Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp149802ybh; Wed, 11 Mar 2020 22:56:16 -0700 (PDT) X-Google-Smtp-Source: ADFU+vs7oppfuNcg7jj0NonRRBMZ8j7urFNEEDq+wTNTfR4DDcbleY9yfb3bl0hTPDuA9qggYzrf X-Received: by 2002:a9d:4e94:: with SMTP id v20mr4813312otk.96.1583992576709; Wed, 11 Mar 2020 22:56:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583992576; cv=none; d=google.com; s=arc-20160816; b=LICh9rqls40/iqsSIbQfiTP51uuxbFs2DT7YioH+h0n+/mxjiqVtcYcUilEhCmYahi QQGw+3oBtgSjx9hfbX6YcS6nHpDpaNxnCg/FGgrnKdDc2iA+ldtfbk1YeZzfKpNB2t42 58UrDJ3Yo+O3SBCFG5cyszUjf16K79mXlwtht5fAvKtDLqZ0Z99qis/L+Q7pY4rhQuLq frwXVbImSA6GPEa8/rp0QKkTXdsvZJD6TCCPE7bfyPbCEuGaUAT3cQJYt+weHpgHO7QQ 0QsGhFq1UzC41sjBknNRVmLv3DPVd0dvP+6h/IfUQTqPBEpuFQF0t+uhyM5gjTRxs2nr ShQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=TfwPFQ5KgNL4/IvOXn65RQ44FclgLRwK239/9gWjlhc=; b=rP/KBsyEtXmDKrt2GbbUpLCfFi0MzRW9UezCEyed8csx6IfDHJbXbz0x0E1Umo7ede mVu0GV/udURNymT7nt8MN5wsUN8LEunlm5WJ72uBShN/ufijo0FGJ2Raxp3mp7gtteTO Kv17rCsp5JkxQPTaJITelgiZbl6kSy5N8UHCasS9D7xLnpjEklkyBSGGY6cXjNRGmjdF QZLNjz10QMXwJ62jHvSBnpU0/BG3Qv/KAr0ITagih5miN9+oFa/mUOiaer6uzPh4M6Ax dCFZ8LqzxwkiVXthHS9Hw0X3A3gG6bYzaIW8skFDHAwZFaLwMh0qDI2qo5gbzWsSAReM oFbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="ZWXYP6Z/"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e22si1213402oob.87.2020.03.11.22.55.48; Wed, 11 Mar 2020 22:56:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="ZWXYP6Z/"; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387810AbgCLFzq (ORCPT + 99 others); Thu, 12 Mar 2020 01:55:46 -0400 Received: from mail-pg1-f202.google.com ([209.85.215.202]:37914 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387677AbgCLFzq (ORCPT ); Thu, 12 Mar 2020 01:55:46 -0400 Received: by mail-pg1-f202.google.com with SMTP id x16so2807982pgg.5 for ; Wed, 11 Mar 2020 22:55:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=TfwPFQ5KgNL4/IvOXn65RQ44FclgLRwK239/9gWjlhc=; b=ZWXYP6Z/vHZDne32XGF30phJUxPhs5itsrIKZwao5E5Ex2j6LYj1x+TnlCTvZMssYp L/seG39CgI/AQSw9XZ5OmuB0NN89t3I3zRHFNLu0iej3eABbPn5TG0UAT/26WcRrhqjw i+NQFHAp/sMXGchot4XgzX3alPcekBuTynjF+bv6k8jh0Ba8e+X+jbHpd4FmVbc6P3Ou e4TNtKVwo1tBYHSWKUTadayOxZ9gHZPehz6p1ZQhz1U+Vcg+GTF4aKUEeGa0u6gJDPKK uEiFbAvkR9UkslTZkP1pFBy6eXarQYsy9zM0lpgmrrviwLw7IxO3AhapwQpY87HsEWPi cH5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=TfwPFQ5KgNL4/IvOXn65RQ44FclgLRwK239/9gWjlhc=; b=mGb3s1DGc2a7gpB2l3CLNbWuQZ7SJhZUfD6u2WQLFI/fAJC8wyifq4XOCZjHt8+QPU Mxi85+5s8eksEYS7RzR0o1xCCGD4kkh9huqRE3OQxE/wTX5LGr9MJWoeooBtAAJ2GY6y O0XIadyyMxIrVPRlaQiAe9pYkn0aBsQnY7iUViN/N8EsudpLzVMyKDQUmAdtkE/V837Z fpH8FYRjhh7cstyMJtJSGQjE4/C11gmCWobFTSLOcLLU7TFJLO+3VLI7w0j4QgH2BB58 xAwwB2RWad3nxMHDbyVXr6qeAN/Bk5dlQ7jlk8uS0YD0nKRbjt+Wrs9ZoQfoMxNQ9OhM hZcA== X-Gm-Message-State: ANhLgQ2LtUUvfck8BZbK1DNwAuJ2IgkyT/TvsO8LSA/8W7kjY+1mzH5z jGZ2y5ufxXu0pf4UifGGLsFiYMnbNBwuw0dXi02l9SI6njLAf9nx345Ee8AtWmbTxNfB5K52kU7 RTKquzd3U+5QUrINecjz1otPYFoQNhTaLpWKzqa/I8o28Izfdy495EeyXzNEjfnVjkbHLE4cjsn bp X-Received: by 2002:a17:90a:d14d:: with SMTP id t13mr2292515pjw.83.1583992542789; Wed, 11 Mar 2020 22:55:42 -0700 (PDT) Date: Thu, 12 Mar 2020 13:54:37 +0800 Message-Id: <20200312135409.Bluez.v1.1.I24708f815f78397d51e263f5c68fc47ec0b76acd@changeid> Mime-Version: 1.0 X-Mailer: git-send-email 2.25.1.481.gfbce0eb801-goog Subject: [Bluez PATCH v1] a2dp: Fix race when connecting and being connected at the same time From: Archie Pusaka To: linux-bluetooth , Luiz Augusto von Dentz Cc: Archie Pusaka Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Archie Pusaka There is a possibility where BlueZ initiate an A2DP connection just around the same time as the peripheral also initiate it. One scenario is the peripheral initiate the connection first, so confirm_cb() on /profiles/audio/a2dp.c is called. However, while we are waiting for the authentication step, BlueZ initiate a connection to the peripheral, therefore a2dp_sink_connect() is called, which from there a2dp_avdtp_get() is called. If this happens: When calling confirm_cb(), chan for the corresponding device is created. Then when calling a2dp_avdtp_get(), chan will be found as it is created in confirm_cb(), and the value of chan->io is not NULL. However, a NULL is supplied instead to create a new session and assigned to chan->session. Then when calling connect_cb(), chan->session will NOT be NULL, as it is assigned in a2dp_avdtp_get(). Nevertheless, chan->session is always assigned a new value. These cause failure in connection. Therefore, fixing this by supplying the value of chan->io inside a2dp_avdtp_get() (it's going to be NULL on the normal case so it is fine), and check whether chan->session already assigned inside connect_cb(). --- profiles/audio/a2dp.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/profiles/audio/a2dp.c b/profiles/audio/a2dp.c index e8262cdfe..a5590b24c 100644 --- a/profiles/audio/a2dp.c +++ b/profiles/audio/a2dp.c @@ -2118,7 +2118,7 @@ struct avdtp *a2dp_avdtp_get(struct btd_device *device) return NULL; found: - chan->session = avdtp_new(NULL, device, server->seps); + chan->session = avdtp_new(chan->io, device, server->seps); if (!chan->session) { channel_remove(chan); return NULL; @@ -2136,10 +2136,13 @@ static void connect_cb(GIOChannel *io, GError *err, gpointer user_data) goto fail; } - chan->session = avdtp_new(chan->io, chan->device, chan->server->seps); if (!chan->session) { - error("Unable to create AVDTP session"); - goto fail; + chan->session = avdtp_new(chan->io, chan->device, + chan->server->seps); + if (!chan->session) { + error("Unable to create AVDTP session"); + goto fail; + } } g_io_channel_unref(chan->io); -- 2.25.1.481.gfbce0eb801-goog