ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13785 from pan-/ble-fix-prep-write-queue-access 

BLE: Fix access to attcCb.onDeck and  attsCb.prepWriteQueue access
pull/13713/head
Martin Kojtal 2020-10-20 11:10:11 +01:00 committed by GitHub
parent 5d60e65ae6 3cab37793b
commit 27d10506e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c
View File

@ -591,9 +591,9 @@ static void attcConnCback(attCcb_t *pCcb, dmEvt_t *pDmEvt)
}
/* free any req on deck */
if (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)
if (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)
{
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], status);
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], status);
}
for (i = 0; i < ATT_BEARER_MAX; i++)
@ -672,7 +672,7 @@ void attcMsgCback(attcApiMsg_t *pMsg)
/* verify no API request already waiting on deck, in progress, or no pending write command
already for this handle */
if (((pCcb->slot == ATT_BEARER_SLOT_ID) &&
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) ||
(attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)) ||
(pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) ||
((pMsg->hdr.event == ATTC_MSG_API_WRITE_CMD) &&
attcPendWriteCmd(pCcb, pMsg->handle)))
@ -686,7 +686,7 @@ void attcMsgCback(attcApiMsg_t *pMsg)
if ((pCcb->slot == ATT_BEARER_SLOT_ID) && (pCcb->outReq.hdr.event == ATTC_MSG_API_MTU))
{
/* put request "on deck" for processing later */
attcCb.onDeck[pCcb->connId] = *pMsg;
attcCb.onDeck[pCcb->connId - 1] = *pMsg;
}
/* otherwise ready to send; set up request */
else
@ -706,9 +706,9 @@ void attcMsgCback(attcApiMsg_t *pMsg)
}
/* else free any req on deck */
else if ((pCcb->slot == ATT_BEARER_SLOT_ID) &
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE))
(attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE))
{
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], ATT_ERR_CANCELLED);
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], ATT_ERR_CANCELLED);
}
}
/* else if timeout */

6
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c
View File

@ -410,13 +410,13 @@ void attcProcRsp(attcCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
}
/* else if api is on deck */
else if ((pCcb->slot == ATT_BEARER_SLOT_ID) &&
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE))
(attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE))
{
/* set up and send request */
attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId]);
attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId - 1]);
/* clear on deck */
attcCb.onDeck[pCcb->connId].hdr.event = ATTC_MSG_API_NONE;
attcCb.onDeck[pCcb->connId - 1].hdr.event = ATTC_MSG_API_NONE;
}
}
}

4
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c
View File

@ -178,7 +178,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg)
/* verify no API request already waiting on deck or in progress,
* and no signed write already in progress
*/
if ((attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE) ||
if ((attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE) ||
(pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) ||
(attcSignCbByConnId((dmConnId_t) pMsg->hdr.param) != NULL))
{
@ -238,7 +238,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg)
pCcb->pMainCcb->sccb[ATT_BEARER_SLOT_ID].control & ATT_CCB_STATUS_FLOW_DISABLED)
{
/* put request "on deck" for processing later */
attcCb.onDeck[pCcb->connId] = pCb->msg;
attcCb.onDeck[pCcb->connId - 1] = pCb->msg;
}
/* otherwise ready to send */
else

2
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c
View File

@ -366,7 +366,7 @@ void attsClearPrepWrites(attsCcb_t *pCcb)
{
void *pBuf;
while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)
while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
{
WsfBufFree(pBuf);
}

8
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c
View File

@ -265,7 +265,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
err = ATT_ERR_LENGTH;
}
/* verify prepare write queue limit not reached */
else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId]) >= pAttCfg->numPrepWrites)
else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId - 1]) >= pAttCfg->numPrepWrites)
{
err = ATT_ERR_QUEUE_FULL;
}
@ -288,7 +288,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
pPrep->handle = handle;
pPrep->offset = offset;
memcpy(pPrep->packet, pPacket, writeLen);
WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId], pPrep);
WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId - 1], pPrep);
/* allocate response buffer */
if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL)
@ -342,7 +342,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
else if (*pPacket == ATT_EXEC_WRITE_ALL)
{
/* iterate over prepare write queue and verify offset and length */
for (pPrep = attsCb.prepWriteQueue[pCcb->connId].pHead; pPrep != NULL; pPrep = pPrep->pNext)
for (pPrep = attsCb.prepWriteQueue[pCcb->connId - 1].pHead; pPrep != NULL; pPrep = pPrep->pNext)
{
/* find attribute */
if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL)
@ -371,7 +371,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
if (err == ATT_SUCCESS)
{
/* for each buffer */
while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL)
while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
{
/* write buffer */
if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS)