component/bt: free timer resources after using them

Bluedroid use a set of timer function pairs such as btu_start_timer/btu_stop_timer, btu_sys_start_timer/btu_sys_stop_timer for use, in a lack of timer release functions. Thus the timers may be exhausted after some event sequence such as repetition of connection/reconnection with different devices. The maximum timer number used in bluedroid is given by ALARM_CBS_NUM which is 30 for now. This bugfix borrowed some update from bluedroid in Andoroid 7.0, which add timer release functions which promote the recycle of timer resources.

Author: wmy-espressif

components/bt/bluedroid/bta/av/bta_av_act.c

@@ -1268,6 +1268,11 @@ void bta_av_disable(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data)
         hdr.layer_specific = xx + 1;
         bta_av_api_deregister((tBTA_AV_DATA *)&hdr);
     }
+
+    bta_sys_free_timer(&p_cb->sig_tmr);
+    memset(&p_cb->sig_tmr, 0, sizeof(TIMER_LIST_ENT));
+    bta_sys_free_timer(&p_cb->acp_sig_tmr);
+    memset(&p_cb->acp_sig_tmr, 0, sizeof(TIMER_LIST_ENT));
 }
 
 /*******************************************************************************

components/bt/bluedroid/bta/dm/bta_dm_act.c

@@ -282,6 +282,47 @@ void bta_dm_enable(tBTA_DM_MSG *p_data)
     }
 }
 
+/*******************************************************************************
+ *
+ * Function         bta_dm_init_cb
+ *
+ * Description      Initializes the bta_dm_cb control block
+ *
+ *
+ * Returns          void
+ *
+ ******************************************************************************/
+void bta_dm_init_cb(void)
+{
+    memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
+}
+
+/*******************************************************************************
+ *
+ * Function         bta_dm_deinit_cb
+ *
+ * Description      De-initializes the bta_dm_cb control block
+ *
+ *
+ * Returns          void
+ *
+ ******************************************************************************/
+void bta_dm_deinit_cb(void)
+{
+    bta_sys_free_timer(&bta_dm_cb.disable_timer);
+#if ( BTA_EIR_CANNED_UUID_LIST != TRUE )
+    bta_sys_free_timer(&bta_dm_cb.app_ready_timer);
+#endif
+#if BTM_SSR_INCLUDED == TRUE
+    for (size_t i = 0; i < BTA_DM_NUM_PM_TIMER; i++) {
+        for (size_t j = 0; j < BTA_DM_PM_MODE_TIMER_MAX; j++) {
+            bta_sys_free_timer(&bta_dm_cb.pm_timer[i].timer[j]);
+        }
+    }
+#endif
+    memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
+}
+
 /*******************************************************************************
 **
 ** Function         bta_dm_sys_hw_cback
@@ -318,7 +359,15 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status )
         }
 
         /* reinitialize the control block */
-        memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
+        bta_dm_deinit_cb();
+
+        bta_sys_free_timer(&bta_dm_search_cb.search_timer);
+#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
+#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE)
+        bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer);
+#endif
+#endif
+        memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb));
 
         /* unregister from SYS */
         bta_sys_hw_unregister( BTA_SYS_HW_BLUETOOTH );
@@ -332,11 +381,18 @@ static void bta_dm_sys_hw_cback( tBTA_SYS_HW_EVT status )
         /* save security callback */
         temp_cback = bta_dm_cb.p_sec_cback;
         /* make sure the control block is properly initialized */
-        memset(&bta_dm_cb, 0, sizeof(bta_dm_cb));
+        bta_dm_init_cb();
+
         /* and retrieve the callback */
         bta_dm_cb.p_sec_cback = temp_cback;
         bta_dm_cb.is_bta_dm_active = TRUE;
 
+        bta_sys_free_timer(&bta_dm_search_cb.search_timer);
+#if ((defined BLE_INCLUDED) && (BLE_INCLUDED == TRUE))
+#if ((defined BTA_GATT_INCLUDED) && (BTA_GATT_INCLUDED == TRUE) && SDP_INCLUDED == TRUE)
+        bta_sys_free_timer(&bta_dm_search_cb.gatt_close_timer);
+#endif
+#endif
         /* hw is ready, go on with BTA DM initialization */
         memset(&bta_dm_search_cb, 0x00, sizeof(bta_dm_search_cb));
 #if (BTM_SSR_INCLUDED == TRUE)

components/bt/bluedroid/bta/gatt/bta_gattc_act.c

@@ -48,8 +48,6 @@
 
 #if GATTC_INCLUDED == TRUE && BLE_INCLUDED == TRUE
 
-static osi_mutex_t write_ccc_mutex;
-
 /*****************************************************************************
 **  Constants
 *****************************************************************************/
@@ -129,9 +127,9 @@ static void bta_gattc_enable(tBTA_GATTC_CB *p_cb)
         memset(&bta_gattc_cb, 0, sizeof(tBTA_GATTC_CB));
         p_cb->state = BTA_GATTC_STATE_ENABLED;
         // Create a write ccc mutex when the gatt client enable
-        osi_mutex_new(&write_ccc_mutex);
+        osi_mutex_new(&bta_gattc_cb.write_ccc_mutex);
     } else {
-        APPL_TRACE_DEBUG("GATTC is arelady enabled");
+        APPL_TRACE_DEBUG("GATTC is already enabled");
     }
 }
 
@@ -157,7 +155,7 @@ void bta_gattc_disable(tBTA_GATTC_CB *p_cb)
         return;
     }
     // Free the write ccc mutex when the gatt client disable
-    osi_mutex_free(&write_ccc_mutex);
+    osi_mutex_free(&bta_gattc_cb.write_ccc_mutex);
 
     for (i = 0; i < BTA_GATTC_CL_MAX; i ++) {
         if (p_cb->cl_rcb[i].in_use) {
@@ -1644,16 +1642,16 @@ static void bta_gattc_conn_cback(tGATT_IF gattc_if, BD_ADDR bda, UINT16 conn_id,
     else if ((transport == BT_TRANSPORT_LE) && (connected == FALSE) && (p_conn != NULL)){
             p_conn->service_change_ccc_written = FALSE;
             if (p_conn->ccc_timer_used == TRUE){
-                assert(write_ccc_mutex != NULL);
-                osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
+                assert(bta_gattc_cb.write_ccc_mutex != NULL);
+                osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
 
                 if (p_conn->service_change_ccc_timer.param != 0) {
                     osi_free((void *)p_conn->service_change_ccc_timer.param);
                     p_conn->service_change_ccc_timer.param = (TIMER_PARAM_TYPE)0;
                 }
                 bta_sys_stop_timer(&(p_conn->service_change_ccc_timer));
                 p_conn->ccc_timer_used = FALSE;
-                osi_mutex_unlock(&write_ccc_mutex);
+                osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
             }
     }
 
@@ -2354,22 +2352,22 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle)
     BOOLEAN start_ccc_timer = FALSE;
     UINT32 new_timeout;
 
-    assert(write_ccc_mutex != NULL);
-    osi_mutex_lock(&write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
+    assert(bta_gattc_cb.write_ccc_mutex != NULL);
+    osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
 
     tBTA_GATTC_WAIT_CCC_TIMER *p_timer_param = (tBTA_GATTC_WAIT_CCC_TIMER*) p_tle->param;
     p_tle->param = (TIMER_PARAM_TYPE)0;
     if (p_timer_param == NULL){
         APPL_TRACE_ERROR("p_timer_param is NULL in %s\n", __func__);
-        osi_mutex_unlock(&write_ccc_mutex);
+        osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
         return;
     }
 
     tBTA_GATTC_CONN *p_conn = bta_gattc_conn_find(p_timer_param->remote_bda);
     if (p_conn == NULL){
         APPL_TRACE_ERROR("p_conn is NULL in %s\n", __func__);
         osi_free(p_timer_param);
-        osi_mutex_unlock(&write_ccc_mutex);
+        osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
         return;
     }
 
@@ -2401,7 +2399,7 @@ static void bta_gattc_wait4_service_change_ccc_cback (TIMER_LIST_ENT *p_tle)
     }
 
     osi_free(p_timer_param);
-    osi_mutex_unlock(&write_ccc_mutex);
+    osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
 }
 
 #endif

components/bt/bluedroid/bta/gatt/bta_gattc_utils.c

@@ -862,6 +862,10 @@ BOOLEAN bta_gattc_conn_dealloc(BD_ADDR remote_bda)
     if (p_conn != NULL) {
         p_conn->in_use = FALSE;
         memset(p_conn->remote_bda, 0, BD_ADDR_LEN);
+        osi_mutex_lock(&bta_gattc_cb.write_ccc_mutex, OSI_MUTEX_MAX_TIMEOUT);
+        bta_sys_free_timer(&p_conn->service_change_ccc_timer);
+        p_conn->ccc_timer_used = FALSE;
+        osi_mutex_unlock(&bta_gattc_cb.write_ccc_mutex);
         return TRUE;
     }
     return FALSE;

components/bt/bluedroid/bta/include/bta_gattc_int.h

@@ -30,6 +30,7 @@
 #include "bta_gattc_ci.h"
 #include "bta_gattc_co.h"
 #include "fixed_queue.h"
+#include "mutex.h"
 
 /*****************************************************************************
 **  Constants and data types
@@ -357,8 +358,8 @@ enum {
 };
 
 typedef struct {
-    UINT8             state;
-
+    UINT8               state;
+    osi_mutex_t         write_ccc_mutex;
     tBTA_GATTC_CONN     conn_track[BTA_GATTC_CONN_MAX];
     tBTA_GATTC_BG_TCK   bg_track[BTA_GATTC_KNOWN_SR_MAX];
     tBTA_GATTC_RCB      cl_rcb[BTA_GATTC_CL_MAX];

components/bt/bluedroid/bta/include/bta_sys.h

@@ -224,6 +224,7 @@ extern UINT16 bta_sys_get_sys_features(void);
 extern void bta_sys_sendmsg(void *p_msg);
 extern void bta_sys_start_timer(TIMER_LIST_ENT *p_tle, UINT16 type, INT32 timeout_ms);
 extern void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle);
+extern void bta_sys_free_timer(TIMER_LIST_ENT *p_tle);
 extern void bta_sys_disable(tBTA_SYS_HW_MODULE module);
 extern UINT32 bta_sys_get_remaining_ticks(TIMER_LIST_ENT *p_target_tle);
 

components/bt/bluedroid/bta/sys/bta_sys_main.c

@@ -657,6 +657,28 @@ void bta_sys_stop_timer(TIMER_LIST_ENT *p_tle)
     osi_alarm_cancel(alarm);
 }
 
+/*******************************************************************************
+**
+** Function         bta_sys_free_timer
+**
+** Description      Stop and free a BTA timer.
+**
+** Returns          void
+**
+*******************************************************************************/
+void bta_sys_free_timer(TIMER_LIST_ENT *p_tle)
+{
+    assert(p_tle != NULL);
+
+    osi_alarm_t *alarm = hash_map_get(bta_alarm_hash_map, p_tle);
+    if (alarm == NULL) {
+        LOG_DEBUG("%s expected alarm was not in bta alarm hash map.", __func__);
+        return;
+    }
+    osi_alarm_cancel(alarm);
+    hash_map_erase(bta_alarm_hash_map, p_tle);
+}
+
 /*******************************************************************************
 **
 ** Function         bta_sys_disable

components/bt/bluedroid/stack/avdt/avdt_ccb.c

@@ -407,7 +407,7 @@ void avdt_ccb_dealloc(tAVDT_CCB *p_ccb, tAVDT_CCB_EVT *p_data)
     UNUSED(p_data);
 
     AVDT_TRACE_DEBUG("avdt_ccb_dealloc %d\n", avdt_ccb_to_idx(p_ccb));
-    btu_stop_timer(&p_ccb->timer_entry);
+    btu_free_timer(&p_ccb->timer_entry);
     fixed_queue_free(p_ccb->cmd_q, NULL);
     fixed_queue_free(p_ccb->rsp_q, NULL);
     memset(p_ccb, 0, sizeof(tAVDT_CCB));

components/bt/bluedroid/stack/avdt/avdt_scb.c

@@ -644,7 +644,7 @@ void avdt_scb_dealloc(tAVDT_SCB *p_scb, tAVDT_SCB_EVT *p_data)
     UNUSED(p_data);
 
     AVDT_TRACE_DEBUG("avdt_scb_dealloc hdl=%d\n", avdt_scb_to_hdl(p_scb));
-    btu_stop_timer(&p_scb->timer_entry);
+    btu_free_timer(&p_scb->timer_entry);
 
 #if AVDT_MULTIPLEXING == TRUE
     /* free fragments we're holding, if any; it shouldn't happen */

components/bt/bluedroid/stack/btm/btm_ble_gap.c

@@ -3740,6 +3740,9 @@ void btm_ble_init (void)
 
     BTM_TRACE_DEBUG("%s", __func__);
 
+    btu_free_timer(&p_cb->obs_timer_ent);
+    btu_free_timer(&p_cb->scan_timer_ent);
+    btu_free_timer(&p_cb->inq_var.fast_adv_timer);
     memset(p_cb, 0, sizeof(tBTM_BLE_CB));
     memset(&(btm_cb.cmn_ble_vsc_cb), 0 , sizeof(tBTM_BLE_VSC_CB));
     btm_cb.cmn_ble_vsc_cb.values_read = FALSE;