There are a large number of files in the tree that define _GNU_SOURCE
despite not actually using features hidden behind this flag. This patch
removes all these definitions in one fell swoop...
The driver vtables are read-only structures. This patch declares them as
'const' allowing the compiler to (optionally) put them in the RELRO
section. RELRO pages may be marked as read-only by the linker after
the relocations have been done ensuring that they aren't inadvertently
or maliciously altered at runtime.
Some phones with an active and waiting call at the time of HFP SLC
establishment, may send call waiting notification before all calls
are synchronized. This will lead to call Id mismatch because call
object is created with assumed Id 1 and not Id assigned by the phone.
In example below waiting call is created with Id 1 but in AT+CLCC
this phone returns active call as call with Id 1, and waiting as 2.
< \r\n+CCWA: "+1234567890",145\r\n
< \r\n+CIEV: 2,1\r\n
drivers/hfpmodem/voicecall.c:ccwa_notify() ccwa_notify: +1234567890 145 0
src/voicecall.c:ofono_voicecall_notify() Got a voicecall event, status: 5, id: 1, number: +1234567890 called_number: , called_name
src/voicecall.c:ofono_voicecall_notify() Did not find a call with id: 1
> AT+CIND?\r
< \r\n+CIND: 1,1,1,4,0,2,0\r\n\r\nOK\r\n
src/network.c:ofono_netreg_status_notify() /hfp/org/bluez/hci0/dev_60_AF_6D_F7_8E_37 status 1 tech -1
> AT+VGS=7\r
< \r\nOK\r\n
> AT+VGM=7\r
< \r\nOK\r\n
> AT+CLCC\r
< \r\n+CLCC: 1,1,0,0,0,"+9876543210",145\r\n
< \r\n+CLCC: 2,1,5,0,0,"+1234567890",145\r\n\r\nOK\r\n
src/voicecall.c:ofono_voicecall_notify() Got a voicecall event, status: 0, id: 1, number: +9876543210 called_number: , called_name
src/voicecall.c:ofono_voicecall_notify() Found call with id: 1
src/voicecall.c:ofono_voicecall_notify() Got a voicecall event, status: 5, id: 2, number: +1234567890 called_number: , called_name
src/voicecall.c:ofono_voicecall_notify() Did not find a call with id: 2
src/voicecall.c:ofono_voicecall_mpty_hint() ids: 0
An issue with iPhone 5C iOS 9.2 triggers desynchronization in call
states. When an active call is put on hold and another call arrives,
it is in WAITING state. It should be possible to answer it by issuing
AT+CHLD=2 but the phone changes its state to INCOMING so ATA should be
used. This change is advertised by sending callheld:2 event, but it is
not handled. This event can be used to trigger CLCC poll to synchronize
call states.
+CIEV: 3,1 <- first call arrives
AT+CLCC
+CLCC: 1,1,4,0,0,"01234567890",129
OK
RING
+CLIP: "01234567890",129
ATA
OK
+CIEV: 2,1
+CIEV: 3,0.
AT+CHLD=2.$ <- first call is put on hold
OK
+CIEV: 7,2 <- notification confirming that call #1 is on hold
+CCWA: "09876543210",129,1 <- second call arrives
+CIEV: 7,2
+CIEV: 3,1
AT+CLCC
+CLCC: 1,1,1,0,0,"01234567890",129
+CLCC: 2,1,5,0,0,"09876543210",129 <- new call is still in WAITING state
OK
+CIEV: 7,2 <- phone iternally promotes WAITING call to INCOMING
AT+CHLD=2 <- there is no WAITING call anymore, ATA should be used
+CME ERROR:3
When a call is waitng, CCWA event is sent and call object
in state WAITING is created. on ReleaseAndAnswer it is
promoted to INCOMING and later to ACTIVE.
iPhones send an extra CCWA event when active call is ended.
This extra event is creating a second call object in state
WAITING. It is not possible to have two WAITING calls, but
previously waiting call was already promoted to INCOMING.
For a brief time we have two calls from the same number,
one INCOMING and one WAITING. Later WAITING one is removed.
As we cannot have a waiting and incoming call at the same
time, ignore CCWA when there is already an INCOMING call.
< \r\n+CIEV: 3,3\r\n
< \r\n+CIEV: 2,1\r\n
< \r\n+CIEV: 3,0\r\n
< \r\n+CCWA: "01234567890",129,1,"Me"\r\n
< \r\n+CIEV: 3,1\r\n
> AT+CLCC\r
< \r\n+CLCC: 1,0,0,0,0,"09876543210",129,"Me"\r\n
< \r\n+CLCC: 2,1,5,0,0,"01234567890",129,"Me"\r\n
< \r\nOK\r\n
< \r\n+CIEV: 2,0\r\n
< \r\n+CCWA: "01234567890",129,1,"Me"\r\n
< \r\n+CIEV: 2,1\r\n
< \r\n+CIEV: 3,0\r\n
> AT+CLCC\r
< \r\n+CLCC: 2,1,0,0,0,"01234567890",129,"Me"\r\n
< \r\nOK\r\n
It is possible for the phone to accept Dial request
but not actually dial. This leaves a voicecall object
in state 'dialling' that cannot be removed.
Proposed workaround is to trigger AT+CLCC when an error
is returned for Hangup. As the call is not on the list,
this would remove this hanging object and signal CallRemoved.
Windows Phone trace with this fix:
ofonod[273]: > ATD1;\r
ofonod[273]: < \r\nOK\r\n
ofonod[273]: src/voicecall.c:dial_handle_result() Registering new call: 1
ofonod[273]: < \r\n+CIEV: 5,4\r\n
ofonod[273]: src/network.c:ofono_netreg_strength_notify() strength 80
ofonod[273]: > AT+CHUP\r
ofonod[273]: < \r\nERROR\r\n
ofonod[273]: src/voicecall.c:generic_callback() command failed with error: Unknown error type
ofonod[273]: > AT+CLCC\r
ofonod[273]: < \r\nOK\r\n
ofonod[273]: src/voicecall.c:ofono_voicecall_disconnected() Got disconnection event for id: 1, reason: 2
If there is more then one active or held call, we are in mpty calls.
We won't get indicator update if any of them is released by CHLD=1x.
So we have to poll it.
A periodic CLCC polling is started when there is an ongoing multiparty
call and a new call appears in the system. A simple way to reproduce
the crashing scenario is:
1. Place a call.
2. Place a second call.
3. Create a multiparty call with both calls.
4. Place a third call (incoming or outgoing does not matter).
5. Disconnect HFP from the modem.
Within the function ciev_callheld_notify, the AT+CLCC command is also
invoked, thus a new cyclic CLCC polling is started, and it overwrites
the timer resource identifier stored in voicecall_data.clcc_source.
This means that there are several timers doing the CLCC polling, but
only one of those is under control, i.e. it can be removed through its
source identifier, hence a timer source leak.
This has a fatal consequence when the HFP modem is disconnected. The
function hfp_voicecall_remove stops the timer that is under control
before freeing the voicecall_data struct. However there are other timers
that are still active and will execute its handler poll_clcc afterwards.
Inside poll_clcc the driver_data is accessed, which is already NULL.
A solution for this is to avoid starting a CLCC polling if there is
already one active, i.e. clcc_source is not 0. By doing this the
uncontrolled timers will not cycle forever.
According to the standard "3GPP 27.007 v6.8.0" Appendix C.2.11,
when sending multiple DTMF characters, these must go in individual
+VTS commands for each tone. This adopts the AT modem approach.
Before: AT+VTS=1234\r
After: AT+VTS=1;+VTS=2;+VTS=3;+VTS=4\r
The affected call types for +CHUP were set to only ACTIVE calls.
Instead the affected set should include INCOMING, DIALING, ALERTING and
ACTIVE calls.
Thanks to Ionut Dediu for the diagnosing and reporting this issue.
Before, the AT+BAC command was being sent with fixed information,
now we send the command (that inform the AG of the codecs supported by
the HF) with the codecs supported by the registered Handsfree Audio
Agent.
This patch fixes segmentation fault when the network registration
watch is called without being initialized. CIEV GAtChat callback can
be called before ofono_netreg_register().
==15101== Invalid read of size 8
==15101== at 0x492B56: ofono_netreg_register (network.c:2073)
==15101== by 0x47245E: hfp_netreg_probe (network-registration.c:311)
==15101== by 0x492A8D: ofono_netreg_create (network.c:1881)
==15101== by 0x4849D5: hfp_pre_sim (hfp_hf_bluez5.c:288)
==15101== by 0x48C486: ofono_modem_set_powered (modem.c:1194)
==15101== by 0x484E9D: slc_established (hfp_hf_bluez5.c:85)
==15101== by 0x4702AD: chld_cb (slc.c:147)
==15101== by 0x440457: at_chat_finish_command (gatchat.c:461)
==15101== by 0x44109F: new_bytes (gatchat.c:532)
==15101== by 0x4433B7: received_data (gatio.c:122)
==15101== by 0x3CBAA47824: g_main_context_dispatch (gmain.c:2539)
==15101== by 0x3CBAA47B57: g_main_context_iterate.isra.23
(gmain.c:3146)
==15101== Address 0x18 is not stack'd, malloc'd or (recently) free'd
Some phones do not send the corresponding call state update (+CIEV)
after a successful release-and-swap operation (AT+CHLD=1).
This has been observed with a Nokia 500, while testing ReleaseAndSwap()
while an active and a held call exist:
ofonod[20414]: > AT+CLCC\r
ofonod[20414]: < \r\n+CLCC: 1,0,1,0,0,"<number1>",145\r\n
ofonod[20414]: < \r\n+CLCC: 2,0,0,0,0,"<number2>",145\r\n
ofonod[20414]: < \r\nOK\r\n
ofonod[20414]: > AT+CHLD=1\r
ofonod[20414]: < \r\nOK\r\n
After this, no +CIEV is received, but the call has been hung up.
The proposed approach to solve this consists of using AT+CLCC, unless
a call release has been received within a specific time period.
The result fixes the problem as can be seen below:
ofonod[20847]: < \r\n+CLCC: 1,0,1,0,0,"<number1>",145\r\n
ofonod[20847]: < \r\n+CLCC: 2,0,0,0,0,"<number2>",145\r\n
ofonod[20847]: < \r\nOK\r\n
ofonod[20847]: > AT+CHLD=1\r
ofonod[20847]: < \r\nOK\r\n
ofonod[20847]: > AT+CLCC\r
ofonod[20847]: < \r\n+CLCC: 1,0,0,0,0,"<number1>",145\r\n
ofonod[20847]: < \r\nOK\r\n
ofonod[20847]: < \r\n+CIEV: 5,2\r\n
ofonod[20847]: < \r\n+CIEV: 5,0\r\n
While processing the result of AT+CLCC, process the differences in a way
that disconnections are reported first, then call state changes and
finally new calls.
The goal is to avoid unnecessary transitional states such as two active
calls existing at the same time.
Right now, only the mandatory CVSD codec is supported. The mSBC
mandatory codec is "temporarily" not supported.
The spec alows this, HFP 1.6 Spec Section 4.34.1 page 92: "If wide band
speech is supported then the mandatory codec (mSBC) shall be included
unless it is temporarily unavailable."