[PATCH BlueZ 03/18] shared/gatt: Cancel timeouts when attrib removed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This cancels the pending request timeouts when a gatt_db_attribute
structure is removed from the gatt-db, to prevent an invalid access
when the timeout fires after a free. This patch also increases the
pending request timeout interval from 1 second to 5 seconds.
---
 src/shared/gatt-db.c | 62 ++++++++++++++++++++++++++++++++--------------------
 1 file changed, 38 insertions(+), 24 deletions(-)

diff --git a/src/shared/gatt-db.c b/src/shared/gatt-db.c
index 2a00171..606ae84 100644
--- a/src/shared/gatt-db.c
+++ b/src/shared/gatt-db.c
@@ -38,7 +38,7 @@
 
 #define MAX_CHAR_DECL_VALUE_LEN 19
 #define MAX_INCLUDED_VALUE_LEN 6
-#define ATTRIBUTE_TIMEOUT 1000
+#define ATTRIBUTE_TIMEOUT 5000
 
 static const bt_uuid_t primary_service_uuid = { .type = BT_UUID16,
 					.value.u16 = GATT_PRIM_SVC_UUID };
@@ -109,14 +109,49 @@ struct gatt_db_service {
 	struct gatt_db_attribute **attributes;
 };
 
+static void pending_read_result(struct pending_read *p, int err,
+					const uint8_t *data, size_t length)
+{
+	if (p->timeout_id > 0)
+		timeout_remove(p->timeout_id);
+
+	p->func(p->attrib, err, data, length, p->user_data);
+
+	free(p);
+}
+
+static void pending_read_free(void *data)
+{
+	struct pending_read *p = data;
+
+	pending_read_result(p, -ECANCELED, NULL, 0);
+}
+
+static void pending_write_result(struct pending_write *p, int err)
+{
+	if (p->timeout_id > 0)
+		timeout_remove(p->timeout_id);
+
+	p->func(p->attrib, err, p->user_data);
+
+	free(p);
+}
+
+static void pending_write_free(void *data)
+{
+	struct pending_write *p = data;
+
+	pending_write_result(p, -ECANCELED);
+}
+
 static void attribute_destroy(struct gatt_db_attribute *attribute)
 {
 	/* Attribute was not initialized by user */
 	if (!attribute)
 		return;
 
-	queue_destroy(attribute->pending_reads, free);
-	queue_destroy(attribute->pending_writes, free);
+	queue_destroy(attribute->pending_reads, pending_read_free);
+	queue_destroy(attribute->pending_writes, pending_write_free);
 
 	free(attribute->value);
 	free(attribute);
@@ -1403,17 +1438,6 @@ gatt_db_attribute_get_permissions(const struct gatt_db_attribute *attrib)
 	return attrib->permissions;
 }
 
-static void pending_read_result(struct pending_read *p, int err,
-					const uint8_t *data, size_t length)
-{
-	if (p->timeout_id > 0)
-		timeout_remove(p->timeout_id);
-
-	p->func(p->attrib, err, data, length, p->user_data);
-
-	free(p);
-}
-
 static bool read_timeout(void *user_data)
 {
 	struct pending_read *p = user_data;
@@ -1498,16 +1522,6 @@ bool gatt_db_attribute_read_result(struct gatt_db_attribute *attrib,
 	return true;
 }
 
-static void pending_write_result(struct pending_write *p, int err)
-{
-	if (p->timeout_id > 0)
-		timeout_remove(p->timeout_id);
-
-	p->func(p->attrib, err, p->user_data);
-
-	free(p);
-}
-
 static bool write_timeout(void *user_data)
 {
 	struct pending_write *p = user_data;
-- 
2.2.0.rc0.207.ga3a616c

--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux