From db72885f150bcd80fa0aec82ced278a2186e3291 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 14:45:05 +0800 Subject: [PATCH 1/7] fix scan rsp length err --- .../bt/bluedroid/stack/btm/btm_ble_gap.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/components/bt/bluedroid/stack/btm/btm_ble_gap.c b/components/bt/bluedroid/stack/btm/btm_ble_gap.c index ef59251a6a..6462f028fb 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble_gap.c +++ b/components/bt/bluedroid/stack/btm/btm_ble_gap.c @@ -2924,7 +2924,6 @@ void btm_ble_cache_adv_data(BD_ADDR bda, tBTM_INQ_RESULTS *p_cur, UINT8 data_len { tBTM_BLE_INQ_CB *p_le_inq_cb = &btm_cb.ble_ctr_cb.inq_var; UINT8 *p_cache; - UINT8 length; /* cache adv report/scan response data */ if (evt_type != BTM_BLE_SCAN_RSP_EVT) { @@ -2945,17 +2944,12 @@ void btm_ble_cache_adv_data(BD_ADDR bda, tBTM_INQ_RESULTS *p_cur, UINT8 data_len if (data_len > 0) { p_cache = &p_le_inq_cb->adv_data_cache[p_le_inq_cb->adv_len]; - STREAM_TO_UINT8(length, p); - while ( length && ((p_le_inq_cb->adv_len + length + 1) <= BTM_BLE_CACHE_ADV_DATA_MAX)) { - /* copy from the length byte & data into cache */ - memcpy(p_cache, p - 1, length + 1); - /* advance the cache pointer past data */ - p_cache += length + 1; - /* increment cache length */ - p_le_inq_cb->adv_len += length + 1; - /* skip the length of data */ - p += length; - STREAM_TO_UINT8(length, p); + if((data_len + p_le_inq_cb->adv_len) <= BTM_BLE_CACHE_ADV_DATA_MAX) { + + memcpy(p_cache, p, data_len); + + p_le_inq_cb->adv_len += data_len; + } } From 928e004208b5b0d5c21ca0f68ceb0cd2ad332bd0 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 14:51:33 +0800 Subject: [PATCH 2/7] fix ble read multi char err when the number of handles is more than 10 --- components/bt/bluedroid/bta/gatt/bta_gattc_act.c | 14 +++++++++----- components/bt/bluedroid/stack/gatt/gatt_sr.c | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c index 5d30185b53..0c33b9f5f4 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c @@ -1149,12 +1149,16 @@ void bta_gattc_read_multi(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data) memset(&read_param, 0, sizeof(tGATT_READ_PARAM)); if (status == BTA_GATT_OK) { - read_param.read_multiple.num_handles = p_data->api_read_multi.num_attr; - read_param.read_multiple.auth_req = p_data->api_read_multi.auth_req; - memcpy(&read_param.read_multiple.handles, p_data->api_read_multi.handles, - sizeof(UINT16) * p_data->api_read_multi.num_attr); + if(p_data->api_read_multi.num_attr < GATT_MAX_READ_MULTI_HANDLES) { + read_param.read_multiple.num_handles = p_data->api_read_multi.num_attr; + read_param.read_multiple.auth_req = p_data->api_read_multi.auth_req; + memcpy(&read_param.read_multiple.handles, p_data->api_read_multi.handles, + sizeof(UINT16) * p_data->api_read_multi.num_attr); - status = GATTC_Read(p_clcb->bta_conn_id, GATT_READ_MULTIPLE, &read_param); + status = GATTC_Read(p_clcb->bta_conn_id, GATT_READ_MULTIPLE, &read_param); + } else { + status = GATT_ILLEGAL_PARAMETER; + } } /* read fail */ diff --git a/components/bt/bluedroid/stack/gatt/gatt_sr.c b/components/bt/bluedroid/stack/gatt/gatt_sr.c index 215c95e77d..4f29ddf9eb 100644 --- a/components/bt/bluedroid/stack/gatt/gatt_sr.c +++ b/components/bt/bluedroid/stack/gatt/gatt_sr.c @@ -527,6 +527,7 @@ void gatt_process_read_multi_req (tGATT_TCB *p_tcb, UINT8 op_code, UINT16 len, U if (ll != 0) { GATT_TRACE_ERROR("max attribute handle reached in ReadMultiple Request."); + err = GATT_INVALID_HANDLE; } if (p_tcb->sr_cmd.multi_req.num_handles == 0) { From 1f4d3ac30a4029fb80cb07d021e9662de249cdef Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 14:54:01 +0800 Subject: [PATCH 3/7] fix bluedroid repair faild if the two most significant bits of public address is '01' --- components/bt/bluedroid/stack/btm/btm_ble.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index db3d75119e..356c02bd15 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -1961,7 +1961,7 @@ void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len, BOOLEAN enhanced) * slave or master*/ /* if (!match && role == HCI_ROLE_SLAVE && BTM_BLE_IS_RESOLVE_BDA(bda)) { */ - if (!match && BTM_BLE_IS_RESOLVE_BDA(bda)) { + if (!match && bda_type != BLE_ADDR_PUBLIC && BTM_BLE_IS_RESOLVE_BDA(bda)) { // save the enhanced value to used in btm_ble_resolve_random_addr_on_conn_cmpl func. temp_enhanced = enhanced; btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data); From 208c2fb0fb2b360a80e29c56b651e1e150eb1387 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 14:56:10 +0800 Subject: [PATCH 4/7] fix read multi char failed(GATT_27001) --- components/bt/bluedroid/bta/gatt/bta_gattc_act.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c index 0c33b9f5f4..acb7650b00 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c @@ -1149,16 +1149,12 @@ void bta_gattc_read_multi(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data) memset(&read_param, 0, sizeof(tGATT_READ_PARAM)); if (status == BTA_GATT_OK) { - if(p_data->api_read_multi.num_attr < GATT_MAX_READ_MULTI_HANDLES) { - read_param.read_multiple.num_handles = p_data->api_read_multi.num_attr; - read_param.read_multiple.auth_req = p_data->api_read_multi.auth_req; - memcpy(&read_param.read_multiple.handles, p_data->api_read_multi.handles, - sizeof(UINT16) * p_data->api_read_multi.num_attr); + read_param.read_multiple.num_handles = p_data->api_read_multi.num_attr; + read_param.read_multiple.auth_req = p_data->api_read_multi.auth_req; + memcpy(&read_param.read_multiple.handles, p_data->api_read_multi.handles, + sizeof(UINT16) * p_data->api_read_multi.num_attr); - status = GATTC_Read(p_clcb->bta_conn_id, GATT_READ_MULTIPLE, &read_param); - } else { - status = GATT_ILLEGAL_PARAMETER; - } + status = GATTC_Read(p_clcb->bta_conn_id, GATT_READ_MULTIPLE, &read_param); } /* read fail */ From 7ffe2c31361c372d2c016adb78c24c443b6ea9bc Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 14:58:59 +0800 Subject: [PATCH 5/7] disable bluedroid congest error log print --- components/bt/bluedroid/stack/gatt/gatt_cl.c | 2 +- components/bt/bluedroid/stack/l2cap/l2c_api.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/bt/bluedroid/stack/gatt/gatt_cl.c b/components/bt/bluedroid/stack/gatt/gatt_cl.c index 6fbd28bb30..654f2347b4 100644 --- a/components/bt/bluedroid/stack/gatt/gatt_cl.c +++ b/components/bt/bluedroid/stack/gatt/gatt_cl.c @@ -263,7 +263,7 @@ void gatt_act_write (tGATT_CLCB *p_clcb, UINT8 sec_act) if ((rt != GATT_SUCCESS && rt != GATT_CMD_STARTED && rt != GATT_CONGESTED) || (rt != GATT_CMD_STARTED && p_clcb->op_subtype == GATT_WRITE_NO_RSP)) { if (rt != GATT_SUCCESS) { - GATT_TRACE_ERROR("gatt_act_write() failed op_code=0x%x rt=%d", op_code, rt); + GATT_TRACE_DEBUG("gatt_act_write() failed op_code=0x%x rt=%d", op_code, rt); } gatt_end_operation(p_clcb, rt, NULL); } diff --git a/components/bt/bluedroid/stack/l2cap/l2c_api.c b/components/bt/bluedroid/stack/l2cap/l2c_api.c index a9f4b891fb..fc14de4c02 100644 --- a/components/bt/bluedroid/stack/l2cap/l2c_api.c +++ b/components/bt/bluedroid/stack/l2cap/l2c_api.c @@ -1838,7 +1838,7 @@ UINT16 L2CA_SendFixedChnlData (UINT16 fixed_cid, BD_ADDR rem_bda, BT_HDR *p_buf) // If already congested, do not accept any more packets if (p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL]->cong_sent) { - L2CAP_TRACE_ERROR ("L2CAP - CID: 0x%04x cannot send, already congested\ + L2CAP_TRACE_DEBUG ("L2CAP - CID: 0x%04x cannot send, already congested\ xmit_hold_q.count: %u buff_quota: %u", fixed_cid, fixed_queue_length(p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL]->xmit_hold_q), p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL]->buff_quota); From c02d5a4d85ce28fc97b94468b84f6421d4766626 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 15:11:03 +0800 Subject: [PATCH 6/7] fix ble connection maximum latency is 499 --- components/bt/bluedroid/api/include/api/esp_bt_defs.h | 2 +- components/bt/bluedroid/stack/include/stack/btm_ble_api.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/components/bt/bluedroid/api/include/api/esp_bt_defs.h b/components/bt/bluedroid/api/include/api/esp_bt_defs.h index da93b87bca..18d0391e8b 100644 --- a/components/bt/bluedroid/api/include/api/esp_bt_defs.h +++ b/components/bt/bluedroid/api/include/api/esp_bt_defs.h @@ -69,7 +69,7 @@ typedef uint8_t esp_link_key[ESP_BT_OCTET16_LEN]; /* Link Key */ #define ESP_BLE_CONN_INT_MIN 0x0006 /*!< relate to BTM_BLE_CONN_INT_MIN in stack/btm_ble_api.h */ #define ESP_BLE_CONN_INT_MAX 0x0C80 /*!< relate to BTM_BLE_CONN_INT_MAX in stack/btm_ble_api.h */ -#define ESP_BLE_CONN_LATENCY_MAX 500 /*!< relate to ESP_BLE_CONN_LATENCY_MAX in stack/btm_ble_api.h */ +#define ESP_BLE_CONN_LATENCY_MAX 499 /*!< relate to ESP_BLE_CONN_LATENCY_MAX in stack/btm_ble_api.h */ #define ESP_BLE_CONN_SUP_TOUT_MIN 0x000A /*!< relate to BTM_BLE_CONN_SUP_TOUT_MIN in stack/btm_ble_api.h */ #define ESP_BLE_CONN_SUP_TOUT_MAX 0x0C80 /*!< relate to ESP_BLE_CONN_SUP_TOUT_MAX in stack/btm_ble_api.h */ #define ESP_BLE_CONN_PARAM_UNDEF 0xffff /* use this value when a specific value not to be overwritten */ /* relate to ESP_BLE_CONN_PARAM_UNDEF in stack/btm_ble_api.h */ diff --git a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h index e244c51b73..d607643fa3 100644 --- a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h +++ b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h @@ -129,7 +129,7 @@ typedef UINT8 tBTM_BLE_SFP; #define BTM_BLE_EXT_SCAN_WIN_MAX 0xFFFF #define BTM_BLE_CONN_INT_MIN 0x0006 #define BTM_BLE_CONN_INT_MAX 0x0C80 -#define BTM_BLE_CONN_LATENCY_MAX 500 +#define BTM_BLE_CONN_LATENCY_MAX 499 #define BTM_BLE_CONN_SUP_TOUT_MIN 0x000A #define BTM_BLE_CONN_SUP_TOUT_MAX 0x0C80 #define BTM_BLE_CONN_PARAM_UNDEF 0xffff /* use this value when a specific value not to be overwritten */ From 47c0ce6fcaaef93f7f28c2df535c61f5774970e7 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Mon, 22 Feb 2021 15:14:32 +0800 Subject: [PATCH 7/7] add connection parameter check --- components/bt/bluedroid/api/esp_gap_ble_api.c | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/components/bt/bluedroid/api/esp_gap_ble_api.c b/components/bt/bluedroid/api/esp_gap_ble_api.c index 5e32851c52..ceee90a0b3 100644 --- a/components/bt/bluedroid/api/esp_gap_ble_api.c +++ b/components/bt/bluedroid/api/esp_gap_ble_api.c @@ -138,13 +138,28 @@ esp_err_t esp_ble_gap_update_conn_params(esp_ble_conn_update_params_t *params) btc_ble_gap_args_t arg; ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED); + if(!params) { + LOG_ERROR("%s,params is NULL", __func__); + return ESP_FAIL; + } - msg.sig = BTC_SIG_API_CALL; - msg.pid = BTC_PID_GAP_BLE; - msg.act = BTC_GAP_BLE_ACT_UPDATE_CONN_PARAM; - memcpy(&arg.conn_update_params.conn_params, params, sizeof(esp_ble_conn_update_params_t)); + if (ESP_BLE_IS_VALID_PARAM(params->min_int, ESP_BLE_CONN_INT_MIN, ESP_BLE_CONN_INT_MAX) && + ESP_BLE_IS_VALID_PARAM(params->max_int, ESP_BLE_CONN_INT_MIN, ESP_BLE_CONN_INT_MAX) && + ESP_BLE_IS_VALID_PARAM(params->timeout, ESP_BLE_CONN_SUP_TOUT_MIN, ESP_BLE_CONN_SUP_TOUT_MAX) && + (params->latency <= ESP_BLE_CONN_LATENCY_MAX || params->latency == ESP_BLE_CONN_PARAM_UNDEF) && + ((params->timeout * 10) >= ((1 + params->latency) * ((params->max_int * 5) >> 1))) && params->min_int <= params->max_int) { - return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), NULL) == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL); + msg.sig = BTC_SIG_API_CALL; + msg.pid = BTC_PID_GAP_BLE; + msg.act = BTC_GAP_BLE_ACT_UPDATE_CONN_PARAM; + memcpy(&arg.conn_update_params.conn_params, params, sizeof(esp_ble_conn_update_params_t)); + + return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), NULL) == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL); + } else { + LOG_ERROR("%s,invalid connection params:min_int = %d, max_int = %d, latency = %d, timeout = %d",\ + __func__, params->min_int, params->max_int, params->latency, params->timeout); + return ESP_FAIL; + } } esp_err_t esp_ble_gap_set_pkt_data_len(esp_bd_addr_t remote_device, uint16_t tx_data_length)