Hi Johan,
On Wed, May 30, 2012 at 10:37:01AM +0300, Johan Hedberg wrote:
> Hi Ido,
>
> On Tue, May 29, 2012, Ido Yariv wrote:
> > The identifier returned by g_attrib_register is not unique across
> > different channels. Since attrib_channel_detach assumes this identifier
> > to be unique, it may end up detaching the wrong channel when a device
> > disconnects.
> >
> > Fix this by using the channel's pointer as a unique identifier for
> > detaching the channel. The identifier returned from g_attrib_register
> > will still be used to find the relevant event structure.
> > ---
> > src/attrib-server.c | 22 +++++++---------------
> > 1 files changed, 7 insertions(+), 15 deletions(-)
> >
> > diff --git a/src/attrib-server.c b/src/attrib-server.c
> > index dd1bba4..39085de 100644
> > --- a/src/attrib-server.c
> > +++ b/src/attrib-server.c
> > @@ -72,7 +72,7 @@ struct gatt_channel {
> > GAttrib *attrib;
> > guint mtu;
> > gboolean le;
> > - guint id;
> > + guint event_id;
> > gboolean encrypted;
> > struct gatt_server *server;
> > guint cleanup_id;
> > @@ -1077,8 +1077,8 @@ guint attrib_channel_attach(GAttrib *attrib)
> >
> >
> > channel->attrib = g_attrib_ref(attrib);
> > - channel->id = g_attrib_register(channel->attrib, GATTRIB_ALL_REQS,
> > - channel_handler, channel, NULL);
> > + channel->event_id = g_attrib_register(channel->attrib, GATTRIB_ALL_REQS,
> > + channel_handler, channel, NULL);
> >
> > channel->cleanup_id = g_io_add_watch(io, G_IO_HUP, channel_watch_cb,
> > channel);
> > @@ -1087,15 +1087,7 @@ guint attrib_channel_attach(GAttrib *attrib)
> >
> > server->clients = g_slist_append(server->clients, channel);
> >
> > - return channel->id;
> > -}
> > -
> > -static gint channel_id_cmp(gconstpointer data, gconstpointer user_data)
> > -{
> > - const struct gatt_channel *channel = data;
> > - guint id = GPOINTER_TO_UINT(user_data);
> > -
> > - return channel->id - id;
> > + return GPOINTER_TO_UINT(channel);
>
> I don't think converting a pointer to uint is safe since some systems
> can have 64-bit pointers but 32-bit uints. These macros are therefore
> only safe to be used in the other direction, i.e. when starting off with
> an uint and passing it to an API that expects a pointer.
You're absolutely right, good catch!
How about the below patch? Instead of casting to and from guint, we can
simply work with gpointer instead.
Thanks,
Ido.
>From 78254bb099f80ad38e10075fbb73a4d990217630 Mon Sep 17 00:00:00 2001
From: Ido Yariv <ido@xxxxxxxxxx>
Date: Tue, 29 May 2012 21:11:16 +0300
Subject: [PATCH v2] attrib-server: Fix multiple channels detaching mix-up
The identifier returned by g_attrib_register is not unique across
different channels. Since attrib_channel_detach assumes this identifier
to be unique, it may end up detaching the wrong channel when a device
disconnects.
Fix this by using the channel's pointer as a unique identifier for
detaching the channel. The identifier returned from g_attrib_register
will still be used to find the relevant event structure.
---
src/attrib-server.c | 26 +++++++++-----------------
src/attrib-server.h | 4 ++--
src/device.c | 6 +++---
3 files changed, 14 insertions(+), 22 deletions(-)
diff --git a/src/attrib-server.c b/src/attrib-server.c
index a6262d0..db2c52d 100644
--- a/src/attrib-server.c
+++ b/src/attrib-server.c
@@ -73,7 +73,7 @@ struct gatt_channel {
GAttrib *attrib;
guint mtu;
gboolean le;
- guint id;
+ guint event_id;
gboolean encrypted;
struct gatt_server *server;
guint cleanup_id;
@@ -1023,7 +1023,7 @@ done:
NULL, NULL, NULL);
}
-guint attrib_channel_attach(GAttrib *attrib)
+gpointer attrib_channel_attach(GAttrib *attrib)
{
struct gatt_server *server;
struct btd_device *device;
@@ -1078,8 +1078,8 @@ guint attrib_channel_attach(GAttrib *attrib)
channel->attrib = g_attrib_ref(attrib);
- channel->id = g_attrib_register(channel->attrib, GATTRIB_ALL_REQS,
- channel_handler, channel, NULL);
+ channel->event_id = g_attrib_register(channel->attrib, GATTRIB_ALL_REQS,
+ channel_handler, channel, NULL);
channel->cleanup_id = g_io_add_watch(io, G_IO_HUP, channel_watch_cb,
channel);
@@ -1088,18 +1088,10 @@ guint attrib_channel_attach(GAttrib *attrib)
server->clients = g_slist_append(server->clients, channel);
- return channel->id;
+ return (gpointer)channel;
}
-static gint channel_id_cmp(gconstpointer data, gconstpointer user_data)
-{
- const struct gatt_channel *channel = data;
- guint id = GPOINTER_TO_UINT(user_data);
-
- return channel->id - id;
-}
-
-gboolean attrib_channel_detach(GAttrib *attrib, guint id)
+gboolean attrib_channel_detach(GAttrib *attrib, gpointer id)
{
struct gatt_server *server;
struct gatt_channel *channel;
@@ -1123,14 +1115,14 @@ gboolean attrib_channel_detach(GAttrib *attrib, guint id)
if (server == NULL)
return FALSE;
- l = g_slist_find_custom(server->clients, GUINT_TO_POINTER(id),
- channel_id_cmp);
+ /* Make sure the channel was not already freed */
+ l = g_slist_find(server->clients, id);
if (!l)
return FALSE;
channel = l->data;
- g_attrib_unregister(channel->attrib, channel->id);
+ g_attrib_unregister(channel->attrib, channel->event_id);
channel_remove(channel);
return TRUE;
diff --git a/src/attrib-server.h b/src/attrib-server.h
index 7af0cfa..895d9ef 100644
--- a/src/attrib-server.h
+++ b/src/attrib-server.h
@@ -36,5 +36,5 @@ int attrib_gap_set(struct btd_adapter *adapter, uint16_t uuid,
uint32_t attrib_create_sdp(struct btd_adapter *adapter, uint16_t handle,
const char *name);
void attrib_free_sdp(uint32_t sdp_handle);
-guint attrib_channel_attach(GAttrib *attrib);
-gboolean attrib_channel_detach(GAttrib *attrib, guint id);
+gpointer attrib_channel_attach(GAttrib *attrib);
+gboolean attrib_channel_detach(GAttrib *attrib, gpointer id);
diff --git a/src/device.c b/src/device.c
index 7ff09aa..543055f 100644
--- a/src/device.c
+++ b/src/device.c
@@ -154,7 +154,7 @@ struct btd_device {
GAttrib *attrib;
GSList *attios;
GSList *attios_offline;
- guint attachid; /* Attrib server attach */
+ gpointer attachid; /* Attrib server attach */
guint auto_id; /* Auto connect source id */
gboolean connected;
@@ -205,7 +205,7 @@ static void att_cleanup(struct btd_device *device)
{
if (device->attachid) {
attrib_channel_detach(device->attrib, device->attachid);
- device->attachid = 0;
+ device->attachid = NULL;
}
if (device->cleanup_id) {
@@ -1944,7 +1944,7 @@ static void att_connect_cb(GIOChannel *io, GError *gerr, gpointer user_data)
attrib = g_attrib_new(io);
device->attachid = attrib_channel_attach(attrib);
- if (device->attachid == 0)
+ if (device->attachid == NULL)
error("Attribute server attach failure!");
device->attrib = attrib;
--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
