From 62bd3973f6c8dba4ae03026b4e5eb85bae0eee1b Mon Sep 17 00:00:00 2001 From: chenjianhua Date: Mon, 26 Jun 2023 20:17:49 +0800 Subject: [PATCH 1/2] bluedroid: fixed gatt tcb free when disconnecting --- components/bt/host/bluedroid/stack/include/stack/l2c_api.h | 1 + components/bt/host/bluedroid/stack/l2cap/l2c_api.c | 6 ++++++ components/bt/host/bluedroid/stack/l2cap/l2c_utils.c | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/components/bt/host/bluedroid/stack/include/stack/l2c_api.h b/components/bt/host/bluedroid/stack/include/stack/l2c_api.h index 807b523445..03d185e7bc 100644 --- a/components/bt/host/bluedroid/stack/include/stack/l2c_api.h +++ b/components/bt/host/bluedroid/stack/include/stack/l2c_api.h @@ -1240,6 +1240,7 @@ extern BOOLEAN L2CA_CheckIsCongest(UINT16 fixed_cid, BD_ADDR addr); #define L2CA_DECREASE_BTU_NUM 4 #define L2CA_BUFF_INI 5 #define L2CA_BUFF_DEINIT 6 +#define L2CA_BUFF_FREE 7 typedef struct { UINT16 conn_id; diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_api.c b/components/bt/host/bluedroid/stack/l2cap/l2c_api.c index 52d8b45fda..7c282db09e 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_api.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_api.c @@ -2386,6 +2386,12 @@ void l2ble_update_att_acl_pkt_num(UINT8 type, tl2c_buff_param_t *param) buff_semaphore = NULL; break; } + case L2CA_BUFF_FREE:{ + xSemaphoreTake(buff_semaphore, portMAX_DELAY); + // Do nothing + xSemaphoreGive(buff_semaphore); + break; + } default: break; } diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c index 0904ab8620..c70cd9c816 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c @@ -1676,6 +1676,12 @@ void l2cu_release_ccb (tL2C_CCB *p_ccb) if (!p_ccb->in_use) { return; } +#if BLE_INCLUDED == TRUE + if (p_lcb->transport == BT_TRANSPORT_LE) { + /* Take samephore to avoid race condition */ + l2ble_update_att_acl_pkt_num(L2CA_BUFF_FREE, NULL); + } +#endif #if (SDP_INCLUDED == TRUE) if (p_rcb && (p_rcb->psm != p_rcb->real_psm)) { btm_sec_clr_service_by_psm(p_rcb->psm); From 34b4936a7d0efb0aac7b4de6b7a3186d45a114a9 Mon Sep 17 00:00:00 2001 From: chenjianhua Date: Mon, 26 Jun 2023 20:39:32 +0800 Subject: [PATCH 2/2] fix(bt/bluedroid): Fix memory leak of gattc cache upon disconnection --- components/bt/host/bluedroid/bta/dm/bta_dm_act.c | 10 ---------- components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c | 2 -- .../bt/host/bluedroid/bta/gatt/bta_gattc_utils.c | 10 ++++++++++ .../bt/host/bluedroid/bta/include/bta/bta_gatt_api.h | 2 ++ .../bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c | 2 ++ 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/components/bt/host/bluedroid/bta/dm/bta_dm_act.c b/components/bt/host/bluedroid/bta/dm/bta_dm_act.c index 9e936409b6..53eda0d2db 100644 --- a/components/bt/host/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/host/bluedroid/bta/dm/bta_dm_act.c @@ -982,10 +982,6 @@ static void bta_dm_process_remove_device(BD_ADDR bd_addr, tBT_TRANSPORT transpor BTM_SecDeleteDevice(bd_addr, transport); -#if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE) - /* remove all cached GATT information */ - BTA_GATTC_Refresh(bd_addr, false); -#endif if (bta_dm_cb.p_sec_cback) { tBTA_DM_SEC sec_event; bdcpy(sec_event.link_down.bd_addr, bd_addr); @@ -1140,8 +1136,6 @@ void bta_dm_close_acl(tBTA_DM_MSG *p_data) #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE) /* need to remove all pending background connection if any */ BTA_GATTC_CancelOpen(0, p_remove_acl->bd_addr, FALSE); - /* remove all cached GATT information */ - BTA_GATTC_Refresh(p_remove_acl->bd_addr, false); #endif } /* otherwise, no action needed */ @@ -3670,8 +3664,6 @@ void bta_dm_acl_change(tBTA_DM_MSG *p_data) #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE) /* need to remove all pending background connection */ BTA_GATTC_CancelOpen(0, p_bda, FALSE); - /* remove all cached GATT information */ - BTA_GATTC_Refresh(p_bda, false); #endif } @@ -3849,8 +3841,6 @@ static BOOLEAN bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE) /* need to remove all pending background connection */ BTA_GATTC_CancelOpen(0, remote_bd_addr, FALSE); - /* remove all cached GATT information */ - BTA_GATTC_Refresh(remote_bd_addr, false); #endif } return is_device_deleted; diff --git a/components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c b/components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c index abd88f028c..361955262b 100644 --- a/components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c +++ b/components/bt/host/bluedroid/bta/gatt/bta_gattc_act.c @@ -823,8 +823,6 @@ void bta_gattc_close(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data) bta_sys_conn_close( BTA_ID_GATTC , BTA_ALL_APP_ID, p_clcb->bda); } - bta_gattc_clcb_dealloc(p_clcb); - if (p_data->hdr.event == BTA_GATTC_API_CLOSE_EVT) { cb_data.close.status = GATT_Disconnect(p_data->hdr.layer_specific); } else if (p_data->hdr.event == BTA_GATTC_INT_DISCONN_EVT) { diff --git a/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c b/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c index 6959526c83..74158e930f 100644 --- a/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c +++ b/components/bt/host/bluedroid/bta/gatt/bta_gattc_utils.c @@ -322,6 +322,15 @@ void bta_gattc_clcb_dealloc(tBTA_GATTC_CLCB *p_clcb) } } +void bta_gattc_clcb_dealloc_by_conn_id(UINT16 conn_id) +{ + tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id); + + if (p_clcb) { + bta_gattc_clcb_dealloc(p_clcb); + } +} + /******************************************************************************* ** ** Function bta_gattc_find_srcb @@ -421,6 +430,7 @@ tBTA_GATTC_SERV *bta_gattc_srcb_alloc(BD_ADDR bda) { if (p_tcb->p_srvc_cache != NULL) { list_free(p_tcb->p_srvc_cache); + p_tcb->p_srvc_cache = NULL; } osi_free(p_tcb->p_srvc_list); p_tcb->p_srvc_list = NULL; diff --git a/components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h b/components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h index 1739f19c0b..f9f73ad1fe 100644 --- a/components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h +++ b/components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h @@ -1543,6 +1543,8 @@ extern void BTA_GATTS_Listen(tBTA_GATTS_IF server_if, BOOLEAN start, BD_ADDR_PTR target_bda); +extern void bta_gattc_clcb_dealloc_by_conn_id(UINT16 conn_id); + #ifdef __cplusplus } diff --git a/components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c b/components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c index 731eae692e..a7b5346bd7 100644 --- a/components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c +++ b/components/bt/host/bluedroid/btc/profile/std/gatt/btc_gattc.c @@ -922,6 +922,8 @@ void btc_gattc_cb_handler(btc_msg_t *msg) case BTA_GATTC_CLOSE_EVT: { tBTA_GATTC_CLOSE *close = &arg->close; + // Free gattc clcb in BTC task to avoid race condition + bta_gattc_clcb_dealloc_by_conn_id(close->conn_id); gattc_if = close->client_if; param.close.status = close->status; param.close.conn_id = BTC_GATT_GET_CONN_ID(close->conn_id);