* [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync
@ 2023-07-26 21:25 Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
This adds a few tests checking ISO socket handling of invalid input
parameters and cleanup in some race conditions:
ISO QoS CIG 0xF0 - Invalid
ISO QoS CIS 0xF0 - Invalid
ISO Connect2 CIG 0x01 - Success/Invalid
ISO AC 6(ii) CIS 0xEF/auto - Success
ISO AC 6(ii) CIS 0xEF/0xEF - Invalid
ISO Defer Close - Success
ISO Connect Close - Success
ISO Defer Wait Close - Success
ISO Connect Wait Close - Success
There's also one for a hci_sync race condition that triggers GPF:
eSCO Simultaneous Disconnect - Failure
I have a patch series fixing these, but we'll revisit the
HCI_CONN_DELETED flag there, so maybe discussion needed.
These fail on current bluetooth-next/master, so it could make most sense
to wait for the fixes first.
Pauli Virtanen (5):
btdev: check error conditions for HCI_Create_Connection_Cancel
sco-tester: test local and remote disconnecting simultaneously
iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID
iso-tester: add tests checking Remove CIG is emitted
btdev: fix Command Status command opcodes for Setup Sync Conn
emulator/btdev.c | 80 ++++++++++++++++++---
tools/iso-tester.c | 168 +++++++++++++++++++++++++++++++++++++++++++++
tools/sco-tester.c | 59 ++++++++++++++++
3 files changed, 297 insertions(+), 10 deletions(-)
--
2.41.0
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
@ 2023-07-26 21:25 ` Pauli Virtanen
2023-07-26 22:21 ` Additional tests for ISO and hci_sync bluez.test.bot
2023-07-27 9:28 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 2/5] sco-tester: test local and remote disconnecting simultaneously Pauli Virtanen
` (3 subsequent siblings)
4 siblings, 2 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
Create Connection Cancel shall return Command Complete with error status
when there is no Create Connection that can be canceled. In these
cases, we should not send a (spurious) Connection Complete event.
Fix by keeping a list of pending Create Connection commands, and
returning command errors if there is none pending at the moment.
---
emulator/btdev.c | 76 +++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 68 insertions(+), 8 deletions(-)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 637f0bb98..0c75e71c0 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -62,6 +62,7 @@ struct hook {
#define MAX_HOOK_ENTRIES 16
#define MAX_EXT_ADV_SETS 3
+#define MAX_PENDING_CONN 16
struct btdev_conn {
uint16_t handle;
@@ -223,6 +224,8 @@ struct btdev {
uint8_t le_rl_enable;
uint16_t le_rl_timeout;
+ struct btdev *pending_conn[MAX_PENDING_CONN];
+
uint8_t le_local_sk256[32];
uint16_t sync_train_interval;
@@ -1211,10 +1214,36 @@ static struct btdev_conn *conn_link_bis(struct btdev *dev, struct btdev *remote,
return conn;
}
+static void pending_conn_add(struct btdev *btdev, struct btdev *remote)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
+ if (!btdev->pending_conn[i]) {
+ btdev->pending_conn[i] = remote;
+ return;
+ }
+ }
+}
+
+static bool pending_conn_del(struct btdev *btdev, struct btdev *remote)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
+ if (btdev->pending_conn[i] == remote) {
+ btdev->pending_conn[i] = NULL;
+ return true;
+ }
+ }
+ return false;
+}
+
static void conn_complete(struct btdev *btdev,
const uint8_t *bdaddr, uint8_t status)
{
struct bt_hci_evt_conn_complete cc;
+ struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
if (!status) {
struct btdev_conn *conn;
@@ -1223,6 +1252,8 @@ static void conn_complete(struct btdev *btdev,
if (!conn)
return;
+ pending_conn_del(conn->link->dev, btdev);
+
cc.status = status;
memcpy(cc.bdaddr, btdev->bdaddr, 6);
cc.encr_mode = 0x00;
@@ -1240,6 +1271,8 @@ static void conn_complete(struct btdev *btdev,
cc.link_type = 0x01;
}
+ pending_conn_del(btdev, remote);
+
cc.status = status;
memcpy(cc.bdaddr, bdaddr, 6);
cc.encr_mode = 0x00;
@@ -1260,6 +1293,8 @@ static int cmd_create_conn_complete(struct btdev *dev, const void *data,
memcpy(cr.dev_class, dev->dev_class, 3);
cr.link_type = 0x01;
+ pending_conn_add(dev, remote);
+
send_event(remote, BT_HCI_EVT_CONN_REQUEST, &cr, sizeof(cr));
} else {
conn_complete(dev, cmd->bdaddr, BT_HCI_ERR_PAGE_TIMEOUT);
@@ -1296,14 +1331,47 @@ static int cmd_add_sco_conn(struct btdev *dev, const void *data, uint8_t len)
cc.encr_mode = 0x00;
done:
+ pending_conn_del(dev, conn->link->dev);
+
send_event(dev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
return 0;
}
+static bool match_bdaddr(const void *data, const void *match_data)
+{
+ const struct btdev_conn *conn = data;
+ const uint8_t *bdaddr = match_data;
+
+ return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
+}
+
static int cmd_create_conn_cancel(struct btdev *dev, const void *data,
uint8_t len)
{
+ const struct bt_hci_cmd_create_conn_cancel *cmd = data;
+ struct btdev *remote = find_btdev_by_bdaddr(cmd->bdaddr);
+ struct btdev_conn *conn;
+
+ /* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E page 1848
+ *
+ * If the connection is already established, and the
+ * HCI_Connection_Complete event has been sent, then the Controller
+ * shall return an HCI_Command_Complete event with the error code
+ * Connection Already Exists (0x0B). If the HCI_Create_Connection_Cancel
+ * command is sent to the Controller without a preceding
+ * HCI_Create_Connection command to the same device, the BR/EDR
+ * Controller shall return an HCI_Command_Complete event with the error
+ * code Unknown Connection Identifier (0x02).
+ */
+ if (!pending_conn_del(dev, remote)) {
+ conn = queue_find(dev->conns, match_bdaddr, cmd->bdaddr);
+ if (conn)
+ return -EEXIST;
+
+ return -ENOENT;
+ }
+
cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_CREATE_CONN_CANCEL);
return 0;
@@ -1372,14 +1440,6 @@ static int cmd_link_key_reply(struct btdev *dev, const void *data, uint8_t len)
return 0;
}
-static bool match_bdaddr(const void *data, const void *match_data)
-{
- const struct btdev_conn *conn = data;
- const uint8_t *bdaddr = match_data;
-
- return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
-}
-
static void auth_complete(struct btdev_conn *conn, uint8_t status)
{
struct bt_hci_evt_auth_complete ev;
--
2.41.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 2/5] sco-tester: test local and remote disconnecting simultaneously
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
@ 2023-07-26 21:25 ` Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 3/5] iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID Pauli Virtanen
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
Demonstrate a kernel race condition when remote side disconnects at the
same time as local side tries to cancel the connection. I.e.
[controller] > HCI Synchronous Connect Complete
[controller] > HCI Disconnection Complete (from remote)
[user] shutdown(sco_socket)
[kernel] hci_conn_abort(SCO handle)
[kernel] > HCI Create Connection Cancel
[kernel] < HCI Synchronous Connect Complete
[kernel] < HCI Disconnect Complete
[controller] < HCI Create Connection Cancel
[controller] > HCI Command Status (Create Connection Cancel)
[kernel] < HCI Command Status (Create Connection Cancel)
and then we get BUG: KASAN: slab-use-after-free in hci_conn_failed when
hci_conn_abort tries to delete the same connection a second time.
This type of crash is probably not limited to the sequence here, but for
this one it was possible to get the timing right in the emulator.
Add a test that hits this in the emulator environment (pretty narrow
window to hit on real hardware):
eSCO Simultaneous Disconnect - Failure
---
Notes:
==================================================================
BUG: KASAN: slab-use-after-free in hci_conn_failed+0x25/0x190
Read of size 8 at addr ffff8880029e1958 by task kworker/u3:2/35
CPU: 0 PID: 35 Comm: kworker/u3:2 Not tainted 6.5.0-rc1-00520-gf57f797eebfe #152
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014
Workqueue: hci0 hci_cmd_sync_work
Call Trace:
<TASK>
print_report+0xce/0x620
? __virt_addr_valid+0xd8/0x160
? hci_conn_failed+0x25/0x190
kasan_report+0xd5/0x110
? hci_conn_failed+0x25/0x190
hci_conn_failed+0x25/0x190
hci_abort_conn_sync+0x23b/0x370
? __pfx_hci_abort_conn_sync+0x10/0x10
? __pfx_lock_acquire+0x10/0x10
? __pfx_abort_conn_sync+0x10/0x10
? __pfx_abort_conn_sync+0x10/0x10
hci_cmd_sync_work+0x125/0x200
process_one_work+0x4ee/0x8f0
? __pfx_process_one_work+0x10/0x10
? __kthread_parkme+0x5f/0xe0
? mark_held_locks+0x1a/0x90
worker_thread+0x8c/0x630
? __kthread_parkme+0xc5/0xe0
? __pfx_worker_thread+0x10/0x10
kthread+0x17c/0x1c0
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2b/0x50
</TASK>
Allocated by task 31:
kasan_save_stack+0x33/0x60
kasan_set_track+0x24/0x30
__kasan_kmalloc+0x8f/0xa0
hci_conn_add+0xa8/0xad0
hci_connect_sco+0x1cf/0x6e0
sco_sock_connect+0x1a2/0x600
__sys_connect+0x1a2/0x1d0
__x64_sys_connect+0x3b/0x50
do_syscall_64+0x47/0x90
entry_SYSCALL_64_after_hwframe+0x6c/0xd6
Freed by task 32:
kasan_save_stack+0x33/0x60
kasan_set_track+0x24/0x30
kasan_save_free_info+0x2b/0x50
__kasan_slab_free+0xfa/0x150
__kmem_cache_free+0xab/0x200
device_release+0x58/0xf0
kobject_put+0xee/0x310
hci_disconn_complete_evt+0x276/0x3a0
hci_event_packet+0x54b/0x800
hci_rx_work+0x2a4/0xae0
process_one_work+0x4ee/0x8f0
worker_thread+0x8c/0x630
kthread+0x17c/0x1c0
ret_from_fork+0x2b/0x50
Last potentially related work creation:
kasan_save_stack+0x33/0x60
__kasan_record_aux_stack+0x94/0xa0
insert_work+0x2d/0x150
__queue_work+0x2f1/0x610
queue_delayed_work_on+0x88/0x90
sco_chan_del+0x117/0x230
sco_sock_shutdown+0x109/0x230
__sys_shutdown+0xb4/0x130
__x64_sys_shutdown+0x29/0x40
do_syscall_64+0x47/0x90
entry_SYSCALL_64_after_hwframe+0x6c/0xd6
The buggy address belongs to the object at ffff8880029e1000
which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2392 bytes inside of
freed 4096-byte region [ffff8880029e1000, ffff8880029e2000)
The buggy address belongs to the physical page:
page:ffffea00000a7800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29e0
head:ffffea00000a7800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x4000000000010200(slab|head|zone=1)
page_type: 0xffffffff()
raw: 4000000000010200 ffff8880010424c0 ffffea0000063010 ffffea00000a8610
raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880029e1800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880029e1880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880029e1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880029e1980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880029e1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
tools/sco-tester.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/tools/sco-tester.c b/tools/sco-tester.c
index 44606328a..f3de42c7b 100644
--- a/tools/sco-tester.c
+++ b/tools/sco-tester.c
@@ -29,6 +29,7 @@
#include "src/shared/tester.h"
#include "src/shared/mgmt.h"
+#include "src/shared/util.h"
struct test_data {
const void *test_data;
@@ -37,6 +38,7 @@ struct test_data {
struct hciemu *hciemu;
enum hciemu_type hciemu_type;
unsigned int io_id;
+ int sk;
bool disable_esco;
bool enable_codecs;
};
@@ -225,6 +227,7 @@ static void test_data_free(void *test_data)
break; \
user->hciemu_type = HCIEMU_TYPE_BREDRLE; \
user->io_id = 0; \
+ user->sk = -1; \
user->test_data = data; \
user->disable_esco = _disable_esco; \
user->enable_codecs = _enable_codecs; \
@@ -250,6 +253,10 @@ static const struct sco_client_data connect_failure = {
.expect_err = EOPNOTSUPP
};
+static const struct sco_client_data connect_failure_reset = {
+ .expect_err = ECONNRESET
+};
+
const uint8_t data[] = {0, 1, 2, 3, 4, 5, 6, 7, 8};
static const struct sco_client_data connect_send_success = {
@@ -650,6 +657,8 @@ static void test_connect(const void *test_data)
return;
}
+ data->sk = sk;
+
io = g_io_channel_unix_new(sk);
g_io_channel_set_close_on_unref(io, TRUE);
@@ -745,6 +754,52 @@ static void test_connect_offload_msbc(const void *test_data)
end:
close(sk);
}
+
+static bool hook_simult_disc(const void *msg, uint16_t len, void *user_data)
+{
+ const struct bt_hci_evt_sync_conn_complete *ev = msg;
+ struct test_data *data = tester_get_data();
+ struct bthost *bthost;
+
+ tester_print("Simultaneous disconnect");
+
+ if (len != sizeof(struct bt_hci_evt_sync_conn_complete)) {
+ tester_test_failed();
+ return true;
+ }
+
+ /* Disconnect from local and remote sides at the same time */
+ bthost = hciemu_client_get_host(data->hciemu);
+ bthost_hci_disconnect(bthost, le16_to_cpu(ev->handle), 0x13);
+
+ shutdown(data->sk, SHUT_RDWR);
+
+ return true;
+}
+
+static bool hook_delay_cmd(const void *data, uint16_t len, void *user_data)
+{
+ tester_print("Delaying emulator response...");
+ g_usleep(250000);
+ tester_print("Delaying emulator response... Done.");
+ return true;
+}
+
+static void test_connect_simult_disc(const void *test_data)
+{
+ struct test_data *data = tester_get_data();
+
+ /* Kernel shall not crash, but <= 6.5-rc1 crash */
+ hciemu_add_hook(data->hciemu, HCIEMU_HOOK_POST_EVT,
+ BT_HCI_EVT_SYNC_CONN_COMPLETE,
+ hook_simult_disc, NULL);
+ hciemu_add_hook(data->hciemu, HCIEMU_HOOK_PRE_CMD,
+ BT_HCI_CMD_CREATE_CONN_CANCEL,
+ hook_delay_cmd, NULL);
+
+ test_connect(test_data);
+}
+
int main(int argc, char *argv[])
{
tester_init(&argc, &argv);
@@ -767,6 +822,10 @@ int main(int argc, char *argv[])
test_sco("eSCO mSBC - Success", &connect_success, setup_powered,
test_connect_transp);
+ test_sco("eSCO Simultaneous Disconnect - Failure",
+ &connect_failure_reset, setup_powered,
+ test_connect_simult_disc);
+
test_sco_11("SCO CVSD 1.1 - Success", &connect_success, setup_powered,
test_connect);
--
2.41.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 3/5] iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 2/5] sco-tester: test local and remote disconnecting simultaneously Pauli Virtanen
@ 2023-07-26 21:25 ` Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 4/5] iso-tester: add tests checking Remove CIG is emitted Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 5/5] btdev: fix Command Status command opcodes for Setup Sync Conn Pauli Virtanen
4 siblings, 0 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
Add test with a large CIS_ID and multiple CIS so it hits an error
condition in current kernels (which is why the AC configuration is
used).
Add tests for invalid configurations with bad or duplicate IDs, and for
trying to connect two CIS in same CIG without BT_DEFER_SETUP.
ISO QoS CIG 0xF0 - Invalid
ISO QoS CIS 0xF0 - Invalid
ISO Connect2 CIG 0x01 - Success/Invalid
ISO AC 6(ii) CIS 0xEF/auto - Success
ISO AC 6(ii) CIS 0xEF/0xEF - Invalid
---
Notes:
Current bluetooth-next/master fails these tests with
ISO QoS CIG 0xF0 - Invalid Timed out 2.301 seconds
ISO QoS CIS 0xF0 - Invalid Failed 0.117 seconds
ISO Connect2 CIG 0x01 - Success/Invalid Failed 0.189 seconds
ISO AC 6(ii) CIS 0xEF/auto - Success Failed 0.196 seconds
tools/iso-tester.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 72 insertions(+)
diff --git a/tools/iso-tester.c b/tools/iso-tester.c
index 8f43d7bec..9f853a0f9 100644
--- a/tools/iso-tester.c
+++ b/tools/iso-tester.c
@@ -95,6 +95,10 @@
QOS_FULL(0x01, 0x02, \
{}, QOS_IO(_interval, _latency, _sdu, _phy, _rtn))
+#define QOS_OUT_1_EF(_interval, _latency, _sdu, _phy, _rtn) \
+ QOS_FULL(0x01, 0xEF, \
+ {}, QOS_IO(_interval, _latency, _sdu, _phy, _rtn))
+
#define QOS_IN(_interval, _latency, _sdu, _phy, _rtn) \
QOS_FULL(BT_ISO_QOS_CIG_UNSET, BT_ISO_QOS_CIS_UNSET, \
QOS_IO(_interval, _latency, _sdu, _phy, _rtn), {})
@@ -172,6 +176,7 @@
*/
#define AC_6ii_1 QOS_OUT_1(10000, 10, 40, 0x02, 2)
#define AC_6ii_2 QOS_OUT_1(10000, 10, 40, 0x02, 2)
+#define AC_6ii_1_EF QOS_OUT_1_EF(10000, 10, 40, 0x02, 2) /* different CIS ID */
/* Two unidirectional CISes. Unicast Server is Audio Sink and Audio Source.
* #1 - CIG 1 CIS 1 (input)
* #2 - CIG 1 CIS 2 (output)
@@ -801,6 +806,16 @@ static const struct iso_client_data connect_reject = {
.expect_err = -ENOSYS
};
+static const struct iso_client_data connect_cig_f0_invalid = {
+ .qos = QOS_FULL(0xF0, 0x00, {}, QOS_IO(10000, 10, 40, 0x02, 2)),
+ .expect_err = -EINVAL
+};
+
+static const struct iso_client_data connect_cis_f0_invalid = {
+ .qos = QOS_FULL(0x00, 0xF0, {}, QOS_IO(10000, 10, 40, 0x02, 2)),
+ .expect_err = -EINVAL
+};
+
static const uint8_t data_16_2_1[40] = { [0 ... 39] = 0xff };
static const struct iovec send_16_2_1 = {
.iov_base = (void *)data_16_2_1,
@@ -960,6 +975,22 @@ static const struct iso_client_data reconnect_ac_6ii = {
.disconnect = true,
};
+static const struct iso_client_data connect_ac_6ii_cis_ef_auto = {
+ .qos = AC_6ii_1_EF,
+ .qos_2 = AC_6ii_2,
+ .expect_err = 0,
+ .mconn = true,
+ .defer = true,
+};
+
+static const struct iso_client_data connect_ac_6ii_cis_ef_ef = {
+ .qos = AC_6ii_1_EF,
+ .qos_2 = AC_6ii_1_EF,
+ .expect_err = -EINVAL,
+ .mconn = true,
+ .defer = true,
+};
+
static const struct iso_client_data connect_ac_7i = {
.qos = AC_7i_1,
.qos_2 = AC_7i_2,
@@ -2371,6 +2402,29 @@ static void test_connect2_seq(const void *test_data)
setup_connect(data, 0, iso_connect2_seq_cb);
}
+static void test_connect2_nodefer(const void *test_data)
+{
+ struct test_data *data = tester_get_data();
+ int sk, err;
+
+ /* Second connect() shall fail, because CIG is then busy,
+ * but the first connect() shall succeed.
+ */
+ setup_connect(data, 0, iso_connect_cb);
+
+ sk = create_iso_sock(data);
+ if (sk < 0) {
+ tester_test_failed();
+ return;
+ }
+
+ err = connect_iso_sock(data, 1, sk);
+ if (err != -EINVAL)
+ tester_test_failed();
+
+ close(sk);
+}
+
static void test_bcast(const void *test_data)
{
struct test_data *data = tester_get_data();
@@ -2518,6 +2572,12 @@ int main(int argc, char *argv[])
test_iso("ISO QoS - Invalid", &connect_invalid, setup_powered,
test_connect);
+ test_iso("ISO QoS CIG 0xF0 - Invalid", &connect_cig_f0_invalid,
+ setup_powered, test_connect);
+
+ test_iso("ISO QoS CIS 0xF0 - Invalid", &connect_cis_f0_invalid,
+ setup_powered, test_connect);
+
test_iso_rej("ISO Connect - Reject", &connect_reject, setup_powered,
test_connect, BT_HCI_ERR_CONN_FAILED_TO_ESTABLISH);
@@ -2545,6 +2605,10 @@ int main(int argc, char *argv[])
setup_powered,
test_connect2);
+ test_iso2("ISO Connect2 CIG 0x01 - Success/Invalid", &connect_1_16_2_1,
+ setup_powered,
+ test_connect2_nodefer);
+
test_iso("ISO Defer Send - Success", &connect_16_2_1_defer_send,
setup_powered,
test_connect);
@@ -2630,6 +2694,14 @@ int main(int argc, char *argv[])
setup_powered,
test_reconnect);
+ test_iso2("ISO AC 6(ii) CIS 0xEF/auto - Success",
+ &connect_ac_6ii_cis_ef_auto,
+ setup_powered, test_connect);
+
+ test_iso2("ISO AC 6(ii) CIS 0xEF/0xEF - Invalid",
+ &connect_ac_6ii_cis_ef_ef,
+ setup_powered, test_connect);
+
test_iso("ISO Broadcaster - Success", &bcast_16_2_1_send, setup_powered,
test_bcast);
test_iso("ISO Broadcaster Encrypted - Success", &bcast_enc_16_2_1_send,
--
2.41.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 4/5] iso-tester: add tests checking Remove CIG is emitted
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
` (2 preceding siblings ...)
2023-07-26 21:25 ` [PATCH BlueZ 3/5] iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID Pauli Virtanen
@ 2023-07-26 21:25 ` Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 5/5] btdev: fix Command Status command opcodes for Setup Sync Conn Pauli Virtanen
4 siblings, 0 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
Kernel should send LE Remove CIG after all CIS are shut down. Add tests
checking this, closing either immediately or after waiting connection to
complete.
ISO Defer Close - Success
ISO Connect Close - Success
ISO Defer Wait Close - Success
ISO Connect Wait Close - Success
---
tools/iso-tester.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 96 insertions(+)
diff --git a/tools/iso-tester.c b/tools/iso-tester.c
index 9f853a0f9..bbf959420 100644
--- a/tools/iso-tester.c
+++ b/tools/iso-tester.c
@@ -2425,6 +2425,90 @@ static void test_connect2_nodefer(const void *test_data)
close(sk);
}
+static gboolean iso_connect_close_cb(GIOChannel *io, GIOCondition cond,
+ gpointer user_data)
+{
+ struct test_data *data = user_data;
+
+ data->io_id[0] = 0;
+
+ tester_print("Disconnected");
+
+ --data->step;
+ if (!data->step)
+ tester_test_passed();
+
+ return FALSE;
+}
+
+static bool hook_remove_cig(const void *msg, uint16_t len, void *user_data)
+{
+ struct test_data *data = user_data;
+
+ tester_print("Remove CIG");
+
+ --data->step;
+ if (!data->step)
+ tester_test_passed();
+
+ return true;
+}
+
+static void test_connect_close(const void *test_data)
+{
+ struct test_data *data = tester_get_data();
+ int sk;
+ GIOChannel *io;
+
+ data->step = 2;
+
+ hciemu_add_hook(data->hciemu, HCIEMU_HOOK_PRE_CMD,
+ BT_HCI_CMD_LE_REMOVE_CIG,
+ hook_remove_cig, data);
+
+ sk = setup_sock(data, 0);
+ if (sk < 0)
+ return;
+
+ io = g_io_channel_unix_new(sk);
+ g_io_channel_set_close_on_unref(io, TRUE);
+ data->io_id[0] = g_io_add_watch(io, G_IO_HUP, iso_connect_close_cb,
+ data);
+
+ shutdown(sk, SHUT_RDWR);
+}
+
+static gboolean iso_connect_wait_close_cb(GIOChannel *io, GIOCondition cond,
+ gpointer user_data)
+{
+ struct test_data *data = tester_get_data();
+ int sk;
+
+ tester_print("Connected");
+
+ sk = g_io_channel_unix_get_fd(io);
+
+ data->io_id[0] = g_io_add_watch(io, G_IO_HUP, iso_connect_close_cb,
+ data);
+
+ shutdown(sk, SHUT_RDWR);
+
+ return FALSE;
+}
+
+static void test_connect_wait_close(const void *test_data)
+{
+ struct test_data *data = tester_get_data();
+
+ data->step = 1;
+
+ hciemu_add_hook(data->hciemu, HCIEMU_HOOK_PRE_CMD,
+ BT_HCI_CMD_LE_REMOVE_CIG,
+ hook_remove_cig, data);
+
+ setup_connect(data, 0, iso_connect_wait_close_cb);
+}
+
static void test_bcast(const void *test_data)
{
struct test_data *data = tester_get_data();
@@ -2601,6 +2685,18 @@ int main(int argc, char *argv[])
test_iso("ISO Defer Connect - Success", &defer_16_2_1, setup_powered,
test_connect);
+ test_iso("ISO Defer Close - Success", &defer_16_2_1, setup_powered,
+ test_connect_close);
+
+ test_iso("ISO Connect Close - Success", &connect_16_2_1, setup_powered,
+ test_connect_close);
+
+ test_iso("ISO Defer Wait Close - Success", &defer_16_2_1,
+ setup_powered, test_connect_wait_close);
+
+ test_iso("ISO Connect Wait Close - Success", &connect_16_2_1,
+ setup_powered, test_connect_wait_close);
+
test_iso2("ISO Defer Connect2 CIG 0x01 - Success", &defer_1_16_2_1,
setup_powered,
test_connect2);
--
2.41.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH BlueZ 5/5] btdev: fix Command Status command opcodes for Setup Sync Conn
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
` (3 preceding siblings ...)
2023-07-26 21:25 ` [PATCH BlueZ 4/5] iso-tester: add tests checking Remove CIG is emitted Pauli Virtanen
@ 2023-07-26 21:25 ` Pauli Virtanen
4 siblings, 0 replies; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-26 21:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Pauli Virtanen
The command opcode should be the CMD, not EVT.
---
emulator/btdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index 0c75e71c0..2483a35c5 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -2681,7 +2681,7 @@ static int cmd_enhanced_setup_sync_conn(struct btdev *dev, const void *data,
if (cmd->tx_coding_format[0] > 5)
status = BT_HCI_ERR_INVALID_PARAMETERS;
- cmd_status(dev, status, BT_HCI_EVT_SYNC_CONN_COMPLETE);
+ cmd_status(dev, status, BT_HCI_CMD_ENHANCED_SETUP_SYNC_CONN);
return 0;
}
@@ -2727,7 +2727,7 @@ done:
static int cmd_setup_sync_conn(struct btdev *dev, const void *data, uint8_t len)
{
- cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_EVT_SYNC_CONN_COMPLETE);
+ cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_SETUP_SYNC_CONN);
return 0;
}
--
2.41.0
^ permalink raw reply related [flat|nested] 9+ messages in thread
* RE: Additional tests for ISO and hci_sync
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
@ 2023-07-26 22:21 ` bluez.test.bot
2023-07-27 9:28 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
1 sibling, 0 replies; 9+ messages in thread
From: bluez.test.bot @ 2023-07-26 22:21 UTC (permalink / raw)
To: linux-bluetooth, pav
[-- Attachment #1: Type: text/plain, Size: 59460 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=769853
---Test result---
Test Summary:
CheckPatch PASS 2.30 seconds
GitLint FAIL 1.64 seconds
BuildEll PASS 27.68 seconds
BluezMake FAIL 84.30 seconds
MakeCheck FAIL 175.49 seconds
MakeDistcheck PASS 157.60 seconds
CheckValgrind FAIL 62.68 seconds
CheckSmatch FAIL 310.97 seconds
bluezmakeextell FAIL 87.83 seconds
IncrementalBuild FAIL 759.16 seconds
ScanBuild FAIL 988.37 seconds
Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ,2/5] sco-tester: test local and remote disconnecting simultaneously
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
6: B3 Line contains hard tab characters (\t): " [controller] > HCI Synchronous Connect Complete"
7: B3 Line contains hard tab characters (\t): " [controller] > HCI Disconnection Complete (from remote)"
8: B3 Line contains hard tab characters (\t): " [user] shutdown(sco_socket)"
9: B3 Line contains hard tab characters (\t): " [kernel] hci_conn_abort(SCO handle)"
10: B3 Line contains hard tab characters (\t): " [kernel] > HCI Create Connection Cancel"
11: B3 Line contains hard tab characters (\t): " [kernel] < HCI Synchronous Connect Complete"
12: B3 Line contains hard tab characters (\t): " [kernel] < HCI Disconnect Complete"
13: B3 Line contains hard tab characters (\t): " [controller] < HCI Create Connection Cancel"
14: B3 Line contains hard tab characters (\t): " [controller] > HCI Command Status (Create Connection Cancel)"
15: B3 Line contains hard tab characters (\t): " [kernel] < HCI Command Status (Create Connection Cancel)"
33: B2 Line has trailing whitespace: " "
34: B1 Line exceeds max length (84>80): " CPU: 0 PID: 35 Comm: kworker/u3:2 Not tainted 6.5.0-rc1-00520-gf57f797eebfe #152"
35: B1 Line exceeds max length (85>80): " Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014"
62: B2 Line has trailing whitespace: " "
74: B2 Line has trailing whitespace: " "
90: B2 Line has trailing whitespace: " "
103: B2 Line has trailing whitespace: " "
108: B2 Line has trailing whitespace: " "
110: B1 Line exceeds max length (93>80): " page:ffffea00000a7800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29e0"
117: B2 Line has trailing whitespace: " "
[BlueZ,3/5] iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
19: B2 Line has trailing whitespace: " "
20: B1 Line exceeds max length (83>80): " ISO QoS CIG 0xF0 - Invalid Timed out 2.301 seconds"
21: B1 Line exceeds max length (83>80): " ISO QoS CIS 0xF0 - Invalid Failed 0.117 seconds"
22: B1 Line exceeds max length (83>80): " ISO Connect2 CIG 0x01 - Success/Invalid Failed 0.189 seconds"
23: B1 Line exceeds max length (83>80): " ISO AC 6(ii) CIS 0xEF/auto - Success Failed 0.196 seconds"
##############################
Test: BluezMake - FAIL
Desc: Build BlueZ
Output:
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12763:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12763 | int main(int argc, char *argv[])
| ^~~~
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:8481: emulator/android_android_tester-btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4537: all] Error 2
##############################
Test: MakeCheck - FAIL
Desc: Run Bluez Make Check
Output:
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7645: emulator/btdev.o] Error 1
make: *** [Makefile:11875: check] Error 2
##############################
Test: CheckValgrind - FAIL
Desc: Run Bluez Make Check with Valgrind
Output:
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12763:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12763 | int main(int argc, char *argv[])
| ^~~~
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:8481: emulator/android_android_tester-btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:11875: check] Error 2
##############################
Test: CheckSmatch - FAIL
Desc: Run smatch tool with source
Output:
src/shared/crypto.c:271:21: warning: Variable length array is used.
src/shared/crypto.c:272:23: warning: Variable length array is used.
src/shared/gatt-helpers.c:768:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:830:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1323:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1354:23: warning: Variable length array is used.
src/shared/gatt-server.c:276:25: warning: Variable length array is used.
src/shared/gatt-server.c:619:25: warning: Variable length array is used.
src/shared/gatt-server.c:718:25: warning: Variable length array is used.
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
src/shared/crypto.c:271:21: warning: Variable length array is used.
src/shared/crypto.c:272:23: warning: Variable length array is used.
src/shared/gatt-helpers.c:768:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:830:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1323:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1354:23: warning: Variable length array is used.
src/shared/gatt-server.c:276:25: warning: Variable length array is used.
src/shared/gatt-server.c:619:25: warning: Variable length array is used.
src/shared/gatt-server.c:718:25: warning: Variable length array is used.
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
tools/mesh-cfgtest.c:1453:17: warning: unknown escape sequence: '\%'
tools/sco-tester.c: note: in included file:
./lib/bluetooth.h:216:15: warning: array of flexible structures
./lib/bluetooth.h:221:31: warning: array of flexible structures
tools/bneptest.c:634:39: warning: unknown escape sequence: '\%'
tools/seq2bseq.c:57:26: warning: Variable length array is used.
tools/obex-client-tool.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
android/avctp.c:505:34: warning: Variable length array is used.
android/avctp.c:556:34: warning: Variable length array is used.
unit/test-avrcp.c:373:26: warning: Variable length array is used.
unit/test-avrcp.c:398:26: warning: Variable length array is used.
unit/test-avrcp.c:414:24: warning: Variable length array is used.
android/avrcp-lib.c:1085:34: warning: Variable length array is used.
android/avrcp-lib.c:1583:34: warning: Variable length array is used.
android/avrcp-lib.c:1612:34: warning: Variable length array is used.
android/avrcp-lib.c:1638:34: warning: Variable length array is used.
profiles/input/device.c:165:26: warning: Variable length array is used.
mesh/mesh-io-mgmt.c:523:67: warning: Variable length array is used.
client/display.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
src/shared/crypto.c:271:21: warning: Variable length array is used.
src/shared/crypto.c:272:23: warning: Variable length array is used.
src/shared/gatt-helpers.c:768:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:830:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1323:31: warning: Variable length array is used.
src/shared/gatt-helpers.c:1354:23: warning: Variable length array is used.
src/shared/gatt-server.c:276:25: warning: Variable length array is used.
src/shared/gatt-server.c:619:25: warning: Variable length array is used.
src/shared/gatt-server.c:718:25: warning: Variable length array is used.
src/shared/shell.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
monitor/packet.c: note: in included file:
monitor/display.h:82:26: warning: Variable length array is used.
monitor/packet.c:1832:26: warning: Variable length array is used.
monitor/packet.c: note: in included file:
monitor/bt.h:3551:52: warning: array of flexible structures
monitor/bt.h:3539:40: warning: array of flexible structures
monitor/l2cap.c: note: in included file:
monitor/display.h:82:26: warning: Variable length array is used.
monitor/msft.c: note: in included file:
monitor/msft.h:88:44: warning: array of flexible structures
monitor/att.c: note: in included file:
monitor/display.h:82:26: warning: Variable length array is used.
tools/rctest.c:624:33: warning: non-ANSI function declaration of function 'automated_send_recv'
tools/hex2hcd.c:135:26: warning: Variable length array is used.
tools/meshctl.c:324:33: warning: non-ANSI function declaration of function 'forget_mesh_devices'
tools/mesh-gatt/node.c:456:39: warning: non-ANSI function declaration of function 'node_get_local_node'
tools/mesh-gatt/net.c:1239:30: warning: non-ANSI function declaration of function 'get_next_seq'
tools/mesh-gatt/net.c:2193:29: warning: non-ANSI function declaration of function 'net_get_default_ttl'
tools/mesh-gatt/net.c:2207:26: warning: non-ANSI function declaration of function 'net_get_seq_num'
tools/mesh-gatt/prov.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
tools/mesh-gatt/onoff-model.c: note: in included file (through /usr/include/readline/readline.h):
/usr/include/readline/rltypedefs.h:35:23: warning: non-ANSI function declaration of function 'Function'
/usr/include/readline/rltypedefs.h:36:25: warning: non-ANSI function declaration of function 'VFunction'
/usr/include/readline/rltypedefs.h:37:27: warning: non-ANSI function declaration of function 'CPFunction'
/usr/include/readline/rltypedefs.h:38:29: warning: non-ANSI function declaration of function 'CPPFunction'
ell/log.c:446:65: warning: non-ANSI function declaration of function 'register_debug_section'
ell/log.c:454:68: warning: non-ANSI function declaration of function 'free_debug_sections'
ell/random.c:75:42: warning: non-ANSI function declaration of function 'l_getrandom_is_supported'
ell/cipher.c:675:28: warning: non-ANSI function declaration of function 'init_supported'
ell/checksum.c:387:28: warning: non-ANSI function declaration of function 'init_supported'
ell/checksum.c:449:47: warning: non-ANSI function declaration of function 'l_checksum_cmac_aes_supported'
ell/cipher.c:534:24: warning: Variable length array is used.
ell/cert-crypto.c:51:33: warning: Variable length array is used.
ell/cert-crypto.c:147:36: warning: Variable length array is used.
ell/cert-crypto.c:203:36: warning: Variable length array is used.
ell/cert-crypto.c:256:31: warning: Variable length array is used.
ell/key.c:553:25: warning: Variable length array is used.
ell/dbus-service.c:563:49: warning: non-ANSI function declaration of function '_dbus_object_tree_new'
ell/dbus-filter.c:247:46: warning: Variable length array is used.
ell/tls.c:58:25: warning: Variable length array is used.
ell/tls.c:99:22: warning: Variable length array is used.
ell/tls.c:99:46: warning: Variable length array is used.
ell/tls.c:1832:26: warning: Variable length array is used.
ell/tls-suites.c:1091:25: warning: Variable length array is used.
ell/tls-suites.c:1093:34: warning: Variable length array is used.
ell/tls-suites.c:1096:41: warning: Variable length array is used.
ell/tls-suites.c:1145:41: warning: Variable length array is used.
emulator/btdev.c:420:29: warning: Variable length array is used.
emulator/bthost.c:584:28: warning: Variable length array is used.
emulator/bthost.c:741:28: warning: Variable length array is used.
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7645: emulator/btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4537: all] Error 2
##############################
Test: bluezmakeextell - FAIL
Desc: Build Bluez with External ELL
Output:
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7645: emulator/btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4537: all] Error 2
##############################
Test: IncrementalBuild - FAIL
Desc: Incremental build with the patches in the series
Output:
[BlueZ,1/5] btdev: check error conditions for HCI_Create_Connection_Cancel
tools/mgmt-tester.c: In function ‘main’:
tools/mgmt-tester.c:12763:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
12763 | int main(int argc, char *argv[])
| ^~~~
unit/test-avdtp.c: In function ‘main’:
unit/test-avdtp.c:766:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
766 | int main(int argc, char *argv[])
| ^~~~
unit/test-avrcp.c: In function ‘main’:
unit/test-avrcp.c:989:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without
989 | int main(int argc, char *argv[])
| ^~~~
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7645: emulator/btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4537: all] Error 2
##############################
Test: ScanBuild - FAIL
Desc: Run Scan Build
Output:
src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:993:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1099:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1291:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1356:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1631:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1636:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2140:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2148:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3236:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3258:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
src/shared/shell.c:1228:13: warning: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
if (c != opt->options[index - offset].val) {
^~~~~~~~~~~~
1 warning generated.
src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:993:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1099:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1291:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1356:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1631:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1636:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2140:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2148:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3236:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3258:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
tools/hciattach.c:816:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 10)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:864:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:886:8: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 10)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:908:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:929:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 4)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/hciattach.c:973:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
if ((n = read_hci_event(fd, resp, 6)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
6 warnings generated.
src/shared/shell.c:1228:13: warning: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
if (c != opt->options[index - offset].val) {
^~~~~~~~~~~~
1 warning generated.
src/oui.c:50:2: warning: Value stored to 'hwdb' is never read
hwdb = udev_hwdb_unref(hwdb);
^ ~~~~~~~~~~~~~~~~~~~~~
src/oui.c:53:2: warning: Value stored to 'udev' is never read
udev = udev_unref(udev);
^ ~~~~~~~~~~~~~~~~
2 warnings generated.
tools/hcidump.c:180:9: warning: Potential leak of memory pointed to by 'dp'
if (fds[i].fd == sock)
^~~
tools/hcidump.c:248:17: warning: Assigned value is garbage or undefined
dh->ts_sec = htobl(frm.ts.tv_sec);
^ ~~~~~~~~~~~~~~~~~~~~
tools/hcidump.c:326:9: warning: 1st function call argument is an uninitialized value
if (be32toh(dp.flags) & 0x02) {
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:341:20: warning: 1st function call argument is an uninitialized value
frm.data_len = be32toh(dp.len);
^~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:346:14: warning: 1st function call argument is an uninitialized value
opcode = be32toh(dp.flags) & 0xffff;
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:384:17: warning: Assigned value is garbage or undefined
frm.data_len = btohs(dh.len);
^ ~~~~~~~~~~~~~
tools/hcidump.c:394:11: warning: Assigned value is garbage or undefined
frm.len = frm.data_len;
^ ~~~~~~~~~~~~
tools/hcidump.c:398:9: warning: 1st function call argument is an uninitialized value
ts = be64toh(ph.ts);
^~~~~~~~~~~~~~
/usr/include/endian.h:51:22: note: expanded from macro 'be64toh'
# define be64toh(x) __bswap_64 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:403:13: warning: 1st function call argument is an uninitialized value
frm.in = be32toh(dp.flags) & 0x01;
^~~~~~~~~~~~~~~~~
/usr/include/endian.h:46:22: note: expanded from macro 'be32toh'
# define be32toh(x) __bswap_32 (x)
^~~~~~~~~~~~~~
tools/hcidump.c:408:11: warning: Assigned value is garbage or undefined
frm.in = dh.in;
^ ~~~~~
tools/hcidump.c:437:7: warning: Null pointer passed to 1st parameter expecting 'nonnull'
fd = open(file, open_flags, 0644);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
11 warnings generated.
tools/rfcomm.c:228:3: warning: Value stored to 'i' is never read
i = execvp(cmdargv[0], cmdargv);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:228:7: warning: Null pointer passed to 1st parameter expecting 'nonnull'
i = execvp(cmdargv[0], cmdargv);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:348:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/rfcomm.c:491:14: warning: Assigned value is garbage or undefined
req.channel = raddr.rc_channel;
^ ~~~~~~~~~~~~~~~~
tools/rfcomm.c:509:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 warnings generated.
src/sdp-xml.c:126:10: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:300:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:338:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
3 warnings generated.
tools/ciptool.c:350:7: warning: 5th function call argument is an uninitialized value
sk = do_connect(ctl, dev_id, &src, &dst, psm, (1 << CMTP_LOOPBACK));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
tools/sdptool.c:941:26: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t', which is incompatible with sizeof operand type 'int'
uint32_t *value_int = malloc(sizeof(int));
~~~~~~~~~~ ^~~~~~ ~~~~~~~~~~~
tools/sdptool.c:980:4: warning: 1st function call argument is an uninitialized value
free(allocArray[i]);
^~~~~~~~~~~~~~~~~~~
tools/sdptool.c:3777:2: warning: Potential leak of memory pointed to by 'si.name'
return add_service(0, &si);
^~~~~~~~~~~~~~~~~~~~~~~~~~
tools/sdptool.c:4112:4: warning: Potential leak of memory pointed to by 'context.svc'
return -1;
^~~~~~~~~
4 warnings generated.
tools/avtest.c:224:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:234:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:243:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:257:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:264:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:271:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:278:5: warning: Value stored to 'len' is never read
len = write(sk, buf,
^ ~~~~~~~~~~~~~~
tools/avtest.c:289:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:293:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:302:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:306:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:315:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:322:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:344:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:348:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:357:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:361:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:374:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 4);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:378:5: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:385:4: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:395:4: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:559:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:567:3: warning: Value stored to 'len' is never read
len = write(sk, buf, invalid ? 2 : 3);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/avtest.c:581:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 4 + sizeof(media_transport));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/avtest.c:594:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:604:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:616:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:631:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:643:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:652:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 3);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:659:3: warning: Value stored to 'len' is never read
len = write(sk, buf, 2);
^ ~~~~~~~~~~~~~~~~~
tools/avtest.c:695:2: warning: Value stored to 'len' is never read
len = write(sk, buf, AVCTP_HEADER_LENGTH + sizeof(play_pressed));
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 warnings generated.
tools/btproxy.c:836:15: warning: Null pointer passed to 1st parameter expecting 'nonnull'
tcp_port = atoi(optarg);
^~~~~~~~~~~~
tools/btproxy.c:839:8: warning: Null pointer passed to 1st parameter expecting 'nonnull'
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
^~~~~~~~~~~~~~
2 warnings generated.
tools/create-image.c:76:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:84:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:92:3: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
tools/create-image.c:105:2: warning: Value stored to 'fd' is never read
fd = -1;
^ ~~
4 warnings generated.
tools/btgatt-client.c:1597:2: warning: Value stored to 'argv' is never read
argv += optind;
^ ~~~~~~
1 warning generated.
tools/btgatt-server.c:1212:2: warning: Value stored to 'argv' is never read
argv -= optind;
^ ~~~~~~
1 warning generated.
tools/check-selftest.c:42:3: warning: Value stored to 'ptr' is never read
ptr = fgets(result, sizeof(result), fp);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
tools/gatt-service.c:294:2: warning: 2nd function call argument is an uninitialized value
chr_write(chr, value, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
tools/obex-server-tool.c:133:13: warning: Null pointer passed to 1st parameter expecting 'nonnull'
data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/obex-server-tool.c:192:13: warning: Null pointer passed to 1st parameter expecting 'nonnull'
data->fd = open(name, O_RDONLY | O_NOCTTY, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
tools/test-runner.c:945:2: warning: 2nd function call argument is an uninitialized value
printf("Running command %s\n", cmdname ? cmdname : argv[0]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
tools/btpclientctl.c:402:3: warning: Value stored to 'bit' is never read
bit = 0;
^ ~
tools/btpclientctl.c:1655:2: warning: Null pointer passed to 2nd parameter expecting 'nonnull'
memcpy(cp->data, ad_data, ad_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
src/sdpd-request.c:211:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint16_t'
pElem = malloc(sizeof(uint16_t));
^~~~~~ ~~~~~~~~~~~~~~~~
src/sdpd-request.c:239:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint32_t'
pElem = malloc(sizeof(uint32_t));
^~~~~~ ~~~~~~~~~~~~~~~~
2 warnings generated.
android/avrcp-lib.c:1968:3: warning: 1st function call argument is an uninitialized value
g_free(text[i]);
^~~~~~~~~~~~~~~
1 warning generated.
profiles/health/hdp.c:644:3: warning: Use of memory after it is freed
hdp_tmp_dc_data_unref(dc_data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
profiles/health/hdp.c:800:19: warning: Use of memory after it is freed
path = g_strdup(chan->path);
^~~~~~~~~~
profiles/health/hdp.c:1779:6: warning: Use of memory after it is freed
hdp_tmp_dc_data_ref(hdp_conn),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
profiles/health/hdp.c:1836:30: warning: Use of memory after it is freed
reply = g_dbus_create_error(data->msg, ERROR_INTERFACE ".HealthError",
^~~~~~~~~
4 warnings generated.
profiles/health/hdp_util.c:1053:2: warning: Use of memory after it is freed
conn_data->func(conn_data->data, gerr);
^~~~~~~~~~~~~~~
1 warning generated.
attrib/gatt.c:970:2: warning: Potential leak of memory pointed to by 'long_write'
return prepare_write(long_write);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
src/sdpd-request.c:211:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint16_t'
pElem = malloc(sizeof(uint16_t));
^~~~~~ ~~~~~~~~~~~~~~~~
src/sdpd-request.c:239:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint32_t'
pElem = malloc(sizeof(uint32_t));
^~~~~~ ~~~~~~~~~~~~~~~~
2 warnings generated.
src/sdp-xml.c:126:10: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:300:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
src/sdp-xml.c:338:11: warning: Assigned value is garbage or undefined
buf[1] = data[i + 1];
^ ~~~~~~~~~~~
3 warnings generated.
src/sdp-client.c:353:14: warning: Access to field 'cb' results in a dereference of a null pointer
(*ctxt)->cb = cb;
~~~~~~~~~~~~^~~~
1 warning generated.
src/gatt-database.c:1138:10: warning: Value stored to 'bits' during its initialization is never read
uint8_t bits[] = { BT_GATT_CHRC_CLI_FEAT_ROBUST_CACHING,
^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
gobex/gobex-header.c:67:2: warning: Null pointer passed to 2nd parameter expecting 'nonnull'
memcpy(to, from, count);
^~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
gobex/gobex-transfer.c:423:7: warning: Use of memory after it is freed
if (!g_slist_find(transfers, transfer))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
mesh/main.c:161:3: warning: Value stored to 'optarg' is never read
optarg += strlen("auto");
^ ~~~~~~~~~~~~~~
1 warning generated.
lib/hci.c:97:4: warning: Value stored to 'ptr' is never read
ptr += sprintf(ptr, "%s", m->str);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
gdbus/watch.c:204:3: warning: Attempt to free released memory
g_free(l->data);
^~~~~~~~~~~~~~~
1 warning generated.
lib/sdp.c:507:16: warning: Dereference of undefined pointer value
int8_t dtd = *(uint8_t *) dtds[i];
^~~~~~~~~~~~~~~~~~~~
lib/sdp.c:535:17: warning: Dereference of undefined pointer value
uint8_t dtd = *(uint8_t *) dtds[i];
^~~~~~~~~~~~~~~~~~~~
lib/sdp.c:580:12: warning: Access to field 'attrId' results in a dereference of a null pointer (loaded from variable 'd')
d->attrId = attr;
~ ^
lib/sdp.c:1870:26: warning: Potential leak of memory pointed to by 'ap'
for (; pdlist; pdlist = pdlist->next) {
^~~~~~
lib/sdp.c:1884:6: warning: Potential leak of memory pointed to by 'pds'
ap = sdp_list_append(ap, pds);
~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
lib/sdp.c:1929:10: warning: Potential leak of memory pointed to by 'u'
*seqp = sdp_list_append(*seqp, u);
~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/sdp.c:2034:4: warning: Potential leak of memory pointed to by 'lang'
sdp_list_free(*langSeq, free);
^~~~~~~~~~~~~
lib/sdp.c:2123:9: warning: Potential leak of memory pointed to by 'profDesc'
return 0;
^
lib/sdp.c:3250:8: warning: Potential leak of memory pointed to by 'pSvcRec'
pSeq = sdp_list_append(pSeq, pSvcRec);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
lib/sdp.c:3251:9: warning: Potential leak of memory pointed to by 'pSeq'
pdata += sizeof(uint32_t);
~~~~~~^~~~~~~~~~~~~~~~~~~
lib/sdp.c:4587:13: warning: Potential leak of memory pointed to by 'rec_list'
} while (scanned < attr_list_len && pdata_len > 0);
^~~~~~~
lib/sdp.c:4883:40: warning: Potential leak of memory pointed to by 'tseq'
for (d = sdpdata->val.dataseq; d; d = d->next) {
^
lib/sdp.c:4919:8: warning: Potential leak of memory pointed to by 'subseq'
tseq = sdp_list_append(tseq, subseq);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13 warnings generated.
src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed
gatt_db_unregister(op->client->db, op->db_id);
^~~~~~~~~~
src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed
discovery_op_complete(op, false, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:993:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1099:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1291:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1356:2: warning: Use of memory after it is freed
discovery_op_complete(op, success, att_ecode);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1631:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:1636:2: warning: Use of memory after it is freed
discover_all(op);
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2140:6: warning: Use of memory after it is freed
if (read_db_hash(op)) {
^~~~~~~~~~~~~~~~
src/shared/gatt-client.c:2148:8: warning: Use of memory after it is freed
discovery_op_ref(op),
^~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3236:2: warning: Use of memory after it is freed
complete_write_long_op(req, success, 0, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/shared/gatt-client.c:3258:2: warning: Use of memory after it is freed
request_unref(req);
^~~~~~~~~~~~~~~~~~
12 warnings generated.
src/shared/shell.c:1228:13: warning: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
if (c != opt->options[index - offset].val) {
^~~~~~~~~~~~
1 warning generated.
monitor/l2cap.c:1640:4: warning: Value stored to 'data' is never read
data += len;
^ ~~~
monitor/l2cap.c:1641:4: warning: Value stored to 'size' is never read
size -= len;
^ ~~~
2 warnings generated.
monitor/packet.c:12370:2: warning: Null pointer passed to 2nd parameter expecting 'nonnull'
memcpy(tx, tv, sizeof(*tv));
^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
monitor/hwdb.c:59:2: warning: Value stored to 'hwdb' is never read
hwdb = udev_hwdb_unref(hwdb);
^ ~~~~~~~~~~~~~~~~~~~~~
monitor/hwdb.c:64:2: warning: Value stored to 'udev' is never read
udev = udev_unref(udev);
^ ~~~~~~~~~~~~~~~~
monitor/hwdb.c:106:2: warning: Value stored to 'hwdb' is never read
hwdb = udev_hwdb_unref(hwdb);
^ ~~~~~~~~~~~~~~~~~~~~~
monitor/hwdb.c:111:2: warning: Value stored to 'udev' is never read
udev = udev_unref(udev);
^ ~~~~~~~~~~~~~~~~
4 warnings generated.
tools/bluemoon.c:1101:8: warning: Null pointer passed to 1st parameter expecting 'nonnull'
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
^~~~~~~~~~~~~~
1 warning generated.
tools/meshctl.c:326:19: warning: Access to field 'mesh_devices' results in a dereference of a null pointer (loaded from variable 'default_ctrl')
g_list_free_full(default_ctrl->mesh_devices, g_free);
^~~~~~~~~~~~~~~~~~~~~~~~~~
tools/meshctl.c:762:2: warning: 2nd function call argument is an uninitialized value
bt_shell_printf("Attempting to disconnect from %s\n", addr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/meshctl.c:1957:2: warning: Value stored to 'len' is never read
len = len + extra + strlen("local_node.json");
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
In file included from tools/mesh-gatt/crypto.c:32:
./src/shared/util.h:191:9: warning: 1st function call argument is an uninitialized value
return be32_to_cpu(get_unaligned((const uint32_t *) ptr));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./src/shared/util.h:33:26: note: expanded from macro 'be32_to_cpu'
#define be32_to_cpu(val) bswap_32(val)
^~~~~~~~~~~~~
/usr/include/byteswap.h:34:21: note: expanded from macro 'bswap_32'
#define bswap_32(x) __bswap_32 (x)
^~~~~~~~~~~~~~
In file included from tools/mesh-gatt/crypto.c:32:
./src/shared/util.h:201:9: warning: 1st function call argument is an uninitialized value
return be64_to_cpu(get_unaligned((const uint64_t *) ptr));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./src/shared/util.h:34:26: note: expanded from macro 'be64_to_cpu'
#define be64_to_cpu(val) bswap_64(val)
^~~~~~~~~~~~~
/usr/include/byteswap.h:37:21: note: expanded from macro 'bswap_64'
#define bswap_64(x) __bswap_64 (x)
^~~~~~~~~~~~~~
2 warnings generated.
ell/util.c:796:8: warning: The left operand of '>' is a garbage value
if (x > UINT8_MAX)
~ ^
ell/util.c:814:8: warning: The left operand of '>' is a garbage value
if (x > UINT16_MAX)
~ ^
2 warnings generated.
ell/queue.c:529:4: warning: Value stored to 'entry' is never read
entry = entry->next;
^ ~~~~~~~~~~~
1 warning generated.
ell/pem.c:146:8: warning: Dereference of null pointer (loaded from variable 'eol')
if (*eol == '\r' || *eol == '\n')
^~~~
ell/pem.c:181:18: warning: Dereference of null pointer (loaded from variable 'eol')
if (buf_len && *eol == '\r' && *buf_ptr == '\n') {
^~~~
ell/pem.c:181:34: warning: Dereference of null pointer (loaded from variable 'buf_ptr')
if (buf_len && *eol == '\r' && *buf_ptr == '\n') {
^~~~~~~~
ell/pem.c:319:11: warning: 1st function call argument is an uninitialized value
result = pem_load_buffer(file.data, file.st.st_size,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ell/pem.c:484:9: warning: 1st function call argument is an uninitialized value
list = l_pem_load_certificate_list_from_data(file.data,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 warnings generated.
ell/cert.c:657:41: warning: Access to field 'asn1_len' results in a dereference of a null pointer (loaded from variable 'cert')
key = l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len);
^~~~~~~~~~~~~~
ell/cert.c:1690:8: warning: Although the value stored to 'elem_data' is used in the enclosing expression, the value is never actually read from 'elem_data'
if (!(elem_data = asn1_der_find_elem(seq, seq_len,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
ell/dbus.c:1707:10: warning: Although the value stored to 'type' is used in the enclosing expression, the value is never actually read from 'type'
while ((type = va_arg(args, enum l_dbus_match_type)) !=
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
ell/gvariant-util.c:158:18: warning: The left operand of '>' is a garbage value
if (alignment > max_alignment)
~~~~~~~~~ ^
ell/gvariant-util.c:471:5: warning: Dereference of null pointer
!children[0].fixed_size) {
^~~~~~~~~~~~~~~~~~~~~~
ell/gvariant-util.c:861:2: warning: Value stored to 'i' is never read
i = container->offset_index - 1;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
3 warnings generated.
ell/ecc-external.c:68:24: warning: The left operand of '&' is a garbage value
return (vli[bit / 64] & ((uint64_t) 1 << (bit % 64)));
~~~~~~~~~~~~~ ^
ell/ecc-external.c:160:18: warning: The right operand of '-' is a garbage value
diff = left[i] - right[i] - borrow;
^ ~~~~~~~~
2 warnings generated.
In file included from tools/parser/amp.c:15:
tools/parser/parser.h:121:16: warning: Dereference of null pointer
time_t t = f->ts.tv_sec;
^~~~~~~~~~~~
tools/parser/parser.h:127:27: warning: Dereference of null pointer
printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
^~~~~~~~~~~~
tools/parser/parser.h:129:18: warning: Access to field 'in' results in a dereference of a null pointer (loaded from variable 'f')
printf("%c ", (f->in ? '>' : '<'));
^~~~~
3 warnings generated.
In file included from tools/parser/sdp.c:24:
tools/parser/parser.h:121:16: warning: Dereference of null pointer
time_t t = f->ts.tv_sec;
^~~~~~~~~~~~
tools/parser/parser.h:127:27: warning: Dereference of null pointer
printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
^~~~~~~~~~~~
tools/parser/parser.h:129:18: warning: Access to field 'in' results in a dereference of a null pointer (loaded from variable 'f')
printf("%c ", (f->in ? '>' : '<'));
^~~~~
3 warnings generated.
In file included from tools/parser/ppp.c:22:
tools/parser/parser.h:156:2: warning: Undefined or garbage value returned to caller
return *u8_ptr;
^~~~~~~~~~~~~~
tools/parser/ppp.c:108:30: warning: The left operand of '&' is a garbage value
if (*((uint8_t *) frm->ptr) & 0x80)
~~~~~~~~~~~~~~~~~~~~~~~ ^
2 warnings generated.
emulator/serial.c:150:2: warning: Assigned value is garbage or undefined
enum btdev_type uninitialized_var(type);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/serial.c:150:36: warning: Value stored to 'type' during its initialization is never read
enum btdev_type uninitialized_var(type);
^~~~
emulator/serial.c:35:30: note: expanded from macro 'uninitialized_var'
#define uninitialized_var(x) x = x
^ ~
emulator/serial.c:213:2: warning: Assigned value is garbage or undefined
enum btdev_type uninitialized_var(dev_type);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/serial.c:213:36: warning: Value stored to 'dev_type' during its initialization is never read
enum btdev_type uninitialized_var(dev_type);
^~~~~~~~
emulator/serial.c:35:30: note: expanded from macro 'uninitialized_var'
#define uninitialized_var(x) x = x
^ ~
4 warnings generated.
emulator/server.c:200:2: warning: Assigned value is garbage or undefined
enum btdev_type uninitialized_var(type);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/server.c:200:36: warning: Value stored to 'type' during its initialization is never read
enum btdev_type uninitialized_var(type);
^~~~
emulator/server.c:36:30: note: expanded from macro 'uninitialized_var'
#define uninitialized_var(x) x = x
^ ~
2 warnings generated.
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:16: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7645: emulator/btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:4537: all] Error 2
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
2023-07-26 22:21 ` Additional tests for ISO and hci_sync bluez.test.bot
@ 2023-07-27 9:28 ` Pauli Virtanen
2023-08-01 0:19 ` Luiz Augusto von Dentz
1 sibling, 1 reply; 9+ messages in thread
From: Pauli Virtanen @ 2023-07-27 9:28 UTC (permalink / raw)
To: linux-bluetooth
to, 2023-07-27 kello 00:25 +0300, Pauli Virtanen kirjoitti:
> Create Connection Cancel shall return Command Complete with error status
> when there is no Create Connection that can be canceled. In these
> cases, we should not send a (spurious) Connection Complete event.
>
> Fix by keeping a list of pending Create Connection commands, and
> returning command errors if there is none pending at the moment.
> ---
> emulator/btdev.c | 76 +++++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 68 insertions(+), 8 deletions(-)
>
> diff --git a/emulator/btdev.c b/emulator/btdev.c
> index 637f0bb98..0c75e71c0 100644
> --- a/emulator/btdev.c
> +++ b/emulator/btdev.c
> @@ -62,6 +62,7 @@ struct hook {
>
> #define MAX_HOOK_ENTRIES 16
> #define MAX_EXT_ADV_SETS 3
> +#define MAX_PENDING_CONN 16
>
> struct btdev_conn {
> uint16_t handle;
> @@ -223,6 +224,8 @@ struct btdev {
> uint8_t le_rl_enable;
> uint16_t le_rl_timeout;
>
> + struct btdev *pending_conn[MAX_PENDING_CONN];
> +
> uint8_t le_local_sk256[32];
>
> uint16_t sync_train_interval;
> @@ -1211,10 +1214,36 @@ static struct btdev_conn *conn_link_bis(struct btdev *dev, struct btdev *remote,
> return conn;
> }
>
> +static void pending_conn_add(struct btdev *btdev, struct btdev *remote)
> +{
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
> + if (!btdev->pending_conn[i]) {
> + btdev->pending_conn[i] = remote;
> + return;
> + }
> + }
> +}
> +
> +static bool pending_conn_del(struct btdev *btdev, struct btdev *remote)
> +{
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
> + if (btdev->pending_conn[i] == remote) {
> + btdev->pending_conn[i] = NULL;
> + return true;
> + }
> + }
> + return false;
> +}
> +
> static void conn_complete(struct btdev *btdev,
> const uint8_t *bdaddr, uint8_t status)
> {
> struct bt_hci_evt_conn_complete cc;
> + struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
>
> if (!status) {
> struct btdev_conn *conn;
> @@ -1223,6 +1252,8 @@ static void conn_complete(struct btdev *btdev,
> if (!conn)
> return;
>
> + pending_conn_del(conn->link->dev, btdev);
> +
> cc.status = status;
> memcpy(cc.bdaddr, btdev->bdaddr, 6);
> cc.encr_mode = 0x00;
> @@ -1240,6 +1271,8 @@ static void conn_complete(struct btdev *btdev,
> cc.link_type = 0x01;
> }
>
> + pending_conn_del(btdev, remote);
> +
> cc.status = status;
> memcpy(cc.bdaddr, bdaddr, 6);
> cc.encr_mode = 0x00;
> @@ -1260,6 +1293,8 @@ static int cmd_create_conn_complete(struct btdev *dev, const void *data,
> memcpy(cr.dev_class, dev->dev_class, 3);
> cr.link_type = 0x01;
>
> + pending_conn_add(dev, remote);
> +
> send_event(remote, BT_HCI_EVT_CONN_REQUEST, &cr, sizeof(cr));
> } else {
> conn_complete(dev, cmd->bdaddr, BT_HCI_ERR_PAGE_TIMEOUT);
> @@ -1296,14 +1331,47 @@ static int cmd_add_sco_conn(struct btdev *dev, const void *data, uint8_t len)
> cc.encr_mode = 0x00;
>
> done:
> + pending_conn_del(dev, conn->link->dev);
> +
> send_event(dev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
>
> return 0;
> }
>
> +static bool match_bdaddr(const void *data, const void *match_data)
> +{
> + const struct btdev_conn *conn = data;
> + const uint8_t *bdaddr = match_data;
> +
> + return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
> +}
> +
> static int cmd_create_conn_cancel(struct btdev *dev, const void *data,
> uint8_t len)
> {
> + const struct bt_hci_cmd_create_conn_cancel *cmd = data;
> + struct btdev *remote = find_btdev_by_bdaddr(cmd->bdaddr);
> + struct btdev_conn *conn;
> +
> + /* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E page 1848
> + *
> + * If the connection is already established, and the
> + * HCI_Connection_Complete event has been sent, then the Controller
> + * shall return an HCI_Command_Complete event with the error code
> + * Connection Already Exists (0x0B). If the HCI_Create_Connection_Cancel
> + * command is sent to the Controller without a preceding
> + * HCI_Create_Connection command to the same device, the BR/EDR
> + * Controller shall return an HCI_Command_Complete event with the error
> + * code Unknown Connection Identifier (0x02).
> + */
> + if (!pending_conn_del(dev, remote)) {
> + conn = queue_find(dev->conns, match_bdaddr, cmd->bdaddr);
> + if (conn)
> + return -EEXIST;
> +
> + return -ENOENT;
> + }
> +
> cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_CREATE_CONN_CANCEL);
This should have been Command_Complete not Command_Status.
For v2
>
> return 0;
> @@ -1372,14 +1440,6 @@ static int cmd_link_key_reply(struct btdev *dev, const void *data, uint8_t len)
> return 0;
> }
>
> -static bool match_bdaddr(const void *data, const void *match_data)
> -{
> - const struct btdev_conn *conn = data;
> - const uint8_t *bdaddr = match_data;
> -
> - return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
> -}
> -
> static void auth_complete(struct btdev_conn *conn, uint8_t status)
> {
> struct bt_hci_evt_auth_complete ev;
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel
2023-07-27 9:28 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
@ 2023-08-01 0:19 ` Luiz Augusto von Dentz
0 siblings, 0 replies; 9+ messages in thread
From: Luiz Augusto von Dentz @ 2023-08-01 0:19 UTC (permalink / raw)
To: Pauli Virtanen; +Cc: linux-bluetooth
Hi Pauli,
On Thu, Jul 27, 2023 at 3:00 AM Pauli Virtanen <pav@iki.fi> wrote:
>
> to, 2023-07-27 kello 00:25 +0300, Pauli Virtanen kirjoitti:
> > Create Connection Cancel shall return Command Complete with error status
> > when there is no Create Connection that can be canceled. In these
> > cases, we should not send a (spurious) Connection Complete event.
> >
> > Fix by keeping a list of pending Create Connection commands, and
> > returning command errors if there is none pending at the moment.
> > ---
> > emulator/btdev.c | 76 +++++++++++++++++++++++++++++++++++++++++++-----
> > 1 file changed, 68 insertions(+), 8 deletions(-)
> >
> > diff --git a/emulator/btdev.c b/emulator/btdev.c
> > index 637f0bb98..0c75e71c0 100644
> > --- a/emulator/btdev.c
> > +++ b/emulator/btdev.c
> > @@ -62,6 +62,7 @@ struct hook {
> >
> > #define MAX_HOOK_ENTRIES 16
> > #define MAX_EXT_ADV_SETS 3
> > +#define MAX_PENDING_CONN 16
> >
> > struct btdev_conn {
> > uint16_t handle;
> > @@ -223,6 +224,8 @@ struct btdev {
> > uint8_t le_rl_enable;
> > uint16_t le_rl_timeout;
> >
> > + struct btdev *pending_conn[MAX_PENDING_CONN];
> > +
> > uint8_t le_local_sk256[32];
> >
> > uint16_t sync_train_interval;
> > @@ -1211,10 +1214,36 @@ static struct btdev_conn *conn_link_bis(struct btdev *dev, struct btdev *remote,
> > return conn;
> > }
> >
> > +static void pending_conn_add(struct btdev *btdev, struct btdev *remote)
> > +{
> > + int i;
> > +
> > + for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
> > + if (!btdev->pending_conn[i]) {
> > + btdev->pending_conn[i] = remote;
> > + return;
> > + }
> > + }
> > +}
> > +
> > +static bool pending_conn_del(struct btdev *btdev, struct btdev *remote)
> > +{
> > + int i;
> > +
> > + for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
> > + if (btdev->pending_conn[i] == remote) {
> > + btdev->pending_conn[i] = NULL;
> > + return true;
> > + }
> > + }
> > + return false;
> > +}
> > +
> > static void conn_complete(struct btdev *btdev,
> > const uint8_t *bdaddr, uint8_t status)
> > {
> > struct bt_hci_evt_conn_complete cc;
> > + struct btdev *remote = find_btdev_by_bdaddr(bdaddr);
> >
> > if (!status) {
> > struct btdev_conn *conn;
> > @@ -1223,6 +1252,8 @@ static void conn_complete(struct btdev *btdev,
> > if (!conn)
> > return;
> >
> > + pending_conn_del(conn->link->dev, btdev);
> > +
> > cc.status = status;
> > memcpy(cc.bdaddr, btdev->bdaddr, 6);
> > cc.encr_mode = 0x00;
> > @@ -1240,6 +1271,8 @@ static void conn_complete(struct btdev *btdev,
> > cc.link_type = 0x01;
> > }
> >
> > + pending_conn_del(btdev, remote);
> > +
> > cc.status = status;
> > memcpy(cc.bdaddr, bdaddr, 6);
> > cc.encr_mode = 0x00;
> > @@ -1260,6 +1293,8 @@ static int cmd_create_conn_complete(struct btdev *dev, const void *data,
> > memcpy(cr.dev_class, dev->dev_class, 3);
> > cr.link_type = 0x01;
> >
> > + pending_conn_add(dev, remote);
> > +
> > send_event(remote, BT_HCI_EVT_CONN_REQUEST, &cr, sizeof(cr));
> > } else {
> > conn_complete(dev, cmd->bdaddr, BT_HCI_ERR_PAGE_TIMEOUT);
> > @@ -1296,14 +1331,47 @@ static int cmd_add_sco_conn(struct btdev *dev, const void *data, uint8_t len)
> > cc.encr_mode = 0x00;
> >
> > done:
> > + pending_conn_del(dev, conn->link->dev);
> > +
> > send_event(dev, BT_HCI_EVT_CONN_COMPLETE, &cc, sizeof(cc));
> >
> > return 0;
> > }
> >
> > +static bool match_bdaddr(const void *data, const void *match_data)
> > +{
> > + const struct btdev_conn *conn = data;
> > + const uint8_t *bdaddr = match_data;
> > +
> > + return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
> > +}
> > +
> > static int cmd_create_conn_cancel(struct btdev *dev, const void *data,
> > uint8_t len)
> > {
> > + const struct bt_hci_cmd_create_conn_cancel *cmd = data;
> > + struct btdev *remote = find_btdev_by_bdaddr(cmd->bdaddr);
> > + struct btdev_conn *conn;
> > +
> > + /* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E page 1848
> > + *
> > + * If the connection is already established, and the
> > + * HCI_Connection_Complete event has been sent, then the Controller
> > + * shall return an HCI_Command_Complete event with the error code
> > + * Connection Already Exists (0x0B). If the HCI_Create_Connection_Cancel
> > + * command is sent to the Controller without a preceding
> > + * HCI_Create_Connection command to the same device, the BR/EDR
> > + * Controller shall return an HCI_Command_Complete event with the error
> > + * code Unknown Connection Identifier (0x02).
> > + */
> > + if (!pending_conn_del(dev, remote)) {
> > + conn = queue_find(dev->conns, match_bdaddr, cmd->bdaddr);
> > + if (conn)
> > + return -EEXIST;
> > +
> > + return -ENOENT;
> > + }
> > +
> > cmd_status(dev, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_CREATE_CONN_CANCEL);
>
> This should have been Command_Complete not Command_Status.
There is quite a few errors when Ive tried to compile this one:
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
make[1]: *** [Makefile:8484: emulator/android_android_tester-btdev.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:7648: emulator/btdev.o] Error 1
emulator/btdev.c: In function ‘pending_conn_add’:
emulator/btdev.c:1221:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1221 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
emulator/btdev.c: In function ‘pending_conn_del’:
emulator/btdev.c:1233:23: error: comparison of integer expressions of
different signedness: ‘int’ and ‘long unsigned int’
[-Werror=sign-compare]
1233 | for (i = 0; i < ARRAY_SIZE(btdev->pending_conn); ++i) {
| ^
cc1: all warnings being treated as errors
> For v2
Please have the errors fixed as well.
> >
> > return 0;
> > @@ -1372,14 +1440,6 @@ static int cmd_link_key_reply(struct btdev *dev, const void *data, uint8_t len)
> > return 0;
> > }
> >
> > -static bool match_bdaddr(const void *data, const void *match_data)
> > -{
> > - const struct btdev_conn *conn = data;
> > - const uint8_t *bdaddr = match_data;
> > -
> > - return !memcmp(conn->link->dev->bdaddr, bdaddr, 6);
> > -}
> > -
> > static void auth_complete(struct btdev_conn *conn, uint8_t status)
> > {
> > struct bt_hci_evt_auth_complete ev;
>
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-08-01 0:19 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-26 21:25 [PATCH BlueZ 0/5] Additional tests for ISO and hci_sync Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
2023-07-26 22:21 ` Additional tests for ISO and hci_sync bluez.test.bot
2023-07-27 9:28 ` [PATCH BlueZ 1/5] btdev: check error conditions for HCI_Create_Connection_Cancel Pauli Virtanen
2023-08-01 0:19 ` Luiz Augusto von Dentz
2023-07-26 21:25 ` [PATCH BlueZ 2/5] sco-tester: test local and remote disconnecting simultaneously Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 3/5] iso-tester: test with large CIS_ID and invalid CIG_ID/CIS_ID Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 4/5] iso-tester: add tests checking Remove CIG is emitted Pauli Virtanen
2023-07-26 21:25 ` [PATCH BlueZ 5/5] btdev: fix Command Status command opcodes for Setup Sync Conn Pauli Virtanen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).