You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by an...@apache.org on 2021/04/14 07:47:15 UTC
[mynewt-nimble] branch master updated: transport/cmac: Fix race on
LL event write
This is an automated email from the ASF dual-hosted git repository.
andk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new 1d073cc transport/cmac: Fix race on LL event write
1d073cc is described below
commit 1d073cc84d5e387dcca250ff75d77c20f735ced0
Author: Andrzej Kaczmarek <an...@codecoup.pl>
AuthorDate: Tue Apr 13 14:36:29 2021 +0200
transport/cmac: Fix race on LL event write
HCI commands are processed in LL task context and thus CS/CC events are
written to mbox in the same context. This can lead to following race:
- CS/CC is written to mbox
- interrupt in handled on CMAC *before* command buffer is freed
- M33 reads CS/CC and writes next command to mbox
- CMAC reads new command
This triggers an assert in code because we do not have free buffer for
new command because we were busy handling interrupts and did not free
it yet.
To fix this we should write and free in critical section.
---
nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c b/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c
index 3531529..6b49158 100644
--- a/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c
+++ b/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c
@@ -92,12 +92,17 @@ int
ble_hci_trans_ll_evt_tx(uint8_t *evt)
{
uint8_t pkt_type = BLE_HCI_TRANS_H4_PKT_TYPE_EVT;
+ os_sr_t sr;
+
+ OS_ENTER_CRITICAL(sr);
cmac_mbox_write(&pkt_type, sizeof(pkt_type));
cmac_mbox_write(evt, evt[1] + 2);
ble_hci_trans_buf_free(evt);
+ OS_EXIT_CRITICAL(sr);
+
return 0;
}