All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed
@ 2023-01-24 23:59 Luiz Augusto von Dentz
  2023-01-24 23:59 ` [PATCH v2 2/3] bap: Fix not setting stream to NULL Luiz Augusto von Dentz
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2023-01-24 23:59 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

When local PAC is removed we attempt to release the streams but we left
it still attached to the endpoint, so this makes sure the stream is
properly detached by setting its state to idle.

Fixes: https://github.com/bluez/bluez/issues/457
---
 src/shared/bap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/shared/bap.c b/src/shared/bap.c
index db7def7999b7..4ba65cbaa8f9 100644
--- a/src/shared/bap.c
+++ b/src/shared/bap.c
@@ -2478,8 +2478,10 @@ static void remove_streams(void *data, void *user_data)
 	struct bt_bap_stream *stream;
 
 	stream = queue_remove_if(bap->streams, match_stream_lpac, pac);
-	if (stream)
+	if (stream) {
 		bt_bap_stream_release(stream, NULL, NULL);
+		stream_set_state(stream, BT_BAP_STREAM_STATE_IDLE);
+	}
 }
 
 bool bt_bap_remove_pac(struct bt_bap_pac *pac)
-- 
2.37.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v2 2/3] bap: Fix not setting stream to NULL
  2023-01-24 23:59 [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed Luiz Augusto von Dentz
@ 2023-01-24 23:59 ` Luiz Augusto von Dentz
  2023-01-24 23:59 ` [PATCH v2 3/3] bap: Fix not removing endpoint if local PAC is unregistered Luiz Augusto von Dentz
  2023-01-25  2:37 ` [v2,1/3] shared/bap: Fix not detaching streams when PAC is removed bluez.test.bot
  2 siblings, 0 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2023-01-24 23:59 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

If the stream state is idle the ep->stream shall be set to NULL
otherwise it may be reused causing the following trace:

==32623==ERROR: AddressSanitizer: heap-use-after-free on address ...
 READ of size 8 at 0x60b000103550 thread T0
    #0 0x7bf7b7 in bap_stream_valid src/shared/bap.c:4065
    #1 0x7bf981 in bt_bap_stream_config src/shared/bap.c:4082
    #2 0x51a7c8 in bap_config profiles/audio/bap.c:584
    #3 0x71b907 in queue_foreach src/shared/queue.c:207
    #4 0x51b61f in select_cb profiles/audio/bap.c:626
    #5 0x4691ed in pac_select_cb profiles/audio/media.c:884
    #6 0x4657ea in endpoint_reply profiles/audio/media.c:369

Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1399232486
---
 profiles/audio/bap.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index ae944b617bb4..8f24117681d2 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -998,9 +998,10 @@ static void bap_state(struct bt_bap_stream *stream, uint8_t old_state,
 	switch (new_state) {
 	case BT_BAP_STREAM_STATE_IDLE:
 		/* Release stream if idle */
-		if (ep)
+		if (ep) {
 			bap_io_close(ep);
-		else
+			ep->stream = NULL;
+		} else
 			queue_remove(data->streams, stream);
 		break;
 	case BT_BAP_STREAM_STATE_CONFIG:
-- 
2.37.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v2 3/3] bap: Fix not removing endpoint if local PAC is unregistered
  2023-01-24 23:59 [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed Luiz Augusto von Dentz
  2023-01-24 23:59 ` [PATCH v2 2/3] bap: Fix not setting stream to NULL Luiz Augusto von Dentz
@ 2023-01-24 23:59 ` Luiz Augusto von Dentz
  2023-01-25  2:37 ` [v2,1/3] shared/bap: Fix not detaching streams when PAC is removed bluez.test.bot
  2 siblings, 0 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2023-01-24 23:59 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

If local PAC is unregistered it would also notify via pac_removed
callback which shall unregister the endpoint D-Bus object.

Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1402178691
---
 profiles/audio/bap.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c
index 8f24117681d2..5a50a2cc6105 100644
--- a/profiles/audio/bap.c
+++ b/profiles/audio/bap.c
@@ -1049,12 +1049,12 @@ static void pac_added(struct bt_bap_pac *pac, void *user_data)
 	bt_bap_foreach_pac(data->bap, BT_BAP_SINK, pac_found, service);
 }
 
-static bool ep_match_rpac(const void *data, const void *match_data)
+static bool ep_match_pac(const void *data, const void *match_data)
 {
 	const struct bap_ep *ep = data;
 	const struct bt_bap_pac *pac = match_data;
 
-	return ep->rpac == pac;
+	return ep->rpac == pac || ep->lpac == pac;
 }
 
 static void pac_removed(struct bt_bap_pac *pac, void *user_data)
@@ -1082,7 +1082,7 @@ static void pac_removed(struct bt_bap_pac *pac, void *user_data)
 		return;
 	}
 
-	ep = queue_remove_if(queue, ep_match_rpac, pac);
+	ep = queue_remove_if(queue, ep_match_pac, pac);
 	if (!ep)
 		return;
 
-- 
2.37.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* RE: [v2,1/3] shared/bap: Fix not detaching streams when PAC is removed
  2023-01-24 23:59 [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed Luiz Augusto von Dentz
  2023-01-24 23:59 ` [PATCH v2 2/3] bap: Fix not setting stream to NULL Luiz Augusto von Dentz
  2023-01-24 23:59 ` [PATCH v2 3/3] bap: Fix not removing endpoint if local PAC is unregistered Luiz Augusto von Dentz
@ 2023-01-25  2:37 ` bluez.test.bot
  2 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2023-01-25  2:37 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz

[-- Attachment #1: Type: text/plain, Size: 948 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=715328

---Test result---

Test Summary:
CheckPatch                    PASS      1.58 seconds
GitLint                       PASS      0.99 seconds
BuildEll                      PASS      27.87 seconds
BluezMake                     PASS      1017.09 seconds
MakeCheck                     PASS      11.69 seconds
MakeDistcheck                 PASS      154.62 seconds
CheckValgrind                 PASS      250.50 seconds
CheckSmatch                   PASS      332.76 seconds
bluezmakeextell               PASS      98.83 seconds
IncrementalBuild              PASS      2597.74 seconds
ScanBuild                     PASS      1010.50 seconds



---
Regards,
Linux Bluetooth


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-25  2:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-24 23:59 [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed Luiz Augusto von Dentz
2023-01-24 23:59 ` [PATCH v2 2/3] bap: Fix not setting stream to NULL Luiz Augusto von Dentz
2023-01-24 23:59 ` [PATCH v2 3/3] bap: Fix not removing endpoint if local PAC is unregistered Luiz Augusto von Dentz
2023-01-25  2:37 ` [v2,1/3] shared/bap: Fix not detaching streams when PAC is removed bluez.test.bot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.