Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dcd_nrf5x: ISO OUT handling #1946

Merged
merged 1 commit into from Mar 11, 2023
Merged

dcd_nrf5x: ISO OUT handling #1946

merged 1 commit into from Mar 11, 2023

Conversation

kasjer
Copy link
Collaborator

@kasjer kasjer commented Mar 10, 2023

For incoming ISO OUT packets it was possible to start DMA from endpoint to RAM before transfer was started resulting in unrelated memory corruption.
This is scenario that causes memory corruption:

  • ISO OUT packet is received
  • Packet is transferred by DMA to transfer buffer
  • xfer->started is cleared and xfer->buffer is updated as it is in every case
  • Application takes to long to handle it (it happens when debugger is connected breakpoint is hit slowing down software).
  • Next ISO OUT packet arrives At this point there was no check if transfer was started and packet was copied by DMA to location beyond previous data, possibly overwriting unrelated memory.

This solves the issue by checking that transfer was started and there is buffer ready for incoming packet.

Describe the PR
A clear and concise description of what this PR solve.

Additional context
If applicable, add any other context about the PR and/or screenshots here.

@kasjer
dcd_nrf5x: ISO OUT handling
f0ddf8d 
For incoming ISO OUT packets it was possible to start
DMA from endpoint to RAM before transfer was started
resulting in unrelated memory corruption.
This is scenario that causes memory corruption:
- ISO OUT packet is received
- Packet is transferred by DMA to transfer buffer
- xfer->started is cleared and xfer->buffer is updated as
  it is in every case
- Application takes to long to handle it (it happens when debugger
  is connected breakpoint is hit slowing down software).
- Next ISO OUT packet arrives
At this point there was no check if transfer was started and packet
was copied by DMA to location beyond previous data, possibly overwriting
unrelated memory.

This solves the issue by checking that transfer was
started and there is buffer ready for incoming packet.
hathach
hathach approved these changes Mar 11, 2023
View reviewed changes
Copy link
Owner

@hathach hathach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

superb! thank you for yet another race condition with nrf. I guess this never ends :)

@hathach hathach merged commit b5b2fad into hathach:master Mar 11, 2023
@kasjer kasjer deleted the kasjer/nrf5x-fix-iso-memory-corruption branch March 13, 2023 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hathach hathach hathach approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kasjer @hathach