Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

component/bt: free timer resources after using them

Browse source 
Bluedroid use a set of timer function pairs such as btu_start_timer/btu_stop_timer, btu_sys_start_timer/btu_sys_stop_timer for use, in a lack of timer release functions. Thus the timers may be exhausted after some event sequence such as repetition of connection/reconnection with different devices. The maximum timer number used in bluedroid is given by ALARM_CBS_NUM which is 30 for now. This bugfix borrowed some update from bluedroid in Andoroid 7.0, which add timer release functions which promote the recycle of timer resources.
This commit is contained in:
wangmengyang 2018-01-27 19:03:06 +08:00
parent daa8cfa800
commit 90c9ffa975
23 changed files with 231 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
components/bt/bluedroid/bta/av/bta_av_act.c
View file

@ -1268,6 +1268,11 @@ void bta_av_disable(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data)
hdr.layer_specific = xx + 1;
bta_av_api_deregister((tBTA_AV_DATA *)&hdr);
}
bta_sys_free_timer(&p_cb->sig_tmr);
memset(&p_cb->sig_tmr, 0, sizeof(TIMER_LIST_ENT));
bta_sys_free_timer(&p_cb->acp_sig_tmr);
memset(&p_cb->acp_sig_tmr, 0, sizeof(TIMER_LIST_ENT));
}
/*******************************************************************************

60
components/bt/bluedroid/bta/dm/bta_dm_act.c
View file

@ -282,6 +282,47 @@ void bta_dm_enable(tBTA_DM_MSG *p_data)
}
}
/*******************************************************************************
*
* Function bta_dm_init_cb
*
* Description Initializes the bta_dm_cb control block
*
*
* Returns void
*
******************************************************************************/
void bta_dm_init_cb(void)
{
memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
}
/*******************************************************************************
*
* Function bta_dm_deinit_cb
*
* Description De-initializes the bta_dm_cb control block
*
*
* Returns void
*
******************************************************************************/
void bta_dm_deinit_cb(void)
{
bta_sys_free_timer(&bta_dm_cb.disable_timer);
#if ( BTA_EIR_CANNED_UUID_LIST != TRUE )
bta_sys_free_timer(&bta_dm_cb.app_ready_timer);
#endif
#if BTM_SSR_INCLUDED == TRUE
for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
bta_sys_free_timer(&bta_dm_cb.pm_timer[i].timer[j]);
}
}
#endif
memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
}
/*******************************************************************************
**
** Function bta_dm_sys_hw_cback
@ -318,7 +359,15 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status )
}
/* reinitialize the control block */
memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
bta_dm_deinit_cb();
bta_sys_free_timer(&bta_dm_search_cb.search_timer);
#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE)
bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer);
#endif
#endif
memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb));
/* unregister from SYS */
bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH );
@ -332,11 +381,18 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status )
/* save security callback */
temp_cback = bta_dm_cb.p_sec_cback;
/* make sure the control block is properly initialized */
memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
bta_dm_init_cb();
/* and retrieve the callback */
bta_dm_cb.p_sec_cback = temp_cback;
bta_dm_cb.is_bta_dm_active = TRUE;
bta_sys_free_timer(&bta_dm_search_cb.search_timer);
#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE)
bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer);
#endif
#endif
/* hw is ready, go on with BTA DM initialization */
memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb));
#if (BTM_SSR_INCLUDED == TRUE)

24
components/bt/bluedroid/bta/gatt/bta_gattc_act.c
View file

@ -48,8 +48,6 @@
#if GATTC_INCLUDED == TRUE && BLE_INCLUDED == TRUE
static osi_mutex_t write_ccc_mutex;
/*****************************************************************************
** Constants
*****************************************************************************/
@ -129,9 +127,9 @@ static void bta_gattc_enable(tBTA_GATTC_CB *p_cb)
memset(&bta_gattc_cb, 0, sizeof(tBTA_GATTC_CB));
p_cb->state = BTA_GATTC_STATE_ENABLED;
// Create a write ccc mutex when the gatt client enable
osi_mutex_new(&write_ccc_mutex);
osi_mutex_new(&bta_gattc_cb.write_ccc_mutex);
} else {
APPL_TRACE_DEBUG("GATTC is arelady enabled");
APPL_TRACE_DEBUG("GATTC is already enabled");
}
}
@ -157,7 +155,7 @@ void bta_gattc_disable(tBTA_GATTC_CB *p_cb)
return;
}
// Free the write ccc mutex when the gatt client disable
osi_mutex_free(&write_ccc_mutex);
osi_mutex_free(&bta_gattc_cb.write_ccc_mutex);
for (i = 0; i < BTA_GATTC_CL_MAX; i ++) {
if (p_cb->cl_rcb[i].in_use) {
@ -1644,8 +1642,8 @@ static void bta_gattc_conn_cback(tGATT_IF gattc_if, BD_ADDR bda, UINT16 conn_id,
else if ((transport == BT_TRANSPORT_LE) && (connected == FALSE) && (p_conn != NULL)){
p_conn->service_change_ccc_written = FALSE;
if (p_conn->ccc_timer_used == TRUE){
assert(write_ccc_mutex != NULL);
osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
assert(bta_gattc_cb.write_ccc_mutex != NULL);
osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
if (p_conn->service_change_ccc_timer.param != 0) {
osi_free((void *)p_conn->service_change_ccc_timer.param);
@ -1653,7 +1651,7 @@ static void bta_gattc_conn_cback(tGATT_IF gattc_if, BD_ADDR bda, UINT16 conn_id,
}
bta_sys_stop_timer(&(p_conn->service_change_ccc_timer));
p_conn->ccc_timer_used = FALSE;
osi_mutex_unlock(&write_ccc_mutex);
osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
}
}
@ -2354,14 +2352,14 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle)
BOOLEAN start_ccc_timer = FALSE;
UINT32 new_timeout;
assert(write_ccc_mutex != NULL);
osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
assert(bta_gattc_cb.write_ccc_mutex != NULL);
osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
tBTA_GATTC_WAIT_CCC_TIMER *p_timer_param = (tBTA_GATTC_WAIT_CCC_TIMER*) p_tle->param;
p_tle->param = (TIMER_PARAM_TYPE)0;
if (p_timer_param == NULL){
APPL_TRACE_ERROR("p_timer_param is NULL in %s\n", __func__);
osi_mutex_unlock(&write_ccc_mutex);
osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
return;
}
@ -2369,7 +2367,7 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle)
if (p_conn == NULL){
APPL_TRACE_ERROR("p_conn is NULL in %s\n", __func__);
osi_free(p_timer_param);
osi_mutex_unlock(&write_ccc_mutex);
osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
return;
}
@ -2401,7 +2399,7 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle)
}
osi_free(p_timer_param);
osi_mutex_unlock(&write_ccc_mutex);
osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
}
#endif

4
components/bt/bluedroid/bta/gatt/bta_gattc_utils.c
View file

@ -862,6 +862,10 @@ BOOLEAN bta_gattc_conn_dealloc(BD_ADDR remote_bda)
if (p_conn != NULL) {
p_conn->in_use = FALSE;
memset(p_conn->remote_bda, 0, BD_ADDR_LEN);
osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
bta_sys_free_timer(&p_conn->service_change_ccc_timer);
p_conn->ccc_timer_used = FALSE;
osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
return TRUE;
}
return FALSE;

5
components/bt/bluedroid/bta/include/bta_gattc_int.h
View file

@ -30,6 +30,7 @@
#include "bta_gattc_ci.h"
#include "bta_gattc_co.h"
#include "fixed_queue.h"
#include "mutex.h"
/*****************************************************************************
** Constants and data types
@ -357,8 +358,8 @@ enum {
};
typedef struct {
UINT8 state;
UINT8 state;
osi_mutex_t write_ccc_mutex;
tBTA_GATTC_CONN conn_track[BTA_GATTC_CONN_MAX];
tBTA_GATTC_BG_TCK bg_track[BTA_GATTC_KNOWN_SR_MAX];
tBTA_GATTC_RCB cl_rcb[BTA_GATTC_CL_MAX];

1
components/bt/bluedroid/bta/include/bta_sys.h
View file

@ -224,6 +224,7 @@ extern UINT16 bta_sys_get_sys_features(void);
extern void bta_sys_sendmsg(void *p_msg);
extern void bta_sys_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, INT32 timeout_ms);
extern void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle);
extern void bta_sys_free_timer(TIMER_LIST_ENT *p_tle);
extern void bta_sys_disable(tBTA_SYS_HW_MODULE module);
extern UINT32 bta_sys_get_remaining_ticks(TIMER_LIST_ENT *p_target_tle);

22
components/bt/bluedroid/bta/sys/bta_sys_main.c
View file

@ -657,6 +657,28 @@ void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle)
osi_alarm_cancel(alarm);
}
/*******************************************************************************
**
** Function bta_sys_free_timer
**
** Description Stop and free a BTA timer.
**
** Returns void
**
*******************************************************************************/
void bta_sys_free_timer(TIMER_LIST_ENT *p_tle)
{
assert(p_tle != NULL);
osi_alarm_t *alarm = hash_map_get(bta_alarm_hash_map, p_tle);
if (alarm == NULL) {
LOG_DEBUG("%s expected alarm was not in bta alarm hash map.", __func__);
return;
}
osi_alarm_cancel(alarm);
hash_map_erase(bta_alarm_hash_map, p_tle);
}
/*******************************************************************************
**
** Function bta_sys_disable

2
components/bt/bluedroid/stack/avdt/avdt_ccb.c
View file

@ -407,7 +407,7 @@ void avdt_ccb_dealloc(tAVDT_CCB *p_ccb, tAVDT_CCB_EVT *p_data)
UNUSED(p_data);
AVDT_TRACE_DEBUG("avdt_ccb_dealloc %d\n", avdt_ccb_to_idx(p_ccb));
btu_stop_timer(&p_ccb->timer_entry);
btu_free_timer(&p_ccb->timer_entry);
fixed_queue_free(p_ccb->cmd_q, NULL);
fixed_queue_free(p_ccb->rsp_q, NULL);
memset(p_ccb, 0, sizeof(tAVDT_CCB));

2
components/bt/bluedroid/stack/avdt/avdt_scb.c
View file

@ -644,7 +644,7 @@ void avdt_scb_dealloc(tAVDT_SCB *p_scb, tAVDT_SCB_EVT *p_data)
UNUSED(p_data);
AVDT_TRACE_DEBUG("avdt_scb_dealloc hdl=%d\n", avdt_scb_to_hdl(p_scb));
btu_stop_timer(&p_scb->timer_entry);
btu_free_timer(&p_scb->timer_entry);
#if AVDT_MULTIPLEXING == TRUE
/* free fragments we're holding, if any; it shouldn't happen */

3
components/bt/bluedroid/stack/btm/btm_ble_gap.c
View file

@ -3740,6 +3740,9 @@ void btm_ble_init (void)
BTM_TRACE_DEBUG("%s", __func__);
btu_free_timer(&p_cb->obs_timer_ent);
btu_free_timer(&p_cb->scan_timer_ent);
btu_free_timer(&p_cb->inq_var.fast_adv_timer);
memset(p_cb, 0, sizeof(tBTM_BLE_CB));
memset(&(btm_cb.cmn_ble_vsc_cb), 0 , sizeof(tBTM_BLE_VSC_CB));
btm_cb.cmn_ble_vsc_cb.values_read = FALSE;

2
components/bt/bluedroid/stack/btm/btm_devctl.c
View file

@ -533,7 +533,7 @@ void btm_read_local_name_complete (UINT8 *p, UINT16 evt_len)
UINT8 status;
UNUSED(evt_len);
btu_stop_timer (&btm_cb.devcb.rln_timer);
btu_free_timer (&btm_cb.devcb.rln_timer);
/* If there was a callback address for read local name, call it */
btm_cb.devcb.p_rln_cmpl_cb = NULL;

6
components/bt/bluedroid/stack/btm/btm_inq.c
View file

@ -1359,6 +1359,12 @@ void btm_inq_db_init (void)
#if 0 /* cleared in btm_init; put back in if called from anywhere else! */
memset (&btm_cb.btm_inq_vars, 0, sizeof (tBTM_INQUIRY_VAR_ST));
#endif
btu_free_timer(&btm_cb.btm_inq_vars.rmt_name_timer_ent);
memset(&btm_cb.btm_inq_vars.rmt_name_timer_ent, 0, sizeof(TIMER_LIST_ENT));
btu_free_timer(&btm_cb.btm_inq_vars.inq_timer_ent);
memset(&btm_cb.btm_inq_vars.inq_timer_ent, 0, sizeof(TIMER_LIST_ENT));
btm_cb.btm_inq_vars.no_inc_ssp = BTM_NO_SSP_ON_INQUIRY;
}

22
components/bt/bluedroid/stack/btu/btu_task.c
View file

@ -513,15 +513,12 @@ void btu_free_timer(TIMER_LIST_ENT *p_tle)
{
assert(p_tle != NULL);
if (p_tle->in_use == FALSE) {
return;
}
p_tle->in_use = FALSE;
// Get the alarm for the timer list entry.
osi_alarm_t *alarm = hash_map_get(btu_general_alarm_hash_map, p_tle);
if (alarm == NULL) {
LOG_WARN("%s Unable to find expected alarm in hashmap", __func__);
LOG_DEBUG("%s Unable to find expected alarm in hashmap", __func__);
return;
}
osi_alarm_cancel(alarm);
@ -615,6 +612,23 @@ void btu_stop_quick_timer(TIMER_LIST_ENT *p_tle)
}
osi_alarm_cancel(alarm);
}
void btu_free_quick_timer(TIMER_LIST_ENT *p_tle)
{
assert(p_tle != NULL);
p_tle->in_use = FALSE;
// Get the alarm for the timer list entry.
osi_alarm_t *alarm = hash_map_get(btu_l2cap_alarm_hash_map, p_tle);
if (alarm == NULL) {
LOG_DEBUG("%s Unable to find expected alarm in hashmap", __func__);
return;
}
osi_alarm_cancel(alarm);
hash_map_erase(btu_l2cap_alarm_hash_map, p_tle);
}
#endif /* defined(QUICK_TIMER_TICKS_PER_SEC) && (QUICK_TIMER_TICKS_PER_SEC > 0) */
void btu_oneshot_alarm_cb(void *data)

7
components/bt/bluedroid/stack/gatt/gatt_main.c
View file

@ -173,6 +173,13 @@ void gatt_free(void)
fixed_queue_free(gatt_cb.tcb[i].pending_ind_q, NULL);
gatt_cb.tcb[i].pending_ind_q = NULL;
btu_free_timer(&gatt_cb.tcb[i].conf_timer_ent);
memset(&gatt_cb.tcb[i].conf_timer_ent, 0, sizeof(TIMER_LIST_ENT));
btu_free_timer(&gatt_cb.tcb[i].ind_ack_timer_ent);
memset(&gatt_cb.tcb[i].ind_ack_timer_ent, 0, sizeof(TIMER_LIST_ENT));
#if (GATTS_INCLUDED == TRUE)
fixed_queue_free(gatt_cb.tcb[i].sr_cmd.multi_rsp_q, NULL);
gatt_cb.tcb[i].sr_cmd.multi_rsp_q = NULL;

5
components/bt/bluedroid/stack/gatt/gatt_utils.c
View file

@ -1683,6 +1683,7 @@ tGATT_CLCB *gatt_clcb_alloc (UINT16 conn_id)
void gatt_clcb_dealloc (tGATT_CLCB *p_clcb)
{
if (p_clcb && p_clcb->in_use) {
btu_free_timer(&p_clcb->rsp_timer_ent);
memset(p_clcb, 0, sizeof(tGATT_CLCB));
}
}
@ -2211,8 +2212,8 @@ void gatt_cleanup_upon_disc(BD_ADDR bda, UINT16 reason, tBT_TRANSPORT transport)
}
}
btu_stop_timer (&p_tcb->ind_ack_timer_ent);
btu_stop_timer (&p_tcb->conf_timer_ent);
btu_free_timer (&p_tcb->ind_ack_timer_ent);
btu_free_timer (&p_tcb->conf_timer_ent);
gatt_free_pending_ind(p_tcb);
gatt_free_pending_enc_queue(p_tcb);
gatt_free_pending_prepare_write_queue(p_tcb);

1
components/bt/bluedroid/stack/include/btu.h
View file

@ -246,6 +246,7 @@ void btu_uipc_rx_cback(BT_HDR *p_msg);
#if defined(QUICK_TIMER_TICKS_PER_SEC) && (QUICK_TIMER_TICKS_PER_SEC > 0)
void btu_start_quick_timer (TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout);
void btu_stop_quick_timer (TIMER_LIST_ENT *p_tle);
void btu_free_quick_timer (TIMER_LIST_ENT *p_tle);
void btu_process_quick_timer_evt (void);
#endif

2
components/bt/bluedroid/stack/l2cap/include/l2c_int.h
View file

@ -767,7 +767,7 @@ extern BOOLEAN l2c_fcr_renegotiate_chan(tL2C_CCB *p_ccb, tL2CAP_CFG_INFO *p_cfg
extern UINT8 l2c_fcr_process_peer_cfg_req(tL2C_CCB *p_ccb, tL2CAP_CFG_INFO *p_cfg);
extern void l2c_fcr_adj_monitor_retran_timeout (tL2C_CCB *p_ccb);
extern void l2c_fcr_stop_timer (tL2C_CCB *p_ccb);
extern void l2c_fcr_free_timer (tL2C_CCB *p_ccb);
/* Functions provided by l2c_ble.c
************************************
*/

24
components/bt/bluedroid/stack/l2cap/l2c_fcr.c
View file

@ -201,6 +201,21 @@ void l2c_fcr_stop_timer (tL2C_CCB *p_ccb)
}
}
/*******************************************************************************
**
** Function l2c_fcr_free_timer
**
** Description This function releases the (monitor or transmission) timer.
**
** Returns -
**
*******************************************************************************/
void l2c_fcr_free_timer (tL2C_CCB *p_ccb)
{
assert(p_ccb != NULL);
btu_free_quick_timer (&p_ccb->fcrb.mon_retrans_timer);
}
/*******************************************************************************
**
** Function l2c_fcr_cleanup
@ -232,9 +247,12 @@ void l2c_fcr_cleanup (tL2C_CCB *p_ccb)
fixed_queue_free(p_fcrb->retrans_q, osi_free_func);
p_fcrb->retrans_q = NULL;
btu_stop_quick_timer (&p_fcrb->ack_timer);
btu_stop_quick_timer (&p_ccb->fcrb.mon_retrans_timer);
btu_free_quick_timer (&p_fcrb->ack_timer);
memset(&p_fcrb->ack_timer, 0, sizeof(TIMER_LIST_ENT));
btu_free_quick_timer (&p_ccb->fcrb.mon_retrans_timer);
memset(&p_fcrb->mon_retrans_timer, 0, sizeof(TIMER_LIST_ENT));
#if (L2CAP_ERTM_STATS == TRUE)
if ( (p_ccb->local_cid >= L2CAP_BASE_APPL_CID) && (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) ) {
UINT32 dur = osi_time_get_os_boottime_ms() - p_ccb->fcrb.connect_tick_count;

43
components/bt/bluedroid/stack/l2cap/l2c_utils.c
View file

@ -54,8 +54,11 @@ tL2C_LCB *l2cu_allocate_lcb (BD_ADDR p_bd_addr, BOOLEAN is_bonding, tBT_TRANSPOR
for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
if (!p_lcb->in_use) {
btu_free_timer(&p_lcb->timer_entry);
btu_free_timer(&p_lcb->info_timer_entry);
btu_free_timer(&p_lcb->upda_con_timer);
memset (p_lcb, 0, sizeof (tL2C_LCB));
memcpy (p_lcb->remote_bd_addr, p_bd_addr, BD_ADDR_LEN);
p_lcb->in_use = TRUE;
@ -127,10 +130,14 @@ void l2cu_release_lcb (tL2C_LCB *p_lcb)
p_lcb->in_use = FALSE;
p_lcb->is_bonding = FALSE;
/* Stop timers */
btu_stop_timer (&p_lcb->timer_entry);
btu_stop_timer (&p_lcb->info_timer_entry);
/* Stop and release timers */
btu_free_timer (&p_lcb->timer_entry);
memset(&p_lcb->timer_entry, 0, sizeof(TIMER_LIST_ENT));
btu_free_timer (&p_lcb->info_timer_entry);
memset(&p_lcb->info_timer_entry, 0, sizeof(TIMER_LIST_ENT));
btu_free_timer(&p_lcb->upda_con_timer);
memset(&p_lcb->upda_con_timer, 0, sizeof(TIMER_LIST_ENT));
/* Release any unfinished L2CAP packet on this link */
if (p_lcb->p_hcit_rcv_acl) {
osi_free(p_lcb->p_hcit_rcv_acl);
@ -1476,25 +1483,24 @@ tL2C_CCB *l2cu_allocate_ccb (tL2C_LCB *p_lcb, UINT16 cid)
memset (&p_ccb->ertm_info, 0, sizeof(tL2CAP_ERTM_INFO));
p_ccb->peer_cfg_already_rejected = FALSE;
p_ccb->fcr_cfg_tries = L2CAP_MAX_FCR_CFG_TRIES;
/* stop and release timers */
btu_free_quick_timer(&p_ccb->fcrb.ack_timer);
memset(&p_ccb->fcrb.ack_timer, 0, sizeof(TIMER_LIST_ENT));
p_ccb->fcrb.ack_timer.param = (TIMER_PARAM_TYPE)p_ccb;
/* if timer is running, remove it from timer list */
if (p_ccb->fcrb.ack_timer.in_use) {
btu_stop_quick_timer (&p_ccb->fcrb.ack_timer);
}
btu_free_quick_timer(&p_ccb->fcrb.mon_retrans_timer);
memset(&p_ccb->fcrb.mon_retrans_timer, 0, sizeof(TIMER_LIST_ENT));
p_ccb->fcrb.mon_retrans_timer.param = (TIMER_PARAM_TYPE)p_ccb;
// btla-specific ++
/* CSP408639 Fix: When L2CAP send amp move channel request or receive
* L2CEVT_AMP_MOVE_REQ do following sequence. Send channel move
* request -> Stop retrans/monitor timer -> Change channel state to CST_AMP_MOVING. */
if (p_ccb->fcrb.mon_retrans_timer.in_use) {
btu_stop_quick_timer (&p_ccb->fcrb.mon_retrans_timer);
}
// btla-specific --
#if (CLASSIC_BT_INCLUDED == TRUE)
l2c_fcr_stop_timer (p_ccb);
l2c_fcr_free_timer (p_ccb);
#endif ///CLASSIC_BT_INCLUDED == TRUE
p_ccb->ertm_info.preferred_mode = L2CAP_FCR_BASIC_MODE; /* Default mode for channel is basic mode */
p_ccb->ertm_info.allowed_modes = L2CAP_FCR_CHAN_OPT_BASIC; /* Default mode for channel is basic mode */
@ -1531,6 +1537,8 @@ tL2C_CCB *l2cu_allocate_ccb (tL2C_LCB *p_lcb, UINT16 cid)
p_ccb->is_flushable = FALSE;
#endif
btu_free_timer(&p_ccb->timer_entry);
memset(&p_ccb->timer_entry, 0, sizeof(TIMER_LIST_ENT));
p_ccb->timer_entry.param = (TIMER_PARAM_TYPE)p_ccb;
p_ccb->timer_entry.in_use = 0;
@ -1628,9 +1636,8 @@ void l2cu_release_ccb (tL2C_CCB *p_ccb)
btm_sec_clr_temp_auth_service (p_lcb->remote_bd_addr);
}
/* Stop the timer */
btu_stop_timer (&p_ccb->timer_entry);
/* Stop and free the timer */
btu_free_timer (&p_ccb->timer_entry);
fixed_queue_free(p_ccb->xmit_hold_q, osi_free_func);
p_ccb->xmit_hold_q = NULL;

2
components/bt/bluedroid/stack/rfcomm/include/rfc_int.h
View file

@ -296,8 +296,10 @@ tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator)
extern void rfc_release_multiplexer_channel (tRFC_MCB *p_rfc_mcb);
extern void rfc_timer_start (tRFC_MCB *p_rfc_mcb, UINT16 timeout);
extern void rfc_timer_stop (tRFC_MCB *p_rfc_mcb);
extern void rfc_timer_free (tRFC_MCB *p_rfc_mcb);
extern void rfc_port_timer_start (tPORT *p_port, UINT16 tout);
extern void rfc_port_timer_stop (tPORT *p_port);
extern void rfc_port_timer_free (tPORT *p_port);
BOOLEAN rfc_check_uih_fcs (UINT8 dlci, UINT8 received_fcs);
BOOLEAN rfc_check_fcs (UINT16 len, UINT8 *p, UINT8 received_fcs);

3
components/bt/bluedroid/stack/rfcomm/port_utils.c
View file

@ -265,6 +265,7 @@ void port_release_port (tPORT *p_port)
memcpy (p_port->bd_addr, BT_BD_ANY, BD_ADDR_LEN);
} else {
RFCOMM_TRACE_DEBUG ("port_release_port:Clean-up handle:%d", p_port->inx);
rfc_port_timer_free (p_port);
memset (p_port, 0, sizeof (tPORT));
}
}
@ -568,4 +569,4 @@ void port_flow_control_peer(tPORT *p_port, BOOLEAN enable, UINT16 count)
}
#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE)
#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE)

37
components/bt/bluedroid/stack/rfcomm/rfc_utils.c
View file

@ -169,6 +169,7 @@ tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator)
if (rfc_cb.port.rfc_mcb[j].state == RFC_MX_STATE_IDLE) {
/* New multiplexer control block */
fixed_queue_free(p_mcb->cmd_q, NULL);
rfc_timer_free(p_mcb);
memset (p_mcb, 0, sizeof (tRFC_MCB));
memcpy (p_mcb->bd_addr, bd_addr, BD_ADDR_LEN);
RFCOMM_TRACE_DEBUG("rfc_alloc_multiplexer_channel:is_initiator:%d, create new p_mcb:%p, index:%d",
@ -201,7 +202,7 @@ void osi_free_fun(void *p){
void rfc_release_multiplexer_channel (tRFC_MCB *p_mcb)
{
rfc_timer_stop (p_mcb);
rfc_timer_free (p_mcb);
fixed_queue_free(p_mcb->cmd_q, osi_free_fun);
@ -228,7 +229,6 @@ void rfc_timer_start (tRFC_MCB *p_mcb, UINT16 timeout)
btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_MFC, timeout);
}
/*******************************************************************************
**
** Function rfc_timer_stop
@ -243,6 +243,20 @@ void rfc_timer_stop (tRFC_MCB *p_mcb)
btu_stop_timer (&p_mcb->tle);
}
/*******************************************************************************
**
** Function rfc_timer_free
**
** Description Stop and free RFC Timer
**
*******************************************************************************/
void rfc_timer_free (tRFC_MCB *p_mcb)
{
RFCOMM_TRACE_EVENT ("rfc_timer_free");
btu_free_timer (&p_mcb->tle);
memset(&p_mcb->tle, 0, sizeof(TIMER_LIST_ENT));
}
/*******************************************************************************
**
@ -262,7 +276,6 @@ void rfc_port_timer_start (tPORT *p_port, UINT16 timeout)
btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_PORT, timeout);
}
/*******************************************************************************
**
** Function rfc_port_timer_stop
@ -274,9 +287,23 @@ void rfc_port_timer_stop (tPORT *p_port)
{
RFCOMM_TRACE_EVENT ("rfc_port_timer_stop");
btu_free_timer (&p_port->rfc.tle);
btu_stop_timer (&p_port->rfc.tle);
}
/*******************************************************************************
**
** Function rfc_port_timer_free
**
** Description Stop and free RFC Timer
**
*******************************************************************************/
void rfc_port_timer_free (tPORT *p_port)
{
RFCOMM_TRACE_EVENT ("rfc_port_timer_stop");
btu_free_timer (&p_port->rfc.tle);
memset(&p_port->rfc.tle, 0, sizeof(TIMER_LIST_ENT));
}
/*******************************************************************************
**
@ -480,4 +507,4 @@ void rfc_check_send_cmd(tRFC_MCB *p_mcb, BT_HDR *p_buf)
}
#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE)
#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE)

5
components/bt/bluedroid/stack/sdp/sdp_utils.c
View file

@ -119,6 +119,7 @@ tCONN_CB *sdpu_allocate_ccb (void)
/* Look through each connection control block for a free one */
for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) {
if (p_ccb->con_state == SDP_STATE_IDLE) {
btu_free_timer(&p_ccb->timer_entry);
memset (p_ccb, 0, sizeof (tCONN_CB));
p_ccb->timer_entry.param = (UINT32) p_ccb;
@ -143,8 +144,8 @@ tCONN_CB *sdpu_allocate_ccb (void)
*******************************************************************************/
void sdpu_release_ccb (tCONN_CB *p_ccb)
{
/* Ensure timer is stopped */
btu_stop_timer (&p_ccb->timer_entry);
/* Ensure timer is stopped and released */
btu_free_timer(&p_ccb->timer_entry);
/* Drop any response pointer we may be holding */
p_ccb->con_state = SDP_STATE_IDLE;