Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp4035931rdb; Thu, 28 Dec 2023 08:05:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IGTOXscNTdAFaToCrL1Z3fsKaBqhNLGKw66HtBN7met9cHCgGINJBfdQjzyG/LT3LuaZSyb X-Received: by 2002:a50:9e0b:0:b0:54b:a7b:8198 with SMTP id z11-20020a509e0b000000b0054b0a7b8198mr7129921ede.17.1703779549520; Thu, 28 Dec 2023 08:05:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703779549; cv=none; d=google.com; s=arc-20160816; b=Jr/ClH4BXh1xAxEhfjnF3tX+rfojq3h/9SasIIC0C8jEk8i62pdtI86rJcO53f1c6J l07kC9PCyYz1KobBGPFbHawDiN5ykBHQ8JsbNk2gnQp6qHDGumBsr8PQqP71v7uJYG8n OT5IZPF3CO9kzq/MAenEdHQ5CNtLakr3RJ/d/QuHfj4qthDz51MIbJuX6BFTsrwPzT03 lc0wg9RQzNFQMpCkuhv790+GzL1yUl7I4Xp3MxllBULr0U4EReYHrFlKQSDtG2mD09n9 mZfE8/T6xYlswXtkv8pzm9zfijeidspcJopNQEKKiMLPtgqpUH0995O5omVgyT8dqjWs NunA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=0HYL2XJO5kfwBeir9eEtKgqwXg5We9KYBbGbRTAB8Ss=; fh=Kkdo6RP4xFxpyJV6VUEp6MSqXt9r8SNk1QQupulNhj8=; b=qtGWPurMlBwRndCTgDf1S60uFZbl9AtWdHAMaXSm1Vcv2CWixQ21p0ansQJBABLEjG AtdfiMb2qzrVqU5frokP+BNFJ9kfk2ql3HziHGxJEBc9PXWwF6OW0J7wk560jK4HjJpg WUXydzK/MYkvZo2bGDq4AjJfSTsW2YJ6jLQpQIu9Ld4ADqglbhTA5OCA1JuRH2oyWMnM ikhgJfSUJT+yoajkL+6jWEj5xebPuXqghrBt29ZcZ+CNH8L8fsI8MPziHSvZ/lu0hpBC tw++kjt0cwWtiphAoW8ARsaXIg69qcwAmfCVOMkVTTE3CuwvpNq+MgvMnXj9AmJiQj/P 02VQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HzhXQFB4; spf=pass (google.com: domain of linux-bluetooth+bounces-788-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-788-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id j29-20020a508a9d000000b005541161f275si7119188edj.409.2023.12.28.08.05.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Dec 2023 08:05:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-788-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HzhXQFB4; spf=pass (google.com: domain of linux-bluetooth+bounces-788-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-788-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 1577F1F24212 for ; Thu, 28 Dec 2023 16:05:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3F82DF4E1; Thu, 28 Dec 2023 16:05:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HzhXQFB4" X-Original-To: linux-bluetooth@vger.kernel.org Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5D0AF4F6 for ; Thu, 28 Dec 2023 16:05:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2ccec119587so187361fa.0 for ; Thu, 28 Dec 2023 08:05:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703779538; x=1704384338; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0HYL2XJO5kfwBeir9eEtKgqwXg5We9KYBbGbRTAB8Ss=; b=HzhXQFB4lOaKMUHB6eLKntDmvJ/QMDY9k9ZpW/72kU6ZX10LYNeUDBXpHpWg6Mqo44 I5bRthz2PRJ1FXVm1Fp3DTuAw98PCu9fFkd8X5Ysy+PG8k1/b4sG2yzUqU3P5n4IP/+2 dmryMYCCGYHNzLo1LS/Pm4+srt2uz0rpNR6CkTRXmNCN7bjco8YGSUgpHebBHlFGCL3K p6lR011jD3nRHdZ5xcxwYbQ2PbWiyrSURBCgO/pdOJFlmbwQhydXZfql9CSRm0OsM0Tm I0+RR9CdyjUGch04Zdjm1+4aRezyRkVoBO0CFugkKMHMzQBfGB71n9E2Wf8Atc2aARwb 8LJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703779538; x=1704384338; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0HYL2XJO5kfwBeir9eEtKgqwXg5We9KYBbGbRTAB8Ss=; b=wWFgvY2nkWoKETrRfotmmemZsXgNLNiGOYT+C/IQ9W7qNUVXaeKJzX18mBu+NrWrwS ek7+788AzuBQWRsSzaqqFG/kJex3KC0TY+q/c8MdEHNs5yowVWG4uzKY9SLB7N6rlIAq F49OY/8hlReRpfpVtr7ZgIWqpk/2KFDSmVK9FDkHX0CyLlvRevZGq+DJzCeuCFyeQ2kL bqkeQJAGeKszIYVMRg4LM0pZyF/u6pIw7wj/trca+qZ8JQdLwO1m8uVT69uRbI2zKLG2 BTLhpVeTzAT0ls4yXZBgLMhaLw5Axt+HY/rUVeQj8LDg98C/Ymte2J79M9lMnnIKtAL/ /oQQ== X-Gm-Message-State: AOJu0YwZfKyNOMHh4mRwxp4LaqP56zSgfAEmUxuFvnaeMEMgbE5v0Qxf N4w+FiQNJ1cr0yZ/84LvoFetpYvO2x/IDJzVgVVWqKT8 X-Received: by 2002:a2e:5cc7:0:b0:2cc:9a11:9f34 with SMTP id q190-20020a2e5cc7000000b002cc9a119f34mr4302573ljb.20.1703779537431; Thu, 28 Dec 2023 08:05:37 -0800 (PST) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231228135206.1949453-1-xiaokeqinhealth@126.com> In-Reply-To: <20231228135206.1949453-1-xiaokeqinhealth@126.com> From: Luiz Augusto von Dentz Date: Thu, 28 Dec 2023 11:05:23 -0500 Message-ID: Subject: Re: [PATCH BlueZ 1/1] avdtp: fix incorrect transaction label in setconf phase To: Xiao Yao Cc: linux-bluetooth@vger.kernel.org, Xiao Yao Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Thu, Dec 28, 2023 at 9:07=E2=80=AFAM Xiao Yao = wrote: > > From: Xiao Yao > > BLUETOOTH SPECIFICATION Page 61 of 140 > Audio/Video Distribution Transport Protocol Specification (V13) > 8.4.6 Message integrity verification at receiver side > > - The receiver of an AVDTP signaling message shall not interpret corrupte= d > messages. Those messages are discarded and no signaling message is return= ed > to the sender if no error code is applicable. Possible corrupted messages > are: > > * Response messages where the transaction label cannot match a previous > command sent to the remote device > > Consider the following scenario: > btmon log: > ... ... > AVDTP: Discover (0x01) Command (0x00) type 0x00 label 5 nosp 0 > AVDTP: Discover (0x01) Response Accept (0x02) type 0x00 label 5 nosp 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 6 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label= 6 nosp 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 7 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label= 7 nosp 0 > > < AVDTP: Set Configuration (0x03) Command (0x00) type 0x00 label 8 nosp 0 > //Currently, a 'set configuration' message has been received from the > //sender, which contains a transaction label valued at 8. This message > //was then relayed to A2DP backend(PulseAudio/PipeWire) using the dbus > //interface. > --- > set_configuration()(media.c) > msg =3D dbus_message_new_method_call(endpoint->sender, endpoint->= path, > MEDIA_ENDPOINT_INTERFACE, > "SetConfiguration"); > media_endpoint_async_call() > //dbus send > g_dbus_send_message_with_reply(btd_get_dbus_connection(), > msg, &request->call, > REQUEST_TIMEOUT(3 seconds= )) > dbus_pending_call_set_notify(request->call, endpoint_reply, reque= st,NULL); > ... > > > AVDTP: Discover (0x01) Command (0x00) type 0x00 label 0 nosp 0 > //At this time, the A2DP reverse discovery issued an A2DP discover comman= d. > < AVDTP: Discover (0x01) Response Accept (0x02) type 0x00 label 0 nosp 0 > //After receiving the discover reply, the session->in.transaction is > //changed to 0 > > > AVDTP: Set Configuration (0x03) Response Accept (0x02) type 0x00 label = 0 nosp 0 > //The audio backend reply the dbus message > endpoint_reply (media.c) > setconf_cb (avdtp.c) > //Here avdtp_send sends an incorrect transaction value, causi= ng > //the sender to discard the message. (The correct transaction > //value is 8) > avdtp_send(session, session->in.transaction, AVDTP_MSG_TYPE_A= CCEPT, > AVDTP_SET_CONFIGURATION, NULL, 0) > > AVDTP: Delay Report (0x0d) Command (0x00) type 0x00 label 1 nosp 0 > AVDTP: Delay Report (0x0d) Response Accept (0x02) type 0x00 label 1 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 2 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Response Accept (0x02) type 0x00 label= 2 nosp 0 > ... ... > > Therefore, a async_transaction that requires asynchronous return is > recorded to prevent it from being incorrectly modified. > > Signed-off-by: Xiao Yao > --- > profiles/audio/avdtp.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c > index 10ef380d4..2171e7723 100644 > --- a/profiles/audio/avdtp.c > +++ b/profiles/audio/avdtp.c > @@ -286,6 +286,7 @@ struct in_buf { > gboolean active; > int no_of_packets; > uint8_t transaction; > + uint8_t async_transaction; You can only have one transaction in each direction, so this doesn't look right at all. What perhaps is the problem is that we are changing the transaction ID also in case of responses in which case we need to fix that. > uint8_t message_type; > uint8_t signal_id; > uint8_t buf[1024]; > @@ -1459,6 +1460,9 @@ static void setconf_cb(struct avdtp *session, struc= t avdtp_stream *stream, > struct conf_rej rej; > struct avdtp_local_sep *sep; > > + if (session->in.transaction !=3D session->in.async_transaction) > + session->in.transaction =3D session->in.async_transaction= ; > + > if (err !=3D NULL) { > rej.error =3D AVDTP_UNSUPPORTED_CONFIGURATION; > rej.category =3D err->err.error_code; > @@ -1569,6 +1573,7 @@ static gboolean avdtp_setconf_cmd(struct avdtp *ses= sion, uint8_t transaction, > session->version =3D 0x0103; > > if (sep->ind && sep->ind->set_configuration) { > + session->in.async_transaction =3D transaction; > if (!sep->ind->set_configuration(session, sep, stream, > stream->caps, > setconf_cb, > -- > 2.34.1 > > --=20 Luiz Augusto von Dentz