ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13785 from pan-/ble-fix-prep-write-queue-access 

BLE: Fix access to attcCb.onDeck and  attsCb.prepWriteQueue access
pull/13713/head
Martin Kojtal 2020-10-20 11:10:11 +01:00 committed by GitHub
parent 5d60e65ae6 3cab37793b
commit 27d10506e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_main.c
View File

@ -591,9 +591,9 @@ static void attcConnCback(attCcb_t *pCcb, dmEvt_t *pDmEvt)
} }
/* free any req on deck */ /* free any req on deck */
if (attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE) if (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)
{ {
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], status); attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], status);
} }
for (i = 0; i < ATT_BEARER_MAX; i++) for (i = 0; i < ATT_BEARER_MAX; i++)
@ -672,7 +672,7 @@ void attcMsgCback(attcApiMsg_t *pMsg)
/* verify no API request already waiting on deck, in progress, or no pending write command /* verify no API request already waiting on deck, in progress, or no pending write command
already for this handle */ already for this handle */
if (((pCcb->slot == ATT_BEARER_SLOT_ID) && if (((pCcb->slot == ATT_BEARER_SLOT_ID) &&
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) || (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE)) ||
(pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) || (pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) ||
((pMsg->hdr.event == ATTC_MSG_API_WRITE_CMD) && ((pMsg->hdr.event == ATTC_MSG_API_WRITE_CMD) &&
attcPendWriteCmd(pCcb, pMsg->handle))) attcPendWriteCmd(pCcb, pMsg->handle)))
@ -686,7 +686,7 @@ void attcMsgCback(attcApiMsg_t *pMsg)
if ((pCcb->slot == ATT_BEARER_SLOT_ID) && (pCcb->outReq.hdr.event == ATTC_MSG_API_MTU)) if ((pCcb->slot == ATT_BEARER_SLOT_ID) && (pCcb->outReq.hdr.event == ATTC_MSG_API_MTU))
{ {
/* put request "on deck" for processing later */ /* put request "on deck" for processing later */
attcCb.onDeck[pCcb->connId] = *pMsg; attcCb.onDeck[pCcb->connId - 1] = *pMsg;
} }
/* otherwise ready to send; set up request */ /* otherwise ready to send; set up request */
else else
@ -706,9 +706,9 @@ void attcMsgCback(attcApiMsg_t *pMsg)
} }
/* else free any req on deck */ /* else free any req on deck */
else if ((pCcb->slot == ATT_BEARER_SLOT_ID) & else if ((pCcb->slot == ATT_BEARER_SLOT_ID) &
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE))
{ {
attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId], ATT_ERR_CANCELLED); attcReqClear(pCcb->connId, &attcCb.onDeck[pCcb->connId - 1], ATT_ERR_CANCELLED);
} }
} }
/* else if timeout */ /* else if timeout */

6
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_proc.c
View File

@ -410,13 +410,13 @@ void attcProcRsp(attcCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
} }
/* else if api is on deck */ /* else if api is on deck */
else if ((pCcb->slot == ATT_BEARER_SLOT_ID) && else if ((pCcb->slot == ATT_BEARER_SLOT_ID) &&
(attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE)) (attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE))
{ {
/* set up and send request */ /* set up and send request */
attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId]); attcSetupReq(pCcb, &attcCb.onDeck[pCcb->connId - 1]);
/* clear on deck */ /* clear on deck */
attcCb.onDeck[pCcb->connId].hdr.event = ATTC_MSG_API_NONE; attcCb.onDeck[pCcb->connId - 1].hdr.event = ATTC_MSG_API_NONE;
} }
} }
} }

4
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/attc_sign.c
View File

@ -178,7 +178,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg)
/* verify no API request already waiting on deck or in progress, /* verify no API request already waiting on deck or in progress,
* and no signed write already in progress * and no signed write already in progress
*/ */
if ((attcCb.onDeck[pCcb->connId].hdr.event != ATTC_MSG_API_NONE) || if ((attcCb.onDeck[pCcb->connId - 1].hdr.event != ATTC_MSG_API_NONE) ||
(pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) || (pCcb->outReq.hdr.event > ATTC_MSG_API_MTU) ||
(attcSignCbByConnId((dmConnId_t) pMsg->hdr.param) != NULL)) (attcSignCbByConnId((dmConnId_t) pMsg->hdr.param) != NULL))
{ {
@ -238,7 +238,7 @@ static void attcSignMsgCback(attcCcb_t *pCcb, attcSignMsg_t *pMsg)
pCcb->pMainCcb->sccb[ATT_BEARER_SLOT_ID].control & ATT_CCB_STATUS_FLOW_DISABLED) pCcb->pMainCcb->sccb[ATT_BEARER_SLOT_ID].control & ATT_CCB_STATUS_FLOW_DISABLED)
{ {
/* put request "on deck" for processing later */ /* put request "on deck" for processing later */
attcCb.onDeck[pCcb->connId] = pCb->msg; attcCb.onDeck[pCcb->connId - 1] = pCb->msg;
} }
/* otherwise ready to send */ /* otherwise ready to send */
else else

2
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_main.c
View File

@ -366,7 +366,7 @@ void attsClearPrepWrites(attsCcb_t *pCcb)
{ {
void *pBuf; void *pBuf;
while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL) while ((pBuf = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
{ {
WsfBufFree(pBuf); WsfBufFree(pBuf);
} }

8
connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/stack/att/atts_write.c
View File

@ -265,7 +265,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
err = ATT_ERR_LENGTH; err = ATT_ERR_LENGTH;
} }
/* verify prepare write queue limit not reached */ /* verify prepare write queue limit not reached */
else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId]) >= pAttCfg->numPrepWrites) else if (WsfQueueCount(&attsCb.prepWriteQueue[pCcb->connId - 1]) >= pAttCfg->numPrepWrites)
{ {
err = ATT_ERR_QUEUE_FULL; err = ATT_ERR_QUEUE_FULL;
} }
@ -288,7 +288,7 @@ void attsProcPrepWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
pPrep->handle = handle; pPrep->handle = handle;
pPrep->offset = offset; pPrep->offset = offset;
memcpy(pPrep->packet, pPacket, writeLen); memcpy(pPrep->packet, pPacket, writeLen);
WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId], pPrep); WsfQueueEnq(&attsCb.prepWriteQueue[pCcb->connId - 1], pPrep);
/* allocate response buffer */ /* allocate response buffer */
if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL) if ((pBuf = attMsgAlloc(L2C_PAYLOAD_START + ATT_PREP_WRITE_RSP_LEN + writeLen)) != NULL)
@ -342,7 +342,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
else if (*pPacket == ATT_EXEC_WRITE_ALL) else if (*pPacket == ATT_EXEC_WRITE_ALL)
{ {
/* iterate over prepare write queue and verify offset and length */ /* iterate over prepare write queue and verify offset and length */
for (pPrep = attsCb.prepWriteQueue[pCcb->connId].pHead; pPrep != NULL; pPrep = pPrep->pNext) for (pPrep = attsCb.prepWriteQueue[pCcb->connId - 1].pHead; pPrep != NULL; pPrep = pPrep->pNext)
{ {
/* find attribute */ /* find attribute */
if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL) if ((pAttr = attsFindByHandle(pPrep->handle, &pGroup)) != NULL)
@ -371,7 +371,7 @@ void attsProcExecWriteReq(attsCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
if (err == ATT_SUCCESS) if (err == ATT_SUCCESS)
{ {
/* for each buffer */ /* for each buffer */
while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId])) != NULL) while ((pPrep = WsfQueueDeq(&attsCb.prepWriteQueue[pCcb->connId - 1])) != NULL)
{ {
/* write buffer */ /* write buffer */
if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS) if ((err = attsExecPrepWrite(pCcb, pPrep)) != ATT_SUCCESS)