Message ID | 20241101083119.4510-2-iulia.tanasescu@nxp.com |
---|---|
State | Superseded |
Headers | show |
Series | iso-tester: Add tests for Broadcast Receiver sync to 2 BIGs | expand |
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=905307 ---Test result--- Test Summary: CheckPatch PASS 2.53 seconds GitLint PASS 1.54 seconds BuildEll PASS 24.65 seconds BluezMake PASS 1642.75 seconds MakeCheck PASS 12.83 seconds MakeDistcheck PASS 181.67 seconds CheckValgrind PASS 255.09 seconds CheckSmatch WARNING 362.57 seconds bluezmakeextell PASS 122.35 seconds IncrementalBuild FAIL 1444.68 seconds ScanBuild FAIL 956.41 seconds Details ############################## Test: CheckSmatch - WARNING Desc: Run smatch tool with source Output: emulator/btdev.c:448:29: warning: Variable length array is used.emulator/btdev.c:448:29: warning: Variable length array is used. ############################## Test: IncrementalBuild - FAIL Desc: Incremental build with the patches in the series Output: [BlueZ,1/5] btdev: Add support for syncing to multiple PA trains tools/mgmt-tester.c: In function ‘main’: tools/mgmt-tester.c:12725:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without 12725 | int main(int argc, char *argv[]) | ^~~~ unit/test-avdtp.c: In function ‘main’: unit/test-avdtp.c:766:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without 766 | int main(int argc, char *argv[]) | ^~~~ unit/test-avrcp.c: In function ‘main’: unit/test-avrcp.c:989:5: note: variable tracking size limit exceeded with ‘-fvar-tracking-assignments’, retrying without 989 | int main(int argc, char *argv[]) | ^~~~ emulator/btdev.c: In function ‘cmd_big_create_sync’: emulator/btdev.c:6433:9: error: ‘struct btdev’ has no member named ‘le_pa_sync_handle’ 6433 | if (dev->le_pa_sync_handle != le16_to_cpu(cmd->sync_handle)) { | ^~ emulator/btdev.c: In function ‘cmd_big_create_sync_complete’: emulator/btdev.c:6473:40: error: ‘struct btdev’ has no member named ‘pa_sync_cmd’ 6473 | remote = find_btdev_by_bdaddr_type(dev->pa_sync_cmd.addr, | ^~ emulator/btdev.c:6474:10: error: ‘struct btdev’ has no member named ‘pa_sync_cmd’ 6474 | dev->pa_sync_cmd.addr_type); | ^~ make[1]: *** [Makefile:7873: emulator/btdev.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:4691: all] Error 2 ############################## Test: ScanBuild - FAIL Desc: Run Scan Build Output: src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed gatt_db_unregister(op->client->db, op->db_id); ^~~~~~~~~~ src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed discovery_op_complete(op, false, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:996:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1102:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1296:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1361:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1636:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1641:2: warning: Use of memory after it is freed discover_all(op); ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2145:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2153:8: warning: Use of memory after it is freed discovery_op_ref(op), ^~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3242:2: warning: Use of memory after it is freed complete_write_long_op(req, success, 0, false); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3264:2: warning: Use of memory after it is freed request_unref(req); ^~~~~~~~~~~~~~~~~~ 12 warnings generated. src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed gatt_db_unregister(op->client->db, op->db_id); ^~~~~~~~~~ src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed discovery_op_complete(op, false, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:996:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1102:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1296:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1361:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1636:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1641:2: warning: Use of memory after it is freed discover_all(op); ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2145:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2153:8: warning: Use of memory after it is freed discovery_op_ref(op), ^~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3242:2: warning: Use of memory after it is freed complete_write_long_op(req, success, 0, false); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3264:2: warning: Use of memory after it is freed request_unref(req); ^~~~~~~~~~~~~~~~~~ 12 warnings generated. tools/hciattach.c:817:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 10)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/hciattach.c:865:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 4)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/hciattach.c:887:8: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 10)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/hciattach.c:909:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 4)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/hciattach.c:930:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 4)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/hciattach.c:974:7: warning: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n' if ((n = read_hci_event(fd, resp, 6)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 6 warnings generated. src/oui.c:50:2: warning: Value stored to 'hwdb' is never read hwdb = udev_hwdb_unref(hwdb); ^ ~~~~~~~~~~~~~~~~~~~~~ src/oui.c:53:2: warning: Value stored to 'udev' is never read udev = udev_unref(udev); ^ ~~~~~~~~~~~~~~~~ 2 warnings generated. tools/hcidump.c:180:9: warning: Potential leak of memory pointed to by 'dp' if (fds[i].fd == sock) ^~~ tools/hcidump.c:248:17: warning: Assigned value is garbage or undefined dh->ts_sec = htobl(frm.ts.tv_sec); ^ ~~~~~~~~~~~~~~~~~~~~ tools/hcidump.c:326:9: warning: 1st function call argument is an uninitialized value if (be32toh(dp.flags) & 0x02) { ^~~~~~~~~~~~~~~~~ /usr/include/endian.h:46:22: note: expanded from macro 'be32toh' # define be32toh(x) __bswap_32 (x) ^~~~~~~~~~~~~~ tools/hcidump.c:341:20: warning: 1st function call argument is an uninitialized value frm.data_len = be32toh(dp.len); ^~~~~~~~~~~~~~~ /usr/include/endian.h:46:22: note: expanded from macro 'be32toh' # define be32toh(x) __bswap_32 (x) ^~~~~~~~~~~~~~ tools/hcidump.c:346:14: warning: 1st function call argument is an uninitialized value opcode = be32toh(dp.flags) & 0xffff; ^~~~~~~~~~~~~~~~~ /usr/include/endian.h:46:22: note: expanded from macro 'be32toh' # define be32toh(x) __bswap_32 (x) ^~~~~~~~~~~~~~ tools/hcidump.c:384:17: warning: Assigned value is garbage or undefined frm.data_len = btohs(dh.len); ^ ~~~~~~~~~~~~~ tools/hcidump.c:394:11: warning: Assigned value is garbage or undefined frm.len = frm.data_len; ^ ~~~~~~~~~~~~ tools/hcidump.c:398:9: warning: 1st function call argument is an uninitialized value ts = be64toh(ph.ts); ^~~~~~~~~~~~~~ /usr/include/endian.h:51:22: note: expanded from macro 'be64toh' # define be64toh(x) __bswap_64 (x) ^~~~~~~~~~~~~~ tools/hcidump.c:403:13: warning: 1st function call argument is an uninitialized value frm.in = be32toh(dp.flags) & 0x01; ^~~~~~~~~~~~~~~~~ /usr/include/endian.h:46:22: note: expanded from macro 'be32toh' # define be32toh(x) __bswap_32 (x) ^~~~~~~~~~~~~~ tools/hcidump.c:408:11: warning: Assigned value is garbage or undefined frm.in = dh.in; ^ ~~~~~ tools/hcidump.c:437:7: warning: Null pointer passed to 1st parameter expecting 'nonnull' fd = open(file, open_flags, 0644); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ 11 warnings generated. tools/rfcomm.c:234:3: warning: Value stored to 'i' is never read i = execvp(cmdargv[0], cmdargv); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/rfcomm.c:234:7: warning: Null pointer passed to 1st parameter expecting 'nonnull' i = execvp(cmdargv[0], cmdargv); ^~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/rfcomm.c:354:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd' if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/rfcomm.c:497:14: warning: Assigned value is garbage or undefined req.channel = raddr.rc_channel; ^ ~~~~~~~~~~~~~~~~ tools/rfcomm.c:515:8: warning: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd' if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5 warnings generated. src/sdp-xml.c:126:10: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ src/sdp-xml.c:300:11: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ src/sdp-xml.c:338:11: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ 3 warnings generated. tools/ciptool.c:350:7: warning: 5th function call argument is an uninitialized value sk = do_connect(ctl, dev_id, &src, &dst, psm, (1 << CMTP_LOOPBACK)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. tools/sdptool.c:941:26: warning: Result of 'malloc' is converted to a pointer of type 'uint32_t', which is incompatible with sizeof operand type 'int' uint32_t *value_int = malloc(sizeof(int)); ~~~~~~~~~~ ^~~~~~ ~~~~~~~~~~~ tools/sdptool.c:980:4: warning: 1st function call argument is an uninitialized value free(allocArray[i]); ^~~~~~~~~~~~~~~~~~~ tools/sdptool.c:3777:2: warning: Potential leak of memory pointed to by 'si.name' return add_service(0, &si); ^~~~~~~~~~~~~~~~~~~~~~~~~~ tools/sdptool.c:4112:4: warning: Potential leak of memory pointed to by 'context.svc' return -1; ^~~~~~~~~ 4 warnings generated. tools/avtest.c:225:5: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:235:5: warning: Value stored to 'len' is never read len = write(sk, buf, 4); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:244:5: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:258:5: warning: Value stored to 'len' is never read len = write(sk, buf, ^ ~~~~~~~~~~~~~~ tools/avtest.c:265:5: warning: Value stored to 'len' is never read len = write(sk, buf, ^ ~~~~~~~~~~~~~~ tools/avtest.c:272:5: warning: Value stored to 'len' is never read len = write(sk, buf, ^ ~~~~~~~~~~~~~~ tools/avtest.c:279:5: warning: Value stored to 'len' is never read len = write(sk, buf, ^ ~~~~~~~~~~~~~~ tools/avtest.c:291:5: warning: Value stored to 'len' is never read len = write(sk, buf, 4); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:295:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:304:5: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:308:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:317:5: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:324:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:346:5: warning: Value stored to 'len' is never read len = write(sk, buf, 4); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:350:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:359:5: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:363:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:376:5: warning: Value stored to 'len' is never read len = write(sk, buf, 4); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:380:5: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:387:4: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:397:4: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:562:3: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:570:3: warning: Value stored to 'len' is never read len = write(sk, buf, invalid ? 2 : 3); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/avtest.c:584:3: warning: Value stored to 'len' is never read len = write(sk, buf, 4 + sizeof(media_transport)); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/avtest.c:597:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:607:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:619:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:634:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:646:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:655:3: warning: Value stored to 'len' is never read len = write(sk, buf, 3); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:662:3: warning: Value stored to 'len' is never read len = write(sk, buf, 2); ^ ~~~~~~~~~~~~~~~~~ tools/avtest.c:698:2: warning: Value stored to 'len' is never read len = write(sk, buf, AVCTP_HEADER_LENGTH + sizeof(play_pressed)); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 32 warnings generated. tools/btproxy.c:836:15: warning: Null pointer passed to 1st parameter expecting 'nonnull' tcp_port = atoi(optarg); ^~~~~~~~~~~~ tools/btproxy.c:839:8: warning: Null pointer passed to 1st parameter expecting 'nonnull' if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3)) ^~~~~~~~~~~~~~ 2 warnings generated. tools/create-image.c:76:3: warning: Value stored to 'fd' is never read fd = -1; ^ ~~ tools/create-image.c:84:3: warning: Value stored to 'fd' is never read fd = -1; ^ ~~ tools/create-image.c:92:3: warning: Value stored to 'fd' is never read fd = -1; ^ ~~ tools/create-image.c:105:2: warning: Value stored to 'fd' is never read fd = -1; ^ ~~ 4 warnings generated. tools/btgatt-client.c:1824:2: warning: Value stored to 'argv' is never read argv += optind; ^ ~~~~~~ 1 warning generated. tools/btgatt-server.c:1212:2: warning: Value stored to 'argv' is never read argv -= optind; ^ ~~~~~~ 1 warning generated. tools/check-selftest.c:42:3: warning: Value stored to 'ptr' is never read ptr = fgets(result, sizeof(result), fp); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. tools/gatt-service.c:294:2: warning: 2nd function call argument is an uninitialized value chr_write(chr, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. tools/obex-server-tool.c:133:13: warning: Null pointer passed to 1st parameter expecting 'nonnull' data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/obex-server-tool.c:192:13: warning: Null pointer passed to 1st parameter expecting 'nonnull' data->fd = open(name, O_RDONLY | O_NOCTTY, 0); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. tools/btpclientctl.c:402:3: warning: Value stored to 'bit' is never read bit = 0; ^ ~ tools/btpclientctl.c:1655:2: warning: Null pointer passed to 2nd parameter expecting 'nonnull' memcpy(cp->data, ad_data, ad_len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. src/sdpd-request.c:211:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint16_t' pElem = malloc(sizeof(uint16_t)); ^~~~~~ ~~~~~~~~~~~~~~~~ src/sdpd-request.c:239:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint32_t' pElem = malloc(sizeof(uint32_t)); ^~~~~~ ~~~~~~~~~~~~~~~~ 2 warnings generated. android/avrcp-lib.c:1968:3: warning: 1st function call argument is an uninitialized value g_free(text[i]); ^~~~~~~~~~~~~~~ 1 warning generated. profiles/health/hdp.c:644:3: warning: Use of memory after it is freed hdp_tmp_dc_data_unref(dc_data); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ profiles/health/hdp.c:800:19: warning: Use of memory after it is freed path = g_strdup(chan->path); ^~~~~~~~~~ profiles/health/hdp.c:1779:6: warning: Use of memory after it is freed hdp_tmp_dc_data_ref(hdp_conn), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ profiles/health/hdp.c:1836:30: warning: Use of memory after it is freed reply = g_dbus_create_error(data->msg, ERROR_INTERFACE ".HealthError", ^~~~~~~~~ 4 warnings generated. profiles/health/hdp_util.c:1052:2: warning: Use of memory after it is freed conn_data->func(conn_data->data, gerr); ^~~~~~~~~~~~~~~ 1 warning generated. attrib/gatt.c:970:2: warning: Potential leak of memory pointed to by 'long_write' return prepare_write(long_write); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. src/sdpd-request.c:211:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint16_t' pElem = malloc(sizeof(uint16_t)); ^~~~~~ ~~~~~~~~~~~~~~~~ src/sdpd-request.c:239:13: warning: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint32_t' pElem = malloc(sizeof(uint32_t)); ^~~~~~ ~~~~~~~~~~~~~~~~ 2 warnings generated. src/sdp-xml.c:126:10: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ src/sdp-xml.c:300:11: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ src/sdp-xml.c:338:11: warning: Assigned value is garbage or undefined buf[1] = data[i + 1]; ^ ~~~~~~~~~~~ 3 warnings generated. src/sdp-client.c:353:14: warning: Access to field 'cb' results in a dereference of a null pointer (*ctxt)->cb = cb; ~~~~~~~~~~~~^~~~ 1 warning generated. src/gatt-database.c:1156:10: warning: Value stored to 'bits' during its initialization is never read uint8_t bits[] = { BT_GATT_CHRC_CLI_FEAT_ROBUST_CACHING, ^~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. gobex/gobex-header.c:95:2: warning: Null pointer passed to 2nd parameter expecting 'nonnull' memcpy(to, from, count); ^~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. gobex/gobex-transfer.c:423:7: warning: Use of memory after it is freed if (!g_slist_find(transfers, transfer)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. mesh/main.c:161:3: warning: Value stored to 'optarg' is never read optarg += strlen("auto"); ^ ~~~~~~~~~~~~~~ 1 warning generated. client/player.c:2206:8: warning: Null pointer passed to 2nd parameter expecting 'nonnull' if (!strcmp(ep->path, pattern)) ^~~~~~~~~~~~~~~~~~~~~~~~~ client/player.c:3476:16: warning: Null pointer passed to 1st parameter expecting 'nonnull' codec->name = strdup(name); ^~~~~~~~~~~~ 2 warnings generated. lib/hci.c:97:4: warning: Value stored to 'ptr' is never read ptr += sprintf(ptr, "%s", m->str); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. gdbus/watch.c:226:3: warning: Attempt to free released memory g_free(l->data); ^~~~~~~~~~~~~~~ 1 warning generated. lib/sdp.c:509:17: warning: Dereference of undefined pointer value uint8_t dtd = *(uint8_t *) dtds[i]; ^~~~~~~~~~~~~~~~~~~~ lib/sdp.c:539:17: warning: Dereference of undefined pointer value uint8_t dtd = *(uint8_t *) dtds[i]; ^~~~~~~~~~~~~~~~~~~~ lib/sdp.c:1885:26: warning: Potential leak of memory pointed to by 'ap' for (; pdlist; pdlist = pdlist->next) { ^~~~~~ lib/sdp.c:1899:6: warning: Potential leak of memory pointed to by 'pds' ap = sdp_list_append(ap, pds); ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~ lib/sdp.c:1944:10: warning: Potential leak of memory pointed to by 'u' *seqp = sdp_list_append(*seqp, u); ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/sdp.c:2049:4: warning: Potential leak of memory pointed to by 'lang' sdp_list_free(*langSeq, free); ^~~~~~~~~~~~~ lib/sdp.c:2138:9: warning: Potential leak of memory pointed to by 'profDesc' return 0; ^ lib/sdp.c:3270:8: warning: Potential leak of memory pointed to by 'pSvcRec' pSeq = sdp_list_append(pSeq, pSvcRec); ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/sdp.c:3271:9: warning: Potential leak of memory pointed to by 'pSeq' pdata += sizeof(uint32_t); ~~~~~~^~~~~~~~~~~~~~~~~~~ lib/sdp.c:4607:13: warning: Potential leak of memory pointed to by 'rec_list' } while (scanned < attr_list_len && pdata_len > 0); ^~~~~~~ lib/sdp.c:4903:40: warning: Potential leak of memory pointed to by 'tseq' for (d = sdpdata->val.dataseq; d; d = d->next) { ^ lib/sdp.c:4939:8: warning: Potential leak of memory pointed to by 'subseq' tseq = sdp_list_append(tseq, subseq); ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 12 warnings generated. src/shared/gatt-client.c:451:21: warning: Use of memory after it is freed gatt_db_unregister(op->client->db, op->db_id); ^~~~~~~~~~ src/shared/gatt-client.c:696:2: warning: Use of memory after it is freed discovery_op_complete(op, false, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:996:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1102:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1296:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1361:2: warning: Use of memory after it is freed discovery_op_complete(op, success, att_ecode); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1636:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:1641:2: warning: Use of memory after it is freed discover_all(op); ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2145:6: warning: Use of memory after it is freed if (read_db_hash(op)) { ^~~~~~~~~~~~~~~~ src/shared/gatt-client.c:2153:8: warning: Use of memory after it is freed discovery_op_ref(op), ^~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3242:2: warning: Use of memory after it is freed complete_write_long_op(req, success, 0, false); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/shared/gatt-client.c:3264:2: warning: Use of memory after it is freed request_unref(req); ^~~~~~~~~~~~~~~~~~ 12 warnings generated. monitor/l2cap.c:1638:4: warning: Value stored to 'data' is never read data += len; ^ ~~~ monitor/l2cap.c:1639:4: warning: Value stored to 'size' is never read size -= len; ^ ~~~ 2 warnings generated. monitor/hwdb.c:59:2: warning: Value stored to 'hwdb' is never read hwdb = udev_hwdb_unref(hwdb); ^ ~~~~~~~~~~~~~~~~~~~~~ monitor/hwdb.c:64:2: warning: Value stored to 'udev' is never read udev = udev_unref(udev); ^ ~~~~~~~~~~~~~~~~ monitor/hwdb.c:106:2: warning: Value stored to 'hwdb' is never read hwdb = udev_hwdb_unref(hwdb); ^ ~~~~~~~~~~~~~~~~~~~~~ monitor/hwdb.c:111:2: warning: Value stored to 'udev' is never read udev = udev_unref(udev); ^ ~~~~~~~~~~~~~~~~ 4 warnings generated. tools/bluemoon.c:1102:8: warning: Null pointer passed to 1st parameter expecting 'nonnull' if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3)) ^~~~~~~~~~~~~~ 1 warning generated. tools/meshctl.c:326:19: warning: Access to field 'mesh_devices' results in a dereference of a null pointer (loaded from variable 'default_ctrl') g_list_free_full(default_ctrl->mesh_devices, g_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~ tools/meshctl.c:762:2: warning: 2nd function call argument is an uninitialized value bt_shell_printf("Attempting to disconnect from %s\n", addr); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tools/meshctl.c:1957:2: warning: Value stored to 'len' is never read len = len + extra + strlen("local_node.json"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3 warnings generated. In file included from tools/mesh-gatt/crypto.c:32: ./src/shared/util.h:240:9: warning: 1st function call argument is an uninitialized value return be32_to_cpu(get_unaligned((const uint32_t *) ptr)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./src/shared/util.h:33:26: note: expanded from macro 'be32_to_cpu' #define be32_to_cpu(val) bswap_32(val) ^~~~~~~~~~~~~ /usr/include/byteswap.h:34:21: note: expanded from macro 'bswap_32' #define bswap_32(x) __bswap_32 (x) ^~~~~~~~~~~~~~ In file included from tools/mesh-gatt/crypto.c:32: ./src/shared/util.h:250:9: warning: 1st function call argument is an uninitialized value return be64_to_cpu(get_unaligned((const uint64_t *) ptr)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./src/shared/util.h:34:26: note: expanded from macro 'be64_to_cpu' #define be64_to_cpu(val) bswap_64(val) ^~~~~~~~~~~~~ /usr/include/byteswap.h:37:21: note: expanded from macro 'bswap_64' #define bswap_64(x) __bswap_64 (x) ^~~~~~~~~~~~~~ 2 warnings generated. ell/util.c:785:8: warning: The left operand of '>' is a garbage value if (x > UINT8_MAX) ~ ^ ell/util.c:803:8: warning: The left operand of '>' is a garbage value if (x > UINT16_MAX) ~ ^ 2 warnings generated. ell/pem.c:131:8: warning: Dereference of null pointer (loaded from variable 'eol') if (*eol == '\r' || *eol == '\n') ^~~~ ell/pem.c:166:18: warning: Dereference of null pointer (loaded from variable 'eol') if (buf_len && *eol == '\r' && *buf_ptr == '\n') { ^~~~ ell/pem.c:166:34: warning: Dereference of null pointer (loaded from variable 'buf_ptr') if (buf_len && *eol == '\r' && *buf_ptr == '\n') { ^~~~~~~~ ell/pem.c:304:11: warning: 1st function call argument is an uninitialized value result = pem_load_buffer(file.data, file.st.st_size, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ell/pem.c:469:9: warning: 1st function call argument is an uninitialized value list = l_pem_load_certificate_list_from_data(file.data, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5 warnings generated. ell/cert.c:644:41: warning: Access to field 'asn1_len' results in a dereference of a null pointer (loaded from variable 'cert') key = l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len); ^~~~~~~~~~~~~~ 1 warning generated. ell/gvariant-util.c:143:18: warning: The left operand of '>' is a garbage value if (alignment > max_alignment) ~~~~~~~~~ ^ ell/gvariant-util.c:456:5: warning: Dereference of null pointer !children[0].fixed_size) { ^~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. ell/ecc-external.c:68:24: warning: The left operand of '&' is a garbage value return (vli[bit / 64] & ((uint64_t) 1 << (bit % 64))); ~~~~~~~~~~~~~ ^ ell/ecc-external.c:160:18: warning: The right operand of '-' is a garbage value diff = left[i] - right[i] - borrow; ^ ~~~~~~~~ 2 warnings generated. In file included from tools/parser/amp.c:15: tools/parser/parser.h:121:16: warning: Dereference of null pointer time_t t = f->ts.tv_sec; ^~~~~~~~~~~~ tools/parser/parser.h:127:27: warning: Dereference of null pointer printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec); ^~~~~~~~~~~~ tools/parser/parser.h:129:18: warning: Access to field 'in' results in a dereference of a null pointer (loaded from variable 'f') printf("%c ", (f->in ? '>' : '<')); ^~~~~ 3 warnings generated. In file included from tools/parser/sdp.c:24: tools/parser/parser.h:121:16: warning: Dereference of null pointer time_t t = f->ts.tv_sec; ^~~~~~~~~~~~ tools/parser/parser.h:127:27: warning: Dereference of null pointer printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec); ^~~~~~~~~~~~ tools/parser/parser.h:129:18: warning: Access to field 'in' results in a dereference of a null pointer (loaded from variable 'f') printf("%c ", (f->in ? '>' : '<')); ^~~~~ 3 warnings generated. In file included from tools/parser/ppp.c:22: tools/parser/parser.h:156:2: warning: Undefined or garbage value returned to caller return *u8_ptr; ^~~~~~~~~~~~~~ tools/parser/ppp.c:108:30: warning: The left operand of '&' is a garbage value if (*((uint8_t *) frm->ptr) & 0x80) ~~~~~~~~~~~~~~~~~~~~~~~ ^ 2 warnings generated. emulator/serial.c:151:2: warning: Assigned value is garbage or undefined enum btdev_type uninitialized_var(type); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ emulator/serial.c:151:36: warning: Value stored to 'type' during its initialization is never read enum btdev_type uninitialized_var(type); ^~~~ emulator/serial.c:36:30: note: expanded from macro 'uninitialized_var' #define uninitialized_var(x) x = x ^ ~ emulator/serial.c:214:2: warning: Assigned value is garbage or undefined enum btdev_type uninitialized_var(dev_type); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ emulator/serial.c:214:36: warning: Value stored to 'dev_type' during its initialization is never read enum btdev_type uninitialized_var(dev_type); ^~~~~~~~ emulator/serial.c:36:30: note: expanded from macro 'uninitialized_var' #define uninitialized_var(x) x = x ^ ~ 4 warnings generated. emulator/server.c:200:2: warning: Assigned value is garbage or undefined enum btdev_type uninitialized_var(type); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ emulator/server.c:200:36: warning: Value stored to 'type' during its initialization is never read enum btdev_type uninitialized_var(type); ^~~~ emulator/server.c:36:30: note: expanded from macro 'uninitialized_var' #define uninitialized_var(x) x = x ^ ~ 2 warnings generated. emulator/btdev.c: In function ‘cmd_big_create_sync’: emulator/btdev.c:6433:9: error: ‘struct btdev’ has no member named ‘le_pa_sync_handle’ 6433 | if (dev->le_pa_sync_handle != le16_to_cpu(cmd->sync_handle)) { | ^~ emulator/btdev.c: In function ‘cmd_big_create_sync_complete’: emulator/btdev.c:6473:40: error: ‘struct btdev’ has no member named ‘pa_sync_cmd’ 6473 | remote = find_btdev_by_bdaddr_type(dev->pa_sync_cmd.addr, | ^~ emulator/btdev.c:6474:10: error: ‘struct btdev’ has no member named ‘pa_sync_cmd’ 6474 | dev->pa_sync_cmd.addr_type); | ^~ make[1]: *** [Makefile:7873: emulator/btdev.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:4691: all] Error 2 --- Regards, Linux Bluetooth
diff --git a/emulator/btdev.c b/emulator/btdev.c index 5752a2fb0..3b0a267d1 100644 --- a/emulator/btdev.c +++ b/emulator/btdev.c @@ -52,7 +52,7 @@ #define ACL_HANDLE 42 #define ISO_HANDLE 257 #define SCO_HANDLE 257 -#define SYC_HANDLE 1 +#define SYNC_HANDLE 1 #define INV_HANDLE 0xffff struct hook { @@ -105,6 +105,13 @@ struct le_ext_adv { unsigned int id; }; +struct le_per_adv { + struct btdev *dev; + uint8_t addr_type; + uint8_t addr[6]; + uint16_t sync_handle; +}; + struct le_cig { struct bt_hci_cmd_le_set_cig_params params; struct bt_hci_cis_params cis[CIS_SIZE]; @@ -212,8 +219,6 @@ struct btdev { uint16_t le_pa_max_interval; uint8_t le_pa_data_len; uint8_t le_pa_data[MAX_PA_DATA_LEN]; - struct bt_hci_cmd_le_pa_create_sync pa_sync_cmd; - uint16_t le_pa_sync_handle; uint8_t big_handle; uint8_t le_ltk[16]; struct le_cig le_cig[CIG_SIZE]; @@ -239,6 +244,7 @@ struct btdev { uint16_t le_ext_adv_type; struct queue *le_ext_adv; + struct queue *le_per_adv; btdev_debug_func_t debug_callback; btdev_destroy_func_t debug_destroy; @@ -578,7 +584,6 @@ static void btdev_reset(struct btdev *btdev) btdev->le_scan_enable = 0x00; btdev->le_adv_enable = 0x00; btdev->le_pa_enable = 0x00; - btdev->le_pa_sync_handle = 0x0000; btdev->big_handle = 0xff; al_clear(btdev); @@ -589,6 +594,7 @@ static void btdev_reset(struct btdev *btdev) queue_remove_all(btdev->conns, NULL, NULL, conn_remove); queue_remove_all(btdev->le_ext_adv, NULL, NULL, le_ext_adv_free); + queue_remove_all(btdev->le_per_adv, NULL, NULL, free); } static int cmd_reset(struct btdev *dev, const void *data, uint8_t len) @@ -5246,7 +5252,8 @@ static int cmd_set_pa_data(struct btdev *dev, const void *data, return 0; } -static void send_biginfo(struct btdev *dev, const struct btdev *remote) +static void send_biginfo(struct btdev *dev, const struct btdev *remote, + uint16_t sync_handle) { struct bt_hci_evt_le_big_info_adv_report ev; const struct btdev_conn *conn; @@ -5259,7 +5266,7 @@ static void send_biginfo(struct btdev *dev, const struct btdev *remote) bis = conn->data; memset(&ev, 0, sizeof(ev)); - ev.sync_handle = cpu_to_le16(dev->le_pa_sync_handle); + ev.sync_handle = cpu_to_le16(sync_handle); ev.num_bis = 1; while (find_bis_index(remote, ev.num_bis)) @@ -5281,7 +5288,7 @@ static void send_biginfo(struct btdev *dev, const struct btdev *remote) } static void send_pa(struct btdev *dev, const struct btdev *remote, - uint8_t offset) + uint8_t offset, uint16_t sync_handle) { struct __packed { struct bt_hci_le_pa_report ev; @@ -5289,7 +5296,7 @@ static void send_pa(struct btdev *dev, const struct btdev *remote, } pdu; memset(&pdu.ev, 0, sizeof(pdu.ev)); - pdu.ev.handle = cpu_to_le16(dev->le_pa_sync_handle); + pdu.ev.handle = cpu_to_le16(sync_handle); pdu.ev.tx_power = 127; pdu.ev.rssi = 127; pdu.ev.cte_type = 0x0ff; @@ -5309,41 +5316,67 @@ static void send_pa(struct btdev *dev, const struct btdev *remote, if (pdu.ev.data_status == 0x01) { offset += pdu.ev.data_len; - send_pa(dev, remote, offset); + send_pa(dev, remote, offset, sync_handle); return; } - send_biginfo(dev, remote); + send_biginfo(dev, remote, sync_handle); +} + +static bool match_sync_handle(const void *data, const void *match_data) +{ + const struct le_per_adv *per_adv = data; + uint16_t sync_handle = PTR_TO_UINT(match_data); + + return per_adv->sync_handle == sync_handle; +} + +static bool match_dev(const void *data, const void *match_data) +{ + const struct le_per_adv *per_adv = data; + const struct btdev *dev = match_data; + + return dev == find_btdev_by_bdaddr_type(per_adv->addr, + per_adv->addr_type); } static void le_pa_sync_estabilished(struct btdev *dev, struct btdev *remote, uint8_t status) { struct bt_hci_evt_le_per_sync_established ev; - struct bt_hci_cmd_le_pa_create_sync *cmd = &dev->pa_sync_cmd; + struct le_per_adv *per_adv; + uint16_t sync_handle = SYNC_HANDLE; + + per_adv = queue_find(dev->le_per_adv, match_dev, remote); + if (!per_adv) + return; memset(&ev, 0, sizeof(ev)); ev.status = status; if (status) { - memset(&dev->pa_sync_cmd, 0, sizeof(dev->pa_sync_cmd)); - dev->le_pa_sync_handle = 0x0000; + queue_remove(dev->le_per_adv, per_adv); + free(per_adv); le_meta_event(dev, BT_HCI_EVT_LE_PA_SYNC_ESTABLISHED, &ev, sizeof(ev)); return; } - dev->le_pa_sync_handle = SYC_HANDLE; + while (queue_find(dev->le_per_adv, match_sync_handle, + UINT_TO_PTR(sync_handle))) + sync_handle++; + + per_adv->sync_handle = sync_handle; - ev.handle = cpu_to_le16(dev->le_pa_sync_handle); - ev.addr_type = cmd->addr_type; - memcpy(ev.addr, cmd->addr, sizeof(ev.addr)); + ev.handle = cpu_to_le16(per_adv->sync_handle); + ev.addr_type = per_adv->addr_type; + memcpy(ev.addr, per_adv->addr, sizeof(ev.addr)); ev.phy = 0x01; ev.interval = remote->le_pa_min_interval; ev.clock_accuracy = 0x07; le_meta_event(dev, BT_HCI_EVT_LE_PA_SYNC_ESTABLISHED, &ev, sizeof(ev)); - send_pa(dev, remote, 0); + send_pa(dev, remote, 0, per_adv->sync_handle); } static int cmd_set_pa_enable(struct btdev *dev, const void *data, uint8_t len) @@ -5369,7 +5402,8 @@ static int cmd_set_pa_enable(struct btdev *dev, const void *data, uint8_t len) continue; if (remote->le_scan_enable && - remote->le_pa_sync_handle == INV_HANDLE) + queue_find(remote->le_per_adv, match_sync_handle, + UINT_TO_PTR(INV_HANDLE))) le_pa_sync_estabilished(remote, dev, BT_HCI_ERR_SUCCESS); } @@ -5477,11 +5511,14 @@ static void scan_ext_adv(struct btdev *dev, struct btdev *remote) static void scan_pa(struct btdev *dev, struct btdev *remote) { - if (dev->le_pa_sync_handle != INV_HANDLE || !remote->le_pa_enable) + struct le_per_adv *per_adv = queue_find(dev->le_per_adv, + match_sync_handle, UINT_TO_PTR(INV_HANDLE)); + + if (!per_adv || !remote->le_pa_enable) return; - if (remote != find_btdev_by_bdaddr_type(dev->pa_sync_cmd.addr, - dev->pa_sync_cmd.addr_type)) + if (remote != find_btdev_by_bdaddr_type(per_adv->addr, + per_adv->addr_type)) return; le_pa_sync_estabilished(dev, remote, BT_HCI_ERR_SUCCESS); @@ -5622,16 +5659,37 @@ static int cmd_ext_create_conn_complete(struct btdev *dev, const void *data, return 0; } +static struct le_per_adv *le_per_adv_new(struct btdev *btdev, + uint8_t addr_type, const uint8_t *addr) +{ + struct le_per_adv *per_adv; + + per_adv = new0(struct le_per_adv, 1); + + per_adv->dev = btdev; + per_adv->addr_type = addr_type; + memcpy(per_adv->addr, addr, 6); + per_adv->sync_handle = INV_HANDLE; + + /* Add to queue */ + if (!queue_push_tail(btdev->le_per_adv, per_adv)) { + free(per_adv); + return NULL; + } + + return per_adv; +} + static int cmd_pa_create_sync(struct btdev *dev, const void *data, uint8_t len) { + const struct bt_hci_cmd_le_pa_create_sync *cmd = data; uint8_t status = BT_HCI_ERR_SUCCESS; + struct le_per_adv *per_adv; - if (dev->le_pa_sync_handle) + /* Create new train */ + per_adv = le_per_adv_new(dev, cmd->addr_type, cmd->addr); + if (!per_adv) status = BT_HCI_ERR_MEM_CAPACITY_EXCEEDED; - else { - dev->le_pa_sync_handle = INV_HANDLE; - memcpy(&dev->pa_sync_cmd, data, len); - } cmd_status(dev, status, BT_HCI_CMD_LE_PA_CREATE_SYNC); @@ -5671,7 +5729,8 @@ static int cmd_pa_create_sync_cancel(struct btdev *dev, const void *data, * HCI_LE_Periodic_Advertising_Create_Sync command is pending, the * Controller shall return the error code Command Disallowed (0x0C). */ - if (dev->le_pa_sync_handle != INV_HANDLE) + if (!queue_find(dev->le_per_adv, match_sync_handle, + UINT_TO_PTR(INV_HANDLE))) status = BT_HCI_ERR_COMMAND_DISALLOWED; cmd_complete(dev, BT_HCI_CMD_LE_PA_CREATE_SYNC_CANCEL, @@ -5690,16 +5749,24 @@ static int cmd_pa_create_sync_cancel(struct btdev *dev, const void *data, static int cmd_pa_term_sync(struct btdev *dev, const void *data, uint8_t len) { + const struct bt_hci_cmd_le_pa_term_sync *cmd = data; + struct le_per_adv *per_adv; + uint16_t sync_handle = le16_to_cpu(cmd->sync_handle); uint8_t status = BT_HCI_ERR_SUCCESS; + per_adv = queue_find(dev->le_per_adv, match_sync_handle, + UINT_TO_PTR(sync_handle)); + /* If the periodic advertising train corresponding to the Sync_Handle * parameter does not exist, then the Controller shall return the error * code Unknown Advertising Identifier (0x42). */ - if (dev->le_pa_sync_handle != SYC_HANDLE) + if (!per_adv) { status = BT_HCI_ERR_UNKNOWN_ADVERTISING_ID; - else - dev->le_pa_sync_handle = 0x0000; + } else { + queue_remove(dev->le_per_adv, per_adv); + free(per_adv); + } cmd_complete(dev, BT_HCI_CMD_LE_PA_TERM_SYNC, &status, sizeof(status)); @@ -7200,6 +7267,7 @@ struct btdev *btdev_create(enum btdev_type type, uint16_t id) btdev->conns = queue_new(); btdev->le_ext_adv = queue_new(); + btdev->le_per_adv = queue_new(); btdev->le_al_len = AL_SIZE; btdev->le_rl_len = RL_SIZE; @@ -7219,6 +7287,7 @@ void btdev_destroy(struct btdev *btdev) queue_destroy(btdev->conns, conn_remove); queue_destroy(btdev->le_ext_adv, le_ext_adv_free); + queue_destroy(btdev->le_per_adv, free); free(btdev); }