From 689b165fc64cdd5643a11b77d87636d760b2b9c4 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Fri, 25 Jul 2025 21:53:29 +0800 Subject: [PATCH 1/4] fix(ble/bluedroid): Fix issue causing BTM_GetSecurityFlags failed (cherry picked from commit 48235c7b2501066646468b335a4aff72b5d08b3e) Co-authored-by: zhanghaipeng --- components/bt/host/bluedroid/stack/btm/btm_dev.c | 1 + components/bt/host/bluedroid/stack/btm/btm_sec.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_dev.c b/components/bt/host/bluedroid/stack/btm/btm_dev.c index f705a8dc69..c4eb88a004 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_dev.c +++ b/components/bt/host/bluedroid/stack/btm/btm_dev.c @@ -675,6 +675,7 @@ tBTM_SEC_DEV_REC *btm_find_oldest_dev (void) /* All devices are paired; find the oldest */ for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) { + p_dev_rec = list_node(p_node); if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) { continue; } diff --git a/components/bt/host/bluedroid/stack/btm/btm_sec.c b/components/bt/host/bluedroid/stack/btm/btm_sec.c index 3ed5d4b13f..ab66eb4214 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_sec.c +++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c @@ -342,7 +342,12 @@ BOOLEAN BTM_GetSecurityFlags (BD_ADDR bd_addr, UINT8 *p_sec_flags) *p_sec_flags = (UINT8) p_dev_rec->sec_flags; return (TRUE); } - BTM_TRACE_ERROR ("BTM_GetSecurityFlags false"); + + BTM_TRACE_ERROR("%s: BTM_GetSecurityFlags failed for device [%02X:%02X:%02X:%02X:%02X:%02X]", + __func__, + bd_addr[0], bd_addr[1], bd_addr[2], + bd_addr[3], bd_addr[4], bd_addr[5]); + return (FALSE); } @@ -369,7 +374,12 @@ BOOLEAN BTM_GetSecurityFlagsByTransport (BD_ADDR bd_addr, UINT8 *p_sec_flags, return (TRUE); } - BTM_TRACE_ERROR ("BTM_GetSecurityFlags false\n"); + + BTM_TRACE_ERROR("%s: BTM_GetSecurityFlags failed for device [%02X:%02X:%02X:%02X:%02X:%02X]", + __func__, + bd_addr[0], bd_addr[1], bd_addr[2], + bd_addr[3], bd_addr[4], bd_addr[5]); + return (FALSE); } From 3d9da8a2bd0cbf4e0db12aeef9cc6bddd7ea8857 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Fri, 25 Jul 2025 21:53:31 +0800 Subject: [PATCH 2/4] fix(ble/bluedroid): ensure resolving list is updated when the oldest device is removed (cherry picked from commit 61606a6f95da8e291fe6d55ea8b336467626e69b) Co-authored-by: zhanghaipeng --- components/bt/host/bluedroid/stack/btm/btm_dev.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/components/bt/host/bluedroid/stack/btm/btm_dev.c b/components/bt/host/bluedroid/stack/btm/btm_dev.c index c4eb88a004..7e1095f4a5 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_dev.c +++ b/components/bt/host/bluedroid/stack/btm/btm_dev.c @@ -368,6 +368,12 @@ tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr) } if (!new_entry_found) { p_dev_rec = btm_find_oldest_dev(); +#if (BLE_INCLUDED == TRUE) && (SMP_INCLUDED == TRUE) + // If device record exists and contains identity key, remove it from resolving list + if (p_dev_rec && (p_dev_rec->ble.key_type & SMP_SEC_KEY_TYPE_ID)) { + btm_ble_resolving_list_remove_dev(p_dev_rec); + } +#endif // (BLE_INCLUDED == TRUE) && (SMP_INCLUDED == TRUE) } else { /* if the old device entry not present go with new entry */ if (old_entry_found) { From a3caca65dbc90e0a01943a6bdd7e094946b811bb Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Fri, 25 Jul 2025 21:53:34 +0800 Subject: [PATCH 3/4] fix(ble/bluedroid): fix incorrect resolving_list_avail_size update (cherry picked from commit ac385530af62db2933fae3d5aa0bba41fa476f0c) Co-authored-by: zhanghaipeng --- .../bluedroid/stack/btm/btm_ble_privacy.c | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_ble_privacy.c b/components/bt/host/bluedroid/stack/btm/btm_ble_privacy.c index 28e0665867..39784bb11a 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_ble_privacy.c +++ b/components/bt/host/bluedroid/stack/btm/btm_ble_privacy.c @@ -50,6 +50,9 @@ #define BTM_BLE_META_READ_IRK_LEN 2 #define BTM_BLE_META_ADD_WL_ATTR_LEN 9 +#if CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE +static bool is_deleting_zero_addr; +#endif // CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE /******************************************************************************* ** Functions implemented controller based privacy using Resolving List *******************************************************************************/ @@ -343,8 +346,21 @@ void btm_ble_remove_resolving_list_entry_complete(UINT8 *p, UINT16 evt_len) btm_cb.ble_ctr_cb.resolving_list_avail_size++; } } else { - BTM_TRACE_ERROR("%s remove resolving list error 0x%x", __func__, status); +#if CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE + if (!is_deleting_zero_addr) +#endif // CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE + { + /* It's expected for some controllers to return error when deleting {0,0,0,0,0,0}, ignore that case */ + BTM_TRACE_ERROR("%s remove resolving list error, status = 0x%02x", __func__, status); + } } + +#if CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE + /* Clear zero address deletion flag regardless of outcome */ + if (is_deleting_zero_addr) { + is_deleting_zero_addr = false; + } +#endif // CONTROLLER_RPA_LIST_ENABLE && BLE_SMP_ID_RESET_ENABLE } /******************************************************************************* @@ -1139,6 +1155,7 @@ void btm_ble_resolving_list_cleanup(void) } +#if (CONTROLLER_RPA_LIST_ENABLE == TRUE) void btm_ble_add_default_entry_to_resolving_list(void) { /* @@ -1151,9 +1168,17 @@ void btm_ble_add_default_entry_to_resolving_list(void) BD_ADDR peer_addr = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; BT_OCTET16 peer_irk = {0x0}; +#if (BLE_SMP_ID_RESET_ENABLE == TRUE) // Remove the existing entry in resolving list When resetting the device identity btsnd_hcic_ble_rm_device_resolving_list(BLE_ADDR_PUBLIC, peer_addr); + is_deleting_zero_addr = true; + + btm_ble_enq_resolving_list_pending(peer_addr, BTM_BLE_META_REMOVE_IRK_ENTRY); +#endif // (BLE_SMP_ID_RESET_ENABLE == TRUE) btsnd_hcic_ble_add_device_resolving_list (BLE_ADDR_PUBLIC, peer_addr, peer_irk, btm_cb.devcb.id_keys.irk); + + btm_ble_enq_resolving_list_pending(peer_addr, BTM_BLE_META_ADD_IRK_ENTRY); } +#endif // (CONTROLLER_RPA_LIST_ENABLE == TRUE) #endif From 69829e3add2c8e66579debf230e3bd9d479f94d3 Mon Sep 17 00:00:00 2001 From: Zhang Hai Peng Date: Fri, 25 Jul 2025 21:53:37 +0800 Subject: [PATCH 4/4] fix(ble/bluedroid): Fixed fail to disconnect when device record is cleared (cherry picked from commit b6dc79af47f7a1fbed0e1193666a5470871344bb) Co-authored-by: zhanghaipeng --- components/bt/host/bluedroid/stack/btm/btm_acl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/stack/btm/btm_acl.c b/components/bt/host/bluedroid/stack/btm/btm_acl.c index 9050678589..fdce6261ff 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_acl.c +++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c @@ -2519,8 +2519,7 @@ tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr, tBT_TRANSPORT transport) } else /* otherwise can disconnect right away */ #endif { - if (hci_handle != 0xFFFF && p_dev_rec && - p_dev_rec->sec_state != BTM_SEC_STATE_DISCONNECTING) { + if (hci_handle != 0xFFFF && (( p_dev_rec && p_dev_rec->sec_state != BTM_SEC_STATE_DISCONNECTING) || (!p_dev_rec))) { if (!btsnd_hcic_disconnect (hci_handle, HCI_ERR_PEER_USER)) { status = BTM_NO_RESOURCES; }