.c b/src/advertising.c > index 3ed1376..f53c14c 100644 > --- a/src/advertising.c > +++ b/src/advertising.c > @@ -73,6 +73,7 @@ struct btd_adv_client { > uint16_t discoverable_to; > unsigned int to_id; > unsigned int disc_to_id; > + unsigned int add_adv_id; > GDBusClient *client; > GDBusProxy *proxy; > DBusMessage *reg; > @@ -117,6 +118,15 @@ static void client_free(void *data) > g_dbus_client_unref(client->client); > } > + if (client->reg) { > + g_dbus_send_message(btd_get_dbus_connection(), > + dbus_message_new_method_return(client->reg)); > + dbus_message_unref(client->reg); > + } > + > + if (client->add_adv_id) > + mgmt_cancel(client->manager->mgmt, client->add_adv_id); > + > if (client->instance) > util_clear_uid(&client->manager->instance_bitmap, > client->instance); > @@ -765,7 +775,8 @@ static uint8_t *generate_scan_rsp(struct > btd_adv_client *client, > return bt_ad_generate(client->scan, len); > } > -static int refresh_adv(struct btd_adv_client *client, > mgmt_request_func_t func) > +static int refresh_adv(struct btd_adv_client *client, > mgmt_request_func_t func, > + unsigned int *mgmt_id) > { > struct mgmt_cp_add_advertising *cp; > uint8_t param_len; > @@ -774,6 +785,7 @@ static int refresh_adv(struct btd_adv_client > *client, mgmt_request_func_t func) > uint8_t *scan_rsp; > size_t scan_rsp_len =3D -1; > uint32_t flags =3D 0; > + unsigned int mgmt_ret; > DBG("Refreshing advertisement: %s", client->path); > @@ -822,13 +834,17 @@ static int refresh_adv(struct btd_adv_client > *client, mgmt_request_func_t func) > free(adv_data); > free(scan_rsp); > - if (!mgmt_send(client->manager->mgmt, MGMT_OP_ADD_ADVERTISING, > - client->manager->mgmt_index, param_len, cp, > - func, client, NULL)) { > + mgmt_ret =3D mgmt_send(client->manager->mgmt, MGMT_OP_ADD_ADVERTISING, > + client->manager->mgmt_index, param_len, cp, > + func, client, NULL); > + > + if (!mgmt_ret) { > error("Failed to add Advertising Data"); > free(cp); > return -EINVAL; > } > + if (mgmt_id) > + *mgmt_id =3D mgmt_ret; > free(cp); > @@ -845,7 +861,7 @@ static gboolean client_discoverable_timeout(void > *user_data) > bt_ad_clear_flags(client->data); > - refresh_adv(client, NULL); > + refresh_adv(client, NULL, NULL); > return FALSE; > } > @@ -948,7 +964,7 @@ static void properties_changed(GDBusProxy *proxy, > const char *name, > continue; > if (parser->func(iter, client)) { > - refresh_adv(client, NULL); > + refresh_adv(client, NULL, NULL); > break; > } > } > @@ -980,6 +996,8 @@ static void add_adv_callback(uint8_t status, > uint16_t length, > struct btd_adv_client *client =3D user_data; > const struct mgmt_rp_add_advertising *rp =3D param; > + client->add_adv_id =3D 0; > + > if (status) > goto done; > @@ -1059,7 +1077,7 @@ static DBusMessage *parse_advertisement(struct > btd_adv_client *client) > goto fail; > } > - err =3D refresh_adv(client, add_adv_callback); > + err =3D refresh_adv(client, add_adv_callback, &client->add_adv_id); > if (!err) > return NULL; > @@ -1449,7 +1467,7 @@ void btd_adv_manager_destroy(struct > btd_adv_manager *manager) > static void manager_refresh(void *data, void *user_data) > { > - refresh_adv(data, user_data); > + refresh_adv(data, user_data, NULL); > } > void btd_adv_manager_refresh(struct btd_adv_manager *manager) > > -- > 2.7.4 Looks like this patch is mangled, there is no leading tabs for indentation, etc, check out our HACKING document it contain instruction on how to produce valid patches: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/HACKING#n95 Sometimes this happens with certain mail server, but you can always submit the patches with the likes of gmail since for git it doesn't matter how you submit it since it only cares the author entry we should be preserved regardless of the mail server you have used. --=20 Luiz Augusto von Dentz