Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7195677rdb; Wed, 3 Jan 2024 07:38:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IEB4NOqkc57nXCzREuY8J00QfX+yhMff790ioQ5eFzYSRMQ6ZgdJOuHAryvjwwTbMHyLtGg X-Received: by 2002:a05:6870:a68c:b0:203:f240:a2ec with SMTP id i12-20020a056870a68c00b00203f240a2ecmr23078177oam.21.1704296326933; Wed, 03 Jan 2024 07:38:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704296326; cv=none; d=google.com; s=arc-20160816; b=P+cQ6WdA3W7C3QcdzkvBhnoUeTFeMcaez091wJPKFXLccBd2cPD7WoFDCzNbZy7RJJ MW0jca6P67bCakJL6TmMxUbo9wSoErrRqk/l9Pxmif5/5bX2p/1UQTNqZJ3vM2vG4zHg /U8uUn90DDeDt0dkg1tbvwKJVZ2SyiRYCMU0wYTSz+VvBIczJB2S/znxmHBLu4R+Fmkb +6CRUB1N8NcqtLG3umlAJqL3JegoJnL3HL8uWz1IQTZgK3VZU+AF/B+gOkKUeQXmtIQa q9pcZHgnhdk+AB/OasHPOZGQhCCI5y6mpl9BUBCx5UpdG/zOt4t0afboTqRiDgIU54om uGVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=h0nXd94lY0XL11F1qVxzDayC+ufI1DufrBEqlHXePNo=; fh=Kkdo6RP4xFxpyJV6VUEp6MSqXt9r8SNk1QQupulNhj8=; b=paoH7qsb89sS61ttqJPMNY6PC/SQwQslKIEbyKr5c+AdTH6aPC+KP1cj/YBpGCHLbA 8fJUvzZ9zDR961r+r1uxNd2On35ZtskCKkvjqu0Eh5LdYbnzfd7gQ0nALUrEQPcvfIxJ 9MtwR9eecZpOsxNChu4Lx8OyH81oSnv/p+MIfpuripcV5xZvHzGGMyBF2r4QY6df2O+j qmD9clih8gB/c2hovGN6kYmzPSKPgx7k8nO0L16wJhurqgTYqliDExoWB5H9Lu1Os55P 9TuJBXjfcV212dv5MRQF/zGZ1UQPVfgDfyTuVWufqSoedj2OxAfXr5HbCqkhntG9YTCQ x/2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=TSb5aACt; spf=pass (google.com: domain of linux-bluetooth+bounces-857-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-857-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id q11-20020a05620a024b00b0077d7db54d82si28745477qkn.427.2024.01.03.07.38.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jan 2024 07:38:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-857-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=TSb5aACt; spf=pass (google.com: domain of linux-bluetooth+bounces-857-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-857-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 67F911C22886 for ; Wed, 3 Jan 2024 15:38:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 08CFC1B272; Wed, 3 Jan 2024 15:38:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TSb5aACt" X-Original-To: linux-bluetooth@vger.kernel.org Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CB4B1B27A for ; Wed, 3 Jan 2024 15:38:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2ccbf8cbf3aso99990981fa.3 for ; Wed, 03 Jan 2024 07:38:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704296317; x=1704901117; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=h0nXd94lY0XL11F1qVxzDayC+ufI1DufrBEqlHXePNo=; b=TSb5aACt9SELCYH5pcsUzxXuMbXei3LaszLJjTYYmUxKtfq937n0NAVg6siFK/SQ5W hbKwpPmGQNVpD6nCbLtcgJvOHC1T/OP0Z/FmnZhwhg5jpwt9GTa8RxB8S+bUpDvNDMzW e4RCi6CMZ9uHQX5ivVAN8geaPgAt5JZCEyq0lBUJBBDLqfyDKweihGQHSpkCH76rnvsP HAM1A7jMbTDmTMf5aSuJbA845BcvR4DPRjEMoyQGYN35QG+J2a4MfA6MPyrde15TCb3a Vjzn2a+zHSlqJdZ7YhoAH3pVMdEIfgdDS8FPf8IYynbe6i2CFModnDHHK4Hg8Mqr2hJj JxRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704296317; x=1704901117; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h0nXd94lY0XL11F1qVxzDayC+ufI1DufrBEqlHXePNo=; b=sS3QxsQowP1oFlk1XgdAG0TTK1tgEBA+WbJyhITgBL4j8xzDIbVhUKsH9RdSBOu45s sWl25ViciQEwMOD3JRfsNCV8K8FkYt+pcTnGee4OBpfFDNm9I2FJPjH2UEjMcLJIWW2m LQfMalkmp8150/qlWi7uYtU2crVx4fqmqL3NNvQy5A8acEoPCKUI22opHXFHHOjmeB5C p/azX6tkqc662kTuRInnpJ3vhW7VNOnPI7vf0qnIEcJk3iqILQoKWuVZIeTRyqjtrOva b4eC22OiZVMRyyCBvVnpRTbKL6MCU8wCQR9apea/qugR1BSwBDkI9OToZTgnALZ3omUR d1lw== X-Gm-Message-State: AOJu0YxAFZN3c37reYxmUPNMgCWOZucjrM4RAkxXSnfQC0m63wQplJrK EYD8ISJfxBVsB5zv5uYBOgY4S3cs5pNHdr7nI8u8x8yt X-Received: by 2002:a2e:b88e:0:b0:2cc:e9d8:40c6 with SMTP id r14-20020a2eb88e000000b002cce9d840c6mr5007502ljp.43.1704296316764; Wed, 03 Jan 2024 07:38:36 -0800 (PST) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240103143904.77146-1-xiaokeqinhealth@126.com> In-Reply-To: <20240103143904.77146-1-xiaokeqinhealth@126.com> From: Luiz Augusto von Dentz Date: Wed, 3 Jan 2024 10:38:23 -0500 Message-ID: Subject: Re: [PATCH BlueZ v3 1/2] avdtp: fix incorrect transaction label in setconf phase To: Xiao Yao Cc: linux-bluetooth@vger.kernel.org, Xiao Yao Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Wed, Jan 3, 2024 at 9:40=E2=80=AFAM Xiao Yao w= rote: > > From: Xiao Yao > > BLUETOOTH SPECIFICATION Page 61 of 140 > Audio/Video Distribution Transport Protocol Specification (V13) > 8.4.6 Message integrity verification at receiver side > > - The receiver of an AVDTP signaling message shall not interpret corrupte= d > messages. Those messages are discarded and no signaling message is return= ed > to the sender if no error code is applicable. Possible corrupted messages > are: > > * Response messages where the transaction label cannot match a previous > command sent to the remote device > > Consider the following scenario: > btmon log: > ... ... > AVDTP: Discover (0x01) Command (0x00) type 0x00 label 5 nosp 0 > AVDTP: Discover (0x01) Response Accept (0x02) type 0x00 label 5 nosp 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 6 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Resp Accept (0x02) type 0 label 6 nosp= 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 7 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Resp Accept (0x02) type 0 label 7 nosp= 0 > > < AVDTP: Set Configuration (0x03) Command (0x00) type 0x00 label 8 nosp 0 > //Currently, a 'set configuration' message has been received from the > //sender, which contains a transaction label valued at 8. This message > //was then relayed to A2DP backend(PulseAudio/PipeWire) using the dbus > //interface. > set_configuration()(media.c) > dbus_message_new_method_call(..., "SetConfiguration", ...); > g_dbus_send_message_with_reply(btd_get_dbus_connection(), ...); > dbus_pending_call_set_notify(request->call, endpoint_reply, ...); > ... > > > AVDTP: Discover (0x01) Command (0x00) type 0x00 label 0 nosp 0 > //At this time, the A2DP reverse discovery issued an A2DP discover comman= d. > < AVDTP: Discover (0x01) Response Accept (0x02) type 0x00 label 0 nosp 0 > //After receiving the discover reply, the session->in.transaction is > //changed to 0 > > > AVDTP: Set Configuration (0x03) Resp Accept (0x02) type 0 label 0 nosp = 0 > //The audio backend reply the dbus message > endpoint_reply (media.c) > setconf_cb (avdtp.c) > //Here avdtp_send sends an incorrect transaction value, causing > //the sender to discard the message. (The correct transaction > //value is 8) > avdtp_send(session, session->in.transaction, AVDTP_MSG_TYPE_ACCEPT, > AVDTP_SET_CONFIGURATION, NULL, 0) > > AVDTP: Delay Report (0x0d) Command (0x00) type 0x00 label 1 nosp 0 > AVDTP: Delay Report (0x0d) Response Accept (0x02) type 0x00 label 1 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Command (0x00) type 0x00 label 2 nosp = 0 > AVDTP: Get All Capabilities (0x0c) Resp Accept (0x02) type 0 label 2 nosp= 0 > ... ... > > Therefore, a async_transaction that requires asynchronous return is > recorded to prevent it from being incorrectly modified. > > Signed-off-by: Xiao Yao > --- > v1 -> v2: Fixed "session->in.transaction" logic err. > v2 -> v3: Fixed some compile warnings > --- > profiles/audio/avdtp.c | 19 ++++++++++++++----- > 1 file changed, 14 insertions(+), 5 deletions(-) > > diff --git a/profiles/audio/avdtp.c b/profiles/audio/avdtp.c > index 10ef380d4..386c7f67c 100644 > --- a/profiles/audio/avdtp.c > +++ b/profiles/audio/avdtp.c > @@ -286,6 +286,7 @@ struct in_buf { > gboolean active; > int no_of_packets; > uint8_t transaction; > + uint8_t async_transaction; Didn't I already explain it already that we are not supposed to have 2 outstanding transactions? > uint8_t message_type; > uint8_t signal_id; > uint8_t buf[1024]; > @@ -1462,15 +1463,16 @@ static void setconf_cb(struct avdtp *session, str= uct avdtp_stream *stream, > if (err !=3D NULL) { > rej.error =3D AVDTP_UNSUPPORTED_CONFIGURATION; > rej.category =3D err->err.error_code; > - avdtp_send(session, session->in.transaction, > - AVDTP_MSG_TYPE_REJECT, AVDTP_SET_CONFIGUR= ATION, > - &rej, sizeof(rej)); > + avdtp_send(session, session->in.async_transaction, > + AVDTP_MSG_TYPE_REJECT, AVDTP_SET_CONFIGURATION= , > + &rej, sizeof(rej)); > stream_free(stream); > return; > } > > - if (!avdtp_send(session, session->in.transaction, AVDTP_MSG_TYPE_= ACCEPT, > - AVDTP_SET_CONFIGURATION, NULL, 0)= ) { > + if (!avdtp_send(session, session->in.async_transaction, > + AVDTP_MSG_TYPE_ACCEPT, > + AVDTP_SET_CONFIGURATION, NULL, 0)) { > stream_free(stream); > return; > } > @@ -1569,6 +1571,13 @@ static gboolean avdtp_setconf_cmd(struct avdtp *se= ssion, uint8_t transaction, > session->version =3D 0x0103; > > if (sep->ind && sep->ind->set_configuration) { > + /* The setconfig configuration stage is asynchronous; > + * high CPU load or other factors can delay dbus message > + * responses, potentially altering the transaction value. > + * It's essential to record the received transaction valu= e > + * for use in the final accept command. > + */ > + session->in.async_transaction =3D transaction; > if (!sep->ind->set_configuration(session, sep, stream, > stream->caps, > setconf_cb, > > base-commit: 7ad5669402c9acff8e4cc808edc12a41df36654e > -- > 2.34.1 > > --=20 Luiz Augusto von Dentz