CS: Add the CS RAS GATTS module.#367
Conversation
huangyulong3
requested review from
chengkai15,
gzh-terry,
hyson710,
zhangyuan376 and
zhongzhijie1
as code owners
bug: v/83693 rootcause: The GATTS module is essential for Channel Sounding during the ranging process, involving GATT service creation, GATT message transmission, and GATT management. Signed-off-by: huangyulong3 <huangyulong3@xiaomi.com>
huangyulong3
force-pushed
the
feature/bt_cs_add_ras_gatts_supported
branch
from
79af78c to
caea1d6
Compare
There was a problem hiding this comment.
Pull request overview
This PR adds a new GATTS (GATT Server) module for Channel Sounding Ranging Aggregation Service (CS RAS). The module manages GATT service creation, characteristic notifications/indications, and connection lifecycle for Bluetooth Channel Sounding ranging operations.
Changes:
- Adds cs_ras_gatts.c implementing the RAS GATT server with service registration, attribute database, and callback handlers
- Implements GATT characteristics for ranging features, real-time data, on-demand data, control point, data ready, and data overwrite
- Provides API functions for initialization, cleanup, and sending notifications/indications
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
Null pointer dereference risk: gatts_info is accessed before checking if it's NULL. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
Null pointer dereference risk: gatts_info is accessed before checking if it's NULL. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| ras_gatts_register(); | ||
| } | ||
|
|
||
| void ras_gatts_deinit(void) |
There was a problem hiding this comment.
Inconsistent function naming: This function is named 'ras_gatts_deinit' while the corresponding initialization function is named 'bt_cs_ras_gatts_init'. For consistency, this function should either be named 'bt_cs_ras_gatts_deinit' or the init function should be renamed to match this naming pattern.
| void ras_gatts_deinit(void) | |
| void bt_cs_ras_gatts_deinit(void) |
| @@ -0,0 +1,411 @@ | |||
| /**************************************************************************** | |||
| * | |||
| * Copyright (C) 2025 Xiaomi InC. All rights reserved. | |||
There was a problem hiding this comment.
The company name contains a typo. "InC" should be "Inc" (with lowercase 'c').
| * Copyright (C) 2025 Xiaomi InC. All rights reserved. | |
| * Copyright (C) 2025 Xiaomi Inc. All rights reserved. |
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
Null pointer dereference risk: gatts_info is accessed before checking if it's NULL. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return; | ||
| } |
There was a problem hiding this comment.
Null pointer dereference risk: gatts_info is accessed before checking if it's NULL. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| switch (attr_handle) { | ||
| case RAS_RANGING_REAL_TIME_CCC_ID: | ||
| attr_ntf = RAS_REAL_TIME_CHAR_SEND; | ||
| break; | ||
| case RAS_RANGING_ON_DEMAND_CCC_ID: | ||
| attr_ntf = RAS_ON_DEMAND_CHAR_SEND; | ||
| break; | ||
| case RAS_RANGING_CONTROL_POINT_CCC_ID: | ||
| attr_ntf = RAS_CONTROL_POINT_CHAR_SEND; | ||
| break; | ||
| case RAS_RANGING_DATA_READY_CCC_ID: | ||
| attr_ntf = RAS_DATA_READY_CHAR_SEND; | ||
| break; | ||
| case RAS_RANGING_DATA_OVER_WRITE_CCC_ID: | ||
| attr_ntf = RAS_OVER_WRITE_CHAR_SEND; | ||
| break; | ||
| default: | ||
| BT_LOGE("Invalid attr_handle:%d", attr_handle); | ||
| return; | ||
| } |
There was a problem hiding this comment.
Incorrect attr_handle mapping: The switch cases use CCC descriptor IDs (e.g., RAS_RANGING_REAL_TIME_CCC_ID) but these should map to the characteristic attribute IDs that are being notified. The mapping appears correct conceptually, but the case values should match the characteristic IDs not the CCC IDs, since attr_handle in the notify complete callback refers to the characteristic that was notified.
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
All CCC changed callbacks and the control point write callback check if gatts_info->ras_gatts_handle matches srv_handle before checking if gatts_info is NULL. If gatts_info is NULL, this will cause a null pointer dereference. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| if (gatts_info->ras_gatts_handle != srv_handle) { | ||
| BT_LOGE("srv_handle(%p) not equal to gatts_handle(%p)", srv_handle, gatts_info->ras_gatts_handle); | ||
| return; | ||
| } |
There was a problem hiding this comment.
Null pointer dereference risk: gatts_info is accessed before checking if it's NULL. The null check should be performed before accessing gatts_info->ras_gatts_handle.
| return BT_STATUS_FAIL; | ||
| } | ||
|
|
||
| bt_status_t status = (is_notify ? (gatts_info->ras_gatts_interface->notify(gatts_info->ras_gatts_handle, addr, attr_handle, value, len)) : gatts_info->ras_gatts_interface->indicate(gatts_info->ras_gatts_handle, addr, attr_handle, value, len)); |
There was a problem hiding this comment.
This line is excessively long (over 200 characters) and difficult to read. Consider breaking it into multiple lines for better maintainability and readability.
| bt_status_t status = (is_notify ? (gatts_info->ras_gatts_interface->notify(gatts_info->ras_gatts_handle, addr, attr_handle, value, len)) : gatts_info->ras_gatts_interface->indicate(gatts_info->ras_gatts_handle, addr, attr_handle, value, len)); | |
| bt_status_t status; | |
| if (is_notify) { | |
| status = gatts_info->ras_gatts_interface->notify( | |
| gatts_info->ras_gatts_handle, addr, attr_handle, value, len); | |
| } else { | |
| status = gatts_info->ras_gatts_interface->indicate( | |
| gatts_info->ras_gatts_handle, addr, attr_handle, value, len); | |
| } |
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days. |
bug: v/83693
rootcause: The GATTS module is essential for Channel Sounding during the ranging process, involving GATT service creation, GATT message transmission, and GATT management.