Skip to content

Commit 1f1e4af

Browse files
Thalleymmahadevan108
Thalley
authored and
mmahadevan108
committed
Bluetooth: CSIP: Handle disconnects while in procedure
If a device disconnects while we are in a procedure then get_next_active_instance would return a service instance pointer with the `conn` set to NULL. The issue was caused by the set_info being potentially memset when the device that disconnected was the one that held the set_info pointer. The solution is to not use a pointer, but rather a copy of the set_info, so that the active.set_info value is still valid after a disconnect. Since the set_info is not longer a pointer to a specific set_info from one of the members, the logs have been updated as well, as the pointer of the active.set_info is useless for debugging. Signed-off-by: Emil Gydesen <[email protected]>
1 parent b710167 commit 1f1e4af

File tree

1 file changed

+19
-19
lines changed

1 file changed

+19
-19
lines changed

subsys/bluetooth/audio/csip_set_coordinator.c

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ LOG_MODULE_REGISTER(bt_csip_set_coordinator, CONFIG_BT_CSIP_SET_COORDINATOR_LOG_
5858

5959
static struct active_members {
6060
struct bt_csip_set_coordinator_set_member *members[CONFIG_BT_MAX_CONN];
61-
const struct bt_csip_set_coordinator_set_info *info;
61+
struct bt_csip_set_coordinator_set_info info;
6262
uint8_t members_count;
6363
uint8_t members_handled;
6464
uint8_t members_restored;
@@ -169,7 +169,7 @@ static struct bt_csip_set_coordinator_svc_inst *lookup_instance_by_set_info(
169169

170170
member_set_info = &member->insts[i].info;
171171
if (member_set_info->set_size == set_info->set_size &&
172-
memcmp(&member_set_info->sirk, &set_info->sirk, sizeof(set_info->sirk)) == 0) {
172+
memcmp(member_set_info->sirk, set_info->sirk, sizeof(set_info->sirk)) == 0) {
173173
return bt_csip_set_coordinator_lookup_instance_by_index(inst->conn, i);
174174
}
175175
}
@@ -184,9 +184,9 @@ static struct bt_csip_set_coordinator_svc_inst *get_next_active_instance(void)
184184

185185
member = active.members[active.members_handled];
186186

187-
svc_inst = lookup_instance_by_set_info(member, active.info);
187+
svc_inst = lookup_instance_by_set_info(member, &active.info);
188188
if (svc_inst == NULL) {
189-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
189+
LOG_DBG("Failed to lookup instance by set_info");
190190
}
191191

192192
return svc_inst;
@@ -201,8 +201,8 @@ static int member_rank_compare_asc(const void *m1, const void *m2)
201201
struct bt_csip_set_coordinator_svc_inst *svc_inst_1;
202202
struct bt_csip_set_coordinator_svc_inst *svc_inst_2;
203203

204-
svc_inst_1 = lookup_instance_by_set_info(member_1, active.info);
205-
svc_inst_2 = lookup_instance_by_set_info(member_2, active.info);
204+
svc_inst_1 = lookup_instance_by_set_info(member_1, &active.info);
205+
svc_inst_2 = lookup_instance_by_set_info(member_2, &active.info);
206206

207207
if (svc_inst_1 == NULL) {
208208
LOG_ERR("svc_inst_1 was NULL for member %p", member_1);
@@ -232,7 +232,7 @@ static void active_members_store_ordered(const struct bt_csip_set_coordinator_se
232232
{
233233
(void)memcpy(active.members, members, count * sizeof(members[0U]));
234234
active.members_count = count;
235-
active.info = info;
235+
memcpy(&active.info, info, sizeof(active.info));
236236

237237
if (count > 1U && CONFIG_BT_MAX_CONN > 1) {
238238
qsort(active.members, count, sizeof(members[0U]),
@@ -1079,7 +1079,7 @@ static void csip_set_coordinator_write_restore_cb(struct bt_conn *conn,
10791079
int csip_err;
10801080

10811081
member = active.members[active.members_handled - active.members_restored - 1];
1082-
client->cur_inst = lookup_instance_by_set_info(member, active.info);
1082+
client->cur_inst = lookup_instance_by_set_info(member, &active.info);
10831083
if (client->cur_inst == NULL) {
10841084
release_set_complete(-ENOENT);
10851085

@@ -1114,9 +1114,9 @@ static void csip_set_coordinator_write_lock_cb(struct bt_conn *conn,
11141114
active.members_restored = 0;
11151115

11161116
member = active.members[active.members_handled - active.members_restored];
1117-
client->cur_inst = lookup_instance_by_set_info(member, active.info);
1117+
client->cur_inst = lookup_instance_by_set_info(member, &active.info);
11181118
if (client->cur_inst == NULL) {
1119-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1119+
LOG_DBG("Failed to lookup instance by set_info");
11201120

11211121
lock_set_complete(-ENOENT);
11221122
return;
@@ -1214,7 +1214,7 @@ static void csip_set_coordinator_write_release_cb(struct bt_conn *conn, uint8_t
12141214

12151215
static void csip_set_coordinator_lock_state_read_cb(int err, bool locked)
12161216
{
1217-
const struct bt_csip_set_coordinator_set_info *info = active.info;
1217+
const struct bt_csip_set_coordinator_set_info *info = &active.info;
12181218
struct bt_csip_set_coordinator_set_member *cur_member = NULL;
12191219

12201220
if (err || locked) {
@@ -1606,9 +1606,9 @@ csip_set_coordinator_get_lock_state(const struct bt_csip_set_coordinator_set_mem
16061606
for (uint8_t i = 0U; i < count; i++) {
16071607
struct bt_csip_set_coordinator_svc_inst *svc_inst;
16081608

1609-
svc_inst = lookup_instance_by_set_info(active.members[i], active.info);
1609+
svc_inst = lookup_instance_by_set_info(active.members[i], &active.info);
16101610
if (svc_inst == NULL) {
1611-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1611+
LOG_DBG("Failed to lookup instance by set_info");
16121612

16131613
active_members_reset();
16141614
return -ENOENT;
@@ -1632,11 +1632,11 @@ csip_set_coordinator_get_lock_state(const struct bt_csip_set_coordinator_set_mem
16321632
* here.
16331633
*/
16341634
if (active.oap_cb == NULL ||
1635-
!active.oap_cb(active.info, active.members, active.members_count)) {
1635+
!active.oap_cb(&active.info, active.members, active.members_count)) {
16361636
err = -ECANCELED;
16371637
}
16381638

1639-
ordered_access_complete(active.info, err, false, NULL);
1639+
ordered_access_complete(&active.info, err, false, NULL);
16401640
}
16411641

16421642
return err;
@@ -1718,9 +1718,9 @@ int bt_csip_set_coordinator_lock(
17181718

17191719
active_members_store_ordered(members, count, set_info, true);
17201720

1721-
svc_inst = lookup_instance_by_set_info(active.members[0], active.info);
1721+
svc_inst = lookup_instance_by_set_info(active.members[0], &active.info);
17221722
if (svc_inst == NULL) {
1723-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1723+
LOG_DBG("Failed to lookup instance by set_info");
17241724

17251725
active_members_reset();
17261726
return -ENOENT;
@@ -1764,9 +1764,9 @@ int bt_csip_set_coordinator_release(const struct bt_csip_set_coordinator_set_mem
17641764

17651765
active_members_store_ordered(members, count, set_info, false);
17661766

1767-
svc_inst = lookup_instance_by_set_info(active.members[0], active.info);
1767+
svc_inst = lookup_instance_by_set_info(active.members[0], &active.info);
17681768
if (svc_inst == NULL) {
1769-
LOG_DBG("Failed to lookup instance by set_info %p", active.info);
1769+
LOG_DBG("Failed to lookup instance by set_info");
17701770

17711771
active_members_reset();
17721772
return -ENOENT;

0 commit comments

Comments
 (0)