From 90c9ffa975bf4a33a12eadb6f73101895f7db19d Mon Sep 17 00:00:00 2001 From: wangmengyang Date: Sat, 27 Jan 2018 19:03:06 +0800 Subject: [PATCH] component/bt: free timer resources after using them Bluedroid use a set of timer function pairs such as btu_start_timer/btu_stop_timer, btu_sys_start_timer/btu_sys_stop_timer for use, in a lack of timer release functions. Thus the timers may be exhausted after some event sequence such as repetition of connection/reconnection with different devices. The maximum timer number used in bluedroid is given by ALARM_CBS_NUM which is 30 for now. This bugfix borrowed some update from bluedroid in Andoroid 7.0, which add timer release functions which promote the recycle of timer resources. --- components/bt/bluedroid/bta/av/bta_av_act.c | 5 ++ components/bt/bluedroid/bta/dm/bta_dm_act.c | 60 ++++++++++++++++++- .../bt/bluedroid/bta/gatt/bta_gattc_act.c | 24 ++++---- .../bt/bluedroid/bta/gatt/bta_gattc_utils.c | 4 ++ .../bt/bluedroid/bta/include/bta_gattc_int.h | 5 +- components/bt/bluedroid/bta/include/bta_sys.h | 1 + .../bt/bluedroid/bta/sys/bta_sys_main.c | 22 +++++++ components/bt/bluedroid/stack/avdt/avdt_ccb.c | 2 +- components/bt/bluedroid/stack/avdt/avdt_scb.c | 2 +- .../bt/bluedroid/stack/btm/btm_ble_gap.c | 3 + .../bt/bluedroid/stack/btm/btm_devctl.c | 2 +- components/bt/bluedroid/stack/btm/btm_inq.c | 6 ++ components/bt/bluedroid/stack/btu/btu_task.c | 22 +++++-- .../bt/bluedroid/stack/gatt/gatt_main.c | 7 +++ .../bt/bluedroid/stack/gatt/gatt_utils.c | 5 +- components/bt/bluedroid/stack/include/btu.h | 1 + .../bluedroid/stack/l2cap/include/l2c_int.h | 2 +- components/bt/bluedroid/stack/l2cap/l2c_fcr.c | 24 +++++++- .../bt/bluedroid/stack/l2cap/l2c_utils.c | 43 +++++++------ .../bluedroid/stack/rfcomm/include/rfc_int.h | 2 + .../bt/bluedroid/stack/rfcomm/port_utils.c | 3 +- .../bt/bluedroid/stack/rfcomm/rfc_utils.c | 37 ++++++++++-- components/bt/bluedroid/stack/sdp/sdp_utils.c | 5 +- 23 files changed, 231 insertions(+), 56 deletions(-) diff --git a/components/bt/bluedroid/bta/av/bta_av_act.c b/components/bt/bluedroid/bta/av/bta_av_act.c index 02d420c31..9b00d62ce 100644 --- a/components/bt/bluedroid/bta/av/bta_av_act.c +++ b/components/bt/bluedroid/bta/av/bta_av_act.c @@ -1268,6 +1268,11 @@ void bta_av_disable(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data) hdr.layer_specific = xx + 1; bta_av_api_deregister((tBTA_AV_DATA *)&hdr); } + + bta_sys_free_timer(&p_cb->sig_tmr); + memset(&p_cb->sig_tmr, 0, sizeof(TIMER_LIST_ENT)); + bta_sys_free_timer(&p_cb->acp_sig_tmr); + memset(&p_cb->acp_sig_tmr, 0, sizeof(TIMER_LIST_ENT)); } /******************************************************************************* diff --git a/components/bt/bluedroid/bta/dm/bta_dm_act.c b/components/bt/bluedroid/bta/dm/bta_dm_act.c index e0b1595a9..80b4e8e75 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_act.c @@ -282,6 +282,47 @@ void bta_dm_enable(tBTA_DM_MSG *p_data) } } +/******************************************************************************* + * + * Function bta_dm_init_cb + * + * Description Initializes the bta_dm_cb control block + * + * + * Returns void + * + ******************************************************************************/ +void bta_dm_init_cb(void) +{ + memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); +} + +/******************************************************************************* + * + * Function bta_dm_deinit_cb + * + * Description De-initializes the bta_dm_cb control block + * + * + * Returns void + * + ******************************************************************************/ +void bta_dm_deinit_cb(void) +{ + bta_sys_free_timer(&bta_dm_cb.disable_timer); +#if ( BTA_EIR_CANNED_UUID_LIST != TRUE ) + bta_sys_free_timer(&bta_dm_cb.app_ready_timer); +#endif +#if BTM_SSR_INCLUDED == TRUE + for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) { + for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) { + bta_sys_free_timer(&bta_dm_cb.pm_timer[i].timer[j]); + } + } +#endif + memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); +} + /******************************************************************************* ** ** Function bta_dm_sys_hw_cback @@ -318,7 +359,15 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status ) } /* reinitialize the control block */ - memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); + bta_dm_deinit_cb(); + + bta_sys_free_timer(&bta_dm_search_cb.search_timer); +#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE)) +#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE) + bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer); +#endif +#endif + memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb)); /* unregister from SYS */ bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH ); @@ -332,11 +381,18 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status ) /* save security callback */ temp_cback = bta_dm_cb.p_sec_cback; /* make sure the control block is properly initialized */ - memset(&bta_dm_cb, 0, sizeof(bta_dm_cb)); + bta_dm_init_cb(); + /* and retrieve the callback */ bta_dm_cb.p_sec_cback = temp_cback; bta_dm_cb.is_bta_dm_active = TRUE; + bta_sys_free_timer(&bta_dm_search_cb.search_timer); +#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE)) +#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE) + bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer); +#endif +#endif /* hw is ready, go on with BTA DM initialization */ memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb)); #if (BTM_SSR_INCLUDED == TRUE) diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c index 8c75f131a..37c349dad 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_act.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_act.c @@ -48,8 +48,6 @@ #if GATTC_INCLUDED == TRUE && BLE_INCLUDED == TRUE -static osi_mutex_t write_ccc_mutex; - /***************************************************************************** ** Constants *****************************************************************************/ @@ -129,9 +127,9 @@ static void bta_gattc_enable(tBTA_GATTC_CB *p_cb) memset(&bta_gattc_cb, 0, sizeof(tBTA_GATTC_CB)); p_cb->state = BTA_GATTC_STATE_ENABLED; // Create a write ccc mutex when the gatt client enable - osi_mutex_new(&write_ccc_mutex); + osi_mutex_new(&bta_gattc_cb.write_ccc_mutex); } else { - APPL_TRACE_DEBUG("GATTC is arelady enabled"); + APPL_TRACE_DEBUG("GATTC is already enabled"); } } @@ -157,7 +155,7 @@ void bta_gattc_disable(tBTA_GATTC_CB *p_cb) return; } // Free the write ccc mutex when the gatt client disable - osi_mutex_free(&write_ccc_mutex); + osi_mutex_free(&bta_gattc_cb.write_ccc_mutex); for (i = 0; i < BTA_GATTC_CL_MAX; i ++) { if (p_cb->cl_rcb[i].in_use) { @@ -1644,8 +1642,8 @@ static void bta_gattc_conn_cback(tGATT_IF gattc_if, BD_ADDR bda, UINT16 conn_id, else if ((transport == BT_TRANSPORT_LE) && (connected == FALSE) && (p_conn != NULL)){ p_conn->service_change_ccc_written = FALSE; if (p_conn->ccc_timer_used == TRUE){ - assert(write_ccc_mutex != NULL); - osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT); + assert(bta_gattc_cb.write_ccc_mutex != NULL); + osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT); if (p_conn->service_change_ccc_timer.param != 0) { osi_free((void *)p_conn->service_change_ccc_timer.param); @@ -1653,7 +1651,7 @@ static void bta_gattc_conn_cback(tGATT_IF gattc_if, BD_ADDR bda, UINT16 conn_id, } bta_sys_stop_timer(&(p_conn->service_change_ccc_timer)); p_conn->ccc_timer_used = FALSE; - osi_mutex_unlock(&write_ccc_mutex); + osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex); } } @@ -2354,14 +2352,14 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle) BOOLEAN start_ccc_timer = FALSE; UINT32 new_timeout; - assert(write_ccc_mutex != NULL); - osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT); + assert(bta_gattc_cb.write_ccc_mutex != NULL); + osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT); tBTA_GATTC_WAIT_CCC_TIMER *p_timer_param = (tBTA_GATTC_WAIT_CCC_TIMER*) p_tle->param; p_tle->param = (TIMER_PARAM_TYPE)0; if (p_timer_param == NULL){ APPL_TRACE_ERROR("p_timer_param is NULL in %s\n", __func__); - osi_mutex_unlock(&write_ccc_mutex); + osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex); return; } @@ -2369,7 +2367,7 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle) if (p_conn == NULL){ APPL_TRACE_ERROR("p_conn is NULL in %s\n", __func__); osi_free(p_timer_param); - osi_mutex_unlock(&write_ccc_mutex); + osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex); return; } @@ -2401,7 +2399,7 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle) } osi_free(p_timer_param); - osi_mutex_unlock(&write_ccc_mutex); + osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex); } #endif diff --git a/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c b/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c index 70655fd94..4e3cf9737 100644 --- a/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c +++ b/components/bt/bluedroid/bta/gatt/bta_gattc_utils.c @@ -862,6 +862,10 @@ BOOLEAN bta_gattc_conn_dealloc(BD_ADDR remote_bda) if (p_conn != NULL) { p_conn->in_use = FALSE; memset(p_conn->remote_bda, 0, BD_ADDR_LEN); + osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT); + bta_sys_free_timer(&p_conn->service_change_ccc_timer); + p_conn->ccc_timer_used = FALSE; + osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex); return TRUE; } return FALSE; diff --git a/components/bt/bluedroid/bta/include/bta_gattc_int.h b/components/bt/bluedroid/bta/include/bta_gattc_int.h index c47668a65..78d8e969e 100644 --- a/components/bt/bluedroid/bta/include/bta_gattc_int.h +++ b/components/bt/bluedroid/bta/include/bta_gattc_int.h @@ -30,6 +30,7 @@ #include "bta_gattc_ci.h" #include "bta_gattc_co.h" #include "fixed_queue.h" +#include "mutex.h" /***************************************************************************** ** Constants and data types @@ -357,8 +358,8 @@ enum { }; typedef struct { - UINT8 state; - + UINT8 state; + osi_mutex_t write_ccc_mutex; tBTA_GATTC_CONN conn_track[BTA_GATTC_CONN_MAX]; tBTA_GATTC_BG_TCK bg_track[BTA_GATTC_KNOWN_SR_MAX]; tBTA_GATTC_RCB cl_rcb[BTA_GATTC_CL_MAX]; diff --git a/components/bt/bluedroid/bta/include/bta_sys.h b/components/bt/bluedroid/bta/include/bta_sys.h index 94ebd8050..011900869 100644 --- a/components/bt/bluedroid/bta/include/bta_sys.h +++ b/components/bt/bluedroid/bta/include/bta_sys.h @@ -224,6 +224,7 @@ extern UINT16 bta_sys_get_sys_features(void); extern void bta_sys_sendmsg(void *p_msg); extern void bta_sys_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, INT32 timeout_ms); extern void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle); +extern void bta_sys_free_timer(TIMER_LIST_ENT *p_tle); extern void bta_sys_disable(tBTA_SYS_HW_MODULE module); extern UINT32 bta_sys_get_remaining_ticks(TIMER_LIST_ENT *p_target_tle); diff --git a/components/bt/bluedroid/bta/sys/bta_sys_main.c b/components/bt/bluedroid/bta/sys/bta_sys_main.c index e435cea90..590c907ef 100644 --- a/components/bt/bluedroid/bta/sys/bta_sys_main.c +++ b/components/bt/bluedroid/bta/sys/bta_sys_main.c @@ -657,6 +657,28 @@ void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle) osi_alarm_cancel(alarm); } +/******************************************************************************* +** +** Function bta_sys_free_timer +** +** Description Stop and free a BTA timer. +** +** Returns void +** +*******************************************************************************/ +void bta_sys_free_timer(TIMER_LIST_ENT *p_tle) +{ + assert(p_tle != NULL); + + osi_alarm_t *alarm = hash_map_get(bta_alarm_hash_map, p_tle); + if (alarm == NULL) { + LOG_DEBUG("%s expected alarm was not in bta alarm hash map.", __func__); + return; + } + osi_alarm_cancel(alarm); + hash_map_erase(bta_alarm_hash_map, p_tle); +} + /******************************************************************************* ** ** Function bta_sys_disable diff --git a/components/bt/bluedroid/stack/avdt/avdt_ccb.c b/components/bt/bluedroid/stack/avdt/avdt_ccb.c index f047db6bd..3910f76e4 100644 --- a/components/bt/bluedroid/stack/avdt/avdt_ccb.c +++ b/components/bt/bluedroid/stack/avdt/avdt_ccb.c @@ -407,7 +407,7 @@ void avdt_ccb_dealloc(tAVDT_CCB *p_ccb, tAVDT_CCB_EVT *p_data) UNUSED(p_data); AVDT_TRACE_DEBUG("avdt_ccb_dealloc %d\n", avdt_ccb_to_idx(p_ccb)); - btu_stop_timer(&p_ccb->timer_entry); + btu_free_timer(&p_ccb->timer_entry); fixed_queue_free(p_ccb->cmd_q, NULL); fixed_queue_free(p_ccb->rsp_q, NULL); memset(p_ccb, 0, sizeof(tAVDT_CCB)); diff --git a/components/bt/bluedroid/stack/avdt/avdt_scb.c b/components/bt/bluedroid/stack/avdt/avdt_scb.c index 060884e1d..484270d03 100644 --- a/components/bt/bluedroid/stack/avdt/avdt_scb.c +++ b/components/bt/bluedroid/stack/avdt/avdt_scb.c @@ -644,7 +644,7 @@ void avdt_scb_dealloc(tAVDT_SCB *p_scb, tAVDT_SCB_EVT *p_data) UNUSED(p_data); AVDT_TRACE_DEBUG("avdt_scb_dealloc hdl=%d\n", avdt_scb_to_hdl(p_scb)); - btu_stop_timer(&p_scb->timer_entry); + btu_free_timer(&p_scb->timer_entry); #if AVDT_MULTIPLEXING == TRUE /* free fragments we're holding, if any; it shouldn't happen */ diff --git a/components/bt/bluedroid/stack/btm/btm_ble_gap.c b/components/bt/bluedroid/stack/btm/btm_ble_gap.c index 2319f95e7..5fa57bd78 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble_gap.c +++ b/components/bt/bluedroid/stack/btm/btm_ble_gap.c @@ -3740,6 +3740,9 @@ void btm_ble_init (void) BTM_TRACE_DEBUG("%s", __func__); + btu_free_timer(&p_cb->obs_timer_ent); + btu_free_timer(&p_cb->scan_timer_ent); + btu_free_timer(&p_cb->inq_var.fast_adv_timer); memset(p_cb, 0, sizeof(tBTM_BLE_CB)); memset(&(btm_cb.cmn_ble_vsc_cb), 0 , sizeof(tBTM_BLE_VSC_CB)); btm_cb.cmn_ble_vsc_cb.values_read = FALSE; diff --git a/components/bt/bluedroid/stack/btm/btm_devctl.c b/components/bt/bluedroid/stack/btm/btm_devctl.c index 00d580b3e..94e143bfe 100644 --- a/components/bt/bluedroid/stack/btm/btm_devctl.c +++ b/components/bt/bluedroid/stack/btm/btm_devctl.c @@ -533,7 +533,7 @@ void btm_read_local_name_complete (UINT8 *p, UINT16 evt_len) UINT8 status; UNUSED(evt_len); - btu_stop_timer (&btm_cb.devcb.rln_timer); + btu_free_timer (&btm_cb.devcb.rln_timer); /* If there was a callback address for read local name, call it */ btm_cb.devcb.p_rln_cmpl_cb = NULL; diff --git a/components/bt/bluedroid/stack/btm/btm_inq.c b/components/bt/bluedroid/stack/btm/btm_inq.c index d9baa4b81..010d1d93c 100644 --- a/components/bt/bluedroid/stack/btm/btm_inq.c +++ b/components/bt/bluedroid/stack/btm/btm_inq.c @@ -1359,6 +1359,12 @@ void btm_inq_db_init (void) #if 0 /* cleared in btm_init; put back in if called from anywhere else! */ memset (&btm_cb.btm_inq_vars, 0, sizeof (tBTM_INQUIRY_VAR_ST)); #endif + + btu_free_timer(&btm_cb.btm_inq_vars.rmt_name_timer_ent); + memset(&btm_cb.btm_inq_vars.rmt_name_timer_ent, 0, sizeof(TIMER_LIST_ENT)); + btu_free_timer(&btm_cb.btm_inq_vars.inq_timer_ent); + memset(&btm_cb.btm_inq_vars.inq_timer_ent, 0, sizeof(TIMER_LIST_ENT)); + btm_cb.btm_inq_vars.no_inc_ssp = BTM_NO_SSP_ON_INQUIRY; } diff --git a/components/bt/bluedroid/stack/btu/btu_task.c b/components/bt/bluedroid/stack/btu/btu_task.c index f3a738359..ee6bb6d86 100644 --- a/components/bt/bluedroid/stack/btu/btu_task.c +++ b/components/bt/bluedroid/stack/btu/btu_task.c @@ -513,15 +513,12 @@ void btu_free_timer(TIMER_LIST_ENT *p_tle) { assert(p_tle != NULL); - if (p_tle->in_use == FALSE) { - return; - } p_tle->in_use = FALSE; // Get the alarm for the timer list entry. osi_alarm_t *alarm = hash_map_get(btu_general_alarm_hash_map, p_tle); if (alarm == NULL) { - LOG_WARN("%s Unable to find expected alarm in hashmap", __func__); + LOG_DEBUG("%s Unable to find expected alarm in hashmap", __func__); return; } osi_alarm_cancel(alarm); @@ -615,6 +612,23 @@ void btu_stop_quick_timer(TIMER_LIST_ENT *p_tle) } osi_alarm_cancel(alarm); } + +void btu_free_quick_timer(TIMER_LIST_ENT *p_tle) +{ + assert(p_tle != NULL); + + p_tle->in_use = FALSE; + + // Get the alarm for the timer list entry. + osi_alarm_t *alarm = hash_map_get(btu_l2cap_alarm_hash_map, p_tle); + if (alarm == NULL) { + LOG_DEBUG("%s Unable to find expected alarm in hashmap", __func__); + return; + } + osi_alarm_cancel(alarm); + hash_map_erase(btu_l2cap_alarm_hash_map, p_tle); +} + #endif /* defined(QUICK_TIMER_TICKS_PER_SEC) && (QUICK_TIMER_TICKS_PER_SEC > 0) */ void btu_oneshot_alarm_cb(void *data) diff --git a/components/bt/bluedroid/stack/gatt/gatt_main.c b/components/bt/bluedroid/stack/gatt/gatt_main.c index cf5c0e3ad..7ceb67ddc 100644 --- a/components/bt/bluedroid/stack/gatt/gatt_main.c +++ b/components/bt/bluedroid/stack/gatt/gatt_main.c @@ -173,6 +173,13 @@ void gatt_free(void) fixed_queue_free(gatt_cb.tcb[i].pending_ind_q, NULL); gatt_cb.tcb[i].pending_ind_q = NULL; + + btu_free_timer(&gatt_cb.tcb[i].conf_timer_ent); + memset(&gatt_cb.tcb[i].conf_timer_ent, 0, sizeof(TIMER_LIST_ENT)); + + btu_free_timer(&gatt_cb.tcb[i].ind_ack_timer_ent); + memset(&gatt_cb.tcb[i].ind_ack_timer_ent, 0, sizeof(TIMER_LIST_ENT)); + #if (GATTS_INCLUDED == TRUE) fixed_queue_free(gatt_cb.tcb[i].sr_cmd.multi_rsp_q, NULL); gatt_cb.tcb[i].sr_cmd.multi_rsp_q = NULL; diff --git a/components/bt/bluedroid/stack/gatt/gatt_utils.c b/components/bt/bluedroid/stack/gatt/gatt_utils.c index 5b0db44e9..98339c04e 100644 --- a/components/bt/bluedroid/stack/gatt/gatt_utils.c +++ b/components/bt/bluedroid/stack/gatt/gatt_utils.c @@ -1683,6 +1683,7 @@ tGATT_CLCB *gatt_clcb_alloc (UINT16 conn_id) void gatt_clcb_dealloc (tGATT_CLCB *p_clcb) { if (p_clcb && p_clcb->in_use) { + btu_free_timer(&p_clcb->rsp_timer_ent); memset(p_clcb, 0, sizeof(tGATT_CLCB)); } } @@ -2211,8 +2212,8 @@ void gatt_cleanup_upon_disc(BD_ADDR bda, UINT16 reason, tBT_TRANSPORT transport) } } - btu_stop_timer (&p_tcb->ind_ack_timer_ent); - btu_stop_timer (&p_tcb->conf_timer_ent); + btu_free_timer (&p_tcb->ind_ack_timer_ent); + btu_free_timer (&p_tcb->conf_timer_ent); gatt_free_pending_ind(p_tcb); gatt_free_pending_enc_queue(p_tcb); gatt_free_pending_prepare_write_queue(p_tcb); diff --git a/components/bt/bluedroid/stack/include/btu.h b/components/bt/bluedroid/stack/include/btu.h index 0401e471c..c59fb7f56 100644 --- a/components/bt/bluedroid/stack/include/btu.h +++ b/components/bt/bluedroid/stack/include/btu.h @@ -246,6 +246,7 @@ void btu_uipc_rx_cback(BT_HDR *p_msg); #if defined(QUICK_TIMER_TICKS_PER_SEC) && (QUICK_TIMER_TICKS_PER_SEC > 0) void btu_start_quick_timer (TIMER_LIST_ENT *p_tle, UINT16 type, UINT32 timeout); void btu_stop_quick_timer (TIMER_LIST_ENT *p_tle); +void btu_free_quick_timer (TIMER_LIST_ENT *p_tle); void btu_process_quick_timer_evt (void); #endif diff --git a/components/bt/bluedroid/stack/l2cap/include/l2c_int.h b/components/bt/bluedroid/stack/l2cap/include/l2c_int.h index 44ef74b28..e65b328cf 100644 --- a/components/bt/bluedroid/stack/l2cap/include/l2c_int.h +++ b/components/bt/bluedroid/stack/l2cap/include/l2c_int.h @@ -767,7 +767,7 @@ extern BOOLEAN l2c_fcr_renegotiate_chan(tL2C_CCB *p_ccb, tL2CAP_CFG_INFO *p_cfg extern UINT8 l2c_fcr_process_peer_cfg_req(tL2C_CCB *p_ccb, tL2CAP_CFG_INFO *p_cfg); extern void l2c_fcr_adj_monitor_retran_timeout (tL2C_CCB *p_ccb); extern void l2c_fcr_stop_timer (tL2C_CCB *p_ccb); - +extern void l2c_fcr_free_timer (tL2C_CCB *p_ccb); /* Functions provided by l2c_ble.c ************************************ */ diff --git a/components/bt/bluedroid/stack/l2cap/l2c_fcr.c b/components/bt/bluedroid/stack/l2cap/l2c_fcr.c index 640e4908c..10f0c5954 100644 --- a/components/bt/bluedroid/stack/l2cap/l2c_fcr.c +++ b/components/bt/bluedroid/stack/l2cap/l2c_fcr.c @@ -201,6 +201,21 @@ void l2c_fcr_stop_timer (tL2C_CCB *p_ccb) } } +/******************************************************************************* +** +** Function l2c_fcr_free_timer +** +** Description This function releases the (monitor or transmission) timer. +** +** Returns - +** +*******************************************************************************/ +void l2c_fcr_free_timer (tL2C_CCB *p_ccb) +{ + assert(p_ccb != NULL); + btu_free_quick_timer (&p_ccb->fcrb.mon_retrans_timer); +} + /******************************************************************************* ** ** Function l2c_fcr_cleanup @@ -232,9 +247,12 @@ void l2c_fcr_cleanup (tL2C_CCB *p_ccb) fixed_queue_free(p_fcrb->retrans_q, osi_free_func); p_fcrb->retrans_q = NULL; - btu_stop_quick_timer (&p_fcrb->ack_timer); - btu_stop_quick_timer (&p_ccb->fcrb.mon_retrans_timer); - + btu_free_quick_timer (&p_fcrb->ack_timer); + memset(&p_fcrb->ack_timer, 0, sizeof(TIMER_LIST_ENT)); + + btu_free_quick_timer (&p_ccb->fcrb.mon_retrans_timer); + memset(&p_fcrb->mon_retrans_timer, 0, sizeof(TIMER_LIST_ENT)); + #if (L2CAP_ERTM_STATS == TRUE) if ( (p_ccb->local_cid >= L2CAP_BASE_APPL_CID) && (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) ) { UINT32 dur = osi_time_get_os_boottime_ms() - p_ccb->fcrb.connect_tick_count; diff --git a/components/bt/bluedroid/stack/l2cap/l2c_utils.c b/components/bt/bluedroid/stack/l2cap/l2c_utils.c index b40146183..119b1f8e6 100644 --- a/components/bt/bluedroid/stack/l2cap/l2c_utils.c +++ b/components/bt/bluedroid/stack/l2cap/l2c_utils.c @@ -54,8 +54,11 @@ tL2C_LCB *l2cu_allocate_lcb (BD_ADDR p_bd_addr, BOOLEAN is_bonding, tBT_TRANSPOR for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { if (!p_lcb->in_use) { + btu_free_timer(&p_lcb->timer_entry); + btu_free_timer(&p_lcb->info_timer_entry); + btu_free_timer(&p_lcb->upda_con_timer); + memset (p_lcb, 0, sizeof (tL2C_LCB)); - memcpy (p_lcb->remote_bd_addr, p_bd_addr, BD_ADDR_LEN); p_lcb->in_use = TRUE; @@ -127,10 +130,14 @@ void l2cu_release_lcb (tL2C_LCB *p_lcb) p_lcb->in_use = FALSE; p_lcb->is_bonding = FALSE; - /* Stop timers */ - btu_stop_timer (&p_lcb->timer_entry); - btu_stop_timer (&p_lcb->info_timer_entry); - + /* Stop and release timers */ + btu_free_timer (&p_lcb->timer_entry); + memset(&p_lcb->timer_entry, 0, sizeof(TIMER_LIST_ENT)); + btu_free_timer (&p_lcb->info_timer_entry); + memset(&p_lcb->info_timer_entry, 0, sizeof(TIMER_LIST_ENT)); + btu_free_timer(&p_lcb->upda_con_timer); + memset(&p_lcb->upda_con_timer, 0, sizeof(TIMER_LIST_ENT)); + /* Release any unfinished L2CAP packet on this link */ if (p_lcb->p_hcit_rcv_acl) { osi_free(p_lcb->p_hcit_rcv_acl); @@ -1476,25 +1483,24 @@ tL2C_CCB *l2cu_allocate_ccb (tL2C_LCB *p_lcb, UINT16 cid) memset (&p_ccb->ertm_info, 0, sizeof(tL2CAP_ERTM_INFO)); p_ccb->peer_cfg_already_rejected = FALSE; p_ccb->fcr_cfg_tries = L2CAP_MAX_FCR_CFG_TRIES; + + /* stop and release timers */ + btu_free_quick_timer(&p_ccb->fcrb.ack_timer); + memset(&p_ccb->fcrb.ack_timer, 0, sizeof(TIMER_LIST_ENT)); p_ccb->fcrb.ack_timer.param = (TIMER_PARAM_TYPE)p_ccb; - - /* if timer is running, remove it from timer list */ - if (p_ccb->fcrb.ack_timer.in_use) { - btu_stop_quick_timer (&p_ccb->fcrb.ack_timer); - } - + + btu_free_quick_timer(&p_ccb->fcrb.mon_retrans_timer); + memset(&p_ccb->fcrb.mon_retrans_timer, 0, sizeof(TIMER_LIST_ENT)); p_ccb->fcrb.mon_retrans_timer.param = (TIMER_PARAM_TYPE)p_ccb; // btla-specific ++ /* CSP408639 Fix: When L2CAP send amp move channel request or receive * L2CEVT_AMP_MOVE_REQ do following sequence. Send channel move * request -> Stop retrans/monitor timer -> Change channel state to CST_AMP_MOVING. */ - if (p_ccb->fcrb.mon_retrans_timer.in_use) { - btu_stop_quick_timer (&p_ccb->fcrb.mon_retrans_timer); - } // btla-specific -- + #if (CLASSIC_BT_INCLUDED == TRUE) - l2c_fcr_stop_timer (p_ccb); + l2c_fcr_free_timer (p_ccb); #endif ///CLASSIC_BT_INCLUDED == TRUE p_ccb->ertm_info.preferred_mode = L2CAP_FCR_BASIC_MODE; /* Default mode for channel is basic mode */ p_ccb->ertm_info.allowed_modes = L2CAP_FCR_CHAN_OPT_BASIC; /* Default mode for channel is basic mode */ @@ -1531,6 +1537,8 @@ tL2C_CCB *l2cu_allocate_ccb (tL2C_LCB *p_lcb, UINT16 cid) p_ccb->is_flushable = FALSE; #endif + btu_free_timer(&p_ccb->timer_entry); + memset(&p_ccb->timer_entry, 0, sizeof(TIMER_LIST_ENT)); p_ccb->timer_entry.param = (TIMER_PARAM_TYPE)p_ccb; p_ccb->timer_entry.in_use = 0; @@ -1628,9 +1636,8 @@ void l2cu_release_ccb (tL2C_CCB *p_ccb) btm_sec_clr_temp_auth_service (p_lcb->remote_bd_addr); } - /* Stop the timer */ - btu_stop_timer (&p_ccb->timer_entry); - + /* Stop and free the timer */ + btu_free_timer (&p_ccb->timer_entry); fixed_queue_free(p_ccb->xmit_hold_q, osi_free_func); p_ccb->xmit_hold_q = NULL; diff --git a/components/bt/bluedroid/stack/rfcomm/include/rfc_int.h b/components/bt/bluedroid/stack/rfcomm/include/rfc_int.h index 9194583e5..35a706ce2 100644 --- a/components/bt/bluedroid/stack/rfcomm/include/rfc_int.h +++ b/components/bt/bluedroid/stack/rfcomm/include/rfc_int.h @@ -296,8 +296,10 @@ tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator) extern void rfc_release_multiplexer_channel (tRFC_MCB *p_rfc_mcb); extern void rfc_timer_start (tRFC_MCB *p_rfc_mcb, UINT16 timeout); extern void rfc_timer_stop (tRFC_MCB *p_rfc_mcb); +extern void rfc_timer_free (tRFC_MCB *p_rfc_mcb); extern void rfc_port_timer_start (tPORT *p_port, UINT16 tout); extern void rfc_port_timer_stop (tPORT *p_port); +extern void rfc_port_timer_free (tPORT *p_port); BOOLEAN rfc_check_uih_fcs (UINT8 dlci, UINT8 received_fcs); BOOLEAN rfc_check_fcs (UINT16 len, UINT8 *p, UINT8 received_fcs); diff --git a/components/bt/bluedroid/stack/rfcomm/port_utils.c b/components/bt/bluedroid/stack/rfcomm/port_utils.c index 19e208839..a4f6c05ff 100644 --- a/components/bt/bluedroid/stack/rfcomm/port_utils.c +++ b/components/bt/bluedroid/stack/rfcomm/port_utils.c @@ -265,6 +265,7 @@ void port_release_port (tPORT *p_port) memcpy (p_port->bd_addr, BT_BD_ANY, BD_ADDR_LEN); } else { RFCOMM_TRACE_DEBUG ("port_release_port:Clean-up handle:%d", p_port->inx); + rfc_port_timer_free (p_port); memset (p_port, 0, sizeof (tPORT)); } } @@ -568,4 +569,4 @@ void port_flow_control_peer(tPORT *p_port, BOOLEAN enable, UINT16 count) } -#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE) \ No newline at end of file +#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE) diff --git a/components/bt/bluedroid/stack/rfcomm/rfc_utils.c b/components/bt/bluedroid/stack/rfcomm/rfc_utils.c index 6521fb484..7214ffdd8 100644 --- a/components/bt/bluedroid/stack/rfcomm/rfc_utils.c +++ b/components/bt/bluedroid/stack/rfcomm/rfc_utils.c @@ -169,6 +169,7 @@ tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator) if (rfc_cb.port.rfc_mcb[j].state == RFC_MX_STATE_IDLE) { /* New multiplexer control block */ fixed_queue_free(p_mcb->cmd_q, NULL); + rfc_timer_free(p_mcb); memset (p_mcb, 0, sizeof (tRFC_MCB)); memcpy (p_mcb->bd_addr, bd_addr, BD_ADDR_LEN); RFCOMM_TRACE_DEBUG("rfc_alloc_multiplexer_channel:is_initiator:%d, create new p_mcb:%p, index:%d", @@ -201,7 +202,7 @@ void osi_free_fun(void *p){ void rfc_release_multiplexer_channel (tRFC_MCB *p_mcb) { - rfc_timer_stop (p_mcb); + rfc_timer_free (p_mcb); fixed_queue_free(p_mcb->cmd_q, osi_free_fun); @@ -228,7 +229,6 @@ void rfc_timer_start (tRFC_MCB *p_mcb, UINT16 timeout) btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_MFC, timeout); } - /******************************************************************************* ** ** Function rfc_timer_stop @@ -243,6 +243,20 @@ void rfc_timer_stop (tRFC_MCB *p_mcb) btu_stop_timer (&p_mcb->tle); } +/******************************************************************************* +** +** Function rfc_timer_free +** +** Description Stop and free RFC Timer +** +*******************************************************************************/ +void rfc_timer_free (tRFC_MCB *p_mcb) +{ + RFCOMM_TRACE_EVENT ("rfc_timer_free"); + + btu_free_timer (&p_mcb->tle); + memset(&p_mcb->tle, 0, sizeof(TIMER_LIST_ENT)); +} /******************************************************************************* ** @@ -262,7 +276,6 @@ void rfc_port_timer_start (tPORT *p_port, UINT16 timeout) btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_PORT, timeout); } - /******************************************************************************* ** ** Function rfc_port_timer_stop @@ -274,9 +287,23 @@ void rfc_port_timer_stop (tPORT *p_port) { RFCOMM_TRACE_EVENT ("rfc_port_timer_stop"); - btu_free_timer (&p_port->rfc.tle); + btu_stop_timer (&p_port->rfc.tle); } +/******************************************************************************* +** +** Function rfc_port_timer_free +** +** Description Stop and free RFC Timer +** +*******************************************************************************/ +void rfc_port_timer_free (tPORT *p_port) +{ + RFCOMM_TRACE_EVENT ("rfc_port_timer_stop"); + + btu_free_timer (&p_port->rfc.tle); + memset(&p_port->rfc.tle, 0, sizeof(TIMER_LIST_ENT)); +} /******************************************************************************* ** @@ -480,4 +507,4 @@ void rfc_check_send_cmd(tRFC_MCB *p_mcb, BT_HDR *p_buf) } -#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE) \ No newline at end of file +#endif ///(defined RFCOMM_INCLUDED && RFCOMM_INCLUDED == TRUE) diff --git a/components/bt/bluedroid/stack/sdp/sdp_utils.c b/components/bt/bluedroid/stack/sdp/sdp_utils.c index 223c27400..271013fca 100644 --- a/components/bt/bluedroid/stack/sdp/sdp_utils.c +++ b/components/bt/bluedroid/stack/sdp/sdp_utils.c @@ -119,6 +119,7 @@ tCONN_CB *sdpu_allocate_ccb (void) /* Look through each connection control block for a free one */ for (xx = 0, p_ccb = sdp_cb.ccb; xx < SDP_MAX_CONNECTIONS; xx++, p_ccb++) { if (p_ccb->con_state == SDP_STATE_IDLE) { + btu_free_timer(&p_ccb->timer_entry); memset (p_ccb, 0, sizeof (tCONN_CB)); p_ccb->timer_entry.param = (UINT32) p_ccb; @@ -143,8 +144,8 @@ tCONN_CB *sdpu_allocate_ccb (void) *******************************************************************************/ void sdpu_release_ccb (tCONN_CB *p_ccb) { - /* Ensure timer is stopped */ - btu_stop_timer (&p_ccb->timer_entry); + /* Ensure timer is stopped and released */ + btu_free_timer(&p_ccb->timer_entry); /* Drop any response pointer we may be holding */ p_ccb->con_state = SDP_STATE_IDLE;