Use locks to prevent race conditions in HCICordioTransport

swnf · swnf · commit b14172f79b4d · 2025-06-20T11:20:02.000+02:00
diff --git a/src/utility/HCI.cpp b/src/utility/HCI.cpp
@@ -136,20 +136,24 @@ void HCIClass::poll(unsigned long timeout)
     HCITransport.wait(timeout);
   }
 
+  HCITransport.lockForRead();
   while (HCITransport.available()) {
     byte b = HCITransport.read();
 
     if (_recvIndex >= (int)sizeof(_recvBuffer)) {
         _recvIndex = 0;
         if (_debug) {
+            HCITransport.unlockForRead();
             _debug->println("_recvBuffer overflow");
+            HCITransport.lockForRead();
         }
     }
 
     _recvBuffer[_recvIndex++] = b;
 
     if (_recvBuffer[0] == HCI_ACLDATA_PKT) {
       if (_recvIndex > 5 && _recvIndex >= (5 + (_recvBuffer[3] + (_recvBuffer[4] << 8)))) {
+        HCITransport.unlockForRead();
         if (_debug) {
           dumpPkt("HCI ACLDATA RX <- ", _recvIndex, _recvBuffer);
         }
@@ -164,9 +168,11 @@ void HCIClass::poll(unsigned long timeout)
 #ifdef ARDUINO_AVR_UNO_WIFI_REV2
         digitalWrite(NINA_RTS, LOW);
 #endif
+        HCITransport.lockForRead();
       }
     } else if (_recvBuffer[0] == HCI_EVENT_PKT) {
       if (_recvIndex > 3 && _recvIndex >= (3 + _recvBuffer[2])) {
+        HCITransport.unlockForRead();
         if (_debug) {
           dumpPkt("HCI EVENT RX <- ", _recvIndex, _recvBuffer);
         }
@@ -182,19 +188,23 @@ void HCIClass::poll(unsigned long timeout)
 #ifdef ARDUINO_AVR_UNO_WIFI_REV2
         digitalWrite(NINA_RTS, LOW);
 #endif
+        HCITransport.lockForRead();
       }
     } else {
       _recvIndex = 0;
 
       if (_debug) {
+        HCITransport.unlockForRead();
         _debug->println(b, HEX);
+        HCITransport.lockForRead();
       }
     }
   }
 
 #ifdef ARDUINO_AVR_UNO_WIFI_REV2
   digitalWrite(NINA_RTS, HIGH);
 #endif
+  HCITransport.unlockForRead();
 }
 
 int HCIClass::reset()
diff --git a/src/utility/HCICordioTransport.cpp b/src/utility/HCICordioTransport.cpp
@@ -254,8 +254,11 @@ void HCICordioTransportClass::end()
 
 void HCICordioTransportClass::wait(unsigned long timeout)
 {
-  if (available()) {
-    return;
+  {
+    mbed::CriticalSectionLock critical_section;
+    if (available()) {
+      return;
+    }
   }
 
   // wait for handleRxData to signal
@@ -277,6 +280,14 @@ int HCICordioTransportClass::read()
   return _rxBuf.read_char();
 }
 
+void HCICordioTransportClass::lockForRead() {
+  mbed::CriticalSectionLock::enable();
+}
+
+void HCICordioTransportClass::unlockForRead() {
+  mbed::CriticalSectionLock::disable();
+}
+
 size_t HCICordioTransportClass::write(const uint8_t* data, size_t length)
 {
   if (!_begun) {
@@ -299,13 +310,16 @@ size_t HCICordioTransportClass::write(const uint8_t* data, size_t length)
 
 void HCICordioTransportClass::handleRxData(uint8_t* data, uint8_t len)
 {
-  if (_rxBuf.availableForStore() < len) {
-    // drop!
-    return;
-  }
+  {
+    mbed::CriticalSectionLock critical_section;
+    if (_rxBuf.availableForStore() < len) {
+      // drop!
+      return;
+    }
 
-  for (int i = 0; i < len; i++) {
-    _rxBuf.store_char(data[i]);
+    for (int i = 0; i < len; i++) {
+      _rxBuf.store_char(data[i]);
+    }
   }
 
   bleEventFlags.set(0x01);
diff --git a/src/utility/HCICordioTransport.h b/src/utility/HCICordioTransport.h
@@ -40,6 +40,9 @@ class HCICordioTransportClass : public HCITransportInterface {
   virtual int peek();
   virtual int read();
 
+  virtual void lockForRead() override;
+  virtual void unlockForRead() override;
+
   virtual size_t write(const uint8_t* data, size_t length);
 
 private:
diff --git a/src/utility/HCITransport.h b/src/utility/HCITransport.h
@@ -33,6 +33,12 @@ class HCITransportInterface {
   virtual int peek() = 0;
   virtual int read() = 0;
 
+  // Some transports require a lock to use available/peek/read
+  // These methods allow to keep the lock while reading an unknown number of bytes
+  // These methods might disable interrupts. Only keep the lock as long as necessary.
+  virtual void lockForRead() {}
+  virtual void unlockForRead() {}
+
   virtual size_t write(const uint8_t* data, size_t length) = 0;
 };
 

Original file line number	Diff line number	Diff line change
`@@ -136,20 +136,24 @@ void HCIClass::poll(unsigned long timeout)`
`136`	`136`	`HCITransport.wait(timeout);`
`137`	`137`	`}`
`138`	`138`
	`139`	`+ HCITransport.lockForRead();`
`139`	`140`	`while (HCITransport.available()) {`
`140`	`141`	`byte b = HCITransport.read();`
`141`	`142`
`142`	`143`	`if (_recvIndex >= (int)sizeof(_recvBuffer)) {`
`143`	`144`	`_recvIndex = 0;`
`144`	`145`	`if (_debug) {`
	`146`	`+ HCITransport.unlockForRead();`
`145`	`147`	`_debug->println("_recvBuffer overflow");`
	`148`	`+ HCITransport.lockForRead();`
`146`	`149`	`}`
`147`	`150`	`}`
`148`	`151`
`149`	`152`	`_recvBuffer[_recvIndex++] = b;`
`150`	`153`
`151`	`154`	`if (_recvBuffer[0] == HCI_ACLDATA_PKT) {`
`152`	`155`	`if (_recvIndex > 5 && _recvIndex >= (5 + (_recvBuffer[3] + (_recvBuffer[4] << 8)))) {`
	`156`	`+ HCITransport.unlockForRead();`
`153`	`157`	`if (_debug) {`
`154`	`158`	`dumpPkt("HCI ACLDATA RX <- ", _recvIndex, _recvBuffer);`
`155`	`159`	`}`
`@@ -164,9 +168,11 @@ void HCIClass::poll(unsigned long timeout)`
`164`	`168`	`#ifdef ARDUINO_AVR_UNO_WIFI_REV2`
`165`	`169`	`digitalWrite(NINA_RTS, LOW);`
`166`	`170`	`#endif`
	`171`	`+ HCITransport.lockForRead();`
`167`	`172`	`}`
`168`	`173`	`} else if (_recvBuffer[0] == HCI_EVENT_PKT) {`
`169`	`174`	`if (_recvIndex > 3 && _recvIndex >= (3 + _recvBuffer[2])) {`
	`175`	`+ HCITransport.unlockForRead();`
`170`	`176`	`if (_debug) {`
`171`	`177`	`dumpPkt("HCI EVENT RX <- ", _recvIndex, _recvBuffer);`
`172`	`178`	`}`
`@@ -182,19 +188,23 @@ void HCIClass::poll(unsigned long timeout)`
`182`	`188`	`#ifdef ARDUINO_AVR_UNO_WIFI_REV2`
`183`	`189`	`digitalWrite(NINA_RTS, LOW);`
`184`	`190`	`#endif`
	`191`	`+ HCITransport.lockForRead();`
`185`	`192`	`}`
`186`	`193`	`} else {`
`187`	`194`	`_recvIndex = 0;`
`188`	`195`
`189`	`196`	`if (_debug) {`
	`197`	`+ HCITransport.unlockForRead();`
`190`	`198`	`_debug->println(b, HEX);`
	`199`	`+ HCITransport.lockForRead();`
`191`	`200`	`}`
`192`	`201`	`}`
`193`	`202`	`}`
`194`	`203`
`195`	`204`	`#ifdef ARDUINO_AVR_UNO_WIFI_REV2`
`196`	`205`	`digitalWrite(NINA_RTS, HIGH);`
`197`	`206`	`#endif`
	`207`	`+ HCITransport.unlockForRead();`
`198`	`208`	`}`
`199`	`209`
`200`	`210`	`int HCIClass::reset()`