Hi Sonny,
On Mon, Jan 25, 2021 at 11:36 AM Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx> wrote:
>
> Hi Luiz,
>
> I have been trying to reproduce the issue again but it turns out to be
> very rare. Let's defer this patch until I can get a clear log of what
> is happening and why we get the corrupted cache.
Ok, let me update in the pw, if you see this again let me know.
>
>
> On Thu, Jan 21, 2021 at 5:24 PM Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx> wrote:
> >
> > Hi Luiz,
> >
> > On Thu, Jan 21, 2021 at 4:37 PM Luiz Augusto von Dentz
> > <luiz.dentz@xxxxxxxxx> wrote:
> > >
> > > Hi Sonny,
> > >
> > > On Thu, Jan 21, 2021 at 4:18 PM Sonny Sasaka <sonnysasaka@xxxxxxxxxxxx> wrote:
> > > >
> > > > The report map in the cache could be dirty, for example when reading a
> > > > report map from peer was cancelled, we should be able to detect it and
> > > > not try to create UHID. Instead we will read it again from the peer.
> > >
> > > Don't we clean the cache if it had failed? Or you meant to say the
> > > read long procedure was not complete so we got just part of the report
> > > map?
> > Looks like this is the case. It happened to me once when I cancel
> > reconnection (trigger pairing mode during reconnection) from the
> > keyboard side. It's hard to confirm since I have to get the timing
> > right.
> >
> > > In that case we should have failed
> > I agree. However it seems that the code already tries to fail by
> > looking at the status inside report_map_read_cb, but somehow it still
> > gets through. It could be the keyboard bug that we have to detect
> > anyway?
> >
> > > also if we need to protect
> > > uhid from malformed report map, which sounds like a kernel bug, then
> > > we should at least have it inside bt_uhid instance so we can at least
> > > attempt to have some unit testing done with broken report maps.
> > >
> > > > ---
> > > > profiles/input/hog-lib.c | 21 ++++++++++++++++++---
> > > > 1 file changed, 18 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
> > > > index 089f42826..d6a3bda4d 100644
> > > > --- a/profiles/input/hog-lib.c
> > > > +++ b/profiles/input/hog-lib.c
> > > > @@ -946,7 +946,7 @@ static void uhid_create(struct bt_hog *hog, uint8_t *report_map,
> > > > struct uhid_event ev;
> > > > ssize_t vlen = report_map_len;
> > > > char itemstr[20]; /* 5x3 (data) + 4 (continuation) + 1 (null) */
> > > > - int i, err;
> > > > + int i, err, collection_depth = 0;
> > > > GError *gerr = NULL;
> > > >
> > > > DBG("Report MAP:");
> > > > @@ -960,6 +960,14 @@ static void uhid_create(struct bt_hog *hog, uint8_t *report_map,
> > > > if (!long_item && (value[i] & 0xfc) == 0x84)
> > > > hog->has_report_id = TRUE;
> > > >
> > > > + // Start Collection
> > > > + if (value[i] == 0xa1)
> > > > + collection_depth++;
> > > > +
> > > > + // End Collection
> > > > + if (value[i] == 0xc0)
> > > > + collection_depth--;
> > > > +
> > > > DBG("\t%s", item2string(itemstr, &value[i], ilen));
> > > >
> > > > i += ilen;
> > > > @@ -968,10 +976,15 @@ static void uhid_create(struct bt_hog *hog, uint8_t *report_map,
> > > >
> > > > /* Just print remaining items at once and break */
> > > > DBG("\t%s", item2string(itemstr, &value[i], vlen - i));
> > > > - break;
> > > > + return;
> > > > }
> > > > }
> > > >
> > > > + if (collection_depth != 0) {
> > > > + error("Report Map error: unbalanced collection");
> > > > + return;
> > > > + }
> > > > +
> > > > /* create uHID device */
> > > > memset(&ev, 0, sizeof(ev));
> > > > ev.type = UHID_CREATE;
> > > > @@ -1365,7 +1378,9 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
> > > > * UHID to optimize reconnection.
> > > > */
> > > > uhid_create(hog, report_map.value, report_map.length);
> > > > - } else {
> > > > + }
> > > > +
> > > > + if (!hog->uhid_created) {
> > > > read_char(hog, hog->attrib, value_handle,
> > > > report_map_read_cb, hog);
> > > > }
> > > > --
> > > > 2.29.2
> > > >
> > >
> > >
> > > --
> > > Luiz Augusto von Dentz
--
Luiz Augusto von Dentz
