From 7f0a95468ad41cc95f9c57aa6074c23a310a03a5 Mon Sep 17 00:00:00 2001 From: Vinayak Kariappa Chettimada Date: Fri, 6 Sep 2019 14:42:38 +0530 Subject: [PATCH] Bluetooth: controller: split: Fix data PDU leak during ctrl PDU defer Fix a bug where in tx data PDU enqueued, while a ctrl PDU is deferred due to Encryption setup being in progress, is leaked causing HCI Tx Buffer Overflow crash. Relates to commit 671ccc4b0ee6 ("Bluetooth: controller: Fix data PDU leak during ctrl PDU defer"). Signed-off-by: Vinayak Kariappa Chettimada --- subsys/bluetooth/controller/ll_sw/ull_conn.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/subsys/bluetooth/controller/ll_sw/ull_conn.c b/subsys/bluetooth/controller/ll_sw/ull_conn.c index 115644b4ee8..f9c758851e1 100644 --- a/subsys/bluetooth/controller/ll_sw/ull_conn.c +++ b/subsys/bluetooth/controller/ll_sw/ull_conn.c @@ -1814,6 +1814,11 @@ static void ctrl_tx_sec_enqueue(struct ll_conn *conn, struct node_tx *tx) tx->next = conn->tx_ctrl_last->next; conn->tx_ctrl_last->next = tx; } + + /* Update last pointer if ctrl added at end of tx list */ + if (!tx->next) { + conn->tx_data_last = tx; + } } else #endif /* CONFIG_BT_CTLR_LE_ENC */