Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6225054rwb; Mon, 14 Nov 2022 16:41:02 -0800 (PST) X-Google-Smtp-Source: AA0mqf6V4srx3Rk9LjwDrxfNFS4RgyumIkfy9+Uq6imPlfK3tqnV+Fw8ZK/MpxLr8PqrnZXj+zrw X-Received: by 2002:a17:906:b08:b0:7ad:79c0:4669 with SMTP id u8-20020a1709060b0800b007ad79c04669mr12049919ejg.395.1668472862197; Mon, 14 Nov 2022 16:41:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668472862; cv=none; d=google.com; s=arc-20160816; b=P9BG/kXlFbOAHS/3Bgy8UND5uX82RfXO7pvMgt9LOrwYRf/phAGHvX4zI41HQbCRiw Z86HxN+WNyE51PZlCjYo0G8gnJGZdPNdJ2QGP6I9lykudaWoq8RrrU2WSEawgJmx2UR0 hPwOag8DId479IQncTodQ6QCnHbluYSOaRTo2x9XnueriUohyZ6RVLW8gNHTLu8H9jee zSInY7cQs0E8kuNdi7H521qCvw7yXRODW2Dor0l/BKN0axZnvsWg8rtc+vqiS313Ozke 9malPGOqzbb+LEuZ08xN5tqMb9rcNMYgCKrboA+q8hYfPlFsQR3TcqFa3Sy0tg+YOnwO HfGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=YrZksNtxMwN8zKibp2Oab3a3oHg6YCF87gJfDncnNok=; b=nuMRx0A2v8Ogt6wMXPVTYIqzOkxv6MS3KhzKhEY7EnuYS9EvJqIPQT5NwM8O2tbZ0a /0/tQkfRKHLCDYKGHYALk8FcTmi7WdjV7LUWbATJPDW6uUNjDstx7Zf7EXv9cCXLNMwL byq2MK7R94wfPrFb8LnaCEgBl6qrZLoiEcCSD0SMJC7fhIj0koCbvgWGVpQ8kIGcOSFx vO4YMvR1a9QFf4X4frfN/l4sSiVe7EkQPACD5/DT2kyyJk05496dt8rLbaCHEQVmgJe9 55oeB+4XW/pFRUjqwhD0SyvEsqw2yGQiWxuYG5m0LDr5oi85YMbfPDQR7aGu7mLx2OGa U2Yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BzDIGm7+; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gn16-20020a1709070d1000b007ae4717bef9si2131772ejc.733.2022.11.14.16.40.32; Mon, 14 Nov 2022 16:41:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=BzDIGm7+; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231750AbiKOAan (ORCPT + 99 others); Mon, 14 Nov 2022 19:30:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37724 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229484AbiKOAam (ORCPT ); Mon, 14 Nov 2022 19:30:42 -0500 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99176D11D for ; Mon, 14 Nov 2022 16:30:41 -0800 (PST) Received: by mail-pg1-x529.google.com with SMTP id o13so11752091pgu.7 for ; Mon, 14 Nov 2022 16:30:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=YrZksNtxMwN8zKibp2Oab3a3oHg6YCF87gJfDncnNok=; b=BzDIGm7+HtGWrFW4lhVXwmuOUURhPY0eUc2jwnoctQimeQdj4NmmNcT+lR/dYI4/ei 7prx9L3hlRBxvfswPpg3I2HGPy+pnSgBu6XdQFfZu5j5LMj+CO0SeJfdeH+zHDaQNoZw Ttn6qnUM4au1CXZX4y1ZziAdqci0DW1hNT0RFs+EQEwhaGnEN4ejh+ZlGW+gTyZpuUYI Tm8+QSOUgtkraWUPFdmaWVIzlcdZI6Qj/W71usHqGURc+EjLN9MEAjVdJG/FtS7IyZDE Zee0zFUheelz1f9JG5lo/qhxkPHxV8N5UOAdCBi4l4ix5bqBwnoIONE0fcvPEKSQelhV ojJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YrZksNtxMwN8zKibp2Oab3a3oHg6YCF87gJfDncnNok=; b=xbL9yXOZsBNcmRc483aeF9QaNOaVbtomkpe6d6BkHsKMT5o4Ccu/ekRlmMepNofp+3 YjTDV6rV1wv5lrsxpDPmD5kDXTMCKQhcxsjxEm8nSHr+12JPmG0DHNrBCNbZnju2cE07 prhmEKu93fwcJnAfzWMn64KMFyVO5sj8b6axIZjVkoqdl73JRk+0iad8mKmHcmok7KGt zG62mIOXCiaZgzySu+Pcoi2CQHwsFUb+Or+YAnGgfBrymPGA/9fkjgCXFIp995GexHZK S8sLNrAXQ6ze9wXx7T7taN7OJgCp2011mq1wv0NbPARODX2flebSeUcRg9EiwHLokkOz N1uQ== X-Gm-Message-State: ANoB5pkAnByUVW3vebDkf1qigIXiaageOxXQmhnhXYFF9VMnJnCNbO4W f7/X3G+DK5KovIbDBsCg47fdm/CS97I= X-Received: by 2002:a63:6686:0:b0:44c:bfe:9b1c with SMTP id a128-20020a636686000000b0044c0bfe9b1cmr13722585pgc.103.1668472240450; Mon, 14 Nov 2022 16:30:40 -0800 (PST) Received: from lvondent-mobl4.. (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id h3-20020a17090a3d0300b0020a28156e11sm10307888pjc.26.2022.11.14.16.30.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Nov 2022 16:30:39 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ 1/6] monitor/att: Fix not dequeing att_read on error response Date: Mon, 14 Nov 2022 16:30:33 -0800 Message-Id: <20221115003038.2134340-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz If a read/read by type fails it needs to be dequeued otherwise it can cause the next operation of the same type to return the wrong request and possible decoding as if it was a different attribute type. --- monitor/att.c | 109 +++++++++++++++++++++++++++----------------------- 1 file changed, 58 insertions(+), 51 deletions(-) diff --git a/monitor/att.c b/monitor/att.c index efd840d51961..d14cbd165697 100644 --- a/monitor/att.c +++ b/monitor/att.c @@ -106,27 +106,66 @@ static bool match_read_frame(const void *data, const void *match_data) return read->chan == frame->chan; } -static void print_data_list(const char *label, uint8_t length, - const struct l2cap_frame *frame) +static struct att_read *att_get_read(const struct l2cap_frame *frame) { struct packet_conn_data *conn; struct att_conn_data *data; + + conn = packet_get_conn_data(frame->handle); + if (!conn) + return NULL; + + data = conn->data; + if (!data) + return NULL; + + return queue_remove_if(data->reads, match_read_frame, (void *)frame); +} + +static void print_attribute(struct gatt_db_attribute *attr) +{ + uint16_t handle; + const bt_uuid_t *uuid; + char label[21]; + + handle = gatt_db_attribute_get_handle(attr); + if (!handle) + goto done; + + uuid = gatt_db_attribute_get_type(attr); + if (!uuid) + goto done; + + switch (uuid->type) { + case BT_UUID16: + sprintf(label, "Handle: 0x%4.4x Type", handle); + print_field("%s: %s (0x%4.4x)", label, + bt_uuid16_to_str(uuid->value.u16), + uuid->value.u16); + return; + case BT_UUID128: + sprintf(label, "Handle: 0x%4.4x Type", handle); + print_uuid(label, &uuid->value.u128, 16); + return; + case BT_UUID_UNSPEC: + case BT_UUID32: + break; + } + +done: + print_field("Handle: 0x%4.4x", handle); +} + +static void print_data_list(const char *label, uint8_t length, + const struct l2cap_frame *frame) +{ struct att_read *read; uint8_t count; if (length == 0) return; - conn = packet_get_conn_data(frame->handle); - if (conn) { - data = conn->data; - if (data) - read = queue_remove_if(data->reads, match_read_frame, - (void *)frame); - else - read = NULL; - } else - read = NULL; + read = att_get_read(frame); count = frame->size / length; @@ -271,6 +310,12 @@ static void att_error_response(const struct l2cap_frame *frame) pdu->request); print_field("Handle: 0x%4.4x", le16_to_cpu(pdu->handle)); print_field("Error: %s (0x%2.2x)", str, pdu->error); + + /* Read/Read By Type may create a read object which needs to be dequeued + * and freed in case the operation fails. + */ + if (pdu->request == 0x08 || pdu->request == 0x0a) + free(att_get_read(frame)); } static const struct bitfield_data chrc_prop_table[] = { @@ -2662,36 +2707,6 @@ static struct gatt_db_attribute *get_attribute(const struct l2cap_frame *frame, return gatt_db_get_attribute(db, handle); } -static void print_attribute(struct gatt_db_attribute *attr) -{ - uint16_t handle = gatt_db_attribute_get_handle(attr); - const bt_uuid_t *uuid; - char label[21]; - - uuid = gatt_db_attribute_get_type(attr); - if (!uuid) - goto done; - - switch (uuid->type) { - case BT_UUID16: - sprintf(label, "Handle: 0x%4.4x Type", handle); - print_field("%s: %s (0x%4.4x)", label, - bt_uuid16_to_str(uuid->value.u16), - uuid->value.u16); - return; - case BT_UUID128: - sprintf(label, "Handle: 0x%4.4x Type", handle); - print_uuid(label, &uuid->value.u128, 16); - return; - case BT_UUID_UNSPEC: - case BT_UUID32: - break; - } - -done: - print_field("Handle: 0x%4.4x", handle); -} - static void print_handle(const struct l2cap_frame *frame, uint16_t handle, bool rsp) { @@ -2746,19 +2761,11 @@ static void att_read_req(const struct l2cap_frame *frame) static void att_read_rsp(const struct l2cap_frame *frame) { - struct packet_conn_data *conn; - struct att_conn_data *data; struct att_read *read; print_hex_field("Value", frame->data, frame->size); - conn = packet_get_conn_data(frame->handle); - if (!conn) - return; - - data = conn->data; - - read = queue_remove_if(data->reads, match_read_frame, (void *)frame); + read = att_get_read(frame); if (!read) return; -- 2.37.3