[PATCH BlueZ 2/2] mesh: Fix segfault related to idle config write

linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Inga Stotland <inga.stotland@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: brian.gix@intel.com, Inga Stotland <inga.stotland@intel.com>
Subject: [PATCH BlueZ 2/2] mesh: Fix segfault related to idle config write
Date: Wed,  1 Apr 2020 17:04:36 -0700	[thread overview]
Message-ID: <20200402000436.23209-2-inga.stotland@intel.com> (raw)
In-Reply-To: <20200402000436.23209-1-inga.stotland@intel.com>

If node configuration is completely removed from the system,
remove all pending writes to the configuration file.

Fixes the segfault below:

mesh/cfgmod-server.c:node_reset() Node Reset
mesh/mesh-config-json.c:mesh_config_destroy() Delete node config /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000/0001
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json.bak
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c
Segmentation fault

Program terminated with signal SIGSEGV, Segmentation fault.

  0x0000563a35df2ed0 in ?? ()
  0x00007fd6b131689f in json_object_to_json_string_length (jso=jso@entry=0x563a35dd8d30, flags=flags@entry=2,
---
 mesh/mesh-config-json.c | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 172e0e355..97267b6c3 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -54,6 +54,7 @@ struct mesh_config {
 	uint8_t uuid[16];
 	uint32_t write_seq;
 	struct timeval write_time;
+	struct l_queue *idles;
 };
 
 struct write_info {
@@ -1677,6 +1678,7 @@ static struct mesh_config *create_config(const char *cfg_path,
 	memcpy(cfg->uuid, uuid, 16);
 	cfg->node_dir_path = l_strdup(cfg_path);
 	cfg->write_seq = node->seq_number;
+	cfg->idles = l_queue_new();
 	gettimeofday(&cfg->write_time, NULL);
 
 	return cfg;
@@ -2104,6 +2106,7 @@ static bool load_node(const char *fname, const uint8_t uuid[16],
 		memcpy(cfg->uuid, uuid, 16);
 		cfg->node_dir_path = l_strdup(fname);
 		cfg->write_seq = node.seq_number;
+		cfg->idles = l_queue_new();
 		gettimeofday(&cfg->write_time, NULL);
 
 		result = cb(&node, uuid, cfg, user_data);
@@ -2130,17 +2133,26 @@ done:
 	return result;
 }
 
+static void release_idle(void *data)
+{
+	struct l_idle *idle = data;
+
+	l_idle_remove(idle);
+}
+
 void mesh_config_release(struct mesh_config *cfg)
 {
 	if (!cfg)
 		return;
 
+	l_queue_destroy(cfg->idles, release_idle);
+
 	l_free(cfg->node_dir_path);
 	json_object_put(cfg->jnode);
 	l_free(cfg);
 }
 
-static void idle_save_config(void *user_data)
+static void idle_save_config(struct l_idle *idle, void *user_data)
 {
 	struct write_info *info = user_data;
 	char *fname_tmp, *fname_bak, *fname_cfg;
@@ -2169,6 +2181,11 @@ static void idle_save_config(void *user_data)
 	if (info->cb)
 		info->cb(info->user_data, result);
 
+	if (idle) {
+		l_queue_remove(info->cfg->idles, idle);
+		l_idle_remove(idle);
+	}
+
 	l_free(info);
 
 }
@@ -2186,10 +2203,14 @@ bool mesh_config_save(struct mesh_config *cfg, bool no_wait,
 	info->cb = cb;
 	info->user_data = user_data;
 
-	if (no_wait)
-		idle_save_config(info);
-	else
-		l_idle_oneshot(idle_save_config, info, NULL);
+	if (no_wait) {
+		idle_save_config(NULL, info);
+	} else {
+		struct l_idle *idle;
+
+		idle = l_idle_create(idle_save_config, info, NULL);
+		l_queue_push_tail(cfg->idles, idle);
+	}
 
 	return true;
 }
-- 
2.21.1

next prev parent reply	other threads:[~2020-04-02  0:04 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-02  0:04 [PATCH BlueZ 1/2] mesh: Move SEQ_MASK define in mesh-defs.h Inga Stotland
2020-04-02  0:04 ` Inga Stotland [this message]
2020-04-02  1:33 ` Gix, Brian

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:172e0e35 dfblob:97267b6c )
 OR (
bs:"[PATCH BlueZ 2/2] mesh: Fix segfault related to idle config write" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200402000436.23209-2-inga.stotland@intel.com \
    --to=inga.stotland@intel.com \
    --cc=brian.gix@intel.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).