You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2022/06/01 02:31:06 UTC

[GitHub] [mynewt-mcumgr] t3zeng commented on issue #161: SMP notifications corrupted on apollo3

t3zeng commented on issue #161:
URL: https://github.com/apache/mynewt-mcumgr/issues/161#issuecomment-1143052658

   Hey guys, you can reproduce this by running the bleprph app and then try to perform an image read. 
   
   Repro steps:
   1. Load bleprph app onto apollo3 evb and boot up
   2. On your phone, go to nRF Connect Device Manager and look for the evb 
   3. Go to the `Image` tab at the bottom and then go to the top right and press `Advanced`
   4. A new `Images` section will pop up. Press read
   5. At this point there will be BLE comms with the apollo3 evb but the image data will fail to be retrieved
   
   What I observe is that in `/apache-mynewt-core/mgmt/smp/transport/ble/src/smp_ble.c`, if you print out the contents of `om` in `smp_ble_out` that gets put onto the mqueue, it will not match the contents when you get the mbuff back in `smp_ble_event_data_in` even though the address of the mbuf is the same.
   
   I set a watchpoint on the address of the corrupted mbuf and was able to get the following backtrace:
   ```
   #0  smp_tx_rsp (ns=<optimized out>, rsp=0x100025a4 <os_msys_1_data+112>, arg=0x10002f80 <g_smp_ble_transport>) at repos/apache-mynewt-core/mgmt/smp/src/smp.c:226
   #1  0x0001c418 in smp_process_request_packet (streamer=streamer@entry=0x10002f80 <g_smp_ble_transport>, req=0x10004408 <pool_acl_buf>)
       at repos/apache-mynewt-mcumgr/smp/src/smp.c:365
   #2  0x00016e50 in smp_process_packet (st=0x10002f80 <g_smp_ble_transport>) at repos/apache-mynewt-core/mgmt/smp/src/smp.c:265
   #3  0x00016e78 in smp_event_data_in (ev=<optimized out>) at repos/apache-mynewt-core/mgmt/smp/src/smp.c:293
   #4  0x00015526 in os_eventq_run (evq=<optimized out>) at repos/apache-mynewt-core/kernel/os/src/os_eventq.c:196
   #5  0x00014aea in main () at apps/bleprph/src/main.c:356
   ```
   
   What seems to happen is that in this line of code the mbuf returned is the same address as the one used to store the notify data so the mbuf gets corrupted [`apache-mynewt-mcumgr/smp/src/smp.c`, ](https://github.com/apache/mynewt-mcumgr/blob/a4dfaad8136c43e6b72c228535abf8fe644aab29/smp/src/smp.c#L347)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org