* Re: [PATCH BlueZ 2/2] lib: Fix SDP_TEXT_STR16/SDP_URL_STR16 parsing
From: Marcel Holtmann @ 2013-01-08 22:41 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <CAJdJm_PV7qMJWQLJBOmA0tqqDzor6immypKGgGTtLVy9SR5A8A@mail.gmail.com>
Hi Anderson,
> >> diff --git a/lib/sdp.c b/lib/sdp.c
> >> index ca474cd..b87f392 100644
> >> --- a/lib/sdp.c
> >> +++ b/lib/sdp.c
> >> @@ -1176,7 +1176,7 @@ static sdp_data_t *extract_str(const void *p, int bufsize, int *len)
> >> }
> >> n = bt_get_be16(p);
> >> p += sizeof(uint16_t);
> >> - *len += sizeof(uint16_t) + n;
> >> + *len += sizeof(uint16_t);
> >
> > I do not get this fix. Isn't this str8 and url8 part wrong?
>
> On the same function, next to the return, there is:
>
> *len += n;
>
> This is why STR8/URL8 actually are okay. For STR16 the "n" part is
> added twice due to the snippet I change in this patch.
good catch. However I like to see that tiny piece of extra information
in the commit message as well. Makes it a lot clearer.
Regards
Marcel
^ permalink raw reply
* Bluetooth / TTY: [ 1806.484970] INFO: task kworker/0:1:25023 blocked for more than 120 seconds.
From: Sander Eikelenboom @ 2013-01-08 22:00 UTC (permalink / raw)
To: linux-kernel, linux-bluetooth, linux-serial
Cc: marcel, Greg Kroah-Hartman, Alan Cox
I'm trying to use a USB bluetooth dongle to connect to a bluetooth to serial device with RFCOMM.
It's able to work fine for some time, but tt consistently fails after some time.
This is sometimes right on the start when connecting to the /dev/rfcomm0, but it can also require several hours of running fine while connected and exchanging data.
This is the stacktrace i get:
[ 1806.484970] INFO: task kworker/0:1:25023 blocked for more than 120 seconds.
[ 1806.503488] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1806.521864] kworker/0:1 D 0000000000000201 0 25023 2 0x00000000
[ 1806.540026] ffff88000baa7be8 0000000000000216 ffff880037079148 ffff880037079148
[ 1806.557926] ffff8800386fa0e0 0000000000013040 ffff88000baa7fd8 ffff88000baa6010
[ 1806.575622] 0000000000013040 0000000000013040 ffff88000baa7fd8 0000000000013040
[ 1806.592981] Call Trace:
[ 1806.610066] [<ffffffff810b5bd7>] ? lock_release+0x117/0x250
[ 1806.627150] [<ffffffff810b5748>] ? lock_acquire+0xd8/0x100
[ 1806.643901] [<ffffffff819ba2fe>] ? tty_lock_nested+0x3e/0x80
[ 1806.660460] [<ffffffff819b8a14>] schedule+0x24/0x70
[ 1806.676724] [<ffffffff819b8ef3>] schedule_preempt_disabled+0x13/0x20
[ 1806.692780] [<ffffffff819b73bb>] mutex_lock_nested+0x1ab/0x450
[ 1806.708582] [<ffffffff819ba2fe>] ? tty_lock_nested+0x3e/0x80
[ 1806.724140] [<ffffffff819ba2fe>] tty_lock_nested+0x3e/0x80
[ 1806.739421] [<ffffffff819ba34b>] tty_lock+0xb/0x10
[ 1806.754418] [<ffffffff81449495>] __tty_hangup+0x65/0x3c0
[ 1806.769153] [<ffffffff81080bf8>] ? process_one_work+0x158/0x4b0
[ 1806.783648] [<ffffffff81449800>] do_tty_hangup+0x10/0x20
[ 1806.797905] [<ffffffff81080c60>] process_one_work+0x1c0/0x4b0
[ 1806.811958] [<ffffffff81080bf8>] ? process_one_work+0x158/0x4b0
[ 1806.825752] [<ffffffff814497f0>] ? __tty_hangup+0x3c0/0x3c0
[ 1806.839332] [<ffffffff8108134e>] worker_thread+0x11e/0x3d0
[ 1806.852654] [<ffffffff81081230>] ? manage_workers+0x2e0/0x2e0
[ 1806.865719] [<ffffffff81088a36>] kthread+0xd6/0xe0
[ 1806.878518] [<ffffffff81088960>] ? __init_kthread_worker+0x70/0x70
[ 1806.891064] [<ffffffff819baebc>] ret_from_fork+0x7c/0xb0
[ 1806.903376] [<ffffffff81088960>] ? __init_kthread_worker+0x70/0x70
[ 1806.939888] INFO: lockdep is turned off.
[ 1806.951766] INFO: task zabbix_slimmeme:27798 blocked for more than 120 seconds.
[ 1806.963521] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1806.975059] zabbix_slimmeme D ffff88002a619070 0 27798 27355 0x00000000
[ 1806.986497] ffff880000bb7818 0000000000000216 ffff880000000002 ffffffff8202ae38
[ 1806.997893] ffff88002a619070 0000000000013040 ffff880000bb7fd8 ffff880000bb6010
[ 1807.008944] 0000000000013040 0000000000013040 ffff880000bb7fd8 0000000000013040
[ 1807.019692] Call Trace:
[ 1807.030165] [<ffffffff810be1ad>] ? __module_text_address+0xd/0x60
[ 1807.040524] [<ffffffff810be1ad>] ? __module_text_address+0xd/0x60
[ 1807.050568] [<ffffffff810be40b>] ? is_module_text_address+0x2b/0x60
[ 1807.060389] [<ffffffff81085958>] ? __kernel_text_address+0x58/0x80
[ 1807.069996] [<ffffffff81070087>] ? local_bh_disable+0x17/0x20
[ 1807.079383] [<ffffffff810b5748>] ? lock_acquire+0xd8/0x100
[ 1807.088467] [<ffffffff819b8a14>] schedule+0x24/0x70
[ 1807.097296] [<ffffffff819b5c7d>] schedule_timeout+0x1bd/0x220
[ 1807.105884] [<ffffffff810b5748>] ? lock_acquire+0xd8/0x100
[ 1807.114211] [<ffffffff819b7f11>] ? wait_for_common+0x31/0x170
[ 1807.122301] [<ffffffff810b5bd7>] ? lock_release+0x117/0x250
[ 1807.130156] [<ffffffff819b7fe1>] wait_for_common+0x101/0x170
[ 1807.137804] [<ffffffff810986f0>] ? try_to_wake_up+0x310/0x310
[ 1807.145193] [<ffffffff819b80f8>] wait_for_completion+0x18/0x20
[ 1807.152350] [<ffffffff81083385>] flush_work+0x195/0x250
[ 1807.159275] [<ffffffff810833a0>] ? flush_work+0x1b0/0x250
[ 1807.165957] [<ffffffff81080400>] ? cwq_dec_nr_in_flight+0xd0/0xd0
[ 1807.172401] [<ffffffff81451748>] tty_ldisc_flush_works+0x18/0x40
[ 1807.178634] [<ffffffff8145198e>] tty_ldisc_release+0x2e/0x90
[ 1807.184586] [<ffffffff8144ba07>] tty_release+0x3c7/0x590
[ 1807.190264] [<ffffffff810b19ed>] ? trace_hardirqs_on+0xd/0x10
[ 1807.195910] [<ffffffff819b60b9>] ? __mutex_unlock_slowpath+0x149/0x1d0
[ 1807.201455] [<ffffffff810986f0>] ? try_to_wake_up+0x310/0x310
[ 1807.206927] [<ffffffff8144bf94>] tty_open+0x3c4/0x5f0
[ 1807.212366] [<ffffffff81150c88>] chrdev_open+0x98/0x170
[ 1807.217803] [<ffffffff8109128d>] ? lg_local_unlock+0x3d/0x70
[ 1807.223255] [<ffffffff81150bf0>] ? cdev_put+0x30/0x30
[ 1807.228678] [<ffffffff8114b46e>] do_dentry_open+0x25e/0x310
[ 1807.234040] [<ffffffff8114b630>] finish_open+0x30/0x50
[ 1807.239445] [<ffffffff8115aa0e>] do_last+0x30e/0xe90
[ 1807.244805] [<ffffffff81157d2a>] ? link_path_walk+0x9a/0x9f0
[ 1807.250170] [<ffffffff8115b63e>] path_openat+0xae/0x4e0
[ 1807.255503] [<ffffffff810b5bd7>] ? lock_release+0x117/0x250
[ 1807.260835] [<ffffffff811602d4>] ? do_select+0x3f4/0x6d0
[ 1807.266174] [<ffffffff8115bba4>] do_filp_open+0x44/0xa0
[ 1807.271504] [<ffffffff81169453>] ? __alloc_fd+0xb3/0x150
[ 1807.276904] [<ffffffff8114af83>] do_sys_open+0x103/0x1f0
[ 1807.282262] [<ffffffff8114b0ac>] sys_open+0x1c/0x20
[ 1807.287579] [<ffffffff819baf69>] system_call_fastpath+0x16/0x1b
[ 1807.292892] INFO: lockdep is turned off.
^ permalink raw reply
* Re: [PATCH BlueZ 1/2] unit: Add initial tests for sdp_extract_attr()
From: Anderson Lizardo @ 2013-01-08 20:45 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: linux-bluetooth
In-Reply-To: <1357672215.1806.32.camel@aeonflux>
Hi Marcel,
On Tue, Jan 8, 2013 at 3:10 PM, Marcel Holtmann <marcel@holtmann.org> wrote:
> can we make this a bit more generic with a bit more details on what you
> are testing.
>
> Also having a separate test case for str8, str16 and also str32 of
> course would be a good idea. Same for url8, url16 and url32. In addition
> checking empty strings and really long strings is a good idea.
> Especially long strings that match the max len size.
This was supposed to be a set of initial tests, specially to validate
the fix I sent on the other patch. I was going to improve the test
coverage as I read more of the code.
But I can work on a set of tests which cover all reachable cases for
sdp_extract_attr() (I want to focus on this function for now because
it is less used than others and could hide other bugs.) and send them
at once, including corner cases.
> What I actually like to see is that we can specific element sequences in
> raw and also what they are suppose to match. So we need to ensure that
> we also extract the right string value and types. And not just the size.
The "match" data could be raw bytes which I get by converting the
returned sdp_data_t to PDU format using sdp_gen_pdu(). What do you
think?
Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil
^ permalink raw reply
* Re: [PATCH BlueZ 2/2] lib: Fix SDP_TEXT_STR16/SDP_URL_STR16 parsing
From: Anderson Lizardo @ 2013-01-08 20:27 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: linux-bluetooth
In-Reply-To: <1357672384.1806.34.camel@aeonflux>
Hi Marcel,
On Tue, Jan 8, 2013 at 3:13 PM, Marcel Holtmann <marcel@holtmann.org> wrote:
>> diff --git a/lib/sdp.c b/lib/sdp.c
>> index ca474cd..b87f392 100644
>> --- a/lib/sdp.c
>> +++ b/lib/sdp.c
>> @@ -1176,7 +1176,7 @@ static sdp_data_t *extract_str(const void *p, int bufsize, int *len)
>> }
>> n = bt_get_be16(p);
>> p += sizeof(uint16_t);
>> - *len += sizeof(uint16_t) + n;
>> + *len += sizeof(uint16_t);
>
> I do not get this fix. Isn't this str8 and url8 part wrong?
On the same function, next to the return, there is:
*len += n;
This is why STR8/URL8 actually are okay. For STR16 the "n" part is
added twice due to the snippet I change in this patch.
Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil
^ permalink raw reply
* Re: [PATCH BlueZ 2/2] lib: Fix SDP_TEXT_STR16/SDP_URL_STR16 parsing
From: Marcel Holtmann @ 2013-01-08 19:13 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357670608-19081-2-git-send-email-anderson.lizardo@openbossa.org>
Hi Anderson,
> sdp_extract_attr() uses the "size" parameter to return the number of
> bytes consumed when parsing SDP Data Elements. This size is used to
> advance a buffer pointer to parse next element.
>
> This size was being incorrectly calculated for
> SDP_TEXT_STR16/SDP_URL_STR16, where the string length was added twice.
>
> A unit test added on the previous commit should now pass with this fix.
> ---
> lib/sdp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/sdp.c b/lib/sdp.c
> index ca474cd..b87f392 100644
> --- a/lib/sdp.c
> +++ b/lib/sdp.c
> @@ -1176,7 +1176,7 @@ static sdp_data_t *extract_str(const void *p, int bufsize, int *len)
> }
> n = bt_get_be16(p);
> p += sizeof(uint16_t);
> - *len += sizeof(uint16_t) + n;
> + *len += sizeof(uint16_t);
I do not get this fix. Isn't this str8 and url8 part wrong?
Regards
Marcel
^ permalink raw reply
* Re: [PATCH BlueZ 1/2] unit: Add initial tests for sdp_extract_attr()
From: Marcel Holtmann @ 2013-01-08 19:10 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357670608-19081-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Anderson,
> These tests do not use the full SDP PDU building code because they try
> to catch errors on SDP "extraction" code, which may not appear on a
> response PDU (but still cause hard to find bugs).
> ---
> unit/test-sdp.c | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/unit/test-sdp.c b/unit/test-sdp.c
> index 315a5cd..61449aa 100644
> --- a/unit/test-sdp.c
> +++ b/unit/test-sdp.c
> @@ -754,6 +754,31 @@ static void test_sdp(gconstpointer data)
> g_free(test->pdu_list);
> }
>
> +static void test_sdp_extract_attr(void)
> +{
> + const struct sdp_pdu pdus[] = {
> + raw_pdu(SDP_DATA_NIL),
> + raw_pdu(SDP_TEXT_STR8, 0x04, 'A', 'B', 'C', 'D'),
> + raw_pdu(SDP_TEXT_STR16, 0x00, 0x04, 'A', 'B', 'C', 'D'),
> + { },
> + };
> + int i;
> +
> + for (i = 0; pdus[i].valid; i++) {
> + sdp_data_t *d;
> + int size = 0;
> +
> + if (g_test_verbose() == TRUE)
> + g_print("dtd=0x%02x\n", *(char *) pdus[i].raw_data);
> +
> + d = sdp_extract_attr(pdus[i].raw_data, pdus[i].raw_size, &size,
> + NULL);
> + g_assert(d != NULL);
> + g_assert_cmpuint(size, ==, pdus[i].raw_size);
> + sdp_data_free(d);
> + }
> +}
> +
> int main(int argc, char *argv[])
> {
> g_test_init(&argc, &argv, NULL);
> @@ -2709,5 +2734,7 @@ int main(int argc, char *argv[])
> 0x08, 0x09, 0x00, 0x01, 0x35, 0x03, 0x19, 0x11,
> 0x06, 0x00));
>
> + g_test_add_func("/MISC/sdp_extract_attr", test_sdp_extract_attr);
> +
can we make this a bit more generic with a bit more details on what you
are testing.
Also having a separate test case for str8, str16 and also str32 of
course would be a good idea. Same for url8, url16 and url32. In addition
checking empty strings and really long strings is a good idea.
Especially long strings that match the max len size.
What I actually like to see is that we can specific element sequences in
raw and also what they are suppose to match. So we need to ensure that
we also extract the right string value and types. And not just the size.
Regards
Marcel
^ permalink raw reply
* [PATCH BlueZ 2/2] lib: Fix SDP_TEXT_STR16/SDP_URL_STR16 parsing
From: Anderson Lizardo @ 2013-01-08 18:43 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357670608-19081-1-git-send-email-anderson.lizardo@openbossa.org>
sdp_extract_attr() uses the "size" parameter to return the number of
bytes consumed when parsing SDP Data Elements. This size is used to
advance a buffer pointer to parse next element.
This size was being incorrectly calculated for
SDP_TEXT_STR16/SDP_URL_STR16, where the string length was added twice.
A unit test added on the previous commit should now pass with this fix.
---
lib/sdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/sdp.c b/lib/sdp.c
index ca474cd..b87f392 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -1176,7 +1176,7 @@ static sdp_data_t *extract_str(const void *p, int bufsize, int *len)
}
n = bt_get_be16(p);
p += sizeof(uint16_t);
- *len += sizeof(uint16_t) + n;
+ *len += sizeof(uint16_t);
bufsize -= sizeof(uint16_t);
break;
default:
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/2] unit: Add initial tests for sdp_extract_attr()
From: Anderson Lizardo @ 2013-01-08 18:43 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
These tests do not use the full SDP PDU building code because they try
to catch errors on SDP "extraction" code, which may not appear on a
response PDU (but still cause hard to find bugs).
---
unit/test-sdp.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/unit/test-sdp.c b/unit/test-sdp.c
index 315a5cd..61449aa 100644
--- a/unit/test-sdp.c
+++ b/unit/test-sdp.c
@@ -754,6 +754,31 @@ static void test_sdp(gconstpointer data)
g_free(test->pdu_list);
}
+static void test_sdp_extract_attr(void)
+{
+ const struct sdp_pdu pdus[] = {
+ raw_pdu(SDP_DATA_NIL),
+ raw_pdu(SDP_TEXT_STR8, 0x04, 'A', 'B', 'C', 'D'),
+ raw_pdu(SDP_TEXT_STR16, 0x00, 0x04, 'A', 'B', 'C', 'D'),
+ { },
+ };
+ int i;
+
+ for (i = 0; pdus[i].valid; i++) {
+ sdp_data_t *d;
+ int size = 0;
+
+ if (g_test_verbose() == TRUE)
+ g_print("dtd=0x%02x\n", *(char *) pdus[i].raw_data);
+
+ d = sdp_extract_attr(pdus[i].raw_data, pdus[i].raw_size, &size,
+ NULL);
+ g_assert(d != NULL);
+ g_assert_cmpuint(size, ==, pdus[i].raw_size);
+ sdp_data_free(d);
+ }
+}
+
int main(int argc, char *argv[])
{
g_test_init(&argc, &argv, NULL);
@@ -2709,5 +2734,7 @@ int main(int argc, char *argv[])
0x08, 0x09, 0x00, 0x01, 0x35, 0x03, 0x19, 0x11,
0x06, 0x00));
+ g_test_add_func("/MISC/sdp_extract_attr", test_sdp_extract_attr);
+
return g_test_run();
}
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/2] attrib: Fix compilation errors when compiled without optimization
From: Anderson Lizardo @ 2013-01-08 15:46 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
In-Reply-To: <1357659987-4219-1-git-send-email-anderson.lizardo@openbossa.org>
Fix these build errors:
attrib/att.c: In function ‘dec_read_by_grp_req’:
attrib/att.c:165:10: error: comparison between signed and unsigned
integer expressions [-Werror=sign-compare]
attrib/att.c:170:10: error: comparison between signed and unsigned
integer expressions [-Werror=sign-compare]
attrib/att.c: In function ‘dec_read_by_type_req’:
attrib/att.c:393:10: error: comparison between signed and unsigned
integer expressions [-Werror=sign-compare]
attrib/att.c:402:10: error: comparison between signed and unsigned
integer expressions [-Werror=sign-compare]
---
attrib/att.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/attrib/att.c b/attrib/att.c
index de11811..fe66821 100644
--- a/attrib/att.c
+++ b/attrib/att.c
@@ -151,7 +151,7 @@ uint16_t enc_read_by_grp_req(uint16_t start, uint16_t end, bt_uuid_t *uuid,
uint16_t dec_read_by_grp_req(const uint8_t *pdu, size_t len, uint16_t *start,
uint16_t *end, bt_uuid_t *uuid)
{
- const uint16_t min_len = sizeof(pdu[0]) + sizeof(*start) + sizeof(*end);
+ const size_t min_len = sizeof(pdu[0]) + sizeof(*start) + sizeof(*end);
if (pdu == NULL)
return 0;
@@ -382,7 +382,7 @@ uint16_t enc_read_by_type_req(uint16_t start, uint16_t end, bt_uuid_t *uuid,
uint16_t dec_read_by_type_req(const uint8_t *pdu, size_t len, uint16_t *start,
uint16_t *end, bt_uuid_t *uuid)
{
- const uint16_t min_len = sizeof(pdu[0]) + sizeof(*start) + sizeof(*end);
+ const size_t min_len = sizeof(pdu[0]) + sizeof(*start) + sizeof(*end);
if (pdu == NULL)
return 0;
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/2] build: Fix --disable-optimization configure option
From: Anderson Lizardo @ 2013-01-08 15:46 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Anderson Lizardo
On commit cc9e4e7cae0379864ea06038d92bf7ecc192bba7, this flag was
mistakenly replaced with the behavior of the old --enable-fortify
option.
This patch restores the "-O0" flag when --disable-optimization is used.
Unfortunately, this is not enough to disable build optimization. By
default, autoconf adds -O2 to CFLAGS if the compiler is GCC. AM_CFLAGS
(where -O0 is added with --disable-optimization) is passed as argument
to GCC before autoconf CFLAGS, so it is not possible to override the
default -O2. One solution is to use:
CFLAGS= ./configure --disable-optimization
i.e. remove -O2 from CFLAGS, and let autoconf add -O0.
---
acinclude.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/acinclude.m4 b/acinclude.m4
index 4357c00..286340d 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -32,7 +32,7 @@ AC_DEFUN([MISC_FLAGS], [
AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization],
[disable code optimization through compiler]), [
if (test "${enableval}" = "no"); then
- misc_cflags="$misc_cflags -D_FORTIFY_SOURCE=2"
+ misc_cflags="$misc_cflags -O0"
fi
])
AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug],
--
1.7.9.5
^ permalink raw reply related
* usb device removed from sysfs before input children devices
From: Karl Relton @ 2013-01-08 14:33 UTC (permalink / raw)
To: linux-usb, linux-bluetooth
On coming out of suspend my usb bluetooth adaptor is being reset by the
system.
In linux 3.7 the usb devices are being removed from the sysfs tree
first, and then the various 'child' devices (like my bluetooth mouse &
keyboard related devices) afterwards. This is causing the udev events
for the input devices to have 'orphaned' sysfs paths in the udev events.
This in turn means the Xorg evdev driver does not recognise the events,
and so doesn't see the removal of the input devices.
This has been picked by some downstream distributions, e.g. see this
thread by Google Chrome developers:
http://code.google.com/p/chromium-os/issues/detail?id=33813
Back on linux 3.2 this was not the case. The usb adaptor was reset, but
device removal was orderly: first the input devices (will full paths in
the udev events), then the usb devices walking up the tree.
To illustrate the issue, here is the output of 'udevadm monitor' in 3.7:
udevadm monitor
monitor will print the received events for:
KERNEL - the kernel uevent
KERNEL[2203.173080] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/rfkill2 (rfkill)
KERNEL[2203.173148] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0 (bluetooth)
KERNEL[2203.173420] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0 (usb)
KERNEL[2203.173451] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.1 (usb)
KERNEL[2203.173475] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.2 (usb)
KERNEL[2203.173693] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2 (usb)
KERNEL[2213.152339] remove /hci0/hci0:46/input14/mouse2 (input)
KERNEL[2213.160374] remove /hci0/hci0:46/input14/event10 (input)
KERNEL[2213.168366] remove /hci0/hci0:46/input14 (input)
KERNEL[2213.169058] remove /hci0/hci0:46/0005:050D:0031.0005/hidraw/hidraw0 (hidraw)
KERNEL[2213.169198] remove /hci0/hci0:46/0005:050D:0031.0005 (hid)
KERNEL[2213.169242] remove /hci0/hci0:46 (bluetooth)
KERNEL[2218.176527] remove /hci0/hci0:49/input13/event11 (input)
KERNEL[2218.180403] remove /hci0/hci0:49/input13 (input)
KERNEL[2218.180481] remove /hci0/hci0:49/0005:05AC:0256.0004/hidraw/hidraw1 (hidraw)
KERNEL[2218.180538] remove /hci0/hci0:49/0005:05AC:0256.0004 (hid)
KERNEL[2218.182005] remove /hci0/hci0:49 (bluetooth)
See how the usb devices are moved first, and then the input/bluetooth related stuff
with path-heads removed (paths are now /hci0/... instead of /devices/...)
Here is the equiv sequence back in 3.2:
KERNEL[158.378301] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49/input11/mouse2 (input)
KERNEL[158.388283] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49/input11/event11 (input)
KERNEL[158.409885] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49/input11 (input)
KERNEL[158.411565] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49/0005:050D:0031.0002/hidraw/hidraw1 (hidraw)
KERNEL[158.411598] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49/0005:050D:0031.0002 (hid)
KERNEL[158.411621] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:49 (bluetooth)
KERNEL[158.436894] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:46/input10/event10 (input)
KERNEL[158.452211] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:46/input10 (input)
KERNEL[158.452628] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:46/0005:05AC:0256.0001/hidraw/hidraw0 (hidraw)
KERNEL[158.452662] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:46/0005:05AC:0256.0001 (hid)
KERNEL[158.452752] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/hci0:46 (bluetooth)
KERNEL[158.629847] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0/rfkill2 (rfkill)
KERNEL[158.629920] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/bluetooth/hci0 (bluetooth)
KERNEL[158.635562] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0 (usb)
KERNEL[158.635701] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.1 (usb)
KERNEL[158.635807] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.2 (usb)
KERNEL[158.637238] remove /devices/pci0000:00/0000:00:1a.0/usb3/3-2 (usb)
The end result (for the user) is that even when the bluetooth
mouse/keyboard is re-added, Xorg ignores it - thinking it is some hoax
duplicate device. The keyboard/mouse is then non-operational.
Karl
^ permalink raw reply
* [PATCH hidp] Fix Kernel OOPS in hidp_session caused by orphaned sock structures
From: Karl Relton @ 2013-01-08 14:21 UTC (permalink / raw)
To: linux-bluetooth
This is a proposed fix to the kernel OOPS reported in
https://bugzilla.kernel.org/show_bug.cgi?id=50541
hidp_session() is crashing the kernel typically on a resume from
suspend. My analysis concluded that the sock structure pointed to by
ctrl_sk was being orphaned at some point parallel to the execution of
hidp_session (sometimes even while hidp_session is still in its main
loop). This mean that calls to sk_sleep(ctrl_sk) would return NULL,
leading to ..._wait() or ..._wakeup() calls crashing.
The proposed fix is to store the waitqueue_head structure needed for the
waiting/waking in a local variable. rcu_dereference_raw() [normally
called via sk_sleep()] is still used and required to protect access, but
we ensure we have the proper handle onto the structure rather than
losing it by the sock being orphaned.
Signed-off-by: Karl Relton <karllinuxtest.relton@ntlworld.com>
--- linux-3.7.0.orig/net/bluetooth/hidp/core.c 2013-01-08 13:04:35.945237334 +0000
+++ linux-3.7.0/net/bluetooth/hidp/core.c 2013-01-08 13:06:11.313240959 +0000
@@ -680,16 +680,19 @@ static int hidp_session(void *arg)
struct sock *intr_sk = session->intr_sock->sk;
struct sk_buff *skb;
wait_queue_t ctrl_wait, intr_wait;
+ struct socket_wq *ctrl_wq, *intr_wq;
BT_DBG("session %p", session);
__module_get(THIS_MODULE);
set_user_nice(current, -15);
+ ctrl_wq = ctrl_sk->sk_wq;
+ intr_wq = intr_sk->sk_wq;
init_waitqueue_entry(&ctrl_wait, current);
init_waitqueue_entry(&intr_wait, current);
- add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
- add_wait_queue(sk_sleep(intr_sk), &intr_wait);
+ add_wait_queue(&rcu_dereference_raw(ctrl_wq)->wait, &ctrl_wait);
+ add_wait_queue(&rcu_dereference_raw(intr_wq)->wait, &intr_wait);
session->waiting_for_startup = 0;
wake_up_interruptible(&session->startup_queue);
set_current_state(TASK_INTERRUPTIBLE);
@@ -722,8 +725,8 @@ static int hidp_session(void *arg)
set_current_state(TASK_INTERRUPTIBLE);
}
set_current_state(TASK_RUNNING);
- remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
- remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
+ remove_wait_queue(&rcu_dereference_raw(intr_wq)->wait, &intr_wait);
+ remove_wait_queue(&rcu_dereference_raw(ctrl_wq)->wait, &ctrl_wait);
clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
@@ -747,12 +750,15 @@ static int hidp_session(void *arg)
session->intr_sock->sk->sk_err = EUNATCH;
session->ctrl_sock->sk->sk_err = EUNATCH;
- hidp_schedule(session);
+ wake_up_interruptible(&rcu_dereference_raw(ctrl_wq)->wait);
+ wake_up_interruptible(&rcu_dereference_raw(intr_wq)->wait);
fput(session->intr_sock->file);
- wait_event_timeout(*(sk_sleep(ctrl_sk)),
- (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
+ /* By now ctrl_sk might have been orphaned already */
+ if (ctrl_wq == ctrl_sk->sk_wq)
+ wait_event_timeout(rcu_dereference_raw(ctrl_wq)->wait,
+ (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
fput(session->ctrl_sock->file);
^ permalink raw reply
* Re: [PATCH v0 0/2] Media API clarifications
From: Johan Hedberg @ 2013-01-08 11:57 UTC (permalink / raw)
To: Mikel Astiz; +Cc: linux-bluetooth, claudio.takahasi, Mikel Astiz
In-Reply-To: <1357638065-19156-1-git-send-email-mikel.astiz.oss@gmail.com>
Hi Mikel,
On Tue, Jan 08, 2013, Mikel Astiz wrote:
> The documentation of BlueZ 5.0 is lacking some details affecting the
> Media API, specially regarding the control of HFP/HSP volume.
>
> There is no known implementation of MediaTransport1 at this point so
> updating the documentation with two new optional properties could be
> in practice done without updating the interface suffix.
>
> Besides, the error codes returned by Acquire() and TryAcquire() are
> convenient to implement proper error logging in the client side.
>
> Mikel Astiz (2):
> media: Add HFP/HSP gains to transport API
> media: Clarify Acquire/TryAcquire error cases
>
> doc/media-api.txt | 32 +++++++++++++++++++++++++++++++-
> profiles/audio/transport.c | 2 +-
> 2 files changed, 32 insertions(+), 2 deletions(-)
Both patches have been applied. Thanks.
Johan
^ permalink raw reply
* [PATCH BlueZ 5/5] sdp-xml: Remove newline before EOF
From: Syam Sidhardhan @ 2013-01-08 11:37 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1357645069-30841-1-git-send-email-s.syam@samsung.com>
---
src/sdp-xml.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/sdp-xml.c b/src/sdp-xml.c
index 8cb1e2d..6492781 100644
--- a/src/sdp-xml.c
+++ b/src/sdp-xml.c
@@ -994,4 +994,3 @@ void convert_sdp_record_to_xml(sdp_record_t *rec,
appender(data, "</record>\n");
}
}
-
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 4/5] audio: Remove unused struct audio_adapter
From: Syam Sidhardhan @ 2013-01-08 11:37 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1357645069-30841-1-git-send-email-s.syam@samsung.com>
---
profiles/audio/manager.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/profiles/audio/manager.c b/profiles/audio/manager.c
index dc20712..f0df8ed 100644
--- a/profiles/audio/manager.c
+++ b/profiles/audio/manager.c
@@ -67,12 +67,6 @@
#include "manager.h"
#include "sdpd.h"
-struct audio_adapter {
- struct btd_adapter *btd_adapter;
- gboolean powered;
- gint ref;
-};
-
static GKeyFile *config = NULL;
static GSList *devices = NULL;
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 3/5] unit: Replace g_test_fail() with g_assert()
From: Syam Sidhardhan @ 2013-01-08 11:37 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1357645069-30841-1-git-send-email-s.syam@samsung.com>
g_test_fail() is introduced in Glib v2.30 and we are using
Glib v2.28 as the minimum requirement for the build.
This patch resolves the compilation error that happen with
Glib v2.28.
Error log:
CC unit/test-mgmt.o
unit/test-mgmt.c: In function ‘check_actions’:
unit/test-mgmt.c:100:2: error: implicit declaration of
function ‘g_test_fail’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make[1]: *** [unit/test-mgmt.o] Error 1
make: *** [all] Error 2
---
unit/test-mgmt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unit/test-mgmt.c b/unit/test-mgmt.c
index 2d1a5d6..ea679e5 100644
--- a/unit/test-mgmt.c
+++ b/unit/test-mgmt.c
@@ -97,7 +97,7 @@ static void check_actions(struct context *context,
}
g_test_message("Command not handled\n");
- g_test_fail();
+ g_assert(0);
}
static gboolean server_handler(GIOChannel *channel, GIOCondition cond,
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 2/5] health: Fix possible use after free
From: Syam Sidhardhan @ 2013-01-08 11:37 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <1357645069-30841-1-git-send-email-s.syam@samsung.com>
A pointer to freed memory is dereferenced if we call function
channel_acquire_continue() with out any earlier reference.
---
profiles/health/hdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/health/hdp.c b/profiles/health/hdp.c
index 823621e..82419b0 100644
--- a/profiles/health/hdp.c
+++ b/profiles/health/hdp.c
@@ -609,10 +609,10 @@ static DBusMessage *channel_acquire_continue(struct hdp_tmp_dc_data *data,
data, hdp_tmp_dc_data_destroy, &gerr))
return NULL;
- hdp_tmp_dc_data_unref(data);
reply = g_dbus_create_error(data->msg, ERROR_INTERFACE ".HealthError",
"Cannot reconnect: %s", gerr->message);
g_error_free(gerr);
+ hdp_tmp_dc_data_unref(data);
return reply;
}
--
1.7.9.5
^ permalink raw reply related
* [PATCH BlueZ 1/5] health: Fix pointer to local variable out-of-scope
From: Syam Sidhardhan @ 2013-01-08 11:37 UTC (permalink / raw)
To: linux-bluetooth
The address of the local variable is used outside the scope.
---
profiles/health/hdp_util.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/profiles/health/hdp_util.c b/profiles/health/hdp_util.c
index 5f81806..ed987e3 100644
--- a/profiles/health/hdp_util.c
+++ b/profiles/health/hdp_util.c
@@ -153,13 +153,12 @@ static gboolean parse_data_type(DBusMessageIter *iter, gpointer data,
{
struct hdp_application *app = data;
DBusMessageIter *value;
+ DBusMessageIter variant;
int ctype;
ctype = dbus_message_iter_get_arg_type(iter);
value = iter;
if (ctype == DBUS_TYPE_VARIANT) {
- DBusMessageIter variant;
-
/* Get value inside the variable */
dbus_message_iter_recurse(iter, &variant);
ctype = dbus_message_iter_get_arg_type(&variant);
@@ -181,13 +180,12 @@ static gboolean parse_role(DBusMessageIter *iter, gpointer data, GError **err)
{
struct hdp_application *app = data;
DBusMessageIter *string;
+ DBusMessageIter value;
int ctype;
const char *role;
ctype = dbus_message_iter_get_arg_type(iter);
if (ctype == DBUS_TYPE_VARIANT) {
- DBusMessageIter value;
-
/* Get value inside the variable */
dbus_message_iter_recurse(iter, &value);
ctype = dbus_message_iter_get_arg_type(&value);
@@ -222,13 +220,12 @@ static gboolean parse_desc(DBusMessageIter *iter, gpointer data, GError **err)
{
struct hdp_application *app = data;
DBusMessageIter *string;
+ DBusMessageIter variant;
int ctype;
const char *desc;
ctype = dbus_message_iter_get_arg_type(iter);
if (ctype == DBUS_TYPE_VARIANT) {
- DBusMessageIter variant;
-
/* Get value inside the variable */
dbus_message_iter_recurse(iter, &variant);
ctype = dbus_message_iter_get_arg_type(&variant);
@@ -253,14 +250,13 @@ static gboolean parse_chan_type(DBusMessageIter *iter, gpointer data,
{
struct hdp_application *app = data;
DBusMessageIter *value;
+ DBusMessageIter variant;
char *chan_type;
int ctype;
ctype = dbus_message_iter_get_arg_type(iter);
value = iter;
if (ctype == DBUS_TYPE_VARIANT) {
- DBusMessageIter variant;
-
/* Get value inside the variable */
dbus_message_iter_recurse(iter, &variant);
ctype = dbus_message_iter_get_arg_type(&variant);
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH BlueZ 1/5] lib: Add SDP_IS_TEXT_STR() macro for SDP_TEXT_STR* checking
From: Anderson Lizardo @ 2013-01-08 10:52 UTC (permalink / raw)
To: Marcel Holtmann; +Cc: linux-bluetooth
In-Reply-To: <1357615542.1806.22.camel@aeonflux>
Hi Marcel,
On Mon, Jan 7, 2013 at 11:25 PM, Marcel Holtmann <marcel@holtmann.org> wrote:
>> #define SDP_IS_UUID(x) ((x) == SDP_UUID16 || (x) == SDP_UUID32 || (x) ==SDP_UUID128)
>> #define SDP_IS_SEQ(x) ((x) == SDP_SEQ8 || (x) == SDP_SEQ16 || (x) == SDP_SEQ32)
>> +#define SDP_IS_TEXT_STR(x) ((x) == SDP_TEXT_STR8 || (x) == SDP_TEXT_STR16 || \
>> + (x) == SDP_TEXT_STR32)
>
> can someone please explain to me why we are extending the library. I
> thought I made it clear that it is mostly end of life and we are not
> adding new features. However some people keep adding stuff.
This macro was added simply to be used for the next patches which
simplify/refactor core code. The fact the header is public API was not
the main reason to add it here.
Unless you suggest adding new stuff to another, internal-only header?
If so, please provide some example how to extend SDP library code that
is used by internal BlueZ code.
Best Regards,
--
Anderson Lizardo
Instituto Nokia de Tecnologia - INdT
Manaus - Brazil
^ permalink raw reply
* [PATCH v0 2/2] media: Clarify Acquire/TryAcquire error cases
From: Mikel Astiz @ 2013-01-08 9:41 UTC (permalink / raw)
To: linux-bluetooth; +Cc: claudio.takahasi, Mikel Astiz
In-Reply-To: <1357638065-19156-1-git-send-email-mikel.astiz.oss@gmail.com>
From: Mikel Astiz <mikel.astiz@bmw-carit.de>
Document the reported errors for Acquire() and TryAcquire(). For the
later, make sure a specific error in guaranteed for the typical scenario
of audio not streaming.
---
doc/media-api.txt | 10 +++++++++-
profiles/audio/transport.c | 2 +-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/doc/media-api.txt b/doc/media-api.txt
index cdde6ea..bb5ced0 100644
--- a/doc/media-api.txt
+++ b/doc/media-api.txt
@@ -321,12 +321,20 @@ Methods fd, uint16, uint16 Acquire()
Acquire transport file descriptor and the MTU for read
and write respectively.
+ Possible Errors: org.bluez.Error.NotAuthorized
+ org.bluez.Error.Failed
+
fd, uint16, uint16 TryAcquire()
Acquire transport file descriptor only if the transport
is in "pending" state at the time the message is
received by BlueZ. Otherwise no request will be sent
- to the remote device and the function will just fail.
+ to the remote device and the function will just fail
+ with org.bluez.Error.NotAvailable.
+
+ Possible Errors: org.bluez.Error.NotAuthorized
+ org.bluez.Error.Failed
+ org.bluez.Error.NotAvailable
void Release()
diff --git a/profiles/audio/transport.c b/profiles/audio/transport.c
index 54461d8..58240ac 100644
--- a/profiles/audio/transport.c
+++ b/profiles/audio/transport.c
@@ -477,7 +477,7 @@ static DBusMessage *try_acquire(DBusConnection *conn, DBusMessage *msg,
return btd_error_not_authorized(msg);
if (transport->state != TRANSPORT_STATE_PENDING)
- return btd_error_failed(msg, "Transport not playing");
+ return btd_error_not_available(msg);
owner = media_owner_create(msg);
id = transport->resume(transport, owner);
--
1.7.11.7
^ permalink raw reply related
* [PATCH v0 1/2] media: Add HFP/HSP gains to transport API
From: Mikel Astiz @ 2013-01-08 9:41 UTC (permalink / raw)
To: linux-bluetooth; +Cc: claudio.takahasi, Mikel Astiz
In-Reply-To: <1357638065-19156-1-git-send-email-mikel.astiz.oss@gmail.com>
From: Mikel Astiz <mikel.astiz@bmw-carit.de>
Add two independent and HSP/HFP-specific properties to the media
transport representing the input and output audio volumes.
---
doc/media-api.txt | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/doc/media-api.txt b/doc/media-api.txt
index e2a72dc..cdde6ea 100644
--- a/doc/media-api.txt
+++ b/doc/media-api.txt
@@ -393,4 +393,26 @@ Properties object Device [readonly]
this property is only writeable when the transport was
acquired by the sender.
+ Note: the property will not be present for HSP/HFP
+ transports and MicrophoneGain/SpeakerGain should be
+ used instead.
+
Possible Values: 0-127
+
+ byte MicrophoneGain [readwrite]
+
+ Optional. Indicates volume level of the transport's
+ incoming audio stream for HSP/HFP transports. This
+ property is only writeable when the transport was
+ acquired by the sender.
+
+ Possible Values: 0-15
+
+ byte SpeakerGain [readwrite]
+
+ Optional. Indicates volume level of the transport's
+ outgoing audio stream for HSP/HFP transports. This
+ property is only writeable when the transport was
+ acquired by the sender.
+
+ Possible Values: 0-15
--
1.7.11.7
^ permalink raw reply related
* [PATCH v0 0/2] Media API clarifications
From: Mikel Astiz @ 2013-01-08 9:41 UTC (permalink / raw)
To: linux-bluetooth; +Cc: claudio.takahasi, Mikel Astiz
From: Mikel Astiz <mikel.astiz@bmw-carit.de>
The documentation of BlueZ 5.0 is lacking some details affecting the Media API, specially regarding the control of HFP/HSP volume.
There is no known implementation of MediaTransport1 at this point so updating the documentation with two new optional properties could be in practice done without updating the interface suffix.
Besides, the error codes returned by Acquire() and TryAcquire() are convenient to implement proper error logging in the client side.
Mikel Astiz (2):
media: Add HFP/HSP gains to transport API
media: Clarify Acquire/TryAcquire error cases
doc/media-api.txt | 32 +++++++++++++++++++++++++++++++-
profiles/audio/transport.c | 2 +-
2 files changed, 32 insertions(+), 2 deletions(-)
--
1.7.11.7
^ permalink raw reply
* Re: [PATCH BlueZ v1] audio: Replace g_hash_table_contains() with g_hash_table_lookup()
From: Marcel Holtmann @ 2013-01-08 6:32 UTC (permalink / raw)
To: Jaganath Kanakkassery; +Cc: linux-bluetooth
In-Reply-To: <1357622748-3051-1-git-send-email-jaganath.k@samsung.com>
Hi Jaganath,
> g_hash_table_contains() is supported only from GLib 2.32. If BlueZ has to
> build against GLib 2.28 this patch replaces g_hash_table_contains() to
> g_hash_table_lookup()
> ---
> profiles/audio/player.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
patch has been applied.
Regards
Marcel
^ permalink raw reply
* [PATCH BlueZ v1] audio: Replace g_hash_table_contains() with g_hash_table_lookup()
From: Jaganath Kanakkassery @ 2013-01-08 5:25 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Jaganath Kanakkassery
g_hash_table_contains() is supported only from GLib 2.32. If BlueZ has to
build against GLib 2.28 this patch replaces g_hash_table_contains() to
g_hash_table_lookup()
---
profiles/audio/player.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/profiles/audio/player.c b/profiles/audio/player.c
index 8748893..bffb506 100644
--- a/profiles/audio/player.c
+++ b/profiles/audio/player.c
@@ -172,8 +172,11 @@ static gboolean get_status(const GDBusPropertyTable *property,
static gboolean setting_exists(const GDBusPropertyTable *property, void *data)
{
struct media_player *mp = data;
+ const char *value;
+
+ value = g_hash_table_lookup(mp->settings, property->name);
- return g_hash_table_contains(mp->settings, property->name);
+ return value ? TRUE : FALSE;
}
static gboolean get_setting(const GDBusPropertyTable *property,
--
1.7.9.5
^ permalink raw reply related
* Re: [PATCH] Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
From: Marcel Holtmann @ 2013-01-08 3:29 UTC (permalink / raw)
To: Anderson Lizardo; +Cc: linux-bluetooth
In-Reply-To: <1357511333-5276-1-git-send-email-anderson.lizardo@openbossa.org>
Hi Anderson,
> The length parameter should be sizeof(req->name) - 1 because there is no
> guarantee that string provided by userspace will contain the trailing
> '\0'.
>
> Can be easily reproduced by manually setting req->name to 128 non-zero
> bytes prior to ioctl(HIDPCONNADD) and checking the device name setup on
> input subsystem:
>
> $ cat /sys/devices/pnp0/00\:04/tty/ttyS0/hci0/hci0\:1/input8/name
> AAAAAA[...]AAAAAAAAf0:af:f0:af:f0:af
>
> ("f0:af:f0:af:f0:af" is the device bluetooth address, taken from "phys"
> field in struct hid_device due to overflow.)
>
> Signed-off-by: Anderson Lizardo <anderson.lizardo@openbossa.org>
> ---
> net/bluetooth/hidp/core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
this is a good catch. And this should also go to -stable and the current
kernels right away.
It is actually a security issue since it leaks kernel memory to
userspace.
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Regards
Marcel
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox