From e1920ec42f19384905d42bffcc30e63c14acc3f7 Mon Sep 17 00:00:00 2001 From: Shen Weilong Date: Wed, 2 Apr 2025 10:34:06 +0800 Subject: [PATCH] feat(ble/controller): Added memory boundary check for ESP32-C6/C5/H2/C2/C61 --- components/bt/controller/esp32c2/ble.c | 15 ++++++++++++++- components/bt/controller/esp32c5/Kconfig.in | 4 ++++ components/bt/controller/esp32c5/ble.c | 7 +++++++ components/bt/controller/esp32c5/esp_bt_cfg.h | 6 ++++++ components/bt/controller/esp32c6/Kconfig.in | 5 ++++- components/bt/controller/esp32c6/ble.c | 13 +++++++++++++ components/bt/controller/esp32c6/esp_bt_cfg.h | 6 ++++++ components/bt/controller/esp32h2/Kconfig.in | 5 ++++- components/bt/controller/esp32h2/ble.c | 7 +++++++ components/bt/controller/esp32h2/esp_bt_cfg.h | 6 ++++++ .../bt/controller/lib_esp32c2/esp32c2-bt-lib | 2 +- .../bt/controller/lib_esp32c5/esp32c5-bt-lib | 2 +- .../bt/controller/lib_esp32c6/esp32c6-bt-lib | 2 +- .../bt/controller/lib_esp32h2/esp32h2-bt-lib | 2 +- components/bt/include/esp32c5/include/esp_bt.h | 2 ++ components/bt/include/esp32c6/include/esp_bt.h | 3 +++ components/bt/include/esp32h2/include/esp_bt.h | 2 ++ .../esp_rom/esp32c2/ld/esp32c2.rom.ble-eco4.ld | 4 ++-- components/esp_rom/esp32c2/ld/esp32c2.rom.ble.ld | 2 +- 19 files changed, 85 insertions(+), 10 deletions(-) diff --git a/components/bt/controller/esp32c2/ble.c b/components/bt/controller/esp32c2/ble.c index 9ea49196e5..dd6db35eed 100644 --- a/components/bt/controller/esp32c2/ble.c +++ b/components/bt/controller/esp32c2/ble.c @@ -12,9 +12,14 @@ ************************************************************************ */ #if (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) -void adv_stack_enableClearLegacyAdvVsCmd(bool en); void scan_stack_enableAdvFlowCtrlVsCmd(bool en); +void adv_stack_enableClearLegacyAdvVsCmd(bool en); void chanSel_stack_enableSetCsaVsCmd(bool en); +void hci_stack_enableSetVsEvtMaskVsCmd(bool en); + +void adv_stack_enableScanReqRxdVsEvent(bool en); +void conn_stack_enableChanMapUpdCompVsEvent(bool en); +void sleep_stack_enableWakeupVsEvent(bool en); #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) /* Local functions definition @@ -32,10 +37,18 @@ void ble_stack_enableVsCmds(bool en) #endif // DEFAULT_BT_LE_ROLE_OBSERVER chanSel_stack_enableSetCsaVsCmd(en); + hci_stack_enableSetVsEvtMaskVsCmd(en); } void ble_stack_enableVsEvents(bool en) { +#if DEFAULT_BT_LE_ROLE_BROADCASTER + adv_stack_enableScanReqRxdVsEvent(en); +#endif // DEFAULT_BT_LE_ROLE_BROADCASTER + conn_stack_enableChanMapUpdCompVsEvent(en); +#if CONFIG_BT_LE_SLEEP_ENABLE + sleep_stack_enableWakeupVsEvent(en); +#endif // CONFIG_BT_LE_SLEEP_ENABLE } #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) diff --git a/components/bt/controller/esp32c5/Kconfig.in b/components/bt/controller/esp32c5/Kconfig.in index 5058bf0fb3..fbd1269355 100644 --- a/components/bt/controller/esp32c5/Kconfig.in +++ b/components/bt/controller/esp32c5/Kconfig.in @@ -402,6 +402,10 @@ menu "Controller debug features" default n help Retain scene with GDB to capture info, requires disabling WDT (CONFIG_ESP_INT_WDT, CONFIG_ESP_TASK_WDT_EN). + + config BT_LE_PTR_CHECK_ENABLED + bool "Enable boundary check for internal memory" + default n endmenu config BT_LE_LL_RESOLV_LIST_SIZE diff --git a/components/bt/controller/esp32c5/ble.c b/components/bt/controller/esp32c5/ble.c index 7b50ca8ce9..caa8d85543 100644 --- a/components/bt/controller/esp32c5/ble.c +++ b/components/bt/controller/esp32c5/ble.c @@ -38,9 +38,11 @@ void pcl_stack_enableSetRssiThreshVsCmd(bool en); void chanSel_stack_enableSetCsaVsCmd(bool en); void log_stack_enableLogsRelatedVsCmd(bool en); void hci_stack_enableSetVsEvtMaskVsCmd(bool en); +void winWiden_stack_enableSetConstPeerScaVsCmd(bool en); void adv_stack_enableScanReqRxdVsEvent(bool en); void conn_stack_enableChanMapUpdCompVsEvent(bool en); +void sleep_stack_enableWakeupVsEvent(bool en); #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) /* Local functions definition @@ -57,12 +59,17 @@ void ble_stack_enableVsCmds(bool en) chanSel_stack_enableSetCsaVsCmd(en); log_stack_enableLogsRelatedVsCmd(en); hci_stack_enableSetVsEvtMaskVsCmd(en); + winWiden_stack_enableSetConstPeerScaVsCmd(en); } void ble_stack_enableVsEvents(bool en) { adv_stack_enableScanReqRxdVsEvent(en); conn_stack_enableChanMapUpdCompVsEvent(en); + +#if CONFIG_BT_LE_SLEEP_ENABLE + sleep_stack_enableWakeupVsEvent(en); +#endif // CONFIG_BT_LE_SLEEP_ENABLE } #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) diff --git a/components/bt/controller/esp32c5/esp_bt_cfg.h b/components/bt/controller/esp32c5/esp_bt_cfg.h index 3d8edd55de..6621c28cb4 100644 --- a/components/bt/controller/esp32c5/esp_bt_cfg.h +++ b/components/bt/controller/esp32c5/esp_bt_cfg.h @@ -204,6 +204,12 @@ extern "C" { #define DEFAULT_BT_LE_VHCI_ENABLED (0) #endif +#ifdef CONFIG_BT_LE_PTR_CHECK_ENABLED +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (CONFIG_BT_LE_PTR_CHECK_ENABLED) +#else +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (0) +#endif + #ifdef CONFIG_BT_LE_SLEEP_ENABLE #define NIMBLE_SLEEP_ENABLE CONFIG_BT_LE_SLEEP_ENABLE #else diff --git a/components/bt/controller/esp32c6/Kconfig.in b/components/bt/controller/esp32c6/Kconfig.in index 18b4039895..a9e59ae032 100644 --- a/components/bt/controller/esp32c6/Kconfig.in +++ b/components/bt/controller/esp32c6/Kconfig.in @@ -1,6 +1,5 @@ menu "HCI Config" - choice BT_LE_HCI_INTERFACE prompt "HCI mode" default BT_LE_HCI_INTERFACE_USE_RAM @@ -444,6 +443,10 @@ menu "Controller debug features" default n help Retain scene with GDB to capture info, requires disabling WDT (CONFIG_ESP_INT_WDT, CONFIG_ESP_TASK_WDT_EN). + + config BT_LE_PTR_CHECK_ENABLED + bool "Enable boundary check for internal memory" + default n endmenu config BT_LE_LL_RESOLV_LIST_SIZE diff --git a/components/bt/controller/esp32c6/ble.c b/components/bt/controller/esp32c6/ble.c index 7b50ca8ce9..f93f15e9b8 100644 --- a/components/bt/controller/esp32c6/ble.c +++ b/components/bt/controller/esp32c6/ble.c @@ -38,9 +38,14 @@ void pcl_stack_enableSetRssiThreshVsCmd(bool en); void chanSel_stack_enableSetCsaVsCmd(bool en); void log_stack_enableLogsRelatedVsCmd(bool en); void hci_stack_enableSetVsEvtMaskVsCmd(bool en); +void winWiden_stack_enableSetConstPeerScaVsCmd(bool en); +#if CONFIG_IDF_TARGET_ESP32C61_ECO3 +void conn_stack_enableSetPrefTxRxCntVsCmd(bool en); +#endif // CONFIG_IDF_TARGET_ESP32C61_ECO3 void adv_stack_enableScanReqRxdVsEvent(bool en); void conn_stack_enableChanMapUpdCompVsEvent(bool en); +void sleep_stack_enableWakeupVsEvent(bool en); #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) /* Local functions definition @@ -57,12 +62,20 @@ void ble_stack_enableVsCmds(bool en) chanSel_stack_enableSetCsaVsCmd(en); log_stack_enableLogsRelatedVsCmd(en); hci_stack_enableSetVsEvtMaskVsCmd(en); + winWiden_stack_enableSetConstPeerScaVsCmd(en); +#if CONFIG_IDF_TARGET_ESP32C61_ECO3 + conn_stack_enableSetPrefTxRxCntVsCmd(en); +#endif // CONFIG_IDF_TARGET_ESP32C61_ECO3 } void ble_stack_enableVsEvents(bool en) { adv_stack_enableScanReqRxdVsEvent(en); conn_stack_enableChanMapUpdCompVsEvent(en); + +#if CONFIG_BT_LE_SLEEP_ENABLE + sleep_stack_enableWakeupVsEvent(en); +#endif // CONFIG_BT_LE_SLEEP_ENABLE } #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) diff --git a/components/bt/controller/esp32c6/esp_bt_cfg.h b/components/bt/controller/esp32c6/esp_bt_cfg.h index 3d8edd55de..6621c28cb4 100644 --- a/components/bt/controller/esp32c6/esp_bt_cfg.h +++ b/components/bt/controller/esp32c6/esp_bt_cfg.h @@ -204,6 +204,12 @@ extern "C" { #define DEFAULT_BT_LE_VHCI_ENABLED (0) #endif +#ifdef CONFIG_BT_LE_PTR_CHECK_ENABLED +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (CONFIG_BT_LE_PTR_CHECK_ENABLED) +#else +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (0) +#endif + #ifdef CONFIG_BT_LE_SLEEP_ENABLE #define NIMBLE_SLEEP_ENABLE CONFIG_BT_LE_SLEEP_ENABLE #else diff --git a/components/bt/controller/esp32h2/Kconfig.in b/components/bt/controller/esp32h2/Kconfig.in index 858a772217..b07e4783a8 100644 --- a/components/bt/controller/esp32h2/Kconfig.in +++ b/components/bt/controller/esp32h2/Kconfig.in @@ -1,6 +1,5 @@ menu "HCI Config" - choice BT_LE_HCI_INTERFACE prompt "HCI mode" default BT_LE_HCI_INTERFACE_USE_RAM @@ -438,6 +437,10 @@ menu "Controller debug features" default n help Retain scene with GDB to capture info, requires disabling WDT (CONFIG_ESP_INT_WDT, CONFIG_ESP_TASK_WDT_EN). + + config BT_LE_PTR_CHECK_ENABLED + bool "Enable boundary check for internal memory" + default n endmenu config BT_LE_LL_RESOLV_LIST_SIZE diff --git a/components/bt/controller/esp32h2/ble.c b/components/bt/controller/esp32h2/ble.c index 7b50ca8ce9..caa8d85543 100644 --- a/components/bt/controller/esp32h2/ble.c +++ b/components/bt/controller/esp32h2/ble.c @@ -38,9 +38,11 @@ void pcl_stack_enableSetRssiThreshVsCmd(bool en); void chanSel_stack_enableSetCsaVsCmd(bool en); void log_stack_enableLogsRelatedVsCmd(bool en); void hci_stack_enableSetVsEvtMaskVsCmd(bool en); +void winWiden_stack_enableSetConstPeerScaVsCmd(bool en); void adv_stack_enableScanReqRxdVsEvent(bool en); void conn_stack_enableChanMapUpdCompVsEvent(bool en); +void sleep_stack_enableWakeupVsEvent(bool en); #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) /* Local functions definition @@ -57,12 +59,17 @@ void ble_stack_enableVsCmds(bool en) chanSel_stack_enableSetCsaVsCmd(en); log_stack_enableLogsRelatedVsCmd(en); hci_stack_enableSetVsEvtMaskVsCmd(en); + winWiden_stack_enableSetConstPeerScaVsCmd(en); } void ble_stack_enableVsEvents(bool en) { adv_stack_enableScanReqRxdVsEvent(en); conn_stack_enableChanMapUpdCompVsEvent(en); + +#if CONFIG_BT_LE_SLEEP_ENABLE + sleep_stack_enableWakeupVsEvent(en); +#endif // CONFIG_BT_LE_SLEEP_ENABLE } #endif // (CONFIG_BT_NIMBLE_ENABLED || CONFIG_BT_BLUEDROID_ENABLED) diff --git a/components/bt/controller/esp32h2/esp_bt_cfg.h b/components/bt/controller/esp32h2/esp_bt_cfg.h index 3d8edd55de..6621c28cb4 100644 --- a/components/bt/controller/esp32h2/esp_bt_cfg.h +++ b/components/bt/controller/esp32h2/esp_bt_cfg.h @@ -204,6 +204,12 @@ extern "C" { #define DEFAULT_BT_LE_VHCI_ENABLED (0) #endif +#ifdef CONFIG_BT_LE_PTR_CHECK_ENABLED +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (CONFIG_BT_LE_PTR_CHECK_ENABLED) +#else +#define DEFAULT_BT_LE_PTR_CHECK_ENABLED (0) +#endif + #ifdef CONFIG_BT_LE_SLEEP_ENABLE #define NIMBLE_SLEEP_ENABLE CONFIG_BT_LE_SLEEP_ENABLE #else diff --git a/components/bt/controller/lib_esp32c2/esp32c2-bt-lib b/components/bt/controller/lib_esp32c2/esp32c2-bt-lib index 1e88fa4606..c0d98a9a03 160000 --- a/components/bt/controller/lib_esp32c2/esp32c2-bt-lib +++ b/components/bt/controller/lib_esp32c2/esp32c2-bt-lib @@ -1 +1 @@ -Subproject commit 1e88fa4606b62faf7350ac12d4317ab4d1cd286d +Subproject commit c0d98a9a03c266828a25bed38c0174ecfc882aea diff --git a/components/bt/controller/lib_esp32c5/esp32c5-bt-lib b/components/bt/controller/lib_esp32c5/esp32c5-bt-lib index a1edef01cb..4ff56a052a 160000 --- a/components/bt/controller/lib_esp32c5/esp32c5-bt-lib +++ b/components/bt/controller/lib_esp32c5/esp32c5-bt-lib @@ -1 +1 @@ -Subproject commit a1edef01cbbbc99126e8233a44e97f752bc93a0e +Subproject commit 4ff56a052ab888be3b4abe548f86052fa314d10c diff --git a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib index b75747061f..246541ab93 160000 --- a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib +++ b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib @@ -1 +1 @@ -Subproject commit b75747061f79a6eb070b5b0f96ebda79bffee485 +Subproject commit 246541ab93e853eba1591784a5253b219c0414f9 diff --git a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib index cd36ec849c..a3192174a9 160000 --- a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib +++ b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib @@ -1 +1 @@ -Subproject commit cd36ec849cbfc8cef8dd48228ca70fffc1e240a3 +Subproject commit a3192174a9aef015a9ceca983acdb9fd1a198445 diff --git a/components/bt/include/esp32c5/include/esp_bt.h b/components/bt/include/esp32c5/include/esp_bt.h index d045553168..ec292a573d 100644 --- a/components/bt/include/esp32c5/include/esp_bt.h +++ b/components/bt/include/esp32c5/include/esp_bt.h @@ -225,6 +225,7 @@ typedef struct { - 0 - Disable (default) - 1 - Enable */ uint8_t vhci_enabled; /*!< VHCI mode is enabled */ + uint8_t ptr_check_enabled; /*!< Enable boundary check for internal memory. */ uint32_t config_magic; /*!< Magic number for configuration validation */ } esp_bt_controller_config_t; @@ -279,6 +280,7 @@ typedef struct { .ble_chan_ass_en = DEFAULT_BT_LE_CTRL_CHAN_ASS_EN, \ .ble_data_lenth_zero_aux = DEFAULT_BT_LE_CTRL_ADV_DATA_LENGTH_ZERO_AUX, \ .vhci_enabled = DEFAULT_BT_LE_VHCI_ENABLED, \ + .ptr_check_enabled = DEFAULT_BT_LE_PTR_CHECK_ENABLED, \ .config_magic = CONFIG_MAGIC, \ } diff --git a/components/bt/include/esp32c6/include/esp_bt.h b/components/bt/include/esp32c6/include/esp_bt.h index b3ada150c0..9da4cbe8f4 100644 --- a/components/bt/include/esp32c6/include/esp_bt.h +++ b/components/bt/include/esp32c6/include/esp_bt.h @@ -225,6 +225,7 @@ typedef struct { - 0 - Disable (default) - 1 - Enable */ uint8_t vhci_enabled; /*!< VHCI mode is enabled */ + uint8_t ptr_check_enabled; /*!< Enable boundary check for internal memory. */ uint32_t config_magic; /*!< Magic number for configuration validation */ } esp_bt_controller_config_t; @@ -282,6 +283,7 @@ typedef struct { .ble_chan_ass_en = DEFAULT_BT_LE_CTRL_CHAN_ASS_EN, \ .ble_data_lenth_zero_aux = DEFAULT_BT_LE_CTRL_ADV_DATA_LENGTH_ZERO_AUX, \ .vhci_enabled = DEFAULT_BT_LE_VHCI_ENABLED, \ + .ptr_check_enabled = DEFAULT_BT_LE_PTR_CHECK_ENABLED, \ .config_magic = CONFIG_MAGIC, \ } #elif CONFIG_IDF_TARGET_ESP32C61 @@ -336,6 +338,7 @@ typedef struct { .ble_chan_ass_en = DEFAULT_BT_LE_CTRL_CHAN_ASS_EN, \ .ble_data_lenth_zero_aux = DEFAULT_BT_LE_CTRL_ADV_DATA_LENGTH_ZERO_AUX, \ .vhci_enabled = DEFAULT_BT_LE_VHCI_ENABLED, \ + .ptr_check_enabled = DEFAULT_BT_LE_PTR_CHECK_ENABLED, \ .config_magic = CONFIG_MAGIC, \ } #endif diff --git a/components/bt/include/esp32h2/include/esp_bt.h b/components/bt/include/esp32h2/include/esp_bt.h index 9a7545b25c..6b412834c0 100644 --- a/components/bt/include/esp32h2/include/esp_bt.h +++ b/components/bt/include/esp32h2/include/esp_bt.h @@ -227,6 +227,7 @@ typedef struct { - 0 - Disable (default) - 1 - Enable */ uint8_t vhci_enabled; /*!< VHCI is enabled */ + uint8_t ptr_check_enabled; /*!< Enable boundary check for internal memory. */ uint32_t config_magic; /*!< Configuration magic value */ } esp_bt_controller_config_t; @@ -282,6 +283,7 @@ typedef struct { .ble_chan_ass_en = DEFAULT_BT_LE_CTRL_CHAN_ASS_EN, \ .ble_data_lenth_zero_aux = DEFAULT_BT_LE_CTRL_ADV_DATA_LENGTH_ZERO_AUX, \ .vhci_enabled = DEFAULT_BT_LE_VHCI_ENABLED, \ + .ptr_check_enabled = DEFAULT_BT_LE_PTR_CHECK_ENABLED, \ .config_magic = CONFIG_MAGIC, \ } diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.ble-eco4.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.ble-eco4.ld index c94f6afa13..2281a139cc 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ble-eco4.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ble-eco4.ld @@ -144,7 +144,7 @@ r_ble_ll_adv_reset = 0x40000c88; r_ble_ll_adv_rpa_timeout = 0x40000c8c; r_ble_ll_adv_rpa_update = 0x40000c90; r_ble_ll_adv_rx_pkt_in = 0x40000c94; -r_ble_ll_adv_scan_req_rxd = 0x40000c98; +//r_ble_ll_adv_scan_req_rxd = 0x40000c98; r_ble_ll_adv_scan_rsp_legacy_pdu_make = 0x40000c9c; r_ble_ll_adv_scan_rsp_pdu_make = 0x40000ca0; r_ble_ll_adv_scheduled = 0x40000ca4; @@ -755,7 +755,7 @@ r_ble_lll_hci_dtm_tx_test_v2 = 0x40001614; r_ble_lll_hci_dtm_tx_test_v2_ext = 0x40001618; r_ble_lll_init = 0x4000161c; r_ble_lll_init_pre_process = 0x40001620; -r_ble_lll_init_rx_pkt_isr = 0x40001624; +//r_ble_lll_init_rx_pkt_isr = 0x40001624; r_ble_lll_per_adv_coex_dpc_calc_pti_update_itvl = 0x40001628; r_ble_lll_per_adv_coex_dpc_process = 0x4000162c; r_ble_lll_per_adv_coex_dpc_pti_get = 0x40001630; diff --git a/components/esp_rom/esp32c2/ld/esp32c2.rom.ble.ld b/components/esp_rom/esp32c2/ld/esp32c2.rom.ble.ld index 2f30dd745a..1ff67da39f 100644 --- a/components/esp_rom/esp32c2/ld/esp32c2.rom.ble.ld +++ b/components/esp_rom/esp32c2/ld/esp32c2.rom.ble.ld @@ -118,7 +118,7 @@ r_ble_ll_adv_rd_sup_adv_sets = 0x40000c7c; r_ble_ll_adv_read_txpwr = 0x40000c80; r_ble_ll_adv_rpa_timeout = 0x40000c8c; r_ble_ll_adv_rpa_update = 0x40000c90; -r_ble_ll_adv_scan_req_rxd = 0x40000c98; +//r_ble_ll_adv_scan_req_rxd = 0x40000c98; r_ble_ll_adv_scan_rsp_legacy_pdu_make = 0x40000c9c; r_ble_ll_adv_scan_rsp_pdu_make = 0x40000ca0; r_ble_ll_adv_scheduled = 0x40000ca4;