[BlueZ,4/4] device: Fix crash when removing device

Message ID	20220211001840.22566-4-hj.tedd.an@gmail.com
State	New
Headers	show Return-Path: <linux-bluetooth-owner@kernel.org> From: Tedd Ho-Jeong An <hj.tedd.an@gmail.com> To: linux-bluetooth@vger.kernel.org Subject: [BlueZ PATCH 4/4] device: Fix crash when removing device Date: Thu, 10 Feb 2022 16:18:40 -0800 Message-Id: <20220211001840.22566-4-hj.tedd.an@gmail.com> In-Reply-To: <20220211001840.22566-1-hj.tedd.an@gmail.com> References: <20220211001840.22566-1-hj.tedd.an@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[BlueZ,1/4] adapter: Fix the reusing gerror without re-initialization \| expand [BlueZ,1/4] adapter: Fix the reusing gerror without re-initialization [BlueZ,2/4] device: Fix the reusing gerror without re-initialization [BlueZ,3/4] profiles: Fix the reusing gerror without re-initialization [BlueZ,4/4] device: Fix crash when removing device

Message ID

20220211001840.22566-4-hj.tedd.an@gmail.com

State

New

Headers

From: Tedd Ho-Jeong An <hj.tedd.an@gmail.com>
To: linux-bluetooth@vger.kernel.org
Subject: [BlueZ PATCH 4/4] device: Fix crash when removing device
Date: Thu, 10 Feb 2022 16:18:40 -0800
Message-Id: <20220211001840.22566-4-hj.tedd.an@gmail.com>
In-Reply-To: <20220211001840.22566-1-hj.tedd.an@gmail.com>
References: <20220211001840.22566-1-hj.tedd.an@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[BlueZ,1/4] adapter: Fix the reusing gerror without re-initialization | expand

Commit Message

Tedd Ho-Jeong An Feb. 11, 2022, 12:18 a.m. UTC

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Calling btd_adapter_remove_device from device_remove_connection can
cause a crash, so instead of removing it immediatelly this set a the
temporary timeout to 0.

Fixes: https://github.com/bluez/bluez/issues/290
---
 src/device.c | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/device.c b/src/device.c
index 6a7bdd207..52e2399dd 100644
--- a/src/device.c
+++ b/src/device.c
@@ -3200,6 +3200,28 @@  void device_add_connection(struct btd_device *dev, uint8_t bdaddr_type)
 								"Connected");
 }
 
+static bool device_disappeared(gpointer user_data)
+{
+	struct btd_device *dev = user_data;
+
+	dev->temporary_timer = 0;
+
+	btd_adapter_remove_device(dev->adapter, dev);
+
+	return FALSE;
+}
+
+static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
+{
+	clear_temporary_timer(dev);
+
+	if (!timeout)
+		return;
+
+	dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
+								dev, NULL);
+}
+
 void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
 {
 	struct bearer_state *state = get_state(device, bdaddr_type);
@@ -3285,7 +3307,7 @@  void device_remove_connection(struct btd_device *device, uint8_t bdaddr_type)
 						DEVICE_INTERFACE, "Connected");
 
 	if (remove_device)
-		btd_adapter_remove_device(device->adapter, device);
+		set_temporary_timer(device, 0);
 }
 
 guint device_add_disconnect_watch(struct btd_device *device,
@@ -4590,28 +4612,6 @@  void device_set_le_support(struct btd_device *device, uint8_t bdaddr_type)
 	store_device_info(device);
 }
 
-static bool device_disappeared(gpointer user_data)
-{
-	struct btd_device *dev = user_data;
-
-	dev->temporary_timer = 0;
-
-	btd_adapter_remove_device(dev->adapter, dev);
-
-	return FALSE;
-}
-
-static void set_temporary_timer(struct btd_device *dev, unsigned int timeout)
-{
-	clear_temporary_timer(dev);
-
-	if (!timeout)
-		return;
-
-	dev->temporary_timer = timeout_add_seconds(timeout, device_disappeared,
-								dev, NULL);
-}
-
 void device_update_last_seen(struct btd_device *device, uint8_t bdaddr_type)
 {
 	if (bdaddr_type == BDADDR_BREDR)

[BlueZ,4/4] device: Fix crash when removing device

Commit Message

Patch