Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1155000ybb; Wed, 1 Apr 2020 17:07:09 -0700 (PDT) X-Google-Smtp-Source: APiQypKHVV398G0GPZaLDY43ElpkWgeS/TJn7gGYW1jqP/BT0AKFuWDyj4OzDg3IFAoayhbCZ5cj X-Received: by 2002:a05:6830:18e:: with SMTP id q14mr358806ota.136.1585786028912; Wed, 01 Apr 2020 17:07:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585786028; cv=none; d=google.com; s=arc-20160816; b=xufjMFw6XJmCxt/pUW7aRPQVDeRoFn/2TWjOdRQ6UTZHuX3nulETzm1yFL1iuBrV9l JkQZMZfbugTR43VOUPicxv9uMr+P8ynXJLT5lgsvSuVraw4AkBAoGtdUehLLYHsCUsPA RaXeDYM42MG2GQAFg7+FZK8rWEQk+qAk6K4c88nQq9a9ziw8EL+OPAIFH6LeXWJ0Prgd uDO0C5yA+cGIWdDqb8MfAu2iQ0gXdcufJtYYy0LpaURCajeylVLhs0MMHBVNX8cf0hd3 r2f2IGoQ5LM2Ric8ElgvKeRDvfQBPYfTxJMO/lKh5kjt6sx4INokCT1yDtJYRnRr6iV1 XmOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=QdEJKbrOE1NgYXU/mziBY0L7fiUebsVTAg903iZ3//g=; b=LtweVqs6YXycAj4gCATX5D7C2CKmy8U2Udc+nlrkUwZQL38kOJyod7VJCPVRxlvXT7 ZuqedtIoDreJkcYzYIgSRwKwIKXjHVOQLj9kHGLaZc8C9P6ihHhYFJ0lQL7kKhFIhjMT IrLABouVVMyAXqT8zCTyRCBCp/2rvC9AAkK6WEdRGzZvke0HCpHEYNwJL/pAi0wfrdJm /TtEvULkNFnjAQprfc5BblVOyVDjzH1mXnhFjUQn8w2Il5eA8Rz6f5HuO2SOtSBfV142 bAOA1jGwuZ9CmD0Fu5KbJurvtL/fEQ/pSywvWajm8yhgS/0Nywpw0VH+k7Lm7a1tRXqi SPmg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k201si1582955oib.94.2020.04.01.17.06.56; Wed, 01 Apr 2020 17:07:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733213AbgDBAEj (ORCPT + 99 others); Wed, 1 Apr 2020 20:04:39 -0400 Received: from mga12.intel.com ([192.55.52.136]:41450 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732872AbgDBAEj (ORCPT ); Wed, 1 Apr 2020 20:04:39 -0400 IronPort-SDR: 2Cf/TIpmtZ/V3AzqCgWFqex+vQaUnSBZFyosy9aDXyGFtIzerNG+XXIppoHMmmoZsp+ukLkYOQ StxcQuYxhYXw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2020 17:04:39 -0700 IronPort-SDR: KqWFm0igQnaTp00jZJ6eUlQX0lQK/5HB3PuuGG3QOlUUo8qpLdXcPqVdr27Gm7MSseLXPQMppq cpd/1jegIdvQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,333,1580803200"; d="scan'208";a="396168653" Received: from ingas-nuc1.sea.intel.com ([10.252.140.81]) by orsmga004.jf.intel.com with ESMTP; 01 Apr 2020 17:04:39 -0700 From: Inga Stotland To: linux-bluetooth@vger.kernel.org Cc: brian.gix@intel.com, Inga Stotland Subject: [PATCH BlueZ 2/2] mesh: Fix segfault related to idle config write Date: Wed, 1 Apr 2020 17:04:36 -0700 Message-Id: <20200402000436.23209-2-inga.stotland@intel.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200402000436.23209-1-inga.stotland@intel.com> References: <20200402000436.23209-1-inga.stotland@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org If node configuration is completely removed from the system, remove all pending writes to the configuration file. Fixes the segfault below: mesh/cfgmod-server.c:node_reset() Node Reset mesh/mesh-config-json.c:mesh_config_destroy() Delete node config /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000/0001 mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000 mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json.bak mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c Segmentation fault Program terminated with signal SIGSEGV, Segmentation fault. 0x0000563a35df2ed0 in ?? () 0x00007fd6b131689f in json_object_to_json_string_length (jso=jso@entry=0x563a35dd8d30, flags=flags@entry=2, --- mesh/mesh-config-json.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c index 172e0e355..97267b6c3 100644 --- a/mesh/mesh-config-json.c +++ b/mesh/mesh-config-json.c @@ -54,6 +54,7 @@ struct mesh_config { uint8_t uuid[16]; uint32_t write_seq; struct timeval write_time; + struct l_queue *idles; }; struct write_info { @@ -1677,6 +1678,7 @@ static struct mesh_config *create_config(const char *cfg_path, memcpy(cfg->uuid, uuid, 16); cfg->node_dir_path = l_strdup(cfg_path); cfg->write_seq = node->seq_number; + cfg->idles = l_queue_new(); gettimeofday(&cfg->write_time, NULL); return cfg; @@ -2104,6 +2106,7 @@ static bool load_node(const char *fname, const uint8_t uuid[16], memcpy(cfg->uuid, uuid, 16); cfg->node_dir_path = l_strdup(fname); cfg->write_seq = node.seq_number; + cfg->idles = l_queue_new(); gettimeofday(&cfg->write_time, NULL); result = cb(&node, uuid, cfg, user_data); @@ -2130,17 +2133,26 @@ done: return result; } +static void release_idle(void *data) +{ + struct l_idle *idle = data; + + l_idle_remove(idle); +} + void mesh_config_release(struct mesh_config *cfg) { if (!cfg) return; + l_queue_destroy(cfg->idles, release_idle); + l_free(cfg->node_dir_path); json_object_put(cfg->jnode); l_free(cfg); } -static void idle_save_config(void *user_data) +static void idle_save_config(struct l_idle *idle, void *user_data) { struct write_info *info = user_data; char *fname_tmp, *fname_bak, *fname_cfg; @@ -2169,6 +2181,11 @@ static void idle_save_config(void *user_data) if (info->cb) info->cb(info->user_data, result); + if (idle) { + l_queue_remove(info->cfg->idles, idle); + l_idle_remove(idle); + } + l_free(info); } @@ -2186,10 +2203,14 @@ bool mesh_config_save(struct mesh_config *cfg, bool no_wait, info->cb = cb; info->user_data = user_data; - if (no_wait) - idle_save_config(info); - else - l_idle_oneshot(idle_save_config, info, NULL); + if (no_wait) { + idle_save_config(NULL, info); + } else { + struct l_idle *idle; + + idle = l_idle_create(idle_save_config, info, NULL); + l_queue_push_tail(cfg->idles, idle); + } return true; } -- 2.21.1