fix a2dp sink crash due to ble 5.0 code

2025-08-03 20:54:32 +02:00 · 2021-01-27 14:16:41 +08:00
parent f7a8593a3b
commit 081e474baf
5 changed files with 32 additions and 20 deletions
--- a/components/bt/host/bluedroid/hci/hci_layer.c
+++ b/components/bt/host/bluedroid/hci/hci_layer.c
@@ -440,8 +440,14 @@ static bool filter_incoming_event(BT_HDR *packet)
        } else if (wait_entry->complete_callback) {
            wait_entry->complete_callback(packet, wait_entry->context);
 #if (BLE_50_FEATURE_SUPPORT == TRUE)
-            if (wait_entry->command->sem) {
-                osi_sem_give(&wait_entry->command->sem);
+            BlE_SYNC *sync_info =  btsnd_hcic_ble_get_sync_info();
+            if(!sync_info) {
+                HCI_TRACE_WARNING("%s sync_info is NULL. opcode = 0x%x", __func__, opcode);
+            } else {
+                if (sync_info->sync_sem && sync_info->opcode == opcode) {
+                    osi_sem_give(&sync_info->sync_sem);
+                    sync_info->opcode = 0;
+                }
            }
 #endif // #if (BLE_50_FEATURE_SUPPORT == TRUE)
        } else if (wait_entry->complete_future) {
--- a/components/bt/host/bluedroid/stack/btu/btu_hcif.c
+++ b/components/bt/host/bluedroid/stack/btu/btu_hcif.c
@@ -455,7 +455,6 @@ void btu_hcif_send_cmd (UNUSED_ATTR UINT8 controller_id, BT_HDR *p_buf)
       ) {
        vsc_callback = *((void **)(p_buf + 1));
    }
-    p_buf->sem = NULL;

    hci_layer_get_interface()->transmit_command(
        p_buf,
@@ -474,19 +473,19 @@ UINT8 btu_hcif_send_cmd_sync (UINT8 controller_id, BT_HDR *p_buf)
        HCI_TRACE_ERROR("%s p_buf is NULL", __func__);
        return HCI_ERR_ILLEGAL_PARAMETER_FMT;
    }
-    osi_sem_t *p_sem =  btsnd_hcic_ble_get_sync_sem();
-    if((*p_sem) == NULL) {
-        HCI_TRACE_ERROR("%s semaphore is NULL", __func__);
+    BlE_SYNC *sync_info =  btsnd_hcic_ble_get_sync_info();
+    if((sync_info ==  NULL) || (sync_info->sync_sem == NULL)) {
+        HCI_TRACE_ERROR("%s sync_info error", __func__);
        return HCI_ERR_ILLEGAL_PARAMETER_FMT;
    }
    uint16_t opcode;
    uint8_t *stream = p_buf->data + p_buf->offset;
    void *vsc_callback = NULL;

-    p_buf->sem = (*p_sem);
-
    STREAM_TO_UINT16(opcode, stream);

+    sync_info->opcode = opcode;
+
    // Eww...horrible hackery here
    /* If command was a VSC, then extract command_complete callback */
    if ((opcode & HCI_GRP_VENDOR_SPECIFIC) == HCI_GRP_VENDOR_SPECIFIC
@@ -504,7 +503,7 @@ UINT8 btu_hcif_send_cmd_sync (UINT8 controller_id, BT_HDR *p_buf)
        btu_hcif_command_status_evt,
        vsc_callback);
    
-    osi_sem_take(p_sem, OSI_SEM_MAX_TIMEOUT);
+    osi_sem_take(&sync_info->sync_sem, OSI_SEM_MAX_TIMEOUT);

 #if (defined(HCILP_INCLUDED) && HCILP_INCLUDED == TRUE)
    btu_check_bt_sleep ();
--- a/components/bt/host/bluedroid/stack/hcic/hciblecmds.c
+++ b/components/bt/host/bluedroid/stack/hcic/hciblecmds.c
@@ -35,32 +35,33 @@

 #define HCI_GET_CMD_BUF(paramlen)       ((BT_HDR *)osi_malloc(HCIC_PREAMBLE_SIZE + sizeof(BT_HDR) + paramlen))
 #if (BLE_50_FEATURE_SUPPORT == TRUE)
-static uint8_t status;
-static osi_sem_t  sync_sem;
+static BlE_SYNC ble_sync_info;

 void btsnd_hcic_ble_sync_sem_init(void)
 {
-    osi_sem_new(&sync_sem, 1, 0);
+    ble_sync_info.opcode = 0;
+    osi_sem_new(&ble_sync_info.sync_sem, 1, 0);
 }

 void btsnd_hcic_ble_sync_sem_deinit(void)
 {
-    osi_sem_free(&sync_sem);
+    ble_sync_info.opcode = 0;
+    osi_sem_free(&ble_sync_info.sync_sem);
 }

-osi_sem_t *btsnd_hcic_ble_get_sync_sem(void)
+BlE_SYNC *btsnd_hcic_ble_get_sync_info(void)
 {
-    return &sync_sem;
+    return &ble_sync_info;
 }

 uint8_t btsnd_hcic_ble_get_status(void)
 {
-    return status;
+    return ble_sync_info.status;
 }

 void btsnd_hci_ble_set_status(UINT8 hci_status)
 {
-    status = hci_status;
+    ble_sync_info.status = hci_status;
    return;
 }
 #endif // #if (BLE_50_FEATURE_SUPPORT == TRUE)
--- a/components/bt/host/bluedroid/stack/include/stack/bt_types.h
+++ b/components/bt/host/bluedroid/stack/include/stack/bt_types.h
@@ -195,10 +195,16 @@ typedef struct {
    uint16_t          len;
    uint16_t          offset;
    uint16_t          layer_specific;
-    osi_sem_t         sem;
    uint8_t           data[];
 } BT_HDR;

+typedef struct {
+    uint8_t           status;
+    uint16_t          opcode;
+    osi_sem_t         sync_sem;
+} BlE_SYNC;
+
+
 #define BT_HDR_SIZE (sizeof (BT_HDR))

 #define BT_PSM_SDP                      0x0001
--- a/components/bt/host/bluedroid/stack/include/stack/hcimsgs.h
+++ b/components/bt/host/bluedroid/stack/include/stack/hcimsgs.h
@@ -726,7 +726,7 @@ void btsnd_hcic_vendor_spec_cmd (void *buffer, UINT16 opcode,
 #define HCIC_PARAM_SIZE_READ_RF_PATH_COMPENSATION      0
 #define HCIC_PARAM_SIZE_WRITE_RF_PATH_COMPENSATION     4

-osi_sem_t *btsnd_hcic_ble_get_sync_sem(void);
+BlE_SYNC *btsnd_hcic_ble_get_sync_info(void);
 void btsnd_hcic_ble_sync_sem_init(void);
 void btsnd_hcic_ble_sync_sem_deinit(void);