* [Bluez-devel] bccmd(csr_bcsp.c) bug Report
@ 2008-06-30 6:08 Chan-Yeol Park
2008-06-30 6:15 ` Marcel Holtmann
0 siblings, 1 reply; 4+ messages in thread
From: Chan-Yeol Park @ 2008-06-30 6:08 UTC (permalink / raw)
To: bluez-devel
[-- Attachment #1.1: Type: text/plain, Size: 835 bytes --]
Dear all
Recently I found the bccmd bug.
I think that do_command function (csr_bcsp.c) could have a problem
if we receive both UBCSP_PACKET_SENT and UBCSP_PACKET_RECEIVED
simultaneously from ubcsp_poll function.
An expected scenario is that UBCSP_PACKET_SENT comes earlier than
UBCSP_PACKET_RECEIVED.
But if we get them at the same time this could be a problem because
“sent=1” is located after checking “sent==1”.
It means that this program doesn’t know UBCSP_PACKET_SENT even if we
already receive it.
I there anyone who know this bug?
If you let me know how to check-in code,
I would like to do it!
Regards.
Chan-Yeol Park (박 찬 열)
Engineer
Mobile S/W Platform Lab.
Telecommunication R&D Center
SAMSUNG ELECTRONICS CO., LTD.
[-- Attachment #1.2: Type: text/html, Size: 6775 bytes --]
[-- Attachment #2: csr_bcsp_modified.c --]
[-- Type: application/octet-stream, Size: 1939 bytes --]
static int do_command(uint16_t command, uint16_t seqnum, uint16_t varid, uint8_t *value, uint16_t length)
{
unsigned char cp[254], rp[254];
uint8_t cmd[10];
uint16_t size;
uint8_t delay, activity = 0x00;
int timeout = 0, sent = 0;
size = (length < 8) ? 9 : ((length + 1) / 2) + 5;
cmd[0] = command & 0xff;
cmd[1] = command >> 8;
cmd[2] = size & 0xff;
cmd[3] = size >> 8;
cmd[4] = seqnum & 0xff;
cmd[5] = seqnum >> 8;
cmd[6] = varid & 0xff;
cmd[7] = varid >> 8;
cmd[8] = 0x00;
cmd[9] = 0x00;
memset(cp, 0, sizeof(cp));
cp[0] = 0x00;
cp[1] = 0xfc;
cp[2] = (size * 2) + 1;
cp[3] = 0xc2;
memcpy(cp + 4, cmd, sizeof(cmd));
memcpy(cp + 14, value, length);
receive_packet.length = 512;
ubcsp_receive_packet(&receive_packet);
send_packet.channel = 5;
send_packet.reliable = 1;
send_packet.length = (size * 2) + 4;
memcpy(send_packet.payload, cp, (size * 2) + 4);
ubcsp_send_packet(&send_packet);
while (1) {
delay = ubcsp_poll(&activity);
if (activity & UBCSP_PACKET_SENT) {
switch (varid) {
case CSR_VARID_COLD_RESET:
case CSR_VARID_WARM_RESET:
case CSR_VARID_COLD_HALT:
case CSR_VARID_WARM_HALT:
return 0;
}
sent = 1;
timeout = 0;
}
if (activity & UBCSP_PACKET_RECEIVED) {
if (sent && receive_packet.channel == 5 &&
receive_packet.payload[0] == 0xff) {
memcpy(rp, receive_packet.payload,
receive_packet.length);
break;
}
receive_packet.length = 512;
ubcsp_receive_packet(&receive_packet);
timeout = 0;
}
if (delay) {
usleep(delay * 100);
if (timeout++ > 100) {
fprintf(stderr, "Operation timed out\n");
return -1;
}
}
}
if (rp[0] != 0xff || rp[2] != 0xc2) {
errno = EIO;
return -1;
}
if ((rp[11] + (rp[12] << 8)) != 0) {
errno = ENXIO;
return -1;
}
memcpy(value, rp + 13, length);
return 0;
}
[-- Attachment #3: csr_bcsp_original.c --]
[-- Type: application/octet-stream, Size: 1941 bytes --]
static int do_command(uint16_t command, uint16_t seqnum, uint16_t varid, uint8_t *value, uint16_t length)
{
unsigned char cp[254], rp[254];
uint8_t cmd[10];
uint16_t size;
uint8_t delay, activity = 0x00;
int timeout = 0, sent = 0;
size = (length < 8) ? 9 : ((length + 1) / 2) + 5;
cmd[0] = command & 0xff;
cmd[1] = command >> 8;
cmd[2] = size & 0xff;
cmd[3] = size >> 8;
cmd[4] = seqnum & 0xff;
cmd[5] = seqnum >> 8;
cmd[6] = varid & 0xff;
cmd[7] = varid >> 8;
cmd[8] = 0x00;
cmd[9] = 0x00;
memset(cp, 0, sizeof(cp));
cp[0] = 0x00;
cp[1] = 0xfc;
cp[2] = (size * 2) + 1;
cp[3] = 0xc2;
memcpy(cp + 4, cmd, sizeof(cmd));
memcpy(cp + 14, value, length);
receive_packet.length = 512;
ubcsp_receive_packet(&receive_packet);
send_packet.channel = 5;
send_packet.reliable = 1;
send_packet.length = (size * 2) + 4;
memcpy(send_packet.payload, cp, (size * 2) + 4);
ubcsp_send_packet(&send_packet);
while (1) {
delay = ubcsp_poll(&activity);
if (activity & UBCSP_PACKET_RECEIVED) {
if (sent && receive_packet.channel == 5 &&
receive_packet.payload[0] == 0xff) {
memcpy(rp, receive_packet.payload,
receive_packet.length);
break;
}
receive_packet.length = 512;
ubcsp_receive_packet(&receive_packet);
timeout = 0;
}
if (activity & UBCSP_PACKET_SENT) {
switch (varid) {
case CSR_VARID_COLD_RESET:
case CSR_VARID_WARM_RESET:
case CSR_VARID_COLD_HALT:
case CSR_VARID_WARM_HALT:
return 0;
}
sent = 1;
timeout = 0;
}
if (delay) {
usleep(delay * 100);
if (timeout++ > 100) {
fprintf(stderr, "Operation timed out\n");
return -1;
}
}
}
if (rp[0] != 0xff || rp[2] != 0xc2) {
errno = EIO;
return -1;
}
if ((rp[11] + (rp[12] << 8)) != 0) {
errno = ENXIO;
return -1;
}
memcpy(value, rp + 13, length);
return 0;
}
[-- Attachment #4: Type: text/plain, Size: 247 bytes --]
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
[-- Attachment #5: Type: text/plain, Size: 164 bytes --]
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Bluez-devel] bccmd(csr_bcsp.c) bug Report
2008-06-30 6:08 [Bluez-devel] bccmd(csr_bcsp.c) bug Report Chan-Yeol Park
@ 2008-06-30 6:15 ` Marcel Holtmann
2008-07-02 18:47 ` Frank Mandarino
0 siblings, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2008-06-30 6:15 UTC (permalink / raw)
To: BlueZ development
SGksCgo+IEkgdGhpbmsgdGhhdCBkb19jb21tYW5kIGZ1bmN0aW9uIChjc3JfYmNzcC5jKSBjb3Vs
ZCBoYXZlIGEgcHJvYmxlbSAKPiAKPiBpZiB3ZSByZWNlaXZlIGJvdGggVUJDU1BfUEFDS0VUX1NF
TlQgYW5kIFVCQ1NQX1BBQ0tFVF9SRUNFSVZFRAo+IHNpbXVsdGFuZW91c2x5IGZyb20gdWJjc3Bf
cG9sbCBmdW5jdGlvbi4KPgo+IEFuIGV4cGVjdGVkIHNjZW5hcmlvIGlzIHRoYXQgVUJDU1BfUEFD
S0VUX1NFTlQgY29tZXMgZWFybGllciB0aGFuCj4gVUJDU1BfUEFDS0VUX1JFQ0VJVkVELgo+IAo+
IEJ1dCBpZiB3ZSBnZXQgdGhlbSBhdCB0aGUgc2FtZSB0aW1lIHRoaXMgY291bGQgYmUgYSBwcm9i
bGVtIGJlY2F1c2UKPiDigJxzZW50PTHigJ0gaXMgbG9jYXRlZCBhZnRlciBjaGVja2luZyDigJxz
ZW50PT0x4oCdLgo+Cj4gSXQgbWVhbnMgdGhhdCB0aGlzIHByb2dyYW0gZG9lc27igJl0IGtub3cg
VUJDU1BfUEFDS0VUX1NFTlQgZXZlbiBpZiB3ZQo+IGFscmVhZHkgcmVjZWl2ZSBpdC4KCnBsZWFz
ZSBzZW50IGEgcGF0Y2ggKHVuaWZpZWQgZGlmZikgZm9yIGl0LgoKUmVnYXJkcwoKTWFyY2VsCgoK
Ci0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0KQ2hlY2sgb3V0IHRoZSBuZXcgU291cmNlRm9yZ2UubmV0IE1hcmtl
dHBsYWNlLgpJdCdzIHRoZSBiZXN0IHBsYWNlIHRvIGJ1eSBvciBzZWxsIHNlcnZpY2VzIGZvcgpq
dXN0IGFib3V0IGFueXRoaW5nIE9wZW4gU291cmNlLgpodHRwOi8vc291cmNlZm9yZ2UubmV0L3Nl
cnZpY2VzL2J1eS9pbmRleC5waHAKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX18KQmx1ZXotZGV2ZWwgbWFpbGluZyBsaXN0CkJsdWV6LWRldmVsQGxpc3RzLnNv
dXJjZWZvcmdlLm5ldApodHRwczovL2xpc3RzLnNvdXJjZWZvcmdlLm5ldC9saXN0cy9saXN0aW5m
by9ibHVlei1kZXZlbAo=
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Bluez-devel] bccmd(csr_bcsp.c) bug Report
2008-06-30 6:15 ` Marcel Holtmann
@ 2008-07-02 18:47 ` Frank Mandarino
2008-07-11 6:49 ` Marcel Holtmann
0 siblings, 1 reply; 4+ messages in thread
From: Frank Mandarino @ 2008-07-02 18:47 UTC (permalink / raw)
To: BlueZ development
[-- Attachment #1: Type: text/plain, Size: 965 bytes --]
Marcel Holtmann wrote:
> Hi,
>
>> I think that do_command function (csr_bcsp.c) could have a problem
>>
>> if we receive both UBCSP_PACKET_SENT and UBCSP_PACKET_RECEIVED
>> simultaneously from ubcsp_poll function.
>>
>> An expected scenario is that UBCSP_PACKET_SENT comes earlier than
>> UBCSP_PACKET_RECEIVED.
>>
>> But if we get them at the same time this could be a problem because
>> “sent=1” is located after checking “sent==1”.
>>
>> It means that this program doesn’t know UBCSP_PACKET_SENT even if we
>> already receive it.
>
> please sent a patch (unified diff) for it.
>
> Regards
>
> Marcel
Hi Marcel,
I sent in a patch for this back in August 2006
(http://article.gmane.org/gmane.linux.bluez.devel/8836).
The patch still applies to the latest CVS source. I have attached it to
this post.
Regards
../fam
--
Frank Mandarino fmandarino(a)endrelia.com
Endrelia Technologies Inc.
Toronto, Ontario, Canada
[-- Attachment #2: csr_bcsp.c.txt --]
[-- Type: text/plain, Size: 1209 bytes --]
Index: utils/tools/csr_bcsp.c
===================================================================
RCS file: /cvsroot/bluez/utils/tools/csr_bcsp.c,v
retrieving revision 1.6
diff -u -r1.6 csr_bcsp.c
--- utils/tools/csr_bcsp.c 26 Jul 2006 13:32:45 -0000 1.6
+++ utils/tools/csr_bcsp.c 30 Aug 2006 15:06:56 -0000
@@ -188,19 +188,6 @@
while (1) {
delay = ubcsp_poll(&activity);
- if (activity & UBCSP_PACKET_RECEIVED) {
- if (sent && receive_packet.channel == 5 &&
- receive_packet.payload[0] == 0xff) {
- memcpy(rp, receive_packet.payload,
- receive_packet.length);
- break;
- }
-
- receive_packet.length = 512;
- ubcsp_receive_packet(&receive_packet);
- timeout = 0;
- }
-
if (activity & UBCSP_PACKET_SENT) {
switch (varid) {
case CSR_VARID_COLD_RESET:
@@ -214,6 +201,19 @@
timeout = 0;
}
+ if (activity & UBCSP_PACKET_RECEIVED) {
+ if (sent && receive_packet.channel == 5 &&
+ receive_packet.payload[0] == 0xff) {
+ memcpy(rp, receive_packet.payload,
+ receive_packet.length);
+ break;
+ }
+
+ receive_packet.length = 512;
+ ubcsp_receive_packet(&receive_packet);
+ timeout = 0;
+ }
+
if (delay) {
usleep(delay * 100);
[-- Attachment #3: Type: text/plain, Size: 347 bytes --]
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
[-- Attachment #4: Type: text/plain, Size: 164 bytes --]
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-11 6:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-30 6:08 [Bluez-devel] bccmd(csr_bcsp.c) bug Report Chan-Yeol Park
2008-06-30 6:15 ` Marcel Holtmann
2008-07-02 18:47 ` Frank Mandarino
2008-07-11 6:49 ` Marcel Holtmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox