diff --git a/components/bt/host/bluedroid/bta/dm/bta_dm_act.c b/components/bt/host/bluedroid/bta/dm/bta_dm_act.c index 4d4e543d8a..7b95f520b4 100644 --- a/components/bt/host/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/host/bluedroid/bta/dm/bta_dm_act.c @@ -126,7 +126,7 @@ static void bta_dm_ctrl_features_rd_cmpl_cback(tBTM_STATUS result); #endif #endif #if (SMP_INCLUDED == TRUE) -static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr); +static BOOLEAN bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr); #endif ///SMP_INCLUDED == TRUE #if (BLE_INCLUDED == TRUE) static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir); @@ -3069,7 +3069,9 @@ static UINT8 bta_dm_authentication_complete_cback(BD_ADDR bd_addr, DEV_CLASS dev bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); } - bta_dm_remove_sec_dev_entry(bd_addr); + if (bta_dm_remove_sec_dev_entry(bd_addr)) { + return BTM_SEC_DEV_REC_REMOVED; + } } return BTM_SUCCESS; @@ -3740,12 +3742,13 @@ static void bta_dm_delay_role_switch_cback(TIMER_LIST_ENT *p_tle) ** remtoe device does not exist, else schedule for dev entry removal upon ACL close ** -** Returns void +** Returns TRUE if device entry is removed from Security device DB, FALSE otherwise ** *******************************************************************************/ #if (SMP_INCLUDED == TRUE) -static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) +static BOOLEAN bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) { + BOOLEAN is_device_deleted = FALSE; UINT16 index = 0; if ( BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_LE) || BTM_IsAclConnectionUp(remote_bd_addr, BT_TRANSPORT_BR_EDR)) { @@ -3763,7 +3766,7 @@ static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) APPL_TRACE_ERROR(" %s Device does not exist in DB", __FUNCTION__); } } else { - BTM_SecDeleteDevice (remote_bd_addr, bta_dm_cb.device_list.peer_device[index].transport); + is_device_deleted = BTM_SecDeleteDevice (remote_bd_addr, bta_dm_cb.device_list.peer_device[index].transport); #if (BLE_INCLUDED == TRUE && GATTC_INCLUDED == TRUE) /* need to remove all pending background connection */ BTA_GATTC_CancelOpen(0, remote_bd_addr, FALSE); @@ -3771,6 +3774,7 @@ static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr) BTA_GATTC_Refresh(remote_bd_addr, false); #endif } + return is_device_deleted; } #endif ///SMP_INCLUDED == TRUE diff --git a/components/bt/host/bluedroid/stack/btm/btm_sec.c b/components/bt/host/bluedroid/stack/btm/btm_sec.c index 50c0123f6b..673cdd4b4d 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_sec.c +++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c @@ -2981,6 +2981,7 @@ void btm_sec_rmt_name_request_complete (UINT8 *p_bd_addr, UINT8 *p_bd_name, UINT int i; DEV_CLASS dev_class; UINT8 old_sec_state; + UINT8 res; BTM_TRACE_EVENT ("btm_sec_rmt_name_request_complete\n"); if (((p_bd_addr == NULL) && !BTM_ACL_IS_CONNECTED(btm_cb.connecting_bda)) @@ -3161,9 +3162,12 @@ void btm_sec_rmt_name_request_complete (UINT8 *p_bd_addr, UINT8 *p_bd_name, UINT /* This is required when different entities receive link notification and auth complete */ if (!(p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE)) { if (btm_cb.api.p_auth_complete_callback) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, - p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, HCI_SUCCESS); + res = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + if (res == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } } @@ -3853,6 +3857,7 @@ static void btm_sec_auth_collision (UINT16 handle) #if (SMP_INCLUDED == TRUE) void btm_sec_auth_complete (UINT16 handle, UINT8 status) { + UINT8 res; UINT8 old_sm4; tBTM_PAIRING_STATE old_state = btm_cb.pairing_state; tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); @@ -3942,9 +3947,12 @@ void btm_sec_auth_complete (UINT16 handle, UINT8 status) if (btm_cb.api.p_auth_complete_callback) { /* report the authentication status */ if (old_state != BTM_PAIR_STATE_IDLE) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, - p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, status); + res = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + if (res == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } } @@ -4241,6 +4249,7 @@ void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode) { tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); UINT8 res; + UINT8 sec_dev_rec_status; BOOLEAN is_pairing_device = FALSE; tACL_CONN *p_acl_cb; UINT8 bit_shift = 0; @@ -4379,9 +4388,12 @@ void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode) /* We need to notify host that the key is not known any more */ if (btm_cb.api.p_auth_complete_callback) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, - p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, status); + sec_dev_rec_status = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + if (sec_dev_rec_status == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } } /* @@ -4412,9 +4424,12 @@ void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode) /* We need to notify host that the key is not known any more */ if (btm_cb.api.p_auth_complete_callback) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, - p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, status); + sec_dev_rec_status = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + if (sec_dev_rec_status == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } } @@ -4447,9 +4462,12 @@ void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode) } if (btm_cb.api.p_auth_complete_callback) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, - p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, HCI_SUCCESS); + sec_dev_rec_status = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + if (sec_dev_rec_status == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); @@ -4668,6 +4686,7 @@ void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_t tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (p_bda); BOOLEAN we_are_bonding = FALSE; BOOLEAN ltk_derived_lk = FALSE; + UINT8 res; BTM_TRACE_EVENT ("btm_sec_link_key_notification() BDA:%04x%08x, TYPE: %d\n", (p_bda[0] << 8) + p_bda[1], (p_bda[2] << 24) + (p_bda[3] << 16) + (p_bda[4] << 8) + p_bda[5], @@ -4772,8 +4791,11 @@ void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_t /* for derived key, always send authentication callback for BR channel */ || ltk_derived_lk) { if (btm_cb.api.p_auth_complete_callback) { - (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, - p_dev_rec->sec_bd_name, HCI_SUCCESS); + res = (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + if (res == BTM_SEC_DEV_REC_REMOVED) { + p_dev_rec = NULL; + } } } @@ -5760,9 +5782,10 @@ static char *btm_pair_state_descr (tBTM_PAIRING_STATE state) *******************************************************************************/ void btm_sec_dev_rec_cback_event (tBTM_SEC_DEV_REC *p_dev_rec, UINT8 res, BOOLEAN is_le_transport) { - tBTM_SEC_CALLBACK *p_callback = p_dev_rec->p_callback; + tBTM_SEC_CALLBACK *p_callback; - if (p_dev_rec->p_callback) { + if (p_dev_rec && p_dev_rec->p_callback) { + p_callback = p_dev_rec->p_callback; p_dev_rec->p_callback = NULL; #if BLE_INCLUDED == TRUE diff --git a/components/bt/host/bluedroid/stack/include/stack/btm_api.h b/components/bt/host/bluedroid/stack/include/stack/btm_api.h index 6c4b590fda..d2dd2c4038 100644 --- a/components/bt/host/bluedroid/stack/include/stack/btm_api.h +++ b/components/bt/host/bluedroid/stack/include/stack/btm_api.h @@ -74,6 +74,7 @@ enum { BTM_SET_PRIVACY_FAIL, /* 24 enable/disable local privacy failed*/ BTM_SET_STATIC_RAND_ADDR_FAIL, /* 25 Command failed */ BTM_INVALID_STATIC_RAND_ADDR, /* 26 invalid static rand addr */ + BTM_SEC_DEV_REC_REMOVED, /* 27 Device record relate to the bd_addr is removed */ }; typedef uint8_t tBTM_STATUS;