[PATCH BlueZ v2 0/3] mesh: Fix various valgrind identified problems

[PATCH BlueZ v2 0/3] mesh: Fix various valgrind identified problems

[Brian Gix]

This patchset addresses a few valgrind identified errors, including some
instances where memory was used after freeing.  All three patches relate
to the memory allocated for Provisioning purposes.

This includes the patch from Prathyusha that fixes close indication.

Brian Gix (2):
  mesh: Rearrange PB-ACK for possible session close
  mesh: Fix memory leak in Join() API call

Prathyusha N (1):
  mesh: Fix to send close indication on timeout

 mesh/mesh.c          |  7 +++++--
 mesh/net.c           |  1 -
 mesh/pb-adv.c        | 10 ++++------
 mesh/prov-acceptor.c |  1 +
 4 files changed, 10 insertions(+), 9 deletions(-)

-- 
2.21.0

[PATCH BlueZ v2 1/3] mesh: Fix to send close indication on timeout

[Brian Gix]

From: Prathyusha N <prathyusha.n@samsung.com>

If pb_session is freed in timeout, close indication will not be sent.
pb_session is freed in pb_adv_unreg() and hence removed from tx_timeout.
Added acceptor_free() in acp_prov_close() to ensure pb_session is freed.
---
 mesh/pb-adv.c        | 2 --
 mesh/prov-acceptor.c | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/mesh/pb-adv.c b/mesh/pb-adv.c
index 19d14532a..586cd7f15 100644
--- a/mesh/pb-adv.c
+++ b/mesh/pb-adv.c
@@ -175,8 +175,6 @@ static void tx_timeout(struct l_timeout *timeout, void *user_data)
 	l_info("TX timeout");
 	cb = pb_session->close_cb;
 	user_data = pb_session->user_data;
-	l_free(pb_session);
-	pb_session = NULL;
 	cb(user_data, 1);
 }
 
diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index bca019358..03972c227 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -121,6 +121,7 @@ static void acceptor_free(void)
 static void acp_prov_close(void *user_data, uint8_t reason)
 {
 	/* TODO: Handle Close */
+	acceptor_free();
 }
 
 static void prov_to(struct l_timeout *timeout, void *user_data)
-- 
2.21.0

[PATCH BlueZ v2 2/3] mesh: Rearrange PB-ACK for possible session close

[Brian Gix]

In certain circumstances, reception of PB-ADV messages may trigger
session close. This rearrange ACKs new verified messages before
performing call-back to avoid situations where the session no longer
exists after the message has been handled.

This caused static analysis errors during provisioning, which are now
addressed.
---
 mesh/net.c    | 1 -
 mesh/pb-adv.c | 8 ++++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/mesh/net.c b/mesh/net.c
index 61dd8be32..a60327272 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -2381,7 +2381,6 @@ static enum _relay_advice packet_received(void *user_data,
 		l_info("RX: App 0x%04x -> 0x%04x : TTL 0x%02x : SEQ 0x%06x",
 					net_src, net_dst, net_ttl, net_seq);
 
-		l_debug("seq:%x seq0:%x", net_seq, net_seqZero);
 		if (net_ctl) {
 			l_debug("CTL - %4.4x RX", net_seqZero);
 			if (net_opcode == NET_OP_SEG_ACKNOWLEDGE) {
diff --git a/mesh/pb-adv.c b/mesh/pb-adv.c
index 586cd7f15..27cbc469e 100644
--- a/mesh/pb-adv.c
+++ b/mesh/pb-adv.c
@@ -254,7 +254,7 @@ static void pb_adv_packet(void *user_data, const uint8_t *pkt, uint16_t len)
 	uint8_t type;
 	bool first;
 
-	if (!session || pb_session != session)
+	if (!pb_session || pb_session != session)
 		return;
 
 	link_id = l_get_be32(pkt + 1);
@@ -426,14 +426,14 @@ static void pb_adv_packet(void *user_data, const uint8_t *pkt, uint16_t len)
 			return;
 		}
 
+		send_ack(session, session->peer_trans_num);
+
 		if (session->last_peer_trans_num != session->peer_trans_num) {
 			session->got_segs = 0;
+			session->last_peer_trans_num = session->peer_trans_num;
 			session->rx_cb(session->user_data, session->sar,
 							session->exp_len);
 		}
-
-		session->last_peer_trans_num = session->peer_trans_num;
-		send_ack(session, session->last_peer_trans_num);
 	}
 }
 
-- 
2.21.0

[PATCH BlueZ v2 3/3] mesh: Fix memory leak in Join() API call

[Brian Gix]

---
 mesh/mesh.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mesh/mesh.c b/mesh/mesh.c
index 432620a6a..6d2f86b6d 100644
--- a/mesh/mesh.c
+++ b/mesh/mesh.c
@@ -71,7 +71,7 @@ struct bt_mesh {
 struct join_data{
 	struct l_dbus_message *msg;
 	struct mesh_agent *agent;
-	const char *sender;
+	char *sender;
 	const char *app_path;
 	struct mesh_node *node;
 	uint32_t disc_watch;
@@ -310,6 +310,7 @@ static void free_pending_join_call(bool failed)
 	if (failed)
 		node_remove(join_pending->node);
 
+	l_free(join_pending->sender);
 	l_free(join_pending);
 	join_pending = NULL;
 }
@@ -373,8 +374,10 @@ static void prov_disc_cb(struct l_dbus *bus, void *user_data)
 	if (!join_pending)
 		return;
 
-	if (join_pending->msg)
+	if (join_pending->msg) {
 		l_dbus_message_unref(join_pending->msg);
+		join_pending->msg = NULL;
+	}
 
 	acceptor_cancel(&mesh);
 	join_pending->disc_watch = 0;
-- 
2.21.0

Re: [PATCH BlueZ v2 0/3] mesh: Fix various valgrind identified problems

[Gix, Brian]

Patchset Applied

On Tue, 2019-12-03 at 13:04 -0800, Brian Gix wrote:
> This patchset addresses a few valgrind identified errors, including some
> instances where memory was used after freeing.  All three patches relate
> to the memory allocated for Provisioning purposes.
> 
> This includes the patch from Prathyusha that fixes close indication.
> 
> Brian Gix (2):
>   mesh: Rearrange PB-ACK for possible session close
>   mesh: Fix memory leak in Join() API call
> 
> Prathyusha N (1):
>   mesh: Fix to send close indication on timeout
> 
>  mesh/mesh.c          |  7 +++++--
>  mesh/net.c           |  1 -
>  mesh/pb-adv.c        | 10 ++++------
>  mesh/prov-acceptor.c |  1 +
>  4 files changed, 10 insertions(+), 9 deletions(-)
>