From patchwork Tue Jan 24 23:59:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 646116 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0294DC54E94 for ; Tue, 24 Jan 2023 23:59:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233778AbjAXX7c (ORCPT ); Tue, 24 Jan 2023 18:59:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233737AbjAXX7b (ORCPT ); Tue, 24 Jan 2023 18:59:31 -0500 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51E6647423 for ; Tue, 24 Jan 2023 15:59:26 -0800 (PST) Received: by mail-pl1-x62a.google.com with SMTP id d3so16340981plr.10 for ; Tue, 24 Jan 2023 15:59:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=NOP5sc6GAk/5mEPeE8p07kGXaiP2fSMYAITGHTtqSyg=; b=E51nliTiVmyr6q7g7z8RojL9vPC1XdlNjq5b1kIQLsElLRKA8exjH6qbdHGCEc32gr Os8UbSYt4bsKFQ/l5Qtj/QDXaPmi3oppl5tcXhxfF4+15SVE4tzQtQIGATBi6dedQqP6 kllD4FDtXEigTUqlgFhRPrCSYfqoRKhWh8R3UEYXqouJAhKHHchZxLN00eQuT9gFaqCx epcIsNmkp+T4SMj1qQRoJW9l61Jin/ktnRb3ndyNpzNnGYLPrwRQsOTbC933IT4xPW7c 55KIC9fnTceJK3QH4LC2sKMAByNN7zsnr/19NdAmmMA3dWtmvrVSnMuFTB74mwtHmLV2 L7BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NOP5sc6GAk/5mEPeE8p07kGXaiP2fSMYAITGHTtqSyg=; b=ikpjeI3bmuuL+xRI9dZ3YiILt+9fiXR6oPa+wEoUgT2J5x5m5DER2YuTEea2l5mal5 W5+NuGYmtvuqgCRhXUjyttVA8bTz/H9moaTyOwAvs3YHWjmRONBFxPUn+Czv2NBC4Ujf O8BVyEDzzhYn4yq6tHcncffAmC4wnTMNcvoKCLeFlZQ74MZIKixUM9nuamDk+4TerW8T 1d1+aSFE/+L0Wzyp1DHA2TkhCVGpu6Md3Yqv0n7UGWu5JxjDLM8MFNBeZBIVIICsKYa8 4GkIwF2ZDd6qPJ5Cuzeo8kMs9qniRR1UMNuFWAUShxdH/sNIZCLjEm9Wu8sCyRtwRwNK yu1w== X-Gm-Message-State: AFqh2krmwwWQv2PV0MmjoNSxlWf+NBuvgtPvN/bn/UNKiTpaQUW285oE iIuG68T55aTBK3wWPT/qpBtVDtWl6uU= X-Google-Smtp-Source: AMrXdXtQeWcMoBm9cjG9nl4LlKtJcePhyBxyHmMtGVKML4ZcbvimLMlDtwaf7kJeDSrTRBpWiWd4lA== X-Received: by 2002:a05:6a20:4a14:b0:b8:88ea:ca27 with SMTP id fr20-20020a056a204a1400b000b888eaca27mr30942736pzb.53.1674604764995; Tue, 24 Jan 2023 15:59:24 -0800 (PST) Received: from lvondent-mobl4.. (c-71-59-129-171.hsd1.or.comcast.net. [71.59.129.171]) by smtp.gmail.com with ESMTPSA id r3-20020aa79883000000b00585cb0efebbsm2242648pfl.175.2023.01.24.15.59.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Jan 2023 15:59:24 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH v2 1/3] shared/bap: Fix not detaching streams when PAC is removed Date: Tue, 24 Jan 2023 15:59:21 -0800 Message-Id: <20230124235923.3623705-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz When local PAC is removed we attempt to release the streams but we left it still attached to the endpoint, so this makes sure the stream is properly detached by setting its state to idle. Fixes: https://github.com/bluez/bluez/issues/457 --- src/shared/bap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/shared/bap.c b/src/shared/bap.c index db7def7999b7..4ba65cbaa8f9 100644 --- a/src/shared/bap.c +++ b/src/shared/bap.c @@ -2478,8 +2478,10 @@ static void remove_streams(void *data, void *user_data) struct bt_bap_stream *stream; stream = queue_remove_if(bap->streams, match_stream_lpac, pac); - if (stream) + if (stream) { bt_bap_stream_release(stream, NULL, NULL); + stream_set_state(stream, BT_BAP_STREAM_STATE_IDLE); + } } bool bt_bap_remove_pac(struct bt_bap_pac *pac) From patchwork Tue Jan 24 23:59:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 646632 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDDB5C38142 for ; Tue, 24 Jan 2023 23:59:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234037AbjAXX7e (ORCPT ); Tue, 24 Jan 2023 18:59:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230201AbjAXX7b (ORCPT ); Tue, 24 Jan 2023 18:59:31 -0500 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DFE747EC6 for ; Tue, 24 Jan 2023 15:59:28 -0800 (PST) Received: by mail-pg1-x52c.google.com with SMTP id b6so12362980pgi.7 for ; Tue, 24 Jan 2023 15:59:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YQPugu7B9HrwJq2khs0mn0gnme2ItCl7ethv33RJbRQ=; b=K/s17aiLl98ntUgRQYyH6STrBurKU2mJMmOdi0T3Wms+/yIWQu/faoMGYHVpG+9r0X +DYKHpYLDWBCoEqa7YENJjK0AW4/W57bmO3YMAVBBc9KMfSbfbAf120Q/0wy8x1U4VgF r7o6B99FQ0GBzI8S8l3YYU0raL/3VZ/DonFfTFHXB91Q2Bsq92xeHsNm1/xGUYFUuyrZ nfa2+w5/qAmndLt0Eq+KZZZMCBC+tHVBPZ/K4dDEMBgKqTZnFafcAEbbZHCKfzh7EODx ifNZCzEJkN8iwMq3tKmoWzrXpGEFrZf2iEz1tjkEyklOD+/w401ixFyHVIPI34rBsCeM 99gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YQPugu7B9HrwJq2khs0mn0gnme2ItCl7ethv33RJbRQ=; b=lZaF1qJEdZCEj8GJHVGzJyE5tb/bMfmJs36QYsQNAPECf95NBL8zFtAgl2gqozZSs0 kMvCiRdloffF0BUK7KNg52aSTmygtZicJxOk8jlCUbcqKK17pkE9jA3qw7iQMIM1lC/x poQfLMXx7ij9H5fe9g114gFQoYrR0Mg8qLPV+08AqxtOoG/5X7KodW6Ox7hZX2qRCKin 2X0gXs3NNZnOS6O6iuEzsrBDNlsItsP37MJVGqkjgSmlGVmtW0bF18P1zI8AKn1IqFJW s6N8DJz13TrdGbUbpJFksiCBx8zwQ1ohiOlJ4VcIxR+F18W1hDXRJOk/XDkqt0dQMmI8 hpIg== X-Gm-Message-State: AFqh2koJAqAqfJujbg27x6vR9M9GxULAT+9VmL8jSY2t8zYfeYXB3qow LjGuKqXBirX6oozb8o9DeoPe6u1uBjo= X-Google-Smtp-Source: AMrXdXtJ9bzRb2LAMBGff6fPM4k2ntWCagGSbG4Qq+SsS4Qgxrg1Lr4yAMCQ1HoPPDyMEKeaIF1oQA== X-Received: by 2002:a62:61c4:0:b0:581:a8dc:8f95 with SMTP id v187-20020a6261c4000000b00581a8dc8f95mr29357380pfb.12.1674604767138; Tue, 24 Jan 2023 15:59:27 -0800 (PST) Received: from lvondent-mobl4.. (c-71-59-129-171.hsd1.or.comcast.net. [71.59.129.171]) by smtp.gmail.com with ESMTPSA id r3-20020aa79883000000b00585cb0efebbsm2242648pfl.175.2023.01.24.15.59.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Jan 2023 15:59:26 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH v2 2/3] bap: Fix not setting stream to NULL Date: Tue, 24 Jan 2023 15:59:22 -0800 Message-Id: <20230124235923.3623705-2-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20230124235923.3623705-1-luiz.dentz@gmail.com> References: <20230124235923.3623705-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz If the stream state is idle the ep->stream shall be set to NULL otherwise it may be reused causing the following trace: ==32623==ERROR: AddressSanitizer: heap-use-after-free on address ... READ of size 8 at 0x60b000103550 thread T0 #0 0x7bf7b7 in bap_stream_valid src/shared/bap.c:4065 #1 0x7bf981 in bt_bap_stream_config src/shared/bap.c:4082 #2 0x51a7c8 in bap_config profiles/audio/bap.c:584 #3 0x71b907 in queue_foreach src/shared/queue.c:207 #4 0x51b61f in select_cb profiles/audio/bap.c:626 #5 0x4691ed in pac_select_cb profiles/audio/media.c:884 #6 0x4657ea in endpoint_reply profiles/audio/media.c:369 Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1399232486 --- profiles/audio/bap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c index ae944b617bb4..8f24117681d2 100644 --- a/profiles/audio/bap.c +++ b/profiles/audio/bap.c @@ -998,9 +998,10 @@ static void bap_state(struct bt_bap_stream *stream, uint8_t old_state, switch (new_state) { case BT_BAP_STREAM_STATE_IDLE: /* Release stream if idle */ - if (ep) + if (ep) { bap_io_close(ep); - else + ep->stream = NULL; + } else queue_remove(data->streams, stream); break; case BT_BAP_STREAM_STATE_CONFIG: From patchwork Tue Jan 24 23:59:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 646115 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95422C54E94 for ; Tue, 24 Jan 2023 23:59:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233737AbjAXX7g (ORCPT ); Tue, 24 Jan 2023 18:59:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233860AbjAXX7c (ORCPT ); Tue, 24 Jan 2023 18:59:32 -0500 Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A3E047403 for ; Tue, 24 Jan 2023 15:59:29 -0800 (PST) Received: by mail-pg1-x52a.google.com with SMTP id g68so12361853pgc.11 for ; Tue, 24 Jan 2023 15:59:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pEyfkcYx7LLXIX8X8vph7xamuJaRQUiOEiriStKBkK4=; b=bGqGJcfLGQkFGw08+UWZ2Ga/Wtnq/CR2QgezhmmrrdbIrKf/eJrlSbJ9y8eCFiJ2Sh zb+M0b2ZwmelGoasDv9b7PwKfre9f3XJ/qVgaRwMNCDv1J0atG+MXiqeIwZhNgRy3Ynr DOfwPhatW9iRTVN1HaQk13uI9csjQl0R3K2iZbxhr5F16lnzQDk94chxflDPv3OzLSJQ nZBVEvjkx3zSRRevYh59cogM/P3IKTuz+x8OlGlC6eSBg7tYCBR/BNx97mv75xGW3+Bd 8dO32przXIR+ZtiMGWmTfCCHg0mz8oPeq+lmvBEaGZFCAIOVJ0XwPOWTktUO0ZAetaLJ ixvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pEyfkcYx7LLXIX8X8vph7xamuJaRQUiOEiriStKBkK4=; b=njM7h/nDhtmqqEQEGHedxTZNZdODRqEoKSMic8VlAm2+axJAsgY1A+j3n7ZeFE3xhc Fv5+F1/adGoYs8wU1JfBFAL1FjoLDPXOpq+4YFbhZEkIiqwBVv7ZUlPPUej8ETnk1zZH vIFHWyVcNsO5CkbZbXUCUsWzzq1Ek2FXc/j6zD3uvNXDrPGIQ03hyPMeZMuOcmtCEo8q 5BXvAF8qlhmQ1iBbE0w5xoHu9jp0IQw+nzH8tBleWEWOYBnw6eMG5WVN/HtjvoeOyyCK xMzgwCeC+z5fD/FzziR6b5/Dai1btVOp2gnUl93guj1m/Dy+632lX63q4Zu+/Z9t390O QVbg== X-Gm-Message-State: AFqh2krK1yFeP5FZ7HefN+gCZIZQddL68y6pGt4Xln9362aYAMBfIC77 Pr4uMlf8MwFmOgraknFq9o5pDr0OV8s= X-Google-Smtp-Source: AMrXdXtLUgM4/wTdrAFsXIFehN+eBr9hnTyK3mV2wjlp+XOiuZvz0IFnqa3QT322tIEZhpKnwL6nyg== X-Received: by 2002:aa7:8c51:0:b0:58d:8d88:447b with SMTP id e17-20020aa78c51000000b0058d8d88447bmr26458230pfd.2.1674604768189; Tue, 24 Jan 2023 15:59:28 -0800 (PST) Received: from lvondent-mobl4.. (c-71-59-129-171.hsd1.or.comcast.net. [71.59.129.171]) by smtp.gmail.com with ESMTPSA id r3-20020aa79883000000b00585cb0efebbsm2242648pfl.175.2023.01.24.15.59.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Jan 2023 15:59:27 -0800 (PST) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH v2 3/3] bap: Fix not removing endpoint if local PAC is unregistered Date: Tue, 24 Jan 2023 15:59:23 -0800 Message-Id: <20230124235923.3623705-3-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20230124235923.3623705-1-luiz.dentz@gmail.com> References: <20230124235923.3623705-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz If local PAC is unregistered it would also notify via pac_removed callback which shall unregister the endpoint D-Bus object. Fixes: https://github.com/bluez/bluez/issues/457#issuecomment-1402178691 --- profiles/audio/bap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/profiles/audio/bap.c b/profiles/audio/bap.c index 8f24117681d2..5a50a2cc6105 100644 --- a/profiles/audio/bap.c +++ b/profiles/audio/bap.c @@ -1049,12 +1049,12 @@ static void pac_added(struct bt_bap_pac *pac, void *user_data) bt_bap_foreach_pac(data->bap, BT_BAP_SINK, pac_found, service); } -static bool ep_match_rpac(const void *data, const void *match_data) +static bool ep_match_pac(const void *data, const void *match_data) { const struct bap_ep *ep = data; const struct bt_bap_pac *pac = match_data; - return ep->rpac == pac; + return ep->rpac == pac || ep->lpac == pac; } static void pac_removed(struct bt_bap_pac *pac, void *user_data) @@ -1082,7 +1082,7 @@ static void pac_removed(struct bt_bap_pac *pac, void *user_data) return; } - ep = queue_remove_if(queue, ep_match_rpac, pac); + ep = queue_remove_if(queue, ep_match_pac, pac); if (!ep) return;