Handling of fragmented indication messages is incorrect
In mbim-device.c, “process_message” function, the handling of fragmented indication messages is incorrect.
Right before the end of handling MBIM_MESSAGE_TYPE_OPEN_DONE, MBIM_MESSAGE_TYPE_CLOSE_DONE, MBIM_MESSAGE_TYPE_COMMAND_DONE and MBIM_MESSAGE_TYPE_INDICATE_STATUS cases, under comment /* Need more fragments, store transaction */, device_store_transaction function is called. The second parameter is hardcoded as TRANSACTION_TYPE_HOST. In the case of fragment indication messages, when subsequent messages are processed, the device_release_transaction call would not be able to find previously stored transaction, therefore a new task is created and always expect the first fragment.
The fix would be to change the second parameter in device_store_transaction call to TRANSACTION_TYPE_MODEM if the message is indication message. A test with this modification proved to be successful. The area of changes are as in the example below.
Attached is the potential solution.
Thanks Mike