OSDN Git Service
Myles Watson [Fri, 15 Sep 2017 23:37:42 +0000 (23:37 +0000)]
GAP: Set service_id before calling gap_release_ccb
am:
f606990828 -s ours
Change-Id: I673dd88b298cb58b94bbd8326066af93e5a2e2f4
Myles Watson [Thu, 14 Sep 2017 21:13:44 +0000 (14:13 -0700)]
GAP: Set service_id before calling gap_release_ccb
Calling gap_release_ccb with a service_id == 0, which in turn
calls BTM_SecClrService with an ID of 0.
From the documentation for BTM_SecClrService:
Service ID - Id of the service to remove. '0' removes all
service records (except SDP).
Bug:
65695769,
65223508
Test: BLE connection and characteristic read
Change-Id: Icf309807f02e1faa273cf9bad9c09d9221a8bbfd
Merged-In: Icf309807f02e1faa273cf9bad9c09d9221a8bbfd
(cherry picked from commit
5c5c10683e2a11162838297fc8054b15837c4f32)
(cherry picked from commit
4023c6731d5e991c6202d4e499b9dd43d642fb3c)
Myles Watson [Fri, 15 Sep 2017 02:07:17 +0000 (02:07 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb" am:
57c849d1e5
am:
237c160b0f
Change-Id: I7be10eec1e5ab580dc0154b05bfac2f19c271d52
Myles Watson [Fri, 15 Sep 2017 01:31:08 +0000 (01:31 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb"
am:
57c849d1e5
Change-Id: I9f3a6f08ab43b124d947355e158ee437fdea3bd8
Jakub Pawlowski [Fri, 15 Sep 2017 00:02:07 +0000 (00:02 +0000)]
Fix included service parsing (1/3) am:
fae9b2fae0
am:
bd349a88b8
Change-Id: Ibff59691dedd9797a8ace2a9585a7a1f8a2a7e3e
Treehugger Robot [Thu, 14 Sep 2017 23:45:01 +0000 (23:45 +0000)]
Merge "GAP: Set service_id before calling gap_release_ccb"
Jeremy Klein [Thu, 14 Sep 2017 23:43:55 +0000 (23:43 +0000)]
Ensure that services are cleaned from the GattServer HandleMap. am:
eb215402e3
am:
04dd67f8e2
Change-Id: Ib881154009e22bd2e26806a3e4433401afc4d548
Jeremy Klein [Thu, 14 Sep 2017 23:38:53 +0000 (23:38 +0000)]
Ensure that services are cleaned from the GattServer HandleMap.
am:
eb215402e3
Change-Id: Ic509b64189fccf8c48afaf947d625a8998b389af
Jakub Pawlowski [Thu, 14 Sep 2017 23:36:09 +0000 (23:36 +0000)]
Fix included service parsing (1/3)
am:
fae9b2fae0
Change-Id: I0c331c732ad09f3cf06ecaefbc6c5255f82f5b35
Myles Watson [Thu, 14 Sep 2017 21:13:44 +0000 (14:13 -0700)]
GAP: Set service_id before calling gap_release_ccb
Calling gap_release_ccb with a service_id == 0, which in turn
calls BTM_SecClrService with an ID of 0.
From the documentation for BTM_SecClrService:
Service ID - Id of the service to remove. '0' removes all
service records (except SDP).
Test: BLE connection and characteristic read
Change-Id: Icf309807f02e1faa273cf9bad9c09d9221a8bbfd
Jeremy Klein [Fri, 8 Sep 2017 21:04:39 +0000 (14:04 -0700)]
Ensure that services are cleaned from the GattServer HandleMap.
The incorrect service handle was being plumbed up to onServiceDeleted.
This was causing stale entries to stick around forever in the HandleMap,
which could later cause failures to find callback references in
ContextMap if the connection ID changed for a given device.
Bug:
65463237
Test: unit tests modified and run
Change-Id: I2e22858b447f4e6b5a4fbceee4c406191c84a67d
(cherry picked from commit
e631789075f5625fd79c774678f4af0bf102c7d1)
Jakub Pawlowski [Thu, 14 Sep 2017 18:40:32 +0000 (11:40 -0700)]
Fix included service parsing (1/3)
Bug:
65637368
Test: sl4a GattIncludedServiceTest
Change-Id: Icb882d411a75a91e3fea050f00c40e76de3539de
Jakub Pawlowski [Wed, 13 Sep 2017 23:09:29 +0000 (23:09 +0000)]
Add Suspend/Resume for advertising am:
757e9b24ed
am:
577f0a8c9d
Change-Id: Id5af50fd5fdf9f3d019b60047f6607a1cfe684ac
Jakub Pawlowski [Wed, 13 Sep 2017 22:44:15 +0000 (22:44 +0000)]
Add Suspend/Resume for advertising
am:
757e9b24ed
Change-Id: I11faa51795bc58831781bb229d22b35717018d6c
Jakub Pawlowski [Mon, 28 Aug 2017 16:56:13 +0000 (09:56 -0700)]
Add Suspend/Resume for advertising
This is needed for resolving list handling.
Bug:
64846264
Test: updated unit tests
Change-Id: I3d9c7b90d3b69d459d33c4ca7a9849ca3a7abc40
Myles Watson [Tue, 12 Sep 2017 22:08:59 +0000 (22:08 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections" am:
e5ed4dcc90
am:
d1bed4781d
Change-Id: Id9f61a171f8095c43d0802a404c9133f7539a9b1
Myles Watson [Tue, 12 Sep 2017 22:01:28 +0000 (22:01 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections"
am:
e5ed4dcc90
Change-Id: I2f01c85dcb9af27ff13d6e129ceb64d62e06774e
Treehugger Robot [Tue, 12 Sep 2017 21:50:08 +0000 (21:50 +0000)]
Merge "btm: Clear LINK_KEY_KNOWN flag for temporary connections"
Pavlin Radoslavov [Tue, 12 Sep 2017 21:17:19 +0000 (21:17 +0000)]
Fix ASAN crash inside btif_av_event_deep_copy() am:
6d07e45b9a
am:
b4051180e9
Change-Id: I6733ac9351963ce46cb5cf1f2d2aea8b6e57b3c2
Pavlin Radoslavov [Tue, 12 Sep 2017 21:16:55 +0000 (21:16 +0000)]
Return the correct status when BTA_AV Open failed because of role switch am:
54bdc23b04
am:
d2e2f4a8c7
Change-Id: I118084987a3911b2d49af89beb1c6611931a6380
Pavlin Radoslavov [Tue, 12 Sep 2017 21:11:46 +0000 (21:11 +0000)]
Fix ASAN crash inside btif_av_event_deep_copy()
am:
6d07e45b9a
Change-Id: I67be39dfaa463b7d2ab8124001f8edb342a338e6
Pavlin Radoslavov [Tue, 12 Sep 2017 21:11:25 +0000 (21:11 +0000)]
Return the correct status when BTA_AV Open failed because of role switch
am:
54bdc23b04
Change-Id: I8ad18c4488fbe5c33aaea72b5b113270c974aef3
Myles Watson [Tue, 12 Sep 2017 15:23:23 +0000 (08:23 -0700)]
btm: Clear LINK_KEY_KNOWN flag for temporary connections
Bug:
62561154
Test: Smart Setup, erase target, Smart Setup
Change-Id: Icba672a38772dc99a74f351301c81d66f37ee929
Pavlin Radoslavov [Tue, 12 Sep 2017 19:08:49 +0000 (12:08 -0700)]
Fix ASAN crash inside btif_av_event_deep_copy()
Allocate sufficient data on the stack that can be safely copied inside
btif_av_event_deep_copy()
Bug:
65524264
Test: Run Bluetooth on ASAN enabled build
Change-Id: Ie6d4a28933302131c58eb4aee34161e435634377
Pavlin Radoslavov [Tue, 12 Sep 2017 18:51:21 +0000 (11:51 -0700)]
Return the correct status when BTA_AV Open failed because of role switch
Bug:
65588660
Test: Code compilation
Change-Id: I705ec28c76f2342e18bece193005c962b9febac8
Kim Low [Tue, 12 Sep 2017 19:07:02 +0000 (19:07 +0000)]
Fix MAC address byte ordering in the uniq field am:
7bc0edda0f
am:
ca395d2933
Change-Id: I8612b828de29fe173194d881a4da65c14ccb468e
Kim Low [Tue, 12 Sep 2017 19:03:32 +0000 (19:03 +0000)]
Fix MAC address byte ordering in the uniq field
am:
7bc0edda0f
Change-Id: I3696cff5ff5d233823c102024aa1ea34449008c3
Kim Low [Thu, 6 Apr 2017 01:01:34 +0000 (18:01 -0700)]
Fix MAC address byte ordering in the uniq field
The UNIQ field can be used in the driver to detect duplicate devices.
For example, if a controller is connected via both Bluetooth and USB,
the driver can use the UNIQ field, which typically contains the unique
MAC address to identify that it's the same device.
Test: Connect a Bluetooth device and check its MAC address using
ioctl(EVIOCGUNIQ) call.
Change-Id: I458608e845fcb24c0d615f6aef8d92ccb08d08ec
Myles Watson [Tue, 12 Sep 2017 16:06:20 +0000 (16:06 +0000)]
stack: Fix btm_send_link_key_notif comment am:
8c75f731fe
am:
20430874dc
Change-Id: If2dc23ac6d0c5e54ddf8c71be1fb287cc662792b
Myles Watson [Tue, 12 Sep 2017 16:03:49 +0000 (16:03 +0000)]
stack: Fix btm_send_link_key_notif comment
am:
8c75f731fe
Change-Id: I578ce4ed7eebb86daf7dc4b3e02a03507e3aae7c
Myles Watson [Tue, 12 Sep 2017 14:08:13 +0000 (07:08 -0700)]
stack: Fix btm_send_link_key_notif comment
Test: build
Change-Id: I212ac76af9fab7b11d02120cae5f6eeec14baf69
Jakub Pawlowski [Mon, 11 Sep 2017 21:20:50 +0000 (21:20 +0000)]
Fix alarms being posted on wrong thread am:
be8bbd7a83
am:
8a3813ef76
Change-Id: Ib01eb4efc468910dd464b23f4f4807ef919cd877
Jakub Pawlowski [Mon, 11 Sep 2017 21:03:00 +0000 (21:03 +0000)]
Fix alarms being posted on wrong thread
am:
be8bbd7a83
Change-Id: I6c5148be7a78329cd568f197a28c75c8093da804
Jakub Pawlowski [Fri, 8 Sep 2017 18:26:25 +0000 (11:26 -0700)]
Fix alarms being posted on wrong thread
Alarms from btu_bta_alarm_queue and btu_generic_alarm_queue should be
processed on the main MessageLoop thread.
Replaced obsoleted alarm_set_on_queue() alarm API with the new
alarm_set_on_mloop() API
Test: manual
Bug:
65078753
Change-Id: I54b472b39b44a6c541dbdcdad7414056d0dd4163
Chao Quan [Mon, 11 Sep 2017 17:21:11 +0000 (17:21 +0000)]
Fix crash during derigister GATT server am:
a5aca8f6de
am:
d368c67c7f
Change-Id: I7072861fb2f576791926cc869063bf5abc938558
Chao Quan [Mon, 11 Sep 2017 17:17:12 +0000 (17:17 +0000)]
Fix crash during derigister GATT server
am:
a5aca8f6de
Change-Id: I39ec65053a6883984c465032ea18ce567b6bfb5e
Chao Quan [Mon, 24 Jul 2017 11:46:53 +0000 (19:46 +0800)]
Fix crash during derigister GATT server
When deregister a gatt server, GATT_deregister
will use a loop to stop service one by one and
call std::list::erase in GATTS_StopService to
remove service info. But erase makes iterator lose
efficacy. If the iterator is operated after that,
Bluetooth will crash.
Add the iterator before erase.
Test: manual
Change-Id: I10f9351a95ab4922553d8a77663a0212407607aa
Jeremy Klein [Fri, 8 Sep 2017 23:42:23 +0000 (23:42 +0000)]
Ensure that services are cleaned from the GattServer HandleMap. am:
5b96667c28
am:
01e27b4e9e
Change-Id: If6fbec921afa4ca5b01e79a531b2cc940dc6b0e5
Jeremy Klein [Fri, 8 Sep 2017 23:40:22 +0000 (23:40 +0000)]
Ensure that services are cleaned from the GattServer HandleMap.
am:
5b96667c28
Change-Id: I55f103e1e0f6a9c91731c3f532160562750386c6
Jeremy Klein [Fri, 8 Sep 2017 21:04:39 +0000 (14:04 -0700)]
Ensure that services are cleaned from the GattServer HandleMap.
The incorrect service handle was being plumbed up to onServiceDeleted.
This was causing stale entries to stick around forever in the HandleMap,
which could later cause failures to find callback references in
ContextMap if the connection ID changed for a given device.
Bug:
65463237
Test: unit tests modified and run
Change-Id: I2e22858b447f4e6b5a4fbceee4c406191c84a67d
Pavlin Radoslavov [Fri, 8 Sep 2017 18:32:36 +0000 (18:32 +0000)]
Use strlcpy() instead of strncpy() to copy string property am:
c5c668a6d4
am:
f4b77907cb
Change-Id: Ib7074229fc603620f7e1f498398b5bfa4a669239
Pavlin Radoslavov [Fri, 8 Sep 2017 18:29:00 +0000 (18:29 +0000)]
Use strlcpy() instead of strncpy() to copy string property
am:
c5c668a6d4
Change-Id: I55e6a015219819338aabfbb9a18b459fbaaaa056
Pavlin Radoslavov [Thu, 7 Sep 2017 23:22:53 +0000 (16:22 -0700)]
Use strlcpy() instead of strncpy() to copy string property
Also, allocate property with extra space for the null-termination string.
Test: Unit tests passing
Change-Id: I67452cb640cda752c3094c2b1a47eaa13c24e5c6
Pavlin Radoslavov [Thu, 7 Sep 2017 22:42:07 +0000 (22:42 +0000)]
Read the Tx Power level when flushing the A2DP Tx queue am:
c7bf47cefc
am:
3c27ccb5c6
Change-Id: I9ebbc1c122572e7dd8bc7590c025be3bc2ca00c2
Pavlin Radoslavov [Thu, 7 Sep 2017 22:37:08 +0000 (22:37 +0000)]
Read the Tx Power level when flushing the A2DP Tx queue
am:
c7bf47cefc
Change-Id: I009f2e0f1d4d1857d12c3d01f817d83da977d526
Pavlin Radoslavov [Thu, 7 Sep 2017 22:27:07 +0000 (22:27 +0000)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism am:
b8568ae0e1
am:
4c6fffcf36
Change-Id: Ib9398d4e6a79e10e74689c869498f7a6e8f2ba23
Pavlin Radoslavov [Fri, 1 Sep 2017 23:40:59 +0000 (16:40 -0700)]
Read the Tx Power level when flushing the A2DP Tx queue
Also, minor renaming and cleanup (for consistency).
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Id722342b596e0bf3c9c7664272b6d3e311bb82e9
Pavlin Radoslavov [Thu, 7 Sep 2017 22:22:04 +0000 (22:22 +0000)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism
am:
b8568ae0e1
Change-Id: I064439a79ca43945da7e74885fb9e9b17da804cb
Pavlin Radoslavov [Fri, 1 Sep 2017 23:09:27 +0000 (16:09 -0700)]
Implement HCI_Read_Automatic_Flush_Timeout mechanism
Also, read the Automatic Flush Timeout when flushing the A2DP Tx queue
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: Ic49b5236328ddacde1d7f2aee131e35e317a14ef
Jakub Pawlowski [Thu, 7 Sep 2017 17:48:47 +0000 (17:48 +0000)]
Merge "Fix GATT log spam" am:
b94c72965a
am:
76aa7da52a
Change-Id: Ia7eea63c91720cc14928d63ab1fa1da140cdc780
Jakub Pawlowski [Thu, 7 Sep 2017 17:46:47 +0000 (17:46 +0000)]
Merge "Fix GATT log spam"
am:
b94c72965a
Change-Id: I74f3628362ae952348bddbb5b435671da4a00592
Jakub Pawlowski [Thu, 7 Sep 2017 17:39:09 +0000 (17:39 +0000)]
Merge "Fix GATT log spam"
Jaekyun Seok [Thu, 7 Sep 2017 02:12:36 +0000 (02:12 +0000)]
Add 'vendor.' prefix to a vendor HAL service name am:
b7fe6161ad
am:
f3268835aa
Change-Id: I8a0066cb5d61479dd65d2ad5277f4878c33e56d5
Jaekyun Seok [Thu, 7 Sep 2017 02:08:05 +0000 (02:08 +0000)]
Add 'vendor.' prefix to a vendor HAL service name
am:
b7fe6161ad
Change-Id: Id06569074e309f8977751cbe6bf135dc2e525402
Jaekyun Seok [Wed, 30 Aug 2017 02:17:08 +0000 (11:17 +0900)]
Add 'vendor.' prefix to a vendor HAL service name
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.
Test: succeeded building gce_x86_phone-userdebug and confirmed that
service names were renamed correctly.
Bug:
36796459
Change-Id: Iedcb3a01e00e80c58dc76653784a3c353f34ce0a
Michael Spang [Wed, 6 Sep 2017 20:01:09 +0000 (20:01 +0000)]
Fix stack-buffer-overflow in bluetooth service GATT client am:
998f78519d
am:
f81dc88d34
Change-Id: Ifc0d8fcfbdb25c7e2443a75f9b230ee71e53ddcc
Michael Spang [Wed, 6 Sep 2017 19:57:08 +0000 (19:57 +0000)]
Fix stack-buffer-overflow in bluetooth service GATT client
am:
998f78519d
Change-Id: I8077302700eea32cd1460870b870aa519699fcc1
Michael Spang [Wed, 6 Sep 2017 15:44:33 +0000 (11:44 -0400)]
Fix stack-buffer-overflow in bluetooth service GATT client
Use the tBTA_GATTC union for |notify| in bta_gattc_process_indicate() to
avoid a stack-buffer-overflow in btif_transfer_context.
==1410==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0077c8c0c066 at pc 0x0077e50c9ae0 bp 0x0077c8c0bcd0 sp 0x0077c8c0b460
READ of size 616 at 0x0077c8c0c066 thread T38 (btu message loo)
#0 0x77e50c9adf in __interceptor_memcpy external/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:701:5
#1 0x77ca1e838f in memcpy(void*, void const* pass_object_size0, unsigned long) bionic/libc/include/string.h:173:12
#2 0x77ca1e838f in btif_transfer_context(void (*)(unsigned short, char*), unsigned short, char*, int, void (*)(unsigned short, char*, char*)) system/bt/btif/src/btif_core.cc:208:0
#3 0x77ca209853 in (anonymous namespace)::bta_gattc_cback(unsigned char, tBTA_GATTC*) system/bt/btif/src/btif_gatt_client.cc:204:7
#4 0x77ca11455b in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1596:9
#5 0x77ca40b4b7 in gatt_process_notification(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:664:7
#6 0x77ca40d78f in gatt_client_handle_server_rsp(tGATT_TCB&, unsigned char, unsigned short, unsigned char*) system/bt/stack/gatt/gatt_cl.cc:1119:9
#7 0x77ca414447 in gatt_le_data_ind(unsigned short, unsigned char*, BT_HDR*) system/bt/stack/gatt/gatt_main.cc:576:7
#8 0x77ca47665b in l2c_rcv_acl_data(BT_HDR*) system/bt/stack/l2cap/l2c_main.cc:211:9
#9 0x77c9da50eb in base::Callback<void (), (base::internal::CopyMode)1>::Run() const external/libchrome/base/callback.h:389:12
#10 0x77c9da50eb in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) external/libchrome/base/debug/task_annotator.cc:51:0
#11 0x77c9df75e3 in base::MessageLoop::RunTask(base::PendingTask const&) external/libchrome/base/message_loop/message_loop.cc:494:19
#12 0x77c9df80b7 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) external/libchrome/base/message_loop/message_loop.cc:503:5
#13 0x77c9df8fb7 in base::MessageLoop::DoWork() external/libchrome/base/message_loop/message_loop.cc:627:13
#14 0x77c9dfd33b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) external/libchrome/base/message_loop/message_pump_default.cc:35:31
#15 0x77c9e4e327 in base::RunLoop::Run() external/libchrome/base/run_loop.cc:35:10
#16 0x77ca3e97ab in btu_message_loop_run(void*) system/bt/stack/btu/btu_task.cc:98:14
#17 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#18 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#19 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#20 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#21 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#22 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 2 lines
Address 0x0077c8c0c066 is located in stack of thread T38 (btu message loo)
at offset 646 in frame
#0 0x77ca114293 in bta_gattc_process_indicate(unsigned short, unsigned char, tGATT_CL_COMPLETE*) system/bt/bta/gatt/bta_gattc_act.cc:1538:0
002(bluetooth) btu message loo identical 1 line
This frame has 4 object(s):
[32, 646) 'notify' (line 1543)
[784, 790) 'remote_bda' (line 1544) <== Memory access at offset 646 partially underflows this variable
[816, 817) 'gatt_if' (line 1545) <== Memory access at offset 646 partially underflows this variable
[832, 833) 'transport' (line 1546) <== Memory access at offset 646 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Thread T38 (btu message loo) created by T37 (bt_workqueue) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e9a73 in btu_task_start_up(void*) system/bt/stack/btu/btu_task.cc:127:26
#3 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#4 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#5 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#6 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#7 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#8 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T37 (bt_workqueue) created by T20 (stack_manager) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca3e936f in BTU_StartUp() system/bt/stack/btu/btu_init.cc:129:25
#3 0x77ca2a513b in event_start_up_stack(void*) system/bt/btif/src/stack_manager.cc:146:3
#4 0x77ca52ad3b in work_queue_read_cb(void*) system/bt/osi/src/thread.cc:251:3
#5 0x77ca52489b in run_reactor(reactor_t*, int) system/bt/osi/src/reactor.cc:282:11
#6 0x77ca524413 in reactor_start(reactor_t*) system/bt/osi/src/reactor.cc:125:10
#7 0x77ca529c6f in run_thread(void*) system/bt/osi/src/thread.cc:221:3
#8 0x77eb40a31b in __pthread_start(void*) bionic/libc/bionic/pthread_create.cpp:214:18
#9 0x77eb3c1dff in __start_thread bionic/libc/bionic/clone.cpp:47:16
002(bluetooth) btu message loo identical 1 line
Thread T20 (stack_manager) created by T0 (droid.bluetooth) here:
#0 0x77e50fd46f in __interceptor_pthread_create _asan_rtl_:3
#1 0x77ca529727 in thread_new_sized(char const*, unsigned long) system/bt/osi/src/thread.cc:87:3
#2 0x77ca2a4e7f in ensure_manager_initialized() system/bt/btif/src/stack_manager.cc:238:23
#3 0x77ca2a4e7f in stack_manager_get_interface() system/bt/btif/src/stack_manager.cc:251:0
#4 0x77ca1b7927 in init(bt_callbacks_t*) system/bt/btif/src/bluetooth.cc:144:3
#5 0x77ca9899fb in android::initNative(_JNIEnv*, _jobject*) packages/apps/Bluetooth/jni/com_android_bluetooth_btservice_AdapterService.cpp:663:13
#6 0x77e1c87703 in art_quick_generic_jni_trampoline /proc/self/cwd/art/runtime/arch/arm64/quick_entrypoints_arm64.S:2329:0
#6 0x37ab0579318381f (<unknown module>)
002(bluetooth) btu message loo identical 1 line
SUMMARY: AddressSanitizer: stack-buffer-overflow (/system/lib64/libclang_rt.asan-aarch64-android.so+0x31adf)
Shadow bytes around the buggy address:
0x001ef91817b0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x001ef91817c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef91817f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x001ef9181800: 00 00 00 00 00 00 00 00 00 00 00 00[06]f2 f2 f2
0x001ef9181810: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 06 f2
0x001ef9181820: f2 f2 01 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00
0x001ef9181830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181840: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
0x001ef9181850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1410==ABORTING
Bug:
65381426
Change-Id: Ie632f131b622cc323ce68ec7be152caef23c95ec
Sagayajayasheelan Thomas [Wed, 6 Sep 2017 17:12:28 +0000 (17:12 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG " am:
62721a272c
am:
bc9d6f4037
Change-Id: Ibea71d4cdbcc902e580468271a4bed3e01f9097d
Sagayajayasheelan Thomas [Wed, 6 Sep 2017 17:08:34 +0000 (17:08 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG "
am:
62721a272c
Change-Id: I8df6de2371754efa7a76f1aea7f072702257ba9c
Treehugger Robot [Wed, 6 Sep 2017 17:03:37 +0000 (17:03 +0000)]
Merge "Extended Scan HCI definations as per BT 5.0 SIG "
Pavlin Radoslavov [Wed, 6 Sep 2017 16:38:24 +0000 (16:38 +0000)]
Store a name string in property without violating string boundaries am:
2a874660a9
am:
bdcef2728a
Change-Id: I7c2ea50ceeb1a2f93a488240d6d1ca0c7fc65a1d
Pavlin Radoslavov [Wed, 6 Sep 2017 16:35:55 +0000 (16:35 +0000)]
Store a name string in property without violating string boundaries
am:
2a874660a9
Change-Id: I4c96e2ac0135c50ef633e86ad93b867de76c753d
Jakub Pawlowski [Wed, 6 Sep 2017 15:41:46 +0000 (08:41 -0700)]
Fix GATT log spam
Bug:
65255942
Test: manual
Change-Id: I212bc93149dc514517f409edc36f74e1c2895d96
Pavlin Radoslavov [Sun, 19 Mar 2017 02:35:06 +0000 (19:35 -0700)]
Store a name string in property without violating string boundaries
Don't copy data beyond end of string when storing it as BT_PROPERTY_BDNAME
in property.
Also, update an unit test to create a string by considering the property
name length.
Test: Running unit tests with ASAN enabled
Change-Id: Iaa586b4a0942f99ba469d1ed963729e7ad721503
Sagayajayasheelan Thomas [Mon, 17 Jul 2017 09:50:01 +0000 (15:20 +0530)]
Extended Scan HCI definations as per BT 5.0 SIG
Added Ext Scan HCI defination for periodic scan.
Change-Id: Ic7dce5fb5207a22e4b193d84033d84126d780be5
Signed-off-by: Sagayajayasheelan Thomas <sagayajayasheelan.thomas@intel.com>
Srinu Jella [Wed, 6 Sep 2017 02:39:31 +0000 (02:39 +0000)]
Clear IB_CFG_DONE on receiving peer config request when channel open am:
7f1ee9db2d
am:
2df2ab2e8f
Change-Id: I5cf18a29258c666ef169c42df88f872df58d3943
Srinu Jella [Wed, 6 Sep 2017 02:37:59 +0000 (02:37 +0000)]
Clear IB_CFG_DONE on receiving peer config request when channel open
am:
7f1ee9db2d
Change-Id: Ic96d305927361e75bf328eeeaff9d91d96ea9916
Srinu Jella [Thu, 17 Nov 2016 09:32:20 +0000 (15:02 +0530)]
Clear IB_CFG_DONE on receiving peer config request when channel open
Root Cause: Configure request fails in CST_OPEN state
after a configure request IB_CFG_DONE and OB_CFG_DONE both are
cleared. Some IOT devices try to configure again in the CST_OPEN
state which fails if OB_CFG_DONE is cleared.
Fix: Clear IB_CFG_DONE and keep OB_CFG_DONE unchanged on receiving
Peer config request when channel open.
Test: Tested with Geely Carkit.
Bug:
35082459
Change-Id: I8deca0c8ff73faafc3da94dcd9ea55e06bd8a31d
Martin Brabham [Tue, 5 Sep 2017 23:21:37 +0000 (23:21 +0000)]
Avoid lookup on NULL address am:
24e9be4451
am:
024ad0e303
Change-Id: Ic4a984113d020a97878ee18d2d80749395759a15
Martin Brabham [Tue, 5 Sep 2017 23:18:07 +0000 (23:18 +0000)]
Avoid lookup on NULL address
am:
24e9be4451
Change-Id: Id4ea4378f8ff970fc453223683e688e7e4039de3
Martin Brabham [Wed, 3 May 2017 23:05:47 +0000 (16:05 -0700)]
Avoid lookup on NULL address
Test: Manually watch some debug logs during pairing and auth processes
Change-Id: I6410b8bc00587196392ae787a6aa1d85c0c71967
Pavlin Radoslavov [Fri, 1 Sep 2017 22:19:25 +0000 (22:19 +0000)]
Implement HCI_Read_Failed_Contact_Counter mechanism am:
6ab749f3cf
am:
18c3b9d1da
Change-Id: I0c54c887720a4287ad790175576c88687b6b138a
Pavlin Radoslavov [Fri, 1 Sep 2017 22:14:25 +0000 (22:14 +0000)]
Implement HCI_Read_Failed_Contact_Counter mechanism
am:
6ab749f3cf
Change-Id: Iad9cbb043f886c3d75462f4b7f28d031a56e7cc5
Pavlin Radoslavov [Fri, 1 Sep 2017 05:06:11 +0000 (22:06 -0700)]
Implement HCI_Read_Failed_Contact_Counter mechanism
Also, read the Failed Contact Counter when flushing the A2DP Tx queue
Test: Streaming A2DP headset and trigger audio stutter
Bug:
64038257
Change-Id: I8ff72560e3840c5c22cfac9613c4be670b8a4cf1
Pavlin Radoslavov [Thu, 31 Aug 2017 18:58:48 +0000 (18:58 +0000)]
Add / update log messages during stack startup / shutdown am:
303ff4cee3
am:
88ca8a325e
Change-Id: If580a807b71c6617374a6a0dbba7c112f51259d2
Pavlin Radoslavov [Thu, 31 Aug 2017 18:55:10 +0000 (18:55 +0000)]
Add / update log messages during stack startup / shutdown
am:
303ff4cee3
Change-Id: I7aadb8a0dfeb19fbc133566386aa6d4275871721
Pavlin Radoslavov [Tue, 29 Aug 2017 17:00:21 +0000 (10:00 -0700)]
Add / update log messages during stack startup / shutdown
Test: manual
Bug:
64975965
Change-Id: I22ae7cad3b0ef3b7eb7ea2b7b6f93449a6363070
Jack He [Thu, 31 Aug 2017 04:57:48 +0000 (04:57 +0000)]
Merge "BTIF: Add meaningful logging to btif_profile_queue" am:
812f2f5d85
am:
9437215f26
Change-Id: Ic574e16ae61a2f47a8a44180d742109676deaa09
Pavlin Radoslavov [Thu, 31 Aug 2017 04:57:22 +0000 (04:57 +0000)]
Merge "Limit the maximum number of entries in the remote bdaddr cache to 1024" am:
e5c35d0380
am:
64a7370e43
Change-Id: I7b6d527914b2456d037868473eaee729914a09c6
Jack He [Thu, 31 Aug 2017 04:56:55 +0000 (04:56 +0000)]
RFCOMM: Add more logging during port close am:
074867d4c7
am:
419d9d7534
Change-Id: I799420d83623b126efee18b236d0a1841037a20a
Jack He [Thu, 31 Aug 2017 03:43:39 +0000 (03:43 +0000)]
Merge "BTIF: Add meaningful logging to btif_profile_queue"
am:
812f2f5d85
Change-Id: Id4dddfe628c434d52a7dd14dd8cc1104c4f7cb4c
Treehugger Robot [Thu, 31 Aug 2017 03:25:30 +0000 (03:25 +0000)]
Merge "BTIF: Add meaningful logging to btif_profile_queue"
Pavlin Radoslavov [Thu, 31 Aug 2017 02:17:33 +0000 (02:17 +0000)]
Merge "Limit the maximum number of entries in the remote bdaddr cache to 1024"
am:
e5c35d0380
Change-Id: I34596127aa46c2e553f9f238cab7c0be378bf51c
Jack He [Thu, 31 Aug 2017 02:11:31 +0000 (02:11 +0000)]
RFCOMM: Add more logging during port close
am:
074867d4c7
Change-Id: I5e115a0ff5dfcfda72810b148c4eca56a06f152c
Treehugger Robot [Thu, 31 Aug 2017 02:09:22 +0000 (02:09 +0000)]
Merge "Limit the maximum number of entries in the remote bdaddr cache to 1024"
Pavlin Radoslavov [Tue, 29 Aug 2017 00:42:46 +0000 (17:42 -0700)]
Limit the maximum number of entries in the remote bdaddr cache to 1024
Also, renamed p_dev_cb to remote_bdaddr_cache.
Bug:
64975965
Test: BLE scanning
Change-Id: I518390c53c5ff2a24ac9f010464225d763b33228
Jack He [Wed, 30 Aug 2017 19:00:41 +0000 (12:00 -0700)]
RFCOMM: Add more logging during port close
* Log MAC address and UUIDs of closed connections
* Log reasons for RFCOMM closure when generic CLOSE is used
as reason
Bug:
65080465
Test: Use profiles that use RFCOMM
Change-Id: Iff9f7537989e51d7b98f7cf1241db3f196f501d7
Jack He [Wed, 30 Aug 2017 18:13:08 +0000 (11:13 -0700)]
BTIF: Add meaningful logging to btif_profile_queue
* Add INFO logging to add/advance/execute functions in
btif_profile_queue
* Add ERROR logging to add failures
Bug:
65051171
Test: Try connection to multiple profiles
Change-Id: I058ad06a45eeceb4d160af472f317d08843ca6bf
Pavlin Radoslavov [Wed, 30 Aug 2017 20:09:19 +0000 (20:09 +0000)]
Inline comparison operators for RawAddress am:
c705670fbe
am:
386ae8722e
Change-Id: Ib42e86c346a868e842b68e18c3c2729a384e336c
Pavlin Radoslavov [Wed, 30 Aug 2017 20:04:23 +0000 (20:04 +0000)]
Inline comparison operators for RawAddress
am:
c705670fbe
Change-Id: I32c31c8fe567ec898ef6cf8c6faf341dfb7568a3
Pavlin Radoslavov [Wed, 30 Aug 2017 18:02:27 +0000 (11:02 -0700)]
Inline comparison operators for RawAddress
Test: Code compilation
Bug:
64975965
Change-Id: I5a7ab7e0cd270c2769a3a471a506fc78a0a94533
Pavlin Radoslavov [Wed, 30 Aug 2017 07:10:22 +0000 (07:10 +0000)]
Add missing comparison operators for RawAddress am:
b3e7d947a1
am:
9d7e1679e1
Change-Id: Iaf84c809484668c5de48589e5e7b519d193e8106
Pavlin Radoslavov [Wed, 30 Aug 2017 07:03:21 +0000 (07:03 +0000)]
Add missing comparison operators for RawAddress
am:
b3e7d947a1
Change-Id: Id3febe2c7ed99300e970862630d5b2d748e91065
Pavlin Radoslavov [Tue, 29 Aug 2017 22:02:44 +0000 (15:02 -0700)]
Add missing comparison operators for RawAddress
Test: Unit tests added
Bug:
64975965
Change-Id: Id27f1ef7ec99f0761d6e2fb40bf38212ab8312a1
Myles Watson [Fri, 25 Aug 2017 18:44:55 +0000 (18:44 +0000)]
btm: Finish renaming SMP_AUTH_<GEN_>BOND am:
b66829ab8b
am:
c99024e9b9
Change-Id: Iaa77b6236635bdb830efa2edcc17b3daee04b408
Myles Watson [Fri, 25 Aug 2017 18:28:50 +0000 (18:28 +0000)]
btm: Finish renaming SMP_AUTH_<GEN_>BOND
am:
b66829ab8b
Change-Id: I8295db3c0cc558abfa322889be58747b04ea7401
Myles Watson [Thu, 4 May 2017 18:13:10 +0000 (11:13 -0700)]
btm: Finish renaming SMP_AUTH_<GEN_>BOND
Test: build, grep for SMP_AUTH_GEN_BOND
Change-Id: Ic9e1950282a60e1d644d79291d9c0822ac6c973e
Jakub Pawlowski [Tue, 22 Aug 2017 21:09:34 +0000 (21:09 +0000)]
Fix crashes in btm_consolidate_dev am:
bd8ed367d3 am:
94357d4888
am:
7c962872ca
Change-Id: Ifdc1192dc410c1360118cbc5b1f304793aa8a80b
Jakub Pawlowski [Tue, 22 Aug 2017 21:03:49 +0000 (21:03 +0000)]
Fix crashes in btm_consolidate_dev am:
bd8ed367d3
am:
94357d4888
Change-Id: Ie6f8837f84571cf9bcdbb25ce2df35a47df73828
OSDN Git Service
