From 6c01ce3ae28cdc95b7790ce7c1a96a6468c89b8a Mon Sep 17 00:00:00 2001
From: xiongweichao <xiongweichao@espressif.com>
Date: Mon, 27 May 2024 17:21:14 +0800
Subject: [PATCH 1/2] fix(bt/bluedroid): Fixed L2CAP using wrong handle

- Fixed the issue of using the wrong handle to handle the BTA_JV_L2CAP_READ_EVT event.
- Closes https://github.com/espressif/esp-idf/issues/13847
---
 components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c b/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
index 5cd777c5a3..a32a56d5dd 100644
--- a/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
+++ b/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
@@ -945,7 +945,7 @@ void btc_l2cap_cb_handler(btc_msg_t *msg)
                 break; // to do disconnect
             }
             memset(p_data_buf, 0, count + sizeof(BT_HDR));
-            p_data_buf->len = BTA_JvL2capRead(p_data->data_ind.handle, slot->id, p_data_buf->data, count);
+            p_data_buf->len = BTA_JvL2capRead(p_data->l2c_read.handle, slot->id, p_data_buf->data, count);
             if (p_data_buf->len > 0) {
                 fixed_queue_enqueue(slot->rx.queue, p_data_buf, FIXED_QUEUE_MAX_TIMEOUT);
             } else {

From 4a919356ba9a66d1a83430cb8a4ec7449c57924d Mon Sep 17 00:00:00 2001
From: xiongweichao <xiongweichao@espressif.com>
Date: Mon, 27 May 2024 17:28:04 +0800
Subject: [PATCH 2/2] fix(bt/bluedroid): Fixed deadlock caused by not unlocking

---
 .../bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c       | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c b/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
index a32a56d5dd..7c5157736a 100644
--- a/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
+++ b/components/bt/host/bluedroid/btc/profile/std/l2cap/btc_l2cap.c
@@ -906,7 +906,6 @@ void btc_l2cap_cb_handler(btc_msg_t *msg)
                 fixed_queue_enqueue(slot->rx.queue, p_data_buf, FIXED_QUEUE_MAX_TIMEOUT);
             } else {
                 osi_free(p_data_buf);
-                break;
             }
         }
         osi_mutex_unlock(&l2cap_local_param.l2cap_slot_mutex);
@@ -950,7 +949,6 @@ void btc_l2cap_cb_handler(btc_msg_t *msg)
                 fixed_queue_enqueue(slot->rx.queue, p_data_buf, FIXED_QUEUE_MAX_TIMEOUT);
             } else {
                 osi_free(p_data_buf);
-                break;
             }
         }
         osi_mutex_unlock(&l2cap_local_param.l2cap_slot_mutex);
@@ -1060,7 +1058,7 @@ static ssize_t l2cap_vfs_write(int fd, const void * data, size_t size)
             if (!enqueue_status) {
                 BTC_TRACE_DEBUG("%s tx_len:%d, fd:%d\n", __func__, fixed_queue_length(slot->tx.queue), fd);
                 osi_mutex_unlock(&l2cap_local_param.l2cap_slot_mutex);
-                //block untill under water level, be closed or time out
+                //block until under water level, be closed or time out
                 tx_event_group_val =
                     xEventGroupWaitBits(l2cap_local_param.tx_event_group, SLOT_WRITE_BIT(serial) | SLOT_CLOSE_BIT(serial), pdTRUE,
                                         pdFALSE, VFS_WRITE_TIMEOUT / portTICK_PERIOD_MS);