Merge branch 'bugfix/heap_corrupt_in_bt_mem_release_on_esp32' into 'master'

fix(bt): Fix heap corruption in the call of esp_bt_mem_release on ESP32

Closes IDFGH-13349

See merge request espressif/esp-idf!32436
This commit is contained in:
Wang Meng Yang 2024-08-09 17:58:45 +08:00
commit d4b2da21eb
4 changed files with 15 additions and 7 deletions

View File

@ -1432,6 +1432,14 @@ esp_err_t esp_bt_mem_release(esp_bt_mode_t mode)
.name = "BT Controller Data"
};
/*
* Free data and BSS section for Bluetooth controller ROM code.
* Note that rom mem release must be performed before section _bt_data_start to _bt_data_end is released,
* otherwise `btdm_dram_available_region` will no longer be available when performing rom mem release and
* thus causing heap corruption.
*/
ret = esp_bt_controller_rom_mem_release(mode);
if (mode == ESP_BT_MODE_BTDM) {
/* Start by freeing Bluetooth BSS section */
if (ret == ESP_OK) {
@ -1444,11 +1452,6 @@ esp_err_t esp_bt_mem_release(esp_bt_mode_t mode)
}
}
/* free data and BSS section for Bluetooth controller ROM code */
if (ret == ESP_OK) {
ret = esp_bt_controller_rom_mem_release(mode);
}
return ret;
}

View File

@ -11,6 +11,7 @@
#include "nvs_flash.h"
#include "multi_heap.h"
#include "esp_heap_caps.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
@ -127,5 +128,7 @@ void app_main(void)
}
ESP_LOGI(tag, "Free heap size increased by %"PRIu32" bytes", free_after - free_before);
ESP_LOGI(tag, "SUCCESS");
if (heap_caps_check_integrity_all(true)) {
ESP_LOGI(tag, "Comprehensive heap check: SUCCESS");
}
}

View File

@ -12,4 +12,4 @@ from pytest_embedded import Dut
def test_bt_memory_release(dut: Dut) -> None:
dut.expect_exact('BLE Host Task Started', timeout=6)
dut.expect_exact('BLE Host Task Stopped', timeout=8)
dut.expect_exact('SUCCESS', timeout=10)
dut.expect_exact('Comprehensive heap check: SUCCESS', timeout=10)

View File

@ -1,2 +1,4 @@
CONFIG_HEAP_POISONING_COMPREHENSIVE=y
CONFIG_BT_ENABLED=y
CONFIG_BT_NIMBLE_ENABLED=y