Skip to content

Commit 4409462

Browse files
Thalleykoffes
Thalley
authored and
koffes
committed
[nrf fromtree] Bluetooth: CSIP: Handle disconnects while in procedure
If a device disconnects while we are in a procedure then get_next_active_instance would return a service instance pointer with the `conn` set to NULL. The issue was caused by the set_info being potentially memset when the device that disconnected was the one that held the set_info pointer. The solution is to not use a pointer, but rather a copy of the set_info, so that the active.set_info value is still valid after a disconnect. Since the set_info is not longer a pointer to a specific set_info from one of the members, the logs have been updated as well, as the pointer of the active.set_info is useless for debugging. Signed-off-by: Emil Gydesen <[email protected]> (cherry picked from commit 1f1e4af)
1 parent 35c7af0 commit 4409462

File tree

1 file changed

+19
-19
lines changed

1 file changed

+19
-19
lines changed

subsys/bluetooth/audio/csip_set_coordinator.c

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ LOG_MODULE_REGISTER(bt_csip_set_coordinator, CONFIG_BT_CSIP_SET_COORDINATOR_LOG_
5858

5959
static struct active_members {
6060
struct bt_csip_set_coordinator_set_member *members[CONFIG_BT_MAX_CONN];
61-
const struct bt_csip_set_coordinator_set_info *info;
61+
struct bt_csip_set_coordinator_set_info info;
6262
uint8_t members_count;
6363
uint8_t members_handled;
6464
uint8_t members_restored;
@@ -169,7 +169,7 @@ static struct bt_csip_set_coordinator_svc_inst *lookup_instance_by_set_info(
169169

170170
member_set_info = &member->insts[i].info;
171171
if (member_set_info->set_size == set_info->set_size &&
172-
memcmp(&member_set_info->sirk, &set_info->sirk, sizeof(set_info->sirk)) == 0) {
172+
memcmp(member_set_info->sirk, set_info->sirk, sizeof(set_info->sirk)) == 0) {
173173
return bt_csip_set_coordinator_lookup_instance_by_index(inst->conn, i);
174174
}
175175
}
@@ -184,9 +184,9 @@ static struct bt_csip_set_coordinator_svc_inst *get_next_active_instance(void)
184184

185185
member = active.members[active.members_handled];
186186

187-
svc_inst = lookup_instance_by_set_info(member, active.info);
187+
svc_inst = lookup_instance_by_set_info(member, &active.info);
188188
if (svc_inst == NULL) {
189-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
189+
LOG_DBG("Failed to lookup instance by set_info");
190190
}
191191

192192
return svc_inst;
@@ -201,8 +201,8 @@ static int member_rank_compare_asc(const void *m1, const void *m2)
201201
struct bt_csip_set_coordinator_svc_inst *svc_inst_1;
202202
struct bt_csip_set_coordinator_svc_inst *svc_inst_2;
203203

204-
svc_inst_1 = lookup_instance_by_set_info(member_1, active.info);
205-
svc_inst_2 = lookup_instance_by_set_info(member_2, active.info);
204+
svc_inst_1 = lookup_instance_by_set_info(member_1, &active.info);
205+
svc_inst_2 = lookup_instance_by_set_info(member_2, &active.info);
206206

207207
if (svc_inst_1 == NULL) {
208208
LOG_ERR("svc_inst_1 was NULL for member %p", member_1);
@@ -232,7 +232,7 @@ static void active_members_store_ordered(const struct bt_csip_set_coordinator_se
232232
{
233233
(void)memcpy(active.members, members, count * sizeof(members[0U]));
234234
active.members_count = count;
235-
active.info = info;
235+
memcpy(&active.info, info, sizeof(active.info));
236236

237237
if (count > 1U && CONFIG_BT_MAX_CONN > 1) {
238238
qsort(active.members, count, sizeof(members[0U]),
@@ -1080,7 +1080,7 @@ static void csip_set_coordinator_write_restore_cb(struct bt_conn *conn,
10801080
int csip_err;
10811081

10821082
member = active.members[active.members_handled - active.members_restored - 1];
1083-
client->cur_inst = lookup_instance_by_set_info(member, active.info);
1083+
client->cur_inst = lookup_instance_by_set_info(member, &active.info);
10841084
if (client->cur_inst == NULL) {
10851085
release_set_complete(-ENOENT);
10861086

@@ -1115,9 +1115,9 @@ static void csip_set_coordinator_write_lock_cb(struct bt_conn *conn,
11151115
active.members_restored = 0;
11161116

11171117
member = active.members[active.members_handled - active.members_restored];
1118-
client->cur_inst = lookup_instance_by_set_info(member, active.info);
1118+
client->cur_inst = lookup_instance_by_set_info(member, &active.info);
11191119
if (client->cur_inst == NULL) {
1120-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1120+
LOG_DBG("Failed to lookup instance by set_info");
11211121

11221122
lock_set_complete(-ENOENT);
11231123
return;
@@ -1215,7 +1215,7 @@ static void csip_set_coordinator_write_release_cb(struct bt_conn *conn, uint8_t
12151215

12161216
static void csip_set_coordinator_lock_state_read_cb(int err, bool locked)
12171217
{
1218-
const struct bt_csip_set_coordinator_set_info *info = active.info;
1218+
const struct bt_csip_set_coordinator_set_info *info = &active.info;
12191219
struct bt_csip_set_coordinator_set_member *cur_member = NULL;
12201220

12211221
if (err || locked) {
@@ -1607,9 +1607,9 @@ csip_set_coordinator_get_lock_state(const struct bt_csip_set_coordinator_set_mem
16071607
for (uint8_t i = 0U; i < count; i++) {
16081608
struct bt_csip_set_coordinator_svc_inst *svc_inst;
16091609

1610-
svc_inst = lookup_instance_by_set_info(active.members[i], active.info);
1610+
svc_inst = lookup_instance_by_set_info(active.members[i], &active.info);
16111611
if (svc_inst == NULL) {
1612-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1612+
LOG_DBG("Failed to lookup instance by set_info");
16131613

16141614
active_members_reset();
16151615
return -ENOENT;
@@ -1633,11 +1633,11 @@ csip_set_coordinator_get_lock_state(const struct bt_csip_set_coordinator_set_mem
16331633
* here.
16341634
*/
16351635
if (active.oap_cb == NULL ||
1636-
!active.oap_cb(active.info, active.members, active.members_count)) {
1636+
!active.oap_cb(&active.info, active.members, active.members_count)) {
16371637
err = -ECANCELED;
16381638
}
16391639

1640-
ordered_access_complete(active.info, err, false, NULL);
1640+
ordered_access_complete(&active.info, err, false, NULL);
16411641
}
16421642

16431643
return err;
@@ -1690,9 +1690,9 @@ int bt_csip_set_coordinator_lock(
16901690

16911691
active_members_store_ordered(members, count, set_info, true);
16921692

1693-
svc_inst = lookup_instance_by_set_info(active.members[0], active.info);
1693+
svc_inst = lookup_instance_by_set_info(active.members[0], &active.info);
16941694
if (svc_inst == NULL) {
1695-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1695+
LOG_DBG("Failed to lookup instance by set_info");
16961696

16971697
active_members_reset();
16981698
return -ENOENT;
@@ -1732,9 +1732,9 @@ int bt_csip_set_coordinator_release(const struct bt_csip_set_coordinator_set_mem
17321732

17331733
active_members_store_ordered(members, count, set_info, false);
17341734

1735-
svc_inst = lookup_instance_by_set_info(active.members[0], active.info);
1735+
svc_inst = lookup_instance_by_set_info(active.members[0], &active.info);
17361736
if (svc_inst == NULL) {
1737-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1737+
LOG_DBG("Failed to lookup instance by set_info");
17381738

17391739
active_members_reset();
17401740
return -ENOENT;

0 commit comments

Comments
 (0)