From fb6f00158edb607702a638b73965b2a170b7c53d Mon Sep 17 00:00:00 2001 From: zwl Date: Fri, 11 Aug 2023 15:19:22 +0800 Subject: [PATCH 1/2] ble: fixed heap corruption on esp32c6 and esp32h2 --- components/bt/controller/esp32c6/bt.c | 13 ++++++++++--- components/bt/controller/esp32h2/bt.c | 14 ++++++++++---- .../bt/controller/lib_esp32c6/esp32c6-bt-lib | 2 +- .../bt/controller/lib_esp32h2/esp32h2-bt-lib | 2 +- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/components/bt/controller/esp32c6/bt.c b/components/bt/controller/esp32c6/bt.c index 868a9ea486..56b2a28e83 100644 --- a/components/bt/controller/esp32c6/bt.c +++ b/components/bt/controller/esp32c6/bt.c @@ -260,6 +260,9 @@ static void IRAM_ATTR esp_reset_rpa_moudle(void) static void IRAM_ATTR osi_assert_wrapper(const uint32_t ln, const char *fn, uint32_t param1, uint32_t param2) { +#if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED + esp_ble_controller_log_dump_all(true); +#endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED BT_ASSERT_PRINT("BLE assert: line %d in function %s, param: 0x%x, 0x%x", ln, fn, param1, param2); assert(0); } @@ -822,7 +825,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) if (ble_osi_coex_funcs_register((struct osi_coex_funcs_t *)&s_osi_coex_funcs_ro) != 0) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "osi coex funcs reg failed"); ret = ESP_ERR_INVALID_ARG; - goto free_controller; + goto modem_deint; } #if CONFIG_SW_COEXIST_ENABLE @@ -832,7 +835,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ret = ble_controller_init(cfg); if (ret != ESP_OK) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "ble_controller_init failed %d", ret); - goto free_controller; + goto modem_deint; } #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED @@ -845,7 +848,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) #endif // CONFIG_BT_CONTROLLER_LOG_DUMP if (ret != ESP_OK) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "ble_controller_log_init failed %d", ret); - goto free_controller; + goto controller_init_err; } #endif // CONFIG_BT_CONTROLLER_LOG_ENABLED @@ -869,9 +872,11 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) free_controller: controller_sleep_deinit(); #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED +controller_init_err: ble_log_deinit_async(); #endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED ble_controller_deinit(); +modem_deint: esp_btbb_disable(); esp_phy_disable(); esp_phy_modem_deinit(); @@ -1194,7 +1199,9 @@ esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t po #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED void esp_ble_controller_log_dump_all(bool output) { + BT_ASSERT_PRINT("\r\n[DUMP_START:"); ble_log_async_output_dump_all(output); + BT_ASSERT_PRINT("]\r\n"); } #endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED diff --git a/components/bt/controller/esp32h2/bt.c b/components/bt/controller/esp32h2/bt.c index 5acef98fa5..e49410abb5 100644 --- a/components/bt/controller/esp32h2/bt.c +++ b/components/bt/controller/esp32h2/bt.c @@ -252,6 +252,9 @@ static void IRAM_ATTR esp_reset_rpa_moudle(void) static void IRAM_ATTR osi_assert_wrapper(const uint32_t ln, const char *fn, uint32_t param1, uint32_t param2) { +#if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED + esp_ble_controller_log_dump_all(true); +#endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED BT_ASSERT_PRINT("BLE assert: line %d in function %s, param: 0x%x, 0x%x", ln, fn, param1, param2); assert(0); } @@ -717,7 +720,6 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ble_npl_count_info_t npl_info; memset(&npl_info, 0, sizeof(ble_npl_count_info_t)); - if (ble_controller_status != ESP_BT_CONTROLLER_STATUS_IDLE) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "invalid controller state"); return ESP_ERR_INVALID_STATE; @@ -802,7 +804,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) if (ble_osi_coex_funcs_register((struct osi_coex_funcs_t *)&s_osi_coex_funcs_ro) != 0) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "osi coex funcs reg failed"); ret = ESP_ERR_INVALID_ARG; - goto free_controller; + goto modem_deint; } #if CONFIG_SW_COEXIST_ENABLE @@ -812,7 +814,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) ret = ble_controller_init(cfg); if (ret != ESP_OK) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "ble_controller_init failed %d", ret); - goto free_controller; + goto modem_deint; } #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED @@ -825,7 +827,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) #endif // CONFIG_BT_CONTROLLER_LOG_DUMP if (ret != ESP_OK) { ESP_LOGW(NIMBLE_PORT_LOG_TAG, "ble_controller_log_init failed %d", ret); - goto free_controller; + goto controller_init_err; } #endif // CONFIG_BT_CONTROLLER_LOG_ENABLED @@ -850,9 +852,11 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg) free_controller: controller_sleep_deinit(); #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED +controller_init_err: ble_log_deinit_async(); #endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED ble_controller_deinit(); +modem_deint: esp_btbb_disable(); esp_phy_disable(); modem_clock_deselect_lp_clock_source(PERIPH_BT_MODULE); @@ -1173,7 +1177,9 @@ esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t po #if CONFIG_BT_LE_CONTROLLER_LOG_ENABLED void esp_ble_controller_log_dump_all(bool output) { + BT_ASSERT_PRINT("\r\n[DUMP_START:"); ble_log_async_output_dump_all(output); + BT_ASSERT_PRINT("]\r\n"); } #endif // CONFIG_BT_LE_CONTROLLER_LOG_ENABLED diff --git a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib index d785de0a7c..8a951eb29b 160000 --- a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib +++ b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib @@ -1 +1 @@ -Subproject commit d785de0a7c46d9badcd73bc83c2e5cb78f7054b2 +Subproject commit 8a951eb29b388d1d80acef5804f6e12e87d862ff diff --git a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib index 35bd3cd735..27f93dc1e6 160000 --- a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib +++ b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib @@ -1 +1 @@ -Subproject commit 35bd3cd7352014d303a96c46d8ea8446ea0a9a54 +Subproject commit 27f93dc1e673c4f7b7704b65ac68c350615a5289 From 05e44b1021c844281b62bade80f3ddecb06eed34 Mon Sep 17 00:00:00 2001 From: zwl Date: Fri, 11 Aug 2023 16:50:13 +0800 Subject: [PATCH 2/2] ble: Added adv report flow control config on ESP32C6 and ESP32H2 --- components/bt/controller/esp32c6/Kconfig.in | 32 ++++++++++++++++++ components/bt/controller/esp32h2/Kconfig.in | 33 +++++++++++++++++++ .../include/common/bluedroid_user_config.h | 4 +-- 3 files changed, 67 insertions(+), 2 deletions(-) diff --git a/components/bt/controller/esp32c6/Kconfig.in b/components/bt/controller/esp32c6/Kconfig.in index e0b6addba8..ad988350cb 100644 --- a/components/bt/controller/esp32c6/Kconfig.in +++ b/components/bt/controller/esp32c6/Kconfig.in @@ -435,6 +435,38 @@ config BT_LE_USE_ESP_TIMER help Set this option to use Esp Timer which has higher priority timer instead of FreeRTOS timer +config BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + bool "BLE adv report flow control supported" + default y + help + The function is mainly used to enable flow control for advertising reports. When it is enabled, + advertising reports will be discarded by the controller if the number of unprocessed advertising + reports exceeds the size of BLE adv report flow control. + +config BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM + int "BLE adv report flow control number" + depends on BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + range 50 1000 + default 100 + help + The number of unprocessed advertising report that bluetooth host can save.If you set + `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` to a small value, this may cause adv packets lost. + If you set `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` to a large value, bluetooth host may cache a + lot of adv packets and this may cause system memory run out. For example, if you set + it to 50, the maximum memory consumed by host is 35 * 50 bytes. Please set + `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` according to your system free memory and handle adv + packets as fast as possible, otherwise it will cause adv packets lost. + +config BT_CTRL_BLE_ADV_REPORT_DISCARD_THRSHOLD + int "BLE adv lost event threshold value" + depends on BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + range 1 1000 + default 20 + help + When adv report flow control is enabled, The ADV lost event will be generated when the number + of ADV packets lost in the controller reaches this threshold. It is better to set a larger value. + If you set `BT_CTRL_BLE_ADV_REPORT_DISCARD_THRSHOLD` to a small value or printf every adv lost event, it + may cause adv packets lost more. config BT_LE_SCAN_DUPL bool "BLE Scan Duplicate Options" diff --git a/components/bt/controller/esp32h2/Kconfig.in b/components/bt/controller/esp32h2/Kconfig.in index 9d0d4b7bb4..4801ba53fa 100644 --- a/components/bt/controller/esp32h2/Kconfig.in +++ b/components/bt/controller/esp32h2/Kconfig.in @@ -436,6 +436,39 @@ config BT_LE_USE_ESP_TIMER Set this option to use Esp Timer which has higher priority timer instead of FreeRTOS timer +config BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + bool "BLE adv report flow control supported" + default y + help + The function is mainly used to enable flow control for advertising reports. When it is enabled, + advertising reports will be discarded by the controller if the number of unprocessed advertising + reports exceeds the size of BLE adv report flow control. + +config BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM + int "BLE adv report flow control number" + depends on BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + range 50 1000 + default 100 + help + The number of unprocessed advertising report that bluetooth host can save.If you set + `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` to a small value, this may cause adv packets lost. + If you set `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` to a large value, bluetooth host may cache a + lot of adv packets and this may cause system memory run out. For example, if you set + it to 50, the maximum memory consumed by host is 35 * 50 bytes. Please set + `BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_NUM` according to your system free memory and handle adv + packets as fast as possible, otherwise it will cause adv packets lost. + +config BT_CTRL_BLE_ADV_REPORT_DISCARD_THRSHOLD + int "BLE adv lost event threshold value" + depends on BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP + range 1 1000 + default 20 + help + When adv report flow control is enabled, The ADV lost event will be generated when the number + of ADV packets lost in the controller reaches this threshold. It is better to set a larger value. + If you set `BT_CTRL_BLE_ADV_REPORT_DISCARD_THRSHOLD` to a small value or printf every adv lost event, it + may cause adv packets lost more. + config BT_LE_SCAN_DUPL bool "BLE Scan Duplicate Options" default y diff --git a/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h b/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h index 20ac5f88a5..c7d06e0e5c 100644 --- a/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h +++ b/components/bt/host/bluedroid/common/include/common/bluedroid_user_config.h @@ -204,7 +204,7 @@ #endif //CONFIG_IDF_TARGET_ESP32 -#if (CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32S3) +#if (CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C6 || CONFIG_IDF_TARGET_ESP32H2) //BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP #ifdef CONFIG_BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP #define UC_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP CONFIG_BT_CTRL_BLE_ADV_REPORT_FLOW_CTRL_SUPP @@ -226,7 +226,7 @@ #define UC_BTDM_BLE_ADV_REPORT_DISCARD_THRSHOLD 20 #endif -#endif //(CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32S3) +#endif //(CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32S3 || CONFIG_IDF_TARGET_ESP32C6 || CONFIG_IDF_TARGET_ESP32H2) //BT ACL CONNECTIONS #ifdef CONFIG_BT_ACL_CONNECTIONS