This is an automated email from the ASF dual-hosted git repository. andk pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push: new 1d073cc transport/cmac: Fix race on LL event write 1d073cc is described below commit 1d073cc84d5e387dcca250ff75d77c20f735ced0 Author: Andrzej Kaczmarek <andrzej.kaczma...@codecoup.pl> AuthorDate: Tue Apr 13 14:36:29 2021 +0200 transport/cmac: Fix race on LL event write HCI commands are processed in LL task context and thus CS/CC events are written to mbox in the same context. This can lead to following race: - CS/CC is written to mbox - interrupt in handled on CMAC *before* command buffer is freed - M33 reads CS/CC and writes next command to mbox - CMAC reads new command This triggers an assert in code because we do not have free buffer for new command because we were busy handling interrupts and did not free it yet. To fix this we should write and free in critical section. --- nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c b/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c index 3531529..6b49158 100644 --- a/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c +++ b/nimble/transport/dialog_cmac/src/ble_hci_cmac_ll.c @@ -92,12 +92,17 @@ int ble_hci_trans_ll_evt_tx(uint8_t *evt) { uint8_t pkt_type = BLE_HCI_TRANS_H4_PKT_TYPE_EVT; + os_sr_t sr; + + OS_ENTER_CRITICAL(sr); cmac_mbox_write(&pkt_type, sizeof(pkt_type)); cmac_mbox_write(evt, evt[1] + 2); ble_hci_trans_buf_free(evt); + OS_EXIT_CRITICAL(sr); + return 0; }