Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bluetooth :Mesh:Provison init should after proxy #22207

Closed
LingaoM opened this issue Jan 26, 2020 · 2 comments · Fixed by #22230
Closed

Bluetooth :Mesh:Provison init should after proxy #22207

LingaoM opened this issue Jan 26, 2020 · 2 comments · Fixed by #22230
Assignees
@jhedberg @trond-snekvik
Labels
area: Bluetooth Mesh area: Bluetooth bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug

Comments

@LingaoM
Copy link
Collaborator

LingaoM commented Jan 26, 2020
edited
Loading

zephyr/subsys/bluetooth/mesh/main.c

Lines 292 to 328 in bce3354

int bt_mesh_init(const struct bt_mesh_prov *prov,
const struct bt_mesh_comp *comp)
{
int err;
err = bt_mesh_test();
if (err) {
return err;
}
err = bt_mesh_comp_register(comp);
if (err) {
return err;
}
if (IS_ENABLED(CONFIG_BT_MESH_PROV)) {
err = bt_mesh_prov_init(prov);
if (err) {
return err;
}
}
bt_mesh_net_init();
bt_mesh_trans_init();
bt_mesh_beacon_init();
bt_mesh_adv_init();
if (IS_ENABLED(CONFIG_BT_MESH_PROXY)) {
bt_mesh_proxy_init();
}
if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
bt_mesh_settings_init();
}
return 0;
}

Provision use pb-gatt use buffer from proxy client, however proxy client init after prov init. Prov init call reset_state to allocate buf from proxy client, get-proxy-buf call net_buf_simple_reset to init buf->data = buf->__buf, but at this time buf->__buf currently not initiating.
@LingaoM LingaoM added the bug The issue is a bug, or the PR is fixing a bug label Jan 26, 2020
@jhedberg jhedberg added area: Bluetooth priority: medium Medium impact/importance bug labels Jan 27, 2020
@jhedberg
Copy link
Member

You're right, this looks like a real bug - I'm surprised no one has noticed since it results in the provisioning buffer having buf->data pointing to NULL. The fix should be as simple as reordering the calls in bt_mesh_init() i.e. so that bt_mesh_proxy_init() gets called before bt_mesh_prov_init().

@jhedberg
Copy link
Member

@moringe can you confirm that the following would solve the issue:

--- a/subsys/bluetooth/mesh/main.c
+++ b/subsys/bluetooth/mesh/main.c
@@ -304,6 +304,10 @@ int bt_mesh_init(const struct bt_mesh_prov *prov,
                return err;
        }
 
+       if (IS_ENABLED(CONFIG_BT_MESH_PROXY)) {
+               bt_mesh_proxy_init();
+       }
+
        if (IS_ENABLED(CONFIG_BT_MESH_PROV)) {
                err = bt_mesh_prov_init(prov);
                if (err) {
@@ -316,10 +320,6 @@ int bt_mesh_init(const struct bt_mesh_prov *prov,
        bt_mesh_beacon_init();
        bt_mesh_adv_init();
 
-       if (IS_ENABLED(CONFIG_BT_MESH_PROXY)) {
-               bt_mesh_proxy_init();
-       }
-
        if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
                bt_mesh_settings_init();
        }

jhedberg pushed a commit to jhedberg/zephyr that referenced this issue Jan 27, 2020
Bluetooth: Mesh: Fix provisioning buffer initialization
e4af754 
When PB-GATT support has been enabled the provisioning code "borrows"
the buffer from the proxy code. However, the way that initialization
was happening the proxy buffers were initialized only after
provisioning initialization, resulting in a corrupted buffer with
buf->data pointing to NULL. Reorder the initialization calls so that
proxy is done first and provisioning only after it.

Fixes zephyrproject-rtos#22207

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
@jhedberg jhedberg mentioned this issue Jan 27, 2020
Merged
jhedberg pushed a commit that referenced this issue Jan 29, 2020
@jhedberg
Bluetooth: Mesh: Fix provisioning buffer initialization
637582d 
When PB-GATT support has been enabled the provisioning code "borrows"
the buffer from the proxy code. However, the way that initialization
was happening the proxy buffers were initialized only after
provisioning initialization, resulting in a corrupted buffer with
buf->data pointing to NULL. Reorder the initialization calls so that
proxy is done first and provisioning only after it.

Fixes #22207

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhedberg jhedberg

@trond-snekvik trond-snekvik

Labels
area: Bluetooth Mesh area: Bluetooth bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bluetooth: Mesh: Fix provisioning buffer initialization jhedberg/zephyr
4 participants
@jhedberg @trond-snekvik @carlescufi @LingaoM