Bluetooth: controller: Fix Tx Buffer Overflow

Fix Tx Buffer Overflow caused by uninitialized node_tx memory being used by ULL ISR context due to Compiler Instructions Reordering in the use of MFIFO_ENQUEUE. The MFIFO last index was committed before the data element was stored in the MFIFO due to Compiler Instructions Reordering. This is fixed now by adding a Data Memory Barrier instruction alongwith a compiler memory clobber. Fixes #30378. Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2021-02-01 07:34:29 +05:30 · 2021-02-01 07:34:29 +05:30 · 1af2b91c23
commit 1af2b91c23
parent 1a14f8b3a6
4 changed files with 15 additions and 7 deletions
--- a/subsys/bluetooth/controller/ll_sw/ull_conn.c
+++ b/subsys/bluetooth/controller/ll_sw/ull_conn.c
@ -6,10 +6,12 @@

 #include <stddef.h>
 #include <zephyr.h>
+#include <soc.h>
 #include <device.h>
 #include <bluetooth/bluetooth.h>
 #include <sys/byteorder.h>

+#include "hal/cpu.h"
 #include "hal/ecb.h"
 #include "hal/ccm.h"
 #include "hal/ticker.h"
@ -44,7 +46,6 @@
 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_HCI_DRIVER)
 #define LOG_MODULE_NAME bt_ctlr_ull_conn
 #include "common/log.h"
-#include <soc.h>
 #include "hal/debug.h"

 #if defined(CONFIG_BT_CTLR_USER_EXT)