From 01ac97732d05b9f2394adc59093e2067889ad31f Mon Sep 17 00:00:00 2001 From: tgotic Date: Mon, 8 Aug 2022 16:18:16 +0200 Subject: [PATCH 1/3] local copy of btc_msg_t No need to use local copy of btc_msg_t in btc_transfer_context, create it on heap and pass to osi_thread_post(). --- components/bt/common/btc/core/btc_task.c | 47 +++++++++++------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/components/bt/common/btc/core/btc_task.c b/components/bt/common/btc/core/btc_task.c index c8fc083e24..89865986a0 100644 --- a/components/bt/common/btc/core/btc_task.c +++ b/components/bt/common/btc/core/btc_task.c @@ -202,16 +202,7 @@ static void btc_thread_handler(void *arg) static bt_status_t btc_task_post(btc_msg_t *msg, uint32_t timeout) { - btc_msg_t *lmsg; - - lmsg = (btc_msg_t *)osi_malloc(sizeof(btc_msg_t)); - if (lmsg == NULL) { - return BT_STATUS_NOMEM; - } - - memcpy(lmsg, msg, sizeof(btc_msg_t)); - - if (osi_thread_post(btc_thread, btc_thread_handler, lmsg, 0, timeout) == false) { + if (osi_thread_post(btc_thread, btc_thread_handler, msg, 0, timeout) == false) { return BT_STATUS_BUSY; } @@ -229,7 +220,7 @@ static bt_status_t btc_task_post(btc_msg_t *msg, uint32_t timeout) */ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg_deep_copy_t copy_func) { - btc_msg_t lmsg; + btc_msg_t* lmsg; if (msg == NULL) { return BT_STATUS_PARM_INVALID; @@ -237,22 +228,28 @@ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg BTC_TRACE_DEBUG("%s msg %u %u %u %p\n", __func__, msg->sig, msg->pid, msg->act, arg); - memcpy(&lmsg, msg, sizeof(btc_msg_t)); - if (arg) { - lmsg.arg = (void *)osi_malloc(arg_len); - if (lmsg.arg == NULL) { - return BT_STATUS_NOMEM; - } - memset(lmsg.arg, 0x00, arg_len); //important, avoid arg which have no length - memcpy(lmsg.arg, arg, arg_len); - if (copy_func) { - copy_func(&lmsg, lmsg.arg, arg); - } - } else { - lmsg.arg = NULL; + lmsg = (btc_msg_t *)osi_malloc(sizeof(btc_msg_t)); + if (lmsg == NULL) { + return BT_STATUS_NOMEM; } - return btc_task_post(&lmsg, OSI_THREAD_MAX_TIMEOUT); + memcpy(lmsg, msg, sizeof(btc_msg_t)); + if (arg) { + lmsg->arg = (void *)osi_malloc(arg_len); + if (lmsg->arg == NULL) { + free(lmsg); + return BT_STATUS_NOMEM; + } + memset(lmsg->arg, 0x00, arg_len); //important, avoid arg which have no length + memcpy(lmsg->arg, arg, arg_len); + if (copy_func) { + copy_func(lmsg, lmsg->arg, arg); + } + } else { + lmsg->arg = NULL; + } + + return btc_task_post(lmsg, OSI_THREAD_MAX_TIMEOUT); } From 5d3af603a6778d087eed5c597cc71b43f2bfdf77 Mon Sep 17 00:00:00 2001 From: tgotic Date: Thu, 11 Aug 2022 18:14:35 +0200 Subject: [PATCH 2/3] update code to use osi_free() --- components/bt/common/btc/core/btc_task.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/bt/common/btc/core/btc_task.c b/components/bt/common/btc/core/btc_task.c index 89865986a0..5127cb5f3f 100644 --- a/components/bt/common/btc/core/btc_task.c +++ b/components/bt/common/btc/core/btc_task.c @@ -222,7 +222,8 @@ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg { btc_msg_t* lmsg; - if (msg == NULL) { + // arg XOR arg_len + if ((msg == NULL) || ((arg == NULL) == !(arg_len == 0))) { return BT_STATUS_PARM_INVALID; } @@ -237,7 +238,7 @@ bt_status_t btc_transfer_context(btc_msg_t *msg, void *arg, int arg_len, btc_arg if (arg) { lmsg->arg = (void *)osi_malloc(arg_len); if (lmsg->arg == NULL) { - free(lmsg); + osi_free(lmsg); return BT_STATUS_NOMEM; } memset(lmsg->arg, 0x00, arg_len); //important, avoid arg which have no length From 9f5ff9fddf1dadd4e6ae6ee785ddc52ea41224fd Mon Sep 17 00:00:00 2001 From: xiongweichao Date: Tue, 30 Aug 2022 17:49:35 +0800 Subject: [PATCH 3/3] Fixed deadlock due to wrong parameter when calling btc_transfer_context() after calling esp_bluedroid_disable() Closes https://github.com/espressif/esp-idf/issues/9672 --- components/bt/host/bluedroid/btc/core/btc_dm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/bt/host/bluedroid/btc/core/btc_dm.c b/components/bt/host/bluedroid/btc/core/btc_dm.c index 14306bbea8..d44c505033 100644 --- a/components/bt/host/bluedroid/btc/core/btc_dm.c +++ b/components/bt/host/bluedroid/btc/core/btc_dm.c @@ -112,7 +112,8 @@ void btc_dm_sec_evt(tBTA_DM_SEC_EVT event, tBTA_DM_SEC *data) msg.pid = BTC_PID_DM_SEC; msg.act = event; - btc_transfer_context(&msg, (btc_dm_sec_args_t *)data, sizeof(btc_dm_sec_args_t), btc_dm_sec_arg_deep_copy); + btc_transfer_context(&msg, (btc_dm_sec_args_t *)data, + data == NULL ? 0 : sizeof(btc_dm_sec_args_t), btc_dm_sec_arg_deep_copy); } static void btc_enable_bluetooth_evt(tBTA_STATUS status)