From 3c68fa45d234d6328f9489be57b022bc92ca5e58 Mon Sep 17 00:00:00 2001 From: Erik Brockhoff Date: Thu, 8 Sep 2022 13:22:37 +0200 Subject: [PATCH] Bluetooth: controller: fixing possible race re. termination vs. cis's If a CIS is in teardown state, the data in structure should not be trusted, so skip passing data to ISOAL Signed-off-by: Erik Brockhoff --- subsys/bluetooth/controller/hci/hci_driver.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/subsys/bluetooth/controller/hci/hci_driver.c b/subsys/bluetooth/controller/hci/hci_driver.c index b1999a7981e..ec0d20187cf 100644 --- a/subsys/bluetooth/controller/hci/hci_driver.c +++ b/subsys/bluetooth/controller/hci/hci_driver.c @@ -392,14 +392,17 @@ static inline struct net_buf *encode_node(struct node_rx_pdu *node_rx, #if defined(CONFIG_BT_CTLR_CONN_ISO) uint8_t handle = node_rx->hdr.handle; struct ll_iso_stream_hdr *hdr = NULL; + struct ll_conn_iso_stream *cis = NULL; + struct ll_iso_datapath *dp = NULL; if (IS_CIS_HANDLE(handle)) { - struct ll_conn_iso_stream *cis = - ll_conn_iso_stream_get(handle); + cis = ll_conn_iso_stream_get(handle); hdr = &cis->hdr; } - struct ll_iso_datapath *dp = hdr->datapath_out; + if (cis && !cis->teardown) { + dp = hdr->datapath_out; + } if (dp && dp->path_id == BT_HCI_DATAPATH_ID_HCI) { /* If HCI datapath pass to ISO AL here */