Re: [Bluez PATCH v3] device: don't wait for timeout if RemoveDevice is called

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Archie,

On Tue, Sep 15, 2020 at 9:51 AM Luiz Augusto von Dentz
<luiz.dentz@xxxxxxxxx> wrote:
>
> Hi Archie,
>
> On Mon, Sep 14, 2020 at 8:04 PM Archie Pusaka <apusaka@xxxxxxxxxx> wrote:
> >
> > From: Archie Pusaka <apusaka@xxxxxxxxxxxx>
> >
> > RemoveDevice on adapter interface used to remove a device, even when
> > the device is connected. However, since the introduction of the new
> > 30 seconds timeout when setting a device as temporary, RemoveDevice
> > doesn't immediately remove a connected device, but only disconnects
> > it and waits for the timer to expire before effectively removes it.
> >
> > This patch removes the device as soon as it gets disconnected,
> > provided the disconnection is triggered by a call to RemoveDevice.
> > The regular timeout still applies for other cases.
> >
> > Tested manually by calling RemoveDevice on a connected device,
> > and with ChromeOS autotest setup.
> >
> > Reviewed-by: Daniel Winkler <danielwinkler@xxxxxxxxxx>
> > ---
> >
> > Changes in v3:
> > * Rebasing again
> >
> > Changes in v2:
> > * Rebasing to HEAD
> >
> >  src/adapter.c |  2 --
> >  src/adapter.h |  2 ++
> >  src/device.c  | 11 +++++++++++
> >  3 files changed, 13 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/adapter.c b/src/adapter.c
> > index df628a7fd..4e27bd74b 100644
> > --- a/src/adapter.c
> > +++ b/src/adapter.c
> > @@ -80,8 +80,6 @@
> >  #include "adv_monitor.h"
> >  #include "eir.h"
> >
> > -#define ADAPTER_INTERFACE      "org.bluez.Adapter1"
> > -
> >  #define MODE_OFF               0x00
> >  #define MODE_CONNECTABLE       0x01
> >  #define MODE_DISCOVERABLE      0x02
> > diff --git a/src/adapter.h b/src/adapter.h
> > index c70a7b0da..2f1e4b737 100644
> > --- a/src/adapter.h
> > +++ b/src/adapter.h
> > @@ -29,6 +29,8 @@
> >  #include <lib/bluetooth.h>
> >  #include <lib/sdp.h>
> >
> > +#define ADAPTER_INTERFACE      "org.bluez.Adapter1"
> > +
> >  #define MAX_NAME_LENGTH                248
> >
> >  /* Invalid SSP passkey value used to indicate negative replies */
> > diff --git a/src/device.c b/src/device.c
> > index 8f73ce4d3..3e7784034 100644
> > --- a/src/device.c
> > +++ b/src/device.c
> > @@ -3007,6 +3007,7 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
> >  {
> >         struct bearer_state *state = get_state(device, bdaddr_type);
> >         DBusMessage *reply;
> > +       bool remove_device = false;
> >
> >         if (!state->connected)
> >                 return;
> > @@ -3036,6 +3037,10 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
> >         while (device->disconnects) {
> >                 DBusMessage *msg = device->disconnects->data;
> >
> > +               if (dbus_message_is_method_call(msg, ADAPTER_INTERFACE,
> > +                                                               "RemoveDevice"))
> > +                       remove_device = true;
> > +
> >                 g_dbus_send_reply(dbus_conn, msg, DBUS_TYPE_INVALID);
> >                 device->disconnects = g_slist_remove(device->disconnects, msg);
> >                 dbus_message_unref(msg);
> > @@ -3061,6 +3066,9 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
> >
> >         g_dbus_emit_property_changed(dbus_conn, device->path,
> >                                                 DEVICE_INTERFACE, "Connected");
> > +
> > +       if (remove_device)
> > +               btd_adapter_remove_device(device->adapter, device);

It looks like there are instances where device_remove_connection is
called that can lead to the following trace:

==4030336== Invalid read of size 8
==4030336==    at 0x40B8A1: device_is_authenticating (device.c:6975)
==4030336==    by 0x3ABA2F: adapter_remove_connection (adapter.c:7166)
==4030336==    by 0x3C2A60: dev_disconnected (adapter.c:8123)
==4030336==    by 0x45C6B4: request_complete (mgmt.c:298)
==4030336==    by 0x45FF74: can_read_data (mgmt.c:390)
==4030336==    by 0x49B28F: watch_callback (io-glib.c:157)
==4030336==    by 0x495312F: g_main_context_dispatch (in
/usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x49A8207: ??? (in /usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x4952852: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x49C814: mainloop_run (mainloop-glib.c:66)
==4030336==    by 0x49CD0B: mainloop_run_with_signal (mainloop-notify.c:188)
==4030336==    by 0x29B18B: main (main.c:1239)
==4030336==  Address 0x771bfe0 is 448 bytes inside a block of size 656 free'd
==4030336==    at 0x48440E4: free (vg_replace_malloc.c:872)
==4030336==    by 0x4954DAC: g_free (in /usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x44D166: remove_interface (object.c:660)
==4030336==    by 0x44DEDA: g_dbus_unregister_interface (object.c:1394)
==4030336==    by 0x3ABA27: adapter_remove_connection (adapter.c:7164)
==4030336==    by 0x3C2A60: dev_disconnected (adapter.c:8123)
==4030336==    by 0x45C6B4: request_complete (mgmt.c:298)
==4030336==    by 0x45FF74: can_read_data (mgmt.c:390)
==4030336==    by 0x49B28F: watch_callback (io-glib.c:157)
==4030336==    by 0x495312F: g_main_context_dispatch (in
/usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x49A8207: ??? (in /usr/lib64/libglib-2.0.so.0.7000.2)
==4030336==    by 0x4952852: g_main_loop_run (in
/usr/lib64/libglib-2.0.so.0.7000.2)

So it appeared to be unsafe to call btd_adapter_remove_device, btw
this happened when Ive attempted to pair 2 emulator instances
(btvirt).

> >  }
> >
> >  guint device_add_disconnect_watch(struct btd_device *device,
> > @@ -4482,6 +4490,9 @@ void device_remove(struct btd_device *device, gboolean remove_stored)
> >                 disconnect_all(device);
> >         }
> >
> > +       if (device->temporary_timer > 0)
> > +               g_source_remove(device->temporary_timer);
> > +
> >         if (device->store_id > 0) {
> >                 g_source_remove(device->store_id);
> >                 device->store_id = 0;
> > --
> > 2.28.0.618.gf4bc123cb7-goog
> >
>
> Applied, thanks.
>
> --
> Luiz Augusto von Dentz



-- 
Luiz Augusto von Dentz



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux