Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp67075lqz; Fri, 29 Mar 2024 08:44:36 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXCAImqQfnkf7EPFZYDya8mlqUpXAyKgtYymd83/CcsISnejSXc/IxL8ICAFp4dinpKODV8Hmg/JzgVmUcWmpNV5QbiZwqGoJD4cqN+Bw== X-Google-Smtp-Source: AGHT+IFJD40J9dWiocDglORIcmxKMWwJB5zYBhpl4LJMHoQ+w2V4m0YCZw9AfWdAxksgv11NjWSR X-Received: by 2002:a05:6e02:174b:b0:368:7e1e:7e00 with SMTP id y11-20020a056e02174b00b003687e1e7e00mr2939245ill.7.1711727076040; Fri, 29 Mar 2024 08:44:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711727076; cv=pass; d=google.com; s=arc-20160816; b=DCAw4mYSyJqHqyR41tX9pITtJrQ3m/0pBQL3ZbF60JY6qWAKZozI1jiaU9eeYzf0iN M2nUfVfAcAs2kRQtjf2iW2raUmTV2D+cnUwz2RBnHKN6BjC6Rxm/V2Kve+DuecfRBH/Z +HSRuM364Urwa14mhmhasLylF74Q9Jg3wbITxaJ332V5QfGNEq6kAOvf9k6SthhbkNyO mgjH1zOu+884l81duvvKpKO4UP1ZSah90VORRpZt4L3YzNuTVeNaXxkadOl7jn5CUilq e/7DcQEyRKN/m1QGbBbnCbFlcgA2y33f/CaC8LcHOrmFLJV3gC52T7WFmVeN1Ct47UxA x0Tg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=xCHnDUMCi9/YCWLxMeyotVlV2Miie9qEAy8Yhd8AU64=; fh=C8TKMCuV9tnJRXjJKoH+R3hthMeWr3fLKxSGeUcnyVM=; b=v/wDDabZfNBlKaB2aKdYFD1aSyaxNWljw6J0ZNO4AbtI0PmRodyGWbNhdbWkzRAo8v t0iQb7dCI3WV9FgkJqJclOuROL+lhIDk0MX49uNfYY34b5frseUy+5Ld9+Q0ZggHEfA2 TznUNtPb2Ob+hR+V7LhnZKOatPo5so50DKGqDX3lT4RDiNhs+FOE8M0CSrcCQsw3P2q3 9ZiL7BlHfXaUQ/oPvQMAMBGMhOqulUnWRe35o7DJqI9funEPvMMwBhjExoSV3CYKv+DB gjH7YLmPaqyKl7bSbjbE0BFSdPVnBKrOEWf7oQny0jeoiQp7/Cb1S6Qg70TI6rHmjACM ObrA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Cvcy3AJY; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-2964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-2964-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id i24-20020a63cd18000000b005dc488101casi3711466pgg.341.2024.03.29.08.44.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 08:44:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-2964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Cvcy3AJY; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-bluetooth+bounces-2964-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-2964-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7713C2866C6 for ; Fri, 29 Mar 2024 15:44:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8CD501E889; Fri, 29 Mar 2024 15:44:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Cvcy3AJY" X-Original-To: linux-bluetooth@vger.kernel.org Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 592E41C0DDB for ; Fri, 29 Mar 2024 15:44:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711727071; cv=none; b=pz974yaL/zE9XUmAJpKQJy+8BIAuXVQq43Jmr1NPrZPB8y5lyjEkj+hf2wHiAcKT8lX+VLxsbnXaIRQLZ7OmK4//6JEefV+xIYj2KuOu22StySeWXBvVFGUdFuP+o1JI0/VCv6KtxexfmXb7dWFXklAA7W45nTTW9cCbHom3Bbo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711727071; c=relaxed/simple; bh=IBYhV4l89Es5djyN+XThe3Uvf6afR54Ux18SoNi+FoQ=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=VwNCw2qptFq//N6UnC7JoypGvJj2Goexcu4Kx98FACydL2BxNIXBMSz7NO0QFa4uizRdqh/qqGH2UDiCY9LJH9SC5YbmgbL3Hnxg6OA5Q8jcBeQflfMLmK1g8DMWyMkKtHAAnhtzgb9+5gfcIM+NRHhanxmUKRdF3AVaTolVOMc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Cvcy3AJY; arc=none smtp.client-ip=209.85.208.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-2d6ee6c9945so17017381fa.3 for ; Fri, 29 Mar 2024 08:44:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711727067; x=1712331867; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xCHnDUMCi9/YCWLxMeyotVlV2Miie9qEAy8Yhd8AU64=; b=Cvcy3AJYkESpRtDHvKASgFcqQSD7zBgRiCKOYM3UCpHATok0G/6pzgr/61aXSBQpIK WsXHcH+eqpUGzO8qAA0J3NH24pDB/E0mcFV2vWcV5ktTxB+WUlM7bYOUGY+xU3D7tEJx sBxsW447y+oVqM2j2waAOQIXWBokFXU4rSR6QHJea1RfRA5kC6+VcR3F7Wth59KQzePh oRZjdR3dMXiNpQNt+IpLc5AST3XvKbs+j1ZCH7zDeFoSZ3LN1yEltUdz2UUqShm/w5FO H9jTEKjv1AxHu2Dk0Z2IjTkW7ggsBzuwmrCBCxrNQZNpU+Jv5UXrYvioaaVDwc832cZG oMOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711727067; x=1712331867; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xCHnDUMCi9/YCWLxMeyotVlV2Miie9qEAy8Yhd8AU64=; b=ExRe55pvIPVUP2R5ZoTdislEe4r0fF52t4fQHAmFZhoe4ZZKA+JRFkKeKUHkcaq8mU af97nnOhpUbr2dGdebH4laNYolNIxg/PAKJNPRQwC6YcI1A4NAXCrICkXEs+G1VVfNur BBVzUjA2njQi+kaso7ApSaWjZH0V4lacSwlO3RAEFbhIySExH4Pb5LfDZl+c6oOEMS/G xAUIALM+kZ51MwgBfJNpYHwiKsBSAK5np+e8XuTx/xGPt3Gy+1uVTe+jo2EAHBg5tPcj 7baf7j4NaNtcniG4xxmLbTDHN689cpCDZn7RzJQhKKqr2e4Pzz+/hadvFpQikgV06Azp 10zg== X-Gm-Message-State: AOJu0Yx5nh5xi23F9wEMv4Y8QfiIWyeY7CoHOauuYrvmEyBjf9OS2Q1C LwdKTo0QvPlVfxou9K0NrqQhLIhuEj3ni/MDmiyccKnqC91k22xTzBhyuX4xC7OK+47mq7bwCv+ 7t+d3El1Rq18Bl6YtFEAleoXfzUI= X-Received: by 2002:a2e:aa98:0:b0:2d6:cd05:1895 with SMTP id bj24-20020a2eaa98000000b002d6cd051895mr1510205ljb.29.1711727067255; Fri, 29 Mar 2024 08:44:27 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240329154000.6056-1-vlad.pruteanu@nxp.com> <20240329154000.6056-2-vlad.pruteanu@nxp.com> In-Reply-To: <20240329154000.6056-2-vlad.pruteanu@nxp.com> From: Luiz Augusto von Dentz Date: Fri, 29 Mar 2024 11:44:14 -0400 Message-ID: Subject: Re: [PATCH BlueZ 1/1] bap: Remove entry of deleted device from bcast_pa_requests queue To: Vlad Pruteanu Cc: linux-bluetooth@vger.kernel.org, mihai-octavian.urzica@nxp.com, silviu.barbulescu@nxp.com, iulia.tanasescu@nxp.com, andrei.istodorescu@nxp.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Vlad, On Fri, Mar 29, 2024 at 11:40=E2=80=AFAM Vlad Pruteanu wrote: > > Currently if Broadcast Source device is removed it's entry in > bcast_pa_requests remains active. Thus, if the removal is done before > short_lived_pa_sync is called, crashes such as the one listed below > can occur. This patch fixes this by removing the deleted devices > from the queue mentioned above. Actually we need to redesign these, the list should be per adapter, not global as it is currently and we probably should stop doing the enumeration if the user stop scanning. > =3D=3D105052=3D=3DERROR: AddressSanitizer: heap-use-after-free on address > 0x60400001c418 at pc 0x55775caf1846 bp 0x7ffc83d9fb90 sp 0x7ffc83d9fb80 > READ of size 8 at 0x60400001c418 thread T0 > 0 0x55775caf1845 in btd_service_get_device src/service.c:325 > 1 0x55775ca03da2 in short_lived_pa_sync profiles/audio/bap.c:2693 > 2 0x55775ca03da2 in pa_idle_timer profiles/audio/bap.c:1996 > --- > profiles/audio/bap.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c > index 52a9f5e00..8953e9a57 100644 > --- a/profiles/audio/bap.c > +++ b/profiles/audio/bap.c > @@ -2907,12 +2907,23 @@ static int bap_bcast_probe(struct btd_service *se= rvice) > return 0; > } > > +static bool remove_service(const void *data, const void *match_data) > +{ > + struct bap_bcast_pa_req *pa_req =3D (struct bap_bcast_pa_req *)da= ta; > + > + if (pa_req->type =3D=3D BAP_PA_SHORT_REQ && > + pa_req->data.service =3D=3D match_data) > + return true; > + return false; > +} > + > static void bap_bcast_remove(struct btd_service *service) > { > struct btd_device *device =3D btd_service_get_device(service); > struct bap_data *data; > char addr[18]; > > + queue_remove_if(bcast_pa_requests, remove_service, service); > ba2str(device_get_address(device), addr); > DBG("%s", addr); > > -- > 2.39.2 > --=20 Luiz Augusto von Dentz