From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 30 Jun 2008 15:08:54 +0900 From: Chan-Yeol Park To: bluez-devel@lists.sourceforge.net Message-id: <004b01c8da77$c65e95b0$531bc110$%park@samsung.com> MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q)" Subject: [Bluez-devel] bccmd(csr_bcsp.c) bug Report Reply-To: BlueZ development List-Id: BlueZ development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: bluez-devel-bounces@lists.sourceforge.net Errors-To: bluez-devel-bounces@lists.sourceforge.net 여러 부분으로 구성된 MIME 형식의 메시지입니다. --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q) Content-type: multipart/alternative; boundary="Boundary_(ID_8r+R5ybTWrCmmxtWvfFnrw)" --Boundary_(ID_8r+R5ybTWrCmmxtWvfFnrw) Content-type: text/plain; charset=ks_c_5601-1987 Content-transfer-encoding: quoted-printable Dear all =20 Recently I found the bccmd bug. =20 I think that do_command function (csr_bcsp.c) could have a problem=20 if we receive both UBCSP_PACKET_SENT and UBCSP_PACKET_RECEIVED simultaneously from ubcsp_poll function. =20 An expected scenario is that UBCSP_PACKET_SENT comes earlier than UBCSP_PACKET_RECEIVED. But if we get them at the same time this could be a problem because =A1=B0sent=3D1=A1=B1 is located after checking =A1=B0sent=3D=3D1=A1=B1. =20 It means that this program doesn=A1=AFt know UBCSP_PACKET_SENT even if = we already receive it. =20 I there anyone who know this bug? =20 If you let me know how to check-in code, I would like to do it! =20 Regards. =09 Chan-Yeol Park (=B9=DA =C2=F9 =BF=AD) Engineer =20 Mobile S/W Platform Lab.=20 Telecommunication R&D Center SAMSUNG ELECTRONICS CO., LTD. --Boundary_(ID_8r+R5ybTWrCmmxtWvfFnrw) Content-type: text/html; charset=ks_c_5601-1987 Content-transfer-encoding: quoted-printable

Dear all

Recently I found the bccmd = bug.

I think that do_command function (csr_bcsp.c) could have a problem

if we receive both = UBCSP_PACKET_SENT and UBCSP_PACKET_RECEIVED simultaneously from ubcsp_poll = function.

An expected scenario is that UBCSP_PACKET_SENT comes earlier than = UBCSP_PACKET_RECEIVED.

But if we get them at the same = time this could be a problem because =A1=B0sent=3D1=A1=B1 is located after checking =A1=B0sent=3D=3D1=A1=B1.

It means that this program = doesn=A1=AFt know UBCSP_PACKET_SENT even if we already receive = it.

I there anyone who know this = bug?

If you let me know how to = check-in code,

I would like to do = it!

Regards.

Chan-Yeol Park (=B9=DA =C2=F9 = =BF=AD)

Engineer

Mobile S/W Platform Lab. =

Telecommunication R&D Center

SAMSUNG ELECTRONICS CO., LTD.

--Boundary_(ID_8r+R5ybTWrCmmxtWvfFnrw)-- --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q) Content-type: application/octet-stream; name=csr_bcsp_modified.c Content-transfer-encoding: quoted-printable Content-disposition: attachment; filename=csr_bcsp_modified.c static int do_command(uint16_t command, uint16_t seqnum, uint16_t varid, = uint8_t *value, uint16_t length)=0A= {=0A= unsigned char cp[254], rp[254];=0A= uint8_t cmd[10];=0A= uint16_t size;=0A= uint8_t delay, activity =3D 0x00;=0A= int timeout =3D 0, sent =3D 0;=0A= =0A= size =3D (length < 8) ? 9 : ((length + 1) / 2) + 5;=0A= =0A= cmd[0] =3D command & 0xff;=0A= cmd[1] =3D command >> 8;=0A= cmd[2] =3D size & 0xff;=0A= cmd[3] =3D size >> 8;=0A= cmd[4] =3D seqnum & 0xff;=0A= cmd[5] =3D seqnum >> 8;=0A= cmd[6] =3D varid & 0xff;=0A= cmd[7] =3D varid >> 8;=0A= cmd[8] =3D 0x00;=0A= cmd[9] =3D 0x00;=0A= =0A= memset(cp, 0, sizeof(cp));=0A= cp[0] =3D 0x00;=0A= cp[1] =3D 0xfc;=0A= cp[2] =3D (size * 2) + 1;=0A= cp[3] =3D 0xc2;=0A= memcpy(cp + 4, cmd, sizeof(cmd));=0A= memcpy(cp + 14, value, length);=0A= =0A= receive_packet.length =3D 512;=0A= ubcsp_receive_packet(&receive_packet);=0A= =0A= send_packet.channel =3D 5;=0A= send_packet.reliable =3D 1;=0A= send_packet.length =3D (size * 2) + 4;=0A= memcpy(send_packet.payload, cp, (size * 2) + 4);=0A= =0A= ubcsp_send_packet(&send_packet);=0A= =0A= while (1) {=0A= delay =3D ubcsp_poll(&activity);=0A= =0A= if (activity & UBCSP_PACKET_SENT) {=0A= switch (varid) {=0A= case CSR_VARID_COLD_RESET:=0A= case CSR_VARID_WARM_RESET:=0A= case CSR_VARID_COLD_HALT:=0A= case CSR_VARID_WARM_HALT:=0A= return 0;=0A= }=0A= =0A= sent =3D 1;=0A= timeout =3D 0;=0A= }=0A= =0A= if (activity & UBCSP_PACKET_RECEIVED) {=0A= if (sent && receive_packet.channel =3D=3D 5 &&=0A= receive_packet.payload[0] =3D=3D 0xff) {=0A= memcpy(rp, receive_packet.payload,=0A= receive_packet.length);=0A= break;=0A= }=0A= =0A= receive_packet.length =3D 512;=0A= ubcsp_receive_packet(&receive_packet);=0A= timeout =3D 0;=0A= }=0A= =0A= if (delay) {=0A= usleep(delay * 100);=0A= =0A= if (timeout++ > 100) {=0A= fprintf(stderr, "Operation timed out\n");=0A= return -1;=0A= }=0A= }=0A= }=0A= =0A= if (rp[0] !=3D 0xff || rp[2] !=3D 0xc2) {=0A= errno =3D EIO;=0A= return -1;=0A= }=0A= =0A= if ((rp[11] + (rp[12] << 8)) !=3D 0) {=0A= errno =3D ENXIO;=0A= return -1;=0A= }=0A= =0A= memcpy(value, rp + 13, length);=0A= =0A= return 0;=0A= }=0A= --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q) Content-type: application/octet-stream; name=csr_bcsp_original.c Content-transfer-encoding: quoted-printable Content-disposition: attachment; filename=csr_bcsp_original.c =0A= static int do_command(uint16_t command, uint16_t seqnum, uint16_t varid, = uint8_t *value, uint16_t length)=0A= {=0A= unsigned char cp[254], rp[254];=0A= uint8_t cmd[10];=0A= uint16_t size;=0A= uint8_t delay, activity =3D 0x00;=0A= int timeout =3D 0, sent =3D 0;=0A= =0A= size =3D (length < 8) ? 9 : ((length + 1) / 2) + 5;=0A= =0A= cmd[0] =3D command & 0xff;=0A= cmd[1] =3D command >> 8;=0A= cmd[2] =3D size & 0xff;=0A= cmd[3] =3D size >> 8;=0A= cmd[4] =3D seqnum & 0xff;=0A= cmd[5] =3D seqnum >> 8;=0A= cmd[6] =3D varid & 0xff;=0A= cmd[7] =3D varid >> 8;=0A= cmd[8] =3D 0x00;=0A= cmd[9] =3D 0x00;=0A= =0A= memset(cp, 0, sizeof(cp));=0A= cp[0] =3D 0x00;=0A= cp[1] =3D 0xfc;=0A= cp[2] =3D (size * 2) + 1;=0A= cp[3] =3D 0xc2;=0A= memcpy(cp + 4, cmd, sizeof(cmd));=0A= memcpy(cp + 14, value, length);=0A= =0A= receive_packet.length =3D 512;=0A= ubcsp_receive_packet(&receive_packet);=0A= =0A= send_packet.channel =3D 5;=0A= send_packet.reliable =3D 1;=0A= send_packet.length =3D (size * 2) + 4;=0A= memcpy(send_packet.payload, cp, (size * 2) + 4);=0A= =0A= ubcsp_send_packet(&send_packet);=0A= =0A= while (1) {=0A= delay =3D ubcsp_poll(&activity);=0A= =0A= if (activity & UBCSP_PACKET_RECEIVED) {=0A= if (sent && receive_packet.channel =3D=3D 5 &&=0A= receive_packet.payload[0] =3D=3D 0xff) {=0A= memcpy(rp, receive_packet.payload,=0A= receive_packet.length);=0A= break;=0A= }=0A= =0A= receive_packet.length =3D 512;=0A= ubcsp_receive_packet(&receive_packet);=0A= timeout =3D 0;=0A= }=0A= =0A= if (activity & UBCSP_PACKET_SENT) {=0A= switch (varid) {=0A= case CSR_VARID_COLD_RESET:=0A= case CSR_VARID_WARM_RESET:=0A= case CSR_VARID_COLD_HALT:=0A= case CSR_VARID_WARM_HALT:=0A= return 0;=0A= }=0A= =0A= sent =3D 1;=0A= timeout =3D 0;=0A= }=0A= =0A= if (delay) {=0A= usleep(delay * 100);=0A= =0A= if (timeout++ > 100) {=0A= fprintf(stderr, "Operation timed out\n");=0A= return -1;=0A= }=0A= }=0A= }=0A= =0A= if (rp[0] !=3D 0xff || rp[2] !=3D 0xc2) {=0A= errno =3D EIO;=0A= return -1;=0A= }=0A= =0A= if ((rp[11] + (rp[12] << 8)) !=3D 0) {=0A= errno =3D ENXIO;=0A= return -1;=0A= }=0A= =0A= memcpy(value, rp + 13, length);=0A= =0A= return 0;=0A= }=0A= --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel --Boundary_(ID_YTe6OKr+OQXIJomNBFbb0Q)--