This header contains IPC specific structures and code not related to
BT and audio HAL protocols. This allows to fully decouple IPC from
HAL messages.
This is first step to make HAL part of IPC unit-testable and reusable
between BT HAL and audio HAL.
Unregistering a SEP can trigger abort_cfm callback if some device is
connected thus we should free setups list after all endpoints are
unregistered to avoid error in abort_cfm due to non-existing setup.
In case audio IPC is suddenly disconnected (most likely due to crash of
mediaserver process) we should disconnect headset since it is no longer
associated with valid setup and cannot be used properly.
Invalid read of size 8
at 0x30EE465A78: g_slice_free_chain_with_offset (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x418209: bt_a2dp_unregister (a2dp.c:1576)
by 0x4039E6: main (main.c:347)
Address 0x4f2d248 is 8 bytes inside a block of size 16 free'd
at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x30EE44EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE4655CA: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE465F0C: g_slist_remove (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x41645F: a2dp_device_free (a2dp.c:174)
by 0x30EE466477: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x30EE46649A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x418209: bt_a2dp_unregister (a2dp.c:1576)
by 0x4039E6: main (main.c:347)
Remove setups when a2dp device is removed. This fix following:
Invalid read of size 4
at 0x115E32: bt_stream_close (a2dp.c:1352)
by 0x111DFB: ipc_handle_msg (ipc.c:95)
by 0x11234B: audio_watch_cb (audio-ipc.c:67)
by 0x48BD9C7: ??? (in /system/lib/libglib.so)
Address 0x4a590f4 is 12 bytes inside a block of size 20 free'd
at 0x4897E6C: free (in
/system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
by 0x48C5E2B: g_free (in /system/lib/libglib.so)
Invalid read of size 4
at 0x113638: avdtp_close (avdtp.c:3201)
by 0x115E39: bt_stream_close (a2dp.c:1352)
by 0x111DFB: ipc_handle_msg (ipc.c:95)
by 0x11234B: audio_watch_cb (audio-ipc.c:67)
by 0x48BD9C7: ??? (in /system/lib/libglib.so)
Address 0x4a594a4 is 28 bytes inside a block of size 1,100 free'd
at 0x4897E6C: free (in
/system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
by 0x48C5E2B: g_free (in /system/lib/libglib.so)
In case stream is started from remote we'll receive Resume Stream IPC
when audio is already considered as started (i.e. on first write from
AudioFlinger). In such case we should not try to send AVDTP_START since
this will fail but just reply success over IPC instead.
The endpoint is unregistered but it was still accessible via endpoints
list causing the following trace when audio HAL is closed:
Invalid read of size 8
at 0x414A49: unregister_endpoint (a2dp.c:114)
by 0x3862466477: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x386246649A: g_slist_free_full (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x414985: audio_disconnected (a2dp.c:1446)
by 0x40FD5C: audio_watch_cb (audio-ipc.c:79)
by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4034D5: main (main.c:449)
Address 0x4cd5e68 is 8 bytes inside a block of size 32 free'd
at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x386244EF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4159FD: bt_audio_close (a2dp.c:1296)
by 0x40F629: ipc_handle_msg (ipc.c:95)
by 0x40FD9F: audio_watch_cb (audio-ipc.c:67)
by 0x38624492A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x3862449A39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
by 0x4034D5: main (main.c:449)
MTU value for transport channel is sent in Open Stream response, which
is required to calculate number of frames which can be packed into
single media packet.
This is to avoid including GPLv2 licensed headers in Audio HAL
implementation.
For SBC bitpool range may not strictly match with presets so it needs to
be adjusted to fit within remote capabilities otherwise the remote device
may reject the configuration.
This changes the connected state to be only sent once a transport is
open, before this was done right after the signalling was connected but
this reflect in the audio HAL side attempting to open a stream while
with possible no transport available.
audio_ipc_send_rsp_full() does not free buffer passed as parameter
thus it should be freed by caller.
This fixes following Valgrind report:
==1238== 5 bytes in 1 blocks are definitely lost in loss record 22 of 54
==1238== at 0x4896DC8: calloc (in /system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
==1238== by 0x48C5DB7: g_malloc0 (gmem.c:189)
==1238== by 0x1150EF: bt_stream_open (a2dp.c:1177)
==1238== by 0x1116A7: ipc_handle_msg (ipc.c:95)
==1238== by 0x111C11: audio_watch_cb (audio-ipc.c:66)
==1238== by 0x48BD9C7: g_io_unix_dispatch (giounix.c:166)
==1238== by 0x48C2CCB: g_main_context_dispatch (gmain.c:2539)
==1238== by 0x48C2ED9: g_main_context_iterate.isra.19 (gmain.c:3146)
==1238== by 0x48C3167: g_main_loop_run (gmain.c:3340)
==1238== by 0x10B207: main (main.c:436)
avdtp_service_cap_new() makes own copy of data stored in "codec" thus
it should be freed by caller.
This fixes following Valgrind report:
==1238== 6 bytes in 1 blocks are definitely lost in loss record 27 of 54
==1238== at 0x4896DC8: calloc (in /system/lib/valgrind/vgpreload_memcheck-arm-linux.so)
==1238== by 0x48C5DB7: g_malloc0 (gmem.c:189)
==1238== by 0x115B4B: discover_cb (a2dp.c:303)
==1238== by 0x111DE7: finalize_discovery (avdtp.c:933)
==1238== by 0x114441: session_cb (avdtp.c:2556)
==1238== by 0x48BD9C7: g_io_unix_dispatch (giounix.c:166)
==1238== by 0x48C2CCB: g_main_context_dispatch (gmain.c:2539)
==1238== by 0x48C2ED9: g_main_context_iterate.isra.19 (gmain.c:3146)
==1238== by 0x48C3167: g_main_loop_run (gmain.c:3340)
==1238== by 0x10B207: main (main.c:436)
In case SEP was opened from local side, corresponding a2dp_setup
structure has just reference to a2dp_preset which is stored on presets
list. As a result, when closing SEP such preset will be freed leaving
dangling pointer on presets list.
struct audio_rsp_open_stream has only zero-length array member thus its
size equals to 0. We need to explicitly specify size of array element
type here.
