Re: [BlueZ PATCH v2] device: Fix crash when removing device

[Tedd Ho-Jeong An <tedd.an@xxxxxxxxxxxxxxx>]

On Thu, 2022-02-10 at 14:55 -0800, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
> 
> Calling btd_adapter_remove_device from device_remove_connection can
> cause a crash, so instead of removing it immediatelly this set a the
> temporary timeout to 0.
> 
> Fixes: https://github.com/bluez/bluez/issues/290

Tested-by: Tedd Ho-Jeong AN <tedd.an@xxxxxxxxx>

> ---
> v2: Fix compilation
> 
>  src/device.c | 46 +++++++++++++++++++++++-----------------------
>  1 file changed, 23 insertions(+), 23 deletions(-)
> 
> diff --git a/src/device.c b/src/device.c
> index 6d29eb896..81b8ebd1e 100644
> --- a/src/device.c
> +++ b/src/device.c
> @@ -3200,6 +3200,28 @@ void device_add_connection(struct btd_device *dev, uint8_t bdaddr_type)
>                                                                 "Connected");
>  }
>  
> +static bool device_disappeared(gpointer user_data)
> +{
> +       struct btd_device *dev = user_data;
> +
> +       dev->temporary_timer = 0;
> +
> +       btd_adapter_remove_device(dev->adapter, dev);
> +
> +       return FALSE;
> +}
> +
> +static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
> +{
> +       clear_temporary_timer(dev);
> +
> +       if (!timeout)
> +               return;
> +
> +       dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
> +                                                               dev, NULL);
> +}
> +
>  void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
>  {
>         struct bearer_state *state = get_state(device, bdaddr_type);
> @@ -3285,7 +3307,7 @@ void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
>                                                 DEVICE_INTERFACE, "Connected");
>  
>         if (remove_device)
> -               btd_adapter_remove_device(device->adapter, device);
> +               set_temporary_timer(device, 0);
>  }
>  
>  guint device_add_disconnect_watch(struct btd_device *device,
> @@ -4590,28 +4612,6 @@ void device_set_le_support(struct btd_device *device, uint8_t bdaddr_type)
>         store_device_info(device);
>  }
>  
> -static bool device_disappeared(gpointer user_data)
> -{
> -       struct btd_device *dev = user_data;
> -
> -       dev->temporary_timer = 0;
> -
> -       btd_adapter_remove_device(dev->adapter, dev);
> -
> -       return FALSE;
> -}
> -
> -static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
> -{
> -       clear_temporary_timer(dev);
> -
> -       if (!timeout)
> -               return;
> -
> -       dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
> -                                                               dev, NULL);
> -}
> -
>  void device_update_last_seen(struct btd_device *device, uint8_t bdaddr_type)
>  {
>         if (bdaddr_type == BDADDR_BREDR)