1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
|
From 7fe38a17f6bee713fde587487fc224b0ae390e8f Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Mon, 10 Jan 2022 17:35:15 -0800
Subject: [PATCH 1/2] hog: Fix read order of attributes
The Report Map must be read after all other attributes otherwise the
Kernel driver may start using UHID_SET_REPORT which requires the
report->id to be known in order to resolve the attribute to send to.
Fixes: https://github.com/bluez/bluez/issues/220
---
profiles/input/hog-lib.c | 191 ++++++++++++++++++++++++---------------
1 file changed, 119 insertions(+), 72 deletions(-)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index d37caa1f1..beb19af70 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -90,6 +90,7 @@ struct bt_hog {
uint16_t getrep_id;
unsigned int setrep_att;
uint16_t setrep_id;
+ unsigned int report_map_id;
struct bt_scpp *scpp;
struct bt_dis *dis;
struct queue *bas;
@@ -146,13 +147,34 @@ static bool set_and_store_gatt_req(struct bt_hog *hog,
return queue_push_head(hog->gatt_op, req);
}
-static void destroy_gatt_req(struct gatt_request *req)
+static void destroy_gatt_req(void *data)
{
- queue_remove(req->hog->gatt_op, req);
+ struct gatt_request *req = data;
+
bt_hog_unref(req->hog);
free(req);
}
+static void read_report_map(struct bt_hog *hog);
+
+static void remove_gatt_req(struct gatt_request *req, uint8_t status)
+{
+ struct bt_hog *hog = req->hog;
+
+ queue_remove(hog->gatt_op, req);
+
+ if (!status && queue_isempty(hog->gatt_op)) {
+ /* Report Map must be read last since that can result
+ * in uhid being created and the driver may start to
+ * use UHID_SET_REPORT which requires the report->id to
+ * be known what attribute to send to.
+ */
+ read_report_map(hog);
+ }
+
+ destroy_gatt_req(req);
+}
+
static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
const uint8_t *value, size_t vlen,
GAttribResultFunc func,
@@ -178,27 +200,31 @@ static void write_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
}
}
-static void read_char(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
- GAttribResultFunc func, gpointer user_data)
+static unsigned int read_char(struct bt_hog *hog, GAttrib *attrib,
+ uint16_t handle, GAttribResultFunc func,
+ gpointer user_data)
{
struct gatt_request *req;
unsigned int id;
req = create_request(hog, user_data);
if (!req)
- return;
+ return 0;
id = gatt_read_char(attrib, handle, func, req);
if (!id) {
error("hog: Could not read char");
- return;
+ return 0;
}
if (!set_and_store_gatt_req(hog, req, id)) {
error("hog: Failed to queue read char req");
g_attrib_cancel(attrib, id);
free(req);
+ return 0;
}
+
+ return id;
}
static void discover_desc(struct bt_hog *hog, GAttrib *attrib,
@@ -343,16 +369,14 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu,
struct report *report = req->user_data;
struct bt_hog *hog = report->hog;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Write report characteristic descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (report->notifyid)
- return;
+ goto remove;
report->notifyid = g_attrib_register(hog->attrib,
ATT_OP_HANDLE_NOTIFY,
@@ -360,6 +384,9 @@ static void report_ccc_written_cb(guint8 status, const guint8 *pdu,
report_value_cb, report, NULL);
DBG("Report characteristic descriptor written: notifications enabled");
+
+remove:
+ remove_gatt_req(req, status);
}
static void write_ccc(struct bt_hog *hog, GAttrib *attrib, uint16_t handle,
@@ -379,14 +406,15 @@ static void ccc_read_cb(guint8 status, const guint8 *pdu, guint16 len,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Error reading CCC value: %s", att_ecode2str(status));
- return;
+ goto remove;
}
write_ccc(report->hog, report->hog->attrib, report->ccc_handle, report);
+
+remove:
+ remove_gatt_req(req, status);
}
static const char *type_to_string(uint8_t type)
@@ -409,17 +437,15 @@ static void report_reference_cb(guint8 status, const guint8 *pdu,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Read Report Reference descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (plen != 3) {
error("Malformed ATT read response");
- return;
+ goto remove;
}
report->id = pdu[1];
@@ -432,6 +458,9 @@ static void report_reference_cb(guint8 status, const guint8 *pdu,
if (report->type == HOG_REPORT_TYPE_INPUT)
read_char(report->hog, report->hog->attrib, report->ccc_handle,
ccc_read_cb, report);
+
+remove:
+ remove_gatt_req(req, status);
}
static void external_report_reference_cb(guint8 status, const guint8 *pdu,
@@ -442,12 +471,10 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data)
struct gatt_request *req = user_data;
struct bt_hog *hog = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Discover external descriptors failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
for ( ; descs; descs = descs->next) {
@@ -457,6 +484,9 @@ static void discover_external_cb(uint8_t status, GSList *descs, void *user_data)
external_report_reference_cb,
hog);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void discover_external(struct bt_hog *hog, GAttrib *attrib,
@@ -480,12 +510,10 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data)
struct report *report = req->user_data;
struct bt_hog *hog = report->hog;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Discover report descriptors failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
for ( ; descs; descs = descs->next) {
@@ -501,6 +529,9 @@ static void discover_report_cb(uint8_t status, GSList *descs, void *user_data)
break;
}
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void discover_report(struct bt_hog *hog, GAttrib *attrib,
@@ -519,11 +550,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len,
struct gatt_request *req = user_data;
struct report *report = req->user_data;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Error reading Report value: %s", att_ecode2str(status));
- return;
+ goto remove;
}
if (report->value)
@@ -531,6 +560,9 @@ static void report_read_cb(guint8 status, const guint8 *pdu, guint16 len,
report->value = g_memdup2(pdu, len);
report->len = len;
+
+remove:
+ remove_gatt_req(req, status);
}
static int report_chrc_cmp(const void *data, const void *user_data)
@@ -572,12 +604,11 @@ static void external_service_char_cb(uint8_t status, GSList *chars,
struct report *report;
GSList *l;
- destroy_gatt_req(req);
-
if (status != 0) {
const char *str = att_ecode2str(status);
+
DBG("Discover external service characteristic failed: %s", str);
- return;
+ goto remove;
}
for (l = chars; l; l = g_slist_next(l)) {
@@ -595,6 +626,9 @@ static void external_service_char_cb(uint8_t status, GSList *chars,
end = (next ? next->handle - 1 : primary->range.end);
discover_report(hog, hog->attrib, start, end, report);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void external_report_reference_cb(guint8 status, const guint8 *pdu,
@@ -605,17 +639,15 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu,
uint16_t uuid16;
bt_uuid_t uuid;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Read External Report Reference descriptor failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
if (plen != 3) {
error("Malformed ATT read response");
- return;
+ goto remove;
}
uuid16 = get_le16(&pdu[1]);
@@ -624,11 +656,14 @@ static void external_report_reference_cb(guint8 status, const guint8 *pdu,
/* Do not discover if is not a Report */
if (uuid16 != HOG_REPORT_UUID)
- return;
+ goto remove;
bt_uuid16_create(&uuid, uuid16);
discover_char(hog, hog->attrib, 0x0001, 0xffff, &uuid,
external_service_char_cb, hog);
+
+remove:
+ remove_gatt_req(req, status);
}
static int report_cmp(gconstpointer a, gconstpointer b)
@@ -687,12 +722,10 @@ static void output_written_cb(guint8 status, const guint8 *pdu,
{
struct gatt_request *req = user_data;
- destroy_gatt_req(req);
-
- if (status != 0) {
+ if (status != 0)
error("Write output report failed: %s", att_ecode2str(status));
- return;
- }
+
+ remove_gatt_req(req, status);
}
static void forward_report(struct uhid_event *ev, void *user_data)
@@ -1056,7 +1089,7 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value[HOG_REPORT_MAP_MAX_SIZE];
ssize_t vlen;
- destroy_gatt_req(req);
+ remove_gatt_req(req, status);
DBG("HoG inspecting report map");
@@ -1081,6 +1114,19 @@ static void report_map_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
}
}
+static void read_report_map(struct bt_hog *hog)
+{
+ uint16_t handle;
+
+ if (!hog->report_map_attr || hog->uhid_created || hog->report_map_id)
+ return;
+
+ handle = gatt_db_attribute_get_handle(hog->report_map_attr);
+
+ hog->report_map_id = read_char(hog, hog->attrib, handle,
+ report_map_read_cb, hog);
+}
+
static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
gpointer user_data)
{
@@ -1089,18 +1135,16 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value[HID_INFO_SIZE];
ssize_t vlen;
- destroy_gatt_req(req);
-
if (status != 0) {
error("HID Information read failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
vlen = dec_read_resp(pdu, plen, value, sizeof(value));
if (vlen != 4) {
error("ATT protocol error");
- return;
+ goto remove;
}
hog->bcdhid = get_le16(&value[0]);
@@ -1109,6 +1153,9 @@ static void info_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
DBG("bcdHID: 0x%04X bCountryCode: 0x%02X Flags: 0x%02X",
hog->bcdhid, hog->bcountrycode, hog->flags);
+
+remove:
+ remove_gatt_req(req, status);
}
static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
@@ -1119,18 +1166,16 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
uint8_t value;
ssize_t vlen;
- destroy_gatt_req(req);
-
if (status != 0) {
error("Protocol Mode characteristic read failed: %s",
att_ecode2str(status));
- return;
+ goto remove;
}
vlen = dec_read_resp(pdu, plen, &value, sizeof(value));
if (vlen < 0) {
error("ATT protocol error");
- return;
+ goto remove;
}
if (value == HOG_PROTO_MODE_BOOT) {
@@ -1142,6 +1187,9 @@ static void proto_mode_read_cb(guint8 status, const guint8 *pdu, guint16 plen,
sizeof(nval), NULL, NULL);
} else if (value == HOG_PROTO_MODE_REPORT)
DBG("HoG is operating in Report Protocol Mode");
+
+remove:
+ remove_gatt_req(req, status);
}
static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
@@ -1155,14 +1203,12 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
GSList *l;
uint16_t info_handle = 0, proto_mode_handle = 0;
- destroy_gatt_req(req);
-
DBG("HoG inspecting characteristics");
if (status != 0) {
- const char *str = att_ecode2str(status);
- DBG("Discover all characteristics failed: %s", str);
- return;
+ DBG("Discover all characteristics failed: %s",
+ att_ecode2str(status));
+ goto remove;
}
bt_uuid16_create(&report_uuid, HOG_REPORT_UUID);
@@ -1211,6 +1257,9 @@ static void char_discovered_cb(uint8_t status, GSList *chars, void *user_data)
if (info_handle)
read_char(hog, hog->attrib, info_handle, info_read_cb, hog);
+
+remove:
+ remove_gatt_req(req, status);
}
static void report_free(void *data)
@@ -1221,10 +1270,12 @@ static void report_free(void *data)
g_free(report);
}
-static void cancel_gatt_req(struct gatt_request *req)
+static bool cancel_gatt_req(const void *data, const void *user_data)
{
- if (g_attrib_cancel(req->hog->attrib, req->id))
- destroy_gatt_req(req);
+ struct gatt_request *req = (void *) data;
+ const struct bt_hog *hog = user_data;
+
+ return g_attrib_cancel(hog->attrib, req->id);
}
static void hog_free(void *data)
@@ -1386,13 +1437,9 @@ static void foreach_hog_chrc(struct gatt_db_attribute *attr, void *user_data)
* UHID to optimize reconnection.
*/
uhid_create(hog, report_map.value, report_map.length);
- } else {
- read_char(hog, hog->attrib, value_handle,
- report_map_read_cb, hog);
}
gatt_db_service_foreach_desc(attr, foreach_hog_external, hog);
- return;
}
bt_uuid16_create(&info_uuid, HOG_INFO_UUID);
@@ -1552,12 +1599,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data)
DBG("");
- destroy_gatt_req(req);
-
if (status) {
- const char *str = att_ecode2str(status);
- DBG("Find included failed: %s", str);
- return;
+ DBG("Find included failed: %s", att_ecode2str(status));
+ goto remove;
}
for (l = services; l; l = l->next) {
@@ -1566,6 +1610,9 @@ static void find_included_cb(uint8_t status, GSList *services, void *user_data)
DBG("included: handle %x, uuid %s",
include->handle, include->uuid);
}
+
+remove:
+ remove_gatt_req(req, status);
}
static void hog_attach_scpp(struct bt_hog *hog, struct gatt_primary *primary)
@@ -1640,17 +1687,14 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data)
DBG("");
- destroy_gatt_req(req);
-
if (status) {
- const char *str = att_ecode2str(status);
- DBG("Discover primary failed: %s", str);
- return;
+ DBG("Discover primary failed: %s", att_ecode2str(status));
+ goto remove;
}
if (!services) {
DBG("No primary service found");
- return;
+ goto remove;
}
for (l = services; l; l = l->next) {
@@ -1674,6 +1718,9 @@ static void primary_cb(uint8_t status, GSList *services, void *user_data)
if (strcmp(primary->uuid, HOG_UUID) == 0)
hog_attach_hog(hog, primary);
}
+
+remove:
+ remove_gatt_req(req, status);
}
bool bt_hog_attach(struct bt_hog *hog, void *gatt)
@@ -1790,7 +1837,7 @@ void bt_hog_detach(struct bt_hog *hog)
if (hog->dis)
bt_dis_detach(hog->dis);
- queue_foreach(hog->gatt_op, (void *) cancel_gatt_req, NULL);
+ queue_remove_all(hog->gatt_op, cancel_gatt_req, hog, destroy_gatt_req);
g_attrib_unref(hog->attrib);
hog->attrib = NULL;
uhid_destroy(hog);
--
2.34.1
|
GitWeb