* [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size
@ 2022-08-16 22:05 Luiz Augusto von Dentz
2022-08-16 22:05 ` [BlueZ PATCH v2 2/2] hog-lib: Fix scan-build error Luiz Augusto von Dentz
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2022-08-16 22:05 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Although HIDS spec is quite clear the Report MAP shall be limited to
512 bytes it doesn't seem OS do enforce that on the profile/client side
and since there isn't any qualification test enforcing it either there
are quite many devices which uses Report MAP bigger that 512 bytes
(e.g.: Brydge W-Touch and Lenovo Duet 3 BT Folio).
https://github.com/bluez/bluez/issues/377
---
profiles/input/hog-lib.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index 4a9c601853f1..ace233d3ce8b 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -64,7 +64,6 @@
#define HOG_PROTO_MODE_BOOT 0
#define HOG_PROTO_MODE_REPORT 1
-#define HOG_REPORT_MAP_MAX_SIZE 512
#define HID_INFO_SIZE 4
#define ATT_NOTIFICATION_HEADER_SIZE 3
@@ -103,11 +102,6 @@ struct bt_hog {
struct queue *input;
};
-struct report_map {
- uint8_t value[HOG_REPORT_MAP_MAX_SIZE];
- size_t length;
-};
-
struct report {
struct bt_hog *hog;
bool numbered;
@@ -1096,7 +1090,7 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
{
struct gatt_request *req = user_data;
struct bt_hog *hog = req->user_data;
- uint8_t value[HOG_REPORT_MAP_MAX_SIZE];
+ uint8_t *value;
ssize_t vlen;
remove_gatt_req(req, status);
@@ -1106,10 +1100,12 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
return;
}
- vlen = dec_read_resp(pdu, plen, value, sizeof(value));
+ value = new0(uint8_t, plen);
+
+ vlen = dec_read_resp(pdu, plen, value, plen);
if (vlen < 0) {
error("ATT protocol error");
- return;
+ goto done;
}
uhid_create(hog, value, vlen);
@@ -1120,6 +1116,9 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
NULL, db_report_map_write_value_cb,
NULL);
}
+
+done:
+ free(value);
}
static void read_report_map(struct bt_hog *hog)
@@ -1394,7 +1393,7 @@ static void db_report_map_read_value_cb(struct gatt_db_attribute *attrib,
int err, const uint8_t *value,
size_t length, void *user_data)
{
- struct report_map *map = user_data;
+ struct iovec *map = user_data;
if (err) {
error("Error reading report map from gatt db %s",
@@ -1405,8 +1404,9 @@ static void db_report_map_read_value_cb(struct gatt_db_attribute *attrib,
if (!length)
return;
- map->length = length < sizeof(map->value) ? length : sizeof(map->value);
- memcpy(map->value, value, map->length);
+
+ map->iov_len = length;
+ map->iov_base = (void *) value;
}
static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
@@ -1415,7 +1415,7 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
bt_uuid_t uuid, report_uuid, report_map_uuid, info_uuid;
bt_uuid_t proto_mode_uuid, ctrlpt_uuid;
uint16_t handle, value_handle;
- struct report_map report_map = {0};
+ struct iovec map = {};
gatt_db_attribute_get_char_data(attr, &handle, &value_handle, NULL,
NULL, &uuid);
@@ -1438,14 +1438,14 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
gatt_db_attribute_read(hog->report_map_attr, 0,
BT_ATT_OP_READ_REQ, NULL,
db_report_map_read_value_cb,
- &report_map);
+ &map);
}
- if (report_map.length) {
+ if (map.iov_len) {
/* Report map found in the cache, straight to creating
* UHID to optimize reconnection.
*/
- uhid_create(hog, report_map.value, report_map.length);
+ uhid_create(hog, map.iov_base, map.iov_len);
}
gatt_db_service_foreach_desc(attr, foreach_hog_external, hog);
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [BlueZ PATCH v2 2/2] hog-lib: Fix scan-build error
2022-08-16 22:05 [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size Luiz Augusto von Dentz
@ 2022-08-16 22:05 ` Luiz Augusto von Dentz
2022-08-16 23:13 ` [BlueZ,v2,1/2] hog-lib: Don't restrict Report MAP size bluez.test.bot
2022-08-16 23:20 ` [BlueZ PATCH v2 1/2] " patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2022-08-16 22:05 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes the following errors:
profiles/input/hog-lib.c:600:19: warning: Access to field 'handle'
results in a dereference of a null pointer (loaded from variable 'chr')
report->handle = chr->handle;
^~~~~~~~~~~
profiles/input/hog-lib.c:637:11: warning: Access to field 'value_handle'
results in a dereference of a null pointer (loaded from variable 'chr')
start = chr->value_handle + 1;
^~~~~~~~~~~~~~~~~
profiles/input/hog-lib.c:1240:11: warning: Access to field 'value_handle'
results in a dereference of a null pointer (loaded from variable 'chr')
start = chr->value_handle + 1;
^~~~~~~~~~~~~~~~~
---
profiles/input/hog-lib.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index ace233d3ce8b..021db386f3b7 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -590,6 +590,9 @@ static struct report *report_new(struct bt_hog *hog, struct gatt_char *chr)
struct report *report;
GSList *l;
+ if (!chr)
+ return NULL;
+
/* Skip if report already exists */
l = g_slist_find_custom(hog->reports, chr, report_chrc_cmp);
if (l)
@@ -630,6 +633,9 @@ static void external_service_char_cb(uint8_t status, GSList *chars,
chr = l->data;
next = l->next ? l->next->data : NULL;
+ if (!chr)
+ continue;
+
DBG("0x%04x UUID: %s properties: %02x",
chr->handle, chr->uuid, chr->properties);
@@ -1232,6 +1238,9 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
chr = l->data;
next = l->next ? l->next->data : NULL;
+ if (!chr)
+ continue;
+
DBG("0x%04x UUID: %s properties: %02x",
chr->handle, chr->uuid, chr->properties);
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [BlueZ,v2,1/2] hog-lib: Don't restrict Report MAP size
2022-08-16 22:05 [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size Luiz Augusto von Dentz
2022-08-16 22:05 ` [BlueZ PATCH v2 2/2] hog-lib: Fix scan-build error Luiz Augusto von Dentz
@ 2022-08-16 23:13 ` bluez.test.bot
2022-08-16 23:20 ` [BlueZ PATCH v2 1/2] " patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2022-08-16 23:13 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 1051 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=668224
---Test result---
Test Summary:
CheckPatch PASS 1.39 seconds
GitLint PASS 0.92 seconds
Prep - Setup ELL PASS 32.69 seconds
Build - Prep PASS 0.70 seconds
Build - Configure PASS 10.39 seconds
Build - Make PASS 991.54 seconds
Make Check PASS 12.29 seconds
Make Check w/Valgrind PASS 345.94 seconds
Make Distcheck PASS 295.42 seconds
Build w/ext ELL - Configure PASS 10.63 seconds
Build w/ext ELL - Make PASS 98.58 seconds
Incremental Build w/ patches PASS 234.28 seconds
Scan Build PASS 617.84 seconds
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size
2022-08-16 22:05 [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size Luiz Augusto von Dentz
2022-08-16 22:05 ` [BlueZ PATCH v2 2/2] hog-lib: Fix scan-build error Luiz Augusto von Dentz
2022-08-16 23:13 ` [BlueZ,v2,1/2] hog-lib: Don't restrict Report MAP size bluez.test.bot
@ 2022-08-16 23:20 ` patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+bluetooth @ 2022-08-16 23:20 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 16 Aug 2022 15:05:47 -0700 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> Although HIDS spec is quite clear the Report MAP shall be limited to
> 512 bytes it doesn't seem OS do enforce that on the profile/client side
> and since there isn't any qualification test enforcing it either there
> are quite many devices which uses Report MAP bigger that 512 bytes
> (e.g.: Brydge W-Touch and Lenovo Duet 3 BT Folio).
>
> [...]
Here is the summary with links:
- [BlueZ,v2,1/2] hog-lib: Don't restrict Report MAP size
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=952c08ff50c5
- [BlueZ,v2,2/2] hog-lib: Fix scan-build error
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=60663d4af3ff
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-16 23:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-16 22:05 [BlueZ PATCH v2 1/2] hog-lib: Don't restrict Report MAP size Luiz Augusto von Dentz
2022-08-16 22:05 ` [BlueZ PATCH v2 2/2] hog-lib: Fix scan-build error Luiz Augusto von Dentz
2022-08-16 23:13 ` [BlueZ,v2,1/2] hog-lib: Don't restrict Report MAP size bluez.test.bot
2022-08-16 23:20 ` [BlueZ PATCH v2 1/2] " patchwork-bot+bluetooth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.