[FL-1922] BLE buffer overflow (#789)

* rpc: increase RPC buffer size. Add get available buffer size API * bt: add flow control characteristic to serial service * ble: change updating flow control characteristic logic * rpc: add buffer is empty callback * bt: add notification about empty RPC buffer * ble: add more debug info * serial_service: add mutex guarding available buffer size * ble: remove debug logs in serial service
2021-11-08 22:41:40 +03:00
parent 4e9e9f32d7
commit 54dc16134d
11 changed files with 206 additions and 26 deletions
--- a/firmware/targets/f7/ble-glue/serial_service.c
+++ b/firmware/targets/f7/ble-glue/serial_service.c
@@ -10,16 +10,21 @@ typedef struct {
    uint16_t svc_handle;
    uint16_t rx_char_handle;
    uint16_t tx_char_handle;
+    uint16_t flow_ctrl_char_handle;
+    osMutexId_t buff_size_mtx;
+    uint32_t buff_size;
+    uint16_t bytes_ready_to_receive;
    SerialSvcDataReceivedCallback on_received_cb;
    SerialSvcDataSentCallback on_sent_cb;
    void* context;
 } SerialSvc;

-static SerialSvc* serial_svc;
+static SerialSvc* serial_svc = NULL;

 static const uint8_t service_uuid[] = {0x00, 0x00, 0xfe, 0x60, 0xcc, 0x7a, 0x48, 0x2a, 0x98, 0x4a, 0x7f, 0x2e, 0xd5, 0xb3, 0xe5, 0x8f};
-static const uint8_t char_rx_uuid[] = {0x00, 0x00, 0xfe, 0x62, 0x8e, 0x22, 0x45, 0x41, 0x9d, 0x4c, 0x21, 0xed, 0xae, 0x82, 0xed, 0x19};
 static const uint8_t char_tx_uuid[] = {0x00, 0x00, 0xfe, 0x61, 0x8e, 0x22, 0x45, 0x41, 0x9d, 0x4c, 0x21, 0xed, 0xae, 0x82, 0xed, 0x19};
+static const uint8_t char_rx_uuid[] = {0x00, 0x00, 0xfe, 0x62, 0x8e, 0x22, 0x45, 0x41, 0x9d, 0x4c, 0x21, 0xed, 0xae, 0x82, 0xed, 0x19};
+static const uint8_t flow_ctrl_uuid[] = {0x00, 0x00, 0xfe, 0x63, 0x8e, 0x22, 0x45, 0x41, 0x9d, 0x4c, 0x21, 0xed, 0xae, 0x82, 0xed, 0x19};

 static SVCCTL_EvtAckStatus_t serial_svc_event_handler(void *event) {
    SVCCTL_EvtAckStatus_t ret = SVCCTL_EvtNotAck;
@@ -36,7 +41,17 @@ static SVCCTL_EvtAckStatus_t serial_svc_event_handler(void *event) {
            } else if(attribute_modified->Attr_Handle == serial_svc->rx_char_handle + 1) {
                FURI_LOG_D(SERIAL_SERVICE_TAG, "Received %d bytes", attribute_modified->Attr_Data_Length);
                if(serial_svc->on_received_cb) {
-                    serial_svc->on_received_cb(attribute_modified->Attr_Data, attribute_modified->Attr_Data_Length, serial_svc->context);
+                    furi_check(osMutexAcquire(serial_svc->buff_size_mtx, osWaitForever) == osOK);
+                    if(attribute_modified->Attr_Data_Length > serial_svc->bytes_ready_to_receive) {
+                        FURI_LOG_W(
+                            SERIAL_SERVICE_TAG, "Received %d, while was ready to receive %d bytes. Can lead to buffer overflow!",
+                            attribute_modified->Attr_Data_Length, serial_svc->bytes_ready_to_receive);
+                    }
+                    serial_svc->bytes_ready_to_receive -= MIN(serial_svc->bytes_ready_to_receive, attribute_modified->Attr_Data_Length);
+                    uint32_t buff_free_size =
+                        serial_svc->on_received_cb(attribute_modified->Attr_Data, attribute_modified->Attr_Data_Length, serial_svc->context);
+                    FURI_LOG_D(SERIAL_SERVICE_TAG, "Available buff size: %d", buff_free_size);
+                    furi_check(osMutexRelease(serial_svc->buff_size_mtx) == osOK);
                }
                ret = SVCCTL_EvtAckFlowEnable;
            }
@@ -58,7 +73,7 @@ void serial_svc_start() {
    SVCCTL_RegisterSvcHandler(serial_svc_event_handler);

    // Add service
-    status = aci_gatt_add_service(UUID_TYPE_128, (Service_UUID_t *)service_uuid, PRIMARY_SERVICE, 6, &serial_svc->svc_handle);
+    status = aci_gatt_add_service(UUID_TYPE_128, (Service_UUID_t *)service_uuid, PRIMARY_SERVICE, 10, &serial_svc->svc_handle);
    if(status) {
        FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to add Serial service: %d", status);
    }
@@ -78,7 +93,7 @@ void serial_svc_start() {

    // Add TX characteristic
    status = aci_gatt_add_char(serial_svc->svc_handle, UUID_TYPE_128, (const Char_UUID_t*)char_tx_uuid,
-                                SERIAL_SVC_DATA_LEN_MAX,                                  
+                                SERIAL_SVC_DATA_LEN_MAX,
                                CHAR_PROP_READ | CHAR_PROP_INDICATE,
                                ATTR_PERMISSION_AUTHEN_READ,
                                GATT_DONT_NOTIFY_EVENTS,
@@ -88,12 +103,45 @@ void serial_svc_start() {
    if(status) {
        FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to add TX characteristic: %d", status);
    }
+    // Add Flow Control characteristic
+    status = aci_gatt_add_char(serial_svc->svc_handle, UUID_TYPE_128, (const Char_UUID_t*)flow_ctrl_uuid,
+                                sizeof(uint32_t),
+                                CHAR_PROP_READ | CHAR_PROP_NOTIFY,
+                                ATTR_PERMISSION_AUTHEN_READ,
+                                GATT_DONT_NOTIFY_EVENTS,
+                                10,
+                                CHAR_VALUE_LEN_CONSTANT,
+                                &serial_svc->flow_ctrl_char_handle);
+    if(status) {
+        FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to add Flow Control characteristic: %d", status);
+    }
+    // Allocate buffer size mutex
+    serial_svc->buff_size_mtx = osMutexNew(NULL);
 }

-void serial_svc_set_callbacks(SerialSvcDataReceivedCallback on_received_cb, SerialSvcDataSentCallback on_sent_cb, void* context) {
+void serial_svc_set_callbacks(uint16_t buff_size, SerialSvcDataReceivedCallback on_received_cb, SerialSvcDataSentCallback on_sent_cb, void* context) {
+    furi_assert(serial_svc);
    serial_svc->on_received_cb = on_received_cb;
    serial_svc->on_sent_cb = on_sent_cb;
    serial_svc->context = context;
+    serial_svc->buff_size = buff_size;
+    serial_svc->bytes_ready_to_receive = buff_size;
+    uint32_t buff_size_reversed = REVERSE_BYTES_U32(serial_svc->buff_size);
+    aci_gatt_update_char_value(serial_svc->svc_handle, serial_svc->flow_ctrl_char_handle, 0, sizeof(uint32_t), (uint8_t*)&buff_size_reversed);
+}
+
+void serial_svc_notify_buffer_is_empty() {
+    furi_assert(serial_svc);
+    furi_assert(serial_svc->buff_size_mtx);
+
+    furi_check(osMutexAcquire(serial_svc->buff_size_mtx, osWaitForever) == osOK);
+    if(serial_svc->bytes_ready_to_receive == 0) {
+        FURI_LOG_D(SERIAL_SERVICE_TAG, "Buffer is empty. Notifying client");
+        serial_svc->bytes_ready_to_receive = serial_svc->buff_size;
+        uint32_t buff_size_reversed = REVERSE_BYTES_U32(serial_svc->buff_size);
+        aci_gatt_update_char_value(serial_svc->svc_handle, serial_svc->flow_ctrl_char_handle, 0, sizeof(uint32_t), (uint8_t*)&buff_size_reversed);
+    }
+    furi_check(osMutexRelease(serial_svc->buff_size_mtx) == osOK);
 }

 void serial_svc_stop() {
@@ -108,11 +156,17 @@ void serial_svc_stop() {
        if(status) {
            FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to delete RX characteristic: %d", status);
        }
+        status = aci_gatt_del_char(serial_svc->svc_handle, serial_svc->flow_ctrl_char_handle);
+        if(status) {
+            FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to delete Flow Control characteristic: %d", status);
+        }
        // Delete service
        status = aci_gatt_del_service(serial_svc->svc_handle);
        if(status) {
            FURI_LOG_E(SERIAL_SERVICE_TAG, "Failed to delete Serial service: %d", status);
        }
+        // Delete buffer size mutex
+        osMutexDelete(serial_svc->buff_size_mtx);
        free(serial_svc);
        serial_svc = NULL;
    }
@@ -122,7 +176,6 @@ bool serial_svc_update_tx(uint8_t* data, uint8_t data_len) {
    if(data_len > SERIAL_SVC_DATA_LEN_MAX) {
        return false;
    }
-    FURI_LOG_D(SERIAL_SERVICE_TAG, "Updating char %d len", data_len);
    tBleStatus result = aci_gatt_update_char_value(serial_svc->svc_handle,
                                        serial_svc->tx_char_handle,
                                        0,