Conversation
…ts limit bug: v/84473 When the number of registered services exceeds the limit, records not captured by `gatt_sdp_records` will be returned. Subsequent attempts to locate pointer indices for release will fail. Signed-off-by: liuxiang18 <liuxiang18@xiaomi.com>
…`bt_conn_lookup_addr_br`. bug: v/84474 1. Add a call to bt_conn_unref(conn) 2. Use the locally stored conn in the sal layer to avoid executing `bt_conn_unref` Signed-off-by: liuxiang18 <liuxiang18@xiaomi.com>
bug: v/84474 When the peer initiates a connection, the connection callback reporting logic lacks the `bt_conn_add` entry. This prevents the subsequent SAL layer from retrieving the corresponding `bt_conn_info_t` object for the address, leading to subsequent data transmission process failures. Signed-off-by: liuxiang18 <liuxiang18@xiaomi.com>
bug: v/84474 When the SAL layer does not store the BREDR connection information, it returns info as NULL. At this point, attempting an erroneous address offset on info->conn will result in a null pointer return. Signed-off-by: liuxiang18 <liuxiang18@xiaomi.com>
liuX10
requested review from
chengkai15,
gzh-terry,
huangyulong3,
hyson710,
zhangyuan376 and
zhongzhijie1
as code owners
zhongzhijie1
left a comment
zhongzhijie1
left a comment
There was a problem hiding this comment.
LGTM. The changes look good and address several issues:
- Memory Management: Fixed potential memory leaks in
gatt_sdp_create_record(freeingattrsandrecordon failure) anddo_gatts_disconnect(addingbt_conn_unref). - Connection Tracking:
zblue_gatts_connected_callbacknow usesbt_conn_addto ensure the connection is tracked and sets theGATT_ROLE_SERVERflag. - ATT over BR/EDR Support: The changes in
send_response,send_notification, andsend_indicationcorrectly implement a fallback to look up BR/EDR connections when an LE connection is not found, which is consistent with the PR title.
There was a problem hiding this comment.
Pull request overview
This PR updates the Zephyr GATT server implementation to improve ATT-over-BR/EDR behavior, including connection bookkeeping and BR/EDR fallbacks when sending GATT responses/notifications/indications.
Changes:
- Fix SDP record creation flow to return success only when a record slot is actually reserved; free allocations on failure.
- Ensure BR/EDR disconnect path releases the
bt_connreference after lookup/disconnect. - Add BR/EDR connection fallback for server responses/notifications/indications when no LE connection is found, and ensure BR connection slots are created on connect.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (!slot->role) { | ||
| slot->role |= GATT_ROLE_SERVER; | ||
| } |
There was a problem hiding this comment.
slot->role is only updated when it is currently 0. If the connection slot already exists with GATT_ROLE_CLIENT set, this will skip setting GATT_ROLE_SERVER, leaving the role flags inconsistent for an ATT-over-BR server connection. Consider always OR-ing in GATT_ROLE_SERVER here (or using bt_conn_set_role() to merge roles consistently).
| if (!slot->role) { | |
| slot->role |= GATT_ROLE_SERVER; | |
| } | |
| slot->role |= GATT_ROLE_SERVER; |
There was a problem hiding this comment.
it is att over br, we have no gattc role to initial
| bt_conn_info_t* info; | ||
| BT_LOGW("%s, le conn null", __func__); | ||
|
|
||
| info = bt_conn_find(addr, BT_TRANSPORT_BREDR); | ||
| conn = info ? info->conn : NULL; |
There was a problem hiding this comment.
For BR/EDR-only operation, get_le_conn_from_addr() will commonly be NULL; logging this as a warning can spam logs on every response. Consider lowering this to debug, or only warning after both LE and BR lookups fail.
| bt_conn_info_t* info; | ||
| BT_LOGW("%s, le conn null", __func__); | ||
|
|
||
| context.conn = bt_conn_lookup_addr_br((bt_addr_t*)addr); | ||
| info = bt_conn_find(addr, BT_TRANSPORT_BREDR); | ||
| context.conn = info ? info->conn : NULL; |
There was a problem hiding this comment.
For BR/EDR-only operation, get_le_conn_from_addr() being NULL is expected; logging it as a warning can spam logs for frequent notifications. Consider lowering this to debug, or only warning after both LE and BR lookups fail.
| bt_conn_info_t* info; | ||
| BT_LOGW("%s, le conn null", __func__); | ||
|
|
||
| context.conn = bt_conn_lookup_addr_br((bt_addr_t*)addr); | ||
| info = bt_conn_find(addr, BT_TRANSPORT_BREDR); | ||
| context.conn = info ? info->conn : NULL; | ||
| if (!context.conn) { |
There was a problem hiding this comment.
For BR/EDR-only operation, get_le_conn_from_addr() being NULL is expected; logging it as a warning can spam logs for frequent indications. Consider lowering this to debug, or only warning after both LE and BR lookups fail.
| } | ||
|
|
||
| return record; | ||
| free(attrs); |
| context.conn = get_le_conn_from_addr(addr); | ||
| if (!context.conn) { | ||
| bt_conn_info_t* info; | ||
| BT_LOGW("%s, le conn null", __func__); |
There was a problem hiding this comment.
no le conn, find bredr conn
| slot = bt_conn_find(&addr, BT_TRANSPORT_BREDR); | ||
| slot = bt_conn_add(&addr, BT_TRANSPORT_BREDR); | ||
| if (!slot) { | ||
| BT_LOGE("%s, conn slot null", __func__); |
| context.conn = get_le_conn_from_addr(addr); | ||
| if (!context.conn) { | ||
| bt_conn_info_t* info; | ||
| BT_LOGW("%s, le conn null", __func__); |
There was a problem hiding this comment.
If this behavior is expected for BREDR, the LOG level here should not be set to warning; INFO is preferable.
zhongzhijie1
left a comment
zhongzhijie1
left a comment
There was a problem hiding this comment.
There are remaining actions. The issue is not in this PR.
5 participants
No description provided.