BLE: Fix crash while starting advertising

Usecase:
1) BT on
2) Start LE Advertising from APP
3) BT Off
4) Repeat steps 1-3 multiple times

Expected Result:
No crash in BT, and BLE advertising can be started

Observed Result:
Crash in com.android.bluetooth with below signature

pid: 8313, tid: 8313, name: droid.bluetooth  >>> com.android.bluetooth <<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
Abort message: '[FATAL:btm_ble_multi_adv.cc(992)] Check failed: instance.
'
    x0   0000000000000000  x1   0000000000002079  x2   0000000000000006  x3   0000000000000008
    x4   623a4c415441465b  x5   623a4c415441465b  x6   623a4c415441465b  x7   6d5f656c625f6d74
    x8   0000000000000083  x9   0823626ef495785d  x10  00000073b7b39a48  x11  0823626ef495785d
    x12  0823626ef495785d  x13  0000000000000020  x14  ffffffffffffffdf  x15  0000000000002079
    x16  00000073b5ce62e8  x17  00000073b5c79970  x18  0000000000004000  x19  0000000000002079
    x20  0000000000002079  x21  0000000000000000  x22  0000007398bde000  x23  0000007fd0809e88
    x24  00000073a3b4c860  x25  00000073a635b578  x26  0000007398e980cc  x27  0000007398e97fd3
    x28  0000007398cb5608  x29  0000007fd0809e30  x30  00000073b5c20594
    sp   0000007fd0809df0  pc   00000073b5c79978  pstate 0000000060000000
    v0   2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e  v1   0000007fd0809be00000676f6c62696c
    v2   00000002b71fc7400000000000000000  v3   80200800000000008020000000000000
    v4   80200800000000008020080280200802  v5   00000000000000000000000000000000
    v6   00000000000000000000000000000000  v7   80200802802008028020080280200802
    v8   00000000000000000000000000000000  v9   00000000000000000000000000000000
    v10  00000000000000000000000000000000  v11  00000000000000000000000000000000
    v12  00000000000000000000000000000000  v13  00000000000000000000000000000000
    v14  00000000000000000000000000000000  v15  00000000000000000000000000000000
    v16  40100401401004014010040140100401  v17  a0080000a00aa00aa800aaaaa800a000
    v18  80200800000000008020080280200802  v19  00000000000000000000000000000000
    v20  00000000000000000000000000000000  v21  00000000000000000000000000000000
    v22  00000000000000000000000000000000  v23  00000000000000000000000000000000
    v24  00000000000000000000000000000000  v25  00000000000000000000000000000000
    v26  00000000000000000000000000000000  v27  00000000000000000000000000000000
    v28  00000000000000000000000000000000  v29  00000000000000000000000000000000
    v30  00000000000000000000000000000000  v31  00000000000000000000000000000000
    fpsr 00000013  fpcr 00000000

backtrace:
    #00 pc 0000000000077978  /system/lib64/libc.so (tgkill+8)
    #01 pc 000000000001e590  /system/lib64/libc.so (abort+88)
    #02 pc 00000000000836dc  /system/lib64/libchrome.so (_ZN4base5debug13BreakDebuggerEv+20)
    #03 pc 000000000009bed0  /system/lib64/libchrome.so (_ZN7logging10LogMessageD2Ev+840)
    #04 pc 000000000015ed7c  /system/lib64/hw/bluetooth.default.so (_ZN21BleAdvertisingManager3GetEv+72)
    #05 pc 00000000000a7754  /system/lib64/hw/bluetooth.default.so (_ZN12_GLOBAL__N_126BleAdvertiserInterf
	aceImpl19StartAdvertisingSetEN4base8CallbackIFvhahELNS1_8internal8CopyModeE1EEE19AdvertiseParametersNSt3
	__16vectorIhNS8_9allocatorIhEEEESC_29PeriodicAdvertisingParametersSC_thNS2_IFvhhELS5_1EEE+332)
    #06 pc 000000000002a354  /system/lib64/libbluetooth_jni.so (_ZN7androidL25startAdvertisingSetNativeEP7_
	JNIEnvP8_jobjectS3_P11_jbyteArrayS5_S3_S5_iii+1276)
    #07 pc 00000000005b2834  /data/dalvik-cache/arm64/system@app@Bluetooth@Bluetooth.apk@classes.dex (offset 0x2cd000)

Root Cause:
API calls in btif_ble_advertiser.cc donot check for initialization status of BleAdvertisingManager leading
to crash in scenarios when the BleAdvertisingManager is cleaned up during BT off and call reaches
btif_ble_advertiser.cc to do one ofadvertising related tasks.

Fix:
Add initialization check in code before call to API's for BleAdvertisingManager

Test: No crash observed after overnight testing with same usecase

Bug: 69692308
Change-Id: I5484734a4cf52858676981808c898ffec11e23f4
1 file changed
tree: 7685a02b0d99966007d79312c797e9521d355ac5
  1. .clang-format
  2. .gitignore
  3. .gn
  4. Android.bp
  5. Android.mk
  6. BUILD.gn
  7. CleanSpec.mk
  8. EventLogTags.logtags
  9. MODULE_LICENSE_APACHE2
  10. NOTICE
  11. OWNERS
  12. PREUPLOAD.cfg
  13. README.md
  14. audio_a2dp_hw/
  15. binder/
  16. bta/
  17. btcore/
  18. btif/
  19. build/
  20. conf/
  21. device/
  22. doc/
  23. embdrv/
  24. hci/
  25. include/
  26. internal_include/
  27. main/
  28. osi/
  29. service/
  30. stack/
  31. test/
  32. tools/
  33. types/
  34. udrv/
  35. utils/
  36. vendor_libs/
  37. vnd/
README.md

Fluoride Bluetooth stack

Building and running on AOSP

Just build AOSP - Fluoride is there by default.

Building and running on Linux

Instructions for Ubuntu, tested on 14.04 with Clang 3.5.0 and 16.10 with Clang 3.8.0

Download source

mkdir ~/fluoride
cd ~/fluoride
git clone https://android.googlesource.com/platform/system/bt

Install dependencies (require sudo access):

cd ~/fluoride/bt
build/install_deps.sh

Then fetch third party dependencies:

cd ~/fluoride/bt
mkdir third_party
cd third_party
git clone https://github.com/google/googletest.git
git clone https://android.googlesource.com/platform/external/aac
git clone https://android.googlesource.com/platform/external/libchrome
git clone https://android.googlesource.com/platform/external/libldac
git clone https://android.googlesource.com/platform/external/modp_b64
git clone https://android.googlesource.com/platform/external/tinyxml2

And third party dependencies of third party dependencies:

cd fluoride/bt/third_party/libchrome/base/third_party
mkdir valgrind
cd valgrind
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h
curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h

NOTE: If system/bt is checked out under AOSP, then create symbolic links instead of downloading sources

cd system/bt
mkdir third_party
cd third_party
ln -s ../../../external/aac aac
ln -s ../../../external/libchrome libchrome
ln -s ../../../external/libldac libldac
ln -s ../../../external/modp_b64 modp_b64
ln -s ../../../external/tinyxml2 tinyxml2
ln -s ../../../external/googletest googletest

Generate your build files

cd ~/fluoride/bt
gn gen out/Default

Build

cd ~/fluoride/bt
ninja -C out/Default all

This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace “all” with the target of your choice, e.g. ninja -C out/Default net_test_osi.

Run

cd ~/fluoride/bt/out/Default
LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride

Eclipse IDE Support

  1. Follows the Chromium project Eclipse Setup Instructions until “Optional: Building inside Eclipse” section (don't do that section, we will set it up differently)

  2. Generate Eclipse settings:

cd system/bt
gn gen --ide=eclipse out/Default
  1. In Eclipse, do File->Import->C/C++->C/C++ Project Settings, choose the XML location under system/bt/out/Default

  2. Right click on the project. Go to Preferences->C/C++ Build->Builder Settings. Uncheck “Use default build command”, but instead using “ninja -C out/Default”

  3. Goto Behaviour tab, change clean command to “-t clean”