bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bluetooth: Host: Fix bt_l2cap_chan_ops.recv -EINPROGRESS

Browse Source 
Fix discrepancy in reference management between calls to
`bt_l2cap_chan_ops.recv` when the application returns `-EINPROGRESS`.

There are two call sites, `l2cap_chan_le_recv_sdu` and
`l2cap_chan_le_recv`, that were inconsistent.

`l2cap_chan_le_recv_sdu` moves the reference, and this patch updates
`l2cap_chan_le_recv` to do the same.

This behavior is also now documented.

This bug has existed since the introduction of this feature in
3151d26572.

Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
This commit is contained in:
Aleksander Wasaznik 2024-08-01 14:25:51 +02:00 committed by Henrik Brix Andersen
parent 7066c40afc
commit 200de7c00a
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/zephyr/bluetooth/l2cap.h
View File

@ -349,6 +349,11 @@ struct bt_l2cap_chan_ops {
* @kconfig{CONFIG_BT_L2CAP_SEG_RECV} is enabled and seg_recv is
* supplied.
*
* If the application returns @c -EINPROGRESS, the application takes
* ownership of the reference in @p buf. (I.e. This pointer value can
* simply be given to @ref bt_l2cap_chan_recv_complete without any
* calls @ref net_buf_ref or @ref net_buf_unref.)
*
* @return 0 in case of success or negative value in case of error.
* @return -EINPROGRESS in case where user has to confirm once the data
* has been processed by calling

10
subsys/bluetooth/host/l2cap.c
View File

@ -17,6 +17,7 @@
#include <zephyr/sys/byteorder.h>
#include <zephyr/sys/math_extras.h>
#include <zephyr/sys/util.h>
#include <zephyr/net_buf.h>
#include <zephyr/bluetooth/hci.h>
#include <zephyr/bluetooth/bluetooth.h>
@ -2566,6 +2567,7 @@ static void l2cap_chan_le_recv_seg_direct(struct bt_l2cap_le_chan *chan, struct
static void l2cap_chan_le_recv(struct bt_l2cap_le_chan *chan,
struct net_buf *buf)
{
struct net_buf *owned_ref;
uint16_t sdu_len;
int err;
@ -2639,7 +2641,13 @@ static void l2cap_chan_le_recv(struct bt_l2cap_le_chan *chan,
return;
}
err = chan->chan.ops->recv(&chan->chan, buf);
owned_ref = net_buf_ref(buf);
err = chan->chan.ops->recv(&chan->chan, owned_ref);
if (err != -EINPROGRESS) {
net_buf_unref(owned_ref);
owned_ref = NULL;
}
if (err < 0) {
if (err != -EINPROGRESS) {
LOG_ERR("err %d", err);