| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This allow to remove number of local variables used only to get device
address and pass it as pointer later on.
bdaddr_type parameter is also removed as there is device_get_addr_type
already present which can be used to get it if needed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Most uses of adapter_get_address were in form of:
bdaddr_t addr;
adapter_get_address(adapter, &addr);
foo(&addr);
Changing it to getter makes code simpler and avoid number of not
needed memcpy.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Besides being hand-written, it was wrong which leads to confusion with
the AVDTP.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
96 (16 direct, 80 indirect) bytes in 1 blocks are definitely lost in loss record 261 of 338
at 0x4A0884D: malloc (vg_replace_malloc.c:263)
by 0x4C803FE: g_malloc (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C94801: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C95B42: g_slist_append (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x12FDAD: state_changed (avrcp.c:1401)
by 0x12D3B1: avctp_set_state (avctp.c:406)
by 0x12E5C4: avctp_confirm_cb (avctp.c:896)
by 0x1607D3: server_cb (btio.c:254)
by 0x4C7A824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C7AB57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C7AF51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x120EB1: main (main.c:551)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Invalid read of size 8
at 0x1310E3: avrcp_unregister_player (avrcp.c:1604)
by 0x13EB57: path_free (media.c:1834)
by 0x123208: remove_interface.isra.1 (object.c:558)
by 0x1238DD: g_dbus_unregister_interface (object.c:705)
by 0x124BB8: media_server_remove (manager.c:1077)
by 0x4E91C5C: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x17B349: adapter_remove (adapter.c:2309)
by 0x176F39: manager_cleanup (manager.c:290)
by 0x120E65: main (main.c:555)
Address 0x6685058 is 24 bytes inside a block of size 80 free'd
at 0x4C279AE: free (vg_replace_malloc.c:427)
by 0x4E7C50E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x12FC97: state_changed (avrcp.c:1380)
by 0x12D351: avctp_set_state (avctp.c:396)
by 0x12D7B4: session_cb (avctp.c:601)
by 0x4E76824: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4E76B57: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4E76F51: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x120E51: main (main.c:551)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
16 bytes in 1 blocks are definitely lost in loss record 111 of 359
at 0x4A0884D: malloc (vg_replace_malloc.c:263)
by 0x4C8026E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C94671: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C959B2: g_slist_append (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x130FCC: avrcp_register_player (avrcp.c:1584)
by 0x13FA1F: register_player (media.c:1689)
by 0x123100: process_message.isra.0 (object.c:197)
by 0x4F70684: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F6290C: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x121747: message_dispatch (mainloop.c:76)
by 0x4C7B22A: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C7A694: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
|
| |
|
|
|
| |
If the gateway is already connected (or connecting) when Connect() is
called, an error should be returned, exactly as other interfaces do.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFCOMM and SCO watches need to be removed in gateway_close(), otherwise
the watch callbacks might get called later on, resulting in a second
call to gateway_close().
The issue can be easily reproduced if a device is removed (unpaired) a
device while HFP gateway is connected:
bluetoothd[26579]: audio/gateway.c:path_unregister() Unregistered interface org.bluez.HandsfreeGateway on path /org/bluez/26579/hci0/dev_90_84_0D_B2_C7_04
bluetoothd[26579]: audio/media.c:gateway_state_changed()
bluetoothd[26579]: audio/media.c:gateway_state_changed() Clear endpoint 0x555555822cb0
bluetoothd[26579]: audio/source.c:path_unregister() Unregistered interface org.bluez.AudioSource on path /org/bluez/26579/hci0/dev_90_84_0D_B2_C7_04
bluetoothd[26579]: audio/avdtp.c:avdtp_unref() 0x555555827980: ref=2
bluetoothd[26579]: src/device.c:btd_device_unref() 0x55555581a470: ref=1
bluetoothd[26579]: src/device.c:btd_device_unref() 0x55555581a470: ref=0
bluetoothd[26579]: src/device.c:device_free() 0x55555581a470
Program received signal SIGSEGV, Segmentation fault.
gateway_close (device=0x555555820390) at audio/gateway.c:585
585 if (gw->rfcomm) {
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Any pending call to the agent needs to be cancelled in gateway_close(),
to make sure newconnection_reply() never gets called.
Otherwise, the audio gateway can be closed (dev->gateway == NULL) before
the reply from the agent has been received, resulting in the following
crash as reproduced while removing (unpairing) a device:
bluetoothd[2219]: src/mgmt.c:mgmt_unpair_device() index 0 addr 38:16:D1:C5:D1:A2
bluetoothd[2219]: audio/gateway.c:path_unregister() Unregistered interface org.bluez.HandsfreeGateway on path /org/bluez/2219/hci0/dev_38_16_D1_C5_D1_A2
bluetoothd[2219]: audio/media.c:gateway_state_changed()
bluetoothd[2219]: audio/media.c:gateway_state_changed() Clear endpoint 0x555555820640
bluetoothd[2219]: audio/source.c:path_unregister() Unregistered interface org.bluez.AudioSource on path /org/bluez/2219/hci0/dev_38_16_D1_C5_D1_A2
bluetoothd[2219]: src/device.c:btd_device_unref() 0x555555833e70: ref=1
bluetoothd[2219]: src/adapter.c:adapter_get_device() 38:16:D1:C5:D1:A2
bluetoothd[2219]: src/adapter.c:adapter_create_device() 38:16:D1:C5:D1:A2
bluetoothd[2219]: src/device.c:device_create() Creating device /org/bluez/2219/hci0/dev_38_16_D1_C5_D1_A2
bluetoothd[2219]: src/device.c:device_free() 0x55555581f9c0
bluetoothd[2219]: Unable to get btd_device object for 38:16:D1:C5:D1:A2
bluetoothd[2219]: src/device.c:btd_device_unref() 0x555555833e70: ref=0
bluetoothd[2219]: src/device.c:device_free() 0x555555833e70
bluetoothd[2219]: src/mgmt.c:mgmt_event() cond 1
bluetoothd[2219]: src/mgmt.c:mgmt_event() Received 16 bytes from management socket
bluetoothd[2219]: src/mgmt.c:mgmt_cmd_complete()
bluetoothd[2219]: src/mgmt.c:mgmt_cmd_complete() unpair_device complete
Program received signal SIGSEGV, Segmentation fault.
0x000055555556fa26 in newconnection_reply (call=<optimized out>, data=0x555555824dd0) at audio/gateway.c:285
285 if (!dev->gateway->rfcomm) {
Additionally, this patch makes it unnecessary to check if RFCOMM got
disconnected before newconnection_reply, since RFCOMM disconnection also
triggers gateway_close() and thus the agent's call will be cancelled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the audio-specific service authorization mechanism in favor of
using the conventional one.
The main difference is that audio profiles will be authorized
independently. Therefore a single connection might result in several
profile authorization requests to the agent (i.e. HFP, A2DP and AVRCP).
This removes any internal policy that would skip the authorization
procedure, making it simpler and more convenient for IVI use-cases.
Agents interested in simulating the old behavior are encouraged to
either set the device as trusted or just reply to the additional
authorization requests automatically without user intervention.
|
| |
|
|
|
|
| |
Return a request id in btd_request_authorization() in order to be used
when the request needs to be cancelled. This id alone will be enough to
use btd_cancel_authorization().
|
| | |
|
| |
|
|
|
|
|
| |
This fixes several limitations with the current design including not
being able to connect multiple devices at same time and not being able
to register players on the fly while a connection was already
established.
|
| |
|
|
|
| |
Once control channel is connected check if the device support browsing
channel and connect to it.
|
| |
|
|
| |
Implement generic handling of browsing PDU ids
|
| | |
|
| |
|
|
| |
Implements browsing channel creation and release.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The lookup table of handlers is not NULL terminated which in case of an
undefined id may lead to read invalid memory out of the table area.
To fix this the id 0x00 is now used as delimiter.
|
| |
|
|
|
| |
audio_remove calls get_audio_dev which may attempt to create the device
if it doesn't exist.
|
| |
|
|
|
| |
This is necessary for the external profile implementation (which will
have the same callback functions for all external profiles).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a2dp_sep_unlock may free the endpoint if it is not registered anymore
which leads to destroying all related transport causing the following:
Invalid read of size 1
at 0x4A09F09: memcpy@GLIBC_2.2.5 (mc_replace_strmem.c:836)
by 0x4F7C02D: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F7AAE5: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F7B10B: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F68DA0: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F66788: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F66B41: ??? (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x4F6D64E: dbus_message_new_signal (in /usr/lib64/libdbus-1.so.3.5.6)
by 0x180FC2: emit_property_changed (dbus-common.c:130)
by 0x13FD15: transport_set_state (transport.c:206)
by 0x140519: suspend_a2dp (transport.c:460)
by 0x122436: service_filter (watch.c:476)
Address 0x6546110 is 48 bytes inside a block of size 49 free'd
at 0x4A079AE: free (vg_replace_malloc.c:427)
by 0x4C8037E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x1409F9: media_transport_free (transport.c:1160)
by 0x12282F: remove_interface (object.c:553)
by 0x123699: g_dbus_unregister_interface (object.c:1231)
by 0x141547: media_transport_destroy (transport.c:228)
by 0x4C95ACC: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x4C95AEA: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.3200.4)
by 0x13E53D: media_endpoint_remove (media.c:162)
by 0x133F62: a2dp_unregister_sep (a2dp.c:1247)
by 0x1369D7: a2dp_sep_unlock (a2dp.c:1814)
by 0x1404D3: suspend_a2dp (transport.c:455)
|
| |
|
|
|
|
|
|
|
| |
This patch removes redundant references and function parameters for
DBusConnection object and uses btd_get_dbus_connection() call wherever
such object is needed instead.
Pointer returned by this call is guaranteed to be valid for entire
bluetoothd lifetime and thus do not need to be refcounted.
|
| |
|
|
|
|
|
|
|
| |
This patch removes redundant references and function parameters for
DBusConnection object and uses btd_get_dbus_connection() call wherever
such object is needed instead.
Pointer returned by this call is guaranteed to be valid for entire
bluetoothd lifetime and thus do not need to be refcounted.
|
| |
|
|
|
| |
Valid DBusConnection pointer is available static variable 'connection'
so it's it's redundant to pass it as function parameter.
|
| |
|
|
| |
If D-Bus error is set we should free it.
|
| |
|
|
|
|
|
|
|
|
|
| |
release_endpoint() cannot succeed unless all transports are released
first. For example a2dp_remove_sep() will ignore the call if the SEP is
locked, leading to an infinite loop in path_free(), which expects to
successfully release and remove the endpoint in each call to
release_endpoint().
This issue can easily be reproduced by shutting bluetoothd daemon
during A2DP streaming (tested in sink role).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Acquiring a transport is needed in two different situations: either
we are initiating the audio stream locally, or the remote side initiated
it and thus we are just reacting. In the second case, we would expect
the stream is already available, and otherwise the operation should
fail. This means the media API needs to be extended in order to make
this difference.
This issue is specially relevant in the case of SCO, because the current
approach is racy. With HFP, for example (say BlueZ has the HS role), the
following race condition could be met:
1. Phone has an incoming call and thus starts in-band ringing.
2. SCO connection is accepted and stablished by BlueZ.
3. Gateway interface state is changed to Playing.
4. Exactly afterwards, the user routes the audio to the phone, to have
a private conversation. So the SCO link is closed.
5. In parallel, PulseAudio sees the transition to Playing, and acquires
the transport.
6. BlueZ receives an Acquire() request, but SCO is down. So it tries to
reconnect the SCO link.
The last step is an undesired behavior (the audio is routed back to the
car). BlueZ should be smart enough to know that the SCO connection
shouldn't be reestablished, but this is only possible if the endpoint
provides additional information in the media API.
Note that the API change introduced by this patch is backward
compatible, meaning that older versions of BlueZ will just ignore the
flag. So clients are encouraged to use it without necessarily adding a
dependency to newer versions of BlueZ.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the remote end suspends the audio stream, release the transport
automatically without waiting until the clients call Release().
This affects the D-Bus API since clients will get an error when trying
to release the transport afterwards.
However, this should have no real impact, since most clients (i.e.
PulseAudio) would just log some error trace but otherwise ignore the
issue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the Media API to expose the transport state in D-Bus, as a
property of the transport. This way the clients do not have to find
out which is the corresponding profile-specific interface for the
transport.
Additionally, this state along with the automatic release of transports
will allow clients to avoid the "optional release" or "accept remote
release" race condition. For example, with HSP/HFP profiles, the problem
is the following:
1. User suspends SCO in the remote end.
2. BlueZ signals the Playing->Connected state change in D-Bus.
3. Exactly afterwards, the user resumes SCO in the remote end.
4. In parallel, PulseAudio sees the aforementioned transition to
Connected, and thus releases the transport.
5. BlueZ receives a Release() request while SCO is up. So the audio
stream will be suspended.
The last step is an undesired behavior since the user explicitly wanted
to route the audio stream through Bluetooth.
The issue is difficult to reproduce but it can easily be solved by
exposing the transport state in D-Bus.
|
| |
|
|
|
|
|
|
|
|
|
| |
Split the transport states (formerly in_use) into more specific states
where the stream state (playing or suspended) is explicitly represented,
along with the transitional states (locally initiated suspend and
resume).
TRANSPORT_STATE_ACTIVE is an exception since it also includes the state
where the transport is acquired, but the audio was later suspended (not
released yet though).
|
| |
|
|
|
| |
Install watches to keep track whether the audio is streaming or not.
This should be relevant if the transport needs to reflect this state.
|
| |
|
|
|
|
|
|
| |
Refactor the code to use a enum type to represent the transport state.
This should scale better when additional states need to be represented.
A helper function has been added to help track the mapping between the
enum type and the old in_use flag.
|
| |
|
|
| |
Expose the state of the gateway interface in the internal API.
|
| |
|
|
| |
Add this function to expose whether the local SEP is streaming or not.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the string representation of the accesstype with a conventional
binary representation. This makes the code simpler and more efficient.
This also fixes a minor bug in the Release() D-Bus method, where the
string comparison was used to see whether the owner should be removed. A
client acquiring with "rw" and releasing with "wr" would lead to the
inconsistent state of having a released transport with an owner with no
accesstype. Partial releases can also get affected by this bug since the
released character (partial accesstype) got replaced by a whitespace.
Additionally, this approach is more robust in case new flags are added
in the future.
|
| | |
|
| |
|
|
|
|
|
| |
Reply for control message with invalid (not registered for reception
of messages) PID should not have message information field present.
This was affecting AVCTP qualification test case TP/NFR/BI-01-C.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix following build errors on ARM.
CC audio/bluetoothd-avrcp.o
audio/avrcp.c: In function avrcp_handle_get_element_attributes:
audio/avrcp.c:667:25: error: cast increases required alignment of
target type [-Werror=cast-align]
audio/avrcp.c:690:20: error: cast increases required alignment of
target type [-Werror=cast-align]
cc1: all warnings being treated as errors
make[1]: *** [audio/bluetoothd-avrcp.o] Error 1
make: *** [all] Error 2
|
| |
|
|
|
| |
gateway_request_stream() should check if the call to get_records() has
succeeded, and fail otherwise.
|
| |
|
|
|
|
|
|
| |
If bt_search_service() fails the state should be left unchanged.
Otherwise the gateway state is set forever to GATEWAY_STATE_CONNECTING.
This issue can be easily reproduced if a connection attempt is done
very soon after startup.
|
| |
|
|
|
| |
gateway_config_stream() is now unnecessary after the removal of the unix
socket support in commit 1d9d0527cfb6d96a976ede56bd43a2bc16bb5f21.
|
| |
|
|
|
| |
Commit 813b674bce1aab009e7f2d14d1825f603330563d introduced this trivial
bug which causes the failure of the gateway profile probe.
|
| |
|
|
|
|
| |
This patch replaces NULL with dbus invalid arguments return if dbus
method call gets invalid arguments from the peer. This will avoid dbus
peer coommander's infinite wait.
|
| | |
|
